Suspicious Object List Settings

Suspicious objects are digital artifacts resulting from an analysis completed by Trend Micro Deep Discovery products or other sources. OfficeScan can synchronize suspicious objects and retrieve actions against these objects from a Control Manager 6.0 SP3 or later server (that is connected to Deep Discovery).

After subscribing to Control Manager, select the types of suspicious objects to monitor C&C callbacks or possible targeted attacks identified by agents on the network. Suspicious objects include:

  • Suspicious URL List

  • Suspicious IP List

  • Suspicious File List


In OfficeScan 10.6 to 11.0, the primary suspicious object source is Deep Discovery Analyzer. Starting in OfficeScan 11.0 SP1, the primary source is Control Manager 6.0 SP3, which provides a more robust suspicious object management and handling process.

If OfficeScan is subscribed to Deep Discovery Analyzer, only the suspicious URL list is available. After you unsubscribe OfficeScan from Deep Discovery Analyzer, it is not possible to re-subscribe. OfficeScan must subscribe to Control Manager that is connected to Deep Discovery to synchronize suspicious objects.

For more information about how Control Manager manages suspicious objects, see the Control Manager Administrator's Guide.