Adding Objects to the User-Defined Suspicious Object List

You can protect your network from objects not yet identified on your network by adding the suspicious objects to the User-Defined Suspicious Object list. Apex Central provides you the options to add objects based on the file, file SHA-1, domain, IP address, or URL. You can also specify the scan action that supported Trend Micro products perform after detecting the suspicious objects.

For more information, see the following topics:

  1. Go to Threat Intel > Custom Intelligence.

    The Custom Intelligence screen appears.

  2. Click the User-Defined Suspicious Objects tab.

    The User-Defined Suspicious Object list appears.

  3. Click Add.
  4. Specify the Type of object.

    • File: Click Browse to upload a suspicious object file.

    • File SHA-1: Specify the SHA-1 hash value for the file.

    • IP address: Specify the IP address.

    • URL: Specify the URL.

    • Domain: Specify the domain.

  5. Specify the Scan action that supported products take after detecting the object.

    • Log

    • Block

    • Quarantine

      Note:

      This scan action is only available for File or File SHA-1 objects.

  6. (Optional) Specify a Note to assist in identifying the suspicious object.
  7. Click Add.

    The object appears in the User-Defined Suspicious Object list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.

Parent topic: Preemptive Protection Against Suspicious Objects