Which method, or combination of methods, does Avast use for detecting malware (e.g. behavior-based, virus database, etc.)? I’ve used it for several years, and I’d like to know which methods it uses to detect malware. I know some bleeding-edge scanners advertise the use of behavior-based scanning, and I know that sandboxing is also something that’s often advertised.

I’d like as many details as possible. I’d like to know why I’ve been recommending Avast, and if it was a good decision.

Thanks.

As currently things stand, avast! employs these technologies to counter malware. It is possible I’ve missed something, but in general, I think I’ve got them all listed.

• Traditional signature (Local, mostly current relevant malware)
• Traditional signature (Cloud, mostly super brand new and very old malware signatures)
• Local file heuristics and generic detection ([Heur] and -gen)
• Cloud file heuristics (Evo-Gen, FileRepMalware)
• Cloud reputation (FileRep, FileRepMalware)
• Local behavior (DeepScreen)
• Cloud behavior (CyberCapture)
• HIPS (basic and very underdeveloped)
• Generic blocking of online malware (URL:Mal which can cover online polymorphic variants spawned on same URL address)

With recent AVG acquisition, avast! will hopefully also gain:

• extended cloud resources (signature and behavioral)
• real local behavior analyzer
• proactive online exploits prevention

and you find more/additional info here:
avast FAQ >> https://support.avast.com/support/home
avast blog >> https://blog.avast.com/
google search

Another good resource to read about tech under the hood in avast! is this link:
https://www.avast.com/technology