smppfls
Smart protection pattern files are used for File Reputation Services and Web Reputation Services. Trend Micro releases these pattern files through the Trend Micro ActiveUpdate server.
The Smart Scan Agent Pattern is updated daily and is downloaded by the OfficeScan clients’ update source (the OfficeScan server or a custom update source). The update source then deploys the pattern to smart scan clients.
Smart scan clients are OfficeScan clients that administrators have configured to use File Reputation Services. Clients that do not use File Reputation Services are called conventional scan clients.
Smart scan clients use the Smart Scan Agent Pattern when scanning for security risks. If the pattern cannot determine the risk of the file, another pattern, called Smart Scan Pattern, is leveraged.
The Smart Scan Pattern is updated hourly and is downloaded by smart protection sources. Smart scan clients do not download the Smart Scan Pattern. Clients verify potential threats against the Smart Scan Pattern by sending scan queries to smart protection sources.
The Web Blocking List is downloaded by smart protection sources. OfficeScan clients that are subject to web reputation policies do not download the Web Blocking List.
Administrators can subject all or several clients to web reputation policies.
Clients subject to web reputation policies verify a website’s reputation against the Web Blocking List by sending web reputation queries to a smart protection source. The client correlates the reputation data received from the smart protection source with the web reputation policy enforced on the computer. Depending on the policy, the client will either allow or block access to the site.
Smart protection pattern updates originate from the Trend Micro ActiveUpdate server.
An OfficeScan client uses the Smart Scan Agent Pattern to scan for security risks and only queries the Smart Scan Pattern if the Smart Scan Agent Pattern cannot determine the risk of a file. The client queries the Web Blocking List when a user attempts to access a website. Advanced filtering technology enables the client to "cache" the query results. This eliminates the need to send the same query more than once.
Clients that are currently in your intranet can connect to a Smart Protection Server to query the Smart Scan Pattern or Web Blocking List. Network connection is required to connect to the Smart Protection Server. If more than one Smart Protection Server has been set up, administrators can determine the connection priority.
Install several Smart Protection Servers to ensure the continuity of protection in the event that connection to a Smart Protection Server is unavailable.
Clients that are currently not in your intranet can connect to Trend Micro Smart Protection Network for queries. Internet connection is required to connect to the Smart Protection Network.
Clients without access to the network or the Internet still benefit from protection provided by the Smart Scan Agent Pattern and the cache containing previous query results. The protection is reduced only when a new query is necessary and the client, after repeated attempts, is still unable to reach any smart protection source. In this case, a client flags the file for verification and temporarily allows access to the file. When connection to a smart protection source is restored, all the files that have been flagged are re-scanned. Then, the appropriate scan action is performed on files that have been confirmed as a threat.
Protection Behaviors Based on Location summarizes the extent of protection based on the client’s location.
|
Location |
Pattern File and Query Behavior |
|
Access to the intranet |
|
|
Without access to the intranet but with connection to Smart Protection Network |
|
|
Without access to the intranet and without connection to Smart Protection Network |
|