Trend Micro's HouseCall detection

In the last few days I've been doing some scanning of malware with Phrozen's excellent VirusTotal Uploader. Files get scanned by both TrendMicro and TrendMicro HouseCall. One thing that has become very apparent, is the detection rate for TrendMicro's HouseCall is a lot better than the detection rates for TrendMicro.

I am wondering why HouseCall has such better detection rates. For the samples I've tested, the detection rate of HouseCall has been excellent. However, quite a few threats have been detected as "generic trojans," rather than being actually detected by name.

 

In the past, I have seen several cases of HouseCall "false positives" when I uploaded files to virustotal for analysis. In all cases HouseCall showed Malware detection when TrendMicro did not.

 

There are quite a few products dependent on the cloud. That's not to disrespect them, because there's no shame in playing to their own strengths.

 

After doing more scanning, I have found that the threats which only get detected by HouseCall are detected as generic trojans (i.e. using heuristics).

So, either HouseCall has stronger heuristics, or the heuristics settings are set higher for HouseCall.

 

the difference of trendmicro housecall detection and "trendmicro" engine, on VT,is because Housecall is only a cloud engine, rely's on smart protection network,and HouseCall was designed to scan files in a more detailed way. It has been programmed to have more capabilities that just the normal scan. this results happens because housecall is more sesitivity on detections.

And the "trendmicro" engine,is the non-cloud engine, that rely's only on signatures.


(info collected, with my trendmicro contact)

 

Thanks for explaining that. Is there any particular reason why the heuristics are more sensitive on HouseCall? It seems like a bad move to have better detection in the free software vs the paid version. I think the paid version should have the same detection rates.

 

Maybe they think it would be too FP-prone?

 

But, in that case it would make sense to use the same heuristics in HouseCall. What if someone goes and purchases one of Trend's products, due to its detection rate of HouseCall, only to find out that the detection rate is not as good in the paid product.

Of course, it would make sense to try out the paid version before buying it, and I would highly recommend against buying any security software without trailing it first. But, I'm sure you get my point.

 

Hi sorry for the delay, but i was trying to get more info about this, with trendmicro.So Housecall was programmed as more aggressive one, They have different pattern of detection because Housecall was dedicated to detect in depht processes as compared to Titanium.
Titanium have a multi layer approach, so technically the virus detect by Housecall, cant pass by titanium multi layer protection.