Suspicious object actions | Trend Micro Service Central

Views:

You can specify actions for connected products to take after detecting specific suspicious objects.

Trend Vision One connects to different products and sends the Suspicious Objects List to the connected products for detection. The connected products then apply the specified action based on their capability.

The following table outlines the object types and actions supported by different products and applications.

Product/Service

Object Type

Action

Endpoint Sensor agent

(Windows, Mac)

File SHA-1

Log, Block

File SHA-256

IP address

Note

The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE, ELF, and MACH-O file formats.

Endpoint Sensor agent

(Linux)

File SHA-1

Log, Block

File SHA-256

Note

The Log and Block actions for File SHA-1 and File SHA-256 are only supported for EXE file format.

Standard Endpoint Protection agent

(Windows)

IP address

Log, Block

URL

Domain

File SHA-1

Note

To take action on File SHA-1 objects, you must first activate Application Control for Standard Endpoint Protection.
The Log and Block actions for File SHA-1 are only supported for PE and ELF file formats.

Service Gateway

IP address

Log, Block

URL

Domain

File SHA-1

File SHA-256

Note

The connected products of Service Gateway apply the specified action based on their capability. For the list of connected products, see Configuring Service Gateway settings.

Zero Trust Secure Access Internet Access

IP address

Log, Block

URL

Domain

File SHA-1

Trend Cloud One - Endpoint & Workload Security (Windows)

IP address

Log

Domain

Log

File SHA-1

Log, Block

File SHA-256

Log, Block

Note

Endpoint & Workload Security supports the Log action for Deep Security Agent version 20.0.0-4185 or later for Windows.
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and ELF file formats.
You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.

Trend Cloud One - Endpoint & Workload Security (Linux)

IP address

Log

Domain

Log

File SHA-1

Log, Block

File SHA-256

Log, Block

Note

Endpoint & Workload Security supports the Log action for Deep Security Agent version 20.0.0-4185 or later for Linux.
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and ELF file formats.
You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.

Trend Cloud One - Endpoint & Workload Security (macOS)

IP address

Log, Block

Domain

File SHA-1

File SHA-256

URL

Note

Endpoint & Workload Security supports the Log and Block actions for Deep Security Agent version 20.0.0-198 or later for macOS.
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for MACH-O file format.
You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.

Trend Micro Apex One as a Service

IP address

Log, Block

URL

Domain

File SHA-1

Note

To take action on File SHA-1 objects, you must first activate Application Control for Apex One as a Service.
The Log and Block actions for File SHA-1 are only supported for PE and ELF file formats.

Trend Micro Apex One (on-premises)

IP address

Log, Block

URL

Domain

File SHA-1

Note

To take action on File SHA-1 objects, you must first activate Application Control for Trend Micro Apex One (on-premises).
The Log and Block actions for File SHA-1 are only supported for PE and ELF file formats.

Trend Micro Cloud App Security

URL

Log, Quarantine

File SHA-1

File SHA-256

Sender address

Note

After identifying a suspicious URL, file, or sender address in an email message, Cloud App Security quarantines the message from all supported mailboxes protected by Cloud App Security.

Trend Micro Deep Security

File SHA-1 from Sandbox

Note

File SHA-1 objects added through third-party intelligence and manual operations are not supported.

Log, Block

Trend Micro Email Security

URL

Log, Quarantine

File SHA-1

File SHA-256

Sender address

Block

TippingPoint Security Management System

IP address

Log, Block

URL

Domain

Important

TippingPoint Security Management Systems do not automatically apply actions provided by Trend Vision One. You must set up a profile in the TippingPoint Security Management System with a reputation filter that selects entries from the reputation database and specifies the action.