The most notable additional feature is the use of 'real-time protection.' In a fashion similar to the way the Zonealarm firewall and several other products monitor software attempting to perform restricted operations on your computer, the Microsoft antispyware beta uses 'security agents' to monitor areas of your system which are traditionally vulnerable points for spyware and malware access. These three agents (Internet, system and application) each cover a set of checkpoints comprising the vulnerable areas in each of their zones of responsibility.

The Internet agent covers modem and WI-FI connections (including notifying you when a new user connects to your wireless network), prevents changes to TCP/IP, DNS and proxy settings, and stops processes from activating the windows messenger service, among other protective aspects.

The system agent protects crucial system files from being changed, prevents malicious files from being added to the boot procedure, and a variety of other things.

The application agent prevents alterations from being made to Internet Explorer (one of the primary vectors for malware and browser hijackers) and monitors system processes.

When an agent encounters a situation that requires user intervention, it pops up a system tray notification similar to that seen with Zonealarm or the Windows XP Service Pack 2 firewall, requesting that you block or allow the event in question. We ran into this service almost instantly upon installing the antispyware beta on our first test machine, an older Windows 2000 laptop known to be infested with spyware. The Microsoft beta popped up a window informing us that the messenger service was active, why this was a bad thing, and prompting us to deactivate it, which we allowed it to do.

In total, 59 checkpoints are enabled by default. Each of these can be activated or deactivated individually, and you can view all events that each agent has blocked.