|
Term
|
Definition
|
|
ActiveUpdate Server
|
Provides updates for product components, including pattern files. Trend Micro regularly releases component updates through the Trend Micro ActiveUpdate server.
|
|
The Advanced Threat Scan Engine protects against viruses, malware, and exploits to
vulnerabilities in software such as Java and Flash. Integrated with the Trend Micro Virus Scan Engine, the Advanced Threat Scan Engine employs signature-based, behavior-based,
and aggressive heuristic detection.
|
|
|
Affected Recipient
|
A recipient of malicious or suspicious email
messages.
|
|
Alert
|
An occurrence of an event or set of events triggering a predefined
condition.
Alerts have the following levels of importance:
|
|
Archive
|
A file composed of one or more files that have been
concatenated, compressed, or encrypted for portability or storage.
An
archivemay also be called a compressed file. |
|
Archive file password
|
A password to decrypt an archive.
|
|
Attack source
|
The first mail server with a public IP address that routes a suspicious
message. For example, if a suspicious message routes from IP1 (sender) to IP2 (MTA:
225.237.59.52) to IP3 (company mail gateway) to IP4 (recipient), Deep Discovery Email
Inspector identifies
225.237.59.52 (IP2) as the attack source. By studying attack sources, you can
identify regional attack patterns or attack patterns that involve the same mail
server.
|
|
Attacker
|
An individual, group, organization, or government that conducts
or has the intent to conduct harmful activities.
|
|
Authentication
|
The verification of the identity of a person or a
process. Authentication ensures that the system delivers the digital data
transmissions to the intended receiver. Authentication also assures the receiver
of the integrity of the message and its source (where or whom it came from).
The simplest form of authentication requires a user
name and password to gain access to a particular account. Other authentication
protocols are secret-key encryption, such as the Data Encryption Standard (DES)
algorithm, or public-key systems using digital signatures.
|
|
Bot
|
A program that infects computers connected to the Internet, allowing
them to be remotely controlled by an attacker. Bot-controlled computers become
part of a network of compromised machines that are exploited by the attacker for
malicious activities.
|
|
Botnet
|
A botnet (short for
bot network) is a network of hijacked zombie computers controlled remotely by an attacker. The attacker uses the network to send spam and launch Denial of Service attacks, and may rent the network out to other cybercriminals. If one of the computers targeted becomes compromised, the attacker can often take control of that computer and add it to the botnet. |
|
BCC mode
|
A Deep Discovery Email
Inspector operation mode. Deep Discovery Email
Inspector operates as an
out-of-band appliance. Deep Discovery Email
Inspector silently monitors mirrored email traffic received from an
upstream mail server and notifies security administrators about discovered
threats.
|
|
Callback address
|
An external IP address, host name, or URL that an
object requests (
calls back to) during scanning or analysis. Malware connected to a C&C server often sends requests to it in order to carry out harmful activities. The host name or IP address that an object
requests may be called a
callback host. A URL that an object requests may be called a callback URL. |
|
Command-and-Control (C&C) server
|
The central server (s) for a botnet or entire network of
compromised devices used by a malicious bot to propagate malware and infect a
host.
|
|
Compromised MTA
|
A compromised MTA is usually a third-party open mail
relay that attackers can use to send malicious email messages or spam without
detection because the mail relay does not check the source or destination for
known users.
|
|
Certified Safe Software Service (CSSS)
|
Verifies the safety of files. Certified Safe Software Service
reduces false positives, and saves computing time and resources.
|
|
Communicator
|
The communications backbone of the Apex Central system. Communicator is part of the
Apex Central Management Infrastructure.
Commands from the Apex Central server to Deep Discovery Email
Inspector, and status reports
from Deep Discovery Email
Inspector to the Apex Central server all pass through this
component.
|
|
Data port
|
A hardware port that accesses resources available on a
network.
|
|
Detection
|
A discovered event, file, or network address. Detections
include unusual, undesired, suspicious, unknown, and malicious behaviors and
connections.
|
|
Event
|
An observable, measurable occurrence in a system or network.
|
|
False positive
|
A detection that is determined to be high risk but is
actually benign.
|
|
File submission rule
|
A set of criteria and conditions used to reduce the
number of files in the Virtual Analyzer queue. File submission rules check files
based on detection types, detection rules, and file properties.
|
|
IntelliTrap
|
A Trend Micro utility that helps reduce the risk of viruses entering the network by blocking real-time
compressed executable files and pairing them with other malware characteristics.
|
|
The IntelliTrap Exception Pattern contains detection
routines for safe compressed executable (packed) files to reduce the amount of
false positives during IntelliTrap scanning.
|
|
|
The IntelliTrap Pattern contains the detection routines
for compressed executable (packed) file types that are known to commonly obfuscate
malware and other potential threats.
|
|
|
Log
|
An official record of events occurring in a system or network.
|
|
Management console
|
A web-based user interface for managing a
product.
|
|
Management port
|
A hardware port that connects to the management
network.
|
|
Message ID
|
A unique identifier for a digital message, most commonly a
globally unique identifier used in email messages. Message IDs must have a
specific format (subset of an email address) and be globally unique. A common
technique used by many message systems is to use a time and date stamp along with
the local host's domain same.
|
|
Message stamp
|
Text added at the beginning or end of the email
message.
|
|
Message tag
|
Text added to the subject line of the email message.
|
|
MTA mode
|
A Deep Discovery Email
Inspector operation mode. Deep Discovery Email
Inspector can act as a Mail
Transfer Agent (MTA) in the mail traffic flow. As an inline MTA, Deep Discovery Email
Inspector directly protects
your network from harm by blocking malicious email messages.
|
|
Notification
|
A message triggered by an event in an endpoint or
network.
|
|
Permitted sender
|
An email sender approved by Deep Discovery Email
Inspector as being safe.
|
|
Permitted sender of relayed mail
|
An endpoint permitted or denied connection to the
appliance based on the IP address of a single endpoint or any endpoint in an IP
address range.
|
|
Port
|
The following term has multiple definitions depending upon its
context:
|
|
Report
|
A compilation of data generated from selectable criteria, used
to provide the user with needed information.
|
|
Sample
|
A potentially malicious file or URL submitted to Virtual
Analyzer. Virtual Analyzer opens the file or accesses the link in the sample to
analyze the risk level. If Virtual Analyzer finds any additional links or files
while analyzing a sample, Virtual Analyzer also analyzes them.
Example: If a user submits an archive that contains multiple files
to Virtual Analyzer, Virtual Analyzer will analyze the archive as well as all of
the encrypted files.
|
|
Sandbox image
|
A template used to deploy sandbox instances in Virtual
Analyzer. A sandbox image includes an operating system, installed software, and
other settings necessary for that specific computing environment.
|
|
Sandbox instance
|
A single virtual machine based on a sandbox image.
|
|
Script Analyzer Engine
|
The Script Analyzer Pattern is used during analysis
of web page scripts to identify malicious code.
|
|
Smart Feedback
|
Shares protected threat information with the Smart
Protection Network, allowing Trend Micro to rapidly
identify and address new threats. Trend Micro Smart
Feedback may include product information such as the product name, ID, and
version, as well as detection information including file types, SHA-1 hash values,
URLs, IP addresses, and domains.
|
|
Smart Protection Network
|
Rapidly and accurately identifies new threats, delivering global threat intelligence
to all Trend Micro products and services. The Smart Protection Network cloud data mining framework advances
in the depth and breadth allow Trend Micro to look in more places for threat data, and respond to new threats more effectively,
to secure data wherever it resides.
|
|
Social engineering
|
A form of attack to psychologically manipulate a person to perform actions or
divulge confidential information. A type of confidence trick for the purpose of
information gathering, fraud, or system access, it differs from a traditional
"con" in that it is often one of many steps in a more complex fraud scheme.
|
|
Source IP address
|
The IP address of the mail server nearest to the email
sender.
Examples: gateway mail server, compromised mail server,
botnet with mail relay capabilities
|
|
SPAN/TAP mode
|
A Deep Discovery Email
Inspector operation mode. Deep Discovery Email
Inspector operates as an out-of-band appliance. Deep Discovery Email
Inspector silently monitors
mirrored email traffic received from a switch or network tap and notifies security
administrators about discovered threats.
|
|
Spear phishing
|
A type of targeted attack where an attacker sends an email message masquerading
as a known or legitimate entity to gain personal information from a targeted
person. Spear phishing significantly raises the chances that targets will read a
message that will allow to compromise a target network. In many cases,
spear-phishing emails use attachments made to appear as legitimate documents
because sharing via email is a common practice among large enterprises and
government organizations.
|
|
The Spyware Pattern identifies spyware and grayware in
messages and attachments.
|
|
|
Threat Connect
|
Correlates suspicious objects detected in your environment and threat data from the
Trend Micro Smart Protection Network. The resulting intelligence reports enable you to investigate
potential threats and take actions pertinent to your attack profile.
|
|
The Threat Knowledge Base provides information for threat
correlation.
|
|
|
True file type
|
The kind of data stored in a file, regardless of the file
extension.
Example: A text file may have an extension of HTML, CSV,
or TXT, but its true file type remains the same.
|
|
Unscannable Archive
|
A password-protected archive that cannot be
extracted and scanned using a custom-defined password list or heuristically
obtained passwords.
|
|
Viewer account
|
An account that can view detection and system
information, but does not have access to most configuration screens on the
management console.
|
|
Virtual Analyzer
|
An isolated virtual environment used to manage and
analyze samples. Virtual Analyzer observes sample behavior and characteristics,
and then assigns a risk level to the sample.
|
|
The Virtual Analyzer Sensors are a collection of utilities
used to execute and detect malware and to record behavior in Virtual Analyzer.
|
|
|
Virus Pattern
|
The Trend Micro Virus Scan Engine protects against viruses and malware in files through heuristic,
signature-based, and behavior-based detection. Trend Micro updates the virus pattern
files as soon as detection routines for new threats are available.
|
|
Web Reputation Services
|
Tracks the credibility of web domains. Web Reputation Services
assigns reputation scores based on factors such as a website's age, historical
location changes, and indications of suspicious activities discovered through
malware behavior analysis.
|
|
The Widget Framework provides the template for Deep Discovery Email
Inspector widgets.
|
Views:
Keywords: ATSE,Spyware Pattern,Script Analyzer Pattern,Advanced Threat Scan Engine,Threat Knowledge Base,Virtual Analyzer Sensors,Widget Framework,IntelliTrap Pattern,IntelliTrap Exception Pattern