OfficeScan includes the following components and programs:
SecureClient support
TABLE 1-5. OfficeScan components
Component Description
Antivirus
Virus Pattern A file that helps OfficeScan identify virus signatures, unique patterns of bits and bytes that signal the presence of a virus (see The Virus Pattern on page 1-20 for more information)
Virus Scan Engine The engine that scans for and takes appropriate action on viruses/malware; supports 32-bit and 64-bit platforms
IntelliTrap Pattern The file for detecting real-time compression files packed as executable files
IntelliTrap Exception Pattern
The file containing a list of "approved" compression files
Anti-spyware
Spyware Pattern The file that identifies spyware/grayware in files and programs, modules in memory, Windows registry and URL shortcuts
Spyware Scan Engine
The engine that scans for and takes appropriate action on spyware/grayware; supports 32-bit and 64-bit platforms TABLE 1-4. Client features
Spyware Active-monitoring Pattern
File used for real-time spyware/grayware scanning
Note: This component is only available if you activate both Antivirus and Web Threat Protection services.
Venus Spy Trap Engine
Allows applications to monitor new executable files and deletes spyware/grayware upon discovery; supports 32-bit and 64-bit platforms
Note: This component is available if you activate the Web Threat Protection service only. If you activated both Antivirus and Web Threat Protection services, this component is not available.
Damage Cleanup Services
Virus Cleanup Engine
The engine Damage Cleanup Services uses to scan for and remove Trojans and Trojan processes; supports 32-bit and 64-bit platforms
Virus Cleanup Template
Used by the Virus Cleanup Engine, this template helps identify Trojan files and processes so the engine can eliminate them
Firewall
Common Firewall Driver
Used with the Common Firewall Pattern to scan client computers for network viruses; supports 32-bit and 64-bit platforms
Common Firewall Pattern
Like the Virus Pattern, this file helps OfficeScan identify virus signatures, unique patterns of bits and bytes that signal the presence of a network virus
Web Reputation
URL Filtering Engine The engine that facilitates communication between OfficeScan and the Trend Micro URL Filtering Service. The URL Filtering Service is a system that rates URLs and provides rating information to
OfficeScan.
Common component
TABLE 1-5. OfficeScan components
Component Description
Note: In addition to these components, OfficeScan clients also receive updated configuration files from the OfficeScan server. Clients need the
configuration files to apply new settings. Each time you modify OfficeScan settings through the Web console, the configuration files change.
The Virus Pattern
The Trend Micro Virus Scan Engine uses an external data file, called the Virus Pattern. It contains information that helps OfficeScan identify the latest virus/malware and mixed attacks. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware.
Anti-rootkit Driver A kernel mode driver used by the Spyware Scan Engine that provides functionality to bypass any potential redirection by rootkits; supports 32-bit platforms
TABLE 1-6. OfficeScan programs
Program Description
Client program The OfficeScan client program, which provides the actual protection from security risks; supports 32-bit and 64-bit platforms
Cisco Trust Agent The program used to enable communication between the client and routers that support Cisco NAC; will work only if you install Policy Server for Cisco NAC
Hot fixes and security patches
Workaround solutions to customer related problems or newly discovered security vulnerabilities that you can download from the Trend Micro Web site and deploy to the OfficeScan server and/or client program
TABLE 1-5. OfficeScan components
Component Description
All Trend Micro products using the ActiveUpdate function can detect the availability of a new version of the Virus Pattern on the Trend Micro server, and/or automatically poll the server to get the latest file.
Tip: Trend Micro recommends scheduling automatic updates at least weekly, which is the default setting for all shipped products.
You can download the Virus Pattern and other OfficeScan pattern files from the following Web site, where you can also find the current version, release date, and a list of all the new virus definitions included in the file:
http://www.trendmicro.com/download/pattern.asp
The Trend Micro Scan Engine
At the heart of all Trend Micro products lies a scan engine. Originally
developed in response to early file-based computer viruses, the scan engine today is exceptionally sophisticated and capable of detecting Internet worms, mass-mailers, Trojan horse threats, phish sites, spyware, and network exploits as well as viruses. The scan engine detects two types of threats:
• in the wild: Actively circulating
• in the zoo: Controlled viruses not in circulation but developed and used for research
Rather than scanning every byte of every file, the engine and pattern file work together to identify not only tell-tale characteristics of the virus code, but the precise location within a file that the virus would hide. OfficeScan removes virus/malware upon detection and restores the integrity of the file.
International computer security organizations, including ICSA (International Computer Security Association), certify the Trend Micro scan engine annually.
Updating the Scan Engine
By storing the most time-sensitive virus/malware information in the Virus Pattern, Trend Micro is able to minimize the number of scan engine updates while at the same time keeping protection up-to-date. Nevertheless, Trend Micro periodically makes new scan engine versions available. Trend Micro releases new engines under the following circumstances:
• Incorporation of new scanning and detection technologies into the software
• Discovery of a new, potentially harmful virus/malware that the scan engine cannot handle
• Enhancement of the scanning performance
• Addition of file formats, scripting languages, encoding, and/or compression formats