A suspicious object is a known malicious or potentially malicious IP address, domain, URL, or SHA-1 value found in submitted samples. After integrating with your Trend Vision One or Apex Central / Control Manager, Cloud App Security can use the Suspicious Object lists synchronized from these products during scanning.
Note
Note
The Suspicious Object List feature is disabled by default. It applies to all ATP policies.
Before you enable this feature, make sure your product that synchronizes the lists meets the following requirements.

Product
Version
Configuration
Trend Vision One
Latest version
On Trend Vision One:
Apex Central / Control Manager
Synchronization terminates when the above conditions are no longer satisfied. The Suspicious Object lists are cleared and no longer apply during scanning.

Procedure

  1. In Cloud App Security, go to PoliciesGlobal SettingsOther SettingsSuspicious Object Settings.
  2. On the Suspicious Object List screen that appears, enable or disable the use of the lists during scanning as necessary.
  3. Click Save.
    Cloud App Security utilizes the suspicious file list in Malware Scanning and the suspicious URL list in Web Reputation.
    When a URL or file matches an item in the list, Cloud App Security takes the action synchronized from Trend Vision One or Apex Central / Control Manager. The action can be either of the following:
    • Pass: Record the detection in a log and leave the scanned item unchanged.
    • Block/Quarantine: Block the scanned item, or move the scanned item to a dedicated quarantine folder or object (for Salesforce).
      Note
      Note
      The quarantine action does not apply to Gmail. Instead, Cloud App Security labels the email message as risky.