How Does Antivirus Software Work to Detect Viruses?

Frank  — November 1, 2018  ·  Read user reviews

Computers and smart devices today are filled with vulnerabilities, which makes sense to question how antivirus software works. It’s hard to go a full day without hearing of another company going through a major data breach, and most of us have at least one friend who has gotten a computer virus.

With so many cybersecurity threats out there, how can you be sure your data is protected? As you probably know, antivirus software and firewalls are some of the best security tools you can use to protect yourself. If you don’t have a reliable antivirus software on your computer, don’t hesitate to purchase one.

How do you know if your antivirus software is working? And how exactly is a computer virus detected by antivirus software? Before we jump into the details of how antivirus software works, let’s consider why antivirus software companies are constantly improving their detection processes.

Why Good Detection Is so Important

An antivirus software is only as good as it’s virus detection. It does you absolutely no good paying $50 a year for protection that’s letting viruses into your devices as if they were old friends.

Good detection is so important because there are so many new malware and viruses released into the virtual world every single day. In fact, it’s estimated that nearly 1 million new malware threats are released every day.

How can antivirus software keep up? Let’s take a look at the ways your antivirus software detects malware and viruses and keeps them away from your computer.

Antivirus Software: The Pro Scanner.

Before we get into the specifics, it’s important to understand a general sense of how antivirus software works. Instead of going out to the web and hunting for viruses, your antivirus software only works on scanning your computer. It monitors incoming and outgoing files to ensure they’re safe before letting them touch anything on your computer. Then, if it identifies a threat, it moves in for the kill and eliminates the malware altogether.

Scanning sounds simple enough, but there are different ways of scanning your computer. This is necessary to protect against both old and new threats alike.

Here are the most common ways a computer virus is detected by an antivirus software:

Conventional Scans:

This is where antivirus software started out, and it continues to be the standard method of scanning today. With conventional scans, your antivirus software scans all the contents on your computer, including its disks and files. It’s looking specifically for any code that contains known virus data.

Historically, when there were only a few viruses floating around the web, this was enough to protect most computers. Unfortunately, with the advent of so many new viruses every day, antivirus software needed to evolve. It still performs these conventional scans, but it has to combine the method with other types of scans.

Change Detection Scans:

 An executable (.EXE) is a file that your computer runs to perform a certain task. Change detection scans monitor executables as they come on to your computer and then periodically in the future to ensure they aren’t changing when you’re not looking.


This method of detecting viruses mimics change detection scans, except for all the directories on your computer. The inoculation method periodically scans all your directories to identify changes that have been made without your permission. If changes are detected, it locates the virus and quarantines it for you.


One of the new features of antivirus software is called sandboxing. In the tech world, a sandbox is a virtual environment that is completely detached from your real computer but looks and acts almost exactly like it.

Antivirus software with sandboxing capability identify threats and put them immediately in the sandbox for further identification. It then runs the file to see if exhibits malicious behavior without actually affecting your computer. If it’s a virus, then the antivirus can eliminate it without any harm done.

Heuristic Scans:

Heuristic scans also examine executables, just like change detection scans. However, instead of monitoring for change, heuristic scanners look for virus specific code within the executable file.

Behavior-based Scans:

Some of the worst viruses are spyware, which runs quietly in the background of your computer. Spyware sends your information to another person, usually through keyloggers.

Behavior-based scanners run in the background as well, watching and evaluating all the commands coming and going from your computer. If it identifies any malicious behavior, like information being sent or collected without your permission, it narrows down the source and eliminates the spyware.

Data Mining:

Data mining is a relatively new technique used by antivirus software to detect computer viruses. Many antivirus software struggles to detect new threats, especially on the day they’re released. Data mining gathers information from a program or file it is monitoring and compares that information to know data collected from viruses. It can then determine if the program or file is a threat based on that comparison.


Whitelisting involves the process of manually approving certain applications and downloads as safe. Anything that isn’t whitelisted would be flagged by your antivirus software and quarantined as a virus. This is a simple, yet broad technique to prevent viruses from infecting your computer. This is a process often used by companies to prevent their employees from infecting a secure network with a virus coming from a poor download.

False Positive Prevention:

Many viruses are getting smart enough to trick antivirus software by making the software think the virus is one of the good guys. Your antivirus may start thinking legitimate programs are viruses, which is called a false positive.

False positive prevention helps prevent viruses that act similar to good programs from ever infecting your computer. Many antivirus software companies are actively working on minimizing the number of false positives their software gets regularly.


Now that you know how viruses are detected by antivirus software, do yourself a favor and check out the best antivirus software available. As the old saying goes, “An ounce of prevention is worth a pound of cure.”