NGAV - What it is, how it works, and why it beats legacy AV

NGAV (Next-Generation Antivirus)

What it is

NGAV is a modern security app that stops threats by watching behavior, not just matching virus signatures. It uses heuristics, ML models, and attack-technique rules to block ransomware, fileless attacks, and zero-days. For a deeper look, see our NGAV explainer.

Why it matters

Attackers change code faster than signature updates. NGAV focuses on what attacks do - persistence, credential theft, lateral movement - so it can prevent new variants without waiting for a definition.

How it works - quick tour

  • Behavior analytics - flags risky actions like code injection or privilege abuse

  • Machine learning - models score files, scripts, and process chains

  • Exploit and script control - tames PowerShell, Office macros, LOLBins

  • Cloud intelligence - shares indicators to improve protection globally

Where it fits

  • Replaces or augments legacy AV on endpoints

  • Often paired with EDR/XDR for visibility, hunting, and response

  • Useful for remote and hybrid fleets where patch gaps happen

Quick setup tips

  • Turn on recommended prevention policies and block mode

  • Enforce MFA for console access and lock policy changes to admins

  • Enable auto-updates and cloud lookups

  • Review alerts weekly, tune noise, and quarantine by default

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Antivirus

        What it is An antivirus (AV) is a security app that spots and stops malicious software before it wrecks your day. It can watch in real time, scan on demand, and help undo changes after an attack. For a deeper dive, see our antivirus guide Antivirus ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • FakeAV (Fake Antivirus)

        What it is FakeAV is scareware that pretends to be antivirus. It fakes “deep scans,” invents dozens of threats, and pressures you to pay for a bogus cleanup—or it quietly installs more malware. Learn the telltale signs in our FakeAV explainer. What ...

      • Security Software

        What it is Security software is a set of apps and services that protect your devices and data from hackers, malware, and mistakes. It covers tools like antivirus/anti-malware, firewalls, VPNs, email and web filters, intrusion detection/prevention, ...