"Essentially the idea is to offload some malware checks to an online database. When the software detects a program or file as being suspicious, probably through behavior checks, it takes some form of hash of the files involved and submits it in a database query to their most updated malware database. If a hit is detected then the user can be notified, and perhaps the malware removed.
It doesn’t sound very revolutionary, does it? Why not just push updates down faster? Kaspersky claims to do this every hour. " – Content courtesy of McAfee Putting Malware Signatures in the Cloud