ActiveUpdate is a function common to many Trend Micro products. Connected to the Trend Micro update website, ActiveUpdate provides up-to-date downloads of pattern files, scan engines, programs, and other Trend Micro component files through the Internet.


A program used on the Internet that performs a repetitive function such as searching for information.

BZIP Files

A basic zipper format used as a compressor for single files and not a full archiver.

Compressed File

A single file containing one or more separate files plus information for extraction by a suitable program, such as WinZip.


Designed (through social engineering or technical stealth) to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation.

Denial of Service Attack

A Denial of Service (DoS) attack refers to an attack on a computer or network that causes a loss of "service," namely a network connection. Typically, DoS attacks negatively affect network bandwidth or overload system resources such as the computer’s memory.


Dynamic Host Control Protocol (DHCP) is a protocol for assigning dynamic IP addresses to devices in a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device’s IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.


Domain Name system (DNS) is a general-purpose data query service chiefly used in the Internet for translating host names into IP addresses.

When a DNS client requests host name and address data from a DNS server, the process is called resolution. Basic DNS configuration results in a server that performs default resolution. For example, a remote server queries another server for data in a machine in the current zone. Client software in the remote server queries the resolver, which answers the request from its database files.

Domain Name

The full name of a system, consisting of its local host name and its domain name, for example, A domain name should be sufficient to determine a unique Internet address for any host on the Internet. This process, called "name resolution," uses the Domain Name System (DNS).

Dynamic IP Address

A Dynamic IP address is an IP address assigned by a DHCP server. The MAC address of a computer will remain the same, however, the DHCP server may assign a new IP address to the computer depending on availability.


Enhanced Simple Mail Transport Protocol (ESMTP) includes security, authentication and other devices to save bandwidth and protect servers.

End-user License Agreement

An End-user License Agreement or EULA is a legal contract between a software publisher and the software user. It typically outlines restrictions on the side of the user, who can refuse to enter into the agreement by not clicking "I accept" during installation. Clicking "I do not accept" will, of course, end the installation of the software product.

Many users inadvertently agree to the installation of spyware and other types of grayware into their computers when they click "I accept" on EULA prompts displayed during the installation of certain free software.

False Positive

A false positive occurs when a file is incorrectly detected by security software as infected.


File Transfer Protocol (FTP) is a standard protocol used for transporting files from a server to a client over the Internet. Refer to Network Working Group RFC 959 for more information.


The interface between an information source and a web server. Some companies have an NAT or proxy server at the corporate network edge. All the web traffic of internal users goes through that network gateway and from the web server. The connection comes from the gateway.


GeneriClean, also known as referential cleaning, is a new technology for cleaning viruses/malware even without the availability of virus cleanup components. Using a detected file as basis, GeneriClean determines if the detected file has a corresponding process/service in memory and a registry entry, and then removes them altogether.


A category of software that might be legitimate, unwanted, or malicious. Unlike threats such as viruses, worms, and Trojans, grayware does not infect, replicate, or destroy data; however, it might violate your privacy. Examples of grayware include spyware, adware, and remote access tools.


Named for a GNU Project compression file that is used for single files and not a full archiver.


Hypertext Transfer Protocol (HTTP) is a standard protocol used for transporting web pages (including graphics and multimedia content) from a server to a client over the Internet.


Hypertext Transfer Protocol using Secure Socket Layer (SSL). HTTPS is a variant of HTTP used for handling secure transactions.


Occasionally a gateway or destination host uses Internet Control Message Protocol (ICMP) to communicate with a source host, for example, to report an error in datagram processing. ICMP uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and implemented by every IP module. ICMP messages are sent in several situations: for example, when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The Internet Protocol is not designed to be absolutely reliable. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable.


IntelliScan is a method of identifying files to scan. For executable files (for example, .exe), the true file type is determined based on the file content. For non-executable files (for example, .txt), the true file type is determined based on the file header.

Using IntelliScan provides the following benefits:

  • Performance optimization: IntelliScan does not affect applications on the client because it uses minimal system resources.

  • Shorter scanning period: Because IntelliScan uses true file type identification, it only scans files that are vulnerable to infection. The scan time is therefore significantly shorter than when you scan all files.


Virus writers often attempt to circumvent virus filtering by using real-time compression algorithms. IntelliTrap helps reduce the risk of such viruses entering the network by blocking real-time compressed executable files and pairing them with other malware characteristics. Because IntelliTrap identifies such files as security risks and may incorrectly block safe files, consider quarantining (not deleting or cleaning) files when you enable IntelliTrap. If users regularly exchange real-time compressed executable files, disable IntelliTrap. IntelliTrap uses the following components: Virus Scan Engine, IntelliTrap Pattern, and IntelliTrap Exception Pattern.


The internet protocol (IP) provides for transmitting blocks of data called datagrams from sources to destinations, where sources and destinations are hosts identified by fixed length addresses. (RFC 791)

Java File

Java is a general-purpose programming language developed by Sun Micro Systems. A Java file contains Java code. Java supports programming for the Internet in the form of platform-independent Java "applets." An applet is a program written in Java programming language that can be included in an HTML page. When you use a Java-technology enabled browser to view a page that contains an applet, the applet transfers its code to your computer and the browser’s Java Virtual Machine executes the applet.

Listening Port

A listening port is utilized for client connection requests for data exchange.


Software that is designed to disrupt or gain unauthorized access to a system, gather information that compromises a person's privacy or assets, or other behavior that is harmful to the user.

Mixed Threat Attack

Mixed threat attacks take advantage of multiple entry points and vulnerabilities in enterprise networks, such as the “Nimda” or “Code Red” threats.


A charting widget that you can add to the “Dashboard” page in order to track malware or a particular activity protected by ICS.


Network Address Translation (NAT) is a standard for translating secure IP addresses to temporary, external, registered IP address from the address pool. This allows trusted networks with privately assigned IP addresses to have access to the Internet. This also means that you do not have to get a registered IP address for every machine in the network.


Network Basic Input Output System (NetBIOS) is an application program interface (API) that adds functionality such as network capabilities to disk operating system (DOS) basic input/output system (BIOS).

One-way Communication

NAT traversal has become an increasingly more significant issue in the current real-world network environment. To address this issue, MCP uses one-way communication. One-way communication has the MCP agent initiating the connection to, and polling of commands from, the server. Each request is a CGI-like command query or log transmission. To reduce the network impact, the MCP agent keeps connection alive and open as much as possible. A subsequent request uses an existing open connection. If the connection breaks, all SSL connections to the same host benefit from session ID cache that drastically reduces re-connection time.


A patch is a group of hot fixes and security patches that solve multiple program issues. Trend Micro makes patches available on a regular basis. Windows patches include a Setup program, while non-Windows patches commonly have a setup script.

Phish Attack

Phish, or phishing, is a rapidly growing form of fraud that seeks to fool web users into divulging private information by mimicking a legitimate website.

In a typical scenario, unsuspecting users get an urgent sounding (and authentic looking) email telling them there is a problem with their account that they must immediately fix to avoid account termination. The email will include a URL to a website that looks exactly like the real thing. It is simple to copy a legitimate email and a legitimate website but then change the so-called back end, which receives the collected data.

The email tells the user to log on to the site and confirm some account information. A hacker receives data a user provides, such as a logon name, password, credit card number, or social security number.

Phish fraud is fast, cheap, and easy to perpetuate. It is also potentially quite lucrative for those criminals who practice it. Phish is hard for even computer-savvy users to detect. And it is hard for law enforcement to track down. Worse, it is almost impossible to prosecute.

Please report to Trend Micro any website you suspect to be a phishing site.


Ping is a utility that sends an ICMP echo request to an IP address and waits for a response. The Ping utility can determine if the computer with the specified IP address is online or not.


Post Office Protocol 3 (POP3) is a standard protocol for storing and transporting email messages from a server to a client email application.

Port Forwarding

Packets forwarding technology based on a destination port. Administrators can configure an existing network device, (such as a firewall or switch) to easily deploy InterScan Cloud Security.

Proxy Auto-configuration (PAC) File

PAC files are text files containing JavaScript, a high-level programming language. The PAC files specify which proxies should be used and under what circumstances. PAC files may be hosted on each workstation, on an internal Web server, on a server outside the corporate network, or on ICS. Browsers simply require the address of the PAC file - they fetch the file at the address specified and execute the JavaScript contained within it.

Proxy Server

A proxy server is a World Wide Web server which accepts URLs with a special prefix, used to fetch documents from either a local cache or a remote server, then returns the URL to the requester.

RAR File

A Roshal Archive file is a non-documented archive file format that supports data compression, error recovery, and file spanning.

Roaming User

Users that are not within the range of the company gateway.


Remote procedure call (RPC) is a network protocol that allows a computer program running on one host to cause code to be executed on another host.

Security Patch

A security patch focuses on security issues suitable for deployment to all customers. Windows security patches include a Setup program, while non-Windows patches commonly have a setup script.

Service Pack

A service pack is a consolidation of hot fixes, patches, and feature enhancements significant enough to be a product upgrade. Both Windows and non-Windows service packs include a Setup program and setup script.


Simple Mail Transport Protocol (SMTP) is a standard protocol used to transport email messages from server to server, and client to server, over the internet.


Simple Network Management Protocol (SNMP) is a protocol that supports monitoring of devices attached to a network for conditions that merit administrative attention.


SOCKS 4 is a TCP protocol used by proxy servers to establish a connection between clients on the internal network or LAN and computers or servers outside the LAN. The SOCKS 4 protocol makes connection requests, sets up proxy circuits and relays data at the Application layer of the OSI model.

Software as a Service (SaaS)

A model of software deployment whereby software including business processes, enterprise applications, and collaboration tools, are provided as a service to customers.


Secure Socket Layer (SSL) is a protocol designed by Netscape for providing data security layered between application protocols (such as HTTP, Telnet, or FTP) and TCP/IP. This security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.

SSL Certificate

This digital certificate establishes secure HTTPS communication.

TAR File

A compressed file that uses a method of compression that compresses the entire file rather than breaking it up, often used for distributing open source code.


Transmission Control Protocol (TCP) is a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols that support multi-network applications. TCP relies on IP datagrams for address resolution. Refer to DARPA Internet Program RFC 793 for information.


Telnet is a standard method of interfacing terminal devices over TCP by creating a "Network Virtual Terminal." Refer to Network Working Group RFC 854 for more information.


User Datagram Protocol (UDP) is a connectionless communication protocol used with IP for application programs to send messages to other programs. Refer to DARPA Internet Program RFC 768 for information.

Web Reputation Service (WRS)

Web Reputation Services are offered by Trend Micro to detect and block Web-based security risks, including phishing attacks.


A portable, reusable application that can be added to the Dashboard page in order to track malware or a particular activity protected by ICS.

ZIP File

The ZIP file format is a data compression and archive format. A ZIP file contains one or more files that have been compressed to reduce file size, or stored as-is. The ZIP file format permits a number of compression algorithms.