You can protect your network from objects not yet identified on your network by adding the suspicious objects to the User-Defined Suspicious Object list. Apex Central provides you the options to add objects based on the file, file SHA-1, domain, IP address, or URL. You can also specify the scan action that supported Trend Micro products perform after detecting the suspicious objects.
For more information, see the following topics:

Procedure

  1. Go to Threat IntelCustom Intelligence.
    The Custom Intelligence screen appears.
  2. Click the User-Defined Suspicious Objects tab.
    The User-Defined Suspicious Object list appears.
  3. Click Add.
  4. Specify the Type of object.
    • File: Click Browse to upload a suspicious object file.
    • File: Specify the File SHA-1 hash value for the file.
    • IP address: Specify the IP address.
    • URL: Specify the URL.
    • Domain: Specify the domain.
  5. Specify the Scan action that supported products take after detecting the object.
    • Log
    • Block
    • Quarantine
      Note
      Note
      This scan action is only available for File or File SHA-1 objects.
  6. (Optional) Specify a Note to assist in identifying the suspicious object.
  7. (Optional) Specify the expiration date.
  8. Click Add.
    The object appears in the User-Defined Suspicious Object list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.
Related information