Views:

The Blocked URLs screen displays information for Web Reputation queries that return malicious results.

Below are the options available on this screen.

  • Keyword: Specify keywords to use when searching for URLs.

  • Date Range: Select a date range.

  • Source: Select one or more sources to display the corresponding logs.

    • User-defined blocked URLs: Displays blocked URLs that match the Smart Protection Server user-defined blocked URLs.

    • Web Blocking Pattern: Displays blocked URLs that match entries in the Web Blocking Pattern.

    • C&C URLs matched with: Displays blocked URLs that match entries in the following sources:

      • Apex Central user-defined suspicious objects: A subset of the user-defined suspicious objects in Apex Central / Control Manager
      • Virtual Analyzer: A subset of the suspicious objects in Virtual Analyzer enabled products, such as Deep Discovery Advisor, Deep Discovery Analyzer, and Apex Central / Control Manager
      • Global Intelligence in Web Blocking Pattern: Trend Micro Smart Protection Network compiles the Global Intelligence list from sources all over the world and tests and evaluates the risk level of each C&C callback address. Web Reputation Services uses the Global Intelligence list in conjunction with the reputation scores for malicious websites to provide enhanced security against advanced threats. The web reputation security level determines the action taken on malicious websites or C&C servers based on assigned risk levels.

Below are the details displayed on this screen:

  • Date and time: The date and time of the blocked URL event.

  • URL: The blocked URL.

  • Display log: Displays source information about the blocked URL.

  • Client GUID: The GUID of the computer that attempted to access the blocked URL.

  • Server GUID: The GUID of the Trend Micro product that supports Smart Protection Server computers.

  • Client IP: The IP address of the computer that attempted to access the blocked URL.

  • Computer: The name of the computer that attempted to access the blocked URL.

  • Product Entity: The Trend Micro product that detected the URL.

Parent topic: Logs