Functionality of F-Secure virus and spyware scanning
There are two types of antivirus scanning: protocol-level scanning and filesystem-level scanning.
Protocol-level scanning checks data that enters the computer via the network. Filesystem-level scanning checks the files that are saved on the computer's file system, i.e. generally the computer's hard disk.
Antivirus scans can be triggered in a number of ways. A filesystem-level scan is started when a file is accessed, i.e. when you open an application or save a document. This is also known as on-access scanning.
Scheduled scanning is an on-demand scan of files. The functionality is the same in terms of finding viruses, but it is started deliberately rather than being automatically started based on file access. The same applies to a scan started by the user - this is a true on-demand scan.
Protocol-level scanning takes place inside the software, in the firewall module. The file is scanned before it is allowed through the firewall, for example when downloading a zip file. The file will be scanned twice; first when it is downloaded and again when the file is saved to disk. The content files will be scanned again when they are extracted from the zip.
On-access scanning is, strictly speaking, a variation of the on-demand scan. The difference is in the requester of the scan, not the scan itself.