Views:

You can take preventive blocking measures on suspicious objects that may pose a security risk to your network using context menus on the Trend Vision One console.

This task is supported by the following services:
  • Apex One as a Service
    • Windows agent
  • Trend Cloud One - Endpoint & Workload Security
    • Windows agent
    • Linux agent
  • Cloud App Security
  • Deep Discovery Inspector
  • Deep Security Software
Important
Important
Adding an object to the User-Defined Suspicious Objects List does not terminate any active processes or connections to the object. To terminate active processes, ensure that you also trigger the Terminate response.

Procedure

  1. After identifying the object to block, access the context or response menu and click Add to Block List.
    The Add to Block List Task screen appears.
  2. Confirm the targets of the response.
    Trend Vision One can add the following types of objects to the User-Defined Suspicious Objects List on selected servers:
    • File SHA-1
    • IP address
    • URL
    • Domain
    • Email address
     
  3. (Optional) Specify a Description for the response or event.
  4. Click Create.
    Trend Vision One creates the task and displays the current task status in Response Management.
  5. Monitor the task status.
    1. Open Response Management.
    2. (Optional) Locate the task using the Search field or by selecting Add to Block List from the Action drop-down list.
    3. View the task status.
      • Pending approval (pending-approval.jpg) (if applicable): The automated response task was created on the Workbench app and is waiting for approval
      • Rejected (rejected.jpg) (if applicable): The automated response task created on the Workbench app was rejected
      • In progress (in-progress.jpg): Trend Vision One sent the command and is waiting for a response.
      • Successful (successful.jpg): The command was successfully executed.
      • Unsuccessful (error.jpg): An error or time-out occurred when attempting to send the command to the managing server, the agent is offline for more than 24 hours, or the command execution timed out.
      Important
      Important
      The Task Status indicates whether the managing server was able to successfully receive the command but does not necessarily mean that the target servers already synchronized the User-Defined Suspicious Objects List to all related products.
      Adding an object to the User-Defined Suspicious Objects List does not terminate any active processes or connections to the object. To terminate active processes, ensure that you also trigger the Terminate response.