This is typical blacklisting approach. Anti-malware protection is installed in the computer. It stays resident in the kernel and actively looking for file changes, I/O behaviors against known signature then destroy (or neutralize) the malicious actions.
The practice also include periodic search all files in the computers to detect if any malware prior to detection signature release has already resides in the computer.
Now, technology has evolved into auto-signature generation from OEM (i.e. upon receipt of malicious sample, new signature will be added), heuristic detection.
This sounds comprehensive protection. But we must not forget the signature update must be frequency and its legitimacy. Other than using a fradulent signauture, legitimate signature sometimes will cause system fault.
As an organization, anti-malware protection must be centrally managed, i.e. collect event logs, deploy signature update to relax burden of end users. A sandbox will be needed to test new signature before deploy to all computers in order to minimize the risk of service interruption.