ActiveUpdate is a function common to many Trend Micro products. Connected to the Trend
Micro update website, ActiveUpdate provides up-to-date downloads of pattern files, scan
engines, programs, and other Trend Micro component files through the Internet.
A program used on the Internet that performs a repetitive function such as searching
A basic zipper format used as a compressor for single files and not a full
A single file containing one or more separate files plus information for extraction by
a suitable program, such as WinZip.
A mechanism for storing information about an Internet user, such as name, preferences,
and interests, which is stored in the web browser for later use. The next time you access a
website for which your browser has a cookie, the browser sends the cookie to the web server,
which the web server can then use to present you with customized web pages. For example, you
might enter a website that welcomes you by name.
Designed (through social engineering or technical stealth) to perpetrate identity
theft in order to access a computer user's online accounts at financial services companies and
online retailers for the purpose of taking funds from those accounts or completing
unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also
often has the intent to export confidential or sensitive information from a network for
Denial of Service Attack
A Denial of Service (DoS) attack refers to an attack on a computer or network that
causes a loss of "service," namely a network connection. Typically, DoS attacks negatively
affect network bandwidth or overload system resources such as the computer’s memory.
Dynamic Host Control Protocol (DHCP) is a protocol for assigning dynamic IP addresses
to devices in a network. With dynamic addressing, a device can have a different IP address
every time it connects to the network. In some systems, the device’s IP address can even
change while it is still connected. DHCP also supports a mix of static and dynamic IP
Domain Name system (DNS) is a general-purpose data query service chiefly used in the
Internet for translating host names into IP addresses.
When a DNS client requests host name
and address data from a DNS server, the process is called resolution. Basic DNS
configuration results in a server that performs default resolution. For example, a remote
server queries another server for data in a machine in the current zone. Client software in
the remote server queries the resolver, which answers the request from its database
The full name of a system, consisting of its local host name and its domain name, for
example, tellsitall.com. A domain name should be sufficient to determine a unique Internet
address for any host on the Internet. This process, called "name resolution," uses the Domain
Name System (DNS).
Dynamic IP Address
A Dynamic IP address is an IP address assigned by a DHCP server. The MAC address of a
computer will remain the same, however, the DHCP server may assign a new IP address to the
computer depending on availability.
Enhanced Simple Mail Transport Protocol (ESMTP) includes security, authentication and
other devices to save bandwidth and protect servers.
End-user License Agreement
An End-user License Agreement or EULA is a legal contract between a software publisher and
the software user. It typically outlines restrictions on the side of the user, who can
refuse to enter into the agreement by not clicking "I accept" during installation. Clicking
"I do not accept" will, of course, end the installation of the software product.
Many users inadvertently agree to the installation of spyware and other types of grayware
into their computers when they click "I accept" on EULA prompts displayed during the
installation of certain free software.
A false positive occurs when a file is incorrectly detected by security software as
File Transfer Protocol (FTP) is a standard protocol used for transporting files from a
server to a client over the Internet. Refer to Network Working Group RFC 959 for more
The interface between an information source and a web server. Some companies have an
NAT or proxy server at the corporate network edge. All the web traffic of internal users goes
through that network gateway and from the web server. The connection comes from the gateway.
GeneriClean, also known as referential cleaning, is a new technology for cleaning
viruses/malware even without the availability of virus cleanup components. Using a detected
file as basis, GeneriClean determines if the detected file has a corresponding process/service
in memory and a registry entry, and then removes them altogether.
A category of software that might be legitimate, unwanted, or malicious. Unlike
threats such as viruses, worms, and Trojans, grayware does not infect, replicate, or destroy
data; however, it might violate your privacy. Examples of grayware include spyware, adware,
and remote access tools.
Named for a GNU Project compression file that is used for single files and not a full
Hypertext Transfer Protocol (HTTP) is a standard protocol used for transporting web
pages (including graphics and multimedia content) from a server to a client over the Internet.
Hypertext Transfer Protocol using Secure Socket Layer (SSL). HTTPS is a variant of
HTTP used for handling secure transactions.
Occasionally a gateway or destination host uses Internet Control Message Protocol
(ICMP) to communicate with a source host, for example, to report an error in datagram
processing. ICMP uses the basic support of IP as if it were a higher level protocol, however,
ICMP is actually an integral part of IP, and implemented by every IP module. ICMP messages are
sent in several situations: for example, when a datagram cannot reach its destination, when
the gateway does not have the buffering capacity to forward a datagram, and when the gateway
can direct the host to send traffic on a shorter route. The Internet Protocol is not designed
to be absolutely reliable. The purpose of these control messages is to provide feedback about
problems in the communication environment, not to make IP reliable.
IntelliScan is a method of identifying files to scan. For executable files (for example,
.exe), the true file type is determined based on the file content. For non-executable files
(for example, .txt), the true file type is determined based on the file header.
Using IntelliScan provides the following benefits:
Performance optimization: IntelliScan does not affect applications on the client
because it uses minimal system resources.
Shorter scanning period: Because IntelliScan uses true file type identification, it
only scans files that are vulnerable to infection. The scan time is therefore
significantly shorter than when you scan all files.
Virus writers often attempt to circumvent virus filtering by using real-time
compression algorithms. IntelliTrap helps reduce the risk of such viruses entering the network
by blocking real-time compressed executable files and pairing them with other malware
characteristics. Because IntelliTrap identifies such files as security risks and may
incorrectly block safe files, consider quarantining (not deleting or cleaning) files when you
enable IntelliTrap. If users regularly exchange real-time compressed executable files, disable
IntelliTrap. IntelliTrap uses the following components: Virus Scan Engine, IntelliTrap
Pattern, and IntelliTrap Exception Pattern.
The internet protocol (IP) provides for transmitting blocks of data called datagrams
from sources to destinations, where sources and destinations are hosts identified by fixed
length addresses. (RFC 791)
Java is a general-purpose programming language developed by Sun Micro Systems. A Java
file contains Java code. Java supports programming for the Internet in the form of
platform-independent Java "applets." An applet is a program written in Java programming
language that can be included in an HTML page. When you use a Java-technology enabled browser
to view a page that contains an applet, the applet transfers its code to your computer and the
browser’s Java Virtual Machine executes the applet.
A listening port is utilized for client connection requests for data exchange.
Software that is designed to disrupt or gain unauthorized access to a system, gather
information that compromises a person's privacy or assets, or other behavior that is harmful
to the user.
Mixed Threat Attack
Mixed threat attacks take advantage of multiple entry points and vulnerabilities in
enterprise networks, such as the “Nimda” or “Code Red” threats.
A charting widget that you can add to the “Dashboard” page in order to track malware
or a particular activity protected by ICS.
Network Address Translation (NAT) is a standard for translating secure IP addresses to
temporary, external, registered IP address from the address pool. This allows trusted networks
with privately assigned IP addresses to have access to the Internet. This also means that you
do not have to get a registered IP address for every machine in the network.
Network Basic Input Output System (NetBIOS) is an application program interface (API)
that adds functionality such as network capabilities to disk operating system (DOS) basic
input/output system (BIOS).
NAT traversal has become an increasingly more significant issue in the current
real-world network environment. To address this issue, MCP uses one-way communication. One-way
communication has the MCP agent initiating the connection to, and polling of commands from,
the server. Each request is a CGI-like command query or log transmission. To reduce the
network impact, the MCP agent keeps connection alive and open as much as possible. A
subsequent request uses an existing open connection. If the connection breaks, all SSL
connections to the same host benefit from session ID cache that drastically reduces
A patch is a group of hot fixes and security patches that solve multiple program
issues. Trend Micro makes patches available on a regular basis. Windows patches include a
Setup program, while non-Windows patches commonly have a setup script.
Phish, or phishing, is a rapidly growing form of fraud that seeks to fool web users into
divulging private information by mimicking a legitimate website.
In a typical
scenario, unsuspecting users get an urgent sounding (and authentic looking) email telling
them there is a problem with their account that they must immediately fix to avoid account
termination. The email will include a URL to a website that looks exactly like the real
thing. It is simple to copy a legitimate email and a legitimate website but then change the
so-called back end, which receives the collected data.
The email tells the user to
log on to the site and confirm some account information. A hacker receives data a user
provides, such as a logon name, password, credit card number, or social security
Phish fraud is fast, cheap, and easy to perpetuate. It is also potentially
quite lucrative for those criminals who practice it. Phish is hard for even computer-savvy
users to detect. And it is hard for law enforcement to track down. Worse, it is almost
impossible to prosecute.
Please report to Trend Micro any website you suspect to be a
Ping is a utility that sends an ICMP echo request to an IP address and waits for a
response. The Ping utility can determine if the computer with the specified IP address is
online or not.
Post Office Protocol 3 (POP3) is a standard protocol for storing and transporting
email messages from a server to a client email application.
Packets forwarding technology based on a destination port. Administrators can
configure an existing network device, (such as a firewall or switch) to easily deploy
InterScan Cloud Security.
Proxy Auto-configuration (PAC) File
PAC files specify which proxies should be used and under what circumstances. PAC files may be
hosted on each workstation, on an internal Web server, on a server outside the corporate
network, or on ICS. Browsers simply require the address of the PAC file - they fetch the file
A proxy server is a World Wide Web server which accepts URLs with a special prefix,
used to fetch documents from either a local cache or a remote server, then returns the URL to
A Roshal Archive file is a non-documented archive file format that supports data
compression, error recovery, and file spanning.
Users that are not within the range of the company gateway.
Remote procedure call (RPC) is a network protocol that allows a computer program
running on one host to cause code to be executed on another host.
A security patch focuses on security issues suitable for deployment to all customers.
Windows security patches include a Setup program, while non-Windows patches commonly have a
A service pack is a consolidation of hot fixes, patches, and feature enhancements
significant enough to be a product upgrade. Both Windows and non-Windows service packs include
a Setup program and setup script.
Simple Mail Transport Protocol (SMTP) is a standard protocol used to transport email
messages from server to server, and client to server, over the internet.
Simple Network Management Protocol (SNMP) is a protocol that supports monitoring of
devices attached to a network for conditions that merit administrative attention.
SOCKS 4 is a TCP protocol used by proxy servers to establish a connection between
clients on the internal network or LAN and computers or servers outside the LAN. The SOCKS 4
protocol makes connection requests, sets up proxy circuits and relays data at the Application
layer of the OSI model.
Software as a Service (SaaS)
A model of software deployment whereby software including business processes,
enterprise applications, and collaboration tools, are provided as a service to
Secure Socket Layer (SSL) is a protocol designed by Netscape for providing data
security layered between application protocols (such as HTTP, Telnet, or FTP) and TCP/IP. This
security protocol provides data encryption, server authentication, message integrity, and
optional client authentication for a TCP/IP connection. With SSL, client/server applications
can communicate in a way that is designed to prevent eavesdropping, tampering, and message
This digital certificate establishes secure HTTPS communication.
A compressed file that uses a method of compression that compresses the entire file
rather than breaking it up, often used for distributing open source code.
Transmission Control Protocol (TCP) is a connection-oriented, end-to-end reliable
protocol designed to fit into a layered hierarchy of protocols that support multi-network
applications. TCP relies on IP datagrams for address resolution. Refer to DARPA Internet
Program RFC 793 for information.
Telnet is a standard method of interfacing terminal devices over TCP by creating a
"Network Virtual Terminal." Refer to Network Working Group RFC 854 for more information.
User Datagram Protocol (UDP) is a connectionless communication protocol used with IP
for application programs to send messages to other programs. Refer to DARPA Internet Program
RFC 768 for information.
Web Reputation Service (WRS)
Web Reputation Services are offered by Trend Micro to detect and block Web-based
security risks, including phishing attacks.
A portable, reusable application that can be added to the Dashboard page in order to
track malware or a particular activity protected by ICS.
The ZIP file format is a data compression and archive format. A ZIP file contains one
or more files that have been compressed to reduce file size, or stored as-is. The ZIP file
format permits a number of compression algorithms.