Question Trend Micro Privacy

Please provide comments and solutions that are helpful to the author of this topic.

Indingo

Level 1
Thread author
Jun 15, 2020
23
I have been experimenting with Trend Micro AV. I have noticed that in their privacy policy and signup they request the following.

IP Address
Computer Name
MAC
Real Name
Address

and in their privacy policy they say they log basically everything for a year before deletion.

" Global Privacy Notice | Trend Micro "

Does anyone have any experience with this? It seems extremely worrying from a privacy point of view, considering they are a cloud AV product. Or am I misinterpreting their wording.
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
All antiviruses require invasive data collection, though from what ive seen it's mostly to make sense of the threat telemetry they receive from their users. For example, IP addresses can be used to see if what regions of the world are targeted by the threat. MAC addresses can be used to see what type of device a file is detected on. File location, web traffic and other file and network behaviors can be used to understand the attack chain of a threat, and so on. Some of the information, such as names and addresses, are used to register the product, create relevant account's, send emails, etc.
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
McAfee, Trend Micro and Webroot were the worst privacy wise when tested in 2014 by AC-Comparatives:
 

piquiteco

Level 14
Oct 16, 2022
626
Its a shame its from 2014, I think AV-C needs to do another one as a lot has changed in the privacy sphere since then. It does make you think about how much information you are potentially giving away when installing an AV
Despite its privacy concerns Trend Micro is a very good AV. In the tests I saw recently it blocked all malware, ransomware and machine at the end of the tests ended up clean.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,630
From Trend Micro Privacy Policy (Global):
Where visitors visit our Websites and wish to download content, take part in a competition, purchase product or request information, visitors may be requested to provide details as follows:
• Name
• Phone number
• Email address
• Postal address
• Company name
• Billing and shipping information
• Other relevant information about visitors and visitors' systems and visitors'company
• Date of birth (only for certain competitions)
• Parent's or legal guardian's name and email address (only for certain competitions where
participants are minors under a particular age (such as under 18 in Australia, under 17 in the United States, and Canada, under 20 in Japan (due to be under 18 from April 2022), and under 16 in parts of Europe) in accordance with applicable data protection law);

Comment: this is standard data collection, when providing products and services, Trend Micro needs to know who they are dealing with. It is not anymore data than others collect.
Upon ordering, purchasing, installing, activating or using our Products, we receive personal information such as:
• Name
• Phone number
• Email address
• Device ID
• Operating system
• License Key
We use this personal information to ensure that the relevant Customer's license to our solutions is valid and to contact our Customers regarding renewals, technical issues and new Product information.
The types of information and personal information that may be processed when using and interacting with our Products, including Customer support, include the following. The specific information and personal information that is processed will depend on the particular Product used.

Comment: this is standard information for licensing purposes as well and doesn’t contain anything unusual. In case you contact support, try to retrieve your lost activation key or need other licensing help, this information will be used to verify that you are the correct person.
Now this can make one’s head spin.

These types of information and personal information enables users to participate, share and leverage Trend Micro's global database of threat related intelligence to rapidly identify and defend against potential threats within each Customer's unique network environment, as described in more detail below, as well as enabling us to provide any support requested. You can find further details of the types of data that Trend Micro products collect, what this data is used for and detailed instructions on how to disable the specific features that feedback data to Trend Micro in the Privacy and Personal Data Collection Disclosure.[LINK/URL: DCX]
• Product information, such as MAC address, device ID
• Public IP address of the user's gateway to the internet
• Mobile/PC environment
• Metadata from suspicious executable files
• URLs, Domains and IP addresses of websites visited and DNS data
• Metadata of user/device managed by gateway Product
• Information about the Android applications installed on a user's device
• Application behaviours
• Personal information contained within email content or files to which Trend Micro is provided
access
• Behaviours of Product users
• Information from suspicious email, including sender and receiver email address, and
attachments
• Detected malicious file information including file name and file path
• Detected malicious network connection information
• Debug logs
• Network Architecture/Topology and network telemetry data
• Screen capture of errors
• Windows event log content
• WMI event content
• Registry data
Security and threat detection functions relating to our Products and functions includes:
• Analyse data sent to/from the user's device to isolate and identify threats, vulnerabilities,
suspicious activity and attacks;
• Assess the reputation of a website, email sender’s IP address, device or file to advise the user
on whether access should be granted;
10

• Analyse email to protect against spam, impersonation and other suspicious content;
• Virus protection;
• Intrusion detection, prevention and protection;
• Threat prevention and prediction;
• Network defence;
• Sand box testing (for certain cloud products);
• Storage of emails for back up purposes (certain cloud products);
• Identify, block and/or remove applications, messages, and files that may compromise
productivity or the performance and security of computers, systems, and/or networks;
• Identify sources and methods of targeted attacks; and
• Deliver updated protection against malicious threats.
We may also use personal information for other business purposes,including:
• Internal record keeping;
• Compliance with the law and requests from governmentbodies;
• Product development;
• Keeping existing and past Customers informed about our Productsand promotions;
• Providing Customer support;
• Managing subscriptions and billing; and
• Responding to requests, questions and comments.

Comment: Trend Micro collects a massive amount of information-of-interest. This information is presumably used to improve detection and falls under various laws such as GDPR, California Consumer Protection Act and others. It is possible to turn telemetry off in settings which will prevent some information from being shared.
Conclusion: Trend Micro’s in-product collection is a privacy nightmare but the company falls under various laws depending on your region, which would prevent Trend Micro from selling or using this information in unlawful ways. Additional privacy can be granted by switching telemetry and some features such as Anti-Spam off, but Trend Micro is a cloud-heavy product, so total disconnection from the cloud and data collection is not possible.

Additional privacy collection explanations as well as suggestions are provided here:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top