Suspicious Object Management

You can manage the Suspicious Object List and Exception List to control the specific information for synchronization.

The Exception List has a higher priority than the Suspicious Object List. Objects may appear in both lists, but Trend Micro Vision One calculates the list of effective suspicious objects before sending the information to connected products.

Trend Micro Vision One currently supports sending the Suspicious Object List to the following products if they are connected properly:

  • Apex One as a Service

  • Cloud App Security

    By default, Suspicious Object List synchronization is disabled in the Cloud App Security console. Therefore, make sure you have enabled Suspicious Object List synchronization for Cloud App Security to receive suspicious object information.

  • Cloud One - Workload Security

    By default, Trend Micro Vision One Suspicious Object Management is disabled in Threat Intelligence of Cloud One - Workload Security. Therefore, make sure you have enabled the option in the Cloud One - Workload Security console to receive suspicious object information.

  • Service Gateway

    For more information about Service Gateway, see Service Gateway Overview.

Besides, Deep Security Software retrieves the Suspicious Object List from Trend Micro Vision One and currently consumes the file SHA-1 objects added from Sandbox.


Make sure you have configured Deep Security Software to compare local objects against Suspicious Object List of Trend Micro Vision One.