A suspicious object is a known malicious or potentially malicious IP
address, domain, or URL found in submitted samples or defined by a user.
Cloud Edge Cloud
Console can pull a list of up to 500 suspicious objects from Worry Free
Business Security Services (WFBSS)
through Trend Micro Remote Manager. Cloud Edge pulls both the
User-Defined Suspicious Objects list and Virtual Analyzer Suspicious Objects list.
Cloud Edge can block
or not block suspicious objects. The block action setting is initially based on the
WFBSS
Scan Action setting. If the Scan Action is
Log Only, then the Cloud Edge setting is not block. If you change the block action on Cloud Edge, the setting is not
synchronized with WFBSS. In addition, the Cloud EdgeApproved and Blocked list
settings override the block action in the suspicious objects list.
Performing the following actions on WFBSS will affect
the suspicious objects list on Cloud Edge.
|
Change on WFBSS
|
Automatic Change on Cloud Edge
|
|
Add a new Virtual Analyzer or user-defined Suspicious object
|
Add the new Virtual Analyzer or user-defined Suspicious object
|
|
Edit Scan Action for a suspicious object to Log Only
|
Edit Block action for the suspicious object to not block
|
|
Edit Scan Action for a suspicious object to Block
|
Update Block action for the suspicious object to block
|
|
Add a suspicious object to the Exception list
|
Remove the suspicious object from the suspicious objects list
|
|
Remove a suspicious object from the Exception list
|
Add the suspicious object to the suspicious objects list
|
|
Set expiration time to Never Expire for a suspicious
object
|
Update expire time to Never Expire for the suspicious
object
|
|
Edit expire time of a suspicious object
|
Update expire time of the suspicious object
|
|
Remove a suspicious object from the list
|
Remove the suspicious object from the list
|
The table on Cloud Edge containing the suspicious objects has the following information:
-
Object: The suspicious object
-
Type: The type of suspicious object, such as IP Address, Domain, or URL
-
Source: The source of the suspicious object, such as User-Defined, or Virtual Analyzer
-
Risk Level: The risk level of the suspicious object
-
Block Action: The block action for the suspicious object. When the box is checked, the action is block.
-
Expiration: The expiration date for the suspicious object
The following features are available when the suspicious objects setting is
enabled:
-
Top Threat Detections widget: Located in the Security Status tab of the Dashboard, this widget shows the amount of detected suspicious objects.
-
: This screen has an option for Suspicious Objects under Message Type.
-
: Perform a raw log query on this screen to view the following details:
-
Columns containing the URL, server IP, and domain of the blocked suspicious object
-
A Detail column containing the URL, IP address, or domain that matched the suspicious object
-
-
: This screen contains the following reports:
-
-
Top N Users Detected by Suspicious Objects
-
Top N Groups Detected by Suspicious Objects
-
-
: This screen provides an option for Suspicious Objects Violation under Notification Events.