Advanced Malware Protection (AMP)

Antivirus protection software is designed to prevent, detect, and help remove threats from computer systems. These threats take the form of software viruses and other malware such as ransomware, worms, Trojans, and adware.

What is a computer virus?

A computer virus is software, loaded onto a computer without the user's knowledge, that performs malicious actions. 

How do computer viruses work?

Once loaded onto a computer system, a virus can self-replicate and insert itself into other programs or files, infecting them in the process. Typically, all viruses are destructive in some manner. Ransomware --one example of malicious software--is designed by adversaries to infect and disable computer systems for the purpose of financial gain.

How do I defend against computer viruses?

Antivirus protection software can help defend against computer viruses. Key tasks it performs to protect against these attacks include:

  • Scanning computer to identify files known to be malicious software, identifying them based on a set of detection patterns.
  • Scheduling scans automatically on a scheduled basis.
  • Scanning specific files or directories or your entire computer.
  • Deleting or working with other security software to remove malicious codes and software.
  • Providing validation that your computer and other devices are free of viruses and are safe to use.
  • Alerting security team when viruses are detected on computers.

Types of antivirus protection

Traditional antivirus protection

Traditional antivirus software relies heavily upon the signature, or binary pattern, of a virus to identify malware. Antivirus security vendors analyze files suspected of containing malware and once it is determined to be malicious, a proper signature of the file is extracted and added to the signatures database for the antivirus software.

Unfortunately, traditional antivirus protection is really only detecting common malware and is mostly ineffective against more modern viruses. Most adversaries (malware authors) stay a step ahead of such software by writing "oligomorphic," "polymorphic," and more recently "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the antivirus database. 

Next-generation antivirus protection

Around 2013, the security industry's focus shifted toward signature-less approaches to antivirus protection. New antivirus capabilities were developed to detect and mitigate zero-day attacks and other, more sophisticated malware. Some of these next-generation capabilities include:

  • Behavior-based malware detection, which builds a full context around every process execution path in real time
  • Machine learning models, which identify patterns that match known malware characteristics and other various forms of artificial intelligence

These more effective methods are found in next-generation, endpoint detection and response (EDR) and--more recently--extended detection and response (XDR) solutions.