ActiveUpdate Server

Provides updates for product components, including pattern files. Trend Micro regularly releases component updates through the Trend Micro ActiveUpdate server.

Advanced Threat Scan Engine

Advanced Threat Scan Engine (64-bit)

The Advanced Threat Scan Engine protects against viruses, malware, and exploits to vulnerabilities in software such as Java and Flash. Integrated with the Trend Micro Virus Scan Engine, the Advanced Threat Scan Engine employs signature-based, behavior-based, and aggressive heuristic detection.

Affected Recipient

A recipient of malicious or suspicious email messages.


An occurrence of an event or set of events triggering a predefined condition.

Alerts have the following levels of importance:

  • Critical Alert

    A message about an event that requires immediate attention.

  • Important Alert

    A message about an event that does not require immediate attention, but should be observed.

  • Informational Alert

    A message about an event that is most likely benign.


A file composed of one or more files that have been concatenated, compressed, or encrypted for portability or storage.

An "archive" may also be called a "compressed file".

Archive file password

A password to decrypt an archive.

Attack source

The first mail server with a public IP address that routes a suspicious message. For example, if a suspicious message routes from IP1 (sender) to IP2 (MTA: to IP3 (company mail gateway) to IP4 (recipient), Deep Discovery Email Inspector identifies (IP2) as the attack source. By studying attack sources, you can identify regional attack patterns or attack patterns that involve the same mail server.


An individual, group, organization, or government that conducts or has the intent to conduct harmful activities.


The verification of the identity of a person or a process. Authentication ensures that the system delivers the digital data transmissions to the intended receiver. Authentication also assures the receiver of the integrity of the message and its source (where or whom it came from).

The simplest form of authentication requires a user name and password to gain access to a particular account. Other authentication protocols are secret-key encryption, such as the Data Encryption Standard (DES) algorithm, or public-key systems using digital signatures.


A program that infects computers connected to the Internet, allowing them to be remotely controlled by an attacker. Bot-controlled computers become part of a network of compromised machines that are exploited by the attacker for malicious activities.


A botnet (short for "bot network") is a network of hijacked zombie computers controlled remotely by an attacker. The attacker uses the network to send spam and launch Denial of Service attacks, and may rent the network out to other cybercriminals. If one of the computers targeted becomes compromised, the attacker can often take control of that computer and add it to the botnet.

BCC mode

A Deep Discovery Email Inspector operation mode. Deep Discovery Email Inspector operates as an out-of-band appliance. Deep Discovery Email Inspector silently monitors mirrored email traffic received from an upstream mail server and notifies security administrators about discovered threats.

Callback address

An external IP address, host name, or URL that an object requests ("calls back to") during scanning or analysis. Malware connected to a C&C server often sends requests to it in order to carry out harmful activities.

The host name or IP address that an object requests may be called a "callback host". A URL that an object requests may be called a "callback URL".

Command-and-Control (C&C) server

The central server (s) for a botnet or entire network of compromised devices used by a malicious bot to propagate malware and infect a host.

Compromised MTA

A compromised MTA is usually a third-party open mail relay that attackers can use to send malicious email messages or spam without detection because the mail relay does not check the source or destination for known users.

Certified Safe Software Service (CSSS)

Verifies the safety of files. Certified Safe Software Service reduces false positives, and saves computing time and resources.


The communications backbone of the Apex Central system. Communicator is part of the Apex Central Management Infrastructure. Commands from the Apex Central server to Deep Discovery Email Inspector, and status reports from Deep Discovery Email Inspector to the Apex Central server all pass through this component.

Data port

A hardware port that accesses resources available on a network.


A discovered event, file, or network address. Detections include unusual, undesired, suspicious, unknown, and malicious behaviors and connections.


An observable, measurable occurrence in a system or network.

False positive

A detection that is determined to be high risk but is actually benign.

File submission rule

A set of criteria and conditions used to reduce the number of files in the Virtual Analyzer queue. File submission rules check files based on detection types, detection rules, and file properties.


A Trend Micro utility that helps reduce the risk of viruses entering the network by blocking real-time compressed executable files and pairing them with other malware characteristics.

IntelliTrap Exception Pattern

The IntelliTrap Exception Pattern contains detection routines for safe compressed executable (packed) files to reduce the amount of false positives during IntelliTrap scanning.

IntelliTrap Pattern

The IntelliTrap Pattern contains the detection routines for compressed executable (packed) file types that are known to commonly obfuscate malware and other potential threats.


An official record of events occurring in a system or network.

Management console

A web-based user interface for managing a product.

Management port

A hardware port that connects to the management network.

Message ID

A unique identifier for a digital message, most commonly a globally unique identifier used in email messages. Message IDs must have a specific format (subset of an email address) and be globally unique. A common technique used by many message systems is to use a time and date stamp along with the local host's domain same.

Message stamp

Text added at the beginning or end of the email message.

Message tag

Text added to the subject line of the email message.

MTA mode

A Deep Discovery Email Inspector operation mode. Deep Discovery Email Inspector can act as a Mail Transfer Agent (MTA) in the mail traffic flow. As an inline MTA, Deep Discovery Email Inspector directly protects your network from harm by blocking malicious email messages.


A message triggered by an event in an endpoint or network.

Permitted sender

An email sender approved by Deep Discovery Email Inspector as being safe.

Permitted sender of relayed mail

An endpoint permitted or denied connection to the appliance based on the IP address of a single endpoint or any endpoint in an IP address range.


The following term has multiple definitions depending upon its context:

  • Hardware

    A socket on an endpoint to connect to a removable device, cable, or other external equipment.

  • TCP/IP Networking

    An access channel by which software applications can use hardware resources in parallel.


A compilation of data generated from selectable criteria, used to provide the user with needed information.


A potentially malicious file or URL submitted to Virtual Analyzer. Virtual Analyzer opens the file or accesses the link in the sample to analyze the risk level. If Virtual Analyzer finds any additional links or files while analyzing a sample, Virtual Analyzer also analyzes them.

Example: If a user submits an archive that contains multiple files to Virtual Analyzer, Virtual Analyzer will analyze the archive as well as all of the encrypted files.

Sandbox image

A template used to deploy sandbox instances in Virtual Analyzer. A sandbox image includes an operating system, installed software, and other settings necessary for that specific computing environment.

Sandbox instance

A single virtual machine based on a sandbox image.

Script Analyzer Engine

Script Analyzer Pattern

The Script Analyzer Pattern is used during analysis of web page scripts to identify malicious code.

Smart Feedback

Shares anonymous threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats. Trend Micro Smart Feedback may include product information such as the product name, ID, and version, as well as detection information including file types, SHA-1 hash values, URLs, IP addresses, and domains.

Smart Protection Network

Rapidly and accurately identifies new threats, delivering global threat intelligence to all Trend Micro products and services. The Smart Protection Network cloud data mining framework advances in the depth and breadth allow Trend Micro to look in more places for threat data, and respond to new threats more effectively, to secure data wherever it resides.

Social engineering

A form of attack to psychologically manipulate a person to perform actions or divulge confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

Source IP address

The IP address of the mail server nearest to the email sender.

Examples: gateway mail server, compromised mail server, botnet with mail relay capabilities


A Deep Discovery Email Inspector operation mode. Deep Discovery Email Inspector operates as an out-of-band appliance. Deep Discovery Email Inspector silently monitors mirrored email traffic received from a switch or network tap and notifies security administrators about discovered threats.

Spear phishing

A type of targeted attack where an attacker sends an email message masquerading as a known or legitimate entity to gain personal information from a targeted person. Spear phishing significantly raises the chances that targets will read a message that will allow to compromise a target network. In many cases, spear-phishing emails use attachments made to appear as legitimate documents because sharing via email is a common practice among large enterprises and government organizations.

Spyware Pattern

The Spyware Pattern identifies spyware and grayware in messages and attachments.

Threat Connect

Correlates suspicious objects detected in your environment and threat data from the Trend Micro Smart Protection Network. The resulting intelligence reports enable you to investigate potential threats and take actions pertinent to your attack profile.

Threat Knowledge Base

The Threat Knowledge Base provides information for threat correlation.

True file type

The kind of data stored in a file, regardless of the file extension.

Example: A text file may have an extension of HTML, CSV, or TXT, but its true file type remains the same.

Unscannable Archive

A password-protected archive that cannot be extracted and scanned using a custom-defined password list or heuristically obtained passwords.

Viewer account

An account that can view detection and system information, but does not have access to most configuration screens on the management console.

Virtual Analyzer

An isolated virtual environment used to manage and analyze samples. Virtual Analyzer observes sample behavior and characteristics, and then assigns a risk level to the sample.

Virtual Analyzer Sensors

The Virtual Analyzer Sensors are a collection of utilities used to execute and detect malware and to record behavior in Virtual Analyzer.

Virus Pattern

The Trend Micro Virus Scan Engine protects against viruses and malware in files through heuristic, signature-based, and behavior-based detection. Trend Micro updates the virus pattern files as soon as detection routines for new threats are available.

Web Reputation Services

Tracks the credibility of web domains. Web Reputation Services assigns reputation scores based on factors such as a website's age, historical location changes, and indications of suspicious activities discovered through malware behavior analysis.

Widget Framework

The Widget Framework provides the template for Deep Discovery Email Inspector widgets.