This chapter describes different antivirus (AV) technologies and how they work. AV scanners try to watch everything that is going on around them, look out for suspicious behavior, and attempt to intercede when they think something bad is happening or about to happen. AV scanners look for certain patterns and behaviors, and they leap into action when a suspect crosses a predetermined threshold of
... [Show full abstract] acceptability. The AV engine and its signature database work in concert to prevent and detect malware trying to enter a system. The engine generally provides a library of commonly used functions. AV scanners can be installed on the desktop or on servers. Each strategy has its advantages and disadvantages. If an organization's computer security policy allows unrestricted use of thumb drives, floppies, and compact disks, then AV scanners are deployed to the desktop. A server-based AV scanner can be configured to send alerts to administrators when suspected malware is detected. Like the desktop-based scanners, the response to malware detection can be predetermined.