Apex Central allows you to exclude objects from the Virtual Analyzer Suspicious Object list based on the file SHA-1, domain, IP address, or URL.
The User-Defined Suspicious Object list has a higher priority than the Virtual Analyzer Suspicious Object list.
-
Go to Threat Intel > Virtual Analyzer Suspicious Objects.
The Virtual Analyzer Suspicious Objects screen appears.
- Click the Exceptions tab.
- Click Add.
-
Specify the Type of object.
-
File SHA-1: Specify the SHA-1 hash value for the file.
-
IP address: Specify the IP address.
-
URL: Specify the URL.
-
Domain: Specify the domain.
Apex Central allows you to use a wildcard character (*) to exclude specific subdomains or subdirectories from the Virtual Analyzer Suspicious Object list.
Example
Description
https://*.domain.com/
Excludes all URLs within subdomains of the domain "domain.com" from the Virtual Analyzer Suspicious Object list
Important:If a URL contains a subdirectory, then the URL will not be excluded even if the URL contains a matching subdomain. For example, "https://abc.domain.com/abc" will not be excluded.
*.abc.domain.com
Excludes all subdomains of the subdomain "abc" from the Virtual Analyzer Suspicious Object list
https://*.domain.com/abc/*
Excludes all URLs within subdomains of the domain "domain.com" and all subdirectories of the subdirectory "abc" from the Virtual Analyzer Suspicious Object list
Important:If a URL does not contain a subdirectory within subdirectory "abc", then the URL will still be excluded. For example, "https://abc.domain.com/abc" will be excluded.
-
- (Optional) Specify a Note to assist in identifying the suspicious object.
-
Click Add.
The object appears in the Virtual Analyzer Exception list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.