Trend Micro Pattern Files and Scan Engine

You can configure all Trend Micro products, including CPM for Mac, to automatically check the Trend Micro ActiveUpdate (TMAU) server, and then download and install any updates that are found. This process is typically configured to occur in the background, although you can manually update some or all of the pattern files at any time. In addition, pre-release patterns are available for manual download (at your own risk) if a situation such as a virus outbreak occurs. Pre-release patterns have not undergone full testing but are available to stop burgeoning threats.

You can manually download the virus pattern and other files from the following URL, where you can also check the current release version, date, and review the new virus definitions included in the files.

http://www.trendmicro.com/download/pattern.asp

Incremental Virus Pattern File Updates

CPM for Mac, with Trend Micro ActiveUpdate, supports incremental updates of the virus pattern file. Rather than download the entire pattern file each time, ActiveUpdate can download only the portion of the file that is new and append it to the existing pattern file. (Full pattern files can be over 20 MB.)

How Scanning Works

The scan engine works together with the virus pattern file to complete the first level of detection, through a process called pattern matching. Every virus contains a unique binary "signature:" a string of identifying characters that distinguish it from any other code. The virus experts at TrendLabs capture snippets of this code to include in the pattern file. The engine then compares certain parts of each scanned file to the data in the virus pattern file, looking for a match.

Pattern files use the following naming format: 
lpt$vpn.###
where ### represents the pattern version (for example, 400).

If multiple pattern files exist in the same directory only the one with the highest number is used. Trend Micro publishes new virus pattern files regularly (typically several times a week), and recommends configuring hourly automatic updates. With automatic updates enabled, new updates are downloaded to the server and flow to the endpoints immediately. Updates are available to all Trend Micro customers that have valid maintenance contracts.

The Trend Micro Scan Engine and Detection Technologies

At the heart of all Trend Micro products lies a scan engine. Originally developed in response to early file-based computer viruses, the scan engine now detects Internet worms, mass-mailers, Trojan horse threats, phish sites, spyware, and network exploits, in addition to viruses. The scan engine checks for actively circulating threats "in the wild," and for those "in the zoo." A "zoo" is a collection of viruses used for testing by researchers in a virus laboratory. A virus "in the wild" has caused an infection outside of a virus laboratory.

Rather than scanning every byte of every file, the engine and pattern file work together to identify tell-tale virus characteristics and the exact location within a file where the malicious code inserts itself. CPM for Mac can usually remove this virus or malware upon detection and restore the integrity of the file ("clean" the file).

Scan Engine Updates

By storing the most time-sensitive virus and malware information in pattern files, Trend Micro minimizes the number of scan engine updates required, while keeping protection up-to-date. Nevertheless, Trend Micro periodically makes new scan engine versions available. Trend Micro releases new engines under the following circumstances:
  • Incorporation of new scanning and detection technologies into the software.
  • Discovery of new, potentially harmful malware unhandled by the current engine.
  • Enhancement of the scanning performance.
  • Addition of file formats, scripting languages, encoding, and compression formats.