Views:

Do the following:

  1. Log on to the Apex Central web console.
  2. Go to Threat Intel > Custom Intelligence.
  3. On the User-Defined Suspicious Objects tab, click Add.
  4. The Add User-Defined Object screen appears. Select the Type of object:
    FileClick Browse... to upload a suspicious object file.
    File SHA-1Specify the SHA-1 hash value for the file.
     
    Non-PE (Portable Executable) File SHA-1 will not be blocked by Apex One Application Control. The reason is that Apex One Application Control can only take action on PE files.
    To block a non-PE File SHA1, you need to upload the file itself to successfully blocked by VSAPI (Virus Scan Engine).
     
    IP AddressSpecify the IP Address
    URLSpecify the URL
    DomainSpecify the domain
  5. Specify the Scan action that supported products take after detecting the object.
    • Log
    • Block
    • Quarantine
     
    Quarantine action is only available for File objects.
     
  6. Click Add.
    The object appears in the User-Defined Suspicious Object list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.

For further assistance, contact Trend Micro Technical Support.