Introduction
For over three decades, Avira has led the development of anti-malware technologies. Today, that technology is embedded within the security solutions of many of the world’s leading security companies.
We understand that there is no one technology that can protect against the broad threat landscape that threatens consumers and businesses alike.
Consequently, our scan engines now utilize advanced machine learning, heuristics and generics to identify and block malicious code from infiltrating networks and executing on devices. They are available within our Anti-malware SDKs, and our ICAP Proxy Security Solution.
Architecture
Within any Avira scan engine lies an intelligent detection system. It leverages code anomalies and structure analysis, supported by advanced machine learning systems. This approach enables our scan engines to deliver performance that can exceed other engines, cover a greater spectrum of malware than classic signatures, and all while achieving some the industry’s lowest false positive rate.
This advanced design ensures Avira scan engines deliver performance and detection; they start faster and operate in less memory space than competing solutions.
Threat intelligence and scan engines
World-class threat intelligence is at the core of any detection system, and lies at the heart of the Avira scan engine technology. No matter what form malware takes, no matter where it is found, outbreaks can be identified by the Avira global sensor network. As we protect our technology partners and our customers we see the threats they see. We take this data, and within the Avira Protection Cloud, develop it into valuable threat intelligence using sophisticated file and behavior analysis engines and NightVisionTM AI.
Our scan engines and virtual machines consume this intelligence in the form of machine learning models, heuristics and generics.
Detecting the undetectable
On local scan engines, our MicroVisionTM and AndroidVisionTM machine learning systems apply powerful analytical rules to develop a risk profile for unknown files. They help protect the device from previously unseen malware.
For online environments – in clients, network devices (e.g. firewalls and gateways), and cloud security services - our scan engines benefit from the cloud computing power of the Avira Protection Cloud. Within this cloud security service, our NightVisionTM AI uses machine learning to identify and protect against completely new and emerging forms of malicious code.
Not every network or system can share suspicious files with a cloud security service (such as the Avira Protection Cloud) for analysis. Client devices may not be connected to the internet, or files may contain highly private or classified information. In these cases, the scan engine can be deployed in offline mode, yet still benefit from regular system updates from the Avira Protection Cloud.
Advanced features
Avira anti-malware SDKs form a flexible chassis into which elements such as the Avira scan engine fit. Other advanced features can include (depending on the SDK), quarantine & remediation, an enhanced firewall that adds application layer filtering, and behavioral analysis to help detect plymorphic and Zero-day cyberthreats.
False Positive Detection
False positives are a fact of life when you are looking to prevent new and emerging malware. The more efficiently they are controlled, the less disruptive they are to business. Avira's unique False Positive Control ensures exceptional false positive detections are identified in real-time and are prevented from impacting the performance of security systems. It is a no-cost option that can be enabled within many of Avira’s scan engine implementations, including the ICAP Proxy Security system.