When a threat is identified, the antivirus typically offers three responses:
: Often called "on-access scanning," the antivirus constantly monitors active files, network traffic, and system calls to block threats as they arrive.
: Suspicious files are run in an isolated virtual environment (a "sandbox") to safely observe their behavior without risking the main system. How Does Antivirus Software Work? – AZMATH
: This method looks for suspicious code structures or characteristics shared with known malware. It helps identify new variants or "polymorphic" viruses that have altered their code to avoid signature detection.
: This is the traditional method where the software compares file code patterns (signatures) against a database of known threats. It is highly effective for established malware but cannot detect "zero-day" threats that haven't been cataloged yet. When a threat is identified, the antivirus typically
: Completely deleting the malicious file or application from the device. What Is Antivirus Software? - Sophos
: Moving the file to a secure, hidden folder where it cannot execute or interact with the system. It helps identify new variants or "polymorphic" viruses
: AI algorithms are trained on massive datasets to distinguish between "good" and "malicious" code patterns, allowing for better detection of brand-new malware families. Responding to Threats