A suspicious object is a known malicious or potentially malicious IP address, domain, URL, or SHA-1 value found in submitted samples.
Smart Protection Server can subscribe to the following sources to synchronize suspicious objects:
|
Source |
Suspicious Object Type |
Description |
|---|---|---|
|
Deep Discovery Analyzer
|
URL |
Virtual Analyzer is a cloud-based virtual environment designed for analyzing suspicious files. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network. Virtual Analyzer in managed products tracks and analyzes submitted samples. Virtual Analyzer flags suspicious objects based on their potential to expose systems to danger or loss. |
|
Apex Central / Control Manager
|
URL |
Deep Discovery Analyzer sends a list of suspicious objects to Apex Central / Control Manager. Apex Central / Control Manager administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects. User-defined suspicious objects have a higher priority than Virtual Analyzer suspicious objects. Apex Central / Control Manager consolidates suspicious objects and scan actions against the objects and then distributes them to Smart Protection Server. |
- Suspicious URL information to Trend Micro products (such as Apex One, ScanMail, and Deep Security) that send Web Reputation queries
- Actions against suspicious URLs to Security Agents that send Web Reputation queries.
-
For more information on how Apex Central manages suspicious objects, see the Apex Central Administrator's Guide.
You can download a PDF version of the guide, or view the guide online, using the following link:
http://docs.trendmicro.com/en-us/enterprise/apex-central.aspx
-
For more information on how Control Manager manages suspicious objects, see the Connected Threat Defense Primer for your version of Control Manager at the following link:
http://docs.trendmicro.com/en-us/enterprise/control-manager.aspx