Apex Central allows you to exclude objects from the Virtual Analyzer Suspicious Object list based on the file SHA-1, domain, IP address, or URL.
Important
Important
The User-Defined Suspicious Object list has a higher priority than the Virtual Analyzer Suspicious Object list.

Procedure

  1. Go to Threat IntelVirtual Analyzer Suspicious Objects.
    The Virtual Analyzer Suspicious Objects screen appears.
  2. Click the Exceptions tab.
  3. Click Add.
  4. Specify the Type of object.
    • File: Specify the File SHA-1 hash value for the file.
    • IP address: Specify the IP address.
    • URL: Specify the URL.
    • Domain: Specify the domain.
      Apex Central allows you to use a wildcard character (*) to exclude specific subdomains or subdirectories from the Virtual Analyzer Suspicious Object list.
      Example
      Description
      https://*.domain.com/
      Excludes all URLs within subdomains of the domain domain.com from the Virtual Analyzer Suspicious Object list
      Important
      Important
      If a URL contains a subdirectory, then the URL will not be excluded even if the URL contains a matching subdomain. For example, https://abc.domain.com/abc will not be excluded.
      *.abc.domain.com
      Excludes all subdomains of the subdomain abc from the Virtual Analyzer Suspicious Object list
      https://*.domain.com/abc/*
      Excludes all URLs within subdomains of the domain domain.com and all subdirectories of the subdirectory abc from the Virtual Analyzer Suspicious Object list
      Important
      Important
      If a URL does not contain a subdirectory within subdirectory abc, then the URL will still be excluded. For example, https://abc.domain.com/abc will be excluded.
  5. (Optional) Specify a Note to assist in identifying the suspicious object.
  6. Click Add.
    The object appears in the Virtual Analyzer Exception list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.