Trend Micro's HouseCall detection

Discussion in 'other anti-virus software' started by roger_m, Mar 13, 2014.

Thread Status:
Not open for further replies.
  1. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    In the last few days I've been doing some scanning of malware with Phrozen's excellent VirusTotal Uploader. Files get scanned by both TrendMicro and TrendMicro HouseCall. One thing that has become very apparent, is the detection rate for TrendMicro's HouseCall is a lot better than the detection rates for TrendMicro.

    I am wondering why HouseCall has such better detection rates. For the samples I've tested, the detection rate of HouseCall has been excellent. However, quite a few threats have been detected as "generic trojans," rather than being actually detected by name.
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    In the past, I have seen several cases of HouseCall "false positives" when I uploaded files to virustotal for analysis. In all cases HouseCall showed Malware detection when TrendMicro did not.
     
  3. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    There are quite a few products dependent on the cloud. That's not to disrespect them, because there's no shame in playing to their own strengths.
     
  4. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    After doing more scanning, I have found that the threats which only get detected by HouseCall are detected as generic trojans (i.e. using heuristics).

    So, either HouseCall has stronger heuristics, or the heuristics settings are set higher for HouseCall.
     
  5. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    249
    the difference of trendmicro housecall detection and "trendmicro" engine, on VT,is because Housecall is only a cloud engine, rely's on smart protection network,and HouseCall was designed to scan files in a more detailed way. It has been programmed to have more capabilities that just the normal scan. this results happens because housecall is more sesitivity on detections.

    And the "trendmicro" engine,is the non-cloud engine, that rely's only on signatures. ;)


    (info collected, with my trendmicro contact)
     
    Last edited: Mar 14, 2014
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    Thanks for explaining that. Is there any particular reason why the heuristics are more sensitive on HouseCall? It seems like a bad move to have better detection in the free software vs the paid version. I think the paid version should have the same detection rates.
     
  7. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Maybe they think it would be too FP-prone?
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    But, in that case it would make sense to use the same heuristics in HouseCall. What if someone goes and purchases one of Trend's products, due to its detection rate of HouseCall, only to find out that the detection rate is not as good in the paid product.

    Of course, it would make sense to try out the paid version before buying it, and I would highly recommend against buying any security software without trailing it first. But, I'm sure you get my point.
     
  9. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    249

    Hi sorry for the delay, but i was trying to get more info about this, with trendmicro.So Housecall was programmed as more aggressive one, They have different pattern of detection because Housecall was dedicated to detect in depht processes as compared to Titanium.
    Titanium have a multi layer approach, so technically the virus detect by Housecall, cant pass by titanium multi layer protection.
     
Loading...
Thread Status:
Not open for further replies.