How malware protection works


Every day, tens of thousands of people fall victim to virus attacks or fraud on the Internet. To protect AdGuard users from such threats, we have added special filters to the program that protect you from malicious and phishing websites.

At the moment, we have categorized more than 15 million sites, and our filters contain about 1.5 million phishing and malware sites. Just think about it: 10% of all known sites can be dangerous for you! Inexperienced users can easily become victims of fraudsters or hackers. We hope that the use of protection against malicious websites will help you avoid all hazards that you may encounter.

How does a check work?

The method and quality of a check depend on what product you use. If you are using one of our browser extensions, then AdGuard inspects only those pages that you visit. If you are using AdGuard for Windows, Mac, or Android, in addition to the page itself, we check each object loaded on it, giving you the best protection.

AdGuard for Windows, Mac, and Android

We use the protocol Safe Browsing API version 2.2 for our work with filters. This protocol allows us to keep your personal data absolutely safe. Our server knows nothing about the websites that you visit. We use hash prefixes for checks, not the opened URLs.

An approximate algorithm of the functioning of the Browsing Security module is shown in the example of AdGuard for Windows in the picture below.

Functioning algorithm of Browsing Security module

AdGuard Browser extensions

Browser extensions work differently, using the so-called Lookup API to do the check of pages that you visit. Every time you visit any website, a local client exchanges information with our backend server in the form of hashes and hash prefixes. For those who are interested in the process on a deeper level, the link above will be helpful. As a result of that exchange, the local client determines if the website belongs to the database of potentially dangerous websites or not.

We bring to your attention that we never get any information that could allow us to determine which websites you visit and use that data in any way.

An approximate algorithm of the functioning of the Browsing Security module is shown in the picture below.

Functioning algorithm of Browsing Security module in AdGuard browser extensions.

AdGuard filters

Currently, we support the work of two AdGuard filters. One of them is aimed at protecting you against phishing and fraudulent websites. Another protection against malicious websites, visiting which can lead to a virus infection.

Phishing sites filter

Phishing — is a type of online fraud aimed at gaining access to confidential data of users - username and password. If you are interested in this topic, we suggest that you read this article at Wikipedia.

Apart from phishing sites, this filter also contains different fraudulent sites. All kinds of "scams", selling of nonexistent content, and such.

Malicious sites filter

This filter contains links to pages that lead to the execution of malicious code. It can initiate leakage or loss of data or harm the device of a user. It can be authorized (for example, when downloading and running the executable file) or unauthorized (for example, when being attacked with spyware).

How do we fill up our filters?

Our filters are constantly filled with new addresses. Since most of the work is automated, you can be sure that new malware and phishing addresses fall into our database as quickly as possible.

AdGuard Browsing Security Community

An important tool for maintaining the highest level of filtering is a mechanism: AdGuard Browsing Security Community. Any user of our products - be it AdGuard for Windows or browser extension - can become a member of the community and help us in the making of AdGuard filters.

In the picture below we described an algorithm of Browsing Security Community work:

The way AdGuard Browsing Security Community works

Want to help?

We will gladly accept any help! If you want to send us a complaint about a phishing or malware site, you can do it via technical support, or on our Forum.

False-positive responses

Occasionally, some websites that are not dangerous fall into AdGuard's filters. We tried to reduce the percentage of false-positives, but, nevertheless, they occur. If you come across this behavior from AdGuard, please send us a complaint about the false-positive alarm. You can submit such complaints via our technical support or on our Forum.