The Trend Micro Pattern Files and Scan Engine
All Trend Micro products, including CPM, can be configured to automatically check the Trend Micro ActiveUpdate (TMAU) server, then download and install updates when found. This process is typically configured to occur in the background, although you can manually update some or all of the pattern files at any time. In addition, pre-release patterns are available for manual download (at your own risk) in the event that a situation such as a virus outbreak occurs. Pre-release patterns have not undergone full testing but are available to stop burgeoning threats.
You can manually download the virus pattern and other files from the URL provided below. At the same location, you can also check the current release version, date, and review all the new virus definitions included in the files.
Incremental Virus Pattern File Updates
CPM, in conjunction with Trend Micro ActiveUpdate, supports incremental updates of the virus pattern file. Rather than download the entire pattern file each time (full pattern files can be more than 20MB), ActiveUpdate can download only the portion of the file that is new, and append it to the existing pattern file.
Virus Patterns
The virus pattern available on a client computer depends on the scan method the client is using.
Scan Method |
Pattern In Use |
|---|---|
Conventional Scan |
The Virus Pattern contains information that helps Core Protection Module identify the latest virus/malware and mixed threat attacks. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware. Trend Micro recommends scheduling automatic updates at least hourly, which is the default setting for all shipped products. |
Smart Scan |
When in smart scan mode, clients use two lightweight patterns that work together to provide the same protection provided by conventional anti-malware and anti-spyware patterns. A smart protection source hosts the Smart Scan Pattern. This pattern is updated hourly and contains majority of the pattern definitions. Smart scan clients do not download this pattern. Clients verify potential threats against the pattern by sending scan queries to the smart protection source. The client update source (the Core Protection Module server or a custom update source) hosts the Smart Scan Agent Pattern. This pattern is updated daily and contains all the other pattern definitions not found on the Smart Scan Pattern. Clients download this pattern from the update source using the same methods for downloading other Core Protection Module components. |
The Trend Micro Scan Engine and Detection Technologies
At the heart of all Trend Micro products lies a scan engine. Originally developed in response to early file-based computer viruses, the scan engine now detects Internet worms, mass-mailers, Trojan horse threats, phish sites, spyware, and network exploits as well as viruses. The scan engine checks for threats "in the wild," or actively circulating, and those that are "in the zoo," or known, theoretical threat types typically created as a proof of concept.
Rather than scanning every byte of every file, the engine and pattern file work together to identify tell-tale "virus" characteristics and the exact location within a file where the malicious code inserts itself. CPM can usually remove this virus or malware upon detection and restore the integrity of the file (that is, "clean" the file).
International computer security organizations, including ICSA (International Computer Security Association), certify the Trend Micro scan engine annually.
Scan Engine Updates
By storing the most time-sensitive virus and malware information in the pattern files, Trend Micro minimizes the number of scan engine updates required while at the same time keeping protection up-to-date. Nevertheless, Trend Micro periodically makes new scan engine versions available. Trend Micro releases new engines under the following circumstances:
Incorporation of new scanning and detection technologies into the software
Discovery of new, potentially harmful malware unhandled by the current engine
Enhancement of the scanning performance
Addition of file formats, scripting languages, encoding, and compression formats