Views:
Administrators must confirm if the IP address being blocked by Apex One is legitimate and not a suspicious address. Once verified, The recommended action is to add the IP to the Global User-defined Approved List by following the steps below:
 
The User-defined IP Lists only support IPv4 addresses.
 

  1. Log in to the Apex One web console.
  2. Go to Agents > Global Agent Settings.
  3. Click the Security Settings tab.
  4. Go to the Suspicious Connections Settings section.
  5. Click Edit User-defined IP List.
  6. On the Approved List or Blocked List tab, click Add to enter the IP address, then click Save.
  7. To remove IP addresses from the list, select the check box next to the address and click Delete.
  8. After configuring the lists, click Close to return to the Global Agent Settings screen.
  9. Click Save to deploy the updated list to agents.

  1. Log into Apex Central.
  2. Go to Directories > Product Servers.
  3. Click the link to open the Apex One as a Service console.

    Module state

  4. Go to Agents > Global Agent Settings.
  5. Click the Security Settings tab.
  6. Go to the Suspicious Connections Settings section.
  7. Click Edit User-defined IP List.
  8. On the Approved List or Blocked List tab, click Add to enter the IP address, then click Save.
  9. To remove IP addresses from the list, select the check box next to the address and click Delete.
  10. After configuring the lists, click Close to return to the Global Agent Settings screen.
  11. Click Save to deploy the updated list to agents.

To verify, you may go to C:\Program Files (x86)\Trend Micro\Security Agent\NcieEcp.ini and check if the IP Address exists under [NCIE Approved List] or [NCIE Blocked List]

If you want to exclude false-positive C&C callback alert notifications, you may refer to Adding C&C callback alerts for individual IP addresses in OfficeScan/Apex One
Keywords: C&C Callback Address,IP Address