Unlike Microsoft’s solution, CAMP attempts to detect locally whether any downloaded file is malicious, before passing characteristics of the file to its server-based analysis system. First, the system checks the binary against a blacklist–in this case, Google’s Safe Browsing API. If that check returns no positive result and, if the file has the potential to be malicious, CAMP will check a whitelist to see if the binary is a known good file.
via Google Uses Reputation To Detect Malicious Downloads – Dark Reading.
CAMP’s 99-percent success rate trounced four antivirus products, which individually only detected at most 25 percent of the malicious files and collectively detected about 40 percent, the researchers stated.