comav

Antivirus Components

Virus Patterns

The virus pattern available on a client computer depends on the scan method the client is using. For information about scan methods, see Scan Methods.

Virus Patterns

Scan Method

Pattern In Use

Conventional Scan

The Virus Pattern contains information that helps OfficeScan identify the latest virus/malware and Mixed Threat Attack. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware.

Trend Micro recommends scheduling automatic updates at least hourly, which is the default setting for all shipped products.

Smart Scan

When in smart scan mode, OfficeScan clients use two lightweight patterns that work together to provide the same protection provided by conventional anti-malware and anti-spyware patterns.

A smart protection source hosts the Smart Scan Pattern. This pattern is updated hourly and contains majority of the pattern definitions. Smart scan clients do not download this pattern. Clients verify potential threats against the pattern by sending scan queries to the smart protection source.

The client update source (the OfficeScan server or a custom update source) hosts the Smart Scan Agent Pattern. This pattern is updated daily and contains all the other pattern definitions not found on the Smart Scan Pattern. Clients download this pattern from the update source using the same methods for downloading other OfficeScan components.

For more information about Smart Scan Pattern and Smart Scan Agent Pattern, see Smart Protection Pattern Files.

Virus Scan Engine

At the heart of all Trend Micro products lies the scan engine, which was originally developed in response to early file-based computer viruses. The scan engine today is exceptionally sophisticated and capable of detecting different types of Viruses and Malware. The scan engine also detects controlled viruses that are developed and used for research.

Rather than scanning every byte of every file, the engine and pattern file work together to identify the following:

OfficeScan removes virus/malware upon detection and restores the integrity of the file.

Updating the Scan Engine

By storing the most time-sensitive virus/malware information in the virus patterns, Trend Micro minimizes the number of scan engine updates while keeping protection up-to-date. Nevertheless, Trend Micro periodically makes new scan engine versions available. Trend Micro releases new engines under the following circumstances:

Virus Scan Driver

The Virus Scan Driver monitors user operations on files. Operations include opening or closing a file, and executing an application. There are two versions for this driver. These are TmXPFlt.sys and TmPreFlt.sys. TmXPFlt.sys is used for real-time configuration of the Virus Scan Engine and TmPreFlt.sys for monitoring user operations.

IntelliTrap Pattern

The IntelliTrap Pattern detects real-time compression files packed as executable files.

IntelliTrap Exception Pattern

The IntelliTrap Exception Pattern contains a list of "approved" compression files.

See also: