Speaking possibilities, most any antivirus sofware
1. Routinely accesses all files on all disks and does some complex processing on these files.
2. Routinely talks back to its servers, sending data to the servers.
3. Routinely pulls updates and modifies itself.
and all that perfectly legal without any hacking involved.
It is most likely possible to selectively feed updates - that is, have different updates for different machines, perhaps with a granularity down to the single machine. Therefore, a vendor can send an update, make an update scan for whatever information needed, send that information back, and then send a second update to remove the first one. Should not be impossible to implement. The same applies to operating systems as well, by the way, and probably some other classes of software but I can't think of any right now.