And it's a lot more complicated than this and maybe I'm splitting hairs here... But...
Antivirus programs scan the system constantly and viruses are generally detected when items are "written to" or "run" on the computer's hard drive. (Recognize also that I'm simply referring to viruses, which you mentioned, not all the other types of trojans and malware.) Although detected immediately upon placement in the system, the file is actually found AFTER it's written to the system, usually as a temporary file, and then the user is notified and the file is deleted, ONLY IF the user choose to delete it by enabling the setting to do so. In some programs, the user is notified and given the option to delete or allow. So I guess you could say it was "blocked" but actually the detection occurs when the file is written to the system first. In addition, many free antivirus programs scan real-time and provide a similar service as the "paid" version. Not all, but some.
As a system admin and designated individual for testing antivirus programs for our agency, I watched as malware tests were run for email type infections, removable drive types of infections, network aware infections, and in each case, the file was detected ON the computer's system before it could be removed.. And sometimes, if the antivirus program's blacklist isn't up to date, then file is written to the system and eventually might be detected after the AV is updated and when the file "runs". The "run" process is then stopped/blocked and the virus is removed
But even that isn't the entire story as most newer antivirus/antimalware programs also detect various exploits from scripts on the net, through the network, etc. as they access the machine and in those cases, I'd say "block" is exactly the correct word.
Hope this helps.
Post was last edited on April 24, 2017 11:26 AM PDT