Components

Note:

Depending on your version and license, some of these features may not be available or may be different.

Table 1. Antivirus

Component

Description

Virus Pattern

A file that helps the Agents identify virus signatures, unique patterns of bits and bytes that signal the presence of a virus.

Virus Pattern (Android)

A file that helps the Agents identify virus signatures, unique patterns of bits and bytes that signal the presence of a virus on Android devices.

Virus Scan Engine (32-bit/64-bit on Windows and 32-bit on Mac OS X)

The scan engine uses the virus pattern file to detect virus/malware and other security risks on files that your users are opening and/or saving.

The scan engine works together with the virus pattern file to perform the first level of detection, using a process called pattern matching. Since each virus contains a unique "signature" or string of tell-tale characters that distinguish it from any other code, the virus experts at Trend Micro capture inert snippets of this code in the pattern file. The engine then compares certain parts of each scanned file to patterns in the virus pattern file, searching for a match.

Damage Cleanup Template

The Damage Cleanup Template is used by the Damage Cleanup Engine to identify Trojan files and processes so the engine can eliminate them.

Damage Cleanup Engine 32/64-bit

The Damage Cleanup Engine scans for and removes Trojans and Trojan processes.

IntelliTrap Exception Pattern

The IntelliTrap Exception Pattern contains a list of "approved" compression files.

IntelliTrap Pattern

The IntelliTrap Pattern detects real-time compression files packed as executable files.

Smart Feedback Engine (32-bit/64-bit)

The engine for sending feedback to the Trend Micro Smart Protection Network.

Smart Scan Agent Pattern

The pattern file that the Security Agent uses to identify threats. This pattern file is stored on the endpoint that runs the Security Agent.

Early Boot Cleanup Driver 32/64-bit

The Trend Micro Early Boot Cleanup Driver loads before the operating system drivers which enables the detection and blocking of boot-type rootkits. After the Security Agent loads, Trend Micro Early Boot Cleanup Driver calls Damage Cleanup Services to clean the rootkit.

Memory Inspection Pattern

Real-Time Scan uses this pattern file to evaluate executable compressed files identified by Behavior Monitoring.

Contextual Intelligence Engine 32/64-bit

The Contextual Intelligence Engine monitors processes executed by low prevalence files and extracts behavioral features that the Contextual Intelligence Query Handler sends to the Predictive Machine Learning engine for analysis.

Contextual Intelligence Pattern

The Contextual Intelligence Pattern contains a list of "approved" behaviors that are not relevant to any known threats.

Contextual Intelligence Query Handler 32/64-bit

The Contextual Intelligence Query Handler processes the behaviors identified by the Contextual Intelligence Engine and sends the report to the Predictive Machine Learning engine.

Advanced Threat Scan Engine 32/64-bit

The Advanced Threat Scan Engine extracts file features from low prevalence files and sends the the information to the Predictive Machine Learning engine.

Advanced Threat Correlation Pattern

The Advanced Threat Correlation Pattern contains a list of file features that are not relevant to any known threats.

Table 2. Anti-Spyware

Component

Description

Spyware/Grayware Scan Engine v. 6 (32-bit)

A separate scan engine that scans for, detects, and removes spyware/grayware from infected computers and servers running on i386 (32-bit) operating systems.

Spyware/Grayware Scan Engine v.6 (64-bit)

Similar to the spyware/grayware scan engine for 32-bit systems, this scan engine scans for, detects, and removes spyware on x64 (64-bit) operating systems.

Spyware/Grayware Pattern v.6

Contains known spyware signatures and is used by the spyware scan engines (both 32-bit and 64-bit) to detect spyware/grayware on devices for Manual and Scheduled Scans.

Spyware/Grayware Pattern

Contains known spyware signatures and is used by the spyware scan engines (both 32-bit and 64-bit) to detect spyware/grayware on devices for Manual and Scheduled Scans.

Table 3. URL Filtering

Component

Description

URL Filtering Engine (32-bit/64-bit)

The engine that queries the Trend Micro Security database to evaluate the page.

Table 4. Behavior Monitoring

Component

Description

Behavior Monitoring Core Driver 32/64-bit

This driver detects process behavior on clients.

Behavior Monitoring Core Service 32/64-bit

Agents uses this service to handle the Behavior Monitor Core Drivers.

Policy Enforcement Pattern

The list of policies configured on the Worry-Free Business Security Services Console that must be enforced by Agents.

Digital Signature Pattern

List of Trend Micro-accepted companies whose software is safe to use.

Behavior Monitoring Configuration Pattern

The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement.

Behavior Monitoring Detection Pattern 32/64-bit

This pattern contains the rules for detecting suspicious threat behavior.

Memory Scan Trigger Pattern (32/64-bit)

This pattern contains the rules for detecting suspicious threat behavior.

Program Inspection Engine 32/64-bit

The Program Inspection Engine passes user mode events to the Behavior Monitoring Core Service in asynchronous (ASYNC) mode.

Program Inspection Monitoring Pattern

The Program Inspection Monitoring Pattern monitors and stores inspection points that are used for Behavior Monitoring.

Damage Recovery Engine 32/64-bit

The Damage Recovery Engine receives system events and backup files before suspicious threats can modify files and perform other malicious behavior. This engine also restores the affected files after it receives a file recovery request.

Damage Recovery Pattern

The Damage Recovery Pattern contains policies that are used for monitoring suspicious threat behavior.

Table 5. Data Loss Prevention

Component

Description

Data Protection Application Pattern

The Data Protection Application Pattern contains policies that Data Loss Prevention uses in Chrome.

Table 6. Aggressive Scan

Component

Description

Smart Scan Aggressive Pattern

The pattern file that Aggressive Scan uses to identify threats. This pattern file is stored on the endpoint that runs the Security Agent.

Program Inspection Pattern

The pattern file that Aggressive Scan uses to identify fake antivirus (FAKEAV) threats.

Table 7. Network Virus

Component

Description

Common Firewall Pattern

Like the Virus Pattern, the Common Firewall Pattern helps agents identify virus signatures, unique patterns of bits and bytes that signal the presence of a network virus.

Common Firewall Driver 32/64-bit

The Firewall Driver, in conjunction with the user-defined settings of the firewall, blocks ports during an outbreak.

Transport Driver Interface (TDI) Driver (32-bit/64-bit)

The module that redirects network traffic to the scan modules.

Table 8. Browser Exploits

Component

Description

Browser Exploit Prevention Pattern

This pattern identifies the latest web browser exploits and prevents the exploits from being used to compromise the web browser.

Script Analyzer Unified Pattern

This pattern analyzes script in web pages and identifies malicious script.