Oct 12 2010

PC Protection

Trend Micro antimalware suite reduces risk with pattern file management and web reputation services.

Companies seeking greater flexibility in the protection of endpoints should consider the Trend Micro Enterprise Security for Endpoints Advanced software suite, which secures PCs, Macs, Linux boxes and smartphones by guarding against malware.

End-User Advantages

Like most manufacturers of anti-malware programs, Trend Micro compares a file’s binary contents with various patterns that are signatures of malware. But scanning against all of those patterns can slow performance.

Trend Micro has introduced two new features to offload a portion of that processing from endpoints and move it to the data center. The first, called File Reputation, pushes some of that intensive scanning back to a server. My workstation did a quick analysis of a test file, sending key parts back to a server to determine whether the file was infected.

The second feature, Smart Query Filter, serves as a whitelist by allowing a workstation to determine whether a file is infected before it even talks to the server.

I tested the product on Microsoft Windows XP, Windows 7, Windows 2003 and Windows 2008, but Trend Micro also works with Mac OS, popular Linux distributions and Novell NetWare.

Why It Works for IT

Enterprise Security for Endpoints Advanced integrates with Microsoft Windows Active Directory, allowing administrators to craft policies for different Organizational Units (which could represent different types of servers or workstations).

The endpoint security product also offers web protection. Every time a user accesses a new website, the software checks the URL against a list of suspect websites; if it finds a match, the user is prevented from accessing that site. To test this feature, I disabled the phishing filter in Internet Explorer and navigated to the Microsoft Contoso phishing test site, which Trend Micro blocked. I even went so far as to test some of the phishing attack e-mails in my junk e-mail bin, and it caught every one.

The product also comes with role-based administration, which allows IT to delegate some operations to Tier-1 or help-desk support. System administration is granular almost to a fault — just about every element in the graphical user interface can be controlled.

There’s also a plug-in architecture that allows users to add functionality to the endpoints from a central console. For example, say a new zero-day exploit has recently come out that is triggered by a website whose URL is more than 1,000 characters in length. You can simply instruct the clients to reject any URL over 1,000 characters until the pattern file comes out that protects against that particular exploit, all from the central console.


Enterprise Security for Endpoints Advanced includes a mobile client that comes with standard malware protection and a firewall, but it doesn’t yet support the Apple iPhone.

1.5 seconds  Frequency at which unique new malware patterns surface

SOURCE: Trend Micro

Also, the Active Directory policy integration considers only computer objects in Active Directory, not users. Hence, you can’t deploy a policy based on the user who has logged onto the system, only on the system itself. However, this issue likely affects only users who are in a shared computer environment.

You may also find that the software does not work properly on Novell Open Enterprise Server platforms. Trend Micro’s support staff has worked through these issues and can assist you.

Dr. Jeffrey Sheen is the lead enterprise analyst for Grange Mutual Insurance of Columbus, Ohio.