top of page
  • Writer's pictureJason D.

A Survey of All Antivirus Engines (100+ and Counting)

Updated: Feb 25, 2021

A brief survey of AntiVirus Engines in production in 2021.

When we first started researching AntiVirus Engines and companies we thought there were a handful of them and that it would be a pretty quick job to make an inventory of all the names, their origins, and general capabilities. Once we got started, we quickly realized how wrong we were!

Did you know? There are over 100 AntiVirus Engines and they are all over the world? Some of them even use the same back end through a licensing arrangement or white label such as the following which are all leveraging the BitDefender engine and signature database internally.

When you are scanning with most of these engines, most likely you will get the exact same scan results because they leverage the same internal system and database!

Kaspersky does something similar for a handful of engines, but to our knowledge it doesn't have anywhere near the same market penetration.

Following are some AntiVirus Engines based on BitDefender:

Tencent - - China

Baidu - - China

Trustport - - Czech Republic

F-Secure - - Finland

Gdata - - Germany

Quickheal - - India

Escan AV [Microworld] - - India

SourceNext - - Japan

Fuva Brain - - Japan

Emsisoft [SpyHunter] - - New Zealand

Arcabit [MKS Vir] - - Poland

SafeNSoft - - Russia

Hauri - - South Korea

ESTSecurity [ALYac] - - South Korea

Nprotect - - South Korea

J2 Global [VIPRE Threatrack] - - United States

TotalDefense - - United States

Ad-Aware [Lavasoft] - - United States

HitmanPro - - United Kingdom Ready for the rest of the list of non-BitDefender AntiVirus Engines? Hang on to your hats because it's quite a doozy.


ReaQta -



VirusBlokAda [VBA32] -


AVware [Bluepex] -

Psafe -


Antiy Labs -

Qihoo-360 -

Kingsoft -,

Jiangmin -

Alibaba -

Huorong -

Czech Republic

Avast -


Bullguard -


Trapmine -


Fortinet -

Tehtris [Egambit] -

Quarkslab -


Avira -

Inlyse -

Wardwiz -


K7 Antivirus -

MaxSecure -

Net Protector -


Padvish -


Safer Networking -


Quttera -

Resec Technologies -

Votiro -

Airo Security -

Vdoo -

ZoneAlarm -


Trendmicro -


Wipersoft [Aceso.Network] -


Xvirus Personal Guard -


Bitdefender -


NanoAV -

Drweb -

Kaspersky -

Yandex -


Trustwave -

Slovak Republic

Eset -

South Korea

Ahnlab -

Tachyon -

Max Antiirus -

Jiran Security -



Acronis -


Lionic [Aegis] -


Zemana Anti-Malware -


Grindinsoft -

Zillya -

United Kingdom

Qualys -

Deep Secure -

Sophos -

United States

Clamav -

Area One Security -

Inquest -

Symantec -

Palo Alto Networks -

Webroot -

Crowdstrike -

Intezer -

SentinelOne -

Trustlook -

Bromium -

Deep Instinct -

Forcepoint -

Cyren -

Cisco AMP [Immunet] -

Second Write -

Morphisec -

K2IO -

Cyber Adapt -

Slashnext -

Virsec -

Zimperium -

PC Matic -

Sonicwall -

Malwarebytes -

SecureWorks -

Veracode -

SUPERAntiSpyware -

Mcafee -

FireEye -

Lastline -

Microsoft -

Lookout -

Proofpoint -

Cybereason -

Endgame -



That is quite a mouthful! Even looking at this list and having put it together ourselves, it's quite hard to believe that there are in fact so many AntiVirus vendors out there which begs the natural question:

Why are there so many AntiVirus Engines?

Since the dawn of malware and the first Internet virus, the holy grail of virus defense has been in developing the ability to tell the difference between malicious and innocuous code. As it turns out, the problem is much harder than it seems. Most antivirus engines take their own approach when it comes to detecting malicious payloads and it has become an arms race to try to be better than the next guy and prove that one is the "top dog" in the industry of malicious file detection.

Companies like,,,, and others have sprouted up which then attempt to aggregate results from multiple AV engines in order to show the comparisons between the signature matches and the actual detection. Unfortunately this has only accelerated the malware file creation because in so doing, it also allows the bad guys to see the results of the scans more easily and to make adjustments to their strategies accordingly to evade detection.

There are many reasons why antivirus detection is a difficult challenge. Following are some of the hurdles that companies need to jump through in order to maximize their chances of detection success:

  • Packing and ever evolving methods of code obfuscation has made it increasingly difficult for engines to simply run their detection database against a file normally because additional layers of trickery are added to the process in order to make the process more difficult.

  • Not every AntiVirus engine has a complete view of the world in seeing all the possible malware that might exist. More often than not, they can only build in detections and protections against the types of files and methods that they have seen before. New files and new methods make that process more difficult. That's why companies like ours help to bridge the gap because we add more visibility into files they might not otherwise have access to on their own.

  • Malicious files can be written for many platforms, and although an engine may be good at detection within a single platform, it has to develop the same capabilities on other platforms (such as Android, IOS, Linux, or Mac) in order to increase the horizontal footprint. However, in doing this it takes more resources, man power, and troubleshooting to support many systems and platforms.

  • The spread of malicious activity can be localized to a specific region, or even worse, it can be associated with very specific individuals or groups where the AntiVirus engine may not have visibility. This too increases the odds of not being able to detect a given file or payload as malicious.

  • The risk of false positives is equally great because tools like have caused other engines to try to keep up with the detection rates of others. Sometimes, engines will flag a file as malicious which is actually benign, but other engines subsequently start doing the same in order to have a similar detection rate and to not be left behind. This can actually have a detrimental effect on the overall accuracy of the results.

  • There are many different methods that have been developed over the years and some of them require very different strategies to deal with the problem. Many types of companies have sprouted up to try to address the problem in their own unique proprietary way such as: Next Gen AV, In Memory Scanning, Crowdsourcing, WhiteListing Systems, Real-Time Sandboxing, Protected Memory Space, Content Disarming and Reassembly, and much more.

  • Sometimes malicious intent can be buried very deep in the dark corners of a file, system, or bit of code which can be terribly difficult to get access to. It is nearly impossible to determine intent, especially in a realtime fashion, so often times systems are left to be reactive rather than proactive due to their limited visibility potential. The reactive process can be effective, but also limited if it is not built to understand a specific threat or method.

  • Even the best engine on the planet would still have to go out and get users through the process of marketing. Many engines exist because they are reaching a different customer base. There might be local country language challenges, or enterprise versus retail, or Windows versus Mobile specialization, or Proactive versus Reactive strategies, and much more.

AntiVirus Mergers and Acquisitions

These dynamics have kept the industry segmented and despite the occasional Mergers and Acquisitions from time to time, it remains largely bifurcated. Some acquisitions in the past include companies like:

  • Fortinet acquired Ensilo

  • Avast acquired AVG and Norman

  • Checkpoint acquired ZoneAlarm

  • Symantec acquired Appthority

  • SecureWorks acquired CarbonBlack / Bit9

  • Sophos acquired HitManPro

  • J2 Global acquired Vipre / Sunbelt

  • Microsoft acquired Sybari

  • Symantec acquired Avira who had been acquired by Investcorp

  • Intel acquired Mcafee.

  • Webroot acquired Sophos

  • Crowdstrike acquired Preempt

  • Blackberry acquired Cylance

  • Cisco Systems acquired ClamAV and ThreatGrid

  • ... and many more!

Even keeping up with the M&A activity can be daunting, but for every acquisition perhaps more vendors keep popping up with new and interesting capabilities as well as new and interesting user bases. This pattern will continue for the foreseeable future.

The Diverse Detection Landscape is Here To Stay

As long as the Internet is running and there are humans to cause mischief, the vast landscape of AntiVirus engines is here to stay.

The number of engines is truly daunting, but one thing is for sure: there is never a dull moment when it comes to keeping up with malware and all the subtle intricacies that take place on collection, detection, and prevention!

795 views0 comments

Recent Posts

See All


bottom of page