Avira Scan Engines

Avira’s scan engines utilize the most advanced machine learning, heuristics and generics. They identify and block malicious code from infiltrating and infecting clients, devices, networks and systems.

Learn more

Scan Engine Technology


For over three decades, Avira has led the  development of anti-malware technologies. Today, that technology is embedded within the security solutions of many of the world’s leading security companies.

We understand that there is no one technology that can protect against the broad threat landscape that threatens consumers and businesses alike.

Consequently, our scan engines now utilize the most advanced machine learning, heuristics and generics to identify and block malicious code from infiltrating networks and executing on devices. They are available within our Anti-malware SDKs, our ICAP Proxy Security Solution, and in the NightVisionTM Virtual Appliance.


Within any Avira scan engine lies an intelligent detection system. It leverages code anomalies and structure analysis, supported by the most advanced machine learning systems. This approach enables our scan engines to deliver performance that far exceeds other engines, covering a greater spectrum of malware than classic signatures while achieving the industry’s lowest false positive rate.

This advanced design ensures Avira’s scan engines deliver performance and detection; they start up to 70% faster and operate in up to 75% less memory space than competing solutions. It achieves this without compromise, delivering award-winning detection rates.


Threat intelligence and scan engines

World-class threat intelligence is at the core of any detection system, and lies at the heart of Avira's scan engine technology. No matter what form malware takes, no matter where it is found, outbreaks are identified by Avira’s global sensor network. As we protect our technology partners and our customers we see the threats they see. We take this data, and within the Avira Protection Cloud, develop it into valuable threat intelligence using sophisticated file and behavior analysis engines and NightVisionTM AI.

Our scan engines and virtual machines consume this intelligence in the form of machine learning models, heuristics and generics.  


Detecting the undetectable

On local scan engines, Avira’s MicroVisionTM and AndroidVisionTM machine learning applies powerful analytical rules to develop a risk profile for unknown files. They protect the device from previously unseen malware.

For online environments – in clients, network devices (e.g. firewalls and gateways), and cloud security services - Avira’s scan engines benefit from the almost unlimited cloud computing power of the Avira Protection Cloud. Within this cloud security service, Avira’s third generation NightVisionTM AI uses machine learning to identify and protect against completely new and emerging forms of malicious code.



Not every network or system can share suspicious files with a cloud security service (such as the Avira Protection Cloud) for analysis. Client devices may not be connected to the internet, or files may contain highly private or classified information. In these cases, the scan engine can be deployed in offline mode, relying on regular updates from the Avira Protection Cloud. Alternatively, it can be deployed disconnected from the internet within a secure virtual appliance; the NightVisionTM Virtual Appliance.


Advanced features

Avira’s anti-malware SDKs form a flexible chassis into which elements such as the Avira scan engine fit. Other advanced features include a File Unpacker (which is also available as a separate SDK), On-Access scanning and Avira’s industry leading, False Positive control system.

The On-Access module is a real-time scanning extension that performs automatic scanning of files accessed or executed at the operating system level. On-Access adds an additional layer of security by allowing scanning decisions to be made before other processes and prior to operating-system execution. It is fully configurable and offers multiple filtering capabilities, including inspection of file- access and file execution events. 

False positives are a fact of life when you are looking to prevent new and emerging malware. The more efficiently they are controlled, the less disruptive they are to business. Avira's unique False Positive Control ensures exceptional false positive detections are identified in real-time and are prevented from impacting the performance of security systems. It is a no-cost option that can be enabled within many of Avira’s scan engine implementations, including the ICAP Proxy Security system.


Protecting the smart home

Avira's SafeThings allows service providers and router manufacturers to protect customers' smart homes from IoT threats.

Learn more

AI and machine learning

Machine learning on the endpoint and in the cloud is one of the core technologies we use to protect people in the connected world.

Learn more

Avira Protection Cloud

At the heart of Avira's anti-malware and threat intelligence systems lies the Avira Protection Cloud.

Learn more

Avira scan technology

Find out how Avira’s scan engines utilize the most advanced machine learning, heuristics and generics. 

Learn more

Data protection 

Understanding how to protect customer data, and build a licensing model is an important part of a technology partnership.

Learn more


Avira’s Insights Blog

News, views and insights from Avira experts on current issues in the cyber-security industry.

Let's have a chat about how we can offer you a tailored solution...

Build your own security systems with our anti-malware SDKs, and enhance your threat intelligence.

Contact us