From what I understand, antiviruses hook to a file, accesses it and scan the files, and if necessary, make the file inaccessible to protect the system. Is this done via API hooking or some other methodology?