Your antivirus software relies on virus definitions to detect malware.
That’s why it automatically downloads new, updated definition files – once a day or even more often.
The definition files contain signatures for viruses and other malware that have been encountered in the wild.
Different antivirus programs have different detection rates, which both virus definitions and heuristics are involved in.
Some antivirus companies may have more effective heuristics and release more virus definitions than their competitors, resulting in a higher detection rate.
Your antivirus software checks the program first, comparing it to known viruses, worms, and other types of malware.
Your antivirus software also does “heuristic” checking, checking programs for types of bad behavior that may indicate a new, unknown virus.
Despite this, false positives are fairly rare in normal use.