Look, ignore all the 'windoze' and 'ignorant users' for now.
What this allows to do is active scanning of files. Not necessarily for viruses, but for any reason you can think of.
Now we have Clamav, right? Well Clamav is a passive scanning program. Meaning it can only scan files that we direct at it to scan.
A active scanner, on the other hand, is designed so that it deals with files on a automated manner based on file system events.
This is all that they want to do, at this point. On a given file system event, pause the access, and alert a third party to the event, redirect data as necessary, and then allow or deny access based on that third party.
Virus scanning, at this point, doesn't even enter into it. The criteria or data logging facilities can be used for anything.
It's a bit of a solution in search of a problem, but I wouldn't be suprised if somebody comes up with something clever to do with it. It's a bit like extended acls... sure for most functions you can figure out how to do a decent job with rwx/ugo, but you'll run into situations were the older access controls won't work effectively without a lot of kludges.
At the very least when setting up a Windows network file server/web server/email server/etc you can vastly improve performance and security by only scanning files as they change, real-time, instead of periodically scanning the entire share. Instead of stumbling onto a virus a hour after it's been written to your server you can have a 'ok' chance of intercepting it and logging the machine.