Antivirus (AV)
What is Antivirus (AV)?
Antivirus (AV)Endpoint software that detects and removes malicious files using signature databases, file scanning, and basic heuristics — the historical foundation of endpoint security.
Antivirus (AV) is the historical category of endpoint security software. Pioneered by products like John McAfee's VirusScan (1987), Eugene Kaspersky's AVP, and Bernd Fix's early routines, AV scans files on disk, in memory, and in transit, comparing them to a continually updated signature database and applying simple heuristics. AV agents traditionally hook the Windows filesystem (via mini-filter drivers) and email gateways, quarantining or deleting matches. The model excels against widespread commodity malware but struggles with polymorphic, packed, and fileless threats; AV-Test, AV-Comparatives and MITRE Engenuity evaluations consistently show signature-only engines missing modern attacks. Most vendors have therefore evolved AV into NGAV/EDR platforms with behavioral analytics, while classic AV remains a baseline regulatory and compliance control.
● Examples
- 01
ClamAV scanning incoming email attachments at an SMTP gateway.
- 02
Microsoft Defender Antivirus quarantining a downloaded executable matching a known WannaCry signature.
● Frequently asked questions
What is Antivirus (AV)?
Endpoint software that detects and removes malicious files using signature databases, file scanning, and basic heuristics — the historical foundation of endpoint security. It belongs to the Defense & Operations category of cybersecurity.
What does Antivirus (AV) mean?
Endpoint software that detects and removes malicious files using signature databases, file scanning, and basic heuristics — the historical foundation of endpoint security.
How does Antivirus (AV) work?
Antivirus (AV) is the historical category of endpoint security software. Pioneered by products like John McAfee's VirusScan (1987), Eugene Kaspersky's AVP, and Bernd Fix's early routines, AV scans files on disk, in memory, and in transit, comparing them to a continually updated signature database and applying simple heuristics. AV agents traditionally hook the Windows filesystem (via mini-filter drivers) and email gateways, quarantining or deleting matches. The model excels against widespread commodity malware but struggles with polymorphic, packed, and fileless threats; AV-Test, AV-Comparatives and MITRE Engenuity evaluations consistently show signature-only engines missing modern attacks. Most vendors have therefore evolved AV into NGAV/EDR platforms with behavioral analytics, while classic AV remains a baseline regulatory and compliance control.
How do you defend against Antivirus (AV)?
Defences for Antivirus (AV) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Antivirus (AV)?
Common alternative names include: AV, Anti-virus, Signature-based antivirus.
● Related terms
- defense-ops№ 725
Next-Generation Antivirus (NGAV)
Endpoint protection that augments signature scanning with machine-learning models, behavioral analytics, and exploit prevention to stop unknown and fileless threats.
- network-security№ 1043
Signature-Based Detection
A detection method that compares observed traffic, files, or behaviour against a database of known-bad patterns (signatures) to flag malicious activity.
- defense-ops№ 371
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
- malware№ 649
Malware
Any software intentionally designed to disrupt, damage, or gain unauthorized access to computers, networks, or data.
- malware№ 206
Computer Virus
Malicious code that inserts copies of itself into other programs or files and executes when the host is run.
- defense-ops№ 892
Quarantine (Endpoint)
An endpoint security action that moves a suspected-malicious file out of its original location into a controlled, neutered store so it cannot execute but can still be analyzed or restored.