You can configure Trend Vision One Endpoint Security agents to submit
file objects that may contain previously unidentified threats to a Virtual Analyzer
for further
analysis. After assessing the objects, Virtual Analyzer adds any objects found to
contain
unknown threats to the Virtual Analyzer Suspicious Objects lists and distributes the
lists to
other Trend Vision One Endpoint Security agents
throughout the network.
Suspicious files include any of the following:
-
Programs not known to Trend Micro (downloaded through supported web browsers or email channels)
-
Heuristic detections of processes (downloaded through supported web browsers or email channels)
-
Low prevalence autorun programs on removable storage
ImportantThe size of the sample files that the Trend Vision One Endpoint Security agents can
submit changes based on the type of Virtual Analyzer you use. For the Deep Discovery
Analyzer server, sample files can be up to 50 MB in size. For Deep Discovery Analyzer
as a
Service Add-on, sample files can be up to 60 MB in size.
|
Procedure
- Select Enable suspicious file submission to Virtual Analyzer.