Computer Viruses
Downloader Viruses
Anti-Virus Software

How does anti-malware scanners work?

Top Answer
User Avatar
Wiki User
2009-12-29 20:49:02
2009-12-29 20:49:02

Antimalware scanners used to use signature databases to see if your computer was infected... When the program was run it would check to see if certain conditions where true (for example: new registry keys, files / folders) and if they where it would show the infection that made those changes. The process of finding new infection, creating signatures and publishing them took to long, new viruses where being made while they where still trying to detect and remove the old ones! Today, antimalware scanners use behavior based or heuristic (bloodhound) detection tools, they are like watchdogs... Looking for common changes made by malware, when sensitive settings are modified by a program the user is notified. It is now common to see a malware scanner that has both signature and behavior based, for maximum prevention and removal.


--Behavior based scanners are good mainly for prevention

--Signature based scanners are good mainly for removal of threats.

--Maximum protection is achived when both methods are combined

Related Questions

User Avatar

Yes if you have a usb cord

User Avatar

Malwarebytes Antimalware 100% compatible with Norton Antivirus & NIS2011, NIS2012 (This tell NIS Support & Antimalwarebytes forum). I have NIS 2012 & Malwarebytes Antimalware in system (WIN XP PRO SP3 with all updates). Compatibility is for free & Pro versions Malwarebytes Antimalware (last 2 versions).

User Avatar

There are 3 types of scanners currently being sold on the market. These scanners are photo scanners, paper fed scanners, and hand held scanners.

User Avatar

To the best of my knowledge, all regular scanners can work as a photo scanner. However, if you are into photography, a specifically designed photo scanner may be best for you.

Copyright © 2020 Multiply Media, LLC. All Rights Reserved. The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply.