QuestionMy scan took about 35 seconds while I was offline. How did WSA scan offline if it's cloud-based?
AnswerYour main protection while disconnected from the internet is coming from SecureAnywhere's behavioral shields/detections and local heuristics.
There are a very limited amount of locally held definition signatures for certain critical items that don't require reaching the cloud. These are mainly for rare file infectors. Anything that is known as good from prior scans (while previously connected to the internet) will still be known as good if they have not changed when performing scans offline, which explains the speed of the scan.
Also, if a program or process was being monitored before going offline, it will continue to be monitored and these processes and their behavior will still be journaled. This journaling allows SecureAnywhere to keep an eye on possibly malicious programs or processes it was unsure about, and if they try to execute or end up being an actual threat, the damage done can be reverted.