A traditional antivirus scans data at rest and data in transit for known virus signatures. (Where "virus" includes trojans, rootkits, et al.)
This does not help when defending against zero-days and active intrusions. By definition they have no known signature. What do you call an antivirus that instead responds to suspicious activity (rather than known signatures)?