Virtual Analyzer Suspicious Object List

With Sample Submission enabled, Security Agents submit suspicious files to Virtual Analyzer for analysis. If Virtual Analyzer determines that an object is a possible threat, Virtual Analyzer adds the object to the Virtual Analyzer Suspicious Object List.

Table 1. Virtual Analyzer Suspicious Object List Tasks

Task

Description

Find specific objects in the list

Use the drop-down list or search field to filter objects.

Configure scan actions

  • Select objects and click Edit to open the Suspicious Object Details screen. Select the scan action and click Change.

  • To configure default scan action for newly received suspicious objects, click Configure Scan Action at the upper-right of the list. On the Scan Action Settings screen. Specify the scan action for each risk level and click Save.

Add objects to the Exception List

Select objects that are considered safe and click Add to Exception. On the confirmation screen, click Add.

After adding the selected items to the Exception List, the Virtual Analyzer no longer analyzes the objects if detected again. Items in the Exception List never expire.

Keep objects in the list indefinitely

Select objects and click Never Expire. On the confirmation screen, click Save.

Delete objects

Select objects and click Remove.

View detection logs associated with a specific object

Click the count in the Detections column to go to the Logs screen.

View analysis report

Click View in the Analysis column to display the Virtual Analyzer analysis of the submitted object and all endpoints affected by the object.

On the Impact Assessment tab, click Generate in the Root Cause Analysis column to further investigate how the object affected the endpoint.