Q&A About Trend Micro Retro Scanning Service

Discussion in 'Trend Micro' started by SKG2016, Jan 9, 2017.

  1. SKG2016

    SKG2016 Level 1

    Dec 19, 2016
    New Zealand
    Windows 8.1
    Official Website:
    Here is the official description quoted from the office TM website:

    "Trend Micro Retro-Scan Service provides in-depth analysis of the malware infection that occurred on your PC."

    And there is a regional restriction:

    "This new service is FREE and is offered in the United States, Australia and New Zealand."

    I wonder how this actually works, is it a Trend Micro version of Advanced Disinfection Technology(Kaspersky)?
    Here is a brief description of Kaspersky's ADT:
    • On the client computer, the user is prompted to start the advanced disinfection procedure and is warned that the computer will need to be restarted during the disinfection
    • If the user agrees, the system is switched into a special restricted operation mode: start of new programs is blocked and registry changing is prohibited
    • The product attempts to disinfect the file. If it fails, but the file can potentially be treated, its copy is created in the same location and is disinfected
    • Memory scanning starts to find running copies of the malware and stop them
    • The records that enable auto-start of the infected file are deleted from the registry and configuration files
    • The computer is restarted. If the file(s) have not been disinfected yet, when the system begins to boot, the infected file is either replaced with its disinfected copy, or deleted (if disinfection is impossible)

    Their features look pretty similar.

    Anyone who knows well about Trend Micro could give me a detailed explanation?

    Ty -
    Yash Khan likes this.
  2. Amirddn

    Amirddn New Member

    Jan 6, 2015
    Retro Scan[​IMG]
    Retro Scan is a cloud-based service that scans historical web access logs for callback attempts to C&C servers and other related activities in your network. Web access logs may include undetected and unblocked connections to C&C servers that have only recently been discovered. Examination of such logs is an important part of forensic investigations and may help you determine if your network is affected by attacks.
    Retro Scan stores the following log information in the Smart Protection Network:
    • IP addresses of Deep Discovery Inspector-monitored endpoints
    • URLs accessed by endpoints
    • GUID of this server
    Retro Scan then periodically scans the stored log entries to check for callback attempts to C&C servers in the following lists:
    • Trend Micro global intelligence list: Trend Micro compiles the list from multiple sources and evaluates the risk level of each C&C callback address. The C&C list is updated and delivered to enabled products daily.
    • User-defined list: Retro Scan can also scan logs against your own C&C server list. Addresses must be stored in a text file.
    Do not relate to kaspersky .

    Trend Micro is a leader and trusty company in Cyber Security World .
    vemn and Yash Khan like this.
  3. vemn

    vemn Level 6
    AV Tester

    Feb 11, 2017
    I think it's not related to Deep Discovery Inspector though, 'cos the retro-scan service is for home users.
    Sounds like a free "forensic" service provided to home users using their ATTK toolkit to perform the local scan and feedback to their cloud (which is for their threat researchers to help perform further investigation).

    Anyone able to confirm?
  4. iron2

    iron2 Level 1

    Jun 3, 2015


  5. vemn

    vemn Level 6
    AV Tester

    Feb 11, 2017
Similar Threads Forum Date
Patch out for 'ridiculous' Trend Micro command execution vuln. (patch is not complete) Security News Mar 12, 2018
Video Review Ransom Buster by Trend Micro Video Reviews Feb 17, 2018
Trend Micro RansomBuster FREE (Limited time offer) Trend Micro Feb 12, 2018
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.