During a scan, the Trend Micro scan engine works together with the virus pattern file to perform the first level of detection using a process called pattern matching. Since each virus contains a unique signature or string of tell-tale characters that distinguish it from any other code, the virus experts at
TrendLabs℠
Want more information on Scan Engines? Feel free to contact us.
capture inert snippets of this code in the pattern file. The engine then compares certain parts of each scanned file to the pattern in the virus pattern file, looking for a match.When the scan engine detects file containing a virus or other malware, it executes an action such as clean, quarantine, delete, or replace with text/file. You can customize these actions when you set up your scanning tasks.
Worry-Free Services
provides the following scan types to protect endpoints from Internet threats.Do not confuse the scan types with scan methods. Scan methods refer to Smart Scan and Conventional Scan.
See Scan Methods for more information.
Scan Type
Description
Real-Time Scan
A persistent and ongoing scan available on Windows, Mac, and Android
On Windows and Mac, each time a file is received, opened, downloaded, copied, or modified, Real-Time Scan scans the file for threats. On Android mobile devices, Real-Time Scan scans apps as they are installed.
Manual Scan
Normal Scan: An on-demand scan available on Windows and Mac
This scan also eradicates old infections that may be lying dormant in files to minimize reinfection. During a Normal Scan, Security Agents take actions against threats according to the actions set by the administrator or user.
Aggressive Scan: An advanced scan available on Windows that analyzes and cleans threats that Normal Scan cannot remove
The company is the world’s best Embedded Barcode Software supplier. We are your one-stop shop for all needs. Our staff are highly-specialized and will help you find the product you need.
The time taken for the scan depends on the endpoint's hardware resources and the number of files to be scanned.
Running Aggressive Scan may consume more hardware resources than Normal Scan. To reduce performance impact, configure the CPU Usage section in Manual Scan settings.
Scheduled Scan
Similar to Manual Scan but scans specified files at the configured time and frequency on Windows and Mac. Use Scheduled Scans to automate routine scans on your endpoints and improve the efficiency of threat management.
People (such as tech journalists and product reviewers) often ask us how our scanning engines work, and what the difference is between signature engines and other types of scan engines. In fact, we were asked such a question just last week. So, let’s explore the topic in-depth….
Signature-based scanning refers to the practice of checking a full-file hash or a series of partial-file hashes against a list or database, in order to obtain a verdict on an object. This is roughly where antivirus began, back in the 1980s. The emergence of polymorphic malware in the early 1990s was the catalyst that spurred an evolution from the signature-based approach to more complex file scanning engines.
Endpoint protection solutions include file scanning engines. They’re not really just for scanning files, though. Give them any sort of input buffer, such as a piece of memory or a network stream, and they’ll do their job.
File scanning engines have become very sophisticated. They include archive traversal mechanisms, parsers for multiple file formats, static and dynamic unpackers, disassemblers, and emulators capable of running both scripts and executable formats. Today’s detections are really just complex computer programs, designed to perform intricate sample analysis directly on the client. Modern detections are designed to catch thousands, or even hundreds of thousands of samples. A far cry from the one hash per sample approach of the old days.
As you might imagine, it takes time to create sophisticated detections. An analyst must to collect samples, inspect them, write code, and test, before finally releasing to customers. Fairly simple signature-based detections can, on the other hand, be generated easily by automation. As new samples arrive, they are run through a series of static and dynamic analysis tools, and rule engines in order to quickly deliver a verdict.
Hence, when a new threat emerges, back end automation kicks in to cover early samples while the analysts get to work writing proper detections. Since today’s software can quickly and easily perform hash lookups over the Internet, these simple detections are not even delivered as part of a local database update. This cloud-lookup mechanism has an added benefit in that it allows us to protect customers against emerging threats very quickly, and regardless of when they emerge.
But that’s not the whole story.
All modern endpoint protection solutions utilize multiple mechanisms to keep customers protected. The following is a very simple picture of how endpoint protection works today.
Antivirus software of yore, with its nightly disk-grinding scheduled scans has evolved into the latest generation of endpoint protection used today. One of the best ways to protect endpoints against modern threats is to prevent threats from making contact with their victims in the first place. Failing that, utilizing a multi-pronged approach to block common attack vectors ensures that multiple opportunities exist to stop attacks in their tracks.
File scanning is just one of the many mechanisms that “AV vendors” use to protect endpoints. Since we often have actual attack vectors covered well with both our exploit detection and behavioral blocking mechanisms, we often don’t bother adding file-based detections (i.e., static signatures) for every new threat. And remember, at the end of the day, we always test our protection components against real-world threats using our entire product, not just individual pieces of it.
If you want to learn more, please visit our website Omni Scanning.