How Malware Filtering Works

12 Mar 2020 IT Services

If your computer ends up getting infected with malware, all sorts of issues could happen. It could slow down or even stop working completely. In some cases, the malware could steal data and other confidential information, putting your privacy at risk. It is for those reasons that malware filtering or malware protection was created. So, how does malware filtering work exactly? Here, at EC Managed IT, they offer malware filtering as one of their services alongside other IT services to deal with your issue.

How Malware Filtering or Protection Works

There are four different methods that anti-malware programs use to filter malware in your computer system.


Most anti-malware programs use a database called malware definitions that will tell the program how to recognize any malware and its effects. If a program detects a file with the same definition, it will get flagged as potential malware.


There is also another method regarding how an anti-malware program can detect malware—through the form of analysis known as heuristics. This type of analysis allows anti-malware software to detect potential malware that was not detected before. Compared to definitions, heuristics can identify potential malware through its behaviour. For example, if a program you installed on your computer is set to remove important files in your computer system, then your anti-malware program will consider it as malware since a legitimate application does not behave like it. The problem with heuristics, however, is that it can sometimes flag legitimate programs as malware even though they are not—a condition known as “false positives”.


This method is pretty straightforward. Instead of just flagging potential malware, it will instead remove it from the system. This means that any malware that is detected in your system will be automatically deleted as soon as it is detected. Unfortunately, some malware will only cause even further damage to your computer once removed. In that case, your anti-malware program will instead quarantine the file in your computer’s storage, preventing it from causing any damage. In the quarantine, the malicious file will not be able to inflict any damage to your computer and you will be able to remove it manually.


Lastly, there is the sandboxing method in which a malicious program is run on a sandbox. The sandbox will trick the malicious program into thinking that it was able to access the entire system when it is actually running within an enclosed space while being monitored for its behaviour. If the program shows malicious behaviour, it will then be deleted by the anti-malware program; however, some types of malware can detect if they are running in a sandbox or not. As such, they will not demonstrate any form of malicious behaviour until they are freed from the sandbox.

If you need malware protection for your system, contact EC Managed IT at 604-888-7904 or by requesting a consultation online so they can help you right away.