Do the following:
- Log on to the Apex Central web console.
- Go to Threat Intel > Custom Intelligence.
- On the User-Defined Suspicious Objects tab, click Add.
- The Add User-Defined Object screen appears. Select the Type of object:
File Click Browse... to upload a suspicious object file. File SHA-1 Specify the SHA-1 hash value for the file. Non-PE (Portable Executable) File SHA-1 will not be blocked by Apex One Application Control. The reason is that Apex One Application Control can only take action on PE files.
To block a non-PE File SHA1, you need to upload the file itself to successfully blocked by VSAPI (Virus Scan Engine).IP Address Specify the IP Address URL Specify the URL Domain Specify the domain - Specify the Scan action that supported products take after detecting the object.
- Log
- Block
- Quarantine
Quarantine action is only available for File objects. - Click Add.
The object appears in the User-Defined Suspicious Object list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.
For further assistance, contact Trend Micro Technical Support.