comav
The virus pattern available on a client computer depends on the scan method the client is using. For information about scan methods, see Scan Methods.
|
Virus Patterns |
|
Scan Method |
Pattern In Use |
|
Conventional Scan |
The Virus Pattern contains information that helps OfficeScan identify the latest virus/malware and Mixed Threat Attack. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware. Trend Micro recommends scheduling automatic updates at least hourly, which is the default setting for all shipped products. |
|
Smart Scan |
When in smart scan mode, OfficeScan clients use two lightweight patterns that work together to provide the same protection provided by conventional anti-malware and anti-spyware patterns. A smart protection source hosts the Smart Scan Pattern. This pattern is updated hourly and contains majority of the pattern definitions. Smart scan clients do not download this pattern. Clients verify potential threats against the pattern by sending scan queries to the smart protection source. The client update source (the OfficeScan server or a custom update source) hosts the Smart Scan Agent Pattern. This pattern is updated daily and contains all the other pattern definitions not found on the Smart Scan Pattern. Clients download this pattern from the update source using the same methods for downloading other OfficeScan components. For more information about Smart Scan Pattern and Smart Scan Agent Pattern, see Smart Protection Pattern Files. |
At the heart of all Trend Micro products lies the scan engine, which was originally developed in response to early file-based computer viruses. The scan engine today is exceptionally sophisticated and capable of detecting different types of Viruses and Malware. The scan engine also detects controlled viruses that are developed and used for research.
Rather than scanning every byte of every file, the engine and pattern file work together to identify the following:
Tell-tale characteristics of the virus code
The precise location within a file where the virus resides
OfficeScan removes virus/malware upon detection and restores the integrity of the file.
Updating the Scan Engine
By storing the most time-sensitive virus/malware information in the virus patterns, Trend Micro minimizes the number of scan engine updates while keeping protection up-to-date. Nevertheless, Trend Micro periodically makes new scan engine versions available. Trend Micro releases new engines under the following circumstances:
Incorporation of new scanning and detection technologies into the software
Discovery of a new, potentially harmful virus/malware that the scan engine cannot handle
Enhancement of the scanning performance
Addition of file formats, scripting languages, encoding, and/or compression formats
The Virus Scan Driver monitors user operations on files. Operations include opening or closing a file, and executing an application. There are two versions for this driver. These are TmXPFlt.sys and TmPreFlt.sys. TmXPFlt.sys is used for real-time configuration of the Virus Scan Engine and TmPreFlt.sys for monitoring user operations.
This component does not display on the console. To check its version, navigate to <Server installation folder>\PCCSRV\Pccnt\Drv. Right-click the .sys file, select Properties, and go to the Version tab.
The IntelliTrap Pattern detects real-time compression files packed as executable files.
The IntelliTrap Exception Pattern contains a list of "approved" compression files.
See also: