Riddle me this Batman.

Ok, a product like Nortons Antibot will only detect when a nastie goes active. Would this also not be the same type of scenario for a AV product that is never set to do a scheduled scan.

A AV in this case will only scan a file as it is opened or used, just as a product like Antibot, or something similar would do.

How is this not the same thing.

 

It's the same thing, only that the two products use different methods to detect malware. And of course, with greatly different effectiveness especially against zero-day malware.

 

AntiBot is a pure behaviour analyser, that's the difference. You can compare it with F-Secure's Deepguard.

 

I should have said how is a AV any different from a HIPS if you do away with scheduled scanning.

 

And it looks like you got your answer.

 

AVs can also detect on write (when the file is saved). Otherwise as solcroft has said, the difference are the methods used.

Antiviruses have blacklists, behavior blockers analyze a file's actions, classical HIPS prompt, etc.