Computer Security Wiki

Adware blocked by real-time protection on Windows Defender

Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, antispyware, and other antimalware programs, which is arguably their most important feature. This monitors computer systems for suspicious activity such as computer viruses , spyware, adware, and other malicious objects in 'real-time', in other words while data is coming into the computer (for example when inserting a CD, opening an email, or browsing the web) or when a file already on the computer is opened or executed, in other words loaded into the computer's active memory.[1] This means all data in files already on the computer is analysed each time that the user attempts to access the files. This can prevent infection by not yet activated malware that entered the computer unrecognised before the antivirus received an update. Real-time protection and its synonyms are used in contrast to the expression "on-demand scan" or similar expressions that mean a user-activated scan of part or all of a computer.

Even free antivirus programs nowadays usually have real-time protection, but it is often only in the pay versions (often called "pro") of other antimalware programs.


Most real-time protection systems hook certain API functions provided by the operating system in order to scan files in real-time. For example, on Microsoft Windows, an antivirus program may hook the CreateProcess API function which executes programs. It can then scan programs which are about to be executed for malicious software. If malicious software is found, the antivirus program can block execution and inform the user.

List of free antivirus programs with real-time protection[]

List of free antispyware programs with real-time protection[]

See also[]