Adding Exceptions to the Virtual Analyzer Suspicious Object List

Apex Central allows you to exclude objects from the Virtual Analyzer Suspicious Object list based on the file SHA-1, domain, IP address, or URL.

Important:

The User-Defined Suspicious Object list has a higher priority than the Virtual Analyzer Suspicious Object list.

Go to Threat Intel > Virtual Analyzer Suspicious Objects.
The Virtual Analyzer Suspicious Objects screen appears.
Click the Exceptions tab.
Click Add.

Specify the Type of object.

File: Specify the File SHA-1 hash value for the file.
IP address: Specify the IP address.
URL: Specify the URL.

Domain: Specify the domain.

Apex Central allows you to use a wildcard character (*) to exclude specific subdomains or subdirectories from the Virtual Analyzer Suspicious Object list.

Example	Description
https://*.domain.com/	Excludes all URLs within subdomains of the domain "domain.com" from the Virtual Analyzer Suspicious Object list Important: If a URL contains a subdirectory, then the URL will not be excluded even if the URL contains a matching subdomain. For example, "https://abc.domain.com/abc" will not be excluded.
*.abc.domain.com	Excludes all subdomains of the subdomain "abc" from the Virtual Analyzer Suspicious Object list
https://.domain.com/abc/	Excludes all URLs within subdomains of the domain "domain.com" and all subdirectories of the subdirectory "abc" from the Virtual Analyzer Suspicious Object list Important: If a URL does not contain a subdirectory within subdirectory "abc", then the URL will still be excluded. For example, "https://abc.domain.com/abc" will be excluded.

(Optional) Specify a Note to assist in identifying the suspicious object.
Click Add.
The object appears in the Virtual Analyzer Exception list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.