Updatable Components Parent topic

OfficeScan makes use of components to keep agents protected from the latest threats. Keep these components up-to-date by running manual or scheduled updates.

Antivirus and Smart Scan

Component
Distributed To
Description
Virus Scan Engine 32/64-bit
OfficeScan agents
At the heart of all Trend Micro products lies the scan engine, which was originally developed in response to early file-based viruses. The scan engine today is exceptionally sophisticated and capable of detecting different types of viruses and malware. The scan engine also detects controlled viruses that are developed and used for research.
Rather than scanning every byte of every file, the engine and pattern file work together to identify the following:
  • Tell-tale characteristics of the virus code
  • The precise location within a file where the virus resides
Smart Scan Pattern
Not distributed to OfficeScan agents. This pattern stays in theOfficeScan server and is used when responding to scan queries received from OfficeScan agents.
When in smart scan mode, OfficeScan agents use two lightweight patterns that work together to provide the same protection provided by conventional anti-malware and anti-spyware patterns.
The Smart Scan Pattern contains majority of the pattern definitions. The Smart Scan Agent Pattern contains all the other pattern definitions not found on the Smart Scan Pattern.
The OfficeScan agent scans for security threats using the Smart Scan Agent Pattern. OfficeScan agents that cannot determine the risk of the file during the scan verify the risk by sending a scan query to the Scan Server, a service hosted on the OfficeScan server. The Scan Server verifies the risk using the Smart Scan Pattern. The OfficeScan agent "caches" the scan query result provided by the Scan Server to improve the scan performance.
Smart Scan Agent Pattern
OfficeScan agents using smart scan
Virus Pattern
OfficeScan agents using conventional scan
The Virus Pattern contains information that helps OfficeScan agents identify the latest virus/malware and mixed threat attacks. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware.
IntelliTrap Exception Pattern
OfficeScan agents
The IntelliTrap Exception Pattern contains a list of "approved" compression files.
IntelliTrap Pattern
OfficeScan agents
The IntelliTrap Pattern detects real-time compression files packed as executable files.
For details, see IntelliTrap.
Memory Inspection Pattern
OfficeScan agents
This technology provides enhanced virus scanning for polymorphic and mutation viruses, and augments virus-pattern-based scans by emulating file execution. The results are then analyzed in a controlled environment for evidence of malicious intent with little impact on system performance.
Early Launch Anti-Malware Pattern 32/64-bit
OfficeScan agents
OfficeScan supports the Early Launch Anti-Malware (ELAM) feature as part of the Secure Boot standard to provide boot time protection on endpoints. This feature enables OfficeScan agents to detect malware during the operating system boot process.
Contextual Intelligence Engine 32/64-bit
OfficeScan agents
The Contextual Intelligence Engine monitors processes executed by low prevalence files and extracts behavioral features that the Contextual Intelligence Query Handler sends to the Predictive Machine Learning engine for analysis.
Contextual Intelligence Pattern
OfficeScan agents
The Contextual Intelligence Pattern contains a list of "approved" behaviors that are not relevant to any known threats.
Contextual Intelligence Query Handler 32/64-bit
OfficeScan agents
The Contextual Intelligence Query Handler processes the behaviors identified by the Contextual Intelligence Engine and sends the report to the Predictive Machine Learning engine.
Advanced Threat Scan Engine 32/64-bit
OfficeScan agents
The Advanced Threat Scan Engine extracts file features from low prevalence files and sends the the information to the Predictive Machine Learning engine.
Advanced Threat Correlation Pattern
OfficeScan agents
The Advanced Threat Correlation Pattern contains a list of file features that are not relevant to any known threats.

Anti-spyware

Component
Distributed To
Description
Spyware/Grayware Scan Engine 32/64-bit
OfficeScan agents
The Spyware/Grayware Scan Engine scans for and performs the appropriate scan action on spyware/grayware.
Spyware/Grayware Pattern
OfficeScan agents
The Spyware/Grayware Pattern identifies spyware/grayware in files and programs, modules in memory, Windows registry and URL shortcuts.
Spyware Active-monitoring Pattern
OfficeScan agents using conventional scan
The Spyware Active-monitoring Pattern is used for real-time spyware/grayware scanning. Only conventional scan agents use this pattern.

Damage Cleanup Services

Component
Distributed To
Description
Damage Cleanup Engine 32/64-bit
OfficeScan agents
The Damage Cleanup Engine scans for and removes Trojans and Trojan processes.
Damage Cleanup Template
OfficeScan agents
The Damage Cleanup Template is used by the Damage Cleanup Engine to identify Trojan files and processes so the engine can eliminate them.
Early Boot Cleanup Driver 32/64-bit
OfficeScan agents
The Trend Micro Early Boot Cleanup Driver loads before the operating system drivers which enables the detection and blocking of boot-type rootkits. After the OfficeScan agent loads, Trend Micro Early Boot Cleanup Driver calls Damage Cleanup Services to clean the rootkit.

Web Reputation

Component
Distributed To
Description
URL Filtering Engine
OfficeScan agents
The URL Filtering Engine facilitates communication between OfficeScan and the Trend Micro URL Filtering Service. The URL Filtering Service is a system that rates URLs and provides rating information to OfficeScan.

Firewall

Component
Distributed To
Description
Common Firewall Driver 32/64-bit
OfficeScan agents
The Common Firewall Driver is used with the Common Firewall Pattern to scan agent endpoints for network viruses. This driver supports 32-bit and 64-bit platforms.
Common Firewall Pattern
OfficeScan agents
Like the Virus Pattern, the Common Firewall Pattern helps agents identify virus signatures, unique patterns of bits and bytes that signal the presence of a network virus.

Behavior Monitoring and Device Control

Component
Distributed To
Description
Behavior Monitoring Detection Pattern 32/64-bit
OfficeScan agents
This pattern contains the rules for detecting suspicious threat behavior.
Behavior Monitoring Core Driver 32/64-bit
OfficeScan agents
This kernel mode driver monitors system events and passes them to the Behavior Monitoring Core Service for policy enforcement.
Behavior Monitoring Core Service 32/64-bit
OfficeScan agents
This user mode service has the following functions:
  • Provides rootkit detection
  • Regulates access to external devices
  • Protects files, registry keys, and services
Behavior Monitoring Configuration Pattern
OfficeScan agents
The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement.
Policy Enforcement Pattern
OfficeScan agents
The Behavior Monitoring Core Service checks system events against the policies in this pattern.
Digital Signature Pattern
OfficeScan agents
This pattern contains a list of valid digital signatures that are used by the Behavior Monitoring Core Service to determine whether a program responsible for a system event is safe.
Memory Scan Trigger Pattern (32/64-bit)
OfficeScan agents
The Memory Scan Trigger service executes other scan engines when it detects the process in memory is unpacked.
Program Inspection Monitoring Pattern
OfficeScan agents
The Program Inspection Monitoring Pattern monitors and stores inspection points that are used for Behavior Monitoring.
Damage Recovery Pattern
OfficeScan agents
The Damage Recovery Pattern contains policies that are used for monitoring suspicious threat behavior.

Browser Exploits

Component
Distributed To
Description
Browser Exploit Prevention Pattern
OfficeScan agents
This pattern identifies the latest web browser exploits and prevents the exploits from being used to compromise the web browser.
Script Analyzer Unified Pattern
OfficeScan agents
This pattern analyzes script in web pages and identifies malicious script.