Trend Micro Internet

Question:
I need a description on report by TMCM 5. I need this information to present the report for management.

- Description for Unique Infection Destination Count & Unique Infection Source Count.
- Description for N/A.
- Description for Unique Infection Destination Count & Unique Virus/Malware Count.
- Description for Unique Infection Source Count & Unique Virus/Malware Count.
- Description for No action, N/A, Unable to delete file & File passed.

Answer:

The Unique Infection Destination Count & Unique Infection Source Count is just same as Infection Destination Count & Infection Source Count. There's a word "Unique" because of Log Aggregation which is the new feature in TMCM 5.0 version. This means that the logs has already been sorted out. Like for example: Instead of logging 10 malware detection for same infection source and same malware, TMCM will only log this once.

"NA" means that the infection source is blank. If you will check the virus logs from OSCE server, there are rows which the Infection Source is blank. This is the NA in TMCM reports.

No Action - Some files require further investigation to determine whether they are infected with a virus or other instance of malware. To mitigate the impact of potential false positives, OfficeScan will temporarily take no action on certain suspicious files. After Trend Micro determines the correct status of the file, the scan action will be adjusted accordingly.

File passed - These are the detection scanned by Heurisitic scanning in which the file is tagged as suspicious. Since this is not yet included in the pattern file, OfficeScan will set the action to pass to prevent false-positive detection

Unable to delete - these are the malcious files in which OfficeScan cannot delete the file because it is locked for some reason.

Hope these information helps.