Protection and Detection Used by Antivirus Programs
Antivirus Protection: Real-time Shield against Malware
The first and most important task of an antivirus program is to protect, prevent, or block any malicious activity in your computer or home and office network in real-time. The real-time protection should trigger an alert or provide automatic action whenever a suspected or positively identified malware activity is detected. By default, most antivirus programs will quarantine a possibly infected file before removing it. When it finished quarantining a copy, the antivirus program will start disinfecting or removing the malware. Most antivirus programs will only monitor some critical areas in your computer. However, it is recommended to set up an antivirus program to monitor all files, file extensions, and file formats. This is suggested because there are incidents already where malware has distributed and disguised itself using a file extension that is not often monitored by malware scanners.
Many AV programs are using cloud protection. Examples are F-Secure’s browser protection, PrevX, Norton, ThreatFire, Panda, etc. Even web browsers with fraud and malware protection are using cloud-based detection to prevent downloading of unsafe files and keep known malware URLs from loading. Cloud protection by an antivirus program is the process of checking the URL or file against the database on the antivirus vendor's server. If the URL or file is known on their server as unwanted or not safe, the user will receive automatic protection with a warning that the URL has been blocked, even without a detection signature on the user's system yet.
Antivirus Detection: Manual Malware Scanner
Another component of an AV program is the detection of malware during a manual or scheduled scan. The on-demand scan engine of antivirus program works differently from its on-access engine. The manual malware scanner will scan every single area, including files, folders, and running processes.