When a computer virus infects your computer, you will have to make file changes, critical areas such as the registry or memory sections that spread or damage the computer. By monitoring all file changes, and the memory of certain virus activity patterns, an antivirus program protects your computer. When these known or suspicious patterns are found, the antivirus warns the user before the action is taken. Below is a list of various forms of antivirus detection that your computer can use.
Signature Based Antivirus Software
The most common detection form is heuristic, which uses an algorithm to compare signature of known viruses with the potential threat. The heuristic detection is the most common. Heuristic detection can detect viruses not discovered yet. It can also detect killed or disguised viruses that are released in the wild.
The most popular method for detecting new viruses is heuristic scanning. However, it can also create false positive matches, so an anti-virus scanner can report an infected file. These “false positive elements” are minimal, but not unusual.
Each antiviral scan is equipped with a virus definition file, database or dictionary containing thousands of known virus signatures. These signatures enable a virus program to identify previous viruses that security professionals have analyzed. There are now well over 100,000 known signatures of viruses which can be used for comparison.
Signature detection is a great way to prevent viruses that have been known before and the best way to detect them without a false warning. However, signature-based detection is not possible until new virus information is updated to the definition file.
The antivirus analyzes the behavior of programs on the computer if a virus goes beyond the above detection. The antivirus can trigger a warning if a program begins performing strange actions. Some of the weird actions or behaviours, for which antivirus monitoring is listed below.
- Change of other programs ‘ settings.
- Douzens of files are edited or deleted.
- Keystrokes monitoring.
- Connecting to computers remotely.
Behavioral detection is a useful way to locate viruses or other malware that attempts to steal or log data. Today, however, many programs need to report to an online server or log keystrokes in order to prevent online cheating that can lead to false warnings.
Some antivirus programs can also use a sandbox detection that creates an emulated environment to run and analyze their behaviour. If the program appears to perform destructive or abnormal behavior when executed in the emulated environment, the antivirus warns the user before running the program on the computer.
Cloud Antivirus Detection
Cloud antivirus detection uses a computer client to gather information and then upload to a cloud server and process it. Your computer is spared additional processing by running all detections on the server. Antivirus cloud requires an Internet connection.
Finally, a full system scan or a single file scan is a manual step that a user can take to scan all of the files on the computer. To execute this type of scan, open the anti-virus program and select an option to perform a complete system scan or right-click on a scan file and choose the file scan option.
If an antivirus program is running on your computer and monitoring changes, no full scan should be required. However, it is not a bad idea to run a full scan when your computer acts suspicious or a new antivirus scanner is installed. Bear in mind that since almost all files are examined during a full-system scan, it takes between 20 minutes and several hours for these scans to be completed.