|
Component
|
Description
|
||
|
Virus Scan Engine 32/64-bit
|
At the heart of all Trend Micro products lies the scan engine, which was originally
developed in response to early file-based viruses. The scan engine today is exceptionally
sophisticated and capable of detecting different types of viruses and malware. The
scan engine also detects controlled viruses that are developed and used for research.
Rather than scanning every byte of every file, the engine and
pattern file work together to identify the following:
|
||
|
Virus Pattern
|
The Virus Pattern contains information that helps Security Agents identify the latest virus/malware and mixed threat attacks. Trend Micro creates and
releases new versions of the Virus Pattern several times a week, and any time after
the discovery of a particularly damaging virus/malware.
|
||
|
Virus Scan Driver
|
The Virus Scan Driver monitors user operations on files. Operations include opening
or closing a file, and executing an application. There are two versions for this driver.
These are
TmXPFlt.sys and TmPreFlt.sys. TmXPFlt.sys is used for real-time configuration of the Virus Scan Engine and TmPreFlt.sys for monitoring user operations.
|
||
|
Smart Scan Pattern
|
When in smart scan mode, Security Agents use two
lightweight patterns that work together to provide the same protection provided by
conventional anti-malware and anti-spyware patterns.
The Smart Scan Pattern contains majority of the pattern
definitions. The Smart Scan Agent Pattern contains all the other pattern
definitions not found on the Smart Scan Pattern.
The Security Agent scans for security threats using the Smart Scan
Agent Pattern. Security Agents that cannot determine the risk of the file during the
scan verify the risk by sending a scan query to the Scan Server, a service hosted
on the Apex One server. The Scan Server verifies
the risk using the Smart Scan Pattern. The Security Agent
"caches" the scan query result provided by the Scan Server to improve the scan
performance.
|
||
|
Smart Scan Agent Pattern
|
|||
|
IntelliTrap Pattern
|
The IntelliTrap Pattern detects real-time compression files packed as executable files.
For details, see IntelliTrap.
|
||
|
IntelliTrap Exception Pattern
|
The IntelliTrap Exception Pattern contains a list of "approved" compression files.
|
||
|
Memory Inspection Pattern
|
Real-Time Scan uses the Memory Inspection Pattern to
evaluate executable compressed files identified by Behavior
Monitoring. Real-Time Scan performs the following actions on
executable compressed files:
|
||
|
Contextual Intelligence Engine 32/64-bit
|
The Contextual Intelligence Engine monitors processes executed by low prevalence files
and extracts behavioral features that the Contextual Intelligence Query Handler sends
to the Predictive Machine Learning engine for analysis.
|
||
|
Contextual Intelligence Pattern
|
The Contextual Intelligence Pattern contains a list of "approved" behaviors that are
not relevant to any known threats.
|
||
|
Contextual Intelligence Query Handler 32/64-bit
|
The Contextual Intelligence Query Handler processes the behaviors identified by the
Contextual Intelligence Engine and sends the report to the Predictive Machine Learning
engine.
|
||
|
Advanced Threat Scan Engine 32/64-bit
|
The Advanced Threat Scan Engine extracts file features from low prevalence files and
sends the the information to the Predictive Machine Learning engine.
|
||
|
Advanced Threat Correlation Pattern
|
The Advanced Threat Correlation Pattern contains a list of file features that are
not relevant to any known threats.
|
||
|
Advanced Threat Telemetry Pattern
|
The Advanced Threat Telemetry Pattern is used to obtain telemetry data from
suspicious files detected on an endpoint during a scan.
|
Views:
