At the heart of all Trend Micro products lies a scan engine. Originally developed
in response
to early file-based viruses, the scan engine today is exceptionally sophisticated
and capable of
detecting Internet worms, mass mailers, Trojan horse threats, phishing sites, and
network
exploits as well as viruses. The scan engine detects two types of threats:
-
Actively circulating: Threats that are actively circulating on the Internet
-
Known and controlled: Controlled viruses not in circulation, but that are developed and used for research
Rather than scan every byte of every file, the engine and pattern file work together
to
identify not only tell-tale characteristics of the virus code, but the precise location
within a
file where a virus would hide. If the Agent detects a virus, it can remove it and
restore the
integrity of the file. The scan engine receives incrementally updated pattern files
(to reduce
bandwidth) from Trend Micro.
The scan engine is able to decrypt all major encryption formats (including MIME and
BinHex). It
recognizes and scans common compression formats, including ZIP, ARJ, and CAB. The
Agent can also
scan multiple layers of compression within a file (maximum of six).
It is important that the scan engine remain current with new threats. Trend Micro
ensures this
in two ways:
-
Frequent updates to the virus pattern file
-
Upgrades to the engine software prompted by a change in the nature of virus threats, such as a rise in mixed threats like SQL Slammer
The Trend Micro scan engine is certified annually by international computer security
organizations, including ICSA (International Computer Security Association)