Trend Micro Detection Re-Evaluation

Requests For Trend Micro For Re-Evaluation Of Security Classification

Software publishers may request Trend Micro to review the classification of their software. From the request to potential software reclassification, a Detection Re-evaluation Review consists of a five-step process:

  • Request for Detection Re-evaluation Review (DRR);
  • Trend Micro review of current classification;
  • Trend Micro request for additional publisher information;
  • DRR recommendation (shared with publisher); and
  • Trend Micro action on DRR recommendation.

Requests for Detection Re-evaluation Reviews receive prompt, thorough, and fair consideration. Software publishers may submit a DRR request at:

Detection Reevaluation Review

Step 1.
    Publisher submits request for Detection Re-evaluation Review (DRR):

  • DRR request form is available at
  • Trend Micro acknowledges receipt of DRR requests and provides contact information for requestors to track review progress.
  • Depending on the nature of each case, this process may take several months. Trend Micro cannot provide a prospective schedule for review completion. However, Trend Micro may, upon request, provide periodic updates of review progress.
Step 2.
    Review of current classification

  • Software classification depends on a number of factors, including but not limited to the following:
    • distribution and installation of the software;
    • advertising opened or displayed by the software;
    • system reconfiguration performed by the software;
    • data collection, transmission, and sharing performed by the software
    • un-installation methods offered or used by the software;
    • other native functionality or behavior that may qualify the software as either “malware” or a “potentially dangerous tool”; or
    • notice, disclosure, choice, and consent practices used during installation of the software.
  • In the course of a DRR, Trend Micro may perform, among other things, any or all of the following:
    • testing of the software;
    • research into the vendor’s web site and other online documents;
    • review of the vendor’s End User License Agreements (EULAs) and Privacy Policies;
    • review of the advertising and marketing used to promote the software online;
    • review of the vendor’s guidelines, requirements, and agreements for affiliates, partners, advertisers, and distributors;
    • review of consumer complaints regarding the software online, including user reports submitted to online support forums;
    • review of write-ups, reports, and other information maintained by other anti-malware companies and industry experts;
    • solicitation of opinions from and consultation with other anti-malware vendors and recognized industry experts; or
    • review of other pertinent information regarding to the vendor, its software, and its business practices.
Step 3.
    Trend Micro may request additional information from the publisher which information is necessary for the reevaluation of the software

  • This may include (but is not limited to) such things as:
    • download links for the software;
    • URLs for web sites hosting the software;
    • copies of or links to online advertising promoting the software;
    • technical explanations of certain features, functionality, or behavior of the software;
    • information regarding current or planned practices of the vendor or developer;
    • information regarding past practices of the vendor/developer or previous versions of the software;
    • clarification of clauses in EULAs or Privacy Policies; or
    • lists of partners, affiliates, and distributors, including URLs and contact information.
  • All responses to such requests must be in writing. Trend Micro may request a teleconference or meeting as part of the DRR process.
Step 4.
    DRR recommendation

  • Issues addressed by DRR recommendations may include but are not limited to:
    • whether or not Trend Micro’s products should continue to detect the software;
    • how the software should be classified (category, threat type, etc);
    • what threat level ought to be assigned to the software;
    • what default action should be presented by Trend Micro’s products to users in scan results;
    • what changes, if any, should be made to the description of the software offered on Trend Micro’s research site and in Trend Micro’s products scan results; or
    • what additional actions, if any, should be taken or considered.
  • Ultimately, the security of Trend Micro’s customers is paramount. All of the foregoing notwithstanding, Trend Micro may include or exclude software from detection based on the assessed needs, preferences, or requirements of its customers.
Step 5.
    Trend Micro action on DRR recommendation classification:

  • Final decisions on DRR recommendations are reached in consultation with relevant Trend Micro departments including product management, legal, and web threat operations.
  • Implementation of agreed to actions may be subject to product and operations cycles associated with detection pattern file updates, detection engine upgrades, and web services change orders. Longer delays may occur if the action requires changes in research and operations policies.
  • Written acknowledgement of the final disposition of DRR recommendations may be made available to the requestor.