Views:

The User-Defined Suspicious Object allows users to manually add the file hashes (SHA-1 or SHA-2) or paths of new IOC (Indicators of Compromise) into the blocked-file list, which prevents all managed endpoints from being infected by the malicious files.

Note:

The StellarProtect (Legacy Mode) only supports SHA-1 file hash.

  1. Go to Agents > All.
  2. Navigate to the target agent or group, and then go to its Policy page.
    Note:

    For more detailed procedures of how to go to the Policy page, refer to Go to the Policy Screen.

  3. Scroll down and find the User-Defined Suspicious Object at the right side of the screen.
  4. Click Add. The Add Item to User-Defined Suspicious Objects window appears.
  5. Select Hash or File Path as the suspicious file type.
  6. Specify the file hash or path in the corresponding text field.
  7. (Optional) Specify notes in the Notes text field.
  8. Click OK to complete this task.
  9. (Optional) To remove a user-defined suspicious object, select the target hash/file path and click the Delete button next to the +Add button.
  10. A pop-up Notification window appears. Click Confirm to delete the selected item.
Parent topic: Other Policy Settings