Views:
A suspicious object is a known malicious or potentially malicious IP address, domain, or URL found in submitted samples or defined by a user.
Cloud Edge Cloud Console can pull a list of up to 500 suspicious objects from Worry Free Business Security Services (WFBSS) through Trend Micro Remote Manager. Cloud Edge pulls both the User-Defined Suspicious Objects list and Virtual Analyzer Suspicious Objects list.
Cloud Edge can block or not block suspicious objects. The block action setting is initially based on the WFBSS Scan Action setting. If the Scan Action is Log Only, then the Cloud Edge setting is not block. If you change the block action on Cloud Edge, the setting is not synchronized with WFBSS. In addition, the Cloud EdgeApproved and Blocked list settings override the block action in the suspicious objects list.
Performing the following actions on WFBSS will affect the suspicious objects list on Cloud Edge.

Change on WFBSS
Automatic Change on Cloud Edge
Add a new Virtual Analyzer or user-defined Suspicious object
Add the new Virtual Analyzer or user-defined Suspicious object
Edit Scan Action for a suspicious object to Log Only
Edit Block action for the suspicious object to not block
Edit Scan Action for a suspicious object to Block
Update Block action for the suspicious object to block
Add a suspicious object to the Exception list
Remove the suspicious object from the suspicious objects list
Remove a suspicious object from the Exception list
Add the suspicious object to the suspicious objects list
Set expiration time to Never Expire for a suspicious object
Update expire time to Never Expire for the suspicious object
Edit expire time of a suspicious object
Update expire time of the suspicious object
Remove a suspicious object from the list
Remove the suspicious object from the list
The table on Cloud Edge containing the suspicious objects has the following information:
  • Object: The suspicious object
  • Type: The type of suspicious object, such as IP Address, Domain, or URL
  • Source: The source of the suspicious object, such as User-Defined, or Virtual Analyzer
  • Risk Level: The risk level of the suspicious object
  • Block Action: The block action for the suspicious object. When the box is checked, the action is block.
  • Expiration: The expiration date for the suspicious object
The following features are available when the suspicious objects setting is enabled:
  • Top Threat Detections widget: Located in the Security Status tab of the Dashboard, this widget shows the amount of detected suspicious objects.
  • Analysis & ReportsLog AnalysisInternet Security: This screen has an option for Suspicious Objects under Message Type.
  • Analysis & ReportsLog AnalysisInternet Security: Perform a raw log query on this screen to view the following details:
    • Columns containing the URL, server IP, and domain of the blocked suspicious object
    • A Detail column containing the URL, IP address, or domain that matched the suspicious object
  • Analysis & ReportsReportsInternet Security
    : This screen contains the following reports:
    • Top N Users Detected by Suspicious Objects
    • Top N Groups Detected by Suspicious Objects
  • PolicesUser Notifications: This screen provides an option for Suspicious Objects Violation under Notification Events.