Suspicious Object Lists | Trend Micro Service Central

Views:

Trend Micro Apex Central consolidates Virtual Analyzer Suspicious Object lists and synchronizes all Suspicious Object lists among many managed products. The way each managed product implements the lists depends on how the product implements the feature. Refer to your managed product Administrator's Guide for more information about how the product uses and synchronizes the Suspicious Object lists.

Note

Administrators can configure specific scan actions on suspicious objects using the Trend Micro Apex Central console. You can then configure certain managed products to perform actions based on the Suspicious Object list settings.

For more information, see Suspicious Object Scan Actions.

List Type	Description
Virtual Analyzer Suspicious Objects	Managed products that integrate with a Virtual Analyzer submit suspicious files or URLs to Virtual Analyzer for analysis. If Virtual Analyzer determines that an object is a possible threat, Virtual Analyzer adds the object to the Suspicious Object list. Virtual Analyzer then sends the list to its registered Trend Micro Apex Central server for consolidation and synchronization purposes. On the Trend Micro Apex Central console, go to the Threat Intel → Virtual Analyzer Suspicious Objects → Objects tab to view the Virtual Analyzer Suspicious Objects list. For more information, see Suspicious Object Detection.
Exceptions to Virtual Analyzer Suspicious Objects	From the list of Virtual Analyzer suspicious objects, Trend Micro Apex Central administrators can select objects that are considered safe and then add them to an exception list. On the Trend Micro Apex Central console, go to the Threat Intel → Virtual Analyzer Suspicious Objects → Exceptions tab to view the Virtual Analyzer Suspicious Object Exceptions list. Trend Micro Apex Central sends the exception list to the Virtual Analyzers (except for Apex One Sandbox as a Service) that subscribe to the list. When a Virtual Analyzer detects a suspicious object that is in the exception list, the Virtual Analyzer considers the object as safe and does not analyze the object again. For more information, see Adding Exceptions to the Virtual Analyzer Suspicious Object List.
User-Defined Suspicious Objects	Trend Micro Apex Central administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to the Threat Intel → Custom Intelligence → User-Defined Suspicious Objects. For more information, see Preemptive Protection Against Suspicious Objects.