File Security FAQs | Trend Micro Service Central

General

General questions about File Security:

What is File Security?
How does Trend Vision One – File Security differ from Trend Cloud One – File Storage Security?
How do I deploy File Security?
When would an organization choose File Security SDK as opposed to File Security Storage?
What storage services does File Security work with?
How long do scans take?
How does File Security scale?
Why am I unable to use File Security?
Why am I limited to five scans?

Architecture

Questions about File Security architecture:

How does File Security SDK scan files?
How does File Security Storage scan files?

Scanner

Questions about the File Security scanner:

What scanner does File Security SDK use to scan files? Are the patterns updated?
Can File Security detect ransomware?
Are file contents sent to the Trend Micro server?
What anti-malware patterns does File Security Storage use to scan file? Are the patterns updated?
Does File Security send file contents to the Trend Micro Smart Protection Server?
We use a presigned URL to upload files to our AWS S3 buckets. Can we see if the uploaded file is malicious in the result of the file upload request?

Pricing

Questions about File Security pricing:

What is the pricing for File Security?
Can I purchase less than 500,000 scans? Or more?
Can I purchase just Storage or just SDK without the other feature?

What is File Security?

Trend Vision One™ – File Security is an innovative solution engineered to bolster the security posture of files and cloud storage against the relentless tide of malware threats. Based on different needs, there are two features in File Security:

File Security SDK is an scanner app that can assess files for malware and display real-time results so you can immediately identify and address likely security issues in your files. File Security SDK can leverage the power of predictive machine learning (PML) to match novel variants against known hazards.
File Storage Security is an advanced version of Trend Cloud One™ – File Storage Security. It leverages the account scanner stack features in Trend Cloud One – File Storage Security, but is much easier to deploy using cloud account management (CAM). File Security Storage provides complete visibility of your cloud storage inventory within the Trend Vision One console so you can protect multiple buckets at once.

For more information, see What is File Security.

How does Trend Vision One – File Security differ from Trend Micro Cloud One – File Storage Security?

Aside from being part of Trend Vision One, the biggest difference is that we have expanded functionality.

In Trend Cloud One, File Storage Security can only scan files in Amazon S3 buckets. However, Trend Vision One – File Security can scan files in any application, whether the files are in the cloud or on-premises.
Though SDK deployment is different, deployment for traditional S3 coverage (storage) remains the same as it always has for Trend Cloud One – File Storage Security.
The SDK scanner is equipped with the option to use predictive machine learning (PML), a capability which is unavailable in Trend Cloud One.

How do I deploy File Security?

While Trend Micro broadly considers File Security to be one solution, it deploys differently depending on the feature:

Storage – Deploy through Cloud Account Management (CAM) to selected regions. Then, on the Inventory tab, choose which buckets you want to protect and turn on EventBridge for those buckets.
SDK – Deploy using either a software development kit (SDK) or the command line interface (CLI) to scan files.

When would an organization choose File Security SDK as opposed to File Security Storage?

Choose the feature or combination that best suits your organizational needs:

File Security features

File Security Storage	File Security SDK
Limited solely to cloud storage applications.	Allows for file-scanning anywhere; not just storage applications.
Valuable for organizations without a robust development team.	Intended for teams with experience programming using an SDK.
The storage stack is easy to deploy, requiring just a few clicks and no more than about ten minutes.	Requires more coding to deploy in addition to stronger cloud architect and developer teams to implement automation.

What storage services does File Security work with?

At this time, File Security Storage works with Amazon Web Service (AWS) storage. See Deploying for AWS storage.

How long do scans take?

Scan time depends on the file size and type, but can range from under a second to a few minutes.

How does File Security scale?

Because File Security uses a serverless scanner, it can handle multiple scans concurrently. This means File Security automatically scales up in response to load increases--or or down in response to load decreases. For details, see Scaling and performance.

Why am I unable to use File Security?

Your user account may need additional permissions to deploy, view inventory and scan results, initiate scans, or allocate credits.

Why am I limited to five scans?

You are using an Essentials Access account. Purchase and allocate credits to File Storage to extend scanning.

How does File Security SDK scan files?

Once you have deployed the File Security SDK scanner, the scanner stack scans all incoming files for known malware. File Security SDK can send notifications and quarantine malware.

How does File Security Storage scan files?

After deploying the File Security Storage scanner stack to the selected region and turning on EventBridge for selected buckets in that region, the scanner stack scans all incoming files. The Scanner stack is located in each region, with one server in each region and bucket. With event notification turned on, scanner Lambda scans any incoming file in the scanner stack. The scanner Lambda then sends malicious files to quarantine.

What scanner does File Security SDK use to scan files? Are the patterns updated?

The scanner is located at Trend Micro. Trend Micro scans the file for you--always with the latest pattern.

Can File Security detect ransomware?

Yes. The File Security scanner for both SDK and storage can detect all types of malware including ransomware, trojans, and spyware.

Are file contents sent to the Trend Micro server?

No. File Security only sends the following to the Trend Micro Smart Protection Server:

File Security SDK sends only the critical part of the file.
File Security Storage sends only the identification information (hash value).

What anti-malware patterns does File Security Storage use to scan file? Are the patterns updated?

File Storage Security uses the following patterns:

Smart Scan Agent Pattern: This pattern (icrc$oth.XXX) can detect known ransomware like RANSOM_HPLOCKY.SM4 and is used for heuristic or generic detection.
IntelliTrap Pattern: This pattern Pattern detects compression files packed as executable files.
IntelliTrap Exception Pattern: This pattern contains a list of approved compression files.

Does File Security send file contents to the Trend Micro Smart Protection Server?

No. File Security only send identification information to the Smart Protection Server.

We use a presigned URL to upload files to our AWS S3 buckets. Can we see if the uploaded file is malicious in the result of the file upload request?

No. The design of AWS S3 does not allow you to determine whether an uploaded file is malicious from the result of an upload request.

What is the pricing for File Security?

Pricing for File Security, which applies to both Storage and SDK features, is 5,000 credits per 500,000 scans. So, for example, if you need 3,000,000 scans, you would allocate 30,000 credits. For details, see Credit Usage.

Can I purchase less than 500,000 scans? Or more?

You can purchase scans in increments of 500,000 for 5,000 credits.

So, for example, if you need 1,500,000 scans, then you would purchase 2,000,000 scans for 20,000 credits. For details about credits, see Credit Usage.

Can I purchase just Storage or just SDK without the other feature?

No, pricing for File Security applies to both Storage and SDK features.