Generated Suspicious Objects List | Trend Micro Service Central

Views:

The following table describes the suspicious objects that Deep Discovery Analyzer detects and adds to the Generated Suspicious Objects list.

Field	Description
Last Detected	Date and time Virtual Analyzer last found the object in a submitted sample
Expiration	Date and time Virtual Analyzer will remove the object from the Suspicious Objects tab
Risk Level	If the suspicious object is: IP address or domain: The risk level that typically shows is either High or Medium (see risk level descriptions below). This means that high- and medium-risk IP addresses/domains are treated as suspicious objects. URL: The risk level that shows is High or Medium File SHA-1: The risk level that shows is always High Risk level descriptions: High: Known malicious or involved in high-risk connections Medium: IP address/domain/URL is unknown to reputation service
Type	IP address, Domain, URL, or File SHA-1
Object	The IP address, domain, URL, or SHA-1 hash value of the file
Latest Related Sample	SHA-1 hash value of the sample where the object was last found.
Related Submissions	The total number of samples where the object was found. Clicking the number opens the Submissions screen with the SHA-1 hash value as the search criteria.

The following table describes the tasks you can perform on the Generated Suspicious Objects tab.

Task	Steps
Export/Export All	Select one or several objects and then click Export to save the objects to a CSV file. Click Export All to save all the objects to a CSV file.
Add to Exceptions	Select one or several objects that you consider harmless and then click Add to Exceptions. The objects move to the Exceptions tab.
Never Expire	Select one or several objects that you always want flagged as suspicious and then click Never Expire.
Expire Now	Select one or several objects that you want to remove from the Suspicious Objects and then click Expire Now. When the same object is detected in the future, it will be added back to the Suspicious Objects.
Data Filters	If there are too many entries in the table, limit the entries by performing these tasks: Select an object type in the Show drop-down box. Select a column name in the Search column drop-down box and then type some characters in the Search keyword text box next to it. As you type, the entries that match the characters you typed are displayed. Deep Discovery Analyzer searches only the selected column in the table for matches.
Records and Pagination Controls	The panel at the bottom of the screen shows the total number of objects. If all objects cannot be displayed at the same time, use the pagination controls to view the objects that are hidden from view.

Keywords: suspicious objects