Detailed Suspicious File Information

Provides specific information about suspicious files detected in the network.

Table 1. Detailed Suspicious File Information Data View

Data

Description

Received

Displays the time that Control Manager receives data from the managed product.

Detected

Displays the time that the managed product detected the suspicious object

Endpoint

The endpoint where the suspicious object was found.

Product

Displays the name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange

Product Entity

Displays the entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.

Endpoint IP Address

IP address of the endpoint

Endpoint Host Name

Host name of the endpoint

File Type

File type of suspicious object

File SHA-1

SHA-1 hash value of the suspicious object

File Path

File path and name of suspicious object

C&C List Source

The source of the list containing C&C addresses

  • Global Intelligence (Trend Micro Global Intelligence network, including Smart Protection Network)

  • Analyzers in managed products (Virtual Analyzer or Network Content Inspection Engine relevance rules)

  • User-defined C&C list configured in Control Manager and in the managed product, such as Deep Discovery Inspector

Action

Action to address the suspicious object

Scan Type

Scan type that detected the suspicious object

Created

Displays the time the suspicious object was created in the endpoint

Modified

Displays the time the suspicious object was modified in the endpoint
Parent topic: Advanced Threat Information