Suspicious Object Lists | Trend Micro Service Central

Views:

Apex Central consolidates Virtual Analyzer Suspicious Object lists and synchronizes all Suspicious Object lists among many managed products. The way each managed product implements the lists depends on how the product implements the feature. Refer to your managed product Administrator's Guide for more information about how the product uses and synchronizes the Suspicious Object lists.

Note:

Administrators can configure specific scan actions on suspicious objects using the Apex Central console. You can then configure certain managed products to perform actions based on the Suspicious Object list settings.

For more information, see Suspicious Object Scan Actions.

List Type	Description
Virtual Analyzer Suspicious Objects	Managed products that integrate with a Virtual Analyzer submit suspicious files or URLs to Virtual Analyzer for analysis. If Virtual Analyzer determines that an object is a possible threat, Virtual Analyzer adds the object to the Suspicious Object list. Virtual Analyzer then sends the list to its registered Apex Central server for consolidation and synchronization purposes. On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Objects tab to view the Virtual Analyzer Suspicious Objects list. For more information, see Suspicious Object Detection.
Exceptions to Virtual Analyzer Suspicious Objects	From the list of Virtual Analyzer suspicious objects, Apex Central administrators can select objects that are considered safe and then add them to an exception list. On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Exceptions tab to view the Virtual Analyzer Suspicious Object Exceptions list. Apex Central sends the exception list to the Virtual Analyzers (except for Apex One Sandbox as a Service) that subscribe to the list. When a Virtual Analyzer detects a suspicious object that is in the exception list, the Virtual Analyzer considers the object as "safe" and does not analyze the object again. For more information, see Adding Exceptions to the Virtual Analyzer Suspicious Object List.
User-Defined Suspicious Objects	Apex Central administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to the Threat Intel > Custom Intelligence > User-Defined Suspicious Objects. For more information, see Preemptive Protection Against Suspicious Objects.

List Type

Description

Virtual Analyzer Suspicious Objects

Managed products that integrate with a Virtual Analyzer submit suspicious files or URLs to Virtual Analyzer for analysis. If Virtual Analyzer determines that an object is a possible threat, Virtual Analyzer adds the object to the Suspicious Object list. Virtual Analyzer then sends the list to its registered Apex Central server for consolidation and synchronization purposes.

On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Objects tab to view the Virtual Analyzer Suspicious Objects list.

For more information, see Suspicious Object Detection.

Exceptions to Virtual Analyzer Suspicious Objects

From the list of Virtual Analyzer suspicious objects, Apex Central administrators can select objects that are considered safe and then add them to an exception list.

On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Exceptions tab to view the Virtual Analyzer Suspicious Object Exceptions list.

Apex Central sends the exception list to the Virtual Analyzers (except for Apex One Sandbox as a Service) that subscribe to the list. When a Virtual Analyzer detects a suspicious object that is in the exception list, the Virtual Analyzer considers the object as "safe" and does not analyze the object again.

For more information, see Adding Exceptions to the Virtual Analyzer Suspicious Object List.

User-Defined Suspicious Objects

Apex Central administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to the Threat Intel > Custom Intelligence > User-Defined Suspicious Objects.

For more information, see Preemptive Protection Against Suspicious Objects.