Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

New VSAPI Threat Detection Naming Scheme - July 2018

    • Updated:
    • 30 Oct 2018
    • Product/Version:
    • Antivirus for Mac All.All
    • Apex One™ as a Service X.X
    • Cloud App Encryption All.All
    • Cloud App Security All.All
    • Control Manager All.All
    • Core Protection Module All.All
    • Deep Discovery Analyzer All.All
    • Deep Discovery Director All.All
    • Deep Discovery Email Inspector All.All
    • Deep Discovery Inspector All.All
    • Deep Edge All.All
    • Deep Security All.All
    • Deep Security as a Service All.All
    • Email Security Platform for Service Providers All.All
    • Hosted Email Security All.All
    • InterScan Messaging Security Suite All.All
    • InterScan Messaging Security Virtual Appliance All.All
    • InterScan VirusWall All.All
    • InterScan Web Security as a Service All.All
    • Interscan Web Security Hybrid All.All
    • InterScan Web Security Suite All.All
    • InterScan Web Security Virtual Appliance All.All
    • Mobile Security for Enterprise All.All
    • OfficeScan All.All
    • OfficeScan as a Service All.All
    • ScanMail for Exchange All.All
    • ScanMail for IBM Domino All.All
    • ScanMail for Lotus Domino All.All
    • ServerProtect for EMC Celerra All.All
    • ServerProtect for Linux All.All
    • ServerProtect for Microsoft Windows/Novell Netware All.All
    • ServerProtect for Network Appliance Filer All.All
    • ServerProtect for Storage All.All
    • Smart Protection Server All.All
    • Trend Micro Email Security 1.0
    • Trend Micro Portable Security All.All
    • Worry-Free Business Security Advanced All.All
    • Worry-Free Business Security Services All.All
    • Worry-Free Business Security Standard All.All
    • Worry-Free Business Security Standard/Advanced All.All
    • Platform:
    • Amazon AMI 32-bit
    • Amazon AMI 64-bit
    • Appliance All
    • Appliance DELL R210II
    • Appliance DELL R410
    • Appliance DELL R710
    • Appliance DELL R720
    • Appliance すべて
    • AS400 すべて
    • Bare Metal N/A
    • Blackberry 5.x
    • Blackberry すべて
    • CentOS 5.4 32-bit
    • CentOS 5.4 64-bit
    • CentOS 5.5 32-bit
    • CentOS 5.5 64-bit
    • CentOS 5.6 32-bit
    • CentOS 5.6 64-bit
    • CentOS 5.7 32-bit
    • CentOS 5.7 64-bit
    • CentOS 5.8 32-bit
    • CentOS 5.8 64-bit
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • CentOS 6.1 32-bit
    • CentOS 6.1 64-bit
    • CentOS 6.2 32-bit
    • CentOS 6.2 64-bit
    • CentOS 7.0 64-bit
    • CentOS 7.2 64-bit
    • CentOS 7.3 64-bit
    • Citrix XenServer 5.5
    • Citrix XenServer 6.0
    • EMC すべて
    • HPUX 11.x
    • IBM AIX
    • IBM IBM - OS/390
    • IBM IBM - OS/400/i5OS
    • IBM IBM zLinux
    • IBM AIX 5.2
    • IBM AIX 5.3
    • IBM AIX 6.1
    • IBM AIX 7.1
    • IBM AIX 7.2
    • IBM OS/400/i5OS V5R4
    • IBM OS/400/i5OS V6R1
    • IBM OS/400/i5OS V7R1
    • IBM zLinux RHEL 5 64-bit
    • IBM zLinux SLES 10
    • IBM zLinux SLES 11
    • Linux All
    • Linux すべて
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 3 64-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 5.1 32-bit
    • Linux - Red Hat RHEL 5.1 64-bit
    • Linux - Red Hat RHEL 5.2 32-bit
    • Linux - Red Hat RHEL 5.2 64-bit
    • Linux - Red Hat RHEL 5.6 32-bit
    • Linux - Red Hat RHEL 5.6 64-bit
    • Linux - Red Hat RHEL 5.7 32-bit
    • Linux - Red Hat RHEL 5.7 64-bit
    • Linux - Red Hat RHEL 5.8 32-bit
    • Linux - Red Hat RHEL 5.8 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - Red Hat RHEL 6.1 32-bit
    • Linux - Red Hat RHEL 6.1 64-bit
    • Linux - Red Hat RHEL 6.2 32-bit
    • Linux - Red Hat RHEL 6.2 64-bit
    • Linux - Red Hat RHEL 7 64-bit
    • Linux - Red Hat RHEL 8 32-bit
    • Linux - Red Hat RHEL 8 64-bit
    • Linux - Red Hat RHEL 9 32-bit
    • Linux - Red Hat RHEL 9 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Linux - SuSE 9.0
    • Linux - Turbolinux Server 10
    • Linux - Turbolinux Server 8
    • Lync Server 2010
    • Lync Server 2013
    • Macintosh El Capitan
    • Macintosh iOS 3.x
    • Macintosh iOS 4.x
    • Macintosh iOS 5.x
    • Macintosh Leopard
    • Macintosh Lion
    • Macintosh Mavericks
    • Macintosh Mountain Lion
    • Macintosh Snow Leopard
    • Macintosh Tiger
    • Macintosh Yosemite
    • macOS High Sierra
    • macOS Sierra
    • macOS すべて
    • N/A N/A
    • NetApp すべて
    • Netware version 5.1
    • Netware version 6.0
    • Netware version 6.5
    • Oracle Linux 5 32-bit
    • Oracle Linux 5 64-bit
    • Oracle Linux 6 32-bit
    • Oracle Linux 6 64-bit
    • Oracle Solaris 11 SPARC
    • Oracle Solaris 11 x86
    • SaaS すべて
    • Solaris すべて
    • Sony PS3
    • Sony PS4
    • Sony PSP
    • Symbian ^3
    • Symbian S60
    • Symbian S60 3rd Edition
    • Symbian S60 5th Edition
    • Ubuntu 10.04 32-bit
    • Ubuntu 10.04 64-bit
    • Ubuntu 10.1 32-bit
    • Ubuntu 10.1 64-bit
    • Ubuntu 11.04 32-bit
    • Ubuntu 11.04 64-bit
    • Ubuntu 12.04 32-bit
    • Ubuntu 12.04 64-bit
    • Ubuntu 9.1 32-bit
    • Ubuntu 9.1 64-bit
    • UNIX すべて
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 8 (SunOS 5.8)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Virtual Appliance 4.1
    • Virtual Appliance 5.1
    • Virtual Appliance すべて
    • VMware ESX - 5.0
    • VMware ESX 3.0
    • VMware ESX 3.5
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 3.5
    • VMware ESXi 4.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.1
    • VMware ESXi 5.5
    • VMware ESXi 6.0
    • VMware ESXi Hypervisor 5.5
    • VMware Server 2.0
    • VMware vCenter 5.0
    • VMware vCenter 5.5
    • VMware vSphere 4.x
    • VMware vSphere 5.0
    • VMware vSphere 5.1
    • VMware vSphere 5.5
    • VMware vSphere 6.0
    • Windows 10
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2000 Advanced Server
    • Windows 2000 Datacenter Server
    • Windows 2000 Professional
    • Windows 2000 Server
    • Windows 2000 Small Business Server
    • Windows 2003
    • Windows 2003 32-Bit
    • Windows 2003 64-Bit
    • Windows 2003 Compute Cluster Server
    • Windows 2003 Datacenter
    • Windows 2003 Datacenter 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Home Server
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2003 Web Server 64-bit
    • Windows 2003 Web Server Edition
    • Windows 2008
    • Windows 2008 32-Bit
    • Windows 2008 64-Bit
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 R2
    • Windows 2008 Server Core
    • Windows 2008 Server Foundation
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Storage Server
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2011 Small Business Server Essentials
    • Windows 2011 Small Business Server Premium Add-on
    • Windows 2011 Small Business Server Standard
    • Windows 2012
    • Windows 2012 Datacenter
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Enterprise R2
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Essentials
    • Windows 2012 Server Foundation R2
    • Windows 2012 Server R2
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 2012 Web Server Edition
    • Windows 2016
    • Windows 2016 Server Core
    • Windows 2016 Server Datacenter
    • Windows 2016 Server Standard
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 7 Home Premium 32-bit
    • Windows 7 Home Premium 64-bit
    • Windows 7 SP1 32-bit
    • Windows 7 SP1 64bit
    • Windows 7 SP1 64-bit
    • Windows 7 Starter 32-bit
    • Windows 7 Starter 64-bit
    • Windows 7 Ultimate 32-bit
    • Windows 7 Ultimate 64-bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8 RT
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
    • Windows 9
    • Windows All
    • Windows Embedded POSReady 7 (32-bit/64-bit)
    • Windows Mobile 5 Pocket PC
    • Windows Mobile 5 Pocket PC Phone Edition
    • Windows Mobile 5 Smartphone
    • Windows Mobile 6 Classic
    • Windows Mobile 6 Professional
    • Windows Mobile 6 Standard
    • Windows Mobile 6.1 Professional
    • Windows Mobile 6.1 Standard
    • Windows Mobile 6.5 Professional
    • Windows Mobile 6.5 Standard
    • Windows Server 2012
    • Windows Server 2012 32-Bit
    • Windows Server 2012 64-Bit
    • Windows Storage Server 2003
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows Vista SP1 32-bit / 64-bit
    • Windows Vista SP2 32-bit
    • Windows Vista SP2 32-bit / 64-bit
    • Windows Vista SP2 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
    • Windows XP SP2 32-bit
    • Windows XP SP3 32-bit
    • Windows XP Tablet PC
    • Windows すべて
    • Windows Mobile すべて
    • Windows Phone 8.0
    • Windows Phone 8.1
Summary
Beginning on July 2, 2018, Trend Micro will begin to implement an updated Threat Detection Naming Scheme in the Virus Scan API (VSAPI) Scan Engine to better align with industry standards in regards to the naming convention for malware, threats and other malicious files.
This new naming scheme is designed to provide more relevant threat information to high impact malicious file detections and follows the naming convention recommended by the Computer Antivirus Research Organization (CARO):

 

<Threat Type>.<Platform>.<Malware Family>.<Variant>.<Other Info*>

Details
Public

Example and Breakdown of the New Format

New Malware Naming

 

Threat Type

The Threat Type represents the main threat category that describes the main behavior or classification of the threat is.
For malware:  common threat types include Trojan, Worm, Virus, Ransomware, Coinminer and Backdoor.
For grayware:  common threat types include Adware, Spyware and potentially unwanted applications (PUA). 

 

Platform

Platform refers to the environment in which the threat is designed to execute and covers both software and hardware. This would include Operating Systems: Windows (Win32, Win64), Mac OS, Linux, and Android, as well as programming languages (scripting language) and file formats (Microsoft Word/Excel/PowerPoint).

 

Family

Threats with similar behavior are grouped together and referred to as a Family. Each Family is named based on the behavior it manifests. 

 

Variant

To identify different strains of malware under one family, letters are used in a sequential manner and referred to as the Variant

 

*Other (Optional) Information

This section may be used for other optional information that may provide additional insight for some complex threats. For example, the use of dldr would identify a downloader, which in the following example - Ransom.Win32.Locky.A.dldr - provides information that this threat is a downloader for the Locky Ransomware.

 

Affected Products

This change will apply to all products which utilize Trend Micro's Virus Scanning API (VSAPI) Scan Engine and the following detection patterns:
  • Conventional Virus Scan Pattern
  • Smart Scan Agent Pattern
  • Smart Scan Cloud Query Pattern

 

Phased Implementation

This naming scheme change is planned to be launched in a phased approach. The initial focus will be on customer submitted samples and noteworthy threats, and eventually will encompass all channels including bulk submissions and other sourcing methods.
This change will only apply to new threats moving forward, and this new naming scheme will not be retroactively applied to older detections.  

 

Note for SIEM Users

Although the change will be mostly transparent to users, customers who utilize security information and event management (SIEM) products may need to review, and adjust as necessary, rules or reports that may track and utilize threat names.

 

Further Information

Trend Micro believes that the change will be beneficial for customers, especially those with mixed-vendor environments which require extensive cross-checking of threats. Customers who need more information on this upcoming change are encouraged to contact their authorized Trend Micro technical support representative.
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1119499
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.