Files are first compared to any know variants in a malware database – both the metadata and content of the files are analysed.
Files are tested in an emulator (a virtual computer) where no harm can be done to your computer.
Once the file is running it’s behaviour is assessed using a variety of techniques including Artificial Intelligence algorithms.
Behavioural assessments occur in the native application and in the cloud, but they all work together behind the scenes and in real-time to determine whether a file is malicious.
If the file is determined to be malware, it is quarantined, and AVG’s Crowd Intelligence feature updates all AVG users software.