Trend Micro recommends updating the antivirus and content security components to remain protected against the latest virus and malware threats.
Only registered users are eligible for components update. For more information, see Understanding product activation.
The following are the components to update (listed according to the frequency of recommended update):
Pattern files/Cleanup templates
Refer to virus/malware pattern, damage cleanup template, network outbreak rule, and network pattern files
They contain hundreds of security threat signatures (for example, viruses or trojans) and determine the managed product's ability to detect and clean malicious file infections.
Virus pattern - if a particularly damaging virus is discovered �in the wild,� or actively circulating, Trend Micro releases a new pattern file as soon as a detection routine for the threat is available (usually within a few hours)
As virus authors and malicious content writers release new viruses to the public, Trend Micro collects their telltale signatures and incorporates the information into the virus pattern file. Because new and virulent viruses are discovered every day, Trend Micro frequently makes available new versions of the virus pattern, often 2-3 times a week depending on the need and threat-risk. By default, all Trend Micro antivirus applications automatically update the virus pattern less often than once a week.
Spyware/Grayware Scan pattern file - similar to the Virus pattern, DCS uses this file to detect and clean up spyware/grayware on clients
Damage Cleanup Template - Damage Cleanup Services pattern
Network virus pattern file for NVW - similar to the Virus pattern, Network VirusWall devices use this file to detect network viruses (for example, Trojans) in your network
Network Outbreak Rule - Network VirusWall component used to optimize performance of your Network Outbreak Monitor settings
This enables you to detect suspicious activity on the network that may signal a virus infection or attack.
Vulnerability Assessment Pattern - Vulnerability Assessment (VA) rule used for detecting computer vulnerabilities
Vulnerability Information Database - Vulnerability Assessment (VA) database used for identifying computer vulnerabilities
Network virus pattern file for Desktop - component used for detecting network viruses on desktop environments
By default, Control Manager enables virus pattern, damage cleanup template, and vulnerability assessment pattern download even if there is no managed product registered on the Control Manager server.
Spyware/Grayware Cleanup pattern file - component used to remove and clean up spyware/grayware files
Spyware pattern file - component used to detect hidden but legal program that secretly collects confidential information
Phish pattern for InterScan Web Security product line - component used by InterScan products to detect phish
These are the Trend Micro-provided files used for anti-spam and content filtering.
Import file - used for content filtering; the Control Manager server downloads the import file from the ActiveUpdate server
Rule file - used for message header filtering; the Control Manager server instructs the managed product server to download the latest version from the ActiveUpdate server.
Refers to virus/malware scan engine, damage cleanup engine, VirusWall engines, and spyware/grayware engine.
These components perform the actual scanning and cleaning functions.
Virus scan engine - at the heart of all Trend Micro products lies a proprietary scan engine, known as virus scan engine application interface (VSAPI), that is capable of detecting all virus known to be �in the wild�, or actively circulating
The 32-bit, multi-threaded scan engine checks files in real-time using the process called pattern matching. VSAPI also employs a number of heuristic scanning technologies that even allows it to detect new viruses, not yet seen in the wild. In addition to viruses, the scan engine protects against mass mailing worms such as Nimda and CodeRed, macro and polymorphic viruses, Trojans, and Distributed Denial of Service (DDoS) attacks.
The scan engine includes an automatic clean-up routine for old virus pattern files (to help manage disk space), as well as incremental pattern updates (to help manage bandwidth).
Damage cleanup engine - Damage Cleanup Services engine
Network VirusWall 2500 engine - Network VirusWall 2500 engine
Network VirusWall 1200 engine - Network VirusWall 1200 engine
Vulnerability assessment engine - VA engine used for detecting computer vulnerabilities
Common Firewall Driver(NTKD) - Common Firewall driver for NT-based Windows products used for endpoint protection
Common Firewall Driver(VXD) - Common Firewall driver for early Windows products used for endpoint protection
Spyware/grayware scan engine - Scan engine used for detecting spyware/grayware
By default, Control Manager enables 32-bit DLL (NT/2000), damage cleanup engine, and vulnerability assessment engine download even if there is no managed product registered on the Control Manager server.
These are product specific components (for example, Service Pack releases).
The Control Manager server only retains the latest component version. You can trace a component's version history by viewing <root>:\Program Files\Trend Micro\Control Manager\AU_Data\AU_log\TmuDump.txt entries. TmuDump.txt is generated when ActiveUpdate debugging is enabled.
Control Manager can now duplicate all downloaded components from the ActiveUpdate server. You can then use the Control Manager server as an update source for other Control Manager servers.
Locate the SystemConfiguration.xml file in the Control Manager folder.
Open the file and locate the following line:
m_iDuplicateAll=0
Change the value of m_iDuplicateAll to "1".
To minimize Control Manager network traffic, disable the download of components that have no corresponding managed products or services. When you register managed products or activate services at a later time, be sure to configure the manual or scheduled download of applicable components.