Traditional anti-virus and anti-malware solutions rely on a signature database to understand if a file or URL is malicious, it checks new files or URLS against that database to see whether it is known as a threat or not.
Free anti-virus software is often free because the company providing the software will use the data to help enhance their paid for versions, you should ensure you understand what personal information may be shared with these companies.
This type of software can have a challenge with the type of attacks we see on a daily basis whereby the attackers are creating new signatures frequently in an attempt to defeat the anti-virus software. Next generation anti-virus and anti-malware software uses those signatures and then also looks for similar files whereby small changes may have defeated the traditional anti-virus but this more intelligent approach broadens the view of what may also be a threat.
They will also commonly approach these threats with a sandbox approach, any files are opened up in the cloud to monitor the behavior of that file and if it looks suspicious then it will be quarantined. The same approach is used with URLs to see if the website is malicious.
This approach ensures that your users are protected against a wider range of known and unknown threats.