At the heart of all Trend Micro products lies a scan engine. Originally developed in response to early file-based viruses, the scan engine today is exceptionally sophisticated and capable of detecting Internet worms, mass mailers, Trojan horse threats, phishing sites, and network exploits as well as viruses. The scan engine detects two types of threats:
Actively circulating: Threats that are actively circulating on the Internet
Known and controlled: Controlled viruses not in circulation, but that are developed and used for research
Rather than scan every byte of every file, the engine and pattern file work together to identify not only tell-tale characteristics of the virus code, but the precise location within a file where a virus would hide. If the Agent detects a virus, it can remove it and restore the integrity of the file. The scan engine receives incrementally updated pattern files (to reduce bandwidth) from Trend Micro.
The scan engine is able to decrypt all major encryption formats (including MIME and BinHex). It recognizes and scans common compression formats, including ZIP, ARJ, and CAB. The Agent can also scan multiple layers of compression within a file (maximum of six).
It is important that the scan engine remain current with new threats. Trend Micro ensures this in two ways:
Frequent updates to the virus pattern file
Upgrades to the engine software prompted by a change in the nature of virus threats, such as a rise in mixed threats like SQL Slammer
The Trend Micro scan engine is certified annually by international computer security organizations, including ICSA (International Computer Security Association)