App Review Trend Micro Maximum Security 2024

[simmerskool]

It does seem unique to you, someone suggested you uninstalls TM and clear your browser, then reinstall TM, do you try that?

no did not uninstall / reinstall (did not see or recall that suggestion -- probably occurred to me) but TM support email took me to a screen to do various things which I tried, but did not work. Not important enough to me & TM immediately sent me a refund, no question no hassle, and no more try this or that from them, which I appreciate. seems like a good company with ok support. someone suggested privately that TM installer is less than excellent. I dunno and do not care, just reporting this in case someone else bumps up to this issue.

 

[Szellem]

Teljesen meg van győződve a Trend Micro-ról.

Végül egy AV, amely nem a Gen Digital, nem a Kaspersky, nem az Eset.

Ez a trend annyira könnyű, és nincs zsémbes vásárolja meg ezt és azt a felugró ablakot, vásárolja meg ezt, használja ezt a módot erre.


Szóval ezt tettem:

View attachment 284061LH

Totally convinced of Trend Micro now.

Finally an AV not from Gen Digital, Not Kaspersky, Not Eset.

This Trend is so light weight and no nagging buy this and that pop ups, buy this, use this mode for that.


so i did this :

View attachment 284061

Where did you buy the licences and for how much?

 

[cartaphilus]

Is antivirus+Security sufficient or is Max Security worth it? My main question is: Does anyone know how does TM accomplishes this: Secures privacy on social media

 

[cartaphilus]

Where did you buy the licences and for how much?

TM is running 50% off deal on their site now.

 

[TuxTalk]

Where did you buy the licences and for how much?

eBay official reseller.

 

[Acadia]

Trend Micro Maximum Security review: Better alternatives exist

Underwhelming features, weak antivirus protection, and potentially showstopping bugs tank Trend Micro Maximum Security's appeal.

www.pcworld.com

Acadia

 

[TuxTalk]

Trend Micro Maximum Security review: Better alternatives exist

Underwhelming features, weak antivirus protection, and potentially showstopping bugs tank Trend Micro Maximum Security's appeal.

www.pcworld.com

Acadia

PC World if you like paid reviews then keep reading this non sense.
They only like Norton Avast, AVG, because they pay alot of money to PC World.

 

[Sorrento]

PC World also think Express VPN is the best VPN - I wonder why??

 

[Acadia]

PC World also think Express VPN is the best VPN - I wonder why??

I'm learning here, why is that?
Thanks, Acadia

 

[cartaphilus]

PC World if you like paid reviews then keep reading this non sense.
They only like Norton Avast, AVG, because they pay alot of money to PC World.

View attachment 284135

Didn't PC World list WebRoot as a 6 out of 6 or am I thinking Pc Magazine?

 

[Jonny Quest]

I'm learning here, why is that?
Thanks, Acadia

This may be helpful reading as far as who owns what, and following the money trail... Kape Technologies, Ziff David and PC World, can they truly be unbiased?

3 companies control many big-name VPNs: What you need to know

As VPNs continue to consolidate, it's getting harder to tell who controls your privacy.

www.cnet.com

 

[Acadia]

What am I missing here? I'm finding no connection between PC World and Express VPN.
Thank, Acadia

 

[cartaphilus]

What am I missing here? I'm finding no connection between PC World and Express VPN.
Thank, Acadia

It's not the connection between PC World and EVPN it's the fact that PC World hawked EVPN as the best VPN.
It all depends what is the purpose/reason why you are using a VPN. If you are using a VPN to prevent someone in starbucks from performing an MITM attack then sure EVPN is sufficient for that. However, if you are using EVPN because you value privacy then EVPN should not be your first choice. EVPN is owned by Crossrider which is a company owned by former Israel Intel agent and they gained their fame back in late 2010's by providing browser extensions that performed a Man in The Middle intercept of your data and a AV Scareware called Reimage.

Express VPN used to keep Logs. Supposedly Express VPN has learned their privacy lesson and are now legit, but it's like a cheating partner, once a cheater always a cheater.

 

[Szellem]

eBay official reseller.

Thanks.
And what is your experience and opinion of the product so far?
Does it hold the machine? Does it slow anything down? Is it good for gaming?

 

[Moonhorse]

anyone to comment about this video, whats wrong with the system here?

 

[Trident]

anyone to comment about this video, whats wrong with the system here?

Not defending Trend Micro, it was always so-so on my tests as well. But it’s important to note here:
1) missed samples seem to be mostly PUPs. Not every vendor has the same requirements to classify something as PUP.
2) many samples were corrupted so there was nothing to detect.
3) Trend Micro very quickly removes malware from their database once it stopped working. I remember I had a case with ParalaxRAT that was detected on VT by Trend Micro. Upon rescanning and testing with the installed TM, there was no detection anymore. Trend Micro likes to keep their database clean, it used to be 1.4GB at one point, now the local one is about 40 MB and the full Agent Scan database is around 500MB.
4) This is not a realistic test as malware wasn’t introduced through the usual means.
In a real-world scenario, TM would have done better.

This is Trend Micro for you, you either love it or hate it.

 

[Trident]

I just performed a rather quick dance (test) with Trend Micro and I can confirm I am seeing an increase in pre-execution and overall protection, as well as much more accurate naming. Specifically on signed and non-pe malware where it wasn’t doing an amazing job before. I am using it in Hypersensitive mode.

Trend Micro seems to have upped their game. Another fun fact, Trend Micro is capable of generating 2 detections on the same file, didn’t know they supported that.

 

[Zartarra]

anyone to comment about this video, whats wrong with the system here?

Strange test. You do not enable hypersensive mode in the middle of a test.

The version is 17.7.x and up to date according the video. I am currently testing TM and my version is 17.8. The main 17.8 version is released in 2023 (Latest Versions of Trend Micro Security products).

 

[Trident]

The version is 17.7

The version doesn’t matter too much, as Trend Micro is using a large bunch of components that get updated whenever there is an update. The update mentioned there on the changelog, only affects the agent (general bugs and improvements).
In addition, Trend Micro is heavily cloud-based so a lot of improvements happen on the cloud.

Upon installation, Trend Micro automatically checks for updates straight away.

Most likely, the video was recorded long before it was published and 17.7 was still the latest version available.

The table below explores the different components and what they do. They update independently from the program version.

Spoiler: Components

Component	Distributed To	Description
Virus Scan Engine 32/64-bit	OfficeScan agents	At the heart of all Trend Micro products lies the scan engine, which was originally developed in response to early file-based viruses. The scan engine today is exceptionally sophisticated and capable of detecting different types of viruses and malware. The scan engine also detects controlled viruses that are developed and used for research. Rather than scanning every byte of every file, the engine and pattern file work together to identify the following: Tell-tale characteristics of the virus code The precise location within a file where the virus resides
Smart Scan Pattern	Not distributed to OfficeScan agents. This pattern stays in theOfficeScan serverand is used when responding to scan queries received from OfficeScan agents.	When in smart scan mode, OfficeScan agents use two lightweight patterns that work together to provide the same protection provided by conventional anti-malware and anti-spyware patterns. The Smart Scan Pattern contains majority of the pattern definitions. The Smart Scan Agent Pattern contains all the other pattern definitions not found on the Smart Scan Pattern. The OfficeScan agent scans for security threats using the Smart Scan Agent Pattern. OfficeScan agents that cannot determine the risk of the file during the scan verify the risk by sending a scan query to the Scan Server, a service hosted on the OfficeScan server. The Scan Server verifies the risk using the Smart Scan Pattern. The OfficeScan agent "caches" the scan query result provided by the Scan Server to improve the scan performance.
Smart Scan Agent Pattern	OfficeScan agentsusing smart scan
Virus Pattern	OfficeScan agentsusing conventional scan	The Virus Pattern contains information that helps OfficeScan agents identify the latest virus/malware and mixed threat attacks. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware.
IntelliTrap Exception Pattern	OfficeScan agents	The IntelliTrap Exception Pattern contains a list of "approved" compression files.
IntelliTrap Pattern	OfficeScan agents	The IntelliTrap Pattern detects real-time compression files packed as executable files. For details, see IntelliTrap.
Memory Inspection Pattern	OfficeScan agents	This technology provides enhanced virus scanning for polymorphic and mutation viruses, and augments virus-pattern-based scans by emulating file execution. The results are then analyzed in a controlled environment for evidence of malicious intent with little impact on system performance.
Early Launch Anti-Malware Pattern 32/64-bit	OfficeScan agents	OfficeScan supports the Early Launch Anti-Malware (ELAM) feature as part of the Secure Boot standard to provide boot time protection on endpoints. This feature enables OfficeScan agents to detect malware during the operating system boot process.
Contextual Intelligence Engine 32/64-bit	OfficeScan agents	The Contextual Intelligence Engine monitors processes executed by low prevalence files and extracts behavioral features that the Contextual Intelligence Query Handler sends to the Predictive Machine Learning engine for analysis.
Contextual Intelligence Pattern	OfficeScan agents	The Contextual Intelligence Pattern contains a list of "approved" behaviors that are not relevant to any known threats.
Contextual Intelligence Query Handler 32/64-bit	OfficeScan agents	The Contextual Intelligence Query Handler processes the behaviors identified by the Contextual Intelligence Engine and sends the report to the Predictive Machine Learning engine.
Advanced Threat Scan Engine 32/64-bit	OfficeScan agents	The Advanced Threat Scan Engine extracts file features from low prevalence files and sends the the information to the Predictive Machine Learning engine.
Advanced Threat Correlation Pattern	OfficeScan agents	The Advanced Threat Correlation Pattern contains a list of file features that are not relevant to any known threats.

Anti-spyware​

Component	Distributed To	Description
Spyware/Grayware Scan Engine 32/64-bit	OfficeScan agents	The Spyware/Grayware Scan Engine scans for and performs the appropriate scan action on spyware/grayware.
Spyware/Grayware Pattern	OfficeScan agents	The Spyware/Grayware Pattern identifies spyware/grayware in files and programs, modules in memory, Windows registry and URL shortcuts.
Spyware Active-monitoring Pattern	OfficeScan agentsusing conventional scan	The Spyware Active-monitoring Pattern is used for real-time spyware/grayware scanning. Only conventional scan agentsuse this pattern.

Damage Cleanup Services​

Component	Distributed To	Description
Damage Cleanup Engine 32/64-bit	OfficeScan agents	The Damage Cleanup Engine scans for and removes Trojans and Trojan processes.
Damage Cleanup Template	OfficeScan agents	The Damage Cleanup Template is used by the Damage Cleanup Engine to identify Trojan files and processes so the engine can eliminate them.
Early Boot Cleanup Driver 32/64-bit	OfficeScan agents	The Trend Micro Early Boot Cleanup Driver loads before the operating system drivers which enables the detection and blocking of boot-type rootkits. After the OfficeScan agent loads, Trend Micro Early Boot Cleanup Driver calls Damage Cleanup Services to clean the rootkit.

Web Reputation​

Component	Distributed To	Description
URL Filtering Engine	OfficeScan agents	The URL Filtering Engine facilitates communication between OfficeScan and the Trend Micro URL Filtering Service. The URL Filtering Service is a system that rates URLs and provides rating information to OfficeScan.

Firewall​

Component	Distributed To	Description
Common Firewall Driver 32/64-bit	OfficeScan agents	The Common Firewall Driver is used with the Common Firewall Pattern to scan agentendpoints for network viruses. This driver supports 32-bit and 64-bit platforms.
Common Firewall Pattern	OfficeScan agents	Like the Virus Pattern, the Common Firewall Pattern helps agents identify virus signatures, unique patterns of bits and bytes that signal the presence of a network virus.

Behavior Monitoring and Device Control​

Component	Distributed To	Description
Behavior Monitoring Detection Pattern 32/64-bit	OfficeScan agents	This pattern contains the rules for detecting suspicious threat behavior.
Behavior Monitoring Core Driver 32/64-bit	OfficeScan agents	This kernel mode driver monitors system events and passes them to the Behavior Monitoring Core Service for policy enforcement.
Behavior Monitoring Core Service 32/64-bit	OfficeScan agents	This user mode service has the following functions: Provides rootkit detection Regulates access to external devices Protects files, registry keys, and services
Behavior Monitoring Configuration Pattern	OfficeScan agents	The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement.
Policy Enforcement Pattern	OfficeScan agents	The Behavior Monitoring Core Service checks system events against the policies in this pattern.
Digital Signature Pattern	OfficeScan agents	This pattern contains a list of valid digital signatures that are used by the Behavior Monitoring Core Service to determine whether a program responsible for a system event is safe.
Memory Scan Trigger Pattern (32/64-bit)	OfficeScan agents	The Memory Scan Trigger service executes other scan engines when it detects the process in memory is unpacked.
Program Inspection Monitoring Pattern	OfficeScan agents	The Program Inspection Monitoring Pattern monitors and stores inspection points that are used for Behavior Monitoring.
Damage Recovery Pattern	OfficeScan agents	The Damage Recovery Pattern contains policies that are used for monitoring suspicious threat behavior.

Browser Exploits​

Component	Distributed To	Description
Browser Exploit Prevention Pattern	OfficeScan agents	This pattern identifies the latest web browser exploits and prevents the exploits from being used to compromise the web browser.
Script Analyzer Unified Pattern	OfficeScan agents	This pattern analyzes script in web

Edit: not all components are listed there, some components such as wrappers around the engine that should prevent Trend Micro from being exploited by malware writers are not mentioned.

The release notes for the scan engine are here (only in Japanese):

VSAPI 22.610 / ATSE 22.610~23.570 Release date 2023.08.23

Spoiler: Engine

■New features of VSAPI 22.610 / ATSE 22.610~23.570

• Added search function using machine learning
• (This is a local model type search function that is included inside the search engine.)
• Added and improved detection functions for new threats
• Supports identification of Lzip file types
• Improved identification function for MP3 file types
• Fixes for various bugs

The version number of the engine (second part of it) is calculated by multiplying the release month by 10 and adding 500. Example, december = 12*10 + 500 = 620.

 

[Trident]

And a little bit more about Trend Micro model.
It uses minimalistic pattern file (40 MB) and is more similar to the signature-less products.
The local pattern determines files which are confirmed safe and suspicious (which will be subjected to check using the full malware pattern available on TM servers).

According to the modules description above and what I will post below, Trend Micro reserves patterns (definitions) only for malware that actively causes damage. Once it no longer causes damage, it will be removed from the local pattern file as it has to stay small. This is one of the reasons that can cause the high number of undetected samples on the AVC malware protection test, yet TM nails the real world protection. Files no longer causing damage will only be detected by Predictive Machine Learning once it’s been retrained with these samples, behavioural blocking (eventually) and not by anything else (they will be a miss). Such files will most probably be bots, RATs and infostealers with dead C&Cs (ransomware can always cause damage).

Trend Micro uses Advanced Threat Scan Engine which is fully cloud-based to scan files without a good reputation.
ATSE can block malware and identify the malware family (which can make it look like it’s definitions-based).

Spoiler: ATSE 1

Detect emerging threats using Predictive Machine Learning​

Use Predictive Machine Learning to detect unknown or low-prevalence malware. (For more information, see Predictive Machine Learning.)

Predictive Machine Learning uses the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine on the Trend Micro Smart Protection Network. To enable Predictive Machine Learning, perform the following:

1. Ensure Internet connectivity
2. Enable Predictive Machine Learning

As with all detected malware, Predictive Machine Learning logs an event when it detects malware. (See About Deep Security event logging.) You can also create an exception for any false positives. (See Create anti-malware exceptions.)

Ensure Internet connectivity​

Predictive Machine Learning requires access to the Global Census Service, Good File Reputation Service, and Predictive Machine Learning Service. These services are hosted in the Trend Micro Smart Protection Network. If your Deep Security Agents or Virtual Appliance cannot access the Internet directly, see Configure agents that have no internet access for workarounds.

Detect emerging threats using Predictive Machine Learning | Deep Security

help.deepsecurity.trendmicro.com

Spoiler: ATSE 2

Predictive Machine Learning ​

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features. Predictive Machine Learning also performs a behavioral analysis on unknown or low-prevalence processes to determine if an emerging or unknown threat is attempting to infect your network.
Predictive Machine Learning is a powerful tool that helps protect your environment from unidentified threats and zero-day attacks.
After detecting an unknown or low-prevalence file, Deep Discovery Web Inspector scans the file using the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine, hosted on the Trend Micro Smart Protection Network. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.
Depending on how you configure your policies, Deep Discovery Web Inspector can block the object to prevent the threat from continuing to spread across your network. Alternatively, you can configure the policy to monitor and log information about the object without blocking it.

https://docs.trendmicro.com/all/ent/ddwi/2.5/en-us/ddwi_2.5_olh/Predictive-Machine-L.html

Spoiler: About smart scan

Smart Protection Network integration is available for your computers and workloads through Anti-Malware and Web Reputation modules. Smart Feedback, which is set at the system level, allows you to provide continuous feedback to the Smart Protection Network.

For more about Trend Micro's Smart Protection Network, see Smart Protection Network.

If you are operating in a FedRAMP (Federal Risk and Authorization Management Program) environment, you cannot use Smart Feedback. If you have already enabled Smart Feedback, you must disable it.

In this topic:

• Anti-Malware and Smart Protection
• Web Reputation and Smart Protection
• Smart Feedback
• Disable Smart Feedback

See also Smart Protection Server documentationfor instructions on manually deploying the server.

Anti-Malware and Smart Protection​

• Benefits of Smart Scan
• Enable Smart Scan
• Smart Protection Server for File Reputation Service

Benefits of Smart Scan​

Smart Scan provides the following features and benefits:

• Provides fast, real-time security status lookup capabilities in the cloud.
• Reduces the overall time it takes to deliver protection against emerging threats.
• Reduces network bandwidth consumed during pattern updates. The bulk of pattern definition updates only needs to be delivered to the cloud, not to many endpoints.
• Reduces the cost and overhead associated with corporate-wide pattern deployments.

Enable Smart Scan​

Smart Scan is available in the Anti-Malware module. It leverages Trend Micro's Smart Protection Network to allow local pattern files to be small and reduces the size and number of updates required by agents and Appliances. When Smart Scan is enabled, the agent downloads a small version of the much larger full malware pattern from a Smart Protection Server. This smaller pattern can quickly identify files as either confirmed safe or possibly dangerous. Possibly dangerous files are compared against the larger complete pattern files stored on Trend Micro Smart Protection Servers to determine with certainty whether they pose a danger or not.

Without Smart Scan enabled, your relay agents must download the full malware pattern from a Smart Protection Server to be used locally on the agent. The pattern is only updated as scheduled security updates are processed. The pattern is typically updated once per day for your agents to download and is around 120 MB.

Verify that the computer can reliably connect to the global Trend Micro Smart Protection Network URLs (see Port numbers for a list of URLs). If connectivity is blocked by a firewall, proxy, or AWS security group or if the connection is unreliable, it reduces Anti-Malware performance.

Detect emerging threats using Predictive Machine Learning | Deep Security

help.deepsecurity.trendmicro.com