How malware protection works

Introduction

Every day tens of thousands of people fall victims to virus attacks or fraud on the Internet. To protect AdGuard users from such threats, we have added special filters to the program, that protect you from malicious and phishing websites.

At the moment we have categorized more than 15 million sites, and our filters contain about 1.5 million phishing and malware sites. Just think about it: 10% of all known sites can be dangerous for you! Inexperienced user can easily become a victim of fraudsters or hackers. We hope that the use of protection against malicious websites will help you avoid all hazards that you may encounter.

How does a check work?

Methods and quality of malware checks vary among different AdGuard products. The AdGuard browser extensions check only the pages you visit. But AdGuard for Windows, Mac, or Android, in addition to that, also inspects every object loaded on the page, thus giving you the best possible protection.

AdGuard for Windows, Mac, or Android

We use the protocol Safe Browsing API version 2.2 for the work with our filters. This protocol allows us to keep your personal data absolutely safe. Our server knows nothing about the websites that you visit. We use hash prefixes for checks, not the opened URLs.

An approximate algorithm of the Browsing Security module functioning is shown in the picture below.

Functioning algorithm of Browsing Security module in AdGuard for Windows.

AdGuard browser extensions

AdGuard browser extensions work differently, using the so-called Lookup API to check the web pages you visit. Every time you visit a website, the local client exchanges information with our backend server in the form of hashes and hash prefixes. For those interested in the process on a deeper level, the link above will be helpful. As a result of that exchange, the local client determines if the website belongs to a blocklist.

We bring to your attention that we never get any information that could allow us to determine which websites you visit and use that data in any way.

An approximate algorithm of the Browsing Security module functioning is shown in the picture below.

Functioning algorithm of Browsing Security module in AdGuard browser extensions.

AdGuard filters

Currently we support the work of two AdGuard filters. One of them is aimed at protecting you against phishing and fraudulent websites. Another at protection against malicious websites, visiting of which can lead to virus infection.

Phishing sites filter

Phishing — is a type of online fraud aimed at gaining access to confidential data of users - username and password. If you are interested in this topic, we suggest that you read this article at Wikipedia.

Apart from phishing sites, this filter also contains different fraudulent sites. All kinds of "scam", selling of nonexistent content, and such.

Malicious sites filter

This filter contains links to pages that lead to the execution of malicious code. It can initiate leakage or loss of data or harm the device of a user. It can be authorized (for example, when downloading and running the executable file) or unauthorized (for example, when being attacked with spyware).

How do we fill up our filters?

Our filters are constantly filled up with new addresses. Since most of the work is automated, you can be sure that new malware and phishing addresses fall into our database as quickly as possible.

AdGuard Browsing Security Community

An important tool for maintaining the highest level of filtering is a mechanism: AdGuard Browsing Security Community. Any user of our products - be it AdGuard for Windows or browser extension - can become a member of the community and help us in making of AdGuard filters.

In the picture below we described an algorithm of Browsing Security Community work:

The way AdGuard Browsing Security Community works

Want to help?

We will gladly accept any help! If you want to send us a complaint to a phishing or malware site, you can do it via technical support, or on our Forum.

False-positive responses

Occasionally some websites that are not dangerous fall into AdGuard filters. We tried to reduce the percentage of false-positives, but, nevertheless, they can occur. If you come across this behavior of AdGuard, please send us a complaint against the false-positive alarm. You can submit such complaints via our technical support or on our Forum.