21 Messages

 • 

296 Points

Sun, May 17, 2020 10:58 PM

Trend Micro threat cleanup us unsatisfactory

Before you offer me remote support, I would like mention that I don't really have an issue. I have simulated the problem myself and know very well how to fix it. I would however, speak to an engineer if necessary, to better explain the problem.

I downloaded malware which is known to Trend Micro and disabled the protection for a reason. To see how Trend Micro handles malware removal. I saved the malware on my desktop.

Then, without executing the malware, I created couple of registry keys and entries. One of them was an entry in "run", which simulates autorun malware.

The other one was a key under CurrentControlSet\Services, which registers the malware as a service.

Next, I went to task scheduler and created a scheduled task that would execute the piece of malware daily.

I repeat, I have not executed the malware, I have simulated few actions that it would have done.

To test the removal capabilities of the product I ran a scan. Trend Micro removed the malicious file, but it did not delete the autorun entry, the service or the scheduled task. Absolutely all antiviruses I have tested before, except Panda have all deleted this "junk". This makes me doubt the overall removal capabilities of Trend Micro. It seems to be having quite a lot of templates and patterns that deal with threat tracing, damage cleanup and reverse, etc... These components should be able to delete registry entries pointing to malicious files. They should also be able to delete any scheduled tasks. I can not recommend this product anymore as it seems like absolute basics have not been done right.