Q&A About Trend Micro Retro Scanning Service

Joined
Dec 19, 2016
Messages
42
OS
Windows 8.1
Antivirus
Bitdefender
#1
Here is the official description quoted from the office TM website:

"Trend Micro Retro-Scan Service provides in-depth analysis of the malware infection that occurred on your PC."

And there is a regional restriction:

"This new service is FREE and is offered in the United States, Australia and New Zealand."

I wonder how this actually works, is it a Trend Micro version of Advanced Disinfection Technology(Kaspersky)?
Here is a brief description of Kaspersky's ADT:
  • On the client computer, the user is prompted to start the advanced disinfection procedure and is warned that the computer will need to be restarted during the disinfection
  • If the user agrees, the system is switched into a special restricted operation mode: start of new programs is blocked and registry changing is prohibited
  • The product attempts to disinfect the file. If it fails, but the file can potentially be treated, its copy is created in the same location and is disinfected
  • Memory scanning starts to find running copies of the malware and stop them
  • The records that enable auto-start of the infected file are deleted from the registry and configuration files
  • The computer is restarted. If the file(s) have not been disinfected yet, when the system begins to boot, the infected file is either replaced with its disinfected copy, or deleted (if disinfection is impossible)

Their features look pretty similar.

Anyone who knows well about Trend Micro could give me a detailed explanation?

Ty -
 
Likes: Yash Khan

Amirddn

New Member
Joined
Jan 6, 2015
Messages
2
#2
Retro Scan

Retro Scan is a cloud-based service that scans historical web access logs for callback attempts to C&C servers and other related activities in your network. Web access logs may include undetected and unblocked connections to C&C servers that have only recently been discovered. Examination of such logs is an important part of forensic investigations and may help you determine if your network is affected by attacks.
Retro Scan stores the following log information in the Smart Protection Network:
  • IP addresses of Deep Discovery Inspector-monitored endpoints
  • URLs accessed by endpoints
  • GUID of this server
Retro Scan then periodically scans the stored log entries to check for callback attempts to C&C servers in the following lists:
  • Trend Micro global intelligence list: Trend Micro compiles the list from multiple sources and evaluates the risk level of each C&C callback address. The C&C list is updated and delivered to enabled products daily.
  • User-defined list: Retro Scan can also scan logs against your own C&C server list. Addresses must be stored in a text file.
Do not relate to kaspersky .

Trend Micro is a leader and trusty company in Cyber Security World .
 

vemn

Level 6
AV-Tester
Joined
Feb 11, 2017
Messages
267
#3
I think it's not related to Deep Discovery Inspector though, 'cos the retro-scan service is for home users.
Sounds like a free "forensic" service provided to home users using their ATTK toolkit to perform the local scan and feedback to their cloud (which is for their threat researchers to help perform further investigation).

Anyone able to confirm?
 
Joined
Jun 3, 2015
Messages
26
#4