This article provides information about Scan Engine version 9.2.
This article provides information about Scan Engine 9.2.
Scan Engine (VSAPI) 9.2 comes with the following enhancements and features:
- Real-time scan cache enhancement (Only for NTKD Platform)
The real-time performance is the key factor to customer’s user experience. It significantly impacts the system boot time because the system is usually busy with loading services and processes during boot time.
There are two enhancements for the real-time scan cache that aim to:
- Increase the overall real-time scan performance
This enhancement will enlarge the real-time scan cache in order to store more scanned file information. The algorithm of search function for cache will be refined to improve the performance.
- Reduce system boot time
This enhancement is to cache the scanned files that caused the longest scan time during the last system boot-up. The cache will be stored somewhere while VSAPI is being unloaded in order to reuse the cache for the next system boot-up.
- Increase the overall real-time scan performance
- Improved text file scanning performance
Nowadays, a lot of malware are written in various script languages that cause the complexity of malicious code detection in text file. VSAPI sometimes takes long time to scan a large text file. It also caused slow application execution performance when it continuously updates log file.
This issue is also a concern when OEM vendors evaluate Trend Micro Antivirus software performance when using large text files as test samples. The root cause is that VSAPI scans the whole text file because the file format complies with the script language.
Trend Micro will add more conditions to check if VSAPI needs to do whole file scan and refine token search algorithm to improve the performance.
- Deferral file scan (only for NTKD Platform)
The current design of VSAPI real-time scan is to scan file in two occasions: (1) when the file is being opened; and (2) when the file with the write attribute is being closed. The application’s manipulation to file will wait until VSAPI completes the scan task. Actually, the scanning for files being closed is not necessary because closing a malicious file does not have immediate risk until the file is opened for execution afterwards.
To improve the real-time scan performance, VSAPI will defer the scan for files being closed so that application does not need to wait for VSAPI to close a file. VSAPI will decide a proper time to scan the deferred file.
- Office 2010 file scanning support
Microsoft will release Office 2010 in 2010. To prevent users from opening malicious Office 2010 files, VSAPI will support the scanning of the content of Office 2010 file types.