- Oct 6, 2021
- 174
Can Trend Micro currently be considered better than Norton?And a little bit more about Trend Micro model.
It uses minimalistic pattern file (40 MB) and is more similar to the signature-less products.
The local pattern determines files which are confirmed safe and suspicious (which will be subjected to check using the full malware pattern available on TM servers).
According to the modules description above and what I will post below, Trend Micro reserves patterns (definitions) only for malware that actively causes damage. Once it no longer causes damage, it will be removed from the local pattern file as it has to stay small. This is one of the reasons that can cause the high number of undetected samples on the AVC malware protection test, yet TM nails the real world protection. Files no longer causing damage will only be detected by Predictive Machine Learning once it’s been retrained with these samples, behavioural blocking (eventually) and not by anything else (they will be a miss). Such files will most probably be bots, RATs and infostealers with dead C&Cs (ransomware can always cause damage).
Trend Micro uses Advanced Threat Scan Engine which is fully cloud-based to scan files without a good reputation.
ATSE can block malware and identify the malware family (which can make it look like it’s definitions-based).
Detect emerging threats using Predictive Machine Learning
Use Predictive Machine Learning to detect unknown or low-prevalence malware. (For more information, see Predictive Machine Learning.)
Predictive Machine Learning uses the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine on the Trend Micro Smart Protection Network. To enable Predictive Machine Learning, perform the following:
As with all detected malware, Predictive Machine Learning logs an event when it detects malware. (See About Deep Security event logging.) You can also create an exception for any false positives. (See Create anti-malware exceptions.)
Ensure Internet connectivity
Predictive Machine Learning requires access to the Global Census Service, Good File Reputation Service, and Predictive Machine Learning Service. These services are hosted in the Trend Micro Smart Protection Network. If your Deep Security Agents or Virtual Appliance cannot access the Internet directly, see Configure agents that have no internet access for workarounds.
Detect emerging threats using Predictive Machine Learning | Deep Security
help.deepsecurity.trendmicro.comPredictive Machine Learning
Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features. Predictive Machine Learning also performs a behavioral analysis on unknown or low-prevalence processes to determine if an emerging or unknown threat is attempting to infect your network.
Predictive Machine Learning is a powerful tool that helps protect your environment from unidentified threats and zero-day attacks.
After detecting an unknown or low-prevalence file, Deep Discovery Web Inspector scans the file using the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine, hosted on the Trend Micro Smart Protection Network. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.
Depending on how you configure your policies, Deep Discovery Web Inspector can block the object to prevent the threat from continuing to spread across your network. Alternatively, you can configure the policy to monitor and log information about the object without blocking it.
Smart Protection Network integration is available for your computers and workloads through Anti-Malware and Web Reputation modules. Smart Feedback, which is set at the system level, allows you to provide continuous feedback to the Smart Protection Network.
For more about Trend Micro's Smart Protection Network, see Smart Protection Network.
If you are operating in a FedRAMP (Federal Risk and Authorization Management Program) environment, you cannot use Smart Feedback. If you have already enabled Smart Feedback, you must disable it.
In this topic:
See also Smart Protection Server documentationfor instructions on manually deploying the server.
- Anti-Malware and Smart Protection
- Web Reputation and Smart Protection
- Smart Feedback
- Disable Smart Feedback
Anti-Malware and Smart Protection
Benefits of Smart Scan
Smart Scan provides the following features and benefits:
- Provides fast, real-time security status lookup capabilities in the cloud.
- Reduces the overall time it takes to deliver protection against emerging threats.
- Reduces network bandwidth consumed during pattern updates. The bulk of pattern definition updates only needs to be delivered to the cloud, not to many endpoints.
- Reduces the cost and overhead associated with corporate-wide pattern deployments.
Enable Smart Scan
Smart Scan is available in the Anti-Malware module. It leverages Trend Micro's Smart Protection Network to allow local pattern files to be small and reduces the size and number of updates required by agents and Appliances. When Smart Scan is enabled, the agent downloads a small version of the much larger full malware pattern from a Smart Protection Server. This smaller pattern can quickly identify files as either confirmed safe or possibly dangerous. Possibly dangerous files are compared against the larger complete pattern files stored on Trend Micro Smart Protection Servers to determine with certainty whether they pose a danger or not.
Without Smart Scan enabled, your relay agents must download the full malware pattern from a Smart Protection Server to be used locally on the agent. The pattern is only updated as scheduled security updates are processed. The pattern is typically updated once per day for your agents to download and is around 120 MB.
Verify that the computer can reliably connect to the global Trend Micro Smart Protection Network URLs (see Port numbers for a list of URLs). If connectivity is blocked by a firewall, proxy, or AWS security group or if the connection is unreliable, it reduces Anti-Malware performance.
Detect emerging threats using Predictive Machine Learning | Deep Security
help.deepsecurity.trendmicro.com