Antivirus
ComponentsThe virus pattern available on a client computer depends on the scan method the client is using.
Conventional Scan
The pattern used during conventional scan, called Virus Pattern, contains information that helps OfficeScan identify the latest virus/malware and mixed threat attacks. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware.
All Trend Micro products using the ActiveUpdate function can detect the availability of a new version of the Virus Pattern on the Trend Micro server, and/or automatically poll the server to get the latest file.
Smart Scan
When in smart scan mode, OfficeScan clients use a lightweight pattern called Smart Scan Agent Pattern that provides the same protection provided by conventional anti-malware and anti-spyware patterns. Clients download this pattern from the OfficeScan server using the same methods for downloading other OfficeScan components.
At the heart of all Trend Micro products lies the scan engine, which was originally developed in response to early file-based computer viruses. The scan engine today is exceptionally sophisticated and capable of detecting different types of viruses and malware. The scan engine also detects controlled viruses that are developed and used for research.
Rather than scanning every byte of every file, the engine and pattern file work together to identify the following:
Tell-tale characteristics of the virus code
The precise location within a file where the virus resides
OfficeScan removes virus/malware upon detection and restores the integrity of the file.
International computer security organizations, including ICSA (International Computer Security Association), certify the Trend Micro scan engine annually.
Updating the scan engine
By storing the most time-sensitive virus/malware information in the virus patterns, Trend Micro minimizes the number of scan engine updates while keeping protection up-to-date. Nevertheless, Trend Micro periodically makes new scan engine versions available. Trend Micro releases new engines under the following circumstances:
Incorporation of new scanning and detection technologies into the software
Discovery of a new, potentially harmful virus/malware that the scan engine cannot handle
Enhancement of the scanning performance
Addition of file formats, scripting languages, encoding, and/or compression formats
The IntelliTrap Pattern detects real-time compression files packed as executable files. The IntelliTrap Exception Pattern contains a list of "approved" compression files.
Damage
Cleanup Services ComponentsThe Virus Cleanup Engine scans for and removes Trojans and Trojan processes. This engine supports 32-bit and 64-bit platforms.
The Virus Cleanup Template is used by the Virus Cleanup Engine to identify Trojan files and processes so the engine can eliminate them.
Anti-spyware
ComponentsThe Spyware Pattern identifies spyware/grayware in files and programs, modules in memory, Windows registry and URL shortcuts.
The Spyware Scan Engine scans for and performs the appropriate scan action on spyware/grayware. This engine supports 32-bit and 64-bit platforms.
Spyware Active-monitoring Pattern is used for real-time spyware/grayware scanning.
Firewall
ComponentsThe Common Firewall Driver is used with the Common Firewall Pattern to scan client computers for network viruses. This driver supports 32-bit and 64-bit platforms.
Like the Virus Pattern, the Common Firewall Pattern helps OfficeScan identify virus signatures, unique patterns of bits and bytes that signal the presence of a network virus.
Web
Reputation ComponentThe URL Filtering Engine facilitates communication between OfficeScan and the Trend Micro URL Filtering Service. The URL Filtering Service is a system that rates URLs and provides rating information to OfficeScan.
Behavior
Monitoring ComponentsThis kernel mode driver monitors system events and passes them to Behavior Monitoring Core Service for policy enforcement.
This user mode service has the following functions:
Provides rootkit detection
Regulates access to external devices
Protects files, registry keys, and services
The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement.
This pattern contains a list of valid digital signatures that are used by the Behavior Monitoring Core Service to determine whether a program responsible for a system event is safe.
The Behavior Monitoring Core Service checks system events against the policies in this pattern.
This pattern contains the rules for detecting suspicious threat behavior.
ProgramsAfter an official product release, Trend Micro often develops hot fixes, patches, and service packs to address issues, enhance product performance, or add new features.
Your vendor or support provider may contact you when these items become available. Check the Trend Micro Web site for information on new hot fix, patch, and service pack releases:
http://www.trendmicro.com/download
All releases include a readme file that contains installation, deployment, and configuration information. Read the readme file carefully before performing installation.
Hot fix
A hot fix is a workaround or solution to a single customer-reported issue. Windows hot fixes include a Setup program, while non-Windows hot fixes do not (typically you need to stop the program daemons, copy the file to overwrite its counterpart in your installation, and restart the daemons).
Security patch
A security patch focuses on security issues suitable for deployment to all customers. Windows security patches include a Setup program, while non-Windows patches commonly have a setup script.
Patch
A patch is a group of hot fixes and security patches that solve multiple program issues. Trend Micro makes patches available on a regular basis. Windows patches include a Setup program, while non-Windows patches commonly have a setup script.
Service pack
A service pack is a consolidation of hot fixes, patches, and feature enhancements significant enough to be a product upgrade. Both Windows and non-Windows service packs include a Setup program and setup script.