Technology page

Malware detection and blocking

To protect users, Avast detects and immediately reports any suspicious files or behavior. This state-of-the-art infrastructure and access to an immense amount of security data gathered from hundreds of millions of devices around the globe gives us the largest, most advanced threat-detection network in the world, and lets us provide unrivaled zero-day protection.

Automatic threat detection and malware eradication

How do we protect hundreds of millions of people every day? Our cutting-edge technology transforms our users into a worldwide network of cooperating sensors. If any one of them encounters malware, Avast uses 6 layers of protection to identify, block and inform the entire network in a matter of seconds.

Multi-layered protection against malware and cyberattacks

When malware targets a user’s device, we use 6 layers of deep protection, powered by our unique cloud-based analytics and machine-learning techniques, to keep them safe. Here are more details on how these protective layers defend you and your devices from cyberthreats.

  1. Avast Web Shield

    Processes all traffic coming over HTTP and encrypted HTTPS connections, using URL detection algorithms to protect against phishing as well as full content filtering to stop malware.

  2. Static Scanner

    Analyzes code and binary objects prior to execution, using machine learning and various detection methods, including PE structure analysis, linker analysis, unpacking/de-obfuscation, and similarity, fuzzy, and algorithmic matching. Based on the analysis, our fast and efficient static scanner then characterizes the file as benign or malicious.

  3. Emulators

    Two emulators (one for scripts and one for binary files) protect against zero-day malware and vulnerabilities as well as increasing resilience to malware sample modifications. These provide full emulation of the native computing environment, including a virtual CPU, virtual RAM, and virtual OS together with its subsystems. Features are collected during emulation and malware is then blocked according to our unique rule engine.

  4. Avast DeepScreen

    Utilizing a full virtual machine, on which a cloned version of the user’s OS tests the suspicious files, DeepScreen uses machine learning algorithms to identify similarities with known malware families. The hypervisor-assisted virtual machine connects to the Avast cloud engine to utilize threat intelligence gathered from our entire user base.

    We combine virtualization of suspicious applications and deep instrumentation to see at the high level, as well as at an instruction level, what the examined program is trying to do. Based on an observed behavior model using machine learning algorithms, we are able to identify similarities with known malware families. By peeling off layer by layer with deep dynamic introspection, the generic unpacker component is able to unveil known malware samples that could be hidden in heavily obfuscated and encrypted ones. During this process, our cloud engine utilizes threat intelligence gathered from our entire user base to assess all software samples.

  5. Avast CyberCapture

    Activates automatically, when needed, to prevent the rarest and most sophisticated malware from infiltrating a user’s system. CyberCapture locks down and submits potentially malicious files, including all the associated metadata, to the clean-room environment of our Avast Threat Labs, while informing the user and keeping him engaged throughout the process. Advanced algorithms and Avast’s experts inspect the suspicious files in this most advanced layer of security. CyberCapture analyzes over 20,000 unique files every day.

  6. Behavior Shield

    Monitors the system for suspicious activities while programs are running. Behavior Shield captures unusual behavior on the device (works on both PCs and Android smartphones) such as attempts to terminate the Windows Update or Firewall services, inject system-level processes, or use the camera without user-initiated activity. Once evaluated as malicious, it is able to automatically stop the activity, undo the operation, and quarantine the objects in question.

Explore other technology fields

Stay informed, stay protected

We continuously monitor security issues to protect our hundreds of millions of users from emerging threats. To get the latest product features first and hear about threats from Avast’s Threat Labs experts, visit the Avast blog.