ScanMail Scan Hierarchy

Virus Scan Engine scanning

The Virus Scan Engine provides pattern-based and heuristic scanning for traditional malware threats.

ATSE scanning

ATSE enhances the traditional malware threat protection offered by the Virus Scan Engine. ATSE performs an aggressive scan using heuristic algorithms to identify possible targeted attacks, such as document exploits.

For scan configurations that enable ATSE without sending files to Virtual Analyzer, ScanMail performs the action configured for Advanced threats on any suspicious messages and files detected as an advanced threat by ATSE.

ATSE and Virtual Analyzer

After ATSE detects a suspected malware threat, ScanMail sends the message to Virtual Analyzer for further analysis.

Virtual Analyzer assesses the risk level of the message in an isolated virtual environment and returns the threat rating to the ScanMail server. ScanMail then performs the action configured for Advanced threats if the security rating violates the configured security level for suspected threats.

The sandbox solution protection scope can be configured with Virtual Analyzer settings; such as traffic direction, target recipients, and so on. For example, the top management group or human resource can be configured as target recipients. The default configuration for the protected traffic direction is Inbound messages only. The messages that are not in the sandbox protection scope, are scanned in a traditional manner using local scan engine/pattern file.

ATSE and Machine Learning

The Advance Threat Scan Engine also uses Predictive Machine Learning to query Trend Micro's cloud service when doing virus scanning for some files, such as, Windows executable file (PE) and script files. In contrast to traditional signature based malware detections, Predictive Machine Learning has more ability to detect malware variants.