Real-time protection. Microsoft Security Essentials uses real-time protection to help address potential threats before they ever have an opportunity to become a problem. Real-time protection allows Microsoft Security Essentials to monitor computers, on their network, constantly and notify the users when potential risks are attempting to install themselves. Because of the real-time protection's ability to protect the computer, it is best to keep it always running. If the real-time protection gets turned off, Microsoft Security Essentials will alert you, and your protection status will be changed to "At Risk."
Dynamic Signature Service. In addition to taking advantage of daily signature downloads, Microsoft Security Essentials is able to validate suspicious files against newly identified malware in near-real time by querying the Dynamic Signature Service. Actions from unknown sources such as unexpected network connections, attempting to modify privileged parts of the system or downloading known malicious content all trigger requests for updates from the Dynamic Signature Service.
Rootkit protection. Microsoft Security Essentials includes a number of new and improved technologies to provide additional defense against rootkits and other aggressive threats. These technologies include live kernel behavior monitoring for monitoring the integrity of kernel structures, support for direct file-system parsing to help identify and remove malicious programs and drivers hidden from the file system, and improved live rootkit removal that dynamically loads a new kernel mode driver as part of the cleaning process so that it can help successfully remove some of the more advanced rootkits.
Lightweight design. Because Microsoft Security Essentials is core anti-malware only, it doesn't carry the weight of the suite products and has a much smaller download size.
CPU throttling. CPU throttling helps ensure that the user's system remains responsive to those tasks the user is likely to be performing such as opening files or browser windows, launching programs, editing documents, saving files, etc.
Idle-time scanning. Scans and updates are scheduled to run when the PC is idle and use a low-priority thread.
Smart caching and active memory swapping. Signatures not in use don't take up space in the available memory, making Microsoft Security Essentials friendlier toward older PCs as well as todays smaller, less powerful form factors.