A traditional antivirus scans data at rest and data in transit for known virus signatures. (Where "virus" includes trojans, rootkits, et al.)
This does not help when defending against zero-days and active intrusions. By definition they have no known signature. What do you call an antivirus that instead responds to suspicious activity (rather than known signatures)?
The traditional technique described sounds like a signature- and host-based intrusion detection system. (IDS is a broad term that includes antivirus software.)
Some systems detect known patterns of bad behaviour, in addition to known bad data. These pattern definitions are not dynamic, so you might still consider them to be "signatures". In consumer antiviruses this feature is sometimes included under the umbrella term "real-time protection".
A dynamic (non-signature) implementation would be called an anomaly-based IDS. This relies on machine learning to generate heuristics that are used to detect suspicious behaviour.
Virus scanners that look for suspicious activity are often referred to as using heuristic analysis. It may run an application in some sort of sandbox (a special virtual machine) to analyse the program's behaviour. It will look for common virus activity such as replication and attempts to conceal itself.
As new viruses are discovered, antivirus manufacturers may add the virus behaviours to the rules engine, so that future variants are also discovered.
