How Trend Micro NAS Security™ Finds Viruses

This topic explains the following antivirus technologies used in Trend Micro NAS Security.

For polymorphic or mutating viruses, the Trend Micro NAS Security™ scan engine permits suspicious files to execute in a protected area for decryption. Trend Micro NAS Security™ then scans the entire file, and looks for strings of mutation-virus code.

How MacroTrap Works

MacroTrap performs a rule-based examination of all macro code saved in association with a document. Macro virus code is typically contained as part of an invisible template (for example, *.dot in Microsoft Word) that travels with the document. MacroTrap checks the template for signs of a macro virus by seeking out instructions that perform virus-like activity. Examples of this behavior are copying parts of the template to other templates (replication), and execution of harmful commands (destruction).

Compressed File Scanning

Compressed files and archives (a single file composed of many, often compressed, files) are the preferred file format for file distribution via email or the Internet. Unless your antivirus application is specially equipped to handle these files, viruses and other malware may be "smuggled" into your network inside these files.

The scan engine in Trend Micro NAS Security™ can scan inside archives and compressed files. It can even detect viruses in compressed files and archives composed of other compressed files, up to twenty compression layers.

Compression File Scan Limit

To help conserve system resources, you can configure Trend Micro NAS Security™ to scan files within compressed archives that do not exceed a specific size. Skipped compressed files will appear in the system logs. It is important to note that the smaller the size specified above, the higher the risk of infection. Real-time Scan will still detect viruses included in skipped files during a decompression attempt.

IntelliScan

Most antivirus solutions today offer you two options in determining which files to scan for potential threats. Either all files are scanned (the safest approach), or only those files with certain file name extensions (considered the most vulnerable to infection) are scanned. But recent developments involving files being ”disguised” by having their extensions changed has made this latter option less effective.

IntelliScan is a Trend Micro technology that identifies a file’s ”true file type,” regardless of the file name extension. IntelliScan uses a method of identifying which files to scan that is more efficient than the standard Scan All files option.

IntelliScan examines the header of every file, but based on certain indicators, selects only files that it determines are susceptible to viruses. Because IntelliScan scans only files that are particularly vulnerable to infection, using IntelliScan brings you the following benefits: