When security software fails to detect a suspected malicious sample, an analyst may manually analyze the sample in order to reach a verdict of whether or not the sample is indeed malicious or not and to create a signature to detect it in the future. This is done with various reverse engineering techniques.
Malware developers may employ anti-reversing techniques to make the reverse engineering process more difficult for the analyst.