New Update Trend Micro home products version 17.9

Trident · Oct 3, 2025

Well, I tried 2 samples. The first one was missed, only an injection attempt (using ZwWriteVirtualMemory which is very well known to be associated with code injection) was blocked. So malware wasn’t allowed to inject, but the original file was running in memory.

Second sample I tried, I appended bytes to it.
First of all, the inventors of the TLSH don’t make proper use of it, few new bytes voided TM detection.
Secondly, executing the sample produced no detections or blocks.

Both samples were realistically downloaded, nothing was tested from desktop.

For both, there was the New File Warning (maybe it can be counted as user-dependent).

However, from my very long-standing tests of McAfee, executables are not a problem for it. Neither are some small, incremental changes to the file.

Jonny Quest · Oct 3, 2025

Trident said:
Well, I tried 2 samples. The first one was missed, only an injection attempt (using ZwWriteVirtualMemory which is very well known to be associated with code injection) was blocked. So malware wasn’t allowed to inject, but the original file was running in memory.

Second sample I tried, I appended bytes to it.
First of all, the inventors of the TLSH don’t make proper use of it, few new bytes voided TM detection.
Secondly, executing the sample produced no detections or blocks.

Both samples were realistically downloaded, nothing was tested from desktop.

For both, there was the New File Warning (maybe it can be counted as user-dependent).

However, from my very long-standing tests of McAfee, executables are not a problem for it.

Would a "normal" user user come up against that though, in the normal "I visit approximately 10-15 known sites a day" as is my case, and am only downloading Mullvad exe., Trend Micro.exe, NPE.exe, etc. type of files?

Trident · Oct 3, 2025

Jonny Quest said:
Would a "normal" user user come up against that though, in the normal "I visit approximately 10-15 known sites a day" as is my case, and am only downloading Mullvad exe., Trend Micro.exe, NPE.exe, etc. type of files?

I don’t think it will be a problem for you, but these small details paint bigger pictures… if you know what I mean. Appending these bytes also tests the static analysis as it produces a “low prevalence” file.

Jonny Quest · Oct 3, 2025

Trident said:
I don’t think it will be a problem for you, but these small details paint bigger pictures… if you know what I mean.

Of gaps and holes where things could go downhill more easily, compared to McAfee, Norton, Kaspersky etc.?

Trident · Oct 3, 2025

Jonny Quest said:
Of gaps and holes where things could go downhill more easily, compared to McAfee, Norton, Kaspersky etc.?

Exactly, a few other things about Trend design which I don’t really understand:

New malware hashes collected in a pattern: Instead of immediately adding classified malware hashes to a massive cloud database, Trend Micro adds them to a pattern updated every 4 hours. This causes additional delays. Trend Micro also regularly cleans this pattern.

A change of a single byte voids the detection and restarts the whole collect-classify-update process.

Behavioural blocking very often just terminates without performing proper remediation. I went and checked the logs (there are more logs in addition to the history on the UI) to find out that the offending sample performing injection was classified as “suspicious” but for some reason was given a “silent pass”. Why???

I can only classify these as “little design hiccups”.

It’s just not the way I like things done

Hence I am developing my own remediation and detection toolkit that goes very deep when remediating (even deleting empty folders, sibling files, scheduled tasks and so on).

Probably for many users it won’t be a problem.

Zartarra · Oct 10, 2025

Just found the release notes for 17.9 on the Japanese site: サポート情報 : トレンドマイクロ.

I must say I am a little disappointed. No new protection features.

stonjean633 · Oct 10, 2025

Zartarra said:
Just found the release notes for 17.9 on the Japanese site: サポート情報 : トレンドマイクロ.

I must say I am a little disappointed. No new protection features.

View attachment 291802

This is a minor version upgrade. Fixes and optimizations are expected but not new features.

Trident · Oct 10, 2025

Zartarra said:
Just found the release notes for 17.9 on the Japanese site: サポート情報 : トレンドマイクロ.

I must say I am a little disappointed. No new protection features.

View attachment 291802

VSAPI and ATSE 25 are implemented. These have separate release notes. But from what I saw (could be due to some false positives mitigation or performance enhancements) 25 performs worse than 24. Overall, very disappointing. And there won’t be a new engine till May next year.

The UI is faster and more animated on a positive note. The “add more devices” icon now has shine added to it. But protection doesn’t shine.

Divine_Barakah · Nov 26, 2025

Trident said:
Well, I tried 2 samples. The first one was missed, only an injection attempt (using ZwWriteVirtualMemory which is very well known to be associated with code injection) was blocked. So malware wasn’t allowed to inject, but the original file was running in memory.

Second sample I tried, I appended bytes to it.
First of all, the inventors of the TLSH don’t make proper use of it, few new bytes voided TM detection.
Secondly, executing the sample produced no detections or blocks.

Both samples were realistically downloaded, nothing was tested from desktop.

For both, there was the New File Warning (maybe it can be counted as user-dependent).

However, from my very long-standing tests of McAfee, executables are not a problem for it. Neither are some small, incremental changes to the file.

Have you tested the same two samples on Hypersensitive Mode? Any difference?

Trident · Nov 26, 2025

Divine_Barakah said:
Have you tested the same two samples on Hypersensitive Mode? Any difference?

It was on hypersensitive mode for the test.

Divine_Barakah · Nov 26, 2025

Trident said:
It was on hypersensitive mode for the test.

Thanks for your testing and efforts. Do you usually report your fundings to vendors?

Trident · Nov 26, 2025

Divine_Barakah said:
Thanks for your testing and efforts. Do you usually report your fundings to vendors?

The number of findings I have reported to Trend… some have been acted on. All in all, an inconsistent product.

Divine_Barakah · Nov 26, 2025

Trident said:
The number of findings I have reported to Trend… some have been acted on. All in all, an inconsistent product.

Honestly, I really like Trend Micro and it is one of the least bloated products out there. Its web protection is one of the best (especially phishing) . I'm sure it is not perfect but no other products are perfect either, so if it works for you then keep using it.

The antivirus market has lost it. Most products have become Malware themselves and I'm here talking about Avira and its alikes.

As for the technical details, I am not an expert and I'm sure you know better in that regard, so thank you again for your efforts.

Zartarra · Nov 27, 2025

I tested the new version of Trend Micro for a month. The detection was poor. I had hopes that the new behaviour blocker would protect the system better but alas...
Also the Trend Micro Toolbar extension is still not available in Firefox.

I like the UI and different modules. Feels light on the system and have some nice features.

Jonny Quest · Dec 15, 2025

Trident said:
VSAPI and ATSE 25 are implemented. These have separate release notes. But from what I saw (could be due to some false positives mitigation or performance enhancements) 25 performs worse than 24. Overall, very disappointing. And there won’t be a new engine till May next year.

The UI is faster and more animated on a positive note. The “add more devices” icon now has shine added to it. But protection doesn’t shine.

Zartarra said:
I tested the new version of Trend Micro for a month. The detection was poor. I had hopes that the new behaviour blocker would protect the system better but alas...
Also the Trend Micro Toolbar extension is still not available in Firefox.

I like the UI and different modules. Feels light on the system and have some nice features.

i.e. a "skinnable" Winamp player without the protection, what a shame.

nickstar1 · Feb 21, 2026

TrendMicro Maximum Security provides a smooth and lightweight experience. My system always feels fast and responsive with it installed. One of the standout features is that after your first scan, TrendMicro marks safe files so they won’t be scanned again in the future. This makes subsequent full scans much quicker, as only new or changed files are checked. Additionally, TrendMicro offers solid protection with its behavior blocker and suspicious file detection. It's also an affordable option, with keys often available online at discounted prices. TrendMicro will allow you to key-stack. I would also suggest going through all the settings and setting them on high for maximum protection.

Search

Search

New Update Trend Micro home products version 17.9

Trident

From Hawk Eye

Jonny Quest

Level 34

Trident

From Hawk Eye

Jonny Quest

Level 34

Trident

From Hawk Eye

Zartarra

Level 9

stonjean633

Level 16

Trident

From Hawk Eye

Divine_Barakah

Level 41

Trident

From Hawk Eye

Divine_Barakah

Level 41

Trident

From Hawk Eye

Divine_Barakah

Level 41

Zartarra

Level 9

Jonny Quest

Level 34

nickstar1

Level 18

You may also like...