Seen how I not use any AV I haven't tested any.

Just wondering in general do Anti Virus Programs intercept Malware before the Malware executes and run? are they able to ?

Yes, generally an AV will intercept malware before it's allowed to run.

Mostly yes.

Many AVs have the option to automatically scan every file "on access" which means that opening or executing the file is suspended during the time that the AV is scanning that file.

-{ Quote: "Seen how I not use any AV I haven't tested any.

Just wondering in general do Anti Virus Programs intercept Malware before the Malware executes and run? are they able to ?" }-

There is no "in general" about the issue you mention. If the malware is known as signature, gets caught by heuristics, or "the cloud" knows about it and its vector file and there are no other software incompatibilities that will debilitate your AV, then yes your AV will stop it before the malware can harm you.

Interesting. So is it possible that an AV is, at least in theory, in some ways safer than a HIPS with the anti-execute function turned off?

-{ Quote: "Interesting. So is it possible that an AV is, at least in theory, in some ways safer than a HIPS with the anti-execute function turned off?" }-

I would not use the term "safer". It is just that the AV has the possibility to react earlier - by detecting the malware before the execution. In some cases even before the file gets in your drive for example by using a web/script shield. HIPS or behaviour blockers react on events that are effects of the malware code/vector file executed. This is why often layered security is important.

That would mean, though, that most AVs are not terribly vulnerable to Matousec's TOCTOU (or whatever it's called) exploit. Another nail in the coffin of that issue, I guess.

-{ Quote: "That would mean, though, that most AVs are not terribly vulnerable to Matousec's TOCTOU (or whatever it's called) exploit. Another nail in the coffin of that issue, I guess." }-

Considering the way AVs work and if your system is not already compromised yes you are right. But also consider that the main problem of the current generation of the AVs is that they are mainly signature based and this does not allow them to cover you from all the possible malware.

Yeah, most AV's have On Access scanner detect them as soon as read by the OS, but as some people have pointed if no signature or heuristics it won't detect :D

Anyway, i still trust in "Signature based" AV's. ;D

Noob,
How is panda cloud working with EAM 5? I'm looking for a replacement for MBAM. It doesn't play well with EAM 5. :-[