A suspicious object is a known malicious or potentially
malicious IP address, domain, URL, or SHA-1 value found in submitted samples. After
integrating with your Trend Vision One or Apex Central / Control Manager, Cloud App Security can use the Suspicious Object lists
synchronized from these products during scanning.
 |
NoteThe Suspicious Object List feature is disabled by default. It applies to all ATP
policies.
|
Before you enable this feature, make sure your product
that synchronizes the lists meets the following requirements.
|
Product
|
Version
|
Configuration
|
|
Trend Vision One
|
Latest version
|
On Trend Vision One:
|
|
Apex Central / Control Manager
|
|
|
Synchronization terminates when the above conditions are
no longer satisfied. The Suspicious Object lists are cleared and no longer apply
during scanning.
Procedure
- In Cloud App Security, go to .
- On the Suspicious Object List screen that appears, enable or disable the use of the lists during scanning as necessary.
- Click Save.Cloud App Security utilizes the suspicious file list in Malware Scanning and the suspicious URL list in Web Reputation.When a URL or file matches an item in the list, Cloud App Security takes the action synchronized from Trend Vision One or Apex Central / Control Manager. The action can be either of the following:
-
Pass: Record the detection in a log and leave the scanned item unchanged.
-
Block/Quarantine: Block the scanned item, or move the scanned item to a dedicated quarantine folder or object (for Salesforce).
Note
The quarantine action does not apply to Gmail. Instead, Cloud App Security labels the email message as risky.
-