A suspicious object is a known malicious or potentially malicious IP address, domain, URL, or SHA-1 value found in submitted samples. After integrating with your Trend Vision One or Apex Central / Control Manager, Cloud App Security can use the Suspicious Object lists synchronized from these products during scanning.
The Suspicious Object List feature is disabled by default. It applies to all ATP policies.
Before you enable this feature, make sure your product that synchronizes the lists meets the following requirements.
Product |
Version |
Configuration |
---|---|---|
Trend Vision One |
Latest version |
On Trend Vision One: |
Apex Central / Control Manager |
|
|
Synchronization terminates when the above conditions are no longer satisfied. The Suspicious Object lists are cleared and no longer apply during scanning.
Cloud App Security utilizes the suspicious file list in Malware Scanning and the suspicious URL list in Web Reputation.
When a URL or file matches an item in the list, Cloud App Security takes the action synchronized from Trend Vision One or Apex Central / Control Manager. The action can be either of the following:
Pass: Record the detection in a log and leave the scanned item unchanged.
The quarantine action does not apply to Gmail. Instead, Cloud App Security labels the email message as risky.