bvasilev

Hello everyone, I am back!

Quick intro (although I am known here), I've established my own business as VAR (almost MSSP) and looking forward to work with TM as well.

I'm willing to join as an affiliate to home products too.

Now for the questions, they will be highly technical.

I've been reading yet again the list of components, engines and even patents Trend Micro owns.

I understand from business products documentation that Trend Micro uses a cloud-based static analysis engine called ATSE (linked to Predictive Machine Learning).

Business documentation states that ATSE scans only files without a favourable repuation.

So:

• Does the same apply to downloads as well, as many products are more aggressive towards downloads?
• Does the same apply when Hypersensitive mode is on? Will Trend Micro call ATSE on all files in this mode?
• Does Hypersensitive mode modify PML confidence levels which range from -1 to 4, again according to documentation? What is the default ATSE aggressiveness level in home products?
• That aggressive scan automatically launched when certain number of threats are found, does it trigger a more aggressive ATSE? Is that where the additional aggressiveness comes from?
• What file types are supported by ATSE, apart from PE and Office Documents?

And now question about behavioural monitoring/policy enforcement, which also seems to be linked to PML in the cloud.

• I see that behavioural monitoring as well, is heavily focused on "untrusted" processes. Is it the same in hypersensitive mode? How will Trend Micro deal with code abuse (signed malware) and LOLBin abuse if signed processes are automatically excluded?

Question about features:

I see that business products now have the capability to scan memory content (not to be confused with getting the images and executables paths from memory and scanning on disk). 

Will this make its way to home products too?

Does Trend Micro now support Intel TDT as well?