Which technology detects malware by analyzing behavior patterns rather than signatures?

Behavior-based malware detection looks at what software does, not just what it is. Heuristic scanners evaluate code structure and runtime actions to flag suspicious patterns, enabling detection of new or modified malware that doesn’t match a known signature. This means they can catch threats that haven’t been seen before, such as programs that perform unusual file activity, abnormal process creation, or unexpected network behavior. While this approach is powerful, it can sometimes flag legitimate software as risky and may require extra analysis to confirm threats. The other options refer to security concepts or tools that aren’t about analyzing behavior to identify malware—zero-trust is a access-control model, data control is about preventing data loss, and APTs describe sophisticated threat types rather than a detection method.