Which protection defends against malware and virus threats?

Protecting against malware and viruses is the job of antivirus protection. It actively scans files and programs for malicious software, using a database of known malware signatures and, increasingly, heuristic and behavior-based detection to catch new or unknown threats. Real-time protection checks downloads, email attachments, and executing programs, blocking or quarantining anything that looks suspicious and removing it if possible. Regular signature updates and cloud-based reputation help keep the defenses current against the latest threats, making antivirus the most direct defense against malware and viruses on endpoints. Firewalls focus on the network side—blocking unauthorized connections and managing traffic between the device and other networks. They don’t routinely inspect every file or detect malicious software already on the system in the way antivirus software does. User audit logs record what happened for auditing and investigation but don’t stop malware from running or spreading. File extensions are a very weak defense, since malware can masquerade as safe file types or change extensions to slip past simple checks.