How Antivirus Works

Antivirus software scans a file, program, or an application and compares a specific set of code with information stored in its database. If it finds code that is identical or similar to a piece of known malware in the database, that code is considered malware and is quarantined or removed.

Traditional detection-based antivirus products have had a strong hold on the security market for years. However, recently, due to an exponential rise in cybercrime and malware, these traditional antiviruses have been rendered ineffective against many emerging threats. Today, hackers are better equipped than many cybersecurity companies, with their own quality analysis labs and penetration tools to verify if their new malware samples are being detected with bootleg multi-engine scanning sites. If identified, hackers modify the code and perform the same test until the malware goes undetected.

As the saying goes, "Necessity is the Mother of Invention." The need to stay safe online prompted the evolution of some antivirus solutions, which can prevent the execution of malicious code.


Got more than 1 PC? Get 3 Licenses for $39.99

how antivirus works

How does a traditional antivirus identify a virus?

All the executable programs that pass through the system go through an antivirus scan. They then undergo a comparison test with the blacklisted signatures. If they appear to be the same as a blacklisted one, then they are considered to be a malware file. The other program files are then processed through Defense+ HIPS (Host Intrusion Prevention System) – this permits only the known files while the unknown files that look suspicious are moved into a restricted virtual environment. The identified good files are documented in the Whitelist, while the suspicious files will be quarantined in the Sandboxed environment. 

Features of Antivirus Software

Background Scanning - Antivirus software helps to scan all the applications, files and programs that are opened from the backend. This process is called an on-access scanning.  This ensures real-time protection, giving complete computer protection from threats and other malware attacks.

Complete System Scans -  Full system scans are by and large not really vital when you have an on-access scanning system in hand. Full system scans become indispensable when an antivirus software is installed for the first time or if the antivirus software is not updated with new virus definitions recently. This is done to ensure that there are no malware infections hiding behind the codes on the system. Full framework checks are additionally valuable when you repair your contaminated PC.

Virus Definitions -  Antivirus software functions based on the virus definitions to recognize if the file/program is  genuine or malware intended. That is the main reason to archive on the new virus definitions. The virus definitions stashes the signatures of any viruses that as been categorized as infectious in the wild. In the event that the antivirus software checks any application or file and that it finds the document infected by a malware that looks similar to the malware in the malware definition, then that file or program is stopped from executing and then it is moved into the quarantine. The antivirus software then processes the malware and later sends it to the lab for analysis on the traits and the purpose behind the malware creation.

It is extremely vital and critical for all the antivirus organizations to update the virus definitions with the most recent malware strains in the wild to guarantee PC security, battling even the latest type of malevolent risk.

How traditional antivirus protects the system to get rid of the malware

Each antivirus functions differently based on the set of features they are developed with. Ideally, the following characters and features are essential to help the users stay ahead of threats.

Signature-based detection - This is most basic in any traditional antivirus programming that checks each .EXE document and approves it with the known infections of the database and different sorts of malware. Or, on the other hand, it checks if the obscure executable document malfunctions, which denotes signs of infections.

Documents, programs and applications are generally scanned for viruses when they are being used. Once an executable program is downloaded, it is instantly scanned to check if it is infected with a malware. Antivirus programming can likewise be utilized without on-access scanning techniques. However, it is prudent to constantly deploy on-access scanning method as it becomes a challenge to eliminate any viruses once they infect the system.

Heuristic-based detection – The heuristic-based detection generally works better in combination with signature-based detection. Both Hueristic and signature-based detection, when combined, make the antivirus more effective. The Heuristic-based detection has been most used in all the antivirus software. This causes the antivirus programming to recognize new or a variation of an adjusted rendition of malware, even without the most recent infection definitions. Antivirus programs utilize heuristics, by running vulnerable files or applications containing suspicious code , inside an isolated runtime virtual condition. This shields the vulnerable code from contaminating this normal working environment.

  • Behavioural-based recognition
  • Sandbox detection
  • Data mining techniques

Behavioral-based recognition - This type of recognition is utilized as a part of Intrusion Detection component. This is more biased in recognizing the attributes and traits of the malware during the process of execution. This method functions well to identify malware only when there is malicious performance.

Sandbox recognition - It works destined to that of behavioral-based identification strategy. It executes any applications in the virtual condition to track the type of activities it performs. Confirming the activities of the application/program when signed in, the antivirus programming can distinguish if the program is malevolent or not. 

Data mining strategies - This is one of the most recent patterns in recognizing a malware. With an arrangement of the traits of a program, Data mining finds if the file or an application is a malware.

How Comodo Internet Security is different from Traditional Antivirus

Comodo Internet Security offers 360° security against online dangers by consolidating a capable antivirus, an enterprise packet filtering firewall, and host intrusion prevention system called HIPS.

The 'Protected Shopping' highlight enables you to perform web-based banking and shopping without t delicate data like charge card numbers and passwords being followed or stolen. The 'Virtual Desktop' allows you to open applications and sites that you are uncertain of in a safe domain disengaged from whatever is left of your computer. Built-in URL sifting squares malware sites to protect you on the web.

At the point when utilized separately, each of these parts conveys predominant insurance against their particular risk challenge. At the point when utilized together as a full suite, they give an entire 'counteractive action, recognition and cure' security framework for your PC.

Comodo Internet Security offers 360° protection against internal and external threats by combining a powerful antivirus, an enterprise class packet filtering firewall, and an efficient host intrusion prevention system called HIPS.

Each of these components, when used individually, delivers absolute protection and acts perfectly to defend any specific threat challenges. When used all under one roof, the result is more effective, to deliver a 100% protection from malware threats.

Key features of Comodo Internet Security

Antivirus Software

The antivirus software works on a proactive-basis to identify and wipe out infections, worms and other malware instantly . Comodo Internet Security clients are provisioned to drag and drop items to the home screen to run an automatic virus scan.


The firewall is easy to configure and is well defined and developed to defend the inbound and outbound threats.


Approves and authorizes all the files and processes that are run on the clients' system to restrict harmful actions on your computer. Suspicious process and files are sent to the quarantined environment, where they are run to check their performance and activities while they do not tamper with the normal operations of the PCs. 

Host Intrusion Protection System (HIPS)

This is intrusion system that is based on strict norms and rules, where the activities of all applications and files on your system are monitored. HIPS obstructs the malicious activities that would most possibly damage the operating system, system memory, personal data and registry keys.


Oversees and takes control of the process activities running on the system and notifies if there exists any malicious activities that could harm the systems' security. Viruscope indulges in checking the unauthorized activities with the system of behaviors and assists the users to undo them.

Virtual Desktop

The Virtual Desktop is a sandbox working platform within which the user can run projects and surf the Internet with the assurance that those activities will not harm the PC. It also includes a virtual console to defeat key-loggers, which assures that users can safely carry out confidential transactions like online banking.

Secure Shopping

It features security-hardened virtual platform to protect the users while shopping online. It includes remote take security, screenshot blocking, prevent memory scraping, process isolation and instant validation of SSL Certification. 

Website Filtering

The website filtering will protect you from phishing sites. It creates a protocol to restrict users from accessing certain websites.

Rescue Disk

It helps to run an antivirus scan in a pre-Windows/ pre-boot environment. The advanced task section ensures users install Comodo Cleaning Essentials and Killswitch. 

Cloud Backup

Backing up your sensitive data is vital at the time of security breaches. Comodo Secure servers stands as a refuge for secure confidential information. 

Back to TOP