Which of the following provides the most protection against malware encryption updates or keyloggers?
Deep Security 11.3 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center. Show
The Deep Security anti-malware module provides agent computers with both real-time and on-demand protection against file-based threats, including malware, viruses, Trojans, and spyware. To identify threats, the anti-malware module checks files on the local hard drive against a comprehensive threat database. The anti-malware module also checks files for certain characteristics, such as compression and known exploit code. Portions of the threat database are hosted on Trend Micro servers or stored locally as patterns. Deep Security Agents periodically download anti-malware patterns and updates to ensure protection against the latest threats. A newly installed Deep Security Agent cannot provide anti-malware protection until it has contacted an update server to download anti-malware patterns and updates. Ensure that your Deep Security Agents can communicate with a Deep Security Relay or the Trend Micro Update Server after installation. The anti-malware module eliminates threats while minimizing the impact on system performance. The anti-malware module can clean, delete, or quarantine malicious files. It can also terminate processes and delete other system objects that are associated with identified threats. To turn on and configure the anti-malware module, see Enable and configure anti-malware.
Types of malware scansThe anti-malware module performs several types of scans. See also Select the types of scans to perform. Real-time scanScan immediately each time a file is received, opened, downloaded, copied, or modified, Deep Security scans the file for security risks. If Deep Security detects no security risk, the file remains in its location and users can proceed to access the file. If Deep Security detects a security risk, it displays a notification message that shows the name of the infected file and the specific security risk. Real-time scans are in effect continuously unless another time period is configured using the Schedule option. You can configure real-time scanning to run when it will not have a large impact on performance; for example, when a file server is scheduled to back up files. This scan can run on all platforms supported by the anti-malware module. Manual scanRuns a full system scan on all processes and files on a computer. The time required to complete a scan depends on the number of files to scan and the computer's hardware resources. A manual scan requires more time than a Quick Scan. A manual scan executes when Full Scan for Malware is clicked. This scan can be run on all platforms supported by the anti-malware module. Scheduled scanRuns automatically on the configured date and time. Use scheduled scan to automate routine scans and improve scan management efficiency. A scheduled scan runs according to the date and time you specify when you create a Scan computers for Malware task using scheduled tasks (see Schedule Deep Security to perform tasks). This scan can be run on all platforms supported by the anti-malware module. Quick scanOnly scans a computer's critical system areas for currently active threats. A Quick Scan will look for currently active malware but it will not perform deep file scans to look for dormant or stored infected files. It is significantly faster than a Full Scan on larger drives. Quick scan is not configurable. A Quick Scan runs when you click Quick Scan for Malware. Quick Scan can run only on Windows computers. Scan objects and sequenceThe following table lists the objects scanned during each type of scan and the sequence in which they are scanned.
Malware scan configurationsMalware scan configurations are sets of options that control the behavior of malware scans. When you configure anti-malware using a policy or for a specific computer, you select a malware scan configuration to use. You can create several malware scan configurations and use them with different policies when different groups of computers have different scan requirements. Real-time, manual, and scheduled scans all use malware scan configurations. Deep Security provides a default malware scan configuration for each type of scan. These scan configurations are used in the default security policies. You can use the default scan configurations as-is, modify them, or create your own. Quick Scans are not configurable, and do not use malware scan configurations. You can specify which files and directories are included or excluded during a scan and which actions are taken if malware is detected on a computer (for example, clean, quarantine, or delete). For more information, see Configure malware scans. Malware eventsWhen Deep Security detects malware it triggers an event that appears in the event log. From there you can see information about the event, or create an exception for the file in case of false positives. You can also restore quarantined files that are actually benign. (See Anti-malware events and Handle malware.) SmartScanSmart Scan uses threat signatures that are stored on Trend Micro servers and provides several benefits:
When Smart Scan is enabled, Deep Security first scans locally for security risks. If Deep Security cannot assess the risk of the file during the scan, it will try to connect to a local Smart Scan server. If no local Smart Scan Server is detected, Deep Security will attempt to connect to the Trend Micro Global Smart Scan server. For more information on this feature, see Smart Protection in Deep Security. Predictive Machine LearningDeep Security provides enhanced malware protection for unknown threats and zero-day attacks through Predictive Machine Learning. Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging security risks through digital DNA fingerprinting, API mapping, and other file features. Predictive Machine Learning is effective in protecting against security breaches that result from targeted attacks using techniques such as phishing and spear phishing. In these cases, malware that is designed specifically to target your environment can bypass traditional malware scanning techniques. During real-time scans, when Deep Security detects an unknown or low-prevalence file, Deep Security scans the file using the Advanced Threat Scan Engine (ATSE) to extract file features. It then sends the report to the Predictive Machine Learning engine on the Trend Micro Smart Protection Network. Through the use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains. If the file is identified as a threat, Deep Security quarantines the file to prevent the threat from continuing to spread across your network. For information about using Predictive Machine Learning, see Detect emerging threats using Predictive Machine Learning. Malware typesThe anti-malware module protects against many file-based threats. See also Scan for specific types of malware and Configure how to handle malware VirusViruses infect files by inserting malicious code. Typically, when an infected file is opened the malicious code automatically runs and delivers a payload in addition to infecting other files. Below are some of the more common types of viruses:
The anti-malware module uses different technologies to identify and clean infected files. The most traditional method is to detect the actual malicious code that is used to infect files and strip infected files of this code. Other methods include regulating changes to infectable files or backing up such files whenever suspicious modifications are applied to them. TrojansSome malware does not spread by injecting code into other files. Instead, it has other methods or effects:
PackerPackers are compressed and encrypted executable programs. To evade detection, malware authors often pack existing malware under several layers of compression and encryption. Anti-malware checks executable files for compression patterns associated with malware. Spyware/graywareSpyware and grayware comprises applications and components that collect information to be transmitted to a separate system or collected by another application. Spyware/grayware detections, although exhibiting potentially malicious behavior, may include applications used for legitimate purposes such as remote monitoring. Spyware/grayware applications that are inherently malicious, including those that are distributed through known malware channels, are typically detected as other Trojans. Spyware and grayware applications are typically categorized as:
What is grayware? Although they exhibit what can be intrusive behavior, some spyware-like applications are considered legitimate. For example, some commercially available remote control and monitoring applications can track and collect system events and then send information about these events to another system. System administrators and other users may find themselves installing these legitimate applications. These applications are called "grayware". To provide protection against the illegitimate use of grayware, the anti-malware module detects grayware but provides an option to "approve" detected applications and allow them to run. CookieCookies are text files stored by a web browser, transmitted back to the web server with each HTTP request. Cookies can contain authentication information, preferences, and (in the case of stored attacks from an infected server) SQL injection and XSS exploits. Other threatsOther threats includes malware not categorized under any of the malware types. This category includes joke programs, which display false notifications or manipulate screen behavior but are generally harmless. Possible malwarePossible malware is a file that appears suspicious but cannot be classified as a specific malware variant. When possible malware is detected, Trend Micro recommends that you contact your support provider for assistance in further analysis of the file. By default, these detections are logged and files are anonymously sent back to Trend Micro for analysis. What provides the most protection against malware?Using antivirus software is the best way to defend your computer against malicious code. If you think your computer is infected, run your antivirus software program. Ideally, your antivirus program will identify any malicious code on your computer and quarantine them so they no longer affect your system.
Do updates provide the most protection against malware?Newer versions often contain more security fixes to prevent malware attacks.
What is the most effective form of virus protection?The best antivirus for 2022
You may be more familiar with names such as Norton, McAfee and AVG – but Bitdefender has been the overall best antivirus available for a few years now. It combines watertight security tools with an array of other excellent security features.
|