Antivirus software protects your computer from online attacks using a variety of methods. One key way is on-access scanning. This feature will give files a once-over to see if there's any malware hidden inside before you attempt to open an executable file (a file that can make changes to your computer). If the file is safe, it will open automatically. If not, the file won't open and you'll be alerted that a risk has been prevented.
This typically uses one of two methods to protect your computer – sandbox testing or heuristics – though some programs will use a combination of both.
Sandbox testing emulates the instructions within a file in a controlled environment that cannot impact your computer, to see how it reacts. If the file has instructions that could be potentially harmful, it will be flagged and prevented from opening. This method usually takes longer, as the file must be tested before it's determined to be acceptable or not.
A heuristic approach to virus detection involves conducting rigorous checks to determine the likelihood that a file could be dangerous to your computer, such as investigating the sender, the destination, and the intent of the file.
Antivirus software updates frequently to add to a pre-existing list of known viruses and their behaviours. By logging the way new viruses behave as they encounter them, antivirus software can avoid flagging many 'false positives' – safe programs and applications that are mistaken for malicious ones.