Add to Block List Task

You can take preventive blocking measures on suspicious objects that may pose a security risk to your network using context menus on the Trend Micro Vision One console.

Important:

Adding an object to the User-Defined Suspicious Objects List does not terminate any active processes or connections to the object. To terminate active processes, ensure that you also trigger the Terminate response.

  1. After identifying the object to block, access the context or response menu and click Add to Block List.

    The Add to Block List Task screen appears.

  2. Confirm the targets of the response.

    Trend Micro Vision One can add the following types of objects to the User-Defined Suspicious Objects List on selected servers:

    • File SHA-1

    • IP address

    • URL

    • Domain
    • Email address
    		  
  3. (Optional) Specify a Description for the response or event.
  4. Click Create.

    Trend Micro Vision One creates the task and displays the current command status on the Response Management app.

  5. Monitor the task status.
    1. Open the Response Management app.
    2. (Optional) Locate the task using the Search field or by selecting Add to Block List from the Action drop-down list.
    3. View the task status.

      • Pending approval () (if applicable): The automated response task was created on the Workbench app and is waiting for approval

      • Rejected () (if applicable): The automated response task created on the Workbench app was rejected

      • In progress... (): Trend Micro Vision One sent the command to the managing server and is waiting for a response

      • Successful (): The managing server successfully received the command

      • Unsuccessful (): An error or time-out occurred when attempting to send the command to the managing server, the Security Agent is offline for more than 24 hours, or the command execution timed out

      Important:

      The Task Status indicates whether the managing server was able to successfully receive the command but does not necessarily mean that the target servers already synchronized the User-Defined Suspicious Objects List to all related products.

      Adding an object to the User-Defined Suspicious Objects List does not terminate any active processes or connections to the object. To terminate active processes, ensure that you also trigger the Terminate response.

Parent topic: Response Actions