Control Manager (TMCM) administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to Administration > Suspicious Objects > User-Defined Objects.

Suspicious Object “Exceptions”, on the other hand, can be used for excluding objects from existing Virtual Analyzer suspicious object list. Since user-defined suspicious objects have a higher priority than Virtual Analyzer suspicious objects, VA will not add any object that exists in the exception list.

In TMCM 6.0 SP3, OSCE (11.0 SP1 or later) accepts IP & URL objects as user-defined suspicious objects and actions can be either "log" or "block".

In TMCM 7.0, OSCE XG SP1 further supports File object. OSCE takes action on files that are listed in the user-defined SO list. For more information, please refer to the Control Manager Administration Guide.