When my memory serves right, PrevX (wich was bought by Webroot) was the first AV that had
1. A cloud component for blacklist
2. Offered an heuristics approach based on
a) whether the executable was seen by the community
b) what the age of the executable was and how long it was on the PC
c) what the origin of the executable was
3. Offered an execution trail tracker/behavioral blocker
Panda was so smart to name their anti-virus cloud antivirus, so Panda sort of took away the marketing benefit of PrevX being the first Cloud based AV.
The heuristics approach would now be called machine learning - artificial intelligence. I once had a license of PrevX and I remember it was possible to adjust the sensitivity of the heuristics approach to make it a whitelist like mechanisme (moving the sliders to max).
Also the execution trail tracker, sort of logged the activities of executables and could also be used to revert the actions of malware once the behavioral blocker had decided that the executable had performed to many questionable actions. Windows Defender sort of copied this behavior by using Windows event logger for this (and called WD the first OS-aware antivirus). This type of (roll back) behavior analysis is now common in most ransom ware protection modules of AV's.
Problem with PrevX was that its blacklist was very weak and always scored bottom results in protection tests (based on scanning). Problem with security patents is that they are sometimes generally describe a mechanism and it is hard to proof in court because the technical implementation of such a mechanism nearly always is vendor specific.
Sounds pretty accurate though I should add that their whitelist component has always seemed to me to be even more fundamental to their proprietary cybersecurity architecture than their blacklist.
Also, I've always sided with Prevx on their assertion that professional testing protocols (as they currently exist) just do not work well with their AV approach. In fact, I'm surprised that you say that Prevx always performed very weakly in tests as, as I recall matters, unlike Webroot they resolutely refused to submit to any tests except for those by SE Labs
On a personal note, my experience was that before moving to Prevx (subsequently of course acquired by Webroot) I had
a ton of malware problems, and from the day I changed I
never encountered a malware problem again.
If malware is something that could slow down your PC and render it unsuable, Webroot, which repeatedly causes BSODs during scan sessions, falls into that category.
I scanned some malware samples with Webroots and it crashed my computer when it tried to remove the detected threats
As for Anthony's comments above, I'm no expert on AVs, indeed I'm more or less illiterate regarding anything to do with computer coding
, but I do remember one key Prevx developer (Jacques Erasmus if I recall correctly) explaining in a Prevx blog article written IIRC sometime around 2009 on how a key part of their malware detection and removal procedure was forcing a BSOD at various stages of the malware cleanup, triggering on each occasion a fresh Prevx scan, until the process of the malware cleanup was complete — and that it was important to let this process run right through to the end. I of course can't speak for whether what he is describing above is this normal BSOD process or if he is, rather, speaking of irregular BSODs that screwed up his computer.
