20.08.2013 Views

Course documentation - Kaspersky Lab

Course documentation - Kaspersky Lab

Course documentation - Kaspersky Lab

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Kaspersky PURE 3.0

Training course documentation for

Kaspersky PURE 3.0


Contents

Glossary ..................................................................................................................................................... 6

CHAPTER 1. Introduction ........................................................................................................................... 8

What is Kaspersky PURE 3.0 .................................................................................................................. 8

Key functions and advantages ............................................................................................................. 8

What’s new in Kaspersky PURE 3.0 .................................................................................................... 8

Interface of Kaspersky PURE 3.0 .......................................................................................................... 11

Application icon in the Microsoft Windows taskbar notification area ................................................... 11

Main window of Kaspersky PURE 3.0 ................................................................................................ 16

Notification windows and pop-up messages ...................................................................................... 19

The program settings window ............................................................................................................ 20

Cloud Protection (Kaspersky Security Network service) .................................................................... 22

CHAPTER 2. Kaspersky PURE 3.0 vs other Kaspersky Lab products (PURE 2.0, KIS 2013, KAV 2013) . 26

CHAPTER 3. Installation of Kaspersky PURE 3.0 ..................................................................................... 30

System requirements for Kaspersky PURE 3.0 ..................................................................................... 30

Supported operating systems ............................................................................................................ 30

General requirements ........................................................................................................................ 30

Limitations ......................................................................................................................................... 31

Netbooks hardware requirements ...................................................................................................... 31

Uninstalling third-party software or earlier versions of Kaspersky Lab products..................................... 31

Removing third-party anti-virus software with Microsoft Windows means .......................................... 31

Removing third-party anti-virus software with special tools ................................................................ 35

List of applications incompatible with Kaspersky PURE 3.0 .................................................................. 36

Installation procedure of Kaspersky PURE 3.0 ...................................................................................... 36

Installation of Kaspersky PURE 3.0 if other Kaspersky Lab products are installed ................................ 39

FAQ ...................................................................................................................................................... 40

CHAPTER 4. License management and migration to new product version ............................................... 41

License management ............................................................................................................................ 41

About license agreement ................................................................................................................... 41

About license ..................................................................................................................................... 41

About activation code ........................................................................................................................ 42

Purchasing license after the product installation ................................................................................ 43

About activation procedure ................................................................................................................ 44

Viewing license information ............................................................................................................... 47

License renewal procedure ................................................................................................................ 50

Migration policy from Kaspersky Lab products to Kaspersky PURE 3.0 ................................................ 53


CHAPTER 5. Backup and Restore ........................................................................................................... 55

Creating a backup task .......................................................................................................................... 55

Selecting data category for backing up .............................................................................................. 55

Creating a backup storage ................................................................................................................. 73

Connecting earlier created storage .................................................................................................... 87

Recording restore utility ..................................................................................................................... 88

Password protection .......................................................................................................................... 90

Files storage settings ......................................................................................................................... 92

Configuring schedule of automatic backup run .................................................................................. 96

Summary ......................................................................................................................................... 101

Starting, editing and deleting backup tasks ......................................................................................... 103

Starting a backup task ..................................................................................................................... 103

Editing and deleting a backup task .................................................................................................. 106

Restoring data from backup ................................................................................................................ 107

Managing backup storages ................................................................................................................. 114

Viewing backup reports ....................................................................................................................... 124

CHAPTER 6. Computer protection ......................................................................................................... 127

Protection Center ................................................................................................................................ 128

Scan .................................................................................................................................................... 132

Scan for viruses ............................................................................................................................... 133

Starting scan for viruses .................................................................................................................. 133

Full Scan ......................................................................................................................................... 136

Critical Areas Scan .......................................................................................................................... 139

Custom Scan ................................................................................................................................... 141

Vulnerability Scan ............................................................................................................................... 146

Eliminating system vulnerabilities .................................................................................................... 148

Eliminating vulnerable applications .................................................................................................. 150

Update ................................................................................................................................................ 154

Quarantine .......................................................................................................................................... 156

What is Quarantine .......................................................................................................................... 156

Working with quarantined objects .................................................................................................... 157

Network Monitor .................................................................................................................................. 161

Network activity ............................................................................................................................... 163

Open ports ....................................................................................................................................... 166

Network traffic .................................................................................................................................. 168

Blocked computers .......................................................................................................................... 169

Applications Activity ............................................................................................................................ 170


Changing trusted group for an individual application ........................................................................ 172

Editing rules for an individual application ......................................................................................... 173

Reports ............................................................................................................................................... 174

CHAPTER 7. Parental Control ................................................................................................................ 178

Starting work with Parental Control ..................................................................................................... 178

Control levels ...................................................................................................................................... 181

Configuring Parental Control settings .................................................................................................. 185

Account settings .............................................................................................................................. 185

Control over computer usage ........................................................................................................... 188

Control over Internet usage ............................................................................................................. 193

Instant Messaging............................................................................................................................ 203

CHAPTER 8. Home Network Control ...................................................................................................... 215

Protecting access with an administrator password .............................................................................. 215

Searching computers .......................................................................................................................... 217

Configuring group update .................................................................................................................... 221

Group launch of update and virus scan ............................................................................................... 223

How to start group scan for viruses .................................................................................................. 223

How to start group update ................................................................................................................ 225

Detailed protection setting of networked computers ............................................................................ 226

Information ...................................................................................................................................... 227

Parental Control ............................................................................................................................... 228

Scan ................................................................................................................................................ 229

Update ............................................................................................................................................. 230

Backup ............................................................................................................................................ 234

CHAPTER 9. Additional Tools ................................................................................................................ 236

Browser Configuration ......................................................................................................................... 236

Running Browser Configuration Wizard ........................................................................................... 237

Rolling back wizard actions which resulted in problems when working on the Internet ..................... 241

Kaspersky Rescue Disk ...................................................................................................................... 243

Creating Kaspersky Rescue Disk ..................................................................................................... 243

Starting the computer from the rescue disk ...................................................................................... 254

Microsoft Windows Troubleshooting .................................................................................................... 256

What is Microsoft Windows Troubleshooting? .................................................................................. 256

Running Post-infection Microsoft Windows Troubleshooting Wizard ................................................ 256

File Shredder ...................................................................................................................................... 260

What is File Shredder? .................................................................................................................... 260

Data deletion methods ..................................................................................................................... 261


Permanent data deletion procedure ................................................................................................. 261

Erase Your Activities History (Privacy Cleaner Wizard) ....................................................................... 265

Unused Data Cleaner .......................................................................................................................... 269

CHAPTER 10. Safe Money ..................................................................................................................... 274

CHAPTER 11. Data Encryption .............................................................................................................. 281

Creating an encrypted container ......................................................................................................... 281

Encrypting data ................................................................................................................................... 285

Connecting an earlier created container .............................................................................................. 288

Decrypting data. Configuring container ............................................................................................... 290

Deleting container ............................................................................................................................... 296

CHAPTER 12. Password Manager ......................................................................................................... 298

What is Password Manager ................................................................................................................. 298

Main functions of Password Manager .................................................................................................. 299

Starting Password Manager ................................................................................................................ 300

Enabling password synchronization ................................................................................................. 300

Enabling password sync .................................................................................................................. 309

What is Master Password ................................................................................................................ 313

Creating Master Password ............................................................................................................... 313

If you forgot your master password .................................................................................................. 314

Locking/ unlocking passwords database .......................................................................................... 317

Caption button of Password Manager .............................................................................................. 320

Adding accounts to Password Manager .............................................................................................. 321

Adding website account to Passwords database ............................................................................. 321

Adding account for application to passwords database .................................................................... 327

Adding and using Identities .............................................................................................................. 335

Adding and using Notes ................................................................................................................... 342

Configuring Password Manager .......................................................................................................... 350

Virtual keyboard .................................................................................................................................. 362

Password Generator ........................................................................................................................... 365

What is Password Generator ........................................................................................................... 365

Creating password for account with Password Generator ................................................................ 365

CHAPTER 13. Advanced application settings ......................................................................................... 369

Settings. Protection ............................................................................................................................. 369

General protection settings .............................................................................................................. 370

Self-Defense .................................................................................................................................... 377

File Anti-Virus .................................................................................................................................. 380

Mail Anti-Virus ................................................................................................................................. 397


Web Anti-Virus ................................................................................................................................. 419

IM Anti-Virus .................................................................................................................................... 437

Application Control ........................................................................................................................... 441

System Watcher .............................................................................................................................. 467

Firewall ............................................................................................................................................ 475

Network Attack Blocker .................................................................................................................... 506

Anti-Spam ........................................................................................................................................ 510

Anti-Banner...................................................................................................................................... 526

Safe Money ..................................................................................................................................... 533

Secure Data Input ............................................................................................................................ 540

Threats and exclusions .................................................................................................................... 550

Settings. Scan ..................................................................................................................................... 560

General settings .............................................................................................................................. 560

Full Scan ......................................................................................................................................... 563

Critical Areas Scan .......................................................................................................................... 585

Custom Scan ................................................................................................................................... 606

Vulnerability scan............................................................................................................................. 622

Settings. Update .................................................................................................................................. 629

Update task’s run modes ................................................................................................................. 629

Running update under different user account .................................................................................. 631

Selecting an update source ............................................................................................................. 631

Proxy server settings ....................................................................................................................... 633

Notifications on updates or new versions releases........................................................................... 635

Settings. Password ............................................................................................................................. 636

Settings. Additional ............................................................................................................................. 637

Battery Saving ................................................................................................................................. 637

Compatability ........................................................................................ Error! Bookmark not defined.

Network ........................................................................................................................................... 640

Notifications ..................................................................................................................................... 644

Reports and Quarantine................................................................................................................... 648

Feedback ......................................................................................................................................... 652

Gaming Profile ................................................................................................................................. 654

View ................................................................................................................................................ 655

Manage Settings .............................................................................................................................. 657

Restoring default Kaspersky PURE 3.0 settings .................................................................................. 661


Glossary

KSN, Kaspersky Security Network is an infrastructure of online services that provides access

to the online Knowledge Base of Kaspersky Lab, which contains information about the reputation

of files, web resources, and software. Using data from the Kaspersky Security Network ensures a

faster response time for Kaspersky PURE 3.0 when encountering new types of threats, improves

performance of some protection components, and reduces the risk of false positives.

Phishing is a specific form of cybercrime. Phishing attacks are created the following way: the

criminal creates an almost 100 percent perfect replica of a chosen financial institution’s website,

then attempts to trick the user in to disclosing their personal details – username, password, PIN

etc. – via a form on the fake website, allowing the criminal to use the details to obtain money.

Script is a computer program or a part of a program (function), created to perform a specific

small task. Scripts are usually inserted as parts of web pages to provide extended web page

functionality and they are executed when the web page is loaded.

Network Attack is network activity aimed to perform some actions (mostly malicious) on the

remote computer.

POP3, SMTP, IMAP, MAPI and NNTP are network protocols designed to create, receive and

send E-mail.

TCP, UDP, ICMP, ICMPv6, IGMP, GRE are network protocols (sets of rules) designed for data

transfer on the network.

VLSM is Variable Length Subnet Mask.

FTP (File Transfer Protocol) is a protocol, designed to transfer files on the network.

HTTP is Hypertext Transfer Protocol.

HTTPS (Hypertext Transfer Protocol Secure) is an HTTP-protocol extension with encryption

support.

IMAP4 is a standard protocol designed to access E-mail.

SSL is a protocol designed for safe transfer (encryption) of data of other protocols (ex. POP3 or

IMAP).

ICMP-packet is a packet containing a report about an error or an exception occurred during data

transfer. ICMP-packet includes segments called Type and Code that contain info about type and

code of occurred error.

Classless InterDomain Routing, CIDR is a methodology of allocating IP addresses and routing

Internet Protocol packets without rigid class addressing. This methodology allows economical

use of finite amount of IP-addresses and therefore performance increase in Kaspersky PURE

3.0.

Databases — contain records about threats and network attacks, as well as methods used for

their disinfection. Protection components use them for searching for dangerous objects on a

computer and further disinfection.


Registry is a hierarchical database that stores configuration settings in most Microsoft Windows

OS.

Cookies are small text files with data created by a web server and stored on a user's computer.

They are sent to a web server each time a user accesses that server. Cookies are used for

authenticating (ex. login, password), remembering specific information about users, such as site

preferences, and for gathering statistic.

Every website matches its own cookie file.

Сompound file is a structured storage of files. Examples of compound files include archives and

OLE-objects. Often malefactors hide malicious objects by inserting them into compound files

(archives).

Rootkit is a program kit that hides the presence of malware in the system. Rootkits penetrate

into the system and hide their presence. Moreover rootkits can hide the presence of particular

processes, folders, files and registry keys.

Keylogger is a malicious program that tracks the sequence of keystrokes on the keyboard in

order to record a user’s personal information, such as passwords.

Clipboard is a software facility can be used for short-term data storage and/or data transfer

between documents or applications, via copy and paste operations.

Exploit is a program that contains data or an executable code that allow to use one or more

software vulnerabilities either on a local or remote computer with harmful intentions.


CHAPTER 1. Introduction

What is Kaspersky PURE 3.0

Kaspersky PURE 3.0 is an optimal solution for comprehensive protection of computers within

your home network.

Kaspersky PURE 3.0 ensures protection of your computer against all types of information threats

in real time, secures your personal data from loss and unauthorized use, protects children and

teenagers from threats related to computer and Internet usage, and manages the security of all

computers within your home network from any single computer.

Key functions and advantages

► Safe Money. A unique technology (similar to previous years’ Safe Run technology) that

provides additional layers of protection while using online banking and payment

systems, and while making online purchases.

► Automatic Exploit Prevention goes beyond scanning for vulnerabilities to also

analyzing and controlling the actions of programs, applications, etc. that have

vulnerabilities.

► Secure Keyboard protects personal data entered via a physical keyboard.

► Online Backup. Kaspersky PURE 3.0 integrates a useful new feature allowing backup

copies of files to be stored online free of charge. You can access the backup copies of

your files from any computer with an Internet connection.

► Password Sync. Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e.,

online), so you can synchronize them across all of your Windows machines. So, now,

from any of your PCs, you can access your Password Manager, and you’ll automatically

be logged into websites and applications.

► Windows 8 Compatibility. Kaspersky PURE 3.0 is fully compatible with Microsoft

Windows 8 and includes a set of features for delivering maximum PC protection within

this operating system: protection of apps developed for Microsoft’s new user interface,

and integration with the enhanced Windows Security Center and Early-Launch Anti-

Malware (ELAM) system support.

► Improved usability. The new version of product has an intuitive and easy-to-use

interface with rapid access to key features and management from the main window.

What’s new in Kaspersky PURE 3.0

► Safe Money technology is added. Kaspersky PURE 3.0 includes significantly improved

protection of financial operations via online banking and payment systems (e.g., PayPal,

WebMoney, etc.) and while shopping online.

► Automatic Exploit Prevention. The technology is designed to protect from malware

that exploits vulnerabilities in popular applications such as Adobe Reader, Internet

Explorer, and Firefox to try to gain control over the computer, steal your personal data,

etc.

► Password Sync. Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e.,

online), so you can synchronize them across all of your Windows machines. So, now,


from any of your PCs, you can access your Password Manager, and you’ll automatically

be logged into websites and applications.

► Online Backup. Kaspersky PURE 3.0 now integrates an online backup functionality,

allowing you to backup copies of files online for free.

Kaspersky PURE 3.0 can be easily installed on Windows 8 machines. To ensure

the highest levels of protection, the product is fully integrated with the new operating

system, allowing for virus scanning of applications developed for the new user interface,

the use of the enhanced functionality of Windows Security Centre, etc.

Kaspersky PURE 3.0 provides for the protection of apps developed for Microsoft’s

new user interface. The product will scan these apps for viruses. If an application is

infected, the product will remove the infected files and flag the infected application. It will

then be replaced by the system with a clean, fresh copy taken from the Windows Store.

► Reduced battery drain for laptops. Kaspersky PURE 3.0 reduces battery drain by

postponing resource-intensive tasks, thereby increasing the battery life of your laptop.

What’s improved in Kaspersky PURE 3.0:

Kaspersky PURE 3.0 includes a feature for additional protection of personal data, even

when you are using a physical keyboard. If you open a bank or payment website or

insert a password on any web page, Secure Keyboard mode will activate automatically.

The product settings allow you to select other categories of sites where the Secure

Keyboard protection mode should be activated.

► A variety of features and modules of Kaspersky PURE 3.0 (URL Advisor, Anti-Banner,

Virtual Keyboard, Safe Money, etc.) support recent versions of the following web

browsers:

Internet Explorer 8, 9, 10

Mozilla Firefox 9.x-12.x

Google Chrome15.x-17.x

Opera 12.61

In these browser versions the product installs the appropriate plugins for a fast call-out of

Kaspersky PURE 3.0 features.

► To receive access to your personal information, cybercriminals often resort to fake

(phishing) sites. To make protection against visiting phishing websites much more

effective, Kaspersky PURE 3.0 integrates an enhanced updatable Anti-Phishing

module. In particular, heuristic analysis has been improved, which checks to see if a

URL has the characteristics typical of a phishing website.

► Built into browser toolbars, URL Advisor flags links to infected or fraudulent (phishing)

resources using a special color indicator within search engine results. To receive more

detailed information about a specific website, place the cursor over the colored indicator.

► File Advisor

You can check whether an application you have downloaded from the Internet is going

to harm your computer by simply right-clicking the file icon and selecting the context

menu option: ―Check reputation in KSN (Kaspersky Security Network)‖. You will


eceive detailed information about the file, including the level of trust assigned by other

users.

Kaspersky PURE 3.0 now provides fast access to the Virtual Keyboard from web

browsers. When banking or payment sites are opened in the web browser, the Virtual

Keyboard’s quick launch element is automatically activated in the input field.

Kaspersky PURE 3.0 is integrated with the enhanced functionality of the Windows

Security Center (WSC) in Windows 8. This means that the following can now be

performed directly from WSC: extending the license period, updating antivirus

databases, etc.

Kaspersky PURE 3.0 fully supports Microsoft’s new Early-Launch Anti-Malware

(ELAM) technology. ELAM allows PURE 3.0 to launch itself before other third-party

software components. At the same time, Microsoft’s Measured Boot provides PURE 3.0

with the detailed information on all the Windows components launched during the boot

process. As a result, PURE 3.0 is able to detect and block complex malware, such as

rootkits, with more efficiency.

Kaspersky PURE 3.0 is significantly optimized to reduce the impact on your computer’s

performance when performing the most common online user scenarios (running web

browsers and other programs, installing programs and using the Internet, etc).


Interface of Kaspersky PURE 3.0

The interface of the main application window in Kaspersky PURE 3.0 has been considerably

improved. The modern animated design eases perception of the information and allows to

simplify operational process of the product.

Now in the main window you can see all the necessary information about the computer protection

status, activity of the protection components, up-to-dateness of the anti-virus databases and the

license expiry date.

Let’s view the following main elements of Kaspersky PURE 3.0 in detail:

► Application icon in the Microsoft Windows taskbar notification area

► Main window of Kaspersky PURE 3.0

Kaspersky Security Network (KSN) service

► Notification windows and pop-up messages

► Application settings window

Application icon in the Microsoft Windows taskbar notification area

Immediately after installation of Kaspersky PURE 3.0, the application icon appears in the

Microsoft Windows taskbar notification area.

In Microsoft Windows 7 the application icon is hidden by default, you can display the icon to work

with the application (see documentation to the operating system).


The icon performs the following functions:

► is an indicator of the application's operation;

► provides access to the context menu, the main application window and the news

window.

This icon serves as an indicator of the application's operation. It also indicates the protection

status and displays the basic functions currently being performed by the application:

scanning an email message;

scanning web traffic;

updating databases and application modules;

computer needs to be restarted to apply updates;

a failure occurred in the operation of an application component.

The icon is animated by default. You can disable the animation the following way:

1. Open the main application window and in top right corner of the window click the Settings

link.


2. In the top part of the Settings window select the Additional tab and the View subsection.

3. In the Icon in the taskbar notification area section uncheck the Animate taskbar icon

when executing tasks box.


4. Click the OK button, to save the made changes.

When the animation is disabled, the icon can take the following form:

(colored symbol) – all or certain protection components are activated;

(black-and-white symbol) – all protection components are disabled.

Using the icon, you can open the context menu and the main application window.

► To open the context menu, hover the cursor over the icon and right-click the area.

► To open the main application window, hover the cursor over the icon and left-click the

area.

Using the context menu, you can quickly take various actions on the application.


The Kaspersky PURE 3.0 menu contains the following items:

► Task Manager — opens the Task Manager window where you can view the list of scan

tasks which were performed or are being performed at the moment.

► Update — runs the update of application databases and modules.

► Tools — opens a submenu containing the following items:

Virtual Keyboard — displays the Virtual Keyboard.

Application Control — opens the Applications Activity window.

Network Monitor — opens the Network Monitor window.

Kaspersky PURE 3.0 — opens the main program window.

► Enable Parental Control — enables/disables Parental Control for the current account.

► Pause protection — temporarily disables / enables real-time protection components.

This menu item does not affect the application's updates or the execution of virus scan.

► Settings — opens the application settings window.

► About — opens a window containing information about the application.

► Exit — closes Kaspersky PURE 3.0 (when this item is selected, the application is

unloaded from the computer’s RAM).

If a virus scan or update task is running at the moment that you open the context menu, its name

as well as its progress status (percentage complete) is displayed in the context menu. When you

select a menu item with the name of a task, you can switch to the main window with a report of

current task run results.


Main window of Kaspersky PURE 3.0

The main application window contains interface elements that provide access to all the main

features of the application.

You can open the main application window one of the following ways:

► By left-clicking the application icon in the Microsoft Windows taskbar notification area. In

Microsoft Windows 7 the application icon is hidden by default. You can display the

program icon to work with the program (see the documentation to the operating system).

► By selecting Kaspersky PURE 3.0 from the context menu of the application icon in the

Microsoft Window taskbar notification area.

The main window can be divided into three parts:


► The top part of the window provides information about the current protection status of

your computer.

Three protection statuses are predefined and each status is color-coded. Green color

means your protection is on the due level; yellow and red warn about various security

threats. Malicious programs, old program databases, some disabled components,

minimal protection settings and etc. refer to threats.

► The central part of the window allows quickly launch one of the computer scan types,

launch update of anti-virus databases, and go to the Backup, Parental Control and

Computer Protection modules. The Computer Protection module lets you quickly go to

the list of all protection components of Kaspersky PURE 3.0.

► The bottom part of the window allows to access additional program modules which

provide enhanced protection and optimize the system work:

Additional Tools – optimizes system work and offers tools for advanced protection of

your data.

Safe Money – a unique component that provides additional layers of protection while

using online banking and payment systems.


Home Network Control – remote management of Kaspersky PURE 3.0.

Data Encryption – prevents from unauthorized access to private information.

Password Manager – protects personal data, such as: passwords, user names, numbers

of internet pagers, contact data and etc.

When you select a module in the central or bottom part of the window, a window for the

corresponding module opens. You can return by clicking the Back button in the bottom right

corner of the window or by clicking the arrow in the upper left corner of the window.

You can also use the following buttons and links from the main program window:

► Settings – to open the application settings window.

► Help – to view the Kaspersky PURE 3.0 help system.

► My Kaspersky Account – to enter the user's personal account on the Technical

Support Service website.

► Support – to open the window containing information about the system and links to

Kaspersky Lab information resources (Technical Support Service website, forum).

► License – to go to Kaspersky PURE 3.0 activation and license renewal.


Notification windows and pop-up messages

Kaspersky PURE 3.0 notifies you of important events occurring during its operation using

notification windows and pop-up messages that appear over the application icon in the taskbar

notification area.

Notification windows are displayed by Kaspersky PURE 3.0 when various actions can be taken in

connection with an event: for example, if a malicious object is detected, you can block access to

it, delete it, or try to disinfect it. The application prompts you to select one of the available actions.

A notification window only disappears from the screen if you select one of the actions.


Pop-up messages are displayed by Kaspersky PURE 3.0 in order to inform you of events that do

not require you to select an action. Some pop-up messages contain links that you can use to take

an action offered by the application: for example, run a database update or initiate activation of

the application). Pop-up messages automatically disappear from the screen soon after they

appear.

Notifications and pop-up messages are divided into three types:

► Critical notifications – inform you of events that have a critical importance for the

computer's security, such as detection of a malicious object or a dangerous activity in

the system. Windows of critical notifications and pop-up messages are red-colored.

► Important notifications – inform you of events that are potentially important for the

computer's security, such as detection of a potentially infected object or a suspicious

activity in the system. Windows of important notifications and pop-up messages are

yellow-colored.

► Information notifications – inform you of events that do not have critical importance

for the computer's security. Windows of information notifications and pop-up messages

are green-colored.

To know how to configure notification settings, read the chapter Settings - Additional.

The program settings window


The Kaspersky PURE 3.0 settings window is designed for configuring the entire application and

separate protection components, scanning and update tasks.

To open the settings window, click the Settings link in the top part of the main application

window or select the Settings item from the application context menu in the Windows taskbar

notification area.

The program settings window consists of three parts.


► In the top left part of the window you can choose the section that should be configured;

► In the left part of the window you can choose the application component, task or another

item that should be configured;

► The right part of the window contains the controls that you can use to configure the item

selected in the left part of the window.

Cloud Protection (Kaspersky Security Network service)

To increase the efficiency of your computer's protection, Kaspersky PURE 3.0 uses data received

from users from all over the world. Kaspersky Security Network is designed for collecting those

data and thus provides Cloud protection.

Kaspersky Security Network (KSN) is a global service of the operative threat analysis that

unites millions of users all over the world.

When Kaspersky PURE 3.0 detects suspicious or not scanned data on a computer of a KSN

participant, it automatically sends such data to Kaspersky Lab where virus analysts analyze

potential threats round the clock and release protection updates for customers in real time.

User participation in Kaspersky Security Network enables Kaspersky Lab to gather real-time

information about the types and sources of new threats, develop methods to neutralize them, and

reduce the number of false positives. The more users participate in KSN, the safer cloud

protection is for all the participants.

Thus, Kaspersky Security Network allows the user to obtain:

► additional level of protection;

► operative data about applications reputation;

► operative data about sites reputation;


► on-the-fly response to appearance of new threats.

To know the current operational status of the Kaspersky Security Network service, perform the

following actions:

1. In the main application window click the Computer Protection button.

2. In the Computer Protection window click the Cloud protection button.

3. In the left part of the Cloud Protection Technology window you can see the current

service status – Connected\Disconnected. In the right part of the window you can view

the information received by the service for the time being. To get more information about

the cloud protection technology of Kaspersky Security Network (KSN), click the Read

more button.


User participation in Kaspersky Security Network allows Kaspersky Lab to operatively collect

information about types and sources of new threats, develop disinfection methods, and decrease

the number of false alerts.

No privacy data are collected, processed, or stored.

Participating in the Kaspersky Security Network is voluntary. You should decide whether to

participate when installing Kaspersky PURE 3.0; however, you can change your decision at any

time later.

To participate/ not participate in the Kaspersky Security Network service, perform the following

actions:

1. Open the application settings window by clicking the Settings button in the top right corner of

the main application window.

2. In the top part of the window select the Additional section.

3. Select the Feedback subsection.

4. In the right part of the window check/uncheck the I agree to participate in Kaspersky

Security Network box.


5. Click the OK button to save the changes.

Now you can check the reputation of a file with one mouse click. For this, right-click a file icon

and from the context menu select Check reputation in KSN.


CHAPTER 2. Kaspersky PURE 3.0 vs other Kaspersky Lab

products (PURE 2.0, KIS 2013, KAV 2013)

Kaspersky PURE 3.0 delivers the ultimate protection for PCs, identity, passwords, photos and

more. Plus, unique Safe Money technology ensures maximum security for your online financial

transactions. And PURE 3.0 is incredibly simple to use, allowing you to easily manage the

security of all the PCs in your home –from a single PC.

Use the table below to compare Kaspersky PURE 3.0 with Kaspersky PURE 2.0, as well as with

Kaspersky Internet Security 2013 (KIS 2013) and Kaspersky Anti-Virus 2013 (KAV 2013).

A greyed cell in the table means the described option is available in the product. A white cell

means the option is missing from the product.

Pay attention to new functionality and possibilities of Kaspersky PURE 3.0. For your convenience

they are red-framed and their short description is given below.

Real-Time Protection against all

known & emerging threats

Hybrid Protection combines the

power of the cloud & your PC

File Anti-Virus

Mail Anti-Virus

Web Anti-Virus

IM Anti-Virus

System Watcher

Network Attack Blocker

Anti-Spam Need to train Anti-

Spam

(use of ―cloud‖

technologies)

Anti-Banner

Application Control

Firewall

Parental Control

Kaspersky URL Advisor

Expanded compatibility of the

URL Advisor module with web

browsers

Block dangerous websites

Geo Filter

Trusted URLs

Check reputation in KSN

(Kaspersky Security Network)

Data collection on behavioral

patterns of programs

Browser Configuration Wizard

Kaspersky Rescue Disk

Post-infection Microsoft Windows

troubleshooting

KAV 2013 KIS 2013 PURE 2.0 PURE 3.0


Privacy Cleaner

Vulnerability Scan

Identity protection

Backup

Password Manager

Data Encryption

File Shredder

Unused Data Cleaner

Intellectual system of

downloading updates

Rollback of malware actions

Protection Center

Anti-Phishing

Safe Money

Quick launch of Virtual Keyboard

from entry fields

Automatic Exploit prevention

Online Backup

Password Sync

Compatibility with Windows 8


PURE 3.0 now includes the following new protection technologies:

1. Safe Money

Safe Money technology provides security during financial operations via online banking and

payment systems (e.g., PayPal, WebMoney, etc.) and while shopping online. How it works:

1. Verifies that the request goes to the genuine site of the bank or payment system (checked

against an updatable list of sites in the product).

2. Verifies the security certificate to avoid redirection to a fake website.

3. Scans the operating system for vulnerabilities critical for online banking.

4. Suggests opening the website in Safe Money mode to protect your personal data against

theft. When this mode is activated all the transferred data is specially protected from theft. To

show that the mode is active, a green frame appears around the browser window.

2. Secure Keyboard

Kaspersky PURE 3.0 includes a feature for additional protection of personal data from

keyloggers, even when you are using a physical keyboard. If you open a bank or payment

website or insert a password on any web page, Secure Keyboard mode will activate

automatically. The product settings allow you to select other categories of sites where the Secure

Keyboard protection mode should be activated, as well.

3. Automatic Exploit Prevention

It is common for malicious programs to exploit vulnerabilities in popular applications such as

Adobe Reader, Internet Explorer, and Firefox to try to gain control over the computer, steal your

personal data, etc. PURE 3.0 includes a new technology, Automatic Exploit Prevention, which

prevents and blocks such exploits.

Specifics include:

1. Control over the launch of executable files (including web browsers) if any vulnerabilities were

found, or from applications which are not intended for the launch of executable files (Microsoft

Word, Excel etc.).

2. If executable files are launched, their activities are checked for any signs of exploit behavior.

3. Control of any activities performed by an application where a vulnerability is detected (i.e.,

following the link, recording other processes to the memory, etc.).

4. Online Backup New!

Kaspersky PURE 3.0 now integrates an online backup functionality, allowing you to backup

copies of files online via Dropbox – a service trusted by over 100 million users. Free storage is

based on the standard Dropbox conditions –up to 2 GB free of charge.

The advantages of online backup storage are:

The backup copies of files are stored in one place – a protected online storage. In case

of emergency (e.g., damage to the hard drive, computer theft, etc.) your most important files

will not be lost or damaged.

You can access the backup copies of your files from any computer with an Internet

connection.

Note that to use this functionality, you’ll need to register your account in Dropbox or to use your

current account if you already have one. You will be prompted to register or login when you

create a backup task and choose the source ―Online Storage‖.

5. Password Sync New!


Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e., online), so you can

synchronize them across all of your Windows machines. So, now, from any of your PCs, you

can access your Password Manager, and you’ll automatically be logged into websites and

applications.

Simply choose the option Enable Sync during set up of Password Manager.

Note that to use the online password database, you’ll need to create your Kaspersky account.

You will be prompted to register when you choose the Enable Sync option.

6. Compatibility with Windows 8

Kaspersky PURE 3.0 is fully compatible with Microsoft Windows 8 and includes a set of features

for delivering maximum PC protection:

protection of apps developed for Microsoft’s new user interface;

integration with the enhanced Windows Security Center;

Early-Launch Anti-Malware (ELAM) system support.

7. Better Internet Security

In addition to the technologies described above, Kaspersky PURE 3.0 includes better protection

from spam and phishing due to the integration of a new anti-phishing engine and anti-spam

module, and an expanded list of compatible web browsers (Internet Explorer 8-10, Mozilla

FireFox 9.x-12.x, Google Chrome 15.x-17.x, Opera 12.61).

8. Better Overall Protection

Kaspersky PURE 3.0 includes improved overall protection technologies. A good example is the

technology added to protect against Duqu. It first appeared in the fall of 2011, and attempts to

hide from antivirus software by injecting malicious code into system processes, including boot

time – before antivirus software boots up.

9. Better Performance

Kaspersky PURE 3.0 is significantly optimized to reduce the impact on your computer’s

performance when performing the most common online user scenarios, such as: running web

browsers and other programs, installing programs, using the Internet, etc. The product also

reduces battery drain by postponing resource-intensive tasks, thereby increasing the battery life

of your laptop.

10. Easier Installation and User Experience

Kaspersky PURE 3.0 includes a web installer for the automatic download and installation of the

product, automatic removal of incompatible programs and treatment of active infection.

Additionally, the intuitive, engaging design makes it easier to understand and use the basic

Kaspersky PURE 3.0 options. The main window monitors the computer’s protection status

(sections requiring special attention are highlighted in red) and provides access to key features. It

is possible to manage the operation of individual modules directly from the main window.


CHAPTER 3. Installation of Kaspersky PURE 3.0

System requirements for Kaspersky PURE 3.0

Supported operating systems

Operating systems Hardware requirements

► Microsoft Windows XP Home Edition (Service

Pack 3 or higher)

► Microsoft Windows XP Professional (Service

Pack 3 or higher)

► Microsoft Windows XP Professional x64

Edition (Service Pack 2 or higher)

► Microsoft Windows Vista Home Basic (32/64

bit)(Service Pack 2 or higher)

► Microsoft Windows Vista Home Premium

(32/64 bit) (Service Pack 2 or higher)

► Microsoft Windows Vista Business (32/64 bit)

(Service Pack 2 or higher)

► Microsoft Windows Vista Enterprise (32/64 bit)

(Service Pack 2 or higher)

► Microsoft Windows Vista Ultimate (32/64 bit)

(Service Pack 2 or higher)

► Microsoft Windows 7 Starter (Service Pack 1

or higher)

► Microsoft Windows 7 Home Basic (32/64 bit)

(Service Pack 1 or higher)

► Microsoft Windows 7 Home Premium (32/64

bit) (Service Pack 1 or higher)

► Microsoft Windows 7 Professional (32/64 bit)

(Service Pack 1 or higher)

► Microsoft Windows 7 Ultimate (32/64 bit)

(Service Pack 1 or higher)

► Microsoft Windows 8

► Microsoft Windows 8 Pro

► Microsoft Windows 8 Enterprise

General requirements

Intel Pentium 800 MHz or higher

(or equivalent)

512 MB available RAM

Intel Pentium 1 GHz 32 bit (x86) /

64 bit (x64) or higher (or

equivalent)

1 GB available RAM

Intel Pentium 1 GHz 32- bit

(x86)/64- bit (x64) or higher (or

equivalent)

1 GB RAM (32-bit) or 2 GB RAM

(64-bit)

Intel Pentium 1 GHz 32-bit

(x86)/64-bit (x64) or higher (or

equivalent)

1 GB RAM (32-bit) or 2 GB RAM

(64-bit)


► About 700 MB free space on the hard drive (depending on antivirus database size);

► CD-ROM or DVD-ROM for installation of the program from CD;

► Computer mouse;

► Internet connection for product activation;

► Microsoft Internet Explorer 8.0 or higher;

► Microsoft Windows Installer 3.0.

Limitations

► Password Manager works only with 32-bit applications;

► ARM is not supported.

Netbooks hardware requirements

► Intel Atom 1.6 GHz (Z520) (or compatible);

► 1GB DDR2 available RAM;

► Video adapter Intel GMA950 with at least 64 MB of memory (or compatible);

► Screen size 10.1" with resolution 1024x600 or above.

Uninstalling third-party software or earlier versions of Kaspersky Lab

products

Before installation of Kaspersky PURE 3.0 all earlier versions of Kaspersky Lab products or thirdparty

anti-virus software need to have been uninstalled. If such third-party anti-virus software has

not been removed, during installation it is detected by the wizard and is deleted automatically. In

case third-party software cannot be deleted automatically, you will be offered to delete such

software manually.

Removing third-party anti-virus software with Microsoft Windows means

You can use standard Windows means, to uninstall anti-virus software:

For users of Windows XP:

1. In the bottom left corner of the screen click the Start button.

2. Select the Control Panel item.


3. In the Control Panel window select the Add or Remove Programs section.

4. In the Add or Remove Programs window select a program you need to remove.

5. Click the Change/Remove button.

6. Anti-virus software will be deleted from your computer.


For users of Windows Vista/7:

1. In the bottom left corner of the screen click the Start button.

2. Select the Control Panel item.

3. In the Control Panel window select the Programs and features section.

4. In the Programs and Features window select an application you need to remove.

5. Double-click the application’s name.


6. Anti-virus software will be deleted from your computer.

For users of Windows 8

1. On the start screen, right-click free space.

2. At the bottom of the screen, click All Apps.

3. On the Apps screen, find and right-click the required software.

4. At the bottom of the screen select Uninstall.


5. In the Programs and Features window select the application you need to uninstall.

6. Double-click the application.

7. The uninstallation process will start.

Some folders and files of previously installed anti-virus applications may still remain in the

Program Files folder after removal with the Windows standard means. If the folder contains

folders and files of other anti-virus applications, delete them.

Sometimes after removal of anti-virus software with the standard means and the computer restart

some records may still remain in the system registry and prevent Kaspersky PURE 3.0 from

installation. You will know about the records of the previous anti-virus software in the registry

during the product installation.

Removing third-party anti-virus software with special tools

Before the files are copied onto a hard disk the Setup Wizard scans the disk for software

incompatible with Kaspersky PURE 3.0. Records in the system registry are recognized by the

Setup Wizard as fully installed software, even though the product was removed and is no longer

installed on the PC. As a result Kaspersky Lab Setup Wizard asks to delete the detected

incompatible software manually and terminates the installation process.

To resolve the situation, use the links to the special removal utilities that will fully remove a

product from your computer.

Removing Norton products

Removing McAfee products

Removing TrendMicro products

Removing BitDefender products

Removing Avast products

Removing F-Secure products

How to remove Norton products

Removal tool to uninstall Norton products

(NORTON REMOVAL TOOL (С)

Symantec Corporation.

Distributed under the terms of the

NORTON Software Tool Usage

Agreement)

How to remove McAfee products

Removal tool to uninstall McAfee products

(MCPR (C) McAfee, Inc)

How to remove TrendMicro products

Removal tool to uninstall Trend Micro

products (TISSUPRT (C) Trend Micro, Inc)

How to remove BitDefender products

Removal tool to uninstall BitDefender

products (BITDEFENDER UNINSTALL

TOOL (C) BITDEFENDER)

How to uninstall Avast products

Removal tool to uninstall Avast products

(ASWCLEAR5 (С) ALWIL Software)

How to uninstall F-Secure products

Removal tool to uninstall F-Secure

products


Removing AVG products

Removing ESET products

Removing Agnitum

Outpost products

Removing Norman Virus Control product

(UNINSTALLATION TOOL (C) F-Secure

Corporation. Distributed under the terms of

the F-Secure License

Terms)

How to uninstall AVG products.

Removal tools to uninstall AVG anti-virus

(AVGREMOVER (C) AVG Technologies):

For 32-bit systems.

For 64-bit systems.

How to uninstall ESET products

Removal tool to uninstall ESET

Nod32 (ESET UNINSTALLER (C) ESET,

LLC).

How to uninstall Agnitum

Outpost products

Removal tools to uninstall Agnitum

Outpost (for Outpost 2008/2009) (CLEAN

(C) Agnitum Ltd):

For 32-bit systems.

For 64-bit systems.

How to uninstall Norman Virus Control.

Removal tool to uninstall Norman Virus

Control (version 5.x) (DELNVC5 (C)

Norman ASA).

List of applications incompatible with Kaspersky PURE 3.0

During installation of any Kaspersky PURE 3.0 component, products from the list which can be

found in the article from the link are always detected and automatically deleted – List of

applications incompatible with Kaspersky PURE 3.0.

Installation procedure of Kaspersky PURE 3.0

Before the installation make sure that your computer meets system and hardware requirements

described in the chapter System requirements for Kaspersky PURE 3.0. If any third-party

software is installed, then go to the chapter Uninstalling incompatible third-party software. To

know the list of applications incompatible with Kaspersky PURE 3.0, go to the chapter List of

applications incompatible with Kaspersky PURE 3.0. If previous application versions or other

Kaspersky Lab products are installed on the computer, go to the chapter Installation of

Kaspersky PURE 3.0 if other Kaspersky Lab products are installed.

Step 1. Starting installation.

If you purchased Kaspersky PURE 3.0 on a CD, then the installation starts automatically after

you have inserted your CD in the CD-ROM drive. If an executable installer file from the CD is not

started automatically, then it should be run manually.

For this, open the CD and the Install folder via Windows Explorer and double-click an executable

file (with the exe. extension).


If you purchased Kaspersky PURE 3.0 in the eStore in this case you get a download link to an

executable installer file which you have to run manually (by double-clicking the file). The Setup

Wizard will be launched. To start express installation, click the Install button.

If you want to read the License Agreement concluded by you and Kaspersky Lab, click the End

User License Agreement link. Read the agreement carefully, and if you accept each of its

terms, click the Install button.

To cancel the application installation, click the cross button in the top right corner of the window.

In the same window you are invited to participate in the Kaspersky Security Network program.

Participation in the program involves sending information about new threats detected on your

computer, running applications, and downloaded signed applications to Kaspersky Lab, along

with the unique ID assigned to your copy of Kaspersky PURE 3.0 and your system information.

We guarantee that none of your personal data will be sent. Review the Kaspersky Security

Network Data Collection Statement by clicking KSN agreement link. If you agree with all terms of

the statement, check the I want to participate in Kaspersky Security Network (KSN) to

provide optimal protection for my computer box. To continue the installation, click the Install

button.

Step 2. Searching for incompatible software.

On this step the wizard searches for applications installed on your computer, incompatible with

Kaspersky PURE 3.0. If such applications are not found, the wizard goes to the next step

automatically.

Upon detection incompatible software is listed and you are offered to delete such software from

your computer. Applications which Kaspersky PURE 3.0 cannot delete automatically should be

removed manually. During removal of incompatible software, the system reboots. After reboot

installation of Kaspersky PURE 3.0 continues automatically.


You can find more information about removal of incompatible software from the chapter List of

applications incompatible with Kaspersky PURE 3.0.

Step 3. Installation.

Installation of the application can take some time. Wait for it to finish. Once the installation is

complete, the Wizard will automatically proceed to the next step.

If an installation error occurs, which may be due to malicious programs that prevent anti-virus

applications from being installed on your computer, the Setup Wizard will prompt you to

download Kaspersky Virus Removal Tool, a special utility for neutralizing an infection. You can

read about the utility in the KB6219.

If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers,

after which installation of the utility starts automatically. If the Wizard cannot download the utility,

you will be asked to download it on your own by clicking the link provided.

After you finish working with the utility, you should delete it and restart the installation of

Kaspersky PURE 3.0.

Step 4. Finishing the installation.

After the program files have been copied and the modules have been registered, the Wizard

informs you of successful completion of the application installation. If you want to launch

Kaspersky PURE 3.0, check the Start Kaspersky PURE 3.0 box and click the Finish button.

Before you activate the product, make sure the system date is set correctly.

Step 5. Activation


During the first application launch, you will be offered to activate Kaspersky PURE 3.0.

Activation is the procedure of activating a license that allows you to use a fully functional version

of the application until the license expires.

► If you have an activation code, select the Activate commercial version option and

enter an activation code of 20 characters. An Internet access is required to activate the

application.

► If you do not have an activation code, you can activate trial version. In this case the

Configuration Wizard will download and install a trial key valid for 30 days. An Internet

access is required to activate the application.

The difference between trial and commercial versions, and the activation procedure are

described in detail in the License management chapter.

Installation of Kaspersky PURE 3.0 if other Kaspersky Lab products

are installed

You can install Kaspersky PURE 3.0 on top of the following Kaspersky Lab products:

Kaspersky PURE 2.0

Kaspersky PURE R2

► KIS 2012/2013

► KAV 2012/2013

In order to install Kaspersky PURE 3.0 on top of one of the mentioned programs, do the

following:


FAQ

1. Download the product distributive of Kaspersky PURE 3.0 from the Kaspersky Lab official

site.

2. Run the distributive of Kaspersky PURE 3.0.

3. Follow the instructions of the Setup Wizard (see the chapter Installation procedure of

Kaspersky PURE 3.0).

What to do if an error occurred during activation?

Check if you have the Internet connection (try to open any web page) and make sure your

Internet browser operates in the online mode.

How to activate the product I purchased a license for several computers?

To install and activate a Kaspersky Lab product on several computers use the same activation

code.

What to do if errors with Firewall and third party software occurred during installation of

Kaspersky Lab products?

You are recommended to uninstall third party software.

For Windows 8: Computer-> «Computer» -> Uninstall or change a program.

When trying to update an error message occurred “Fail to connect to an update source”.

1. Make sure Firewall and third party software are not installed on your computer.

2. Check the product update settings and/or connection settings (you can get this information

from your Internet provider) and try to update later (see KB9250).


CHAPTER 4. License management and migration to new

product version

License management

This chapter contains information regarding the basic concepts used in the context of the

application licensing. You will also learn about the automatic renewal of the license and where to

view information regarding the current license.

About license agreement

The End User License Agreement – is an agreement between natural or legal person lawfully in

possession of a copy of Kaspersky PURE 3.0 and Kaspersky Lab, ZAO. The EULA is included

in each Kaspersky Lab application. It contains a detailed description of rights and Kaspersky

PURE 3.0 usage restrictions. According to the EULA, when you purchase and install a Kaspersky

Lab application, you get an unlimited right to own its copy.

About license

License is a right to use Kaspersky PURE 3.0 and the related additional services offered by

Kaspersky Lab or its partners. Each license is defined by its expiry date and a type.

License term is a period during which the additional services are offered:

► Technical support;

► Updating databases and application modules.

The scope of provided services depends on the type of the license.

The following license types are provided:

1. Trial – a free license with a limited validity period, for example, 30 days, offered to become

familiar with Kaspersky PURE 3.0.

As soon as the trial license expires, all Kaspersky PURE 3.0 features become disabled.

Trial license can only be used once and cannot be used after a commercial license!

To continue using the application you should activate it with an activation code. The activation

procedure will be described below.

NOTE: Technical support is provided only to the customers of commercial license.

2. Commercial – a commercial license with a limited validity period (for example, one year),

offered upon purchase of Kaspersky PURE 3.0. One license can cover several computers.

If a commercial license is activated, all application features and additional services (technical

support, update of bases and application modules) are available.

As soon as a commercial license expires, Kaspersky PURE 3.0 remains a full-featured

application, but the anti-virus databases are not updated. You can still scan your computer for

viruses and use the protection components, but only using the databases that you had when the

license expired.

Two weeks before the license expiration date, the application will notify you of this event so you

can renew the license in advance. The procedure of a license renewal will be described below.


3. Commercial with an update subscription and commercial with an update and

protection subscription – a paid license with flexible management.

You can suspend and resume the subscription, extend its validity period in the automatic mode

and cancel the subscription. A license with subscription is distributed by service providers.

You can manage the subscription from the user's Personal Cabinet on the service

provider's website.

The validity period of a subscription can be limited (for example, to one year) or unlimited. If a

subscription with a limited validity period is activated, you should renew it on your own when it

expires. A subscription with an unlimited validity period is extended automatically subject to

timely prepayment to the provider.

If the subscription term is limited, when it expires, you will be offered a grace period for

subscription renewal, during which the full functionality of the program will be maintained.

If the subscription is not renewed, when grace period expires, Kaspersky PURE 3.0 ceases to

update the application databases (for licenses with an update subscription) and stops performing

computer protection or executing scan tasks (for licenses with a protection subscription).

When using the subscription, you will not be able to use another activation code to renew the

license. This is only possible after the subscription expiry date.

If you already have an activated license with a limited term at the time of subscription activation, it

is substituted with the subscription license. To cancel the subscription, contact the service

provider from whom you purchased Kaspersky PURE 3.0.

About activation code

An activation code is a unique set of Latin letters and digits that comes in four blocks of five

symbols, separated by a hyphen, for example AA111-AA111-AA111-AA111.

Activation code is the code supplied with a Kaspersky PURE 3.0 commercial license. This

code is required for activation of the application.

If you purchased a box version of the Kaspersky Lab product, the activation code can be found

printed on the first page of the user manual left cover.

If you purchased Kaspersky Lab product via E-Store, the activation code will be sent to you via email

you have specified when making the order.

The activation code which has never been activated does not have an expiry date. An unused

activation code can be activated at any time, but the license will begin to expire on the day of

initial activation.

Kaspersky Lab products can be activated with an activation code only if you have established

Internet connection. In this case the Configuration Wizard will connect to the Kaspersky Lab

servers and send the activation code to the servers. If the activation code is verified, the wizard

receives a key file which is automatically installed to the program. The activation process is

complete and is accompanied by a window with the detailed information about the purchased

license.

If the activation code was not verified, the corresponding message is displayed on the screen. In

this case contact the company where you purchased the license.

If the number of activations with one activation code is exceeded a corresponding message will

appear on the screen. The activation process will be terminated and the program will offer you to

contact Kaspersky Lab Technical Support.


If an activation error occurred and the activation code was not activated, contact Technical

Support via My Account service from any computer with an Internet connection. Give the

following information in your request:

► Place where you purchased Kaspersky Lab product;

► Information about the owner: surname, name;

► Exact purchase date;

► Full registration number of your license (this number is written on the first page of the

user manual left cover from the box version of the product or in an email (if you

purchased the product via eStore);

► Product activation code.

Without an activation code the application will work in limited functionality.

For example, you will be able to update the program only once (further updates will not be

performed), some other functionalities will be unavailable.

Purchasing license after the product installation

If you have installed Kaspersky PURE 3.0 without a license, you can purchase one after

installation:

1. Open the main application window.

2. Click the Purchase license link in the bottom right corner of the window.

The eStore web page of Kaspersky Lab opens where you can purchase a license or find the

partner nearest to you.


About activation procedure

Activation is the procedure of activating a license that allows you to use a fully functional version

of the application until the license expires.

Activation during the application installation

You can activate the commercial version of the application during the first launch of Kaspersky

PURE 3.0.

Before you activate the product, make sure the system date is set correctly.

For this, perform the following actions:

1. In the Activation of Kaspersky PURE 3.0 window select a license type — commercial or

trial. See the chapter About license for the details.

► If you have selected Activate commercial version, enter an activation code into the

corresponding field and click the Next button.

► If you want to activate trial version, select the corresponding option and click the Next

button.

Pay attention, on this step you can purchase a commercial license by clicking the Buy activation

code link. A Kaspersky Lab web-page opens where you can purchase a license and obtain an

activation code.

2. The Wizard sends a request to the activation server to obtain permission for activation of

the selected version of the application.


If the request is sent successfully, the Wizard automatically proceeds to the next step.

3. Click the Finish button, to complete the work of the Wizard.

Activation after the application installation

On the activation step during the application installation you can click the Cancel button. In this

case the application will not be activated. To activate the application after the installation, perform

the following actions:

1. In the bottom right corner of the window click the link License: not available.


2. In the Licensing window click the Activate the application button in order to activate the

program with a new license.


3. Select Activate commercial version/ Activate trial version. If you want to activate a

commercial license, enter the activation code into the corresponding field. Click the Next

button. After successful activation completion, information about the license type and the

expiry date will be shown in the wizard window.

Activation issues of Kaspersky Lab products

Kaspersky Lab products can be activated by activation codes purchased in the region where the

product will be used.

The error may appear if you try to activate your application using an activation code in one region

(country), but the activation code you use is intended for use in another region (country). For

example, you bought Kaspersky PURE 3.0 via E-Store in India, but you try to install and activate

the application in the United Kingdom.

In order to eliminate the problem, you need to install and activate your Kaspersky Lab product in

the region (country), where you bought the application.

Viewing license information

In order to view current license information, perform the following actions:

1. Open the main application window.

2. Click on the License link in the bottom right corner of the window.


In the Licensing window you can view the following license information:

► License number (for example, 0101-010101-01010101);

► License status (for example, active);

► License type (for example, commercial for 2 computers for 365 days);

► Expiration date (for example,13/03/2012 11:59 PM);

► Remaining (for example, 364 days).


You can delete the active license in the top section of the Licensing window. For this, click the

icon next to the number of license you wish to delete.

The lower section of the Licensing window allows you to select an action to be performed over

the license depending on its type and its current state:

If a trial license is installed, then the section A trial version of the application is installed is

available. Using the buttons in the section you can:

► Activate the application — if you have an activation code then in the opened window you

can activate the application with a commercial license.

► Buy activation code — the button will take you to the Kaspersky Lab page where you

can buy a license for the product via eStore or to know the address of the nearest partner.


License renewal procedure

To protect your computer after the license validity period, you can extend the license for the next

term prematurely.

To prolong the license validity period, perform the following actions:

1. Open the main application window.

2. In the bottom of the window click the License link.

3. In the Licensing window in the New activation code section:

If you already have an activation code (for example, you purchased a box version), then

perform the following actions:

a) Click on the Enter activation code button.

b) Enter your activation code in the Enter activation code window.

c) Click on the Next button.

For the convenient work with the Kaspersky PURE 3.0 license you can add a new code,

additionally to the already installed activation code.

When the main activation code is going to expire you can prolong the license for Kaspersky

PURE 3.0 and add a new code to the program as a reserved one.

When the main activation code expires, a new code is activated automatically and the program

continues operating in the fully functioning mode.

To prolong license validity period, do the following:

► If you already have an activation code, then do the following:

1. In the main application window in the bottom right corner click the License link.


2. In the Licensing window click the Enter activation code button.

3. Enter the code in the Add new activation code window.

4. Click the Next button.


► If you do not have an activation code and you want to buy a new license, then in the

Licensing window perform the following actions:

1. Click the Buy license renewal button.

2. A Kaspersky Lab web-page opens where you can prolong your license validity period

online in the License Renewal Center or find the partner nearest to you and then

prolong your license offline.


Migration policy from Kaspersky Lab products to Kaspersky PURE 3.0

The migration terms depend on the status of the license in use.

If you have an active license for the products:

Kaspersky PURE, Kaspersky PURE R2, Kaspersky PURE 2.0 — you can use your current

license to migrate.

Kaspersky

PURE

Kaspersky

PURE R2

Kaspersky

PURE 2.0

FREE

Kaspersky

PURE 3.0

► KIS 2007, KIS 2009, KIS 2010, KIS 2011, KIS 2012, KIS 2013— You can purchase a

license renewal for Kaspersky PURE 3.0 with a discount in the E-Store or from a partner.


KIS

7.0

► KAV 7.0, KAV 2009, KAV 2010, KAV 2011, KAV 2012, KAV 2013- — You can purchase a

license renewal for Kaspersky PURE 3.0 with a discount in the E-Store or from a partner.

KAV

7.0

KIS

2009

KAV

2009

KIS

2010

KAV

2010

KIS

2011

KAV

2011

KIS

2012

KAV

2012

IF the license for a product has expired:

Kaspersky PURE/ Kaspersky PURE R2/ Kaspersky PURE 2.0

► KAV 2013 / KIS 2013

► KAV 2012 /KIS 2012

► KAV 2011 / KIS 2011

► KAV 2010 /KIS 2010

► KAV 2009 / KIS 2009

► KIS 7.0 / KAV 7.0,

KIS

2013

KAV

2013

With a

discount

With a

discount

Kaspersky

PURE 3.0

Kaspersky

PURE 3.0

you can purchase a license renewal for Kaspersky PURE 3.0 with a discount in the E-Store or

from a partner.


CHAPTER 5. Backup and Restore

The Backup component in Kaspersky PURE 3.0 allows to quickly restore your data in case of a

loss or erasing.

Data stored on a computer can be lost or damaged due to various issues, such as impact of a

virus, information modification or deletion by another user, etc. To avoid losing important

information, you should regularly back up data.

Duration of the backup process directly depends on the volume of the information you wish to

save. That is why Kaspersky Lab experts recommend creating backup copies of the files and

folders which contain important information (documents, photos, music and etc.).

Backup copying creates backup copies of objects in a special storage on the selected device.

Backup storage is a specially assigned area of disk space or a data storage media.

Online backup is a new function integrated into Kaspersky PURE 3.0 that allows to store

backup copies in the ―cloud‖.

The advantages of the online backup storage are:

► The backup copies of files are stored in one place – a protected online storage. In case

of emergency (e.g., damage to the hard drive, computer theft, etc.) your most important

files will not be lost or damaged.

► You can access the backup copies of your files from any computer with an Internet

connection.

When creating a storage area, the user performs the following actions:

► selects the data medium;

► specifies the name of the new storage area’

► specifies the settings for storing backup copies’

► may also password-protect stored data against unauthorized access.

Creating a backup task

During a task execution, backup copies of the selected files are created and saved into a

specified storage. If necessary these copies can be restored.

A task is created with the help of the wizard. The wizard consists of the following steps:

► Selecting data category for backing up

► Creating a storage

► Recording restore utility (optional)

► Password protection (optional)

► Files storage settings (optional)

► Setting automatic schedule for a backup task

► Summary

Selecting data category for backing up

In order to select a category of data for backing up, perform the following actions:

1. In the main program window select the Backup button.


2. In the Backup window click the Create a backup task button.

3. In the Create backup task window select a data category you want to back up. You can

select one of the following categories:

► My Documents and Desktop (all files from the My Documents folder and from

Desktop);

► Movies and Video (all video files);


► Pictures and Photos (all image files);

► Music (all music files);

Creating backup copies for custom files

If you select the Custom files variant, you can specify manually what files to back up. Click the

Next button to continue.

In order to create a backup task for custom files, do the following:

1. In the main program window select the Backup button.


2. In the Backup window click the Create a backup task button.

3. In the Create backup task window select Custom files and click the Next button.


4. In the open window click the Add folder button.


5. In the Select folder window specify the documents that should be backed up.

6. Click the OK button to add the folder to the backing up list.

7. To select specific files for backing up, click the link in the Number of files column.


8. In the Selecting data for backup by location window on the Location of files tab check

the required files.


9. To select the data for backing up by categories, go to the File categories tab. In the left

part of the window select the necessary category. In the right part of the window check the

required files.


10. Click the OK button.

11. By default system and hidden files are backed up. If you want to back up these categories

of files, then in the bottom part of the Create backup task window click the Hidden and

system files link


12. To select a storage for backup copies, click the Next button.


Editing categories of files during a backup task creation

When creating a backup task Kaspersky PURE 3.0 distributes the selected files by categories.

Each category has a list of file extensions by which the program refers a file to a specific

category.

The default categories include:

► Audio;

► Documents;

► Images;

► Video;

► Financial documents.


To select or edit categories during a backup task, do the following:

1. Check the boxes next to the categories you need to create backup copies, if necessary.

You can use the Select all /Clear all links, to select or clear all boxes correspondingly.


2. To edit categories, click the Category editor link.

3. To create a new category, in the Category Editor window click the Add category button.


4. In the New category window enter a category name and click the OK button.


5. To add a new extension, in the right part of the Category Editor window select a

category. Click the Add extension link at the top of the window.


6. In the New extension window enter an extension you want to add (for example, .flv).

Click the OK button.


7. Using the Edit and Delete buttons you can make changes to the extensions.


8. In order to select or delete extensions from a category, check/uncheck the boxes next to

the necessary extensions.

9. You can reject changes made in the extensions for a default category. For this, click the

Default button at the top of the window.


10. In the Restore settings window click OK.

11. In the Category Editor window click the OK button

Creating a backup storage

You can select the following storage for the backup copies:

► Online storage – to store backup copies online.

► Local disk — a folder or a logical disk on the computer hard drive.

► Removable drive — any portable device (memory card, CD, etc.) connected to the

computer.

► Network drive — network folder.

► FTP-server — server that ensures file exchange via the FTP protocol.

If you have not been granted sufficient privileges to record data on the selected medium, you will

not be able to create a storage on it.


You can use extended settings for a backup storage. For this, in the Select storage for this

backup task window check the box Use extended settings for storage.

Extended settings are not available for Online backup.

Creating online backup storage

Online Backup allows you to backup copies of files online via Dropbox.

Note that to use this functionality, you’ll need to register your account in Dropbox or to use your

current account if you already have one.

You can use the same Dropbox account to save all your backup copies into one Online Backup

Storage from different computers with Kaspersky PURE 3.0 installed.

You can find more detailed information about usage conditions of the web service on the

Dropbox site.

Before using an online backup storage for creating backup copies, you need to activate the

online storage.

Activating online storage

To activate an online storage, do the following:

1. In the Create backup task window select Online storage and click the Activate now

button.


2. A sign in Dropbox window will open. If you are a registered user, log in your account. For

this, enter your email address, specified during the registration into the Email field and

your password into the Password field. Click the Sign in button.


3. Create a Dropbox account (if you are a registered user, go to step 4). To create an

account, do the following:

a. In the open window click the Create an account link.

b. Enter your first and last names, email and password in Latin symbols into the

corresponding fields.

c. Check the box I agree to Dropbox Terms, if you accept the terms of Dropbox

agreement (the use conditions are available from the Dropbox Terms link). Click

the Create an account button to complete registration.


d. In the Create backup task window click the Activate now button once.

4. To complete activation of an online storage you should confirm that Kaspersky PURE 3.0

can use your Dropbox account to back up and restore information. For this, in the browser

window click the Allow button.


5. The storage has been successfully activated.

Kaspersky PURE 3.0 will place backup copies of the saved data into a separate folder which is

created in the folder where Dropbox applications are stored.

Online storage can now be selected. If an online storage is activated, then the size of occupied

space and of free space available for recording information is displayed.


Creating online storage

When creating a backup copy using an online storage Kaspersky PURE 3.0 does not create

backup copies for the types of data which are restricted by the Dropbox use rules.

In order to create an online storage, in the select storage to create backup task window, do the

following:

1. Select an Online storage.


2. Click the Next button to go to Configuring schedule of automatic backup run.

Creating storage on local drive

In order to create a storage on a local drive, do the following:

1. In the Select storage for backup copies window click the area with the name of your

computer hard drive.


2. Click the Next button.

Creating storage on removable drive

In order to create a storage on a removable drive, do the following:

1. Connect a removable drive to your computer.

2. Wait until a connected removable drive will appear in the list of backup storages.

3. Select a drive from the list.

4. Click the Next button.


Creating storage on network drive

In order to create a storage on a network drive, do the following:

1. In the Select storage for this backup task window on the selecting storage for backup

copies stage click the Add storage link.


2. In the Network storage type window on the Network drive tab click the Browse button

to specify a path to the network folder.


3. If access to the selected folder is restricted, then you can enter account data for

authorization. For this, enter your data in the User name and Password fields.

1. Value of the User name field should be identical to an entry line |.

2. Example how to enter the settings of a network drive:

3. Drive: \\Z

4. User name: kl-12345\smith

5. Password: ***


4. Click the Next button.

Creating storage on FTP-server

In order to create a storage on a FTP server, do the following:

1. In the Select storage for this backup task window on the selecting storage for backup

copies stage click the Add storage link.


2. In the Network storage type window on the FTP server tab specify connection settings

to FTP server. When using an FTP server, you should also specify the following

connection settings:

► Server – address of the server;

► Port – number of the port;

► Folder – folder on the server into which backup copies will be saved;

► User name and Password – account data to pass authentication on the server;

► Mode – server operation mode (active or passive).


3. Click the Next button.

Connecting earlier created storage

In order to be able to operate a backup storage which was created with the help of the Backup

module, and then relocated/copied from one computer to another, this storage should initially be

connected via Kaspersky PURE 3.0. You may have to reconnect a storage after system

reinstallation.

Only connected storages are displayed in the list of storages in the program interface. Not

connected storages will not be displayed in the list of backup storages.

In order to connect an existing storage, do the following:

1. In the Create backup task window click the Connect storage link.


2. In the Connect storage window elect a storage type and specify the required connection

settings. Click the OK button.

4. If the settings are set correctly, the storage will appear in the list.

Recording restore utility

The Restore utility window is available only if you are saving your storage on a removable drive

and when selecting a storage the box Use extended settings for storage is checked.


You can record a special utility on a removable drive that will allow to extract the data from the

storage on any computer even if Kaspersky PURE 3.0 is not installed on the computer. For this,

do the following:

1. Check the box Copy Kaspersky Restore Utility to storage.

2. Click the Next button.


Password protection

The Password protection window is available only if the Use extended settings for storage

box is selected during a storage selection.


In the Password protection window do the following:

1. Check the Enable password protection (recommended) box to protect the data in the

storage against unauthorized access. Enter a password and confirm it.


2. Click the Next button.

Files storage settings

The Files storage settings window is available only if the Use extended settings for storage

box is selected during a storage selection.


To configure files storage settings, do the following:

1. In the Files storage settings window check the box Restrict the number of file

versions and restrict the number of file versions which would be simultaneously stored in

the storage.


2. To limit the storage period of backup copies, check the box Restrict storage period of

file versions and set the time period to keep old versions of files.


3. Click the Next button.

Configuring schedule of automatic backup run

By default, backup is launched manually. In order to set an automatic schedule of a backup task,

do the following:

1. If you want the task to be performed when a removable drive with a backup storage is

connected, check the box Run task on connecting the removable drive.


2. If you want the task to be started automatically at a specified time, check the box Run

automatically according to the schedule.


3. From the drop-down menu select the task frequency (minutes, hours, days, at the

specified time, every month or after application startup).


4. Set the task frequency and start time in the corresponding fields.


5. If you want the tasks skipped due to some reasons (for example, computer restart or OS

failure) to be performed, then check the box Run skipped tasks.


6. Click the Next button.

Summary

1. In the Summary window enter the name of a new task.

2. Check the box Run task when the wizard is complete, if you want to launch the task

immediately after its creation.


3. Confirm the task creation with the specified settings by clicking the Finish button.


4. The task is added to the list of backup tasks.

Starting, editing and deleting backup tasks

Starting a backup task

Backup tasks can be started either automatically (by schedule) or manually.

An automatic schedule is created during the task creation and can be changed later.

In order to run a backup task manually, do the following:

1. In the main program window select Backup.

2. In the right part of the Backup window select the necessary task from the list and click the

Run button.


3. Wait till the task is finished. In the line of the selected task, the time from the beginning of

the task execution is displayed. As a result of the task execution, an archive of backup

copies for the current date is created in the storage.

4. In order to postpone the task, click the Stop button.


5. In order to pause the backup task, click the arrow on the Stop button and in the dropdown

list select Pause.

6. You can later resume the task by clicking the Resume button.


Editing and deleting a backup task

All options of a created backup task can be changed. For this, do the following:

1. In the main program window select Backup.

2. In the Backup window click the arrow right of the Run button. In the drop-down menu

select Edit.


3. In the opened window edit the necessary settings of the backup task.

See the chapter Creating a backup task, to know how to configure parameters of a

backup task.

4. In order to delete a backup task, in the Backup window click the arrow on the right of the

Run button and in the drop-down menu select Delete.

5. In the Delete task window confirm the task deletion by clicking the OK button. If you want

the backup copes created by the task to be deleted too, check the box Delete backup

files created by this task.

Restoring data from backup

The data may be restored from the backup copies of files, if necessary. When restoring data

from backup copies a restoring procedure is launched and the Kaspersky Restore Utility is used

(if you are restoring data on the computer with no Kaspersky PURE 3.0 installed). Files from the

backup copies can be restored either to their initial location or to a random folder.

In order to restore data from backup, do the following:


1. In the main program window click the Backup button.

2. In the Backup window go to the Restore data tab.

3. In the right part of the window select a storage where the required backup copies are

stored and click the Restore data button.


4. At the top part of the Restoring data from storage window select the name of a backup

task, date of the backup copies creation and the category of data. Use search to find the

necessary file.

5. In the left part of the window select the folders to be restored and in the right part of the

window specify what files from which folders should be restored. For this, check the

required files and folders.

6. A click upon the Open button opens the latest version of a selected file.


7. In order to restore a specific version of a file, in the right part of the window select a file

and click the Versions button.

8. Select the required version of a file and click the Restore file version button.


9. At the lower part of the Restoring data from storage window click the Restore data

button (this step is skipped when a file version is restored).

10. In the Restore window select a location to save the restored files. By default the restored

files are saved into a source folder.


If you want to save the restored files into a specified folder, select Specified folder and click the

Browse button.

In the Select folder window select the specified folder. Click OK.


11. In the Restore window click the Restore button.

12. Wait till the data has been restored. In the In the Restore window click the Close button.


Managing backup storages

Connecting a storage

If a backup storage created with the Backup module was moved/copied from one computer to

another, such storage should first be connected via Kaspersky PURE 3.0 in order to become

available. You may need to connect a storage after system reinstallation.

List of storages contains only storages which are connected. You will not be able to find a

storage in the list, if that storage is not connected.

In order to connect an existing storage, do the following:

1. In the main program window select Backup.

2. In the Backup window go to the Restore data tab.

3. In the bottom part of the Restore data from backup window click the Connect backup

storage link.


4. In the Connect storage window select a drive type and define the required connection

settings. Click the OK button.

5. If the settings were specified correctly, the storage will be added to the list.

Editing storage settings

You can restrict the number of file versions and the storage period of file versions. For this, do

the following:

1. In the main program window select Backup.

2. In the Backup window go to the Restore data tab.


3. Select the required storage.

4. Click the arrow on the right of the Restore data button. In the drop-down menu select

Edit.

5. In order to restrict the number of file versions that should be simultaneously stored in the

storage, in the File storage settings window check the box Restrict the number of file

versions and specify the number of stored versions. Click the Next button.


6. In the Summary window confirm the changes by clicking the Finish button.


Clearing a storage

Backup copies of the selected files are created in a special storage during the backup process. If

storage volume is not sufficient for your current operations, you can delete obsolete versions and

backup copies of files which have been already deleted from the computer.

In order to clear the storage, please perform the following:

1. In the main program window select Backup.

2. In the Backup window go to the Restore data tab.

3. Select the necessary storage.

4. Click the arrow on the right of the Restore data button. In the drop-down menu select

Clear.


5. In the Clear storage window select the file versions you want to delete from the storage:

► If you wish to delete not all data from the storage but only file versions created before a

certain date, then check the File versions created earlier than box. Use scrolling

arrows or enter manually from the keyboard to set the date which should be the starting

point for saving object copies. Backup copies created before the date you have

specified, will be deleted.

► If you want to save only some file versions and to delete other versions, check the box

Previous file versions. Specify the number of versions to keep, including the

latest current one. Use the scrolling arrows to set the value from 1 to 99 or enter the

value manually using the keyboard. All backup copies above this number will be

deleted.

► If you wish to delete the backup copies of all files that have been deleted from the

computer, check the Backup copies of files deleted from the computer box.


6. To start the clearing process, click the OK button.

7. Wait until the clearing process is over and the Operation completed successfully

message appears. Click the OK button.

Deleting a storage

To remove a storage for backup data, you should use Storage Removal Wizard.

In order to remove a storage for backup data, please do the following:

1. In the main program window select Backup.

2. In the Backup window go to the Restore data tab.


3. Select the necessary storage.

4. Click the arrow on the right of the Restore data button. In the drop-down menu select

Delete.

5. In the Storage Removal window on the Content tab select an action to perform on the

backup copies that are located within the storage to be removed:

► Save;


► Delete.

If you select the Delete variant, all data stored on the storage will be permanently deleted!

6. Click the Next button.

7. On the Tasks tab select an action to be performed over the tasks that use the storage for

backup:

► Do not delete (in this case tasks will be saved not related to any storage; you will

have to select another storage for each task).

► Delete (all tasks will be deleted).


8. Click the Next button.

9. On the Summary tab confirm deletion of the storage with the specified settings by clicking

the Finish button.

A storage was removed.


Viewing backup reports

Each event related to data backup and restore is displayed in the report.

To get and save a report about executed backup and restore tasks, please do the following:

1. In the main program window select Backup.

2. In right upper corner of the Backup window click the Reports link.

3. In the Report window on the Backup tab you can select the period within which you need

to get a report: day, week, month, year, entire period. Use the arrows to view a report for a

required time interval: for example, create a report from January 1, 2012 till May 1, 2012.


4. In the Report window on the Restore tab you can select the period within which you need

to get a report: day, week, month, year, entire period.

5. After you have finished working with the report, click the Close button.


CHAPTER 6. Computer protection

Kaspersky PURE 3.0 provides complex protection of your computer and home network.

Complex protection includes protection of a computer, data and users, and remote

management of Kaspersky PURE 3.0 functions on all computers in the network.

To know the current protection state, click the Computer Protection module in the main program

window.

Computer Protection includes the three main sections: Protection Center, Scan and Update.

The following links are available from the Computer Protection window: Quarantine, Network

Monitor and Applications Activity. The Cloud protection button and the links Settings and

Reports reside at the top of the window.


Protection Center

Protection Center is a Kaspersky PURE 3.0 module which provides protection of personal data

against all kinds of threats. The module also protects the computer from spam and network

attacks. Components of Protection Center allow to protect the computer from unknown threats

and Internet-fraud, phishing; it lets you control user access to the Internet. This comprehensive

protection covers all channels that are used to receive and transfer data.

Protection Center lets you enable/disable protection components and go to their configuration

windows.

Real-time protection of your computer is provided by the following components:

► File Anti-Virus prevents infection of the computer's file system. The component starts

upon startup of the operating system, continuously remains in the computer's RAM, and

scans all files being opened, saved, or launched on your computer and all connected

drives. Kaspersky PURE 3.0 intercepts each access to files and scan. The file will be

accessible only if the file is not infected or is disinfected by the application. If the file

cannot be disinfected, the file will be deleted. In this case the file copy will be saved in a

backup quarantine store.

► Mail Anti-Virus scans incoming and outgoing messages for dangerous objects. Messages

will be accessible only if contain no dangerous objects.

► Web Anti-Virus protects incoming web traffic and prevents dangerous scripts from

running on your computer. The component also blocks access to dangerous web sites.


► IM Anti-Virus provides protection of your computer when you work with instant

messengers. The component protects incoming data via instant messengers’ protocols. IM

Anti-Virus provides secure work with most of internet messengers.

► Application Control tracks actions in the system performed by applications installed on

the computer, and regulates them based on the rules of Application Control. These rules

regulate potentially dangerous activity, including applications' access to protected

resources.

► System Watcher collects the data about applications’ activity on your computer and gives

this information to other components for more effective protection.

► Firewall ensures your security on local networks and the Internet. Protection against

various types of attacks is performed based on two groups of rules: packet rules and

application rules.

► Network Attack Blocker loads during the operating system launch, and scans incoming

network traffic for activities characteristic of network attacks. As soon as an attempt to

attack the computer is detected, Kaspersky PURE 3.0 blocks any network activity of the

attacking computer towards your computer.

► Anti-Spam embeds into your mail client and filters all incoming mail for unwanted mail and

sorts it according to the settings configured by the user. All emails containing spam will be

marked with a special subject. You can configure work of the Anti-Spam component

(automatic deleting, removing to a specified folder and etc.).

► Anti-Phishing. The component is embedded to Web Anti-Virus, Anti-Spam and IM Anti-

Virus. The component filters access to phishing web sites and prevents phishing attacks.

► Anti-Banner blocks ads and banners in your web browser and in some applications.

You can enable/disable any of the protection components. In order to do this, perform the

following actions:

1. Select Computer Protection in the main application window.


2. In the Computer Protection window click on the List button in the Protection

components section.

3. In order to enable/disable the required component, click on the button located in the right

part of the window in the section of the required component.

The icon shows that a component is enabled, the icon – a component is disabled.


4. In order to go to the component configuration window click on the button . You can find

detailed instructions on how to configure components in the Settings. Protection section.

Also in the Protection Center window you can find out the status of detected threats and

databases status.

Anti-virus databases statuses of Kaspersky PURE 3.0:

► Obsolete;

► Out of date;

► Have not been updated for a long time;

► Update is in progress;

► Up to date.


Scan

Scanning the computer for viruses and vulnerabilities is one of the most important tasks in

ensuring the computer's security. It is necessary to scan your computer for viruses on a regular

basis in order to rule out the possibility of spreading malicious programs that have not been

discovered by protection components, for example, because of a low security level set, or for

other reasons.

Vulnerability scan performs the diagnostics of operating system and detects software features

that can be used by intruders to spread malicious objects and obtain access to personal

information.

Further we will study peculiarities configuring settings of the scan tasks, as well as security

levels, scan methods and technologies.


Scan for viruses

Kaspersky PURE 3.0 comprises the following tasks to scan for viruses:

► Full Scan. A thorough scan of the entire system. The following objects are scanned by

default: system memory, objects loaded on startup, system backup, email databases, hard

drives, removable storage media and network drives.

► Critical Areas Scan. Virus scan of operating system startup objects (system memory,

startup objects and bootable sectors).

► Custom Scan. Scan of objects selected by the user. You can create your own list by

adding or excluding from scan any object of the computer's file system from the default list.

Starting scan for viruses

Scan tasks can be started from the main application window or from the Computer Protection

window.

Starting scan from the main application window

To start a scan task from the main application window, perform the following actions:

1. Open the main application window.

2. In the bottom part of the Computer Protection section click on the Scan link.


3. Select the required scan type from the open menu.


Starting scan from the Computer Protection window

In order to start a scan task from the Computer Protection window, perform the following

actions:

1. In the main application window select Computer Protection.

2. In the left part of the window select Scan.

3. In the right part of the window launch the necessary task. For example, Full Scan.


Full Scan

In order to start the Full Scan task, click on the icon next to the task name.


Before the first launch of a scan task, a short description of the task is given in the Full Scan

section. After the first launch of the task, the window will contain task execution time (time

reference is a link to the scan report window), number of scanned objects and scan results.

During the Full Scan task performing you can specify an action for the computer to be performed

when scan is complete. In order to do this, perform the following actions:

1. Click on the details link under Full Scan.


2. In the Task Manager window click the button keep the computer turned on and select

the required action to be performed when scan is complete:

► keep the computer turned on;

► shut down the computer;

► switch the computer to standby mode;

► switch the computer to sleep mode;

► reboot the computer.

By default, the keep the computer turned on option is selected.


You can stop the launched task by pressing on the button .

In order to resume the scan task, click the button and you will be asked to select one of the

following options: Resume scan or Start new scan.

Critical Areas Scan

In order to launch the Critical Areas Scan, click on the button next to the scan name in the

Computer Protection window.


Before the first launch of a scan task, a short description of the task is given in the Critical Areas

Scan section. After the first launch of the task, the window will contain task execution time (time

reference is a link to the scan report window), number of scanned objects and scan results.

You can stop the launched task by pressing on the button .


In order to resume the scan task, click on the button and you will be asked to select one of the

following options: Resume scan or Start new scan.

Custom Scan

Using Custom Scan you can scan individual objects on the computer. You can create your own

list by adding or excluding from scan any object of the computer's file system from the default list.

In comparison with custom scan, tasks of full scan and critical areas scan are specific scan tasks

– it is not recommended to edit scan lists for these scan types.

In order to launch a custom scan task, perform the following actions:

1. Drag the required object and drop it to the Custom Scan section. You can also click on

the select link and select the object to scan.


2. The Custom Scan window contains the pre-defined list of objects to scan.

3. Check the required boxes next to the objects or select an object by pressing the Add link:


4. In the Select object to scan window select the required object and click on the Add

button. Perform the same actions to add all required objects to scan. Once all objects are

added click on the OK button.

5. You can also check the Include subfolders box to scan all subfolders from the selected

object.


6. The selected objects appear in the Custom Scan window:

7. In order to edit or delete objects in the list of objects to scan, click on the Edit or Delete

links, correspondingly.


8. At the bottom of the Custom Scan window click the OK button to start scan of the

selected objects.

9. Once the scan task is complete the Task Manager window appears on the screen. When

the custom scan task is complete, in the Task Manager window click the Close button.


Vulnerability Scan

Vulnerability scan is a special tool which helps to search and eliminate security vulnerabilities of

applications, installed on your computer, and in operating system settings. All the problems

detected at the system analysis stage will be grouped based on the degree of danger it poses.

Kaspersky Lab specialists offer a set of actions for each group of problems which help to

eliminate vulnerabilities and weak points in the system's settings.

There are three groups of problems distinguished, and, respectively, three groups of actions

associated with them:

► Strongly recommended actions will help eliminate problems posing a serious security

threat. You are advised to perform all actions of this group.

► Recommended actions help eliminate problems posing a potential threat. You are

advised to perform all actions of this group too.

► Additional actions help repair system damages which do not pose a current threat but

may threat the computer's security in the future.

As a result of search of possible vulnerabilities in the operating system and in the applications

installed on the computer direct links to critical fixes (application updates) are displayed.

After the vulnerability scan task start, its progress is displayed in the Vulnerability Scan section,

on the Scan tab in the Computer Protection window. Vulnerabilities detected when scanning

the system and applications, are displayed in Task Manager window.

When searching for threats, information on the results is logged in a Computer Protection

report.

By default, the applications already installed on the computer are selected as scan objects.

In order to launch a Vulnerability Scan task, In the left part of the Computer Protection window

select Scan and in the right part of the window click on the button next to Vulnerability Scan.

Before the first launch of a scan task, a short description of the task is given in the Vulnerability

Scan section. After the first launch of the task, the window will contain task execution time,

number of scanned objects and scan results.


You can stop the task by clicking the button . In order to resume the task, click the

button once again.

Once the Vulnerability Scan task is complete, click on the link displaying number of detected

threats.

The scan results will be displayed in the Vulnerability Scan window on two tabs:

► System vulnerabilities;

► Vulnerable applications.


Eliminating system vulnerabilities

In order to fix vulnerabilities, perform the following actions:

1. Select the System vulnerabilities tab.


2. Select the required item in the list and click the Fix it button.

3. In order to display fixed vulnerabilities, check the Show fixed vulnerabilities box at the

bottom of the window.


Eliminating vulnerable applications

If you select an item on the Vulnerable applications tab:

► you can read the vulnerability description on the web site http://www.securelist.com,

by clicking on the Details button;

► you can create an exclusion rule for the selected vulnerability by clicking the Add to

exclusions button.

The full report contains the information about the time when the task was started, paused or

finished and the list of detected vulnerabilities with the links to their description. To go to the

report, click the Completed link at the bottom of the Vulnerability Scan window.


In order to create an exclusion rule for the vulnerability of the application, perform the following

actions:

1. In the Vulnerability Scan window go to the Vulnerable applications tab.


2. Select the required application from the list of vulnerable applications.

3. Click the Add to exclusions button.


4. In the Exclusion rule window select the required Properties by checking the boxes:

► Object;

► Threat type.

5. If the Threat type box is checked, the Rule description field displays also the Threat

type section (threat type name mask according to Virus Encyclopedia).

6. In the Exclusion rule window in the Protection components section of the Rule

description field click the any link and then on the select components.

7. In the Protection components window specify the components for which the exclusion

rule should be applied.


8. Click the OK button.

9. In the Exclusion rule window click the OK button.

10. In the Vulnerability Scan window click the Close button.

Update

Updating databases and program modules of Kaspersky PURE 3.0 ensures the up-to-date

protection status for your computer. New viruses, Trojans, and other types of malware appear

worldwide on a daily basis.

Kaspersky PURE 3.0 databases contain information about threats and ways of eliminating them,

so regular application update is required for ensuring your computer's security and for timely

detection of new threats.

Regular update requires an active license for application usage and an Internet connection.

Without a license, you will only be able to update the application once.

Application update downloads and installs the following updates on your computer:

Kaspersky PURE 3.0 databases.

The protection of information is based on databases which contain signatures of threats

and network attacks, and the methods used to fight them. Protection components use

these databases to search for and disinfect dangerous objects on your computer. The

databases are supplemented every hour with records of new threats. That is why it is

recommended to update on a daily basis. In addition to the anti-virus databases, the

network drivers that enable the application's components to intercept network traffic are

also updated.

► Application modules.

In addition to the databases of Kaspersky PURE 3.0, you can also update the program

modules (i.e. some parts of the application). The update packages fix Kaspersky PURE

3.0 vulnerabilities, and supplement or improve the existing functionality.

The main update source of Kaspersky PURE 3.0 are special Kaspersky Lab update servers.

While updating Kaspersky PURE 3.0, you can copy databases and program module updates

received from Kaspersky Lab servers into a local folder, providing access to other networked

computers. This saves Internet traffic.

You can also run update automatically, by schedule or manually.

Your computer should be connected to the Internet for successful downloading of updates from

our servers. By default, the Internet connection settings are determined automatically. If you use

a proxy server, you may need to adjust the connection settings.


During an update, the application modules and databases on your computer are compared with

those at the update source. If the databases and modules on your computer differ from those on

the update server, the application downloads only the incremental part of the updates.

If the databases outdated, the update package can be large and it can cause the additional

Internet traffic (up to several tens of MB).

Information on the update results and events, which have occurred during the execution of the

update task, is logged in a Kaspersky PURE 3.0 report.

Update of anti-virus databases and application modules can be launched from the context menu

or via Protection Center.

To launch update from the context menu, right-click the application icon in the Windows

notification area and in the context menu select the Update item.

To launch update via Protection Center, perform the following actions:

1. Open the main program window.

2. In the main window select the Computer Protection module. In the Computer

Protection window select Update in the left menu.

3. In the right part of the window click the Update button. As a result update of anti-virus

databases and application modules starts.


The Update window displays the information about the current state of Kaspersky PURE 3.0

databases, date of the last update and the run mode.

The Virus activity review link in the bottom right corner takes you to the site

www.securelist.com.

Click upon the arrow on the Update button allows you to go to the update settings.

In the Settings you can configure an update schedule, run update under another account, if

necessary or select an update source.

To know more about Update settings, go to the Settings. Update chapter.

Quarantine

What is Quarantine

Quarantine is a special area storing files probably infected with viruses and files that cannot be

disinfected at the time when they are detected.

Potentially infected objects are objects that are suspected of being infected with viruses or

their modifications.

Files are quarantined in the following cases:


► File code resembles a known but partially modified threat or has a malware-like

structure, but is not registered in the database.

In this case files are moved to Quarantine after heuristic analysis performed by the File

Anti-Virus, Mail Anti-Virus or during an anti-virus scan. Heuristic analysis rarely causes

false alarms.

► The sequence of operations performed by an object looks suspicious. In this case files

are moved to Quarantine after analysis of their behavior by the Network Monitor

component.

When you place a file in Quarantine, it is moved, not copied: the file is deleted from the disk or

email and saved in the Quarantine folder. Files in Quarantine are saved in a special format and

are not dangerous.

You can either restore a file from the Quarantine or delete it.

By default, quarantined objects are stored 30 days. When the period expires, all objects are

deleted. You can cancel this restriction by time or modify the maximum storage time of objects.

Additionally you can specify the maximum size for quarantine. When the maximum size is

achieved the quarantine content is overwritten with new objects. By default, restriction of the

maximum quarantine size is disabled.

Working with quarantined objects

If Kaspersky PURE 3.0 placed a potentially infected object to Quarantine, you can:

► restore files in original folders, from which they have been moved to Quarantine (by

default);

► delete selected files from Quarantine;

► clear Quarantine by deleting all objects.

To restore a file from Quarantine, perform the following actions:

1. Select the Computer Protection module in the main program window.

2. In the bottom left corner of the window click the Quarantine link.


3. In the Quarantine window select the object you need to restore.

4. Right-click the object and in the context menu select Restore. Or use the corresponding

button in the top row.


To delete a quarantined object, do the following:

1. Select the Computer Protection module in the main program window.

2. In the bottom left corner of the window click the Quarantine link.

3. In the Quarantine window right-click the object and in the context menu select Delete. Or

use the corresponding button in the top row.


To clear Quarantine (delete all objects from the quarantine), do the following:

1. Select the Computer Protection module in the main program window.

2. In the bottom left corner of the window click the Quarantine link.

3. In the Quarantine window click the Clear Quarantine button.


Kaspersky Lab specialists do not recommend restoring files from Quarantine, as they may

pose threat to your computer security.

Network Monitor

Network Monitor is a tool in Kaspersky PURE 3.0 used to display information about network

activities filtered by the Firewall component in real time as a report.

The Network Monitor window can be opened from the application context menu and from the

main program window.

To open the Network Monitor window from the application context menu, do the following:

1. Right-click the Kaspersky PURE 3.0 icon in the Windows taskbar notification area.

2. In the menu select Tools > Network Monitor.


In order to open the Network Monitor tool from the main application window, perform the

following actions:

1. Select Computer Protection in the main program window.

2. In the bottom left corner of the window click the Network Monitor link.

The Network Monitor window provides the information grouped on the following tabs:

► Network Activity;

► Open ports;

► Network traffic;

► Blocked computers.

Let’s study each tab in detail.


Network activity

The Network activity tab contains all active network connections currently established on your

computer.

The following information for each connection is displayed:

► name of the process (program, service, server) that initiated the connection;

► the connection protocol;

► connection settings (local and remote ports and IP addresses);

► connection duration;

► transferred / received data volume.

Clicking the «+» icon in the header of the Protocol, Remote address and Bytes received/sent

data column splits these columns into several smaller ones with more detailed information about

the network activity of the selected process.

For each connection it lists the following information: the name of an application that initiated this

connection, the connection protocol, the direction of the connection (inbound or outbound), the

connection settings (local and remote ports and IP addresses). Here you can also check the

lifetime of this connection and the volume of data sent/received.

The bottom part of the window displays a network traffic chart that shows volumes of inbound

and outbound traffic for a process selected from the list. The chart reflects traffic volume in real

time. Traffic volume is displayed in kilobytes. You can use the «+» and «-» buttons to change the

scale of the chart.

The Rules settings button on the Network activity tab takes you to the Firewall window where

you can configure network rules. According to the rule, set by Kaspersky PURE 3.0 or by the

user, Firewall allows or blocks network activity to the data packet or application.


Correspondingly, only activity allowed by the established network rules is displayed in the

Network Monitor window on the Network activity tab.

If you have configured a blocking network rule, activity which was blocked by this rule is not

displayed in the Network Monitor window on the Network activity tab.

To configure a packet rule, click the Rules settings button and in the drop-down menu select the

All network rules item.

To configure a rule for an application, click the Rules settings button and in the drop-down menu

select the Application network rules item.


Pay attention, that the Application network rules item becomes active only after a process has

been selected in a list.

You can find more detailed information about how to configure rules from the Firewall window in

the Firewall chapter.

If you click the Block network traffic button, Firewall blocks network activity of any processes. If

network activity is blocked, this button is designated as Unblock network traffic. If you click the

Unblock network traffic button, Firewall allows network activity of any processes.


Clicking the Filter button in the right upper corner of the Network Monitor window opens a menu

that contains the following items:

► Show connections established by Kaspersky PURE 3.0 – the list displays information

about connections established by Kaspersky PURE.

► Show local connections – the list displays information about connections to other

computers on the same local network.

Open ports

The tab contains information about all open ports for each process.


The following information is displayed for each port:

► name of the process (application, service, server) which uses the port;

► number of the port;

► local IP address of the process;

► data transfer protocol.

To configure packet rules and rules for applications click the Rules settings button. The opened

menu contains the following items:

► All network rules – opens the Firewall window, where you can configure packet rules

for an application selected from the list.

► Application network rules – opens the Application rules window, where you can

configure a network rule for an application selected from the list.

Pay attention, that the Application network rules item becomes active only after a process has

been selected in a list.


You can find more detailed information about rules for applications and how to edit these rules in

the Firewall chapter.

Network traffic

The tab contains information about all inbound and outbound connections established between

your computer and other computers.

Incoming and outgoing traffic volume is displayed for each program (computer, service, server,

process). Traffic volume is displayed in bytes, kilobytes and megabytes.

The bottom part of the window displays a chart that shows time distribution of traffic of the

selected application for the specified time interval.

You can view information for a day, week, month, year or the entire period of the application

operation. To set the required time interval, use the drop-down Period list.

Clicking the arrow buttons in the top left part of the window allows you to view the

data distribution for the previous and following time intervals. For example, if the Week interval

was selected from the Period drop-down list, then using the arrows you can view the information

for the last week, before the last week and etc.


The search bar is designed for quickly searching for records in the list. As the symbols are

entered, the list displays only entries that contain that particular combination of character.

Pay attention, after installation of a Kaspersky Lab product onto a computer, you may notice

sharp increase of incoming and outgoing traffic on this computer. The matter is Kaspersky Lab

products function in the proxy-server mode and therefore scan all Internet traffic before the

downloaded information gets onto your hard drive.

Kaspersky Lab products include their own internal requests into the general statistics of the

incoming and outgoing internet traffic. Third-party applications for statistics calculation also

consider their internal traffic. This statistics differs from the traffic statistics calculated by your

Internet provider and no payment is taken for the internal traffic on your computer, i.e. in reality

your traffic is not spent. This can be easily proven by a request on statistics from your provider.

Blocked computers

The tab contains information about the hosts for which Network Attack Blocker has forbidden

all network activity aimed at your computer.


The Address column displays the IP address of a blocked host.

The Time column displays the time elapsed since blocking of the host.

By default, Network Attack Blocker blocks the incoming traffic of an attacking computer for one

hour.

Clicking the Unblock button cancels blocking of the selected computer.

Applications Activity

Applications Activity tracks work of the Application Control component and displays the

information about all applications installed on the computer, and about all processes running at

the moment.

To view applications activity, perform the following actions:

1. Select Computer Protection in the main program window.

2. In the bottom right corner of the window click the Applications Activity link.


3. In the top part of the Applications Activity window from the drop-down menu select the

category of applications (All or Running).


4. If you select to display running applications, the Filter button becomes available in the

Applications Activity window. Using the button you can sort out the applications

according to the following criteria:

► Run on startup – processes, run on the startup of the operating system.

► System processes – processes, required for the operation of the operating system.

Kaspersky PURE 3.0 processes – processes, launched by Kaspersky PURE 3.0.

5. If you select to display all installed applications, applications filtering by status and by kind

becomes available in the Applications Activity window:

► A click upon green, yellow or red light sorts out applications according to the groups they

belong to: Trusted, Low / High Restricted, Untrusted.

► A click upon the View button groups the applications by time or by vendor.

Changing trusted group for an individual application

In the Application Activity window in the Status/Group column you can see the group to which

an application belongs.

However, Kaspersky Lab specialists recommend that you avoid moving applications from default

groups.

To move an application to another group, perform the following actions:

1. In the Applications Activity window select the required applications category (Running

or All).

2. If necessary, set the filter: click either the Filter or View button and select the required

display category.

3. Left-click the status of the required application and in the context menu select the group to

which an application should be moved:


► Trusted;

► Low Restricted;

► High Restricted;

► Untrusted.

4. Wait till the status icon changes.

To restore an application to the default group, perform the following actions:

1. In the Applications Activity window select the required applications category (Running

or All).

2. Left-click the status of the required application and in the context menu, select the

Restore default group item.

3. In the Applications Activity window click the Close button.

Editing rules for an individual application

The Application Control component registers actions performed by every application in the

system, regulates the application’s activity depending on the trust group of an application. Each


group has a specific set of rules. According to these rules the Application Control component

allows, prompts the user, or denies an action for an application. When an application accesses a

resource, the component verifies its rights and performs an action set by the rule.

In the Applications Activity window you can edit applications rules. For this perform the

following actions:

1. Open the main application window and select Computer Protection.

2. In the bottom left corner of the window click the Applications Activity link.

3. In the Applications Activity window right-click the required application and in the context

menu select Application rules.

You can find more detailed information about application’s rules and how to edit them from the

Settings. Applications Control chapter.

Reports

Events which occur in the work of protection components or task execution are logged in the

reports. Kaspersky PURE 3.0 creates reports about work of every component as well as monitors

the update processes.

In order to view a brief report, perform the following actions:

1. In the main program window select Computer Protection.

2. In the top right corner of the window click the Reports link.


3. To view a detailed report, click the Detailed report button.

4. In the left part of the window select the necessary component (for example, Protection

Center report).


5. For a convenient display of information set the required period of time in the Period dropdown

list.

6. You can select more proper view to present the information in the View drop-down list.

7. If you need to save a report to a file, use the Save link in the bottom left corner of the

window.


CHAPTER 7. Parental Control

The Parental Control component in Kaspersky PURE 3.0 enables you to apply restrictions on

use of the computer and Internet for each user account on the computer.

The Parental Control features can help protect children and teenagers from negative influences

while using the computer and Internet, for example by preventing them spending long periods of

time on the computer and Internet, and wasting time and money when visiting certain websites,

and by limiting access to websites intended for adults.

Parental Control can help you control:

► Use of the computer.

► Launch of various applications.

► Use of the Internet (time restriction on Internet use).

► Visits to websites depending on their content.

► Downloading of files from the Internet depending on their category.

► Correspondence with specified contacts through IM clients (such as ICQ, Miranda, and

mIRC).

► Correspondence with specified contacts on social networks (Facebook, Yahoo, Twitter).

► Sending of personal data.

► Use of specified words and word combinations in correspondence through IM clients.

Starting work with Parental Control

By default after the program installation the Parental Control component is disabled.

You can enable Parental Control for all users or for an individual account.

You can enable Parental Control:

► from the main program window;

► from the context menu in the taskbar panel.

To enable a component from the main program window, perform the following actions:

1. In the main program window select the Parental Control component.


2. In the Administrator Password window specify a password to protect the settings against

modification by other users. Click Continue.

The Administrator Password window appears only when Parental Control is launched

for the first time.


3. In the Apply administrator password to section, you can specify which features of the

application management should be protected with a password. Check the boxes next a

required variant:

► Managing Parental Control (set by default);

► Configuring the application settings;

► Exiting the application;

► Removing the application.

4. Click Apply password to finish setting an administrator password.


In order to quickly enable the Parental Control component for a configured account, rightclick

the application icon in the taskbar notification area and select Enable Parental Control.

Control levels

Kaspersky Lab specialists have developed three preset control levels (or profiles):

► Data collection;

► Child profile;

► Teenager profile.

You can use either a preset profile or customize a control level by selecting Custom

restrictions.

Each profile has a set of restrictions and settings:


► Data collection. For this profile the program logs the statistics of the user activity on the

computer and on the Internet but does not apply Parental Control restrictions.

► "Child" profile. The program logs the statistics of the user activity on the computer and

on the Internet, and blocks file downloads and visits to websites belonging to unwanted

categories.

► "Teenager” profile. The program logs the statistics of the user activity on the compute

and on the Internet, and blocks visits to websites belonging to unwanted categories.

In order to set a profile for a user account registered on the computer, perform the following

actions:

1. In the main application window select Parental Control.

2. In the open window enter a password you specified at the beginning of work with Parental

Control and click the Enter button. Check the box Save password for current session,

so that that program would not request a password during the working session.


3. In the Computer Users window click the Select control level button next to the required

account.

4. In the open window select a profile.


5. You can set different control levels for different accounts. Once a control level is assigned

to an account, the corresponding profile will be displayed on the buttons right of the

account name.


Configuring Parental Control settings

Using Parental Control you can monitor:

► Computer usage. You can restrict computer usage and control and limit running of

some applications by restricting the time spent at the computer and the launch of

blocked applications.

► Internet usage. You can enable control over the Internet usage, restrict visiting websites

depending on their contents and loading files from the Internet depending on their

category.

► Instant messaging. You can control messaging using the instant messengers (for

example, ICQ, Miranda) and social network (for example, Facebook, Yahoo, Twitter),

block transferring personal data (for example, passwords) and control presence of the

specified words and phrases in messages.

Account settings

You can specify an alias or select another image that would be displayed in the application

interface for an account. For this perform the following actions:

1. In the main program window select Parental Control.

2. Enter your administrator password in the window. Check the Save password for current

session box, if you do not want to enter your password when you open the Parental

Control window once again (after closing it).


3. In the Computer Users window next to the required account click the Settings and

reports button.


4. In the right part of the Parental Control window on the Settings tab go to the User

Account Settings section.

5. Enter an alias and select an image.

6. To save the changes, click the Apply button.


Control over computer usage

In the sections Computer Usage and Applications Usage you can disable control over

computer usage for a user, enable control over applications usage and create lists of allowed and

blocked applications for launching.

Computer Usage

If you want to limit the time which the user spends working on the computer, restrict use of the

computer by time. You can also limit the overall time spent on the computer (for example, 9

hours) and specify the required time interval for every weekday (for example, from 10am to 7pm

Mondays – Fridays). For this, perform the following actions:

1. In the left part of the Parental Control window select the Computer Usage section.

2. In the right part of the Parental Control window check the Enable control box.

3. Check the Limit usage on the selected days box.

4. Highlight green the time intervals on certain weekdays when the computer will be available

for the user. To prohibit computer use, highlight grey the time interval on certain

weekdays.


5. You can set the overall number of hours and minutes when the computer will be available

to the user. For this check the box Limit daily usage time and specify the total operating

time. Thus, the user will spend by the computer set number of hours at the specified time

interval (highlighted green in the table).


Application Usage

If you want to control applications launch by the user, you can enable control over the

applications usage and create lists of allowed and blocked applications and create the list of

allowed applications. For this, perform the following actions:

1. In the left part of the Parental Control window select the Applications Usage section.

2. In the right part of the Parental Control window check the Enable control box.

3. To create the list of allowed or blocked applications, in the right part of the window in the

Applications section click the Add button.

4. In the Control running the application window select the application executable file by

clicking the Select button:

► To select the software installed on the computer, click the Browse item. In the

Open window find the software executable file and click the Open button.

► To select among running software, select the Applications item. In the Select

application window select the application and click the OK button.


5. Allow or block the application launch and set the necessary restrictions:

► To limit the overall time of the application’s usage, check the Limit usage on the

selected days box. Highlight green the time intervals on certain weekdays when the

application will be available for the user. Highlight grey the time interval on certain

weekdays block the application usage.

► To set the overall number of hours and minutes when the application startup will be

available to the user, check the box Limit daily usage time and specify the total

operating time.


6. Click the OK button, to add an application to the list of uncontrolled.

You can edit the list of applications using the buttons Add/Block, Edit, Delete.


Computer Usage Reports

If the control is enabled the start time and the usage time of the computer and the applications

will be displayed in the report.

If you want to view the report, in the Parental Control window go to the Reports tab.

► To view the report of the computer usage, select Computer Usage. The following

information will be available to you in the right part of the window: session start time,

usage time, result.

► To view the report of the applications startup, select Applications Usage. The following

information will be available to you in the right part of the window: application, usage

time and result (allowed or blocked access).

You can create a report for a definite time interval, for this select the period in the corresponding

drop-down list.

Control over Internet usage

In the Internet Usage section you can configure access settings to the Internet and web sites,

enable control of files loading from the Internet and the safe search mode when working with

search engines.

Internet Usage


If you want to limit the time which the user spends on the Internet, you can configure Internet

access. You can also limit the overall time spent on the Internet (for example, 3 hours) and

specify the required overall time on the Internet for every weekday (for example, from 3pm to

8pm Mondays – Fridays and from 5pm to 11pm Saturdays – Sundays). For this:

1. In the left part of the Parental Control window select Internet Usage.

2. In the right part of the Internet Usage section check the Enable control box.

3. Check the box Limit usage on the selected days.

4. Highlight green the time intervals on certain weekdays when the Internet will be available

for the user. To prohibit Internet access, highlight grey the time interval on certain

weekdays.

5. To set the overall number of hours and minutes when the Internet will be available to the

user, check the box Limit daily usage time and specify the total operating time.

6. Click the Apply button, to save the changes.

Web Browsing

When working with the search engines (for example, Google, Bing) the search results may

display unacceptable materials (for example, web sites containing pornography).You can exclude

such web sites from the search results the following way:

1. In the left part of the Parental Control window select Web Browsing.

2. In the right part of the Parental Control window check the Enable safe search box.


3. Click the Apply button.

Use the Control Web Browsing option, to restrict access for the user to a web-site.

You can block or allow the access to all sites except the sites which are added to the list of

allowed sites or specify the categories according to which access to a site will be granted. For

example you can block web-sites from the Violence or Weapons category.

To restrict access, in the right-part of the Web Browsing section make sure the control is

enabled.

If you want to restrict access to some web-site categories, perform the following actions:

1. In the left part of the Parental Control window select Web Browsing.

2. In the right part of the window select the Block websites from the following categories

variant.


3. Check the categories you want to block or use the links Select all/Clear all.

4. Click the Apply button.

If you want to restrict access to all sites, except sites from the Allowed list, perform the following

actions:


1. In the left part of the Parental Control window select Web Browsing.

2. In the right part of the Parental Control window in the Block websites section select the

Block access to all websites except websites allowed in the list of exclusions

variant.

3. Click the Exclusions button to create the list of allowed websites.

4. To create the list of allowed URLs, do the following:

a. In the Exclusions window in the Allowed URLs section click the Add button.


. In the Website address window enter the address of an allowed website.


c. If you want to allow access to all pages of the site, then select Allow access to the

entire web resource. If you want to allow access to the specified page only, then

select Allow access only to the specified web page.

d. In the Website address window click the OK button.

5. To create the list of blocked URLs, do the following:

a. In the Exclusions window in the Blocked URLs section click the Add button.

b. In the Website address window enter the address of a blocked website.


c. If you want to block access to all pages of the site, then select Block access to the

entire web resource. If you want to block access to the specified page only, then

select Block access only to the specified web page.

d. In the Website address window click the OK button.

6. You can edit the lists of allowed and blocked web sites using the buttons Add, Edit,

Delete.


7. In the Exclusions window click OK, to save the changes.

File Downloads

You can control and block downloading files depending on their category from the Internet. For

this, perform the following actions:

1. In the left part of the Parental Control window select File Downloads.

2. In the right part of the Parental Control window check the Enable control box.


3. In the File categories section, select the necessary category, for example Video and click

the Block button. The status will change to Blocked in the Status column.

Internet Usage Reports


You can view the report about actions of every user for whom Parental Control is enabled, on

each category of the controlled events.

To view a report, go to the Reports tab in the Parental Control window and select the necessary

section:

► To view the report of the Internet usage, select Internet Usage. The following

information will be available to you in the right part of the window: start time, usage time

and the result (whether Internet usage is allowed or blocked).

► To view the report of the access to web sites, select Web Browsing. The following

information will be available to you in the right part of the window: URL, time and reason

(whether access is allowed or blocked).

► To view the report on the file downloading, select File Downloads. The following

information will be available to you in the right part of the window: file, time and reason

(allowed or blocked).

You can create a report for a specified time period. For this, select the corresponding period in

the drop-down list.

Instant Messaging

In the Instant Messaging section you can enable control over messaging via instant

messengers in social networks, as well as control sending of private data and use of unwanted

words in the correspondence.

Control messaging over instant messengers


If you want to restrict messaging of the user with other users via instant messengers (ICQ,

Miranda), you can enable control and create lists of allowed or blocked contacts. For this in the

right part of the Instant Messaging section click the Enable control box.

If you want to create the list of allowed contacts, perform the following actions:

1. In the left part of the Parental Control window select Instant Messaging.

2. In the right part of the Parental Control window on the Settings tab check the Enable

control box.

3. In the Contacts section click the Add contact button.


4. In the New contact window select the necessary contact from the list of existing contacts

or click the manually link and enter an account number or contact email address.

5. In the Description field enter a proper description which will be displayed in the list of

allowed contacts. Click the OK button.


6. In the Control Instant Messaging window check the box Block messaging to/from

contacts who not on the list to allow messaging only with contacts from the created list

of contacts.

7. Click the Apply button, to save the changes.

8. You can allow/block messaging with a contact, view messages from a contact or delete a

contact from the list using the buttons Allow/Block, View messages, Delete.


Control over social networking

If you want to control messaging with other users in social networks (for example, Yahoo or

Facebook), you can enable control and create lists of allowed and blocked contacts. For this in

the right part of the Social Networking section check the Enable control box.

To create the list of allowed or blocked contacts, perform the following actions:

1. In the left part of the Parental Control window select Social Networking.

2. In the right part of the Parental Control window on the Settings tab in the Contacts

section click the Add button.


The possibility to add contacts becomes available only when an account for whom Parental

Control is being configured, logs in a social network under his/her account and becomes active

there (sends/receives a message).

3. In the Adding contact window select the necessary contact from the list of existing

contacts.

4. Messages from the selected contact are displayed in the bottom part of the window.

5. Click the OK button.


6. To block a contact, highlight the contact and click the Block button.


7. To block messaging with the contacts not included in the list, check the Block messages

to/from contacts who are not on the list box.

8. Save the changes by clicking the Apply button in the Parental Control window.

Controlling or restricting sending private data

You can also control or restrict sending private data (for example, passwords) via instant

messengers. For this create the list of records which contain confidential data (for example, home

address, phone number and etc.).

Any attempts to send such data will be blocked and the information about blocked messages will

be added to the report.

In order to enable control sending private data and create the list of data blocked for sending,

perform the following actions:

1. In the left part of the Parental Control window select Private Data.

2. In the right part of the Parental Control window on the Settings tab check the Enable

control box.

3. In the Parental Control window in the Private Data section click the Add button.


4. In the Private Data window in the Data field enter the data restricted for sending (for

example, 12345 for ―Password‖, 1234567 for ―Phone number‖).

5. In the Description field enter a proper description which will be displayed in the data list

(for example, ―Password‖, ―Phone number‖).

6. Click the OK button.

7. You can edit the list of data using the Edit and Delete buttons.


8. In the Parental Control window click the Apply button.

Control over word usage

If you want to monitor use of unwanted words or phrases (for example, referring to confidential

data) within the user’s messaging, perform the following actions:

1. In the left part of the Parental Control window select Word Usage.

2. In the right part of the Parental Control window on the Settings tab check the Enable

control box.

3. In the Parental Control window in the Key words section click the Add button.


4. In the Key word window enter a word or a phrase which will be detected in the user’s

messaging. Click the OK button.

5. You can edit the list of data using the Edit and Delete buttons.

6. In the Parental Control window click the Apply button.


Instant Messaging Reports

If the control is enabled the text, time, recipients, messages with personal data and every key

word detected in the messaging will be displayed in the report.

To view a report, go to the Reports tab in the Parental Control window and select the necessary

section in the left part of the window.

► To view the report of the instant messaging, select Instant Messaging. The following

information will be available to you in the right part of the window: direction, contact,

time, and the result.

► To view the report of the social networking, select Social Networking. The following

information will be available to you in the right part of the window: direction, contact,

time.

► To view the report of the personal data transfer, select Private Data. The following

information will be available to you in the right part of the window: private data, recipient,

time, result.

► To view the report of the key words usage, select Word Usage. The following

information will be available to you in the right part of the window: key word,

recipient/sender, time.

You can create a report for a specified time period. For this, select the corresponding period in

the drop-down list.


CHAPTER 8. Home Network Control

The Home Network Control functions are designed to control Kaspersky PURE 3.0 installed on

home network computers remotely from the administrator's workstation.

Home Network Control lets you accomplish the following home network security tasks:

► analyze the level of home network protection;

► scan of the whole network or individual computers for threats;

► update anti-virus databases simultaneously;

► configure protection settings for networked computers;

► monitor computer and internet usage by the users;

► back up the data on networked computers;

► view reports on security subsystems' operation.

Protecting access with an administrator password

At the first launch of Home Network Control Kaspersky PURE 3.0 will suggest that you set an

administrator password to protect unauthorized access to networked computers. In order to set

an administrator password, do the following:

1. Open the main application window and in the lower part of the window click the Home

Network Control button.

2. If you launch Home Network Control for the first time, then a welcome window appears

giving a short description of the features of the component. Click the Start using Home

Network Control button to continue.


3. If you launch Home Network Control for the first time, then the Protect with

Administrator Password window will appear. Enter your password in the fields

Password and Confirm password. Then click the Specify password button.


Specifying a password for Home Network Control, you also specify a password to

access either the entire program or its functions. In order to change settings of the

administrator password, click the Administrator password settings link. In the open

window select components that should be password-protected.

4. If you have already set protection with an administrator password, then in an opened

window enter your password.

If you use Home Network Control to remotely manage Kaspersky PURE 3.0 via a local network,

then the password for Home Network Control must be the same on all computers in the

network.

Searching computers

To search computers to manage, first select a network for remote management (if your computer

hosts more than one network). Next, click the Searching computers button.


Computers found in the network are displayed as a table with a status assigned for each

computer. The following computer statuses are possible:

► Controlled. Kaspersky PURE 3.0 is installed on the computer, and the administrator

password is identical to the password set on this computer. Remote administration of

Kaspersky PURE 3.0 is available.

Kaspersky PURE 3.0 not installed. Kaspersky PURE 3.0 was not found on the

computer.

► Remote control is not allowed. The option to manage Kaspersky PURE 3.0 services

remotely has been disabled on the computer.


Buttons at the top of the table allow to add a computer manually, delete a computer from the list

or clear the entire list.

Check the Hide computers not controlled box at the bottom of the window, to display only

controlled computers in the table.


To display the computer in the Home Network Control on each computer, the status

"Trusted network" or "Local network" should be installed in the Firewall settings for your

home network. Otherwise, the computer will not be found when scanning the network.

To check the Firewall settings on the current computer, click the Settings link in the main

program window and in the Settings window select Firewall. In the Networks section right-click

the required network and select either Local or Trusted network.


Configuring group update

Via Home Network Control you can remotely manage update of Kaspersky PURE 3.0 on the

networked computer.

Below are the available database update modes:

► Update databases on the computers independently.

► Load updates from a selected computer in the network. In this update scenario, one

computer in the network should be assigned as an update server. Other networked

computers will download updates from this computer.

By default, updates are downloaded on each computer in the network individually. In order to

change an update method in the networked computers, do the following:

1. In the Home Network Control window click the Configure group update button.


2. In the Configure group update window select the required update method.

3. For the computers to update from a selected computer on the network, from the dropdown

list select a computer to be the update source.

4. In the list of computers at the top, a computer – update source will change the icon – a

server instead of a computer.


Group launch of update and virus scan

Via Home Network Control you can start scan for viruses and update tasks remotely either for

the entire network or for an individual computer.

How to start group scan for viruses

In order to start a group scan for viruses, perform the following actions:

1. In the main program window click the Home Network Control button.

2. At the top of the Home Network Control window click the Scan for viruses link.


3. Select a scan type: Full Scan or Critical Areas Scan.

4. Check the computers you want to scan. Click the Run scan button.


How to start group update

In order to start a group update of databases, perform the following actions:

1. In the main program window click the Home Network Control button.

2. At the top of the Home Network Control window click the Update databases link.

3. In the Group start of update window select the computers you want to update.

4. Click the Run update button.


Detailed protection setting of networked computers

In order to manage protection of every computer on the network remotely, perform the following

actions:

1. In the main program window click the Home Network Control button.

2. Enter your administrator password.

3. At the top part of the Home Network Control window select the necessary computer by

clicking it.


4. On the corresponding tabs in the lower part of the Home Network Control window you

can see information about the selected computer, configure Parental Control, scan

computer for viruses, update databases, and get backup information.

Let’s study each tab in detail.

Information

In the Home Network Control window on the Information tab displays you can view the

following information about a selected computer:

► Computer name in the local network.

► Protection components store current operation settings of all protection components

with the possibility of their remote enabling/disabling.

► Security problems – is a list of problems in the computer security and the ways of

troubleshooting these problems.

► License – the section contains information about the license in use, prolong and

activation links.


Click the corresponding buttons in the right part of the window (List, List, Details) to see the list

of protection components, list of security problems and license info.

Parental Control

The Parental Control tab allows to enable or disable Parental Control remotely on a controlled

computer, to change the Parental Control settings for each account and to view reports.


You can find more detailed information on how to configure the Parental Control component (on

your own or on the controlled computer) in the Parental Control chapter.

Scan

The tab is designed to run a virus and vulnerabilities task remotely for a selected computer:

► Full Scan. Full system scan. The following objects are scanned by default: system

memory, startup objects, system backup, email databases, hard drives, removable

storage media and network drives.

► Critical Areas Scan. A quick scan of objects that are loaded with the operating system at

startup.

► Vulnerability Scan performs the diagnostics of operating system and detects software

features that can be used by intruders to spread malicious objects and obtain access to

personal information.


Update

The Update tab provides the information about the last update on a selected computer and the

update source.


Any computer can be selected as an update server from which other computers will download

updates.

To assign a selected computer an update source, click the Make this computer an update

source button.


In the opened window confirm that you want to make this computer an update source.

The Virus activity review link takes you to http://www.securelist.com, where you can view actual

information about network threats.

To start application update on a selected computer, click the Update button.


Click the arrow in the right part of the Update button to configure an update schedule.


Backup

The Backup tab is designed for remote management of backup tasks.

The list of tasks includes all the backup tasks created on the selected computer.

You cannot create a backup task remotely. The task should be created from the main application

window on the computer (from the Backup module). After that a backup task will appear in the

Home Network Control window of this computer.


In order to run the task, click the Run button. You can pause or stop the task.


CHAPTER 9. Additional Tools

To facilitate solving specific tasks of providing computer security, Kaspersky PURE 3.0 includes

the following wizards and tools:

► Browser Configuration;

Kaspersky Rescue Disk;

► Post-infection Microsoft Windows troubleshooting;

► File Shredder;

► Privacy Cleaner;

► Unused Data Cleaner.

Browser Configuration

The Browser Configuration Wizard analyzes Microsoft Internet Explorer settings from the

perspective of security, since some settings selected by the user or set by default may cause

security problems.

The Wizard checks whether the latest software updates for the browser have been installed, and

whether its settings contain any potential vulnerability which can be used by intruders to inflict

damage on your computer. In the result of analysis the wizard will offer you to select from the list

the problems you wish to eliminate. The list is divided into three groups:

► Additional actions. List of the least dangerous threats.

► Recommended actions. List of problems posing a potential threat.

► Strongly recommended actions. List of problems posing a serious security threat.

Browser Configuration Wizard checks the following objects:


► Microsoft Internet Explorer cache. The cache contains confidential data, from which a

history of websites visited by the user can also be obtained. Some malware objects also

scan the cache while scanning the disk, and intruders can obtain, for example, the user's

email addresses. You are advised to clear the cache every time you close your browser to

improve the protection.

► Display of known file types extensions. It is useful to see the file extension. File names

of many malicious objects contain combinations of symbols imitating an additional file

extension before the real one. If the real file extension is not displayed, users can see just

the file name part with the imitated extension. Such scheme is commonly used by cyber

criminals. To improve protection, you are advised to enable the display of files of known

formats.

► List of trusted websites. Malicious objects can add to this list links to websites created

by intruders.

Running Browser Configuration Wizard

In order to run Browser Configuration Wizard, perform the following:

1. Open the main program window.

2. At the lower part of the window click the Additional Tools button.

3. In the Additional Tools window in the Browser settings section click the Start button to

configure the browser.


4. In the Browser Configuration Wizard window (if launched for the first time) only one

action is available Perform diagnostics for Microsoft Internet Explorer. To start the

search process, click the Next button.

Close all browser windows before starting the diagnostics.


When you start the Wizard next time, you will be able to select from the two options:

► Perform diagnostics for Microsoft Internet Explorer.

► Roll back changes. You can roll back changes if after the Wizard's work some

problems when working on the Internet appear.

5. Wait until the system is being checked.


6. In the wizard window, check the boxes for problems to be fixed. Click the Next button.

7. In the wizard window, click the Finish button.


Rolling back wizard actions which resulted in problems when working on the Internet

If the Wizard's work causes problems with the Internet, you can roll back the changes which were

made by the Wizard. In order to do so, perform the following actions:

1. Start the Browser Configuration Wizard.

2. In the welcome window, select the Roll back changes option and then click the Next

button.


3. In the list of made changes, select the changes for rollback and click the Next button.

4. Wait until the rollback process is completed.


5. In the wizard window, click the Finish button. Make sure problems with the Internet are

eliminated.

Kaspersky Rescue Disk

Kaspersky PURE 3.0 includes a service which allows to create rescue disk designed to scan and

disinfect x86-compatible computers.

It is required when a computer is so damaged that the anti-virus solution or disinfection tools (for

example, Kaspersky AVPTool), run under control of the operating system, fail to disinfect a

computer. Efficiency of such disinfection enhances considerably as malicious programs in the

system do not get control during the boot of the operating system.

Rescue disk is an .iso image which includes the following:

► system and configuration files;

► a set of utilities to diagnose the system;

► a set of additional utilities (file manager and etc.);

Kaspersky Rescue Disk files;

► anti-virus databases files.

A computer with the damaged operating system is booted from a CD/DVD-disk or a USB-medium

(a corresponding device should be installed on the computer).

Creating Kaspersky Rescue Disk

You can create the disk image (an .iso file) with up-to-date anti-virus databases and

configuration files. A source image can be downloaded from Kaspersky Lab servers or copied


from a local source. The file created by the Wizard is saved in the path specified during the work

of the Wizard.

To create a Rescue Disk, perform the following actions:

1. Open the main application window.

2. At the lower part of the window click the Additional Tools button.

3. In the Additional Tools window in the Kaspersky Rescue Disk section click the Create

button.

4. Kaspersky Rescue Disk is created with the help of the wizard. The Wizard consists of a

series of screens (steps) navigated using the Back and Next buttons. To close the Wizard

once it has completed its task, click the Finish button. To stop the Wizard at any stage,

click the Cancel button.

5. The Create and record Kaspersky Rescue Disk on a CD / DVD or USB drive window

of the Wizard contains information about the Rescue Disk that will be created by the

Wizard.

If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder, the Use existing

disk image box will be displayed in the first window of the Wizard. Check the box to use the

detected file as original ISO image and go directly to the Updating disk image step. Uncheck

this box if you do not want to use the disk image that has been found.


The Select disk image source window is skipped if you have checked the Use existing

disk image box in the first Wizard window.

At this step, you should select the image file source from the list of options:

► Select Copy ISO image from local or network drive if you already have a Rescue

Disk or an image prepared for it and stored on your computer or on a local network

resource.

► Select the Download ISO image from Kaspersky Lab server option if you do not

have an image file, and you want to download it from the Kaspersky Lab server.

Make sure that the Internet connection is established on your computer. The latest

version of an image is downloaded from the Kaspersky Lab server. The file size is

about 200 MB.

After you have selected an image source, click the Next button.

6. The Downloading disk image window is skipped if you have checked the Use existing

ISO image box in the first Wizard window,

If you have selected Download ISO image from Kaspersky Lab server, the disk image

downloading progress is displayed immediately.


If you have selected the option to copy the image from a local source at the previous step (Copy

ISO image from local or network drive), you should specify the path to the ISO file at this

current step.

To do this, click the Browse button. After you have specified the path to the file, click the Next

button. The disk image copying progress is displayed in the Wizard window.


When copying or downloading the ISO image is complete, the Wizard automatically proceeds to

Updating disk image.

7. Disk update procedure includes:

► update of anti-virus databases;

► update of configuration files.

Configuration files determine the possibility of starting the computer from a removable disk or CD

/ DVD written using a rescue disk image provided by the Wizard.

When updating anti-virus databases, those distributed at the last update of Kaspersky PURE 3.0

are used. If the databases are obsolete, it is recommended to update the program and restart the

Rescue Disk Creation Wizard.

To begin updating of the files, click the Next button. The updating progress will be displayed in

the Wizard window.


8. The Wizard informs you of a successful creation of the Rescue Disk and offers you to

record it on a data medium.


Specify a data medium for recording the disk image:

► Select Record to CD / DVD to record the image on a CD / DVD. You will be prompted to

specify the CD / DVD on which the image should be recorded. Then, the ISO image will

be recorded on this CD / DVD. The recording process may take some time so please wait

until it has completed.


A special program is needed for burning. For example, Nero.

► Select the Record to USB drive option to record the image on a removable drive.

Kaspersky Lab recommends that you do not record the ISO image on devices which are

not designed specifically for data storage, such as smartphones, cellphones, PDAs, and

MP3 players. Recording ISO images on these devices may lead to their incorrect

functioning in the future. You will be prompted to specify the removable drive on which the

image should be recorded. Then, the image will be recorded on this removable drive. The

recording process may take some time so please wait until it has completed.


► Select Save the disk image to file on local or network drive to record the ISO image to

the hard drive installed on your computer or another one that you can access over a

network. You will be offered to specify the folder into which the image should be recorded,

and the name of the ISO file, after which it will be recorded on the hard drive. The

recording process may take some time so please wait until it has completed. Later you

will have to record this file on the CD/DVD disk or a USB drive on your own.


9. To complete the Wizard, click the Finish button. You can use the disk that you have

created for further booting of the computer (see Starting the computer from the rescue

disk).


Creation and record of a rescue disk is completed.

Starting the computer from the rescue disk

To boot the operating system from the rescue disk, you should use a CD / DVD or removable

drive with a rescue disk image (.iso) file recorded on it, and start the computer. To start a

computer from a rescue disk, do the following:

1. Insert a medium drive with the recorded disk image into the corresponding slot and switch

the computer.

If a disk cannot be inserted before computer is enabled, in this case first, switch on the

computer, and then insert a disk into the disk drive. Try to insert the disk into the drive

quickly so the computer would boot from the rescue disk and not from an infected system.

2. Immediately after the computer restart, press the Delete key several times to enter

BIOS 1 .

3. In BIOS in the Advanced BIOS Features menu set CD/DVD-ROM (or USB-drive) as the

first boot device (the BIOS interface may vary depending on its version).

4. Exit BIOS saving the made changes.

5. When a screen with Kaspersky Rescue Disk 10 appears, press any key within 10

seconds, to prevent your computer to boot from the hard drive.

6. Using the keys to move the cursor in the left part of the screen, select the language of the

graphic interface. Press the ENTER key.

If no choice is made for some time, English is used as a default language.

Next, the folders for anti-virus databases, reports, the quarantine and auxiliary files are

searched (created). By default, folders of a Kaspersky Lab product, installed on an

infected computer, are used (ProgramData/Kaspersky Lab/AVP13 – for Microsoft

Windows Vista/7/8, Documents and Settings/All Users/Application Data/Kaspersky

Lab/AVP13 – for earlier versions of Microsoft Windows).

Pay attention, the folders Application Data in Microsoft Windows XP and ProgramData

in Microsoft Windows Vista, Microsoft Windows 7 and Microsoft Windows 8 are hidden by

default. Read KB3580, to know how to enable display of hidden folders.

If the application’s folders are not found, an attempt is made to create them. If the folders

cannot be found or created, the kl.files folder is created on one of the drives.

7. Next you are offered to select from one of the following boot modes:

Kaspersky Rescue Disk. Graphic mode loads the graphic subsystem

(recommended for most of the users).

Kaspersky Rescue Disk. Text mode loads the user text interface provided by the

console file manager Midnight Commander (MC).

► Boot from the hard drive.

1 BIOS is a part of the system hardware designed to provide access to computer hardware and the connected

devices.


8. Using the Up/Down arrows on the keyboard select Graphic mode. Press the ENTER

key.

Carefully read the text of a license agreement for Kaspersky Rescue Disk 10 and if you agree

with its conditions, press the C key on the keyboard.

When the operating system has booted you can start working with Kaspersky Rescue Disk 10.

If the operating system of the booting computer is in the sleep mode or its work was finished

incorrectly, you will be suggested to mount the file system for usage (prepare the file system tor

usage in the operating system) or restart the computer. In this case select one of the three

variants:

► Continue. If you click the Continue button, Kaspersky Rescue Disk 10 continues

mounting the file system but the file system can be damaged.

► Skip. If you click the Skip button, Kaspersky Rescue Disk 10 skips mounting of the file

system. In this case you can only scan boot sectors and startup elements for viruses.

However, some file systems can be mounted.

► Restart computer. In this scenario you can boot from a hard drive and finish work of the

operating system correctly.

Kaspersky Rescue Disk 10 allows the user to perform the following actions:

1. Scan objects for viruses and configure scan settings, including:

► modify the security level;

► change an action performed upon a threat detection;

► create the list of objects to scan;

► change type of scanned objects;


► restrict scan duration;

► specify scan settings of compound files;

► change the scan method;

► restore default scan settings.

2. Start update of anti-virus databases and configure the update settings:

► select an update source;

► configure proxy-server settings;

► specify regional settings;

► if necessary, roll the latest update back.

3. Configure additional settings:

► specify the category of the detected threats;

► create the trusted zone;

► configure notification settings;

► set the storage time for report files;

► configure settings of storing objects on quarantine and backup.

4. Create a report for scan and update tasks.

5. View statistics of the application operation.

You can find more detailed information about the features of the rescue disk in the KB article

8093.

Microsoft Windows Troubleshooting

What is Microsoft Windows Troubleshooting?

The Microsoft Windows Troubleshooting Wizard allows to neutralize the consequences of

malicious activity in the system. Kaspersky Lab recommends that you run the Wizard after the

computer has been disinfected to make sure that all threats and damage caused by infections

have been fixed. You can also use the Wizard if you suspect that your computer is infected.

The Wizard checks whether there are any changes to the system, such as the following:

► access to the network being blocked (for example, it is impossible to address other

computers in the LAN);

► known file format extensions have been changed;

► the toolbar is locked (as a result applications cannot be deleted) and etc.

Such damage can have various causes:

► the activity of malicious programs;

► system failures;

► incorrect operation of system optimization applications.

Running Post-infection Microsoft Windows Troubleshooting Wizard

To start the Wizard, perform the following actions:

1. Open the main application window.

2. At the lower part of the main window click the Additional Tools button.


3. In the Additional Tools window in the Post-infection Microsoft Windows

troubleshooting section click the Start button.


4. The Microsoft Windows troubleshooting Wizard will be started.

The Wizard consists of a series of screens (steps) navigated using the Next buttons. To stop the

Wizard at any stage, click the Cancel button.

If the wizard is started for the first time, then only the option Search for problems caused by

malware activity will be available.

If the wizard was started earlier and some changes were made, then you will also be able to

select the Roll back changes option.

Click the Next button to continue.


5. Next window displays the progress of searching for system damage. The scan may take

some time.

If you have selected Roll back changes at the first step, the Microsoft Windows

Troubleshooting searches for changes that it has made before.

6. Clicking the Finish button causes Kaspersky PURE 3.0 to terminate the System Recovery

Wizard.


File Shredder

What is File Shredder?

In some cases (for example, when you want to sell your computer) you may need to permanently

delete your personal data which are stored on your computer. Deleting data with the standard

Microsoft Windows tools (sending them to the Recycle Bin and then emptying the Recycle

Bin) cannot ensure safety and prevent possible restoration. Files may be restored using any

high-performance software tools. Formatting data storage media (such as hard disk drives, flash

cards, or USB cards) cannot guarantee total data deletion either.

In order to protect your confidential data from unauthorized restoration, Kaspersky PURE 3.0

includes the File Shredder option. Data deletion is based on rewriting deleted information with

ones, zeroes, or random symbols. In Kaspersky PURE 3.0 algorithms of re-recording symbol

chains (methods for permanent deletion of personal data) are standardized. Rewriting cycles and

number of them may vary depending on the selected method for permanent deletion.

The wizard supports data deletion from the following information carrier:

► Local drives. Deletion is possible if the user has the rights required for recording and

deleting information.

► Removable drives or other devices that are recognized as removable drives (such as

floppy disks, flash memory cards, USB disks, or cell phones). Data can be deleted from a

flash memory card if its mechanical protection from rewriting is disabled.


Before permanently deleting data from a medium, the program finds out whether deletion from a

selected drive is available. The deleting procedure will be performed only of the selected drive

supports data deletion. Otherwise the data cannot be permanently deleted from a drive.

You can delete the data that you can access under your personal account. Before deleting data,

make sure that it is not used by running applications.

Such objects as a file or a folder can be deleted. To prevent accidental deletion of important files

at a time you can select only one object for deletion (a selected folder may contain several files or

sub-folders).

Deletion of system files and folders may cause operating system malfunctions. If you select

system files or folders for deletion, the application will request additional confirmation of their

deletion.

Methods for permanent deletion of personal data are standardized. They are all based on

overwriting deleted information with ones, zeros, or random characters multiple times. Deletion

speed and quality may vary depending on the number of overwrite cycles.

Data deletion methods

Sure methods are methods when data rewriting contains three or more cycles.

In the File Shredder Tool from Kaspersky PURE 3.0 you are offered to select one of the

following data deletion standards:

► Quick delete (Recommended). Deletion process consists of two cycles of data

rewriting: writing zeroes and pseudorandom numbers. The main advantage of this

algorithm is performance speed. Two cycles are enough to complicate the operations of

data restoration tools. Even if the file itself will be restored, the data will turn out to be

annihilated.

► GOST state standard P 50739-95, Russian Federation. The algorithm carries out one

rewriting cycle using pseudorandom numbers and protects the data from restoration with

common tools. This algorithm corresponds to protection class 2 out of 6 total, according

to the State Technical Commission classification.

► VSITR standard, Germany. The algorithm carries out seven rewriting cycles. The

algorithm is considered reliable but it requires more time for execution.

► Bruce Schneier algorithm. The process consists of seven rewriting cycles. The method

differs from VSITR by its rewriting sequence. This enhanced method of data deletion is

considered the most reliable.

► NAVSO P-5239-26 (MFM) standard, USA and NAVSO P-5239-26 (RLL) standard,

USA. The algorithm carries out three rewriting cycles. The standards differ from one

another by their sequences of data deletion.

► DoD 5250.22-M standard, USA. The algorithm carries out three rewriting cycles. It is

considered a reliable method of protection against people who do not have special tools

but, however, data are successfully restored in many cases.

Permanent data deletion procedure

In order to permanently delete data, do the following:

1. Open the main program window.

2. At the lower part of the window click the Additional Tools button.


3. In the Additional Tools window in the File Shredder section click the Open button.


4. In the File Shredder window click the Browse button. In the Select file or folder window

select an object for deletion and click the OK button.

5. In the drop-down list Data deletion method, select a required deletion method.


6. Click the Delete button.

7. In the opened window confirm deletion by clicking the OK button.


Erase Your Activities History (Privacy Cleaner Wizard)

Many of user's actions performed on the Internet or with applications are registered in the

system. The following data is saved:

► Histories containing information about visited websites, applications launch , search

requests, opening / saving files by different applications;

► Microsoft Windows system log records;

► Temporary files and etc.

Privacy Cleaner Wizard allows to delete the files, including files with the user private data (for

example, passwords).

To start Privacy Cleaner Wizard, perform the following actions:

1. Open the main application window.

2. At the lower part of the main window click the Additional Tools button.


3. In the Additional Tools window in the Erase Your Activities History section click the

Start button.

4. In the Privacy Cleaner window select an action:

► Search for user activity traces;


► Roll back changes (the option is available if the wizard was used before)

5. Click the Next button.

6. Wait until the process is completed.

7. Select the required information about the user's actions to delete. The list contains three

sections:

► Additional actions – the list of the least dangerous problems;

► Recommended actions – the list of potentially dangerous problems;

► Strongly recommended actions – this group includes dangerous problems.


8. To start the process, click the Next button.

9. Wait until the deletion is completed.

10. In the Activity traces cleaned successfully window, you can specify the mode that the

wizard will be started automatically every time on Kaspersky PURE 3.0 exit. To do so,

check the box Clean activity traces every time on Kaspersky PURE 3.0 exit.


11. To finish the wizard's work, click the Finish button.

In order to delete some files, the wizard will suggest that you restart the system.

Repeated running of the Privacy Cleaner Wizard may detect activity traces which were not

cleaned up by the previous run of the Wizard. The matter is that data related to user activity in

the system are accumulated constantly. Some files, for example the Microsoft Windows log file,

may be in use by the system while the Wizard is attempting to delete them. In order to delete

these files, the Wizard will prompt you to restart the system. However, during the restart, these

files may be recreated and detected again as activity traces.

Unused Data Cleaner

The temporary files are created at the launch of any applications or operating systems. But some

of them remain undeleted when closing the application or operating system. However in some

cases (emergency shutdown, incorrect program installation, error in the program and etc.)

temporary files are not automatically deleted. Whereas deletion of temporary and unused files will

save free place on your hard drive.

Kaspersky PURE 3.0 includes the Unused Data Clearing Wizard to delete unused files. The

wizard deletes the following:

► system event logs, where the names of all active applications are recorded;

► event logs of various applications (such as Microsoft Office, Microsoft Visio, Macromedia

Flash Player) or update utilities (such as Windows Updater, Adobe Updater);

► system connection logs;

► temporary files of Internet browsers (cookies);

► temporary files remaining after installation / removal of applications;


► Recycle Bin contents;

► files in the TEMP folder whose volume may grow up to several gigabytes.

To start the Unused Data Clearing Wizard, please do the following:

1. Open the main application window.

2. At the lower part of the window select the Additional Tools button.

3. In the Additional Tools window in the Unused Data Cleaner section click the Start

button.


4. In the welcome window of the window click Next to start the wizard.

5. Wait until the search of unused files is complete.


6. In the Searching for unused data is complete window check the boxes for the actions to

be performed by the Unused Data Clearing Wizard. All actions are grouped into three

categories:

► Additional actions;

► Recommended actions;

► Strongly recommended actions.

To start the deletion process, click the Next button.


7. Wait until the deletion process is over.

8. In the Unused data deletion is complete window click the Finish button.


CHAPTER 10. Safe Money

A new component Safe Money which was initially added to Kaspersky Internet Security 2013 has

been embedded into Kaspersky Pure 3.0

The component provides significantly improved protection of financial operations via online

banking and payment systems (e.g., PayPal, WebMoney, etc.) and while shopping online.

If an attempt is made to enter an online banking system, bank website or payment system

personal account, Kaspersky PURE 3.0 performs the following activities:

1. Verifies that the request goes to the genuine site of the bank or payment system

(checked against an updatable list of sites in the product).

2. Verifies the security certificate, to avoid redirection to a fake website.

3. Scans the operating system for vulnerabilities critical for online banking.

4. Suggests opening the website in Safe Money mode to protect your personal data

against theft.

If a website is opened in Safe Money mode, Kaspersky PURE 3.0 switches to HTTP protocol

(irrespective of the previously used protocol). The program also restricts how other programs and

processes can access the data that is transferred. This helps ensure your personal data is

protected against theft.

Advantages of the Safe Money component are the following:

► Safe Money protective mechanisms are enabled automatically based on the list of web

sites of banks and online payment systems recommended by Kaspersky Lab

specialists. No preliminary configuration is needed.


► At the same time you can configure automatic enabling or disabling of the Safe Money

mode for a specific site manually.

► When Safe Money mode is activated, a green frame will appear around the browser

window.


In order to configure automatic enabling and disabling of the Safe Money component for a

specific site, do the following:

1. Open the main application window and select Safe Money.


2. In the Safe Money window click the Add bank or payment system button in the left part

of the window.


If editing settings in the product is password-protected, then the Password checking window will

appear. Enter your password to continue.

3. In the Website for Safe Money window specify a web site of a bank or payment system

(you can specify either a URL-address or the mask of a URL-address). The protocol

https:// (used by default by the safe browser) should be specified before the site URLaddress

4. In the Description field give a short description of the added resource (name of the bank

or of the payment system).


5. In the Website for Safe Money window click the OK button.

6. A newly added resource will appear in the list of banks and payment systems in the Safe

Money window.

For each item on the list, a description of a bank or a payment system and the URL of the

website are displayed. On the right of the description of a bank or a payment system,

buttons are displayed, which allows edit the current item or remove it from the list.

To add another bank or a payment system, click the Add bank or payment system

button in the left part of the window.


A shortcut to quickly open the Safe Money window is created by default on the Desktop

during the product installation.

If the list is blank, Kaspersky PURE 3.0 running in Safe Money mode uses the

database of websites owned by banks and payment systems that has been

recommended by Kaspersky Lab specialists.


CHAPTER 11. Data Encryption

Data Encryption is designed for protecting confidential information against unauthorized access.

To protect your personal data, the mechanism of encryption is used. It means that data is stored

in an encrypted form in a special container.

Container is an encrypted object created by the user with the Data Encryption function. After

the container is created and connected you can work with it as with a virtual logical drive.

Containers can be copied, burnt onto CD and DVD-disks, sent by e-mail, relocated onto another

computer on which Kaspersky PURE 3.0 is installed.

To work with data in a container, it is required to decrypt them. On decryption Kaspersky PURE

3.0 will ask to enter your password. After entering the password, the container will be displayed in

the system as a virtual removable device which can be used to move or copy data to.

Creating an encrypted container

In order to store encrypted data, it is required to create a container. A container can be created

on a local disk or removable devices.

During a container creation, you will be required to specify its name, size, access password and

path to store the file.

You can also connect an earlier created container if it is not accessible on the computer (for

example, after operating system re-installation). In this case the container will appear in the list of

containers, but access to the container will be blocked until you enter the password to the

container.

In order to create a container, perform the following actions:

1. Open the main application window.

2. Click on the Data Encryption button.


3. In the Data Encryption window click on the Create container button.

4. In the Create encrypted container window, specify the main settings for the container:


► Container name;

► Password;

► Size;

► Container file location.

The Decrypt data on drive connection box becomes active if you create an encrypted

container on a removable drive.

5. Click the Next button to continue creating an encrypted container.


6. Wait until an encrypted container is created.


Encrypting data

Once the container is created, you can see the container information in the lower part of the Data

Encryption window.


Once a container is created the Create encrypted container window appears, the window

provides short tips on how to see the container. Click Next to see all tips or click Cancel to close

the window with the tips.


You can view data stored in the container by clicking the Open container button. The container

will be opened in the Microsoft Windows Explorer. Copy to the container data you wish to

encrypt.

In order to encrypt data, click the Encrypt data button in the Data Encryption window of

Kaspersky PURE 3.0.


Connecting an earlier created container

In order to connect an earlier created container (for example, created on another computer with

installed Kaspersky PURE 3.0), perform the following actions:


1. Open the main application window.

2. Click on the Data Encryption button.

3. In the Data Encryption window click on the Connect container link.

4. Select the container file and click the Open button.


Decrypting data. Configuring container

In order to access data stored in a container, perform the following actions:

1. Open the main application window.

2. Select Data Encryption.

3. Select the required container from the list and click on the Decrypt data button in the

container section.


4. Enter a password to the container in the open window.

5. Click on the OK button. The container opens in the Microsoft Windows Explorer window.


6. Click the Open container button to open the container and copy the necessary data into

it.

Pay attention that once container is decrypted and until it is encrypted once again, the container

is displayed in the Explorer as a separate disk.


You can change the password of name of the container. Also you can create a shortcut to the

container or delete the container.

In order to configure the container settings, perform the following actions:

1. In the section of the created container click the Configure button.

2. Enter the password to access the container.


3. In the Container settings window you can change the name of the container, change

password or create a desktop shortcut.

4. To change the password to the container click the Change password link. In the open

window enter your current password in the Old password field and your new password in

the New password and Confirm password fields. Click the OK button.


5. In order to create a shortcut to the container, click the Create desktop shortcut link.

The shortcut to the container will appear on the desktop:


Deleting container

In order to delete a container, perform the following actions:

1. In the Data Encryption window click on the arrow next to the Configure button.

2. Select Delete from the open menu.

3. In the Delete container window enter the password to the container and click OK.

4. In the Confirm deletion window confirm deletion by clicking the OK button.


CHAPTER 12. Password Manager

What is Password Manager

Using passwords is the most common authorization method, and frequently a password is the

only obstacle for intruders who try to get access to your personal data.

Password Manager is an indispensable tool for the active Internet user. It fully automates the

process of entering passwords and other data into websites and saves the user going to the

trouble of creating and remembering multiple passwords.

When you use Password Manager to log in, you can rest assured that your data is safe. The

software creates exceptionally strong passwords and prevents your login information from being

stolen. All confidential data is encrypted and kept in a dedicated database on your computer.

Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e., online), so you can

synchronize them across all of your Windows machines. For example, you can add new

accounts via the Password Manager component in Kaspersky PURE 3.0 installed on a home

notebook, and then use new data on other computers with Kaspersky PURE 3.0 installed (on a

workstation).

Note, that to synchronize password and data on all computers you need to have installed

Kaspersky PURE 3.0 on them and during initial configuration of Password Manager to have

created (if necessary) or specified the same Kaspersky Account (if existing (see below)). In this


case, every time Password Manager from Kaspersky PURE 3.0 is started it will automatically

synchronize passwords and data on all computers and devices.

Using the data synchronizing option not only can you keep your passwords and personal data in

actual state, but restore the data in case of changes or device loss.

You can cancel use of synchronization. In this case Password Manager will save your

passwords and data locally on your computer. However, you can enable the synchronizing option

later and synchronize all your data on all devices and computers.

Synchronizing state of passwords and data is displayed at the lower part of the Password

Manager window.

Main functions of Password Manager

1. One-click authorization

Password Manager saves the parameters you use to access web resources or applications

(login and password). With each subsequent visit to the site or a program, Kaspersky PURE 3.0

will insert your credentials automatically.

2. Secure protection of your passwords

Password Manager stores your passwords and other personal information in a secure,

encrypted database on your computer. Access to the passwords database can be granted only

after authorization in the program.

Password Manager inserts information directly into web resources and applications without

using the keyboard and effectively protects your passwords against keyloggers (a keylogger is a

malicious program that tracks the sequence of keystrokes on the keyboard in order to record a

user’s personal information, such as passwords).

Password Manager effectively combats phishing attacks as it verifies the authenticity of web

addresses and the software version before any passwords are inserted.

3. Accounts

You can use several user accounts for one website (application), or one account for several

websites (applications).

4. Identification cards

Password Manager allows long registration forms to be completed automatically based on

identification cards containing personal data which the user creates in advance. Several cards

can be used to store business and personal information separately (e.g. first and last name, year

of birth, sex, email address, telephone number, country of residence, etc.).

5. Secure memos

Password Manager enables you not only to securely store logins and passwords but also

personal records which you would like to remain confidential such as: SIM card PIN codes,

software keys, passport details, etc.


6. Password generator

The Password generator included in Password Manager will help you to create strong

passwords that would be difficult for cybercriminals to crack.

7. One passwords database for all computers

You can synchronize your passwords database, personal data and identities with the ―cloud‖ and

thus make it available on all computers where Kaspersky PURE 3.0 or Kaspersky Password

Manager alone is installed.

Starting Password Manager

Enabling password synchronization

Kaspersky Account is needed to synchronize all passwords on all your devices and computers.

If you have Kaspersky Account, then you can use it to manage the Password Manager

component. For this, enter your email address and a password (not less than eight symbols)

which you specified during registration.

If you do not have Kaspersky Account, then during the first launch of Password Manager and

sync configuration, you will be offered to create one. Once you have created and activated your

account, you can use it to sync passwords and data via the ―cloud‖ on all devices and computers

with Kaspersky PURE 3.0 installed.

Steps of the Password Sync Wizard are the following:

1. To start working with Password Manager, in the main application window select

Password Manager.

2. Click the Start Password Manager button.


3. In the open Password Manager window click the Enable sync button.

4. Read Terms of Use. If you accept the agreement check the box I accept Terms of use.

Click the Next button.


You need a Kaspersky Account to enable synchronization.

If you do not have Kaspersky Account:

a. In the Password Manager window select I do not have Kaspersky Account.

Click the Next button.


. Enter your email address and specify a password. To read the terms of use and

conditions, click the corresponding link in the window.

Check the box I would like to subscribe to news from Kaspersky Lab ZAO, if

you want to receive company news.

Click the Next button.

c. Click the Finish button. Check your email box specified during the registration.


d. The message from Kaspersky Account Message will contain a link you need

to click in order to confirm your created account.

e. Once you have followed the link, enter your password for the account and click

the Activate button.

f. Your Kaspersky Account is created.

g. In appeared window enter a password for your Kaspersky Account. Click

Unlock button.

Your Password Manager is unlocked now and passwords database has been

synchronized.


Now in order to get access to the created database of passwords and data on all

devices and computers, you need to install Kaspersky PURE 3.0 and during

initial configuration of Password Manager specify the same Kaspersky Account.

In this case when the Password Manager component from Kaspersky PURE

3.0 is started, the component will automatically synchronize passwords and data

on all devices and computers.

h. In order to see the sync status or to cancel sync, click the Last sync link at the

bottom of the Password Manager window.

If you have Kaspersky Account:

a. In the Password Manager window select I already have Kaspersky Account.

Click the Next button.


. Enter your email address and a password which you used when creating

Kaspersky Account. Use the link Forgot your password? if necessary. Click

the Next button.

c. The sync configuration is complete. Now your passwords and data will be

synchronized and can be used on other devices and computers.

Click the Finish button.


d. Go to the Password Manager component in Kaspersky PURE 3.0 Your

passwords database has been synchronized.

Now in order to get access to the created database of passwords and data on all

devices and computers, you need to install Kaspersky PURE 3.0 and during

initial configuration of Password Manager specify the same Kaspersky Account.

In this case when the Password Manager component from Kaspersky PURE

3.0 is started, the component will automatically synchronize passwords and data

on all devices and computers.


e. In order to see the sync status or to cancel sync, click the Sync link at the

bottom of the Password Manager window.

f. To add a new account or personal data, click the Unlock Password Manager

button and enter your password for Kaspersky Account.


Enabling password sync

On the first step of Password Manager configuration you can cancel synchronization.

In this case Password Manager will save all your passwords and data locally on a device or a

computer. You can enable synchronization and synchronize your data any time you want.

Steps of the Password Manager sync wizard are the following:

1. In the Password Manager window click the Start Password Manager button.


2. In the open Password Manager window click the Don’t enable sync button.

3. In the Password Manager sync wizard is complete window click the Finish button.


4. The Create master password for new vault window will open. To know what a master

password is and how to create a master password, read the chapters What is Master

Password and Creating Master Password.

5. You can enable synchronization later from the Password Manager window later. To

enable synchronization, click the Sync disabled link at the bottom part of the window.


6. Go to the chapter Enabling passwords synchronization, to know the sync wizard steps.


What is Master Password

Master Password is your personal key to access your password database containing your

passwords and other personal data. Without master password it is impossible to access the

password database. Keep it in secret.

When creating your master password, it is recommended to follow the following

recommendations:

► a password can contain digits, Latin characters, space and special characters («.», «,»,

«?», «!», «», «‖», etc.);

► You must not use in the password:

words found in a dictionary or set expressions;

any easy-to-guess sequence like: qwerty, 123456789, qazxsw etc.;

personal data: first and last names, addresses, passport numbers, social security

numbers etc.;

it is strongly advised not to reuse the passwords which you use to run other

programs (e-mail, databases, etc).

Creating Master Password

If you canceled synchronization on the first step of Password Manager sync wizard, you will be

offered to create a master password to protect your data from cyber-criminals who may try to get

access to your passwords database.

In this case Password Manager will save your data and data locally on your computer.

In order to create a master password, do the following:

1. In the Password Manager window enter and confirm your master password. Click the

Next button. (See tips on how to make a master password above).


2. To finish Password Manager configuration, click the OK button.

If you forgot your master password

If you forgot your master password, do the following:

1) Click the link Master password is forgotten in the в master password entry window (the

link appears after the first unsuccessful attempt to enter a password).


2) In the Master password is forgotten window carefully read conditions of the previous

password reset to new one. Pay attention, creation of a new password leads to the

creation of a new passwords vault, whereas the previous passwords vault will be

destroyed. Click the Next button.

3) In the Creating master password for new vault window enter your new password twice.

Click the Next button.


4) In the Connecting to online vault with Kaspersky Account window enter your login

and password.

5) You can enable synchronization later from the Password Manager window later. To

enable synchronization, click the Sync disabled link at the bottom part of the window.

6) Go to the chapter Enabling passwords synchronization, to know the sync wizard steps.


Locking/ unlocking passwords database

By default, Password Manager locks the database at the program start and after the specified

locking time. Password Manager is available only if the passwords database is unlocked.

You can lock/unlock the database with the following methods:

► From the Password Manager window;

► From the Kaspersky PURE 3.0 context menu;

► By key combination CTRL + ALT + L.

You can lock/unlock Password Manager with the following methods:

► From the main application window;

► From the context menu.

In order to lock Password Manager from the main application window, perform the following

actions:

1. In the lower part of the main application window, select Password Manager.

2. In the Password Manager window, click the Lock Password Manager button.


In order to lock Password Manager from the context menu, perform the following actions:

1. Right-click the Kaspersky PURE 3.0 icon in the taskbar notification area.

2. From the open context menu select Lock Password Manager.

In order to unlock Password Manager from the main application window, perform the following

actions:


1. In the lower part of the main application window, click on the Password Manager button.

2. In the Password Manager window, click on the Unlock Password Manager.

3. Enter a master password to unlock Password Manager. You can use Virtual keyboard

which allows to enter passwords without pressing keys on the physical keyboard to enter

your master password or enable the option Show password by clicking the corresponding

icons in the right part of the entry field.


If at the Password Manager configuration stage Password sync was enabled, then you

need password from your Kaspersky Account to unlock Password Manager.

In order to unlock Password Manager from the context menu, perform the following actions:

1. Right-click the Kaspersky PURE 3.0 icon in the taskbar notification area.

2. Select Unlock Password Manager.

3. Enter your master password for Password Manager and click on the Unlock button.

If at the Password Manager configuration stage Password sync was enabled, then you

need password from your Kaspersky Account to unlock Password Manager.

Caption button of Password Manager

The caption button is displayed in the top part of the browser (application) and allows to:

► Add an account (identity) to the database;

► Add personal data;

► Lock Password Manager;

► Open the Password Manager window;


► Open the Password generator and passwords history.

If Password Manager is locked, the Caption Button is inactive.

Adding accounts to Password Manager

Adding website account to Passwords database

You can manually add a new web-site account to the passwords database the following way:


► From the Kaspersky PURE 3.0 context menu in the taskbar notification area – for this

right-click the Kaspersky PURE 3.0 icon, click Add and select the necessary item.

► Form the Password Manager main window.

In order to add a website account from the Password Manager main window, perform the

following actions:

1. Open the main application window.

2. In the bottom part of the window select Password Manager.

3. In the open Password Manager window click the Add Account button.


4. In the left part of the opened Password Manager window select Web accounts. In the

right part of the window click the Add web account button.


5. In the right part of the new window fill out the required fields: Account name (My

Facebook account), URL (www.facebook.com), login and password.

6. Check the Auto sign in box, if you want Password Manager to enter your account data

and automatically sign in upon opening a web site.

7. If you want to add a date when the password for the account expires, perform the following

actions:

a. Click the Password never expires link. In the drop-down list select Password

expires.

b. In the entry field next to the link specify the date when the password will expire.


8. Click the Password Generator link to automatically create a strong password. Using

Password Generator you can create strong password by specified conditions (special

characters, numbers and symbols use).

You can find detailed description of Password Generator in the Password Generator

section.


9. By checking the Advanced settings box you can specify a default browser where the

account opens (at Password Manager start), link the account to a specific web page,

manually configure the login form and add comments to the account.

In the Advanced settings section next to Login form click the Edit settings button to manually

configure authorization fields. In the Manual form editing window you can configure field

correspondence with entered data. In the Description column you can find action to be

performed with the field.

Now when the form for facebook.com is edited, login will be automatically entered in the Email

field.

To save the made changes click the OK button.

10. To add the created web account, click the Add button in the lower part of the window.


The web account has been added to the passwords database.

Adding account for application to passwords database

The Caption button is located on the upper part of application window. Using the button you can

quickly add an account to the password database and authorize in an application.

In order to add your account for an application to the password database using the Caption

button, perform the following actions:

1. Launch an application (for example, Google Talk)

2. Click on the Caption Button and select Add Account.

3. In the open window specify your login and password in the Login and Password fields.


4. Click the Add Account button.

The account has been added to the passwords database.

In order to sign in using Password Manager, perform the following actions:

1. Open the authorization window of the application (for example, gtalk).

2. Click on the Caption Button and select the required user to sign in from the drop-down

menu (for example, user).

Password Manager will automatically sign the user in.

You can also manually add an account for an application to the password database of Password

Manager. You can open the window of adding accounts with the following methods:

► From the Kaspersky PURE 3.0 context menu in the taskbar notification area.

To do this, perform the following actions:

1. In the Taskbar notification area right-click the Kaspersky PURE 3.0 icon and select

Add.


2. From the open menu select App Account.

► From the Password Manager window.

In order to add a new account for an application from the Password Manager window, perform

the following actions:

1. Open the main application window.

2. In the lower part of the window select Password Manager.

3. In the Password Manager window click the Add Account button.


4. In the left part of the window select Application accounts and click the Add application

account button.

5. In the opened window select the application to create the account for. You can do this with

the following methods:

► Drag the shortcut of the necessary program into the Application field;

► Drag the pointer icon to the open window of the application;

► Select the application by clicking on the Browse button.


6. In the upper part of the window enter or edit the required name for the account.

7. Enter your login in the Login field and password in the Password field.


9. If you want Password Manager to automatically enter your authentication data in the

application and to sign you in, check the Auto sign in box.

10. You can also specify a date when the account password expires. In order to do this,

perform the following actions:

a. Click on the Password never expires link and select Password expires from

the drop-down menu.

b. In the field next to the link specify the required date when the password expires.

11. Click the Password Generator button to automatically create a strong password. Using

Password Generator you can create strong password by specified conditions (special

characters, numbers and symbols use).

You can find detailed description of Password Generator in the Password Generator

chapter.


12. Check the Advanced settings box to open additional settings.

13. You can use the account:

► In the specified window

► In all application windows


14. You can configure the authorization form filling in manually and specify some

comments. For this in the Login form section click the Edit settings button.

15. In the open window you can configure automatic form authorization filling in. The

Description column contains information on actions to be performed with the

corresponding field.


16. Click the Add button to complete account creation.

The account for the application has been added to the passwords database.

Adding and using Identities

Password Manager can fill in web-forms for registration or online banking using existing

identities with your personal information (for example, full name, birth date, e-mail addresses,

phone numbers, country of living, bank accounts information).

You can add an identity with the following methods:

► Using the Caption Button. To do this, click on the Caption Button and select Identities ->

Add Identity.


► From the context menu of Kaspersky PURE 3.0. To do this, right-click the Kaspersky

PURE 3.0 icon in the taskbar notification area and select Add -> Private Data from the

open menu.

► From the Password Manager window.

In order to add an Identity from the Password Manager window, perform the following actions:

1. Open the Password Manager window.

2. Click on the Add Identity data button.


3. A window with a form to create a new identity with personal data will open.


4. In the upper part of the window enter the required type of the Identity (for example,

Work).

5. Identity data comprise the following sections:

► Personal details;

► Contact;

► Internet;

► Business;

► Finance.

6. In order to fill out each section use the buttons located next to each section or the

buttons available next to the Summary tab.

7. In the Personal details section enter the main information about yourself. Fill out the

main fields and go to the next section by selecting the corresponding button in the upper

menu.


8. In the Contact section fill out the required fields and go to the next section by selecting

the corresponding button in the upper menu.


9. In the Internet section fill out the required fields and go to the next section by selecting

the corresponding button in the upper menu.

10. In the Business section fill out the required fields and go to the next section by selecting

the corresponding button in the upper menu.


11. In the Finance section fill out the required fields and go to the next section by selecting

the corresponding button in the upper menu.


To add information about your credit card, click the Credit Card button.

To add information about your bank account card, click the Bank Account button.

When all sections are filled out, click the Save button.

In order to apply an identity, perform the following actions:

1. Open the required page with identity fields.

2. Click the Caption Button and from the open menu select Identities -> .

Password Manager automatically fills in identity fields.

Adding and using Notes

Notes save text information in an encrypted form (for example, passport information, numbers of

bank accounts and etc) and allow quick access to the saved data. Preset templates can be used

to create a note.

A note can be edited.

You can create a note the following way:

► From the Kaspersky PURE 3.0 context menu in the taskbar notification area.

In order to create a note from the context menu, do the following:

1. Right-click the Kaspersky PURE 3.0 icon in the taskbar notification area.


2. Select Add > Note.

► From the Password Manager window.

In order to create a note from the Password Manager window, do the following:

1. Open the Password Manager window.

2. In the left part of the window select Passwords and data.


3. In the left part of the window select Notes.

4. In the right part of the window click the Add note button.

5. In the right part of the new window enter name of your note.


6. You can use templates with the set of standard types of data when creating a note. This is

convenient as each template comprises fields where you can enter your data. For

example, a note for driver’s license contains the following fields: first name, surname,

address, sex, height, weight, hair, eyes, date of issue, expiration, license number, class.

The following templates are predefined in Kaspersky PURE 3.0:


► Software license;

► Credit card;

► Bank account;

► ID card;

► Driver’s License;

► Passport;

► Visa;

► Voter card;

► Student card;

► Internet settings.

7. In order to use a template, click the Template button.

8. You can create your own template. For this, enter the necessary types of data. Click the

Template button and in the drop-down menu select Save as template.


9. Enter a template name.

10. Click the OK button.


11. If you do not want to use or create your own templates, then simply enter the necessary

information into the text field.

12. Click the Add button to save a template.

In the open window with the list of created notes, you can merge notes into groups, and view

or edit any note from the list.


In order to merge several notes into a group, do the following:

1. Pressing the Shift key on the keyboard, select the notes to add to a group.

2. Click the Add group button.

3. In the Add group window in the Name field specify the name of a group. In the Icon

section select an icon for your group from the drop-down list.


4. In the Add group window click the OK button.

5. In the Password Manager window click the OK button.

Configuring Password Manager

You can configure settings of Password Manager by clicking on the Settings button in the

Password Manager window.

In order to open the Settings window of Password Manager, perform the following actions:

1. In the main application window select Password Manager.

2. In the left part of the Password Manager window click the Settings button.


3. In the left part of the Password Manager Settings window select the required item. You

can select one of the following options:

► General

Here you can:

Enable/disable automatic start of Password Manager on Kaspersky PURE 3.0

startup;

Specify to automatically minimize Password Manager after start in the taskbar

notification area;

Specify period after which Password Manager should be locked;

Change your master password;

Select action to be performed on the Password Manager icon double-click;

Enable asking for confirmation of paste from clipboard;

Specify time to store password in the clipboard.


► Supported browsers

This section contains the list of web browsers and applications supported by Password

Manager.


For the auto sign-in and the caption button functions to work correctly in web browsers and

applications, Password Manager extensions need to be installed.

By default, all necessary extensions are installed automatically during the first start of

Password Manager. If necessary you can additionally install extensions for a required

web browser or application.

Web browsers and applications are displayed in the list of supported browsers respective

of the installed extensions:

o icon (extension is installed) next to the web browser name or application means

an extension is installed;

o icon (extension is not installed) next to the web browser name or application

means an extension is not installed.

► My passwords

Password Manager saves all data into a separate file which can be stored on a local,

removable and network drive. In this section you can also specify a path to the file with

passwords and data.


► Caption button

In the Display caption button in the selected browsers section you can select web

browsers where the Caption button should be displayed. To select a web browser, check

the box next to it.

By default, all web browsers in the list are selected.


The Caption button position in window header section lets you configure the way the

caption button is displayed in a browser or application.

Move caption button to the left – number of caption button’s position relative to the

buttons of other applications in the upper part of the browser window. The value in the entry

field determines how menu buttons are located to the right of the caption button (by how

much the caption button is shifted to the left of the browser window).

If the Hide caption button if Password Manager is locked check box is selected, the

caption button is not displayed in the browser or application window when Password

Manager is locked. If the check box is cleared, the caption button is displayed in the

browser or application window at all times regardless of the status of Password Manager.

The check box is cleared by default.

► Favorites

This section contains the list of most popular accounts in Password Manager.


Check the Show the list in the system tray menu if you want to see the list in the system

tray. In the List size specify the number of displayed items in the list.

► Ignored web sites

This section contains the list of ignored web sites. Password Manager will not add logins

and passwords and will not automatically sign in on these sites. Also Password Manager

does not suggest to create an account and to save login and password for the ignored

web sites.


► Trusted web sites

This section contains the list of trusted web sites.


Password Manager protects personal data from phishing attacks. The program will notify

you if upon an authorization attempt you are being redirected to another web site.

Cyber criminals often use redirection on web sites which grant access to bank accounts (it

might be pages of online banking and payment services). Redirection is configured on the

authorization page of the official web site and the user is redirected to a fake site which is

visually alike. All data entered on the fake page are received by hackers.

The program does not display notification about transfer of personal data to trusted web

sites added to the list. Before adding a web site to the list of trusted web sites make sure

the site is genuine.

► Ignored applications

The section contains list of ignored applications. The program does not add a login and a

password and does not automatically sign in in these applications. Password Manager

does not suggest to create an account and save a login and a password for the ignored

applications.


► Hot keys

In this section you can set hot keys for Password Manager actions. You can specify key

combinations for the following actions:

o Lock/unlock Password Manager;

o Enter credentials;

o Show / hide Quick Launch Box.


► Manage templates

The section contains a list of templates to create memos. You can add, edit or delete

templates for secure memos.


► Miscellaneous

In this section you can configure the Password Manager and browser notifications.


Virtual keyboard

When working on your computer, the cases frequently occur when it is required to enter your

personal data, or username and password. For instance, when registering on Internet sites, using

online stores etc.

There is a danger that this personal information will be intercepted using hardware keyboard

interceptors or keyloggers, which are programs that register keystrokes.

Virtual Keyboard prevents the interception of data entered at the keyboard.

Virtual Keyboard cannot protect your personal data if the website, that required entering such

data, has been hacked, since in this case the information will be obtained directly by the

intruders.

Many of the applications classified as spyware have the functions of making screenshots which

then are transferred to an intruder for further analysis and for stealing the user's personal data.

Virtual Keyboard prevents the personal data being entered, from being intercepted with the use

of screenshots.


Before using Virtual Keyboard, see its working peculiarities:

► Before you enter your data with the virtual keyboard, make sure the cursor is set in the

correct field.

► Press the button on the virtual keyboard using the mouse.

► Unlike on real keyboard, on the virtual keyboard you cannot press two keys

simultaneously. That is why if you need to use the combinations of keys (for example,

ALT+F4), you need to press the first key (ALT), then the next (F4) and then press the first

one again. Repetitive pressing substitutes release of a key on a real keyboard.

► You can switch the language for the virtual keyboard using the key combination Ctrl +

right-clicking Shift, or Ctrl + right-clicking Left Alt, depending on the settings selected.

You can start virtual keyboard with the following methods:

► From the Password Manager window;

► From the context menu of Kaspersky PURE 3.0;

► From the browser Microsoft Internet Explorer, Mozilla Firefox and Google Chrome;

► Using the keys combination CTRL+ALT+SHIFT+P.

In order to open Virtual Keyboard from the Password Manager window, click the Virtual

Keyboard button.


In order to open Virtual Keyboard from the Kaspersky PURE 3.0 context menu, right-click the

Kaspersky PURE 3.0 icon in the taskbar notification area and select Tools -> Virtual Keyboard

from the open menu.

In order to open Virtual Keyboard from a browser, click the Keyboard icon in the upper part of

the browser.


Password Generator

What is Password Generator

During an account creation you need to specify a new account. A special tool for automatic

password creation – Password Generator – is embedded into Password Manager. Using

Password Generator you can create unique and strong passwords (with lower- and upper-case

letter, digits and special symbols).

Creating password for account with Password Generator

In order to create a password for a web or application account, perform the following actions:

1. Open the Password Manager window.

2. In the lower part of the window click the Password Generator button.

3. In the Password Generator window in the Password length field specify the number of

symbols in the password (not less than 8 symbols are recommended).


4. In the Advanced settings section check the boxes for the required settings (use of A-Z, az,

numbers 0-9 and special symbols). You can disable use of similar symbols by checking

the box Exclude repeating characters. The more boxes are checked, the stronger

password will be created.

5. Click the Generate button.


The generated password appears in the field.

6. In the Strength section Password Generator shows how your password is strong

according to the specified parameters.

7. To view the password click the button in the password field. The password is

displayed while you keep the button pressed.

8. Click the Copy to clipboard button. Clipboard is a special storage designed to store

copied data and transfer it between applications.


9. Paste the password to the authorization field by pressing the key combination Ctrl + V.

10. To view history of created password, in the Password Generator window go to the

Passwords History tab. You can copy a password from the list to clipboard or clear the

history by clicking on the corresponding buttons.


CHAPTER 13. Advanced application settings

Settings. Protection

The section provides detailed information about all application components, describing the

operational algorithm and settings of each component.

To start advanced application setting, open the settings window with one of the following

methods:

► Click the Settings link in the top part of the main application window.

► Select the Settings item from the context menu of the application icon.


In the top left part of the Settings window select Protection:

General protection settings


In the application settings window, in the General Settings subsection of the Protection Center

section, you can perform the following operations:

► enable/disable all protection components;

► select the interactive or automatic protection mode;

► disable or enable automatic launch of the application at the startup of the operating

system.

Enabling and disabling protection

By default, Kaspersky PURE 3.0 is started automatically at computer startup and protects your

computer during its operational session. After the application is started, all the application

components are enabled.

You can partially or entirely disable protection in Kaspersky PURE 3.0.

Kaspersky Lab experts strongly recommend not to disable protection as it may lead to your

computer infection and data loss. If you need to disable protection, you are recommended to

pause protection for the required period (see below).

When the protection is disabled, work of all protection components is disabled.

There are the following indications of disabled protection:

► Grey Kaspersky icon in the Taskbar notification area.

► Red banner in the main application window.


In this case, the protection is regarded as the set of protection components. Disabling or

pausing protection components does not affect the performance of virus scan tasks and

Kaspersky PURE 3.0 updates.

You can fully enable or disable protection from the application settings window.

To disable or enable protection, perform the following actions:

1. Open the application settings window.

2. In the left part of the window in the Protection Center section select the General

Settings subsection.

3. Uncheck the Enable protection box if you need to disable protection. Check the box, if

you need to enable protection.


To disable or enable a protection component from the settings window, perform the following

actions:

1. Open the application settings window.

2. In the left part of the window in the Protection Center section select a component you

need to enable or disable.

3. In the right part of the window uncheck the box Enable , if you need

to disable the component. Check the box, if you need to enable the component.

Pausing and resuming protection

Protection pausing means disabling all application components for a specific time.

There are the following indications of protection pause:

► Grey Kaspersky icon in the Taskbar notification area.

► Red central part in the main application window.


In this case, the protection is regarded as the set of protection components. Disabling or

pausing protection components does not affect the performance of virus scan tasks and

Kaspersky PURE 3.0 updates.

Network connections established at the moment of protection pause will be terminated and a

corresponding notification will be displayed on the screen.

To pause computer protection, perform the following actions:

1. Select the Pause protection item from the context menu of the application.

2. In the Pause protection window select the required variant:

► Pause for the specified time — protection is automatically enabled after a specified

time interval.

► Pause until reboot — protection is enabled after the application is restarted or the

operating system is rebooted (if automatic startup of the application is enabled).

► Pause — protection is enabled only when you decide to resume it.


In order to resume protection, select the Resume protection item from the context menu of the

application icon.

You can resume protection this way (by selecting the Resume protection item from the context

menu of the application icon) irrespective of the ―pause protection‖ variant you have selected:

should it be the Pause, Pause until reboot or Pause for the specified time variant.

Selecting protection mode

By default, Kaspersky PURE 3.0 runs in automatic protection mode. In this mode the

application automatically applies actions recommended by Kaspersky Lab experts in response

to dangerous events. If you wish Kaspersky PURE 3.0 to notify you of all hazardous and

suspicious events in the system and to allow to decide which of the actions offered by the

application should be applied, you can enable interactive protection mode.

To select a protection mode, perform the following actions:

1. Open the application settings window.

2. In the left part of the window in the Protection Center section select General Settings.

3. In the Interactive protection section uncheck or check the boxes you need:

► to enable interactive protection mode, uncheck the Select action automatically box;

► to enable automatic protection mode, check the Select action automatically box.


To prevent Kaspersky PURE 3.0 from deleting suspicious objects in automatic mode, check the

Do not delete probably infected objects box.

Enabling and disabling autorun

Automatic launch of the application means that Kaspersky PURE 3.0 launches after the operating

system startup. This is the default start mode.

In order to enable or disable the application autorun, perform the following actions:

1. Open the application settings window.

2. In the left part of the window in the Protection Center section select General Settings.

3. To disable the application autorun, in the right part of the window in the Autorun section

uncheck the Launch Kaspersky PURE 3.0 at computer startup box. To enable the

application autorun, check the box.


Self-Defense

Kaspersky PURE 3.0 protects a computer from malware. Therefore, malware which penetrate

into the computer tries to block work of Kaspersky PURE 3.0 or remove the application from the

computer. Stable computer protection system is provided by the self-defense and disabling

external service control technologies of Kaspersky PURE 3.0.

Self-Defense of Kaspersky PURE 3.0 blocks outside attempts to modify or delete the application

files, memory processes and system registry records. The Disable external service control

option blocks all attempts to control services remotely.

On computers working under 64-bit operating systems and Microsoft Windows Vista only selfdefense

from attempts to modify or delete the application files, memory processes and system

registry entries is available.

Enabling and disabling self-defense

By default, Self-Defense of Kaspersky PURE 3.0 is enabled. If you need you can disable selfdefense.

In order to enable or disable self-defense of Kaspersky PURE 3.0, perform the following actions:

1. Open the main application window.

2. In the top part of the window click Settings.

3. In the left part of the window select Self-Defense in the Protection Center section.

4. In the right part of the window clear the Enable Self-Defense box if you need to disable

the application self-defense. Check the box if you need to enable self-defense.


Protection from external control

In the Self-Defense section you can disable external service control. If the option is enabled, all

attempts to control Kaspersky PURE 3.0 remotely are blocked.

In order to disable external service control, perform the following actions:

1. Open the main application window.

2. In the top part of the window click Settings.

3. In the left part of the window select Self-Defense in the Protection Center section.

4. In the right part of the window in the External control section clear the Disable

external service control box.


File Anti-Virus

What is File Anti-Virus

The file system may contain viruses and other malicious programs. Such malware may reside in

your file system for several years having once intruded your computer and not reveal themselves.

However once you open an infected file or, for example, try to copy it on the disk, the virus will

reveal itself.

The File Anti-Virus component monitors the computer file system and prevents infection of the

computer's file system. The component starts upon startup of the operating system, continuously

remains in the computer's RAM, and scans all files being opened, saved, or launched on your

computer and all connected drives.

Enabling/Disabling File Anti-Virus

To enable/disable File Anti-Virus, perform the following actions:

1. Open the application settings window.

2. In the Settings window in the Protection Center section select File Anti-Virus from the

list of components.

3. In the right part of the window perform the following actions:

► To enable the component, check the Enable File Anti-Virus box.

► To disable the component, uncheck the Enable File Anti-Virus box.

4. In the Settings window click the Apply button.

Operating algorithm of File Anti-Virus

By default, File Anti-Virus operates according to the following algorithm:


File Anti-Virus scans iChecker and iSwift databases (see details further) or information

about the intercepted file, and determines if it should scan the file, based on the

information retrieved.

The file is scanned for viruses. Based on the analysis, File Anti-Virus performs one of

the following actions:

► If malicious code is detected in the file, File Anti-Virus blocks the file, creates a

backup copy in the Backup storage and attempts to perform disinfection. If the

file is successfully disinfected, it becomes available again. If disinfection fails, the

file is deleted.

► If potentially malicious code is detected in the file, the file proceeds to disinfection

and then is sent to the special storage area called Quarantine.

► If no malicious code is discovered in the file, it is immediately restored.

Security levels of File Anti-Virus

The security level is defined as a preset configuration of the File Anti-Virus component settings

which provide a protection level to files and system memory. Kaspersky Lab specialists

distinguish three security levels. The decision of which level to select should be made by the user

based on the current situation.

► High. Set this level if you suspect that your computer has a high chance of being infected.

► Recommended. This level provides an optimum balance between the efficiency and

security and is suitable for most cases.

► Low. If you work in a protected environment (for example, in a corporate network with

centralized security management), the low security level may be suitable.

To change the security level, perform the following actions:

1. In the right part of the Settings window of the File Anti-Virus component set a security

level by dragging the vertical slider to the required position.

2. In the Settings window click the Apply button.


Actions to be performed by File Anti-Virus on detected threats

Default actions

By default program chooses the actions on detected objects itself.

If as a result of scan the program failed to define whether the object is infected or not, the object

is quarantined. Quarantine is a special storage, which contains objects that can be infected

viruses. Objects in the quarantine cannot harm your computer.

If as a result of the scan object is given the status of malicious software, File Anti-Virus will try to

disinfect it. If the disinfection is impossible, the object is deleted.

Before disinfecting or deleting of the object Kaspersky PURE 3.0 creates its backup in case there

is necessity to restore the object or in case the way to disinfect the object turns up. The storage

period for a backup copy makes 30 days.

Actions set by the user

You can set the action to be performed on detected threats by yourself. File Anti-Virus can

perform the following actions on detected threats:

► Disinfect;

► Delete;

► Delete if disinfection fails (appears if Disinfect option is enabled).


If the Disinfect variant is selected, the program functions the following way:

If the object can be disinfected, it will be disinfected and will return to the user.

If as a result of scan the program failed to define whether the object is infected or not, the

object is quarantined. If the option to scan quarantined files after each database update is

enabled, then when a new disinfection signature is received the quarantined object can

be disinfected and returned to the user.

If the virus status is assigned to the object and its disinfection is impossible, the object is

blocked and is added to the report about detected threats. If you want infected objects

which cannot be disinfected would be deleted check the Delete if disinfection fails box

(the box appears if the Disinfect option is enabled).

You can select only the Delete variant, but in this case all objects will be deleted, even if they

could be returned to the user after disinfection.

In order to select the necessary action, check the box next to the action and click the Apply

button to save the changes.

Kaspersky Lab specialists recommend to select the following actions for the detected threats:

► Disinfect objects if possible

► Delete if disinfection fails

In this case the program will perform the following actions over an object:


Disinfect, if disinfection is possible. After disinfection you can continue your work with the

object.

Quarantine, if the program failed to define if the object is infected or not. If the option to

scan quarantined files after each database update is enabled, then when a new

disinfection signature is received the quarantined object can be disinfected and returned to

the user.

Delete, if the virus status is assigned to the object and its disinfection is impossible.

Actions for each object

You can also specify File Anti-Virus actions for every detected object individually. For this

enable interactive mode the following way:

1. In the left of the Settings window go to the Protection tab. In the left part of the window

select the General Settings subsection.

2. In the Interactive protection section, uncheck the Select action automatically box.

3. In the Settings window click the Apply button.

Interactive mode is enabled for the entire application. That is why when interactive mode is

enabled you will have to define an action for each object detected by any Kaspersky PURE 3.0

component.

How to specify action on detected threats

To specify an action on detected threats, please do the following:

1. In the left part of the Settings window select the File Anti-Virus component.

2. Make sure the Enable File Anti-Virus box is enabled in the right part of the window.

3. In the Action on threat detection section select an action on detected threats:

Prompt for action.


Select action:

o Disinfect.

o Delete (Delete if disinfection fails).

4. In the Settings click the Apply button.

If you have selected the Select action variant and have not selected any action, File Anti-

Virus will block dangerous objects and quarantine then, notifying the user of its actions

The Delete if disinfection fails box appears only if the Disinfect box is enabled.

Customizing security level in File Anti-Virus

To fine-tune the File Anti-Virus settings, in the Security level section click the Settings button.

The File Anti-Virus window will open.

Selecting file types scanned by File Anti-Virus


In the File Anti-Virus window on the General tab you can set/ select file types to be scanned by

File Anti-Virus. By default File Anti-Virus scans only potentially infected files (files into which a

virus can penetrate), started on all hard, removable and network drives.

You can select on your own the file types which should be scanned by File Anti-Virus for

viruses.

The following file types can be set for scan:

All files — File Anti-Virus analyzes all files irrespective of their name (for example,

―press-release‖) or extension (for example, «.doc»).

Files scanned by format — File Anti-Virus scans the internal header of a file to

determine the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file format

cannot be infected, the file is not scanned and is returned to the user. If a file format is

infectable, such file is scanned for viruses;

Files scanned by extension — File Anti-Virus scans files respective of their extension

(for example, files with the extensions .com, .exe, .sys, .bat, .dll and etc). The file format

is determined based on its extension. A file extension helps the user and software define

the type of data in the file.

When selecting the file type scanned by File Anti-Virus, consider the following peculiarities. For

example, the cyber-criminal can send a virus to your computer with a txt extension, though in

reality such file can be executable, renamed into a txt-file.

If the Files scanned by extension option is selected, then during scan such file will be skipped.

If the Files scanned by format option is selected, then in spite of the extension File Anti-Virus

will analyze the file header. In the result of scan it will become clear that the file has an exeformat.

Such file will be scanned for viruses.

Selecting File Anti-Virus protection scope

You can also specify location of the scanned files in the Protection scope section. In order to

add a new object to the scan scope, perform the following actions:

1. In the File Anti-Virus window click the Add link.


2. In the Select object to scan window select an object and click the Add button.

3. Once you have added all the necessary objects, in the Select object to scan window click

the OK button.

4. In the File Anti-Virus window click the OK button.

Scan methods of File Anti-Virus

By default, File Anti-Virus scans objects using signature analysis (bases with the description of

known threats and their disinfection methods). The component compares the object under scan

with the records in the base and defines whether the object is malicious. Since new malicious

objects appear daily, there is always some malware which are not described in the databases,

and which can only be detected using heuristic analysis. This method presumes the analysis of

the actions an object performs within the system. If its actions are typical of malicious objects, the

object is likely to be classed as malicious or suspicious.

In order to configure heuristic analysis, perform the following actions:


1. In the File Anti-Virus window go to the Performance tab.

2. In the Scan methods section specify the detail level 2 for heuristic analysis scan moving

the horizontal slider to the necessary position.

3. Click the OK button.

Optimization of files scan

To reduce the scan time and accelerate the application operation, you can configure scan of only

new and recently changed files, which were modified after the previous scan. For this, perform

the following actions:

1. In the File Anti-Virus window go to the Performance tab.

2. In the Scan optimization section check the Scan only new and changed files box.

2 The higher the detail level is, the more resources and time are needed for scan, however the more thorough the

analysis will be.


3. Click the OK button.

Setting scan of compound files

A compound file is structured storage for several other files. Examples of compound files are

archives and OLE-objects. A common method of concealing viruses is to embed them into

compound files (archives). To detect viruses that are hidden in this way a compound file should

be unpacked, which can significantly lower the scan speed.

To enable scan of archives, perform the following actions:

1. In the File Anti-Virus window go to the Performance tab.

2. In the Scan of compound files section, check the Scan archives box.

3. Click the OK button.

Installation packages (files to install software) and files containing OLE objects (objects (images,

texts, tables, drawings) created in one program but which can be opened using other programs)

are executed when they are opened, which makes them more dangerous than archives.

To enable scan of installer packages and embedded OLE-objects, perform the following actions:

1. In the File Anti-Virus window on the Performance tab in the Scan of compound files

section, check the corresponding boxes.

2. Click the OK button.


When large compound files are scanned, their preliminary unpacking may take a long period of

time. This period can be reduced by enabling unpacking of compound files in background mode

(while the user is working with other programs). If a malicious object is detected when processing

such a file, File Anti-Virus will notify you of this.

To scan compound files in background mode, perform the following actions:

1. In the File Anti-Virus window on the Performance tab in the Scan of compound files

section, click the Additional button.

2. In the Compound files window check the Extract compound files in the background

box.

3. In the Minimum file size field specify the minimum file size to be scanned in the

background. Files of smaller size are scanned in the normal mode.


To reduce access time to compound files, you can disable extracting of files whose size exceeds

the specified value. For this, perform the following actions:

1. In the Size limit section specify the maximum file size to be scanned. The setting is not

applied to scan of files extracted from archives.

2. Click the OK button.


Scan modes of File Anti-Virus

You can select one of four scan modes in File Anti-Virus:

► Smart mode.

► On access and modification (the application scans objects when they are opened or

modified).

► On access (the application scans objects only when they are attempted to open).

► On execution (the application scans objects only when they are attempted to run).

By default, Kaspersky PURE 3.0 uses smart mode, which determines if the object is subject to

scan, based on the actions performed on it. For example, when working with a Microsoft Office

document, File Anti-Virus scans the file when it is first opened and last closed. Intermediate

operations that overwrite the file do not cause it to be scanned.

To set a scan mode, perform the following actions:

1. In the File Anti-Virus window go to the Additional tab.

2. In the Scan mode section select the required scan mode.

3. Click the OK button.

iSwift и iChecker scan technologies

Intellectual technologies iChecker and iSwift allow accelerating work of File Anti-Virus.

Technologies achieve the highest efficiency sometime after installation of the product. These

technologies add to each other thus accelerating anti-virus scan of various objects in different file

and operating systems.

During the first scan with iChecker technology the check sum of an object is saved. Check sum

is a unique digital signature of an object (file) that allows identifying this object (file). Check sum

changes every time the object is modified. This information is saved in a special table. During the

next scan of an object the previous and current check sums are compared. If the check sum is

different the object should be scanned for a malicious code once again, if the check sum is the

same, the object is not scanned.

The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf, sys,

com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker to

scan the whole file, than to calculate its check sums.


The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier is

given to each object. This NTFS-identifier is compared with the values in the special iSwift

database. This algorithm considers the previous scan date. If from the moment of the first scan to

the last scan the same period or more passed then the object will be re-scanned. The object will

be also scanned in the case of the object settings were changed to stricter ones.

The technology is connected to a definite file location in the file system. If the file was copied /

relocated then it is scanned again.

In order to enable the use of iSwift and iChecker technologies, perform the following actions:

1. In the File Anti-Virus window go to the Additional tab.

2. In the Scan technologies section check the boxes iSwift Technology and iChecker

Technology.

3. Click the OK button.

Pausing File Anti-Virus

When carrying out resource-intensive works, you can pause File Anti-Virus. To reduce workload

and ensure quick access to objects, you can configure automatic pausing of the component at a

specified time. For this, perform the following actions:

1. In the File Anti-Virus window go to the Additional tab.

2. In the Pause task section check the By schedule box.

3. Click the Schedule button.


4. In the Pausing the task window in the fields Pause and Resume task at define the time

interval during which the component will remain inactive.

5. Click the OK button.

6. In the File Anti-Virus window click the OK button.

Additionally to disabling File Anti-Virus on schedule, you can configure disabling File Anti-Virus

when handling specified programs. For this, perform the following actions:

1. In the File Anti-Virus window go to the Additional tab.

2. In the Pause task section check the At application startup box.

3. Click the Select button.


4. In the Applications window click the Add link. Next, perform the following actions:

► Select an application from the Applications list;

or

► Click Browse and select an application using the browser window.

5. Having created the list of applications, click the OK button in the Applications window.

6. In the File Anti-Virus window click the OK button.

Rolling back to default settings of File Anti-Virus

You can always roll back to default File Anti-Virus settings. For this, perform the following

actions:

1. Close the File Anti-Virus window.

2. In the Settings window in the Security level section click the Default button.


3. Click the OK button to save the made changes.


Mail Anti-Virus

What is Mail Anti-Virus

Mail Anti-Virus from Protection Center of Kaspersky PURE 3.0 scans incoming and outgoing

messages for the presence of malicious objects.

The component scans all email sent or received on the POP3, SMTP, IMAP, MAPI and NNTP

protocols, as well as on secure connections (SSL) for POP3 and IMAP. 3

Enabling/disabling Mail Anti-Virus

By default the Mail Anti-Virus component is enabled. You can disable Mail Anti-Virus, if

necessary.

To enable or disable Mail Anti-Virus, do the following:

1. Open the main application window.

2. In the top right part of the window click the Settings button.

3. In the left part of the Settings window under Protection select Mail Anti-Virus.

4. In the right part of the Settings window:

► Uncheck the Enable Mail Anti-Virus box, to disable the component.

► Check the Enable Mail Anti-Virus box, to enable the component

5. In the Settings window click the Apply button.

Operation algorithm of Mail Anti-Virus

3 POP3, SMTP, IMAP, MAPI and NNTP are protocols intended for creation, receiving and transfer of e-mail.

SSL protocol provides secure transfer (encryption) of data by other protocols (example, POP3 and IMAP).


By default the mail protection functions according to the following algorithm:

1. Mail Anti-Virus intercepts each message the user sends or receives.

2. A mail message is parsed into basic components: message header (part of an e-mail

message which contains technical information and shows its route since its sending to the

receiving by the recipient’s server), body (the text of the message itself), attachments (files

attached to the message).

3. Message body and attachments (including attached OLE objects 4 are scanned for the

presence of threats. Recognition of the malicious objects is performed based on the

application databases 5, and the heuristic analysis 6 . The databases include the description

of all known malicious programs and the disinfection methods. Heuristic analysis allows to

detect new viruses whose description is not added to the virus database yet.

4. If a threat is detected, Kaspersky PURE 3.0 assigns one of the following statuses to the

found object:

► malicious program (such as a virus or Trojan);

► potentially infected (suspicious) status if the scan cannot determine whether the object

is infected or not. The file may contain a sequence of code appropriate for viruses, or

modified code from a known virus.

The application blocks a message, displays a notification about the detected threat and

performs the assigned action.

Changing Mail Anti-Virus actions to be performed on detected threats

By default the program itself defines an action to be performed over an infected object. If as a

result of scan the program failed to define whether the object is infected or not, the object is

quarantined.

If as a result of a scan Kaspersky PURE 3.0 assigns the status of a malicious program to the

object, Mail Anti-Virus will try to disinfect an infected object. If disinfection is impossible, the

object is deleted.

Before attempting to disinfect or delete an infected object, Kaspersky PURE 3.0 creates a backup

copy of it to allow later restoration or disinfection.

To make sure, Mail Anti-Virus performs default actions upon threat detection, do the following:

1. In the left part of the Settings window select Mail Anti-Virus.

2. In the right part of the window in the Action on threat detection section the Select action

automatically option should be enabled.

4 In this case OLE-objects are understood as graphic information implemented into the body of a message. For

example, images, Excel tables and graphs in the text (not in the mail attachment).

5 Databases are anti-virus databases which contain records about threats and network attacks, as well methods to

fight them. Protection components use these records when searching for dangerous objects on the computer and

disinfecting them.

6 Heuristic analysis is the analysis of the objects activity in the system. If such activity is typical for malicious

objects in this case an object under analysis will be recognized as suspicious or malicious. Analysis of the object

activity allows to detect a virus even if it has not been defined by virus analysts.


You can also define an action to be performed for detected threats. In this case the following

actions upon threat detection can be defined for Mail Anti-Virus:

► Prompt user for action

► Disinfect

► Delete

► Delete, if disinfection fails (this option appears if you checked the Disinfect box).


The Prompt for action option becomes available only when the interactive mode is enabled.

When interactive protection mode is set, Kaspersky PURE 3.0 will notify you of all dangerous or

suspicious events in the system and will prompt for an allowing or blocking actions.

You can find how to enable the interactive protection mode in the Selecting protection mode

chapter.

If the Disinfect variant is selected, the program functions the following way:

► If the object can be disinfected, it will be disinfected and will return to the user.

► If as a result of scan the program failed to define whether the object is infected or not, the

object is quarantined. If the option to scan quarantined files after each database update

is enabled, then when a new disinfection signature is received the quarantined object can

be disinfected and returned to the user.

► If the status of a virus is assigned to the object and its disinfection is impossible, the object

is blocked and is added to the report about detected threats.

You can select only the Delete variant, but in this case all objects will be deleted, even if they

could be available for the user after disinfection.

Kaspersky Lab specialists recommend to select the following actions for the detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


In this case the program will perform the following actions over an object:

Disinfect, if disinfection is possible. After disinfection you can continue your work

with the object.

Quarantine, if the program failed to define if the object is infected or not. If the

option to scan quarantined files after each database update is enabled, then when a

new disinfection signature is received the quarantined object can be disinfected

and returned to the user.

Delete, if the virus status is assigned to the object and its disinfection is impossible.

If the Select action variant is chosen, but not action is enabled, then Mail Anti-Virus will block

dangerous objects and move them to quarantine notifying the user of its actions.

The Delete if disinfection fails variant appears only after the Disinfect option is enabled.

Security levels of Mail Anti-Virus

Different sets of the protection parameters (security levels) suit different working conditions. A

user can manually change these settings. Kaspersky Lab specialists distinguish three security

levels.

► When set at the high security level Mail Anti-Virus maximally scans e-mail messages. If

you work in a non-secure environment, the maximum security level will suit you the best.

An example of such environment is a connection to a free email service, from a network

that is not guarded by centralized email protection.

► Recommended. This level provides an optimum balance between the efficiency and

security and is suitable for most cases. This is also the default setting.

► Low. If you work in a well secured environment, low security level can be used. An

example of such an environment might be a corporate network with centralized email

security.

To change the security level, perform the following actions:

1. In the left part of the Settings window select the Mail Anti-Virus component.

2. Make sure, in the right part of the Settings window the Enable Mail Anti-Virus box is

checked.

3. In the Security level section configure the necessary security level.


4. In the Settings window click the Apply button.

If you are not satisfied with any preset security levels you can independently configure Mail Anti-

Virus settings. In this case when the settings are modified in the Settings window in the Mail

Anti-Virus section the security level changes to Other.

You can roll back to the recommended security level at any moment, set by default, by clicking

the Default button.

Customizing security level

By default, Mail Anti-Virus works with the settings recommended by Kaspersky Lab experts for

the optimal protection of your mail. However, you can customize the security level of Mail Anti-

Virus the following way:

1. In the Settings window select the Mail Anti-Virus component.

2. Make sure that Mail Anti-Virus is enabled (the Enable Mail Anti-Virus box is checked).

3. In the right part of the Settings window in the Security level section click the Settings

button.


The Mail Anti-Virus window will open.

Creating protection scope

By default, Kaspersky PURE 3.0 scans both incoming and outgoing mails.

If you are sure that outgoing mails are not infected, in this case you can configure scan of

incoming messages only.

Before you disable scan of outgoing mails you are advised to scan your computer for viruses,

because it is likely that there are mail worms on your computer which will propagate themselves

via email.

To disable scan of outgoing emails, please do the following:

1. In the Mail Anti-Virus window on the General tab in the Protection scope section check

the Incoming email only box.


2. In the bottom right corner of the window click the OK button.

3. In the Settings window click the Apply button.


Heuristic analysis

During Mail Anti-Virus operation, signature analysis is always used: Kaspersky PURE 3.0

compares the object found with the database records.

Additionally to the analysis based on the refilled anti-virus databases, heuristic analysis is added

to Mail Anti-Virus.

Essentially, the heuristic method analyzes the object's activities in the system. If those actions

are typical of malicious objects, the object is likely to be classed as malicious or suspicious. This

allows new threats to be detected before they have been analyzed by virus analysts.

You can select one of the three scanning levels of the heuristic analysis: light scan, medium

scan and deep scan. If you select deep scan mode the probability of threat detection is higher

but scanning takes longer. With the light scan enabled scanning is faster but the probability of

threat detection in that mode is somewhat lower. Only the medium scan mode provides optimal

combination of the detail level and scanning time.

By default, heuristic analysis is enabled. To enable or disable heuristic analysis in Mail Anti-

Virus, please do the following:

1. In the Mail Anti-Virus window on the General tab, in the Scan methods section make

sure the Heuristic Analysis box is checked. If you do not want to use this technology,

uncheck the box correspondingly.

2. Move the slider bar to select the scan method: light, medium, deep.

3. In the Mail Anti-Virus window click the OK button.

4. In the Settings window click the Apply button.

Scan of compound files

Compound files are a set of files and folders placed into one file (archive).

By default Kaspersky PURE 3.0 scans all compound files. However you should remember, that

the selection of compound files scan mode affects the performance of the computer.

You can enable or disable the scan of attached archives and limit the maximum size of archives

to be scanned in Mail Anti-Virus.

To configure Mail Anti-Virus scan settings, perform the following actions:


1. In the Mail Anti-Virus window on the General tab In the Scan of compound files section

check/uncheck the following boxes:

► Skip attached archives;

► Do not process archives larger than (limit the maximum size). The default size is 8

MB.

2. In the Mail Anti-Virus window click the OK button.

3. In the Settings window click the Apply button.

Filtering attachments

Malware is most often distributed in mail as objects attached to messages. Files of various

formats can be attached to a message. To protect your computer, for example, from automatic

launch of attached files, you can enable filtering of attachments, which can automatically rename

or delete files of specified types. Thus you can configure filtering of objects attached to an email

message using Mai Anti-Virus and to prevent penetration of malicious software onto your

computer.

If you access the Internet directly without a proxy server or a firewall, you are advised not to

disable scanning of attached archives.

To configure filtering of attached objects in Mail Anti-Virus, please do the following:

1. In the Mail Anti-Virus window go to the Attachment filter tab.

2. Select the filtering mode for attachments:

► Disable filtering;

► Rename selected attachment types;

► Delete selected attachment types.

When you select the modes Rename or Delete attachments, select the necessary file

types (extensions) in the list or add a mask to select a new type. To add a new type of

mask, click the Add link. In the Input file name mask window enter the mask and click the

OK button.


3. In the Mail Anti-Virus window click the OK button.

4. In the Settings window click the Apply button.

Configuring embedded plug-ins for Microsoft Office Outlook and The Bat!

Integration of Mail Anti-Virus into the system allows the application plug-ins to embed into the

mail clients Microsoft Office Outlook and The Bat!.

Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2003/2007

When installing Kaspersky PURE 3.0, a special plug-in is installed in Microsoft Office Outlook.

It allows you to configure Mail Anti-Virus settings quickly, and determine when email messages

will be scanned for dangerous objects. The plug-in comes in the form of Email protection tab.

To go to the tab in the mail client, do the following:

1. Open the main window of Microsoft Office Outlook.

2. In the main application menu select Tools -> Options.


3. In the Options window go to the Email protection tab and specify the necessary scan

mode.

► Scan upon receiving;

► Scan when read;

► Scan upon sending.


4. Click the OK button to save the made changes.

Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2010

To go to the Mail Anti-Virus tab from Microsoft Office Outlook 2010, perform the following

actions:

1. Open the main window of Microsoft Office Outlook.

2. Go to the File menu.

3. In the File menu select the Options item.


4. In the Outlook Options window go to the Add-ins section.

5. In the right part of the Outlook Options window in the Add-in Options section click the

Add-in Options button.

6. In the Add-in Options window on the Email protection tab specify the necessary scan

mode:

► Scan upon receiving;

► Scan when read;

► Scan upon sending.

7. Save the made the changes by clicking the OK button.


Installing Mail Anti-Virus plug-in in The Bat!

If The Bat! is installed as a mail client on the computer, then actions on infected email objects in

The Bat! are defined using the application's own tools. Mail Anti-Virus settings extend to the

scanning of attached archives only.

Note that incoming email messages are first scanned by Mail Anti-Virus and only after that – by

the plug-in of The Bat!. If you select the Disinfect (Delete) action upon detection of a malicious

object, actions aimed at eliminating the threat will be performed by Mail Anti-Virus. If you select

the Ignore option, the object will be disinfected by the plug-in of The Bat!.

When sending email messages, they are first scanned by The Bat! plug-in and then - by Mail

Anti-Virus.

To set up email protection rules in The Bat!, do the following:

1. Open the main The Bat! window.

2. In the Options menu select Preferences.


3. In the settings tree select Anti-Virus. In the right part of the window specify the necessary

settings of mail scan.

Disabling embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Outlook or

The Bat!

To disable embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Office Outlook

or The Bat!, do the following:

1. Open the main window of Kaspersky PURE 3.0.

2. In the top right corner of the window click the Settings button.

3. In the left part of the Settings window on the Protection tab select the Mail Anti-Virus

component.

4. In the right part of the window in the Security level section click the Settings button.


5. In the Mail Anti-Virus window go to the Additional tab.

6. Clear the box:

► Additional: Microsoft Office Outlook plug-in, if you are using Microsoft Office

Outlook.

► Additional: The Bat! Plug-in, if you are using The Bat!.


7. In the Mail Anti-Virus window click the OK button.

8. In the Settings window click the Apply button.


Scan of SMTP, POP3, NNTP, IMAP mail traffic

By default, Mail Anti-Virus in Kaspersky PURE 3.0 scans a stream of mail messages using

protocols SMTP, POP3, NNTP, IMAP in the ―real-time‖ mode, i.e. while receiving them. If you

disable protocol scan, mail will only be scanned after it is received (after it is loaded from the

server onto your computer).

To disable traffic scan of these protocols by Mail Anti-Virus in the ―real-time‖ mode, perform the

following actions:

1. In the right part of the Settings window in the Security level section of the Mail Anti-

Virus component click the Settings button.

2. In the Mail Anti-Virus window go to the Additional tab.

3. On the Additional tab uncheck the box POP3/SMTP/NNTP/IMAP traffic.


4. In the bottom right corner of the window click the OK button.

5. In the Settings window click the Apply button.

Working features with Microsoft Outlook and Mozilla Thunderbird version 1.5 and above

Microsoft Office Outlook

IMAP4 is a standard protocol to access your e-mail. With IMAP4 email is stored on the IMAP

mail server and can be accessed from any email client on the network. The mail client gets

access to the user’s email on the server and works with this mail as if it were stored on the user’s

computer. E-mail messages can be managed from the user’s computer and files with the full

content of the message are not constantly sent to server and back.

In Kaspersky PURE 3.0 when the mail is scanned by the protocol IMAP4 in Microsoft Office

Outlook by default before scan all messages are downloaded on the computer locally as a result

the Internet traffic may increase.

In order Mail Anti-Virus would not scan these messages on delivery but would scan them only

on read, do the following:

1. Open the mail client Outlook MS Office.

2. In the upper menu select Tools -> Options.

3. In the Options window go to the Email protection tab.

4. Uncheck the Scan upon receiving box.

5. Check the Scan when read box.


6. Click the OK button.

Mozilla Thunderbird version 1.5 and above

If a mail client Mozilla Thunderbird version 1.5 or above is installed, then a default filter is

embedded into the mail which allows to receive messages by IMAP protocol by chunks. For the

mail to be scanned correctly by Mail Anti-Virus from Kaspersky PURE 3.0 a message should be

received as a whole.

For the mail to be received as a whole it is recommended to specify the following parameters in

Mozilla Thunderbird version 1.5 or above, perform the following actions:

1. Open Mozilla Thunderbird.

2. In the upper menu Tools -> Options.

3. In the Options window click the Advanced button.

4. On the General tab click the Config Editor button.

5. In the about:config window click the I’ll be careful, I promise! button.

6. In the Filter field enter CHUNK.

7. Right-click the filter mail.server.default.fetch_by_chunks.

8. In the context menu select Toggle.

9. Make sure the Value field has changed from True to False.

10. Right-click the filter mail.imap.chunk_add.

11. In the context menu select Change.

12. Change the value to "0".

13. Click the OK button.

14. Click OK to close the Options window.


Note that when working with Mozilla Thunderbird mail client, email messages transferred via

IMAP will not be scanned for viruses if any filters moving messages from the Inbox folder are

used.

Rolling back to Web Anti-Virus default settings

You can always roll back to the default Mail Anti-Virus settings. For this, do the following:

1. Close the Web Anti-Virus window.

2. In the Settings window in the Security level section click the Default button.

3. Click the OK button, to save the made changes.


Web Anti-Virus

What is Web Anti-Virus

Surfing the Internet you may be at risk of getting a virus infection. Such malicious programs can

penetrate your computer during download of free programs or while browsing the information on

the knowingly safe sites which have undergone a hacker attack before your visit. More than that

network worms can penetrate your computer even before you open a web-page or download a

file – directly during the connection establishment.

Web Anti-Virus has been specially designed to prevent such infections. This component

protects the information which gets onto your computer by HTTP, HTTPS and FTP protocols and

also prevents dangerous scripts execution.

Enabling/disabling Web Ant-Virus

The Web Anti-Virus component is enabled by default.

To enable or temporarily disable Web Anti-Virus, perform the following actions:

1. Open the main application window.

2. In the top right corner of the window click the Settings button.

3. In the left part of the Settings window under Protection select Web Anti-Virus.

4. In the right part of the Settings window:

► Uncheck the Enable Web Anti-Virus box, to disable the component.

► Check the Enable Web Anti-Virus box, to enable the component.


5. In the Settings window click the Apply button.

Working algorithm of Web Anti-Virus

Web Anti-Virus has the following working algorithm:

1. Each web-page or file, the user/program addresses to, is intercepted and analyzed by Web

Anti-Virus. Recognition of malicious objects is based on the anti-virus bases and the

heuristic analyzer.

2. If a web page or an object to each the user addresses contains a malicious code then access

to the page/object is blocked. A corresponding notification message explaining that the

required object or page is infected is displayed on the screen.

In automatic mode In interactive mode

If a file or a web page does not contain a malicious code such objects/pages are immediately

returned to the user.

Scripts are scanned by the following algorithm:

1. Each executable script is intercepted by Web Anti-Virus and analyzed for a malicious code.

2. If the script contains any malicious code, then Web Anti-Virus blocks the script and notifies

the user of it with a special message.

3. If no malicious code is detected in the script, such script is executed.

Web Anti-Virus only intercepts the scripts based on Microsoft Windows Script Host technology.

Security levels of Web Anti-Virus

Web Anti-Virus can work in several modes – security levels. A security level is a set of

predefined parameters of Web Anti-Virus which provides a level of data security that are

received and transferred by HTTP, HTTPS and FTP protocols.

Kaspersky Lab experts have developed three security levels:

► If no HTTP security tools – firewall or proxy-server – are installed on your computer, use

High security level.


► If you work in the protected environment (for example, a firewall is installed on your

computer and you connect to the Internet via a corporate proxy-server), then set a Low

security level.

► Recommended is the optimal security level as it rationally uses system resources and

provides secure protection. This security level suits most cases.

Select a security level which best suits your situation.

In order to change the security level, simply drag the vertical slider to the needed position.

If you have already added some changes to the predefined settings you can always roll back to

the default Web Anti-Virus settings by clicking the Default button.

Customizing security level

Checking suspicious and phishing URLs by Web Anti-Virus

Web Anti-Virus scans web traffic for viruses and checks if the links are included in the list of

suspicious web-address and to the list of phishing 7 web addresses.

7 Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an

almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to

disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the

criminal to use the details to obtain money.


To make sure the settings are active, in the Web Anti-Virus window click the Settings button

and see that on the General tab under Kaspersky URL Advisor the following boxes are

checked:

► Check if URLs are listed in the database of suspicious URLs.

This box enables/disables the option to check whether links are included in the list of

suspicious web addresses from the black list. The list is created by Kaspersky Lab

specialists.

► Check web pages for phishing.

The lists of phishing addresses are included in to Kaspersky PURE 3.0 distribution kit.

Since the link to a phishing site may be received not only in an email message but in any

other way, for example, in the text of an ICQ message, Web Anti-Virus component traces

the attempts of accessing a phishing site at the level of HTTP traffic scan, and blocks

them.

Additionally to the analysis based on the refilled phishing databases, heuristic analysis is added

to Web Anti-Virus. Heuristic Analysis allows to evaluate the information about an internet

resource, for example presence of signs typical of phishing resources in the URL addresses. As

a result, if these signs are detected, the resource is defined as phishing and access to it is

blocked, even if the resource is not yet added to the phishing database.

To enable the heuristic analysis for scan of web pages for phishing, click the Additional button in

the Kaspersky URL Advisor section, check the corresponding box and set the required detail

level of scan.


Heuristic Analyzer

Heuristic Analysis allows to trace activity of an objects in the system. If the tool finds the activity

suspicious, then most probably the objects will be defined as malicious or suspicious, even if its

malicious code is not known to virus analysts.

Upon detection of a suspicious object, Kaspersky PURE 3.0 will notify you of it and offer to apply

a corresponding action to the detected object.

You can select one of the three scanning levels of the heuristic analysis:

► light scan

► medium scan

► deep scan

The higher the detail level, the more resources and time the scan takes, and the higher is the

probability of threat detection.

By default, heuristic analysis is enabled and the detail level is set to medium.

To enable heuristic analyzer, on the General tab in the Heuristic Analysis section check the

Use Heuristic Analysis box. In the field below specify the required level by moving the

horizontal slider to the necessary position. Uncheck the Use Heuristic Analysis box, if you do

not want to use this method.


Scan optimization

To detect malicious code more efficiently, Web Anti-Virus buffers fragments of objects

downloaded from the Internet.

When Web Anti-Virus scans objects downloaded by HTTP and FTP traffic, the user may

experience a delay while accessing the file. This delay is caused by the operational algorithm of

Web Anti-Virus: first, all fragments are saved into cache memory, then are analyzed for viruses

and then depending on the analysis result are either returned to the user or blocked.

To accelerate access to the object, we suggest limiting the caching time for web object fragments

downloaded from the Internet. When the specified time expires each downloaded fragment of a

file is given to the user not scanned, and the object is scanned by Web Anti-Virus, when it is

fully copied.

Disabling limitation of the caching time leads to enhanced efficiency of the anti-virus scan but

at the same time slows down access to the object.

To limit traffic caching time or to disable this limitation, perform the following actions:

1. Open the application settings window.

2. In the left part of the window under Protection select the Web Anti-Virus component.

3. In the right part of the window click the Settings button. The Web Anti-Virus window

opens.

4. To set the restriction, on the General tab in the Additional section check the Limit traffic

caching time to 1 sec to optimize scan box. If you need to disable restriction, uncheck

the box.


Kaspersky URL Advisor

Web Anti-Virus in Kaspersky PURE 3.0 includes Kaspersky URL Advisor.

This module checks if links located on the webpage belong to the list of suspicious and phishing

web addresses. You can

► create a list of web addresses whose content will not be checked for the presence of

suspicious or phishing URLs;

► create a list of web sites whose content must be scanned;

► completely exclude scan of URLs.

Kaspersky PURE 3.0 features expanded URL Advisor compatibility with browsers. The following

browsers are now fully supported:

► Internet Explorer 8, 9, 10

► Mozilla Firefox 9.x-12.x

► Google Chrome15.x-17.x

► Opera 12.61

To create a list of websites whose content will not be scanned for the presence of suspicious or

phishing URLs, on the Safe Surf tab in the Kaspersky URL Advisor section uncheck the Check

URLs box.

To configure scan settings and select categories of web sites where Web Anti-Virus should scan

URLs, do the following:

1. Open the application settings window.

2. In the left part of the window in the Protection section select Web Anti-Virus.


3. In the right part of the window click the Settings button. The Web Anti-Virus window will

open.

4. In the Web Anti-Virus window go to the Safe Surf tab.

5. Make sure the Kaspersky URL Advisor module is enabled (the Check URLs box is

checked).

6. In the Kaspersky URL Advisor section click the Settings button.

7. In the Kaspersky URL Advisor settings window do the following:

a. In the Scan mode section select a variant to check URLs:

• All URLs;

• Only URLs in search results.


. In the Website categories section do the following:

• Make sure the box Show information on the categories of website content is

selected.

• Use the links Select all / Clear all, to select or clear all categories of websites on

which Web Anti-Virus should check URLs.

• Select the website categories where Web Anti-Virus should check URLs.


The URL Advisor module can function in two modes: check links on all web sites except the sites

added to exclusions, or check only web sites specified in the list.

In order Kaspersky URL Advisor would check all web sites, except those added to exclusions,

perform the following actions:

1. In the Web Anti-Virus window in the Kaspersky URL Advisor section check the Check

URLs box.

2. Select the All but the exclusions variant and click the Exclusions button.


3. In the Exclusions window create the list of web addresses whose contents should not

scanned for suspicious or phishing URLs.

4. Click the OK button in the Exclusions window.

For Kaspersky URL Advisor to scan only the sites specified by you, perform the following

actions:

1. On the Safe Surf tab in the Kaspersky URL Advisor section check the Only web sites

from the list box and click the Specify button.


2. In the Checked URLs window create the list of web addresses whose content should be

scanned for suspicious or phishing URLs.

3. Click the OK button in the Checked URLs window.

4. In the Web Anti-Virus window click the OK button to save the made changes.

The Kaspersky URL Advisor options mentioned above can be set either in the Web Anti-Virus

window or in the module settings widow opened in the web browser. To open the module settings

window from the web browser window, click the button with the Kaspersky PURE 3.0 icon

from the tool panel of the browser.


Blocking access to dangerous websites

Web Anti-Virus in Kaspersky PURE 3.0 contains a special module Block dangerous websites.

The module is designed to provide safe Internet surfing by restricting access to unsecure web

resources. This module blocks access to websites which have been considered as suspicious or

phishing by Kaspersky URL Advisor.

To block access to dangerous web sites, perform the following actions:

1. Open the application settings window.

2. In the left part of the window under Protection select the Web Anti-Virus component.

3. In the right part of the window click the Settings button. The Web Anti-Virus window will

open.

4. In the Web Anti-Virus window on the Safe Surf tab in the Blocking Dangerous

Websites section check the Block dangerous websites box.


5. Click the OK button, to save the made changes.

Controlling access to regional web domains

Depending on the user's choice, Web Anti-Virus in the Geo Filter mode can block or allow

access to websites on the grounds of their belonging to regional web domains. This allows you,

for example, to block access to websites which belong to regional domains with a high risk of

infection.

To allow or block access to web sites which belong to specified domains, perform the following

actions:

1. Open the application settings window.

2. In the left part of the window under Protection select the Web Anti-Virus component.

3. In the right part of the window click the Settings button. The Web Anti-Virus window will

open.

4. On the Geo Filter tab check the Enable filtering by regional domains box and specify in

the list of controlled domains below which domains should be allowed or blocked, and for

which ones the application should request access permission using a notification. For this:

a) Select a domain which should be allowed, blocked or prompted for action.

b) Click the button Allow, Block or Prompt. The corresponding icon will

appear in the Access column.

By default, access is allowed for regional domains that match your location.

Access permission request is set for other domains by default.

5. Click the OK button.

Creating the list of trusted URLs

You can create a list of web addresses whose content you trust unconditionally. In this case Web

Anti-Virus will not analyze information from these URL addresses for dangerous objects. You


can use this option, for example, if Web Anti-Virus prevents download of a file from a known

web site.

To create the list of trusted URLs, perform the following actions:

1. In the right part of the Web Anti-Virus settings window click the Settings button.

2. On the Trusted URLs tab check the Do not scan web traffic from trusted URLs box

and create the list of trusted addresses whose content you trust. For this:

a) Click the Add button.

b) In the Address mask (URL) window enter an address, whose content you trust.

For example, kaspersky.com.

c) Click the OK button.

If you want to exclude an address from the trusted list, you do not have to delete an address from

the list, unchecking an address will be sufficient.

3. In the Web Anti-Virus window click the OK button.


Changing Web Anti-Virus actions on detected threats

The Action on threat detection section allows you to select an action to be performed by Web

Anti-Virus if scanning web traffic reveals that it contains malicious code. By default the section

contains the following options:

► If automatic protection mode is enabled the application decides on its own what action

to perform upon a threat detection. In this case, check the Select action automatically

box. Kaspersky PURE 3.0 will automatically apply an action recommended by Kaspersky

Lab.

► If interactive protection mode is enabled, then you can decide yourself what action the

application should perform upon a detected threat. In this case, check the Prompt for

action box. Kaspersky PURE 3.0 will inform you of all dangerous or suspicious events in

the system and will prompt for an allowing or blocking action.


► Block download (Web Anti-Virus blocks access to the object and displays a message on

the screen informing that the required object is infected).

► Allow download (Web Anti-Virus allows you to download the object. Once the object is

downloaded onto your computer, it will be scanned by File Anti-Virus and Proactive

Defense).

To modify an action that Web Anti-Virus should perform upon threat detection:

1. If the automatic protection mode is set, in the right part of the component settings window

in the Action on threat detection section select an action:

► Select action automatically

► Block download

► Allow download

2. If the interactive protection mode is set, in the right part of the component settings window

in the Action on threat detection section select an action:

► Prompt for action

► Block download

► Allow download

3. Click the OK button, to save the made changes.


IM Anti-Virus

What is IM Anti-Virus

IM Anti-Virus is designed to provide secure work with the instant messaging clients (hereafter

Internet pagers) such as ICQ, AIM, Jabber, Google Talk and etc.

IM messages may contain links to suspicious web sites and to the web sites deliberately used by

hackers to organize phishing attacks 8 . Malicious programs use IM clients to send spam

messages and links to the programs (or the programs themselves), which steal users' ID

numbers and passwords.

Enabling/Disabling IM Anti-Virus

In order to enable or disable the IM Anti-Virus component, do the following:

1. Open the application settings window.

2. In the left part of the window under Protection select the IM Anti-Virus component.

3. In the right part of the Settings window perform the following actions:

► If you want to disable the component, uncheck the Enable IM Anti-Virus box.

► If you want to enable the component, check the Enable IM Anti-Virus box.

4. In the Settings window click the Apply button.

8 Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an

almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to

disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the

criminal to use the details to obtain money.


Operation algorithm of IM Anti-Virus

By default the protection of traffic of the Internet-pagers is performed according to the following

algorithm:

1. Each incoming and outgoing message is intercepted by the component.

2. IM Anti-Virus checks each message for the presence of dangerous objects or URLs

included to the databases of suspicious or phishing web-addresses.

3. If a threat is detected in a message, IM Anti-Virus substitutes this message with a

warning message for the user. If no security threats are detected in the message, such

message becomes available for the user.

Traffic is scanned based on a certain combination of settings. Your IM traffic protection level is

determined by a group of settings. The settings can be broken down into the following groups:

► Settings creating the protection scope;

► Settings determining the scan methods.

Creating a protection scope of IM Anti-Virus

Protection scope is understood as the type of messages (incoming and outgoing) to be scanned.

If you select the Incoming and outgoing messages option, IM Anti-Virus will scan all incoming

and outgoing messages.

If you are sure that messages sent by you cannot contain any dangerous objects, you may

disable the scan of outgoing traffic by selecting the Incoming messages only option. In this

case IM Anti-Virus will scan incoming messages only.

In order to create a protection scope of IM Anti-Virus, do the following:

1. In the Protection scope block select one of the options:

► Incoming and outgoing messages.

► Incoming messages only.


2. Click the Apply button.

Selecting the scan methods of IM Anti-Virus

For more efficient work with the Internet pager the following scan methods are implemented in

the IM Anti-Virus component:

► Check if URLs are listed in the database of malicious URLs. IM Anti-Virus will scan

the links inside the messages to identify if they are included in the black list (this list is

supplemented by Kaspersky Lab experts).

► Check if URLs are listed in the database of phishing URLs. The databases include all

the sites currently known to be used for phishing attacks. Your local copy of this list is

updated when you update databases.

► Heuristic Analysis. The technology analyzes activity that an object performs in the

system. When using heuristic analysis, any script 9 included in an IM client's message is

executed in a protected environment.

You can select one of the three scanning levels of the heuristic analysis: light scan, medium

scan and deep scan.

► If you select deep scan mode the probability of threat detection is higher but scanning

takes longer.

► With the light scan enabled scanning is faster but the probability of threat detection in that

mode is somewhat lower.

► Only the medium scan mode provides optimal combination of the detail level and

scanning time.

In order to use the described options, do the following:

1. In the settings window of the IM Anti-Virus component, in the Scan methods section

check the boxes:

► Check if URLs are listed in the database of malicious URLs;

► Check if URLs are listed in the database of phishing URLs;

► Heuristic Analysis (below set the detail level for scan by dragging the slide-bar).

9 Script is a small computer program or an independent part of the program (function) written to execute a specific

task. Scripts are often included to the web pages to enhance their possibilities and are executed when the web page

is opened by the Internet browser.


2. Click the Apply button.


Application Control

What is Application Control

Kaspersky PURE 3.0 prevents applications from performing actions that may be dangerous for

the system, and ensures control of access to operating system resources and your identity data

with the help of the following tools:

► Application Control. The component tracks actions in the system performed by

applications installed on the computer, and regulates them based on the rules of

Application Control. These rules regulate potentially dangerous activity, including

applications' access to protected resources.

► Protection of identity data and operating system resources. Application control

monitors the rights of applications to perform actions with user’s identity data. Identity data

include files, folders and registry keys, containing operational settings and important data

of the most frequently used applications, as well as the user files (the My Documents

folder, cookies files, data about the user activity).

Operational algorithm of Application Control

At the first startup of an application on the computer, the Application Control component verifies

its safety and includes it into one of the trust groups. The trust group defines the rules that

Kaspersky PURE 3.0 should apply to control the activity of this application. Rules of Application

Control is a set of rights of access to the computer resources and restrictions posed on various

actions being performed by applications on the computer.

When calculating the threat rating Application Control can also use the Kaspersky Security

Network (KSN) database. The data received with the help of KSN allow more accurately to

define an application to this or that trusted group and apply optimal application control rules.

Application Control has been revamped in Kaspersky PURE 3.0: the application now checks

the reputation of not only executable files but also application components (for example, dynamic

libraries – DLL files).

When the application is restarted, Application Control checks its integrity. If the application has

not been changed, the component applies the current rule to it. If the application has been

modified, Application Control re-scans it as at the first startup.

Enabling/disabling Application Control

By default, Application Control is enabled, functioning in the mode developed by Kaspersky

Lab specialists. However, you can disable it, if required.

To enable or disable Application Control, perform the following actions:

1. Open the main application window.

2. In the top right corner of the window click the Settings link.

3. In the left part of the window under Protection select the Application Control component.

4. In the right part of the window perform the following actions:

► If you need to disable the component, uncheck the Enable Application Control

box.

► If you need to enable the component, check the Enable Application Control box.


5. In the Settings window click the Apply button.

Loading rules from Kaspersky Security Network (KSN)

By default, for the applications found in the Kaspersky Security Network database the component

applies rules loaded from the KSN database.

If at the first application launch the application’s entry was not added to the Kaspersky Security

Network database but the entry was added later, Kaspersky PURE 3.0 will automatically update

the application control rules.

To make sure that loading of rules from Kaspersky Security Network is enabled, perform the

following actions:

1. Open the Settings window.

2. In the left part of the window under Protection select the Application Control component.

3. In the right part of the window in the Restrict applications section make sure the Load

rules for applications from Kaspersky Security Network (KSN) box is checked.

You can see if update of Kaspersky Security Network rules for previously unknown applications is

also enabled: in the right part of the window in the Restrict applications section the Update

rules for previously unknown applications from KSN box should be checked.


Placing applications into groups

At the first startup of an application on the computer, the Application Control component verifies

its safety and searches the internal database of known applications for a matching entry, and

then sends a request to the Kaspersky Security Network database or having a digital signature 10 .

After search Application Control places the application into one of the following trusted groups:

► Trusted. Applications with digital signatures of trusted vendors and applications signatures

of those are included to the trusted applications database. Applications of that group are

allowed to perform any network activity. Activities of such applications are monitored by

File Anti-Virus.

► Low Restricted. Applications are without digital signatures of trusted vendors and are not

included to the trusted applications database. Nevertheless, the low risk rating 11 is

assigned to such applications. Applications of that group are allowed to perform some

operations, to manage the system, hidden access to the network. Most operations require

user authorization.

► High Restricted. Applications without digital signatures and which are not included to the

trusted applications database. The high risk rating is assigned to such applications.

Applications of this group require user authorization for most activities in the system; some

actions, however, are restricted for these applications.

10 Digital signature is an electronic security mark which carries the information about the software vendor and

shows if the software was changed after the signing (i.e. after release). If software is signed by its vendor and the

signature authenticity is verified by the certificate center, then you can be sure that the software is authentic and was

not modified.

11 Risk rating is an indicator of the application danger for the system. The risk rating is calculated based on definite

criteria.


► Untrusted. Applications without digital signatures and which are not included to the

trusted applications database. Very high risk rating is assigned to such applications.

Application Control blocks any activity of such applications.

Applications with the digital signature of trusted vendors and applications whose records are

added to the database of trusted applications are automatically included into the Trusted group.

To disable the automatic inclusion of applications into the Trusted group, perform the following

actions:

1. In the right part of the window of the Application Control component in the Restrict

applications section, uncheck the Trust applications with digital signature box.

2. In the Settings window click the Apply button.

If an application record is not included into Kaspersky Security Network database and the

application does not have a digital signature, then Kaspersky PURE 3.0 uses the heuristic

analysis 12. The analysis helps defining the threat rating of the application based on which it is

included into a group.

To use the heuristic analysis for distributing unknown applications by groups, perform the

following actions:

1. In the Restrict applications section select the Use the heuristic analysis to determine

group 13 option.

2. In the Settings window click the Apply button.

12 Heuristic analysis is analysis of objects activity in the system. If the activity is typical of malicious objects in this

case the object under analysis will be defined as suspicious or malicious. Analysis of the object activity allows to

detect a virus even if it has not been defined by virus analysts.

13 By default, the heuristic analysis is enabled.


Instead of using the heuristic analysis, you can specify a group into which Kaspersky PURE 3.0

should automatically include all unknown applications. For this, perform the following actions:

1. In the Restrict applications section select the Move to the following group

automatically option and in the drop-down menu select the necessary group:

► Low Restricted;

► High Restricted;

► Untrusted.

2. In the Settings window click the Apply button.

By default, Application Control analyzes an application for 30 seconds. If this time interval turns

out to be insufficient for defining the threat rating, the application is included into the Low

restricted group, while defining the threat rating continues in background mode. After that, the

application is finally included into another group. If you are sure that all applications started on

your computer do not pose any threat to its security, you can decrease the time spent on


analysis. If, on the contrary, you are installing the software and are not sure that this is safe, you

are advised to increase the time for analysis.

To change the time allowed for calculation of the application group, perform the following actions:

1. In the right part of the settings window of the Application Control component in the

Restrict applications section edit the value of the Maximum time to determine the

application group setting.

2. In the Settings window click the Apply button.

Application control rules

Rules of Application Control is a set of rights of access to the computer resources and

restrictions posed on various actions being performed by applications on the computer.

The following component reactions are possible:

► Inherit. Application or group inherits the reaction from the parent group. This is a default

reaction.

► Allow. Application is allowed to perform an action with the resource.

► Deny. Application is not allowed to perform an action with the resource.

► Prompt for action. Application Control prompts the user for granting access to the

resource for an application.

► Log events. In addition to the specified reaction, Application Control records in the

report information about the application's attempts to access the resource. Adding

information to a report can be used in combination with any other action of the component


Editing the group rule

By default, optimal access rights to computer resources are set for different trust groups in

Kaspersky PURE 3.0. However you can edit preset rules for each group of application.

To change the preset group rule, do the following:

1. Open the Settings window.

2. In the left part of the window under Protection select the Application Control

component.

3. In the right part of the window click the Applications button.

4. In the Applications window select the necessary group from the list and click the Edit

button in the top part of the window.


5. In the Group rules window go to the tab which corresponds the necessary category of

resources (Files and System registry, Rights).


6. Select the required resource and right-click the corresponding action, in the context menu

of an action set the necessary value (Allow, Block or Prompt for action).


7. Click the OK button, to save the changes.

Editing rules for an individual application

Application Control logs actions performed by each application in the system, and manages its

activity based on the group it belongs to. When an application accesses a resource, the

component checks if an application has the required access rights, and performs the action

determined by the rule.

To edit rules for an individual application, perform the following actions:

1. Open the Settings window.

2. In the left part of the window under Protection select the Application Control

component.

3. In the right part of the window click the Applications button.


4. In the Applications window select the necessary program from the list and click the Edit

button in the top part of the window.


5. In the Application rules window go to the tab which corresponds the necessary

category of resources (Files and System registry, Rights).

6. Select the required resource and right-click the corresponding action, in the context menu

of an action set the necessary value (Allow, Block or Prompt for action).


7. Click the OK button, to save the changes.

You can disable application of group rules to control access to selected categories of protected

resources. Application access to such resources will be regulated by the application rules.

To disable inheritance of group rules to access resources, perform the following actions:

1. Open the application settings window.

2. In the left part of the window under Protection select the Application Control component.

3. In the right part of the window click the Applications button.

4. In the Applications window select the necessary program from the list.

5. Click the Edit button in the top part of the window.

6. In the Application rules window go to the tab which corresponds the necessary category of

resources (Files and System registry, Rights).

7. Select the required resource and right-click the corresponding action, in the context menu of

an action select the Inherit item.


8. Click the OK button, to save the changes.

Application rules have a higher priority than group rules.

For example, if an application rule allows the Internet access, and in the rules of the group, into

which the application is included, the Internet access is denied, in this case the application will

get access to the system resources.

Setting exclusions

You can also exclude some actions form the application rules. Kaspersky PURE 3.0 will not

control actions added to the application exclusions.

To add exclusion to the application rule, perform the following actions:

1. Open the Settings window.

2. In the left part of the window under Protection select the Application Control component.

3. In the right part of the window click the Applications button.

4. In the Applications window select the application from the list and click the Edit button in

the top part of the window.

5. In the Application rules window go to the Exclusions tab.

6. Check the actions which should not be controlled.


7. Click the OK button, to save the changes.

When excluding network traffic of the application you can configure additional exclusion settings,

such as remote IP-addresses or network ports.

Inheriting restrictions of the parent process

Application startup may be initiated either by the user or by another application running. If the

startup is initiated by another application, it creates a startup procedure including parent and child

applications.

A parent application is an application which initiated startup of another application.

A child application is an application whose startup was initiated by another application.

When an application attempts to obtain access to a protected resource, Application Control

analyzes the rights of all parent processes of this application, and compares them to the rights

required to access this resource.

Access right priority:

► Allow. An application or group is allowed to perform an action with the resource. Access

right data has the highest priority.

► Prompt for action.

► Block. An application or group is blocked from performing any actions with the resource.

Access right data has the lowest priority.

You should modify the rights of a parent process only if you are absolutely certain that the

process' activities do not threaten the security of the system.

To disable inheritance of restrictions from the parent process, perform the following steps:

1. Open the Settings window.


2. In the left part of the window, in the Protection Center section, select the Application

Control component.

3. In the right part of the window, click the Applications button.

4. In the Applications window, select the required application from the list.

5. Click the Edit button.


6. In the Application rules window go to the Exclusions tab.

7. Check the Do not inherit restrictions from the parent process (application)

box.


Modifying the storage time for rules

By default, the rules for applications which have not been started for the 60 days are deleted

automatically.

You can modify the storage time for rules for unused applications, or disable rules' automatic

removal.

To set the storage time for rules, perform the following actions:

1. Open the Settings window.

2. In the left part of the window under Protection select the Application Control

component.

3. In the right part of the window in the Additional section check the Delete rules for

applications that are not started for more than box and enter the number of days.


4. In the Settings window click the Apply button.

To disable automatic deletion of rules for unused applications, in the right part of the Settings

window in the Additional section, uncheck the Delete rules for applications that are not

started for more than box.


Identity protection

Application Control manages the applications' rights to take actions on various resource

categories. Two categories of resources were distinguished in Kaspersky PURE 3.0: the

operating system and identity data.

The Operating system category includes the following system resources:

► registry keys with autorun parameters;

► registry keys with parameters of work on the Internet;

► registry keys which influence system security;

► system files and folders;

► autorun folders.

Registry is a hierarchical settings database in most Microsoft Windows operating systems.

The Identity data category includes the following resources:

► user’s files (the folder My Documents, files cookies, data about user’s activity);

► files, folders and registry keys which contain working parameters and important data of

the most frequently used applications: Internet-browser, file managers, mail clients,

Internet-pagers and electronic purses.

Cookies files are files saved on the user’s computer. These files store personal data of the user

(for example, password and login) used during the visit of various sites or when returning to the

site after some time. Each site has its own cookie file.

You cannot delete this list. However, you can disable their protection by unchecking a box next to

a category.

You can also expand this list by adding user categories and / or individual resources.

To expand the list of system resources for the Operating system category, perform the following

actions:

1. Open the Settings window.

2. In the left part of the window in the Protection section select the Application Control

component.

3. In the right part of the window click the Identity protection button.


4. In the Digital Identity Protection window on the Operating system tab from the dropdown

list in the Category section, select a category.

5. In the top left part of the window click the Add link to add an additional resource to the

selected category. Select the resource type (File or folder or Registry key).


6. In the User resource window click the Browse button.

7. In the Select file or folder window select a resource and click the OK button.

8. In the User resource window click the OK button.

9. The added resource will be displayed in the Digital Identity Protection window.

After you add a resource, you can edit or remove it using the respective buttons in the top

part of the tab. To disable the control of a resource or category, uncheck the box next to it.


10. In the Digital Identity Protection window click the OK button.

11. In the Settings window click the Apply button.

To expand the list of system resources for the Identity Data category, perform the following

actions:

1. Open the Settings window.

2. In the left part of the window in the Protection section select the Application Control

component.

3. In the right part of the window click the Identity protection button.


4. In the Digital Identity Protection window on the Identity data tab select a category from

the drop-down menu in the Category section.

5. In the top left part of the window click the Add category button to add a new category of

resources.

6. In the Identity data category window enter the name of a new group and click the OK

button


7. In the Digital Identity Protection window click the Add button to add an additional

resource to the selected or added category.

8. In the User resource window click the Browse button.


9. In the Select file or folder window select a resource and click the OK button.

10. In the User resource window click the OK button.

11. A newly added resource will be displayed in the Digital Identity Protection window.

After you add a resource, you can edit or remove it using the respective buttons in the top

part of the tab. To disable the control of a resource or category, uncheck the box next to it.

12. In the Digital Identity Protection window click the OK button.

13. In the Settings window click the OK button.


System Watcher

System Watcher in Kaspersky PURE 3.0 collects data about applications actions on your

computer and provides information to other components for improved protection.

System Watcher also includes the Exploit Prevention component which scans computer for

vulnerabilities, analyzes and monitors actions of programs and applications with vulnerabilities.

In Kaspersky PURE 3.0 you can configure the System Watcher settings to perform a specified

action when the application’s activity matches with the pattern of dangerous activity.

System Watcher also allows you to roll back actions performed by malicious programs.

Enabling/disabling System Watcher

By default, System Watcher is enabled, running in a mode that depends on the current mode of

Kaspersky PURE 3.0 — automatic or interactive.

You are advised to avoid disabling the component, except for emergency cases, since this

inevitably impacts efficiency of other protection components operation that may request the data

collected by System Watcher in order to identify the potential threat detected.

To disable System Watcher, perform the following actions:

1. Open the application settings window.

2. In the left part of the window under Protection select System Watcher.

3. In the right part of the window

► uncheck the Enable System Watcher box, if you want to disable the component.

► check the Enable System Watcher box, if you want to enable the component.


4. Click the Apply button.

Exploit prevention

A technology of exploit prevention has been added to Kaspersky PURE 3.0.

Exploit is a threat which uses errors and system or program vulnerabilities to get control over

computer, steal personal data and perform other malicious actions.

Exploits run malicious codes using vulnerabilities of programs and operating systems. The

system can be infected by opening a special document (Office document, PDF-file or even

picture) or web browser which will be redirected to an infected website. Infected links or files can

be received via email systems, instant messengers or social networks.

Usually, to launch exploits cyber criminals use common applications such as Adobe Flash,

Adobe Reader, Java Runtime Environment, web browsers or operating system Windows.

Kaspersky PURE 3.0 uses different methods to protect your computer from exploits. Signatures

updated with the application databases allow to detect malicious objects (for example, attached

to messages) before a message with such objects is open. Protective technologies allow to

detect and block malicious files at launch. Vulnerability Scan allows to detect vulnerabilities on

the computer and update vulnerable applications installed on the computer. The best way to

protect your computer from exploits is to regularly update components of the operating system

and installed applications.

However, in some cases main protection methods can be not effective, for example, against new

and unknown exploits. To protect your computer from such exploits, Kaspersky PURE 3.0

includes a special technology of exploit prevention. The technology is based on exploit analysis

and includes the following protection methods:

► Control of executable files start from vulnerable applications and web browsers (for

example, an attempt to run an executable file by a program designed for viewing

documents).

► Controls of suspicious actions of vulnerable applications (for example, if the rights of a

running vulnerable application are exceeded and it writes itself into other system memory

processes).

► Analysis of previous program starts (for example, whether the program was started by the

user or by an exploit).

► Tracking a source of a malicious code (for example, a web browser that started download

of an infected file; remote web address).

► Preventing application vulnerabilities use.

If an exploit is detected, Kaspersky PURE 3.0 blocks the application activity, allows activity or

prompts for an action depending on the selected protection mode.

If the automatic protection mode is enabled and suspicious activity is detected, Kaspersky PURE

3.0 automatically blocks or allows activity. If the activity is blocked, information about the activity

is added to the report of Exploit Prevention.

If the interactive protection mode is enabled and suspicious activity is detected, Kaspersky PURE

3.0 prompts the user for an action.

You can also select a specific action to be performed on detected suspicious activity. You can

select one of the following actions: allow activity or block activity.


Enabling/disabling Exploit Prevention

The Exploit Prevention function is enabled by default. In order to enable/disable Exploit

Prevention, perform the following actions:

1. Open the application settings window.

2. In the left part of the Settings window in the Protection Center section select System

Watcher.

3. In the right part of the Settings window:

► Check the Enable Exploit Prevention box if you want to enable Exploit

prevention.

► Clear the Enable Exploit Prevention box if you want to disable Exploit

prevention.

Setting exploit prevention

By default upon an attempt of unauthorized action the program defines an action over a detected

object on its own

You can configure Exploit prevention so that upon unauthorized actions the program would

block or allow this action. For this, do the following:

1. Make sure that in the System Watcher Settings window the option Enable Exploit

Prevention is enabled and click the Settings button next to it.


2. In the Exploit Prevention Settings window select an action to be performed upon

unauthorized action:

► Select action automatically;

► Allow action;

► Block action.

3. In the Exploit Prevention Settings window click the OK button.

4. In the Settings window click the Apply button.

If you want to define actions of Exploit prevention for each unauthorized operation, then enable

Interactive protection mode. For this, do the following:

1. In the left part of the Settings window go to the Protection Center section. In the left

menu select General Settings.

2. In the Interactive protection section deselect the Select action automatically box.

3. In the Settings window click the Apply button.


Interactive mode can be enabled for the whole program only. If you enable interactive

protection mode, then you will have to define actions for each object detected by any Kaspersky

PURE 3.0 component.

4. In the left part of the Settings window select System Watcher.

5. Make sure that in the System Watcher Settings window the Enable Exploit Prevention

box is checked. Click the Settings button next to the option.

6. In the Exploit Prevention Settings window select an action to be performed upon

unauthorized operation:

► Prompt for action

► Allow action

► Block action

7. In the Exploit Prevention Settings window click the OK button.

8. In the Settings window click the Apply button.


Using patterns of dangerous behavior (BSS)

Patterns of dangerous activity (BSS, Behavior Stream Signatures) contain sequences of

actions typical of applications classified as dangerous. In addition to exact matching between

applications' activities and patterns of dangerous activity, System Watcher also detects actions

that partly match patterns of dangerous activity, being considered suspicious based on the

heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for action

regardless of the operation mode.

Upon detection of a new virus or new modification of already known malware the application

does not update the entire System Watcher component, but simply adds a new template to the

database of heuristics and updates it together with the Kaspersky Lab databases. Heuristic

analysis allows to block actions of other malicious software with similar behavior.

To select the action that the component should perform if an application's activity matches a

pattern of dangerous activity, perform the following actions:

1. Open the application settings window.

2. In the left part of the window under Protection select System Watcher.

3. In the right part of the component settings in the Heuristic Analysis section check the

Use behavior stream signatures (BSS) box.

4. In the On detecting malware activity section perform the following actions:

► Select the Select action automatically variant (if the automatic protection mode is

enabled). In this case System Watcher will automatically apply an action

recommended by Kaspersky Lab specialists.


► Select the Prompt for action variant (if the interactive protection mode is enabled).

In this case System Watcher will notify you of any suspicious activity detected in

the system and will prompt for action: allow or block activity.

► Choose the Select action variant and click the Delete button to select an action:

Delete;

Terminate the malicious application (all processes of the malicious

application will be terminated);

Skip (System Watcher takes no actions on the application).

5. Click the Apply button.

Rolling back actions performed by malware

You can use the product feature for rolling back the actions performed by malware in the system.

To enable a roll-back, System Watcher should log the history of program activity.

By default, Kaspersky PURE 3.0 rolls back relevant operations automatically when the protection

components detect malicious activity (rolling back actions after malicious activity is detected in

the system can be initiated either by the System Watcher component based on patterns of

dangerous activity, or during virus scan task or File Anti-Virus operation).

When running in interactive mode, System Watcher prompts the user for action. You can specify

the operation which should be performed whenever malicious activity is detected. The procedure

of rolling back malware operations affects a strictly defined set of data. It causes no negative

consequences for the operating system or data integrity on your computer.

To configure rollback of malware operations, perform the following actions:


1. Open the application settings window.

2. In the left part of the window under Protection select System Watcher.

3. In the right part of the component settings in the Rollback of malware actions section

specify actions that System Watcher should perform if it has a possibility to roll back

changes made by a malicious program:

► Select the Select action automatically variant (if the automatic protection mode is

enabled). In this case System Watcher will automatically apply an action

recommended by Kaspersky Lab specialists.

► Select the Prompt for action variant (if the interactive protection mode is enabled). In

this case System Watcher will notify you that rollback is necessary and will prompt for

action: perform or cancel rollback.

► Select action

If you choose the Select action variant, select an action from the drop-down list:

Roll back

Do not roll back

Pay attention, you can limit the amount of data stored for rollback by clicking the Limit data to be

stored for rollback box in the Rollback of malware actions section. Specify the maximum

amount of stored information.


Firewall

What is Firewall

Today computers have become quite vulnerable when on the Internet. They are subjected not

only to virus infections but other types of attacks as well that take advantage of vulnerabilities in

operating systems and software.

Kaspersky PURE 3.0 contains a special component – Firewall – to ensure your security on local

networks and the Internet. Firewall applies rules to all network connections.

A Firewall rule is either an allowing or blocking action performed by Firewall once it detects a

connection attempt.

Protection against various types of attacks is performed on two levels: network and application.

Protection on the network level is performed by using global packet filtration rules where

network activity is allowed or blocked based on analyzing settings such as:

► packet direction;

► the data packet transfer protocol;

► the outbound packet port.

A network package is a block of information transferred in the network. As a rule the package

consists of the header (package information, such as the creation date, size, recipient and etc),

the body (the transferred information itself) and the ending (checking information which

guarantees that the package was not changed during the transfer).

Protection on the application level is applying application rules for using network resources to

the applications installed on your computer. Like the network protection level, the application

protection level is built on analyzing data packets for direction, transfer protocol, and what ports

they use. However, on the application level, both data packet traits and the specific application

that sends and receives the packet are taken into account. Using application rules helps you to

configure more specific protection when, for example, a certain connection type is banned for

some applications but not for others.

Enabling/disabling Firewall

By default, Firewall is enabled. You can disable Firewall if needed.

To enable or disable Firewall, perform the following actions:

1. Open the main application window.

2. In the top right corner click the Settings button.

3. In the left part of the window in the Protection section select the Firewall component.

4. In the right part of the window perform the following:

► uncheck the Enable Firewall box, if you need to disable the component.

► check the Enable Firewall box, if you need to enable the component.


5. In the Settings window click the Apply button.

Changing the network status

To ease configuration and application of network rules, all network space in Kaspersky PURE 3.0

is divided into security zones. Frequently, these security zones coincide with the subnetworks

into which the computer is included. You can specify manually the status to each zone. The

policy of rules application and control of network activity in this zone are defined based on the

assigned status:

► Public network (Internet). We recommend that you select this status for networks

not protected by any anti-virus applications, firewalls or filters (for example, for

Internet cafe filters). Users of such networks are not allowed to access to files and

printers located on or connected to your computer. Even if you have created a

shared folder, the information in it will not be available to users from networks with

this status. If you allowed remote access to the desktop, users of this network will

not be able to obtain it. Filtering of the network activity for each application is

performed according to the rules for this application. By default, this status is

assigned to Internet.

► Local network. We recommend that you assign this status to networks to which

users you wish to grant access to files and printers on your computer (for example,

for your internal corporate network or home network).

► Trusted network. This status is only recommended for areas that you consider

absolutely safe within which your computer will not be subjected to attacks or

unauthorized attempts to gain access to your data. If you select this status, all

network activity is allowed within this network.


You can specify manually the status of a new network in the notification window which appears

once a new network is detected.

In order to change the network connection status, perform the following actions:

1. In the settings window of the Firewall component in the Networks section right-click the

required connection.

2. From the context menu select the necessary network status (Public, Local or Trusted

network).

3. Click the Apply button.

Firewall rules

There are two Firewall rule types, used to control network connections:

► Packet rules are used to create general restrictions on network activity, regardless of the

applications installed. Example: if you create a packet rule that blocks inbound connections

on port 21, no applications that use that port (an ftp server, for example) will be accessible

from the outside.

► Rules for applications are used to create restrictions on network activity for specific

applications. Example: If connections on port 80 are blocked for each application, you can

create a rule that allows connections on that port for Firefox only.

Packet rules have higher priority than application rules. If both packet rules and rules for

applications are applied to the same type of network activity, this network activity is processed

using the packet rules.

Creating a packet rule

All network connections on your computer are monitored by Firewall. Firewall assigns a specific

status to each connection and applies various rules for filtering of network activity depending on

that status, thus, it allows or blocks a network activity.

Packet rules are used in order to restrict packets transferring regardless applications.

You can specify an action performed by Firewall if it detects the network activity:

► Allow

► Block

► By application rules. The packet rule is not used, but the rule for the application is used.

The Allow or Block rules can be logged. In order to do this, check the Log events box in the

Action section.


To create a packet rule, for example, to allow remote access to your computer desktop, please

do the following:

1. In the right part of the Firewall settings window in the Network rules section, click

the Settings button.

2. In the Firewall window go to the Packet rules tab.


3. Click the Add button in the top part of the window. In the Network rule window that

opens specify the settings for a rule.

4. In the Network rule window in the Action section select the Allow variant.


5. In the Name section click an arrow next to the input field and select the Remote

Desktop item.

6. In the Address section select Any address.


7. Check the Log events box if you want to log actions performed according to the

rule.

8. In the Network rule window click the OK button. The created rule appears in the list

of packet rules on the Packet rules tab.

9. In the Firewall window click the OK button.

10. In the Settings window click the Apply button.


Now any user has remote access to your desktop.

Editing packet rules

All packet rules (default or created by the user) can be edited. For example, if you want to block

remote access to your computer desktop, then edit the Remote Desktop packet rule:

1. In the right part of the Firewall Settings window click the Settings button.

2. In the Firewall window go to the Packet rules tab.

3. In the list of packet rules select the Remote Desktop rule.


4. Click the Edit button. In the Network rule window that opens you can edit the settings of

the selected rule.

5. In the Action section change the Allow variant to Block.

6. In the Address section select the Subnet address variant and choose the Public

networks item from the displayed list.

7. In the Network rule window click the OK button.

8. The made changes are displayed in the Firewall window on the Packet rules tab in the

list of packet rules: for the Remote Desktop rule the network type in the Address column will


change to Public networks, and an allowing icon in the Permission column will change to a

blocking icon.

9. In the Firewall window click the OK button.

10. In the Settings window click the Apply button.

Now only users of local and trusted networks have access to your computer desktop.


Creating application rules

You can create applications 14 rules for more subtle filtering of the network activity, edit rules for a

group of applications or for an individual application in a group.

Custom rules for individual applications have a higher priority than the rules inherited from a

group.

When creating an application rule, you can define an action to be performed by Firewall upon

detection of this type of the network activity when working with an application:

► Allow;

► Block;

► Prompt (user) for action.

An allowing or blocking action of a rule can be displayed in a report, for this during the rule

creation in the Action section, check the Log events box.

To create a rule for an individual application, for example a rule blocking the QIP internet pager

any network activity outside your local and trusted networks, perform the following actions:

1. In the right part of the Settings window in the Network rules section click the Settings

button.

2. In the Firewall window on the Application rules tab select QIP 2012.

3. Click the Edit button in the top part of the window.

4. In the Application rules window that opens, go to the Network rules tab.

14 Application rules monitor connections only by TCP and UDP protocols.


5. At the top of the window click the Add button.

6. In the Network rule window perform the following actions:

► In the Action section select the Block action.

► In the Name section select the Any network activity service.

► In the Address section select the Subnet address variant and in the displayed list

select Public networks.

► Check the Log events box if you want to log actions performed according to the rule.

► Click the OK button.


7. The created rule will appear in the Application rules window on the Network rules tab

in the list of rules for QIP 2012.


8. Click the OK button in the Application rules window.

9. In the Firewall window click the OK button.

10. In the Settings window click the Apply button

Editing an application rule

For the default network rules created by Kaspersky PURE 3.0 only actions can be edited (such

rules cannot be deleted). For this, perform the following actions:

1. In the right part of the Settings window in the Network rules section click the Settings button.

2. In the Firewall window on the Application rules tab select a required application.

3. Click the Edit button. In the Application rules window that opens, go to the Network rules

tab.

4. From the list of rules for an application, select a rule whose action you want to change.

5. In the Permission column for the selected rule right-click the action icon.

6. From the context menu select the required action:

► Allow

► Block

► Prompt for action

7. In the Application rules window click the OK button.

8. In the Firewall window click the OK button.

9. In the Settings window click the Apply button.

For a network rule created by the user you can edit all earlier created settings. For this, perform

the following actions:


1. In the right part of the Settings window in the Network rules section click the Settings

button.

2. In the Firewall window on the Application rules tab select an application whose rule

you want to edit.

3. Click the Edit button. In the Application rules window that opens, go to the Network

rules tab.

4. From the list of rules select a rule you want to edit.

5. Click the Edit button at the top of the window.

6. In the Network rule window change the required settings.


7. In the Network rule window click the OK button.

8. In the Application rules window click the OK button.

9. In the Firewall window click the OK button.

10. In the Settings window click the Apply button.

Configuring network service

When creating any network rule you should specify the network service. Settings characterizing

the activity of the network for which a rule is created are described by the network service.

You can select type of the network activity from the list or create a new type.

Network service includes the following parameters:

Name. Preferably use the names which would explicitly describe the rule. For example,

DNS over TCP.


Protocol. Firewall restricts connections via TCP, UDP, ICMP, ICMPv6, IGMP and GRE 15

protocols. If protocol ICMP or ICMPv6 was selected as the protocol, you can specify the

type and the code of the ICMP packet.

Direction. Firewall controls connections with the following directions:

15 TCP, UDP, ICMP, ICMPv6, IGMP, GRE are protocols (sets of rules) of the data transfer in the network.

ICMP-packet —is a packet which contains the error message about the error or any other exceptional situation

which occurred during the data transfer. The fields’ code and type of the ICMP-packet correspondingly contain the

type and code of the occurred situation.


o Inbound (stream). The rule is for network connections created from another

computer.

o Inbound/Outbound. The rule is for inbound and outbound data packets and data

streams regardless the direction.

o Outbound (stream). The rule is only for network connections created by your

computer.

Remote and Local ports. You can specify ports which are used by your and remote

computers for TCP and UDP protocols. These ports will be controlled by Firewall.

Allocating range of IP-addresses

While creating the rule's conditions you can specify the network service and the network address.

You can use an IP address as the network address or specify the network status. In the latter

case the addresses will be copied from all networks that are connected and have the specified

status at this moment.

You can select one of the following statuses:


Any address – the rule will be applied to any IP address;

Subnet address – the rule will be applied to IP addresses of all networks that are

connected and have the specified status at the moment:

► Trusted networks

► Local networks

► Public networks

Addresses from the list – the rule will be applied to IP addresses included into the

specified range. Select one of the existing lists of addresses. If no range of IP addresses in

any list satisfies you, create a new one. For this perform the following steps:

1. At the bottom of the section click the Add link.


2. In the IP address or DNS name window specify the addresses from the list.

3. Click the OK button.

4. In the Network rule window click the OK button.

A method to allocate IP-addresses using Classless Inter-Domain Routing (CIDR) 16 has been

implemented in Kaspersky PURE 3.0.

CIDR uses Variable Length Subnet Mask (VLSM) whereas in Class Inter-Domain Routing the

mask length is strictly set by 0, 1, 2 or 3 bytes.

For example, let’s take a record of the range of IP-addresses as 10.96.0.0/11. In this case the

subnet mask will look as 11111111 11100000 00000000 00000000, or as 255.224.0.0 in a

decimal view. 11 bits of the IP-address are allocated to the number of network; the other 21 bits

(32-11= 21) of the full address are allocated to the local address in the network. To sum up,

10.96.0.0/11 is a range of addresses from 10.96.0.1 to 10.127.255.255.

Remember, when defining CIDR-addressing in the networks of the IP-protocol version 4 (IPv4) in

any case the rule will be applied to the whole network.

To convert IP-addresses into CIDR Kaspersky Lab experts recommend using any web site

which provides free service of converting IP-addresses to CIDR-addressing (for example, the

web site http://ip2cidr.com/).

16 CIDR (Classless Inter-Domain Routing, CIDR) is the method of IP-addressing which allows managing the

range of IP-address flexibly, without rigid frames of the Class Inter-Domain Routing. CIDR allows using the end

resource of IP-addresses economically, thus enhancing efficiency of Kaspersky PURE 3.0.


Extending the range of IP addresses

Each network matches one or more ranges of IP address. If you connect to a network, access to

subnetwork of which is performed via a router, you can manually add subnetworks accessible

through it.

Example: You are connecting to the network in an office of your company and wish to use the

same filtering rules for the office where you are connected directly and for the offices accessible

over the network.

Obtain network address ranges for those offices from the network administrator and add them.

To extend the range of network address, please perform the following:

1. In the right part of the Firewall settings window in the Networks section select an active

connection and click the Edit button.

2. In the Network connection window on the Properties tab in the Additional

subnetworks section click the Add link.


3. In the IP address window specify an IP address or address masks.

4. Click the OK button.

5. In the Network connection window click the OK button.

6. In the Settings window click the Apply button.

Changing the rule for a group of applications

Firewall analyzes the activity of each application running on your computer. Depending on the

threat rating, every application is included to one of the following groups:

► Trusted 17 . Trusted applications are applications with digital signatures of trusted vendors and

applications signatures of those are included to the trusted applications database. Activities

of such applications are monitored by File Anti-Virus and other protective components.

► Low Restricted 18 . Low restricted applications are applications which are without digital

signatures of trusted vendors and which are not included to the trusted applications

database. Nevertheless, the low risk rating is assigned to such applications.

► High Restricted 19 . High restricted applications are applications without digital signatures and

which are not included to the trusted applications database. The high risk rating is assigned

to such applications.

17 Applications of that group are allowed to perform any network activity irrespectively of the network status.

18 Applications of that group are allowed to perform any network activity in non-interactive mode. If you are using

the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection,

or create an application rule using the Wizard.

19 Applications of that group are not allowed to perform network activity in non-interactive mode. If you are using

the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection,

or create an application rule using the Wizard.


► Untrusted 20 . Untrusted applications are applications without digital signatures and which are

not included to the trusted applications database. Very high risk rating is assigned to such

applications.

You can modify rules for a whole group.

Custom rules for individual applications have a higher priority than the rules inherited

from a group. If you create an allowed rule for a whole group of applications and a prohibited

rule for a certain application from this group, then any network activity of a certain application will

be restricted according to a rule for this application, because it has a higher priority level.

In order to change rules for a group of applications, for example, if you want that low restricted

programs would have unrestricted rights to the network activity within the local networks, perform

the following actions:

1. In the right part of the settings window of the Firewall component in the Network rules

section click the Settings button.

2. In the Firewall window go to the Application rules tab.

3. Select the Low restricted group of applications.

4. Click the Edit button.

20 Any network activity is prohibited for the applications of that group.


5. In the Group rules window go to the Network rules tab and click the Add button.


6. In the Network rule window in the Action section select Allow, and in the Name section

select Any network activity and click the OK button.

7. In the Network rule window click the OK button.

8. In the Firewall window click the OK button.

9. In the Settings window click the OK button.

Now all applications of the Low Restricted group have unrestricted right to the network activity.


Changing the rule priority

The priority of a rule is determined by its position on the list of rules. The first rule on the list has

the highest priority. Each packet rule created manually will be added to the end of the list of

packet rules.

Application groups are integrated by the name of the program and rule priority applies to a

definite group only.

Manually created rules for applications have a higher priority, than the rules inherited from the

group.

To change the rule priority, please perform the following actions:

1. In the right part of the settings window of the Firewall component in the Network rules

section click the Settings button.

2. In the Firewall window go to the Application rules tab select the required application.

3. Click the Edit button.

4. The Application rules window opens. Go to the Network rules tab.

5. Select a rule and move it to the required place in the list by clicking the Move up and

Move down button.

6. In the Application rules window click the OK button.

7. In the Firewall window click the OK button.

8. In the Settings window click the Apply button.

Configuring notifications of changes in the network


Network connection settings can be changed during the work. You can receive notifications of the

following modifications in the settings:

When network connection is established.

When the correspondence between MAC address and IP address is changed. The

notification will appear if IP address of a network computer was changed.

When new MAC address appears. The notification appears if a new computer was added

to the network.

Pay attention, that notifications about changes in the work can be configured only for the

networks with the status Local or Trusted network.

To enable notification about changes to network connection settings, please perform the

following:

1. In the right part of the Firewall settings window in the Networks section select an active

connection and click the Edit button.

2. In the Network connection window go to the Additional tab.

3. Check the boxes next to the events whose notifications you want to receive.


4. In the Network connection window click the OK button.

5. In the Settings window click the Apply button.

Advanced Firewall settings

You can specify additional settings of the Firewall operation:

► Allow active FTP mode. Active mode suggests that to ensure connection between the

server on the client computer a port to which the server will connect will be opened on the

client computer (unlike the passive mode when the client connects to the server). The mode

allows to control which exactly port will be opened. The mechanism works even if a blocking

rule was created. By default, active FTP mode is allowed.

► Block connections if there cannot be prompted for action (application interface is not

loaded). This setting allows to avoid disruption of the Firewall operation when the interface of

Kaspersky PURE 3.0 is not loaded. This is the default action.

► Do not disable Firewall until the system totally stops. This setting allows to avoid

disruption of the Firewall operation until the system is completely stopped. This is the default

action.

By default all settings are enabled.

To modify advanced Firewall settings, please perform the following:

1. In the right part of the Firewall settings window in the Network rules section click the

Settings button.


2. In the Firewall window go to the Packet rules tab and click the Additional button.

3. In the Additional window check or uncheck the boxes next to the required settings and

click the OK button.


4. In the Firewall window click the OK button.

5. In the Settings window click the Apply button.

Firewall working features

When working with the Firewall component you should remember about the following

peculiarities:

► Firewall rules do not influence Network Attack Blocker;

► For the zone Local network ICMP packages are always allowed.


Network Attack Blocker

What is Network Attack Blocker

The Network Attack Blocker from Kaspersky PURE 3.0 loads during the operating system

launch, and scans incoming network traffic for activities characteristic of network attacks.

Network attack is a network activity aimed to remotely perform (usually malicious) actions on the

computer. Vulnerabilities in the operating systems and/or installed programs are used for network

attacks.

As soon as an attempt to attack the computer is detected, Network Attack Blocker blocks any

network activity of the attacking computer towards your computer with Kaspersky PURE 3.0

installed.

A notification will appear on the screen that a network attack has been attempted, with specific

information about the computer that attacked you.

Descriptions of currently known network attacks and methods to fight them are provided in

application databases and are updated upon update of databases.

Enabling/Disabling Network Attack Blocker

By default, Network Attack Blocker is enabled and functions in the optimal mode. You can

disable Network Attack Blocker if necessary the following way:

1. Open the application settings window.

2. In left part of the window in the Protection section select the Network Attack Blocker

component.

3. In the right part of the window perform the following actions:

► If you need to disable the component, uncheck the Enable Network Attack Blocker

box.

► If you need to enable the component, check the Enable Network Attack Blocker box.

4. In the Settings window click the Apply button.


Changing blocking settings

By default, Network Attack Blocker blocks the activity of a computer making an attack for one

hour. You can cancel blockage of the selected computer or change the time of blockage.

To change the time for which the attacking computer will be blocked:

1. In the right part of the Settings window check the Add attacking computer to blocked list

for box and enter the blocking time.

2. Click the Apply button.


To unblock an attacking computer, perform the following actions:

1. Open the application main window.

2. Select the Computer Protection section.


3. In the bottom left corner of the Protection Center window click the Network

Monitor link.

4. In the Network Monitor window on the Blocked computers tab select a blocked

computer and unblock it using the Unblock link.


Anti-Spam

What is Anti-Spam

The Anti-Spam component filters all incoming mail for unwanted mail (spam) and sorts it

according to the settings configured by the user.

Enabling/Disabling Anti-Spam

By default, the Anti-Spam component is enabled and functions in the optimal mode.

In order to enable or disable Anti-Spam in Kaspersky PURE 3.0, perform the following actions:

1. Open the main application window.

2. In the top right corner of the widow click the Settings button.

3. In the left part of the window in the Protection section select the Anti-Spam component.

4. In the right part of the window in the Anti-Spam section perform the following actions:

► If you want to enable the component, check the Enable Anti-Spam box.

► If you want to disable the component, uncheck the Enable Anti-Spam box.

5. In the Settings window click the Apply button.

Security levels of Anti-Spam

The Anti-Spam component uses two methods to fight spam. Using the first (―exact‖) method,

Anti-Spam defines a message as unwanted by typical phrases, unwanted senders (whose

addresses are already added to the Anti-Spam database), malicious or phishing links. The

second (―expert‖) method allows to evaluate probability of spam, based on the analysis of the text

in the message and its service information.


A security level is a set of predefined Anti-Spam settings which provide a scan level of incoming

and outgoing messages.

Kaspersky Lab specialists distinguish three security levels:

► High. This security level should be used if you receive spam frequently; for example, while

using free mail services. When you select this level, the frequency of false positives rises:

that is, useful mail is more often recognized as spam. When analyzing a message for

spam the Anti-Spam component calculates the potential rating: if the rating exceeds 50

but does not reach 80, the message is considered to be potential spam. If the rating

exceeds 80, then such message is labeled as spam. All messages with the rating less

than 50 are considered useful. At this level Anti-Spam analyzes all embedded documents

in the rtf. format for spam.

► Recommended. This security level should be used in most cases. When analyzing a

message for spam the Anti-Spam component calculates the potential rating: if the rating

exceeds 60 but does not reach 90, the message is considered to be potential spam. If the

rating exceeds 90, then such message is labeled as spam.

► Low. This security level should be used if you rarely receive spam, for example, if you are

working in a protected corporate email environment. When this level is selected, spam and

potential spam messages are less frequently recognized. When analyzing a message for

spam the Anti-Spam component calculates the potential rating: if the rating exceeds 80 but

does not reach 90, the message is considered to be potential spam. If the rating exceeds

99 out of 100, then such message is labeled as spam.

The higher the security level, the higher the protection from spam.

To modify the security level in Anti-Spam, perform the following actions:

1. In the component settings window in the Security level section drag the vertical slider

to the necessary position.

2. In the Settings window click the Apply button.


Customizing security level

To customize the security level of the Anti-Spam component, click the Settings button.


Exact methods

On the Exact methods tab you can enable/disable filters which Anti-Spam will use to scan a

message.

You can specify the range within which Anti-Spam will recognize messages as spam:

► If it contains phishing elements

► If it contains URLs from the database of malicious URLs


Anti-Spam can compare links in mail messages with the list of suspicious and phishing URLs.

These lists are included in the distribution kit of Kaspersky PURE 3.0. If a phishing or suspicious

link is detected in a message, or if a message contains any phishing element, such message is

recognized as spam.

Clicking the Additional button next to the If it contains phishing elements box allows to enable

heuristic analysis when scanning emails for phishing and to set the necessary detail level of

analysis.

► If it is from a blocked sender

In order to create a list of your addresses, perform the following actions:

1. In the Anti-Spam window on the Exact methods tab check the If it is from a

blocked sender.

2. Click the Select button.

3. In the Blocked senders window click the Add link.

4. In the Email address mask window enter an email address (for example,

usekaspersky@kaspersky.com) and click OK.


Mask is a template string that a phrase or an address is compared against.

Certain symbols in a mask are used to represent others: * substitutes any sequence of

characters, ? – any single character. If a mask uses such wildcards, it can match several phrases

or addresses.

If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be

preceded with the \ character to ensure that Anti-Spam recognizes it correctly. Thus, instead of

the * character you should use in masks the \* combination, the ? character should be

represented as \? (e.g., What's the time\?).

Sample phrase masks:

Visit our * – this mask corresponds to a message that begins with the words Visit our and

continues with any text.

Examples of address masks:

admin@test.com – the mask only matches the address admin@test.com.

admin@* – the mask matches the sender address with the admin name, for example,

admin@test.com, admin@example.org.

*@test* – the mask matches the address of any message sender from a domain beginning with

test, for example: admin@test.com, info@test.org.

info.*@test.??? – this mask corresponds to the address of any sender whose name begins with

info. and whose mail domain name begins with test. and ends with any three characters, for

example: info.product@test.com, info.company@test.org, not info.product@test.ru.

1. In order to quickly configure Anti-Spam on another computer, save the list of your

email addresses to a file by clicking the Export button and saving the file to a

specified location. At the next stage copy the file on any computer with Kaspersky

PURE 3.0 installed, open the Blocked senders window, click the Import link and

specify the path to the address file.


2. To edit/delete a record, highlight the record and click Edit/Delete.

3. When the list is created, in the Blocked senders window click the OK button.

► If it contains blocked phrases.

To create the list of blocked phrases, perform the following actions:

1. In the Anti-Spam window on the Exact methods tab check If it contains blocked

phrases box.

2. Next to the If it contains blocked phrases box click the Select button.


3. In the Blocked phrases window check the boxes next to the listed phrases. All

phrases in the list are selected by default.

4. To add a new phrase, click the Add link

5. In the Blocked phrase window enter a phrase (for example, viagra) or a phrase

mask (for example, *viagra*). Specify the weighting coefficient for the entered

phrase and click OK.

6. When the list is created, click the OK button in the Blocked phrase window

You do not have to delete a mask to stop using it; unchecking the corresponding box next to it

will be sufficient.


Kaspersky Lab experts have compiled the list of obscene words included in the distribution

package of Kaspersky PURE 3.0. The list contains obscene words that indicate with a high

probability that the message is spam if present. You can supplement the list by adding complete

phrases and their masks to it. For this, perform the following actions:

1. In the Blocked phrases window check the Classify as obscene words box. Click

the obscene words link to open the Explicit language window.

Before opening the Explicit language window you have to confirm you are of age.


2. Click the Add link and open the Blocked phrase window.

3. Enter an entire phrase or a phrase mask, specify the weighting coefficient and click

the OK button.

You do not have to delete a mask to stop using it; unchecking the corresponding box in

the Explicit language window next to it will be sufficient.

You can also configure to give the useful status (which does not refer to the Spam and Probable

Spam categories) to the following emails:

► If it is from an allowed sender

In order to create a list of allowed senders, perform the following actions:

1. On the Exact methods tab check the If it is from an allowed sender box.

2. Next to the checked box click the Select button.


3. In the Allowed senders window check the boxes next to allowed senders. If no

sender has been added to the list, the list will be empty. To add a sender to the list,

go to the next step.

4. To add a new sender:

Click the Add link;

In the Email address mask window enter email address (for example,

usekaspersky@kaspersky.com) and click the OK button.

In Kaspersky PURE 3.0 all information about operation of the Anti-Spam

component is received from the ―cloud‖ which already contains the database of

sample spam messages. However, you can additionally configure loading

addresses from the list of Allowed senders. For this, in the Allowed senders

window check the Add allowed senders’ addresses when training Anti-Spam

box. If you want to disable the option, uncheck the box.


5. In the Allowed senders window click the OK button.

If it contains allowed phrases

To create the list of allowed phrases, which would not be considered by Anti-Spam as spam,

perform the following actions:

1. On the Exact methods tab check the If it contains allowed phrases box.

2. Next to the checked box click the Select button.

3. In the Allowed phrases window check the boxes next to the listed phrases. If no

phrase has been added, the list will be empty. To add a new phrase, go to the next

step.

4. To add a new phrase:

Click the Add link;

In the Allowed phrase window enter a phrase (for example, kaspersky.com)

and click the OK button.


Expert methods

5. When the list is ready, in the Allowed phrases window click the OK button.

Anti-Spam can add appropriate labels to the message recognized after analysis as spam or

potential spam. This value is called a spam factor.

Having processed a message, Anti-Spam assigns one of the following statuses to it:

► Spam

► Probable spam

► Useful email

On the Expert methods tab you can specify the maximum and the minimum values for the

Spam and Probable spam rate, by changing the Anti-Spam security level.


In order to change the values of the spam rate, upon whose exceeding a status Spam/Probable

Spam will be assigned to the message, move the corresponding horizontal sliders or specify a

value using the arrow-buttons.

Additional

On the Additional tab you can:

► Specify what labels should be added to the subject of a message classified as

spam/probable spam;

► Enable/disable mail scan transferred by POP3, SMTP, IMAP protocols;


► Configure embedding and display of the component plugins in various mail clients

(Microsoft Office Outlook, Microsoft Outlook Express (Windows Mail),

Thunderbird, The Bat!);

In order to enable/disable additional settings, check/clear the corresponding options in the Anti-

Spam window and click OK.


Rolling back to Anti-Spam default settings

You can roll back to the default settings at any moment, after you have changed the Anti-Spam

settings. For this, perform the following steps:

1. In the settings window of the Anti-Spam component in the Security level section

click the Default button.

2. In the Settings windows click the Apply button.


Anti-Banner

What is Anti-Banner

Anti-Banner is a protection component designed to block banners on web pages, whose

addresses are added to the anti-virus databases of Kaspersky PURE 3.0.

Ads on banners may distract you from your business activity while banner downloads increase

the amount of inbound traffic.

Enabling/disabling Anti-Banner

By default, the Anti-Banner component in Kaspersky PURE 3.0 is disabled.

To enable Anti-Banner, perform the following actions:

1. Open the application settings window, by clicking the Settings button in the top right

corner of the window.

2. In the left part of the Settings window select the Protection section,

3. Select the Anti-Banner component.

4. In the right part of the window, check the Enable Anti-Banner box.

5. Click the Apply button.

Selecting the scan method

Anti-Banner may use various methods to scan addresses from which banner can be

downloaded:

► Use common banner list. The lists of URL masks from which most common ads

banners are downloaded are compiled by the Kaspersky Lab experts and are added

to the product distribution kit. With the scan method enabled Anti-Banner blocks ads

banners from the addresses which correspond to the masks in the list. If the scan


method is disabled, then Anti-Banner does not block banners from the addresses in

the list.

By default, this scan method is enabled.

► Resolve IP-addresses to domain names. This box enables / disables automatic

resolution of IP addresses to URLs on the lists of allowed / blocked banner addresses.

This box is unchecked by default.

You can specify which methods should be used by Anti-Banner. For this, perform the following

actions:

1. In the right part of the window, in the Scan methods group, check the boxes next to

the names of the methods that should be used.

2. Click the Apply button.

Creating the list of blocked and allowed banner addresses

Additionally to the scan methods Anti-Banner checks the banner addresses with the masks from

the list of blocked or allowed addresses if they are used.

Using the lists of blocked and allowed banners addresses, you can allow banners to be

downloaded for a specified group of addresses and block them for another group. Create a list of

blocked address masks to let Anti-Banner block download and display of banners from the

addresses that correspond to those masks. Create a list of allowed address masks to let Anti-

Banner download and display banners from the addresses that correspond to those masks.

To create a list of blocked addresses, do the following:

1. In the right part of the Settings window of the Anti-Banner component, in the

Additional section, check the Use the list of blocked URLs box.

2. Click the Settings button.


3. Click the Add button, to add a new mask.

4. In the Address mask (URL) window enter a blocked banner mask and click the OK

button.

5. When all the necessary masks are added, in the Blocked URLs window click the

OK button.

6. In the Settings window click the Apply button.

You do not have to delete a mask to stop using it, unchecking the corresponding box next to it

will be sufficient for the purpose.

To create and use the list of allowed addresses, perform the following actions:

1. In the right part of the Settings window of the Anti-Banner component, in the

Additional section, check the Use the list of allowed URLs box.


2. Click the Settings button.

3. Click the Add button, to add a new mask.

4. In the Address mask (URL) window enter an allowed banner mask and click the OK

button.

5. When all the necessary masks are added, in the Allowed URLs window click the OK

button.

6. In the Settings window click the Apply button.

To exclude a mask from the list of allowed URLs, uncheck the corresponding box next to the

address mask.


Exporting and importing the lists of addresses

After you have created the lists of allowed or blocked banner addresses, you can use them

repeatedly: for example, export banner addresses to a similar list on another computer with

Kaspersky PURE 3.0 installed on it.

To do this:

1. Make export – copy records from the list into a file.

2. Move the file you have saved to another computer (for example, send it by email or

use a removable data medium).

3. Make import – add the records from the file to the list of the same type on another

computer.

While exporting the list, you can copy either the selected list element only, or the entire list. While

importing the list, you can add the new elements to the existing list, or replace the existing list

with the one being imported.

To export banner addresses from the list of allowed or blocked URLs, perform the following

steps:

1. In the right part of the Settings window of the Anti-Banner component, in the

Additional section, click the Settings button located in the line with the name of the

list from which you should copy addresses into a file (list of blocked or allowed

URLs).


2. In the window that opens, check the boxes next to the addresses that you need to

include in the file.

3. Click the Export button.

4. In the window, take one of the following actions:

► click the Yes button if you need to include only selected addresses in the file;

► click the No button if you need to include the entire list in the file.


5. In the Save as window, enter a name for the file you want to save and click the Save

button.

To import banner addresses from a file to the list of allowed or blocked URLs, perform the

following actions:

1. In the right part of the Settings window of the Anti-Banner component, in the

Additional section, click the Settings button located in the line with the name of the

list into which you need to add addresses from a file (list of allowed or blocked

URLs).

2. In the window that opens, click the Import button.

3. If the list is not empty, a window opens offering you to add items to be imported. In

this window, take one of the following actions:

► click the Yes button if you want to add records from the file into the list;

► click the No button if you want to replace the existing records with the list from

the file.

4. In the Open file window, select the file with the list of records that you want to import

and click the Open button.

5. Click the OK button.

6. In the Settings window click the OK button.


Safe Money

What is Safe Money

Personal data leak during work with online banking systems may cause financial losses.

Therefore, users who work with online banking services need to be high protected. Kaspersky

PURE 3.0 includes a new service Safe Money. The service provides secure access to websites

of online banking and payment systems.

The Safe Money technology includes the following modules:

1. Trusted websites. When you open a web page of an online banking or payment system,

Kaspersky PURE 3.0 checks whether the address is included to the following lists:

created by Kaspersky Lab specialists and created by users. If the web page is included

to the lists, then your web browsers will be switched to the Safe Run mode. The mode

provides secure operations.

2. Secure connection. Kaspersky PURE 3.0 checks certificates of online banking and

payment systems. If the certificate cannot be confirmed, the application blocks the

website.

3. Safe environment. Your operating system will be analyzed for vulnerabilities each time a

bank or payment system website is opened. If vulnerabilities are detected, you will be

prompted to fix them. You can fix vulnerabilities by launching Windows Update. Once

the vulnerabilities are fixed the web site opens in the Safe Money mode.

Additionally, the following components provide secure data input:

► Virtual Keyboard. The keyboard is displayed on the screen and can be managed only by

a mouse.

► Secure keyboard. This is a new function added to Kaspersky PURE 3.0. The component

provides secure input from a hardware keyboard.

Once you finish work with an online banking or payment system, the web browser automatically

switches for Safe Run to the standard mode.

Enabling Safe Money

By default the Safe Money component is enabled. In order to make sure that the protection is

enabled, perform the following actions:

1. Open the application settings window.

2. In the Settings window go to the Protection tab and select the Safe Money component.

3. In the right part of the window, make sure the Enable Safe Money box is checked.


The Safe Money component can be enabled only when the application’s Self-Defense is

enabled.

In order to make sure that the application’s self-defense is enabled, perform the following

actions:

1. Open the application settings window.

2. In the left part of the window, go to the Protection tab and then select Self-Defense.

3. In the right part of the window, make sure the Enable Self-Defense box is checked.


Creating shortcut to Safe Money

During installation of Kaspersky PURE 3.0 the shortcut to quickly access the Safe Money

window is automatically created. If the shortcut was deleted by mistake and you want to create a

new shortcut, perform the following actions:

1. In the Settings window under Protection Center select the Safe Money component.

2. In the right part of the window click the Create shortcut button.


3. The Safe Money shortcut appears on the Desktop.

Creating list of banks and payment system websites

When you open an online banking or payment system web page, Kaspersky PURE 3.0 suggests

to open it in the Safe Money mode.

If a website does not use the secure HTTPS protocol, then Kaspersky PURE 3.0 does not

identify the website as a bank or payment system and does not suggest to open the website in

the Safe Money mode.

Also when you access a bank web page Kaspersky PURE 3.0 suggests to add the bank website

to the list of banking services. The list can be opened from the main application window and

from the Settings window


When you access the website next time, Kaspersky PURE 3.0 automatically performs the

selected action: opens the website in the protected browser or prompts the user for an action.

You can add a web address to the list of banking services by performing the following actions:

1. In the Settings window under Protection Center select the Safe Money component.

2. In the right part of the window in the Banks and payment systems websites section

click the Add button.


3. In the Website for Safe Money window perform the following actions:

► In the Bank or payment system website section enter the required web address,

for example, https://esk.sbrf.com.

► In the Description field enter a description for the address, for example, a bank

name.

► In the On access to this website section select the required action:

Prompt for action. In this case Kaspersky PURE 3.0 prompts the user to

open the website in the protected or standard browser.

Run the protected browser automatically. In this case the application will

automatically open the web page in the protected web browser.

Do not run the protected browser. In this case the web site will be opened

in standard unprotected mode.

4. Click the OK button.


5. In the Settings window click the Apply button.

In order to delete or change a web address of a bank or payment system in the list, select the

required item and click the Edit or Delete button correspondingly.

Enabling notifications about operating system vulnerabilities

If there are vulnerabilities in the system, Kaspersky PURE 3.0 cannot guarantee secure access

to online banking systems. Therefore, on each bank or payment system website access

Kaspersky PURE 3.0 scans the system for vulnerabilities.


In order to make sure the option of vulnerability scan on each access to payment systems is

enabled, perform the following actions:

1. In the Settings window under Protection Center select the Safe Money component.

2. In the right part of the window, make sure that the Notify about operating system

vulnerabilities box is checked.

3. Click the OK button.

Secure Data Input

What is Secure Data Input

When working on your computer, there are occasions when entering of your personal data, or

username and password are required. That happens, for example, during account registration

on web sites, web shopping or Internet banking. There is a risk that this personal information is

intercepted using hardware keyboard interceptors or keyloggers, which are programs that

register keystrokes. Then, the stolen data is transferred to a cybercriminal via the Internet.

Kaspersky PURE 3.0 includes the Virtual Keyboard and Secure keyboard input modules. The

modules protect personal data from being intercepted by spyware.

Configuring Virtual Keyboard

To open the Virtual Keyboard using the computer keyboard, use the following key combination:

CTRL+ALT+SHIFT+P. By default, the option of quick access to the keyboard is enabled.

If you want to disable launch of Virtual Keyboard by pressing the key combination, perform the

following actions:

1. Open the application settings window.


2. Go to the Protection tab and in the left part of the window select the Secure Data Input

component.

3. To disable launch of Virtual Keyboard by pressing the key combination, clear the box

Open Virtual Keyboard by typing CTRL+ALT+SHIFT+P.

4. Click the Apply button.

By default, the option of quick access to Virtual Keyboard by clicking the icon in the data entry

fields is enabled. You can specify websites categories where the quick launch icon will be

displayed.

To select websites categories, perform the following actions:

1. Open the application settings window.

2. In the left part of the Settings window go to the Protection tab and then select Secure

Data Input.

3. In the right part of the window, make sure that the Show quick launch icon in data

entry fields box is checked.

4. Click the Settings button.


1. In the Virtual Keyboard window on the Categories tab, check the boxes for the required

categories:

► Banks

► Payment systems

► Mail

► Communication websites

► Social networking

2. Check the Show Virtual Keyboard quick launch icon in Safe Money fields box if you

want to enable additional protection when you enter your personal data on online banking

and payment systems websites.

3. Click the OK button.


Additionally, you can create lists of websites where the quick launch icon will be displayed and

where the icon will be hidden. To do this, perform the following actions:

1. In the right part of the Secure Data Input window, make sure that the Show quick

launch icon in data entry fields box is checked.

2. Click the Settings button.


3. In the Virtual Keyboard window on the Exclusions tab add required websites to the lists

be clicking the Add button in the corresponding section.


4. In the (Do not) Show quick launch icon window enter a required web address and

select one of the following options:

► (Do not) Show icon only on the specified web page;

► (Do not) Show icon on the whole website.

5. Click the OK button.

6. When all required web addresses are added to the lists, click the OK button.

Secure keyboard input

Kaspersky PURE 3.0 includes a new option of secure keyboard input. By default, the option will

be automatically enabled after first reboot of the computer after the application installation.

In order to make sure that the protection is enabled, perform the following actions:


1. Open the application settings window.

2. In the left part of the Settings window under Protection Center select Secure Data

Input.

3. In the right part of the window in the Secure keyboard input section, make sure that the

Enable secure keyboard input box is checked.

You can configure the module by selecting categories and websites on which secure keyboard

input will be enabled. To do this, perform the following actions:

1. In the right part of the window, make sure that the Enable secure keyboard input box is

checked.

2. Click the Settings button.


3. In the Secure Keyboard Input window on the Categories tab check the required boxes:

► Protect password fields on all websites;

► Enable secure keyboard input for Safe Money.

4. Select the required website categories by checking the corresponding boxes:

► Banks

► Payment systems

► Mail

► Communication websites

► Social networking

5. Click the OK button.


Also you can create lists of websites to configure (enable or disable) secure input from keyboard

on these websites. To do this, perform the following actions:

1. In the right part of the Secure Data Input window, make sure that the Enable secure

keyboard input box is checked.

2. Click the Settings button.

3. In the Secure Keyboard Input window on the Exclusions tab click the Add button in the

corresponding section.


4. In the (Un)Protected website window enter the web address and select one of the

following options:

► Enable/Disable protection only on the specified web page;

► Enable/Disable protection on the whole website.

5. Click the OK button.

6. Add all required web addresses to the list and then click OK to save the changes.


7. In the Settings window click the Apply button.

Threats and exclusions

Detecting definite types of threats

Kaspersky PURE 3.0 can detect hundreds thousands of malware programs that may reside on

your computer. Some of these programs impose a greater threat for your computer, others are

only dangerous when certain conditions are met. After the application detects a malware

application, it classifies it and assigns to it a danger level (high or medium).

Kaspersky Lab virus analysts distinguish three main categories:

► Malware programs (Malware) are created with the purpose to damage a computer and

its user, for example, to steal, block, modify or erase information, disrupt operation of a

computer or a computer network. Malware programs are divided into three subcategories:

Viruses and worms (Viruses\Worms) can create copies of themselves which are, in

turn, capable of creating their own copies. Some of them run without user's knowledge

or participation, others require actions on the user's part to be run. These programs

perform their malicious actions when run.

Trojan programs (Trojan programs) do not create copies of themselves, unlike

worms and viruses. They sneak into a computer, for example, via e-mail or using a

web browser when the user visits an "infected" website. To be launched they require

user's actions and start performing their malicious actions as they run.

Malware utilities (Malicious tools) are created specifically to inflict damage.

However, unlike other malware programs, they do not perform malicious actions

immediately as they are run and can be safely stored and run on the user's computer.


Such programs have functions used to create viruses, worms and Trojan programs,

arrange network attacks on remote servers, hacking computers or other malicious

actions.

► Potentially unwanted programs (PUPs), unlike malware programs, are not intended

solely to inflict damage. Potentially unwanted programs include adware, auto-dialers and

other potentially unwanted programs.

Adware display advertising information to the user.

Auto-Dialers do not harm the system directly but in case of careless use may lead to

considerable financial loses of the owner of the phone number from which dialing to a

paid resource is performed.

Other Riskware – more often than not they are useful programs used by many

computer users. However, if an intruder obtains access to these programs or install

them to the user's computer, such intruder can use their functionality to breach the

security.

► Compressed files. Such files exclude detecting malicious actions and make them difficult

to be analyzed by heuristic methods.

Potentially unwanted programs are installed using one of the following methods:

► They are installed by the user, individually or along with another program (for example,

software developers include adware programs into freeware or shareware programs).

► They are also installed by intruders, for example they include such programs into

packages with other malware programs, use "vulnerabilities" of the web browser or Trojan

downloaders and droppers, when the user visits an "infected" website.

By default the following types of threats are detected in Kaspersky PURE 3.0:

► Viruses and worms (their detection cannot be disabled);

► Trojan programs (their detection cannot be disabled);

► Malicious tools;

► Adware;

► Auto-dialers;

► Suspicious compressed files;

► Multi-packed objects.

In order to enable/disable detection of some types of threats, perform the following actions:

1. In the upper part of the Settings window under Protection select Threats and

Exclusions.

2. In the right part of the window in the Detection of the following threat types is

enabled section click the Settings button.


Exclusions

3. In the Detection scope window check/clear the box(es) for the types of threats

which should be\should not be detected.

4. In the bottom right corner of the window click OK.

5. In the Settings window click the Apply button.

Trusted zone is a list of objects created by the user whose work is not controlled by the program.

Namely, it is a set of exclusions from Kaspersky PURE 3.0 protection.


Trusted zone is created based on the list of trusted applications and exclusion rules

depending on the peculiarities of objects you are working with and programs installed on this

computer. You may need to add objects to trusted zone, for example if Kaspersky PURE 3.0

blocks access to an object or program, while you are sure that this object/ program is harmless.

For example, you consider that the objects used by the standard Microsoft Windows Notepad

are secure and do not have to be scanned. In other words, you trust this application. To exclude

the objects used by this process, add the application Notepad into the list of trusted

applications.

Some actions classified as dangerous can be normal indeed depending on application functions.

For example, hooking the text being typed is a normal action for automatic keyboard layout

switch programs (Punto Switcher, etc.). It is recommended to add such specific applications to

the list of trusted applications to disable monitoring of their activity.

When a program is added to the list of trusted, its file and network activity (including suspicious

activity) and queries to the system registry are not monitored. At the same time an executable file

and the process of a trusted program are still scanned for viruses. In order to fully exclude a

program from scan, you should use exclusion rules.

Excluding trusted applications from scan is a way to solve possible compatibility issues between

Kaspersky PURE 3.0 and other software (for example, network traffic from another PC which has

already been scanned by antivirus software). It also allows to increase performance of a

computer, which is essential when using software for servers.

In their turn, exclusion rules of trusted zone allow to work with legal software which can be used

by invaders to corrupt your computer or user’s data. Such programs do not have malicious

functionality, but can be used as an auxiliary component of a malicious program. The list of such

potentially dangerous software includes remote administrating programs, IRC-clients, FTPservers,

various tools to stop processes or hide their work, key loggers, password breaking

programs, auto-dialers and etc. As a result of work of Kaspersky PURE 3.0 such programs can

be blocked. In order to avoid blocking, configure rules excluding such programs from scan.

Exclusion rules are sets of conditions that Kaspersky PURE 3.0 uses to verify if it can skip an

object during the scan. In all other cases an object will be scanned by protection components

according to the protection settings configured for them.

Exclusion rules of trusted zone can be used by some application components. For example, by

File Anti-Virus, Mail Anti-Virus, Web Anti-Virus, and during scan for viruses tasks.

Creating the list of trusted applications

By default, Kaspersky PURE 3.0 scans objects opened, started or saved by any system process

as well as controls activity of all programs and the created network traffic. Upon adding

applications to the list of trusted applications, Kaspersky PURE 3.0 excludes them from scan.

In order to add a program to the list of trusted, perform the following actions:

1. In the upper part of the Settings window select Protection and then select Threats

and Exclusions.

2. In the right part of the window in the Exclusions section, click the Settings button.


3. In the open window on the Trusted applications tab click the Add link to open the

menu. In the menu select one of the items:

► Browse. Selecting this item opens the standard browse window. In this window, you can

select the executable file of an application. Once an application is selected, the

Exclusions for application window will open.

► Applications. Selecting this item opens the Select application window with a list of

applications currently running. You can select the required application from the list. Once

an application is selected, the Exclusions for application window will open.


4. In the opened window Exclusions for application check the boxes for activities

which should not be monitored.

You can modify the program scan settings or delete the program from the list using the

corresponding links in the lower part of the list. In order to exclude a program from the list without

deletion, clear the box next to the program name.


Creating exclusion rules

If you use in your work programs classified by Kaspersky PURE 3.0 as illegal and which can be

used by cyber criminals to harm either your computer or user’s data, you are recommended to

configure exclusion rules for such programs.

Exclusion rules are sets of conditions that Kaspersky PURE 3.0 uses to verify if it can skip an

object during the scan.

In Kaspersky PURE 3.0 you can create exclusion rules only for the following components:

► File Anti-Virus;

► Mail Anti-Virus;

► Web Anti-Virus;

► Application Control;

► Scan;

► System Watcher.

Exclusion rules allow adding exclusions by:

► Object - exclusion of a certain object, directory, or files that match a certain mask / format

from scans.

► Threat type - exclude objects according the Virus Encyclopedia threat type

classification.

The following parameters can be configured/ modified for the Object type:

► Define file, folder or mask excluded from scan;

► Define exclusions for subfolders, if a definite folder is given as an exclusion;

► Define component(s) and tasks for which the exclusion will work.

For the Threat type you can define the name / mask of the threat type classification according to

the Kaspersky Lab Virus Encyclopedia.

You can also define component(s) and tasks for which the exclusion will work.

In order to create an exclusion rule, perform the following actions:


1. In the upper part of the Settings window under Protection select Threats and Exclusions.

1. In the right part of the window in the Exclusions section click the Settings button.

2. In the open window on the Exclusion rules tab, click the Add link.

3. In the Exclusion rule window specify the rule’s properties by checking the boxes in the

Properties section:

► File or folder;

► Object name.

4. In the Rule description section click the select file or folder link.

5. In the File or folder window click the Browse button and select the file for which you are

creating the rule. Select the necessary folder with the file or enter the full path to the file.


6. Check the option Include subfolders if the rule is created for more than one file.

7. In the File or folder window, click OK.

8. If in the Properties section you selected Object name, then the Object name option will be

displayed in the Rule description section. Click the enter object name link.

9. In the Object name type window, enter the classification type according to the Virus

Encyclopedia.

10. In the Object name window, click OK.

11. In the Exclusion rule window in the Rule description section in the Protection

components string click the specified: select components link.


12. In the Protection components window, define the components for which the exclusion rule

will be applied.

13. Click OK.

14. In the Exclusion rule window, click the OK button.

15. In the Trusted zone window click the OK button.

16. In the bottom right corner of the Settings window click the Apply button.


Settings. Scan

General settings

Background scan

Kaspersky PURE 3.0 allows you to start scan tasks (scan of the system memory, system

partition, and startup objects) and automatic update of anti-virus databases when your computer

is idle or when screensaver is enabled.

In order to configure background scan, perform the following actions:

1. In the application settings window select Scan.

2. In the left menu select General Settings.

3. In the Background scanning section, check Perform Idle Scan and Perform regular

rootkit scan, if necessary.

If your computer works from a battery, Kaspersky PURE 3.0 does not perform tasks while the

computer is idle.

A click upon the icon , takes you to the Kaspersky Lab Technical Support site, to the page

with an article which describes how to enable scan task while your computer is idle.

Scanning removable drives on connection


Nowadays, malicious objects using operating systems' vulnerabilities to replicate via networks

and removable media have become increasingly widespread. Kaspersky PURE 3.0 allows to

scan removable drives when connecting them to the computer.

To configure scanning of removable media at connection, perform the following actions:

1. In the application settings window select Scan.

2. In the left menu select General Settings.

3. In the Scan removable drives on connection section select an action and define the

maximum size of a drive to scan, if necessary.

4. In the Settings window click the Apply button.

Starting scan using a shortcut

You can start full scan, critical areas scan and vulnerabilities scan tasks using a shortcut. A

shortcut allows to start a scan task without opening an application window. To create a shortcut

for a scan task, perform the following actions:

1. In the application settings window select Scan.

2. In the left menu select General Settings.

3. In the right part of the window in the Quick tasks section click the Create shortcut

button next to the required task: Full Scan, Critical Areas Scan, Vulnerability Scan.


4. In the Save as window specify the path for saving the shortcut and its name. By default,

the shortcut is created with the name of the task in the Desktop folder of the current

computer user.

5. In the Settings window click the OK button.

6. On the Desktop find the created shortcut and double-click it to start a task.


Full Scan

Security levels

A security level is a set of predefined scan settings.

To select a security level, perform the following actions:

1. In the application settings window select Scan.

2. In the menu select the required task - Full Scan.

3. For the selected task in the Security level section select the required security level.

4. In the Settings window click the Apply button.

Kaspersky Lab specialists distinguish three security levels. You can set one of the following

security levels:

► High. Use this level is the probability of computer infection is very high;

► Recommended. This is the optimal level for most cases and is recommended by

Kaspersky Lab;

► Low. If you are using applications requiring considerable RAM resources, select the Low

security level because the list of files under scan is reduced on this level.

If none of the predefined security levels satisfies your needs, configure scan settings on your

own. As a result of your actions the security level changes to Custom.

When configuring scan task settings, you can always restore the recommended ones. They are

considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended

security level.

To restore the default scan settings, perform the following actions:

1. For the selected scan task in the Settings window in the Security level section click the

Default button.

2. In the Settings window click the Apply button.


Modifying type of scanned objects

You can define on your own files of what format and size should be scanned during a selected

scan task.

To change the type of scanned objects, perform the following actions:

1. For the selected task in the Security level section click the Settings button.


2. On the Scope tab in the File types section select the required variant.

► All files. Kaspersky PURE 3.0 scans files of all formats and extensions.

► Files scanned by format. If you select this option, Kaspersky PURE 3.0 only scans

potentially infectious files – i.e. files into which a virus may penetrate. Before


searching for viruses an inner header of an object is analyzed for the file format (txt,

doc, exe and etc). The file extension is also considered during scan.

► Files scanned by extension. In this case, Kaspersky PURE 3.0 only scans

potentially infectious files – i.e. files into which a virus may penetrate. At this, the file

format is defined by its extension.

Files without extensions are always scanned!

When selecting file types please remember the following:

► Probability of penetration of malicious code into several file formats (such as

.txt) and its further activation is quite low. At the same time, there are formats

that contain or may contain an executable code (such as .exe, .dll, .doc). The

risk of penetrating and activating malicious code in such files is quite high.

► The intruder can send a virus to your computer in an executable file renamed as

txt file. If you have selected the scan of files by extension, such a file is skipped

by the scan. If the scan of files by format is selected, then, regardless of the

extension, File Anti-Virus will analyze the file header, and reveal that the file is

an .exe file. Such a file would be thoroughly scanned for viruses.

3. Click OK.

4. In the Settings window click the Apply button.

Scan optimization

You can shorten the scan time and speed up Kaspersky PURE 3.0. This can be achieved by

scanning only new files and those files that have altered since the last time they were scanned.

This mode applies both to simple and compound files.

You can also set a restriction on scan duration for an object. When the specified time interval

expires, the object will be excluded from the current scan (except for archives and files comprised

of several objects).

To optimize scan, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the Scan optimization section set the required settings:

► To scan only new and changed files, check the Scan only new and changed files

box;

► To set restriction on scan duration for one object, check the Skip objects scanned

longer than box and specify scan duration for one object.


3. Click the OK button.

4. In the Settings window click the Apply button.

Scan of compound files

A common method of concealing viruses is to embed them into compound files: archives,

databases, etc. To detect viruses that are hidden this way a compound file should be unpacked,

which can significantly lower the scan speed.

To modify the list of scanned compound files, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the Scan of compound files section select types of the scanned

compound files.


For each type of compound file, you can select to scan either all files or only new ones. To make

your selection, click the link next to the name of the object. It changes its value when you leftclick

it.

If you select the scan new and changed files only scan mode, you will not be able to select the

links allowing you to scan all or new only files.


You can restrict the maximum size of the compound file being scanned. Compound files larger

than the specified value will not be scanned. For this in the Scan of compound files section,

click the Additional button. In the Compound files window check the Do not unpack large

compound files box and specify the maximum size of scanned files.

3. Click the OK button.

4. In the Settings window click the Apply button.

When large files are extracted from archives, they will be scanned even if the Do not unpack

large compound files box is checked.

Selecting scan method

Kaspersky PURE 3.0 uses various scan methods:

► Signature analysis. When performing signature analysis, Kaspersky PURE 3.0 uses

databases that contain descriptions of known threats and ways of neutralizing them.

Protection using signature analysis provides a minimal level of security.

► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose

operations allow to draw a conclusion about the nature of a file with a certain probability.

The advantage of the method is that new threats are detected even before they are known

to virus analysts.

Additionally you can set the detail level for scans: light scan, medium scan, or deep scan.

► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating

system. These tools penetrate the system and mask their presence and the presence of

processes, folders, registry keys of other malicious programs, described in the rootkit

configuration.

If you are scanning for viruses, you can enable the deep scan for rootkits by checking

the Detailed scan box, which will scan carefully for these programs by analyzing a large

number of various objects. These checkboxes are deselected by default, since this mode

requires significant operating system resources.

The Signature analysis method is always enabled. To enhance the scan efficiency you can

enable other scan methods. For this, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Additional tab in the Scan methods select the necessary scan methods.

3. Click the OK button.


4. In the Settings window click the Apply button.

Selecting scan technology

In addition to the scan methods you can use special technologies:

► iChecker is a technology that increases scan speed by excluding certain objects from the

scan. An object is excluded from the scan with a special algorithm that uses the release

date of Computer Protection databases, the date of the object's last scan, and any

changes in the scan settings.

There are limitations to iChecker: it does not work with large files and applies only to the

objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,

.inf, .sys, .com, .chm, .zip, .rar).

► iSwift is a technology that builds on iChecker technology for computers using NTFS.

There are limitations to iSwift: it is bound to a specific file's location in the file system and

can apply only to objects in NTFS.

The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the

files that have not been modified since they were last scanned. By default, both technologies are

used. To change the set of scan technologies, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Additional tab in the Scan technologies section select the required values.


3. Click the OK button.

4. In the Settings window click the Apply button.

Creating scan schedule

In Kaspersky PURE 3.0 you can choose whether to start the full scan task manually or by

schedule (automatically).

If you select the Manually variant, then you can start the task at any time convenient for you. The

scan process takes some time to be completed and you cannot use some applications installed

on your computer during the scan process.

Selecting the By schedule variant allows to configure the automatic start of the full scan task. If

you select this variant, you can set the scan task frequency. In the schedule settings you can

select one of the following frequencies: minutes, hours, days, every week, at a specified time,

every month, after application startup, after every update.

For every frequency you can specify the interval. For example, if you select Every month you

can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).

To protect your computer, it would be optimal to perform full computer scan not less than one

time a week.

In order to schedule a scan task, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Run mode tab in the Schedule section select the required values.

3. Select By schedule and create a task launch schedule with the frequency and a definite

time interval to start a scan task.


You can configure the program to automatically start a skipped scan task as soon as it becomes

possible. For example, the computer was not on at that time when a full scan task was

scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the

Schedule section check the Run skipped tasks box.

Scheduled tasks feature additional functionality, for example, you can pause scheduled scan

when screensaver is inactive or computer is unlocked. This functionality postpones the task

launch until the user has finished working on the computer. So, the scan task will not take up

system resources during the work.

4. Click the OK button.

5. In the Settings window click the Apply button.

Starting scan under a different account

By default scan tasks are started under an account you registered in the system. If your account

does not have enough rights, you can specify a different account under whose rights each scan

task will be started.

To specify an account, perform the following steps:

1. In the top part of the Settings window select Scan.

2. In the left menu select Full Scan.

3. In the right part of the window click the Run mode button.

4. On the Run mode tab in the User account section check the Run task as box. In the

fields below specify the user name and password.


5. Click the OK button.

6. In the Settings window click the Apply button.


Actions over detected treats

If infected or potentially infectious objects are detected, the application performs the specified

action. Depending on your current preferences you can configure virus scan settings or allow the

program to select an action.

Default actions

By default program chooses the actions on detected objects itself.

If as a result of scan the program failed to define whether the object is infected or not, the object

is quarantined.

If an object gets an infected status, the application will try to disinfect such object. If disinfection

fails, such object will be deleted.

Before an object disinfection or deletion Kaspersky PURE 3.0 creates its backup copy in case

you want to restore the object or the application can neutralize the threat.

Actions defined by the user

You can also define an action to be performed for detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


If the Disinfect objects if possible variant is selected, the program functions the following way:

If the object can be disinfected, it will be disinfected and will return to the user.

If as a result of scan the program failed to define whether the object is infected or not, the

object is quarantined. If the option to scan quarantined files after each database update is

enabled, then when a new disinfection signature is received the quarantined object can

be disinfected and returned to the user.

If the status of a virus is assigned to the object and its disinfection is impossible, the object

is blocked and is added to the report about detected threats.

You can select only the Delete variant, but in this case all objects will be deleted, even if they

could be available for the user after disinfection.


Kaspersky Lab specialists recommend to select the following actions for the detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


In this case the program performs the following actions over an object:

Disinfect, if disinfection is possible. After disinfection you can continue your work with

the object.

Quarantine, if the program failed to define if the object is infected or not. If the option to

scan quarantined files after each database update is enabled, then when a new

disinfection signature is received the quarantined object can be disinfected and returned to

the user.

Delete, if the virus status is assigned to the object and its disinfection is impossible.

Actions for every detected object

You can also specify actions for every detected object individually. For this enable Kaspersky

PURE 3.0 interactive mode:

1. In the top part of the Settings window select the Protection section.

2. In the left menu select General Settings.

3. In the Interactive protection section, uncheck the Select action automatically box.

4. Click the Apply button.


Interactive mode can only be enabled for the whole program. When the mode is enabled you

will have to select an action for every object detected by any Kaspersky PURE 3.0 component.

To specify an action over detected threats, perform the following actions:

1. In the top part of the Settings window select the Scan section.

2. In the left menu select the required task.

3. For the selected task in the Action on threat detection section specify the necessary

action:

► Prompt when the scan is complete;

► Prompt on detection;

► Select action:

Disinfect objects if possible;

Delete if disinfection fails.


4. In the Settings window click the Apply button.

If the Select action option is enabled but no action is chosen, the application will block

dangerous objects and quarantine them notifying the user about the quarantined objects.


The Delete, if disinfection fails options appears only if the Disinfect objects if possible box is

checked.


Run mode and scan scope

Run mode

In Kaspersky PURE 3.0 you can choose whether to start the full scan task manually or by

schedule (automatically).

If you select the Manually variant, then you can start the task at any time convenient for you. The

scan process takes some time to be completed and you cannot use some applications installed

on your computer during the scan process.

Selecting the By schedule variant allows to configure the automatic start of the full scan task. If

you select this variant, you can set the scan task frequency. In the schedule settings you can

select one of the following frequencies: minutes, hours, days, every week, at a specified time,

every month, after application startup, after every update.

For every frequency you can specify the interval. For example, if you select Every month you

can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).

To protect your computer, it would be optimal to perform full computer scan not less than one

time a week.

In order to schedule a scan task, perform the following actions:

1. In the right part of the settings window of the selected task in the Run mode and scan

scope section click the Run mode button.

2. On the Run mode tab in the Schedule section select the necessary values.

3. Select By schedule and create a task launch schedule with the frequency and a definite

time interval to start a scan task.


You can configure the program to automatically start a skipped scan task as soon as it becomes

possible. For example, the computer was not on at that time when a full scan task was

scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the

Schedule section check the Run skipped tasks box.

Scheduled tasks feature additional functionality, for example, you can pause scheduled scan

when screensaver is inactive or computer is unlocked. This functionality postpones the task

launch until the user has finished working on the computer. So, the scan task will not take up

system resources during the work.

4. Click the OK button.

5. In the Settings window click the Apply button.

Creating list of objects to scan

You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For

example, if you do not want to scan the whole system and all applications installed on your

computer you can create your own list of applications, network and logical drives to scan.

In order to add, modify or delete objects from the scan scope, perform the following actions:

1. In the right part of the settings window of the selected task in the Run mode and scan

scope section click the Scan scope button.

2. In the Scan scope window you can modify the list of objects to scan. To add a new

object, click the Submit link, to change or delete an existing object – Edit or Delete

correspondingly.


Note, that objects which appear in the list by default (System Memory, Startup Objects,

Disk boot sectors, System Backup Storage, My email, All hard drives, All removable

drives and All network drives) cannot be edited or deleted.

3. You can also enable scan of subfolders. For this, in the Select object to scan window

check the Include subfolders box, when adding or editing an object.

4. In the lower part of the Select object to scan window click the OK button.

5. In the Settings window click the OK button.


Critical Areas Scan

Security levels

A security level is a set of predefined scan settings.

Kaspersky Lab specialists distinguish three security levels. You can set one of the following

security levels:

► High. Use this level is the probability of computer infection is very high;

► Recommended. This is the optimal level for most cases and is recommended by

Kaspersky Lab;

► Low. If you are using applications requiring considerable RAM resources, select the Low

security level because the list of files under scan is reduced on this level.

To select a security level, perform the following actions:

1. In the left part of the Settings window select the Scan section.

2. In the menu select the required task - Critical Areas Scan.

3. For the selected task in the Security level section select the required security level.

4. In the Settings window click the Apply button.

If none of the predefined security levels satisfies your needs, configure scan settings on your

own. As a result of your actions the security level changes to Custom.

When configuring scan task settings, you can always restore the recommended ones. They are

considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended

security level.

To restore the default scan settings, perform the following actions:


1. For the selected scan task in the Settings window in the Security level section click the

Default level button.

2. In the Settings window click the Apply button.

Modifying type of scanned objects

You can define files of what format and size should be scanned by the selected scan task.

To change the type of scanned objects, perform the following actions:

1. For the selected task in the Security level section click the Settings button.


2. On the Scope tab in the File types section select the required variant.


► All files. Kaspersky PURE 3.0 scans files of all formats and extensions.

► Files scanned by format. If you select this option, Kaspersky PURE 3.0 only scans

potentially infectious files – i.e. files into which a virus may penetrate. Before

searching for viruses an inner header of an object is analyzed for the file format (txt,

doc, exe and etc). the file extension is also considered during scan.

► Files scanned by extension. In this case, Kaspersky PURE only scans potentially

infectious files – i.e. files into which a virus may penetrate. At this, the file format is

defined by its extension.

Files without extensions are always scanned!

When selecting file types please remember the following:

► Probability of penetration of malicious code into some file formats (such as

.txt) and its further activation is quite low. At the same time, there are formats

that contain or may contain an executable code (such as .exe, .dll, .doc). The

risk of penetrating and activating malicious code in such files is quite high.

► The intruder can send a virus to your computer in an executable file renamed

as txt file. If you have selected the scan of files by extension, such a file is

skipped by the scan. If the scan of files by format is selected, then, regardless

of the extension, File Anti-Virus will analyze the file header, and reveal that the

file is an .exe file. Such a file would be thoroughly scanned for viruses.

3. Click the OK button.

4. In the Settings window click the Apply button.

Scan optimization

You can shorten the scan time and speed up Kaspersky PURE 3.0. This can be achieved by

scanning only new files and those files that have altered since the last time they were scanned.

This mode applies both to simple and compound files.

You can also set a restriction on scan duration for an object. When the specified time interval

expires, the object will be excluded from the current scan (except for archives and files comprised

of several objects).

To optimize scan, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the Scan optimization section set the required settings:

► To scan only new and changed files, check the Scan only new and changed files

box;

► To set restriction on scan duration for one object, check the Skip objects scanned

longer than box and specify scan duration for one object.


3. Click the OK button.

4. In the Settings window click the Apply button.

Scan of compound files

A common method of concealing viruses is to embed them into compound files: archives,

databases, etc. To detect viruses that are hidden this way a compound file should be unpacked,

which can significantly lower the scan speed.

To modify the list of scanned compound files, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the Scan of compound files section select types of the scanned

compound files.


For each type of compound file, you can select to scan either all files or only new ones. To make

your selection, click the link next to the name of the object. It changes its value when you leftclick

it.

If you select the scan new and changed files only scan mode, you will not be able to select the

links allowing you to scan all or new only files.


You can restrict the maximum size of the compound file being scanned. Compound files larger

than the specified value will not be scanned. For this in the Scan of compound files section,

click the Additional button. In the Compound files window check the Do not unpack large

compound files box and specify the maximum size of scanned files.

3. Click the OK button.

4. In the Settings window click the Apply button.

When large files are extracted from archives, they will be scanned even if the Do not unpack

large compound files box is checked.

Selecting scan method

Kaspersky PURE 3.0 uses various scan methods:

► Signature analysis. When performing signature analysis, Kaspersky PURE 3.0 uses

databases that contain descriptions of known threats and ways of neutralizing them.

Protection using signature analysis provides a minimal level of security.

► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose

operations allow to draw a conclusion about the nature of a file with a certain probability.


The advantage of the method is that new threats are detected even before they are known

to virus analysts.

Additionally you can set the detail level for scans: light scan, medium scan, or deep scan.

► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating

system. These tools penetrate the system and mask their presence and the presence of

processes, folders, registry keys of other malicious programs, described in the rootkit

configuration.

If you are scanning for viruses, you can enable the deep scan for rootkits by checking

the Detailed scan box, which will scan carefully for these programs by analyzing a large

number of various objects. These checkboxes are deselected by default, since this mode

requires significant operating system resources.

The Signature analysis method is always enabled. To enhance the scan efficiency you can

enable other scan methods. For this, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Additional tab in the Scan methods select the necessary scan methods.

3. Click the OK button.

4. In the Settings window click the Apply button.

Selecting scan technology

In addition to the scan methods you can use special technologies:

► iChecker is a technology that increases scan speed by excluding certain objects from the

scan. An object is excluded from the scan with a special algorithm that uses the release

date of Kaspersky PURE databases, the date of the object's last scan, and any changes in

the scan settings.


There are limitations to iChecker: it does not work with large files and applies only to the

objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,

.inf, .sys, .com, .chm, .zip, .rar).

► iSwift is a technology that builds on iChecker technology for computers using NTFS.

There are limitations to iSwift: it is bound to a specific file's location in the file system and

can apply only to objects in NTFS.

The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the

files that have not been modified since they were last scanned. By default, both technologies are

used. To change the set of scan technologies, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Additional tab in the Scan technologies section select the required values.

3. Click the OK button.

4. In the Settings window click the Apply button.

Creating scan schedule

In Kaspersky PURE 3.0 you can choose whether to start the vulnerability scan task manually or

by schedule (automatically).

If you select the Manually variant, then you can start the task at any time convenient for you. The

scan process takes some time to be completed and you cannot use some applications installed

on your computer during the scan process.

Selecting the By schedule variant allows to configure the automatic start of the vulnerability scan

task. If you select this variant, you can set the vulnerability scan task frequency. In the schedule

settings you can select one of the following frequencies: minutes, hours, days, every week, at

a specified time, every month, after application startup, after every update.

For every frequency you can specify the interval. For example, if you select Every month you

can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).

To protect your computer, it would be optimal to perform full computer scan not less than one

time a week.


In order to schedule a scan task, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Run mode tab in the Schedule section select the necessary values.

3. If you select By schedule, create a task launch schedule with the frequency and a

definite time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes

possible. For example, the computer was not on at that time when a full scan task was

scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the

Schedule section check the Run skipped tasks box.

Scheduled tasks feature additional functionality, for example, you can pause scheduled scan

when screensaver is inactive or computer is unlocked. This functionality postpones the task

launch until the user has finished working on the computer. So, the scan task will not take up

system resources during the work.

4. Click the OK button.

5. In the Settings window click the Apply button.

Starting Critical Areas Scan under a different account

By default critical areas scan tasks are started under an account you registered in the system. If

your account does not have enough rights, you can specify a different account under whose

rights each scan task will be started. To specify an account, perform the following steps:

1. In the top part of the Settings window select the Scan section.

2. In the left menu select Critical Areas Scan.

3. In the right part of the window click the Run mode button.

4. On the Run mode tab in the User account section check the Run task as checkbox.

Enter the user name and password in the fields below.


5. Click the OK button.

6. In the Settings window click the Apply button.


Actions upon threat detection

If infected or potentially infectious objects are detected, the application performs the specified

action. Depending on your current preferences you can configure virus scan settings or allow the

program to select an action.

Default actions

By default, the application defines an action upon a detected object on its own. If in the result of

scan the application failed to define whether the object is infected or not, such object is placed to

quarantine.

If an object gets an infected status, the application will try to disinfect such object. If disinfection

fails, such object will be deleted.

Before an object disinfection or deletion Kaspersky PURE 3.0 creates its backup copy in case

you want to restore the object or the application can neutralize the threat.

Actions defined by the user

You can also define an action to be performed for detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


If the Disinfect objects if possible variant is selected, the program functions the following way:

If the object can be disinfected, it will be disinfected and will return to the user.

If as a result of scan the program failed to define whether the object is infected or not, the

object is quarantined. If the option to scan quarantined files after each database

update is enabled, then when a new disinfection signature is received the quarantined

object can be disinfected and returned to the user.

If the status of a virus is assigned to the object and its disinfection is impossible, the object

is blocked and is added to the report about detected threats.

You can select only the Delete variant, but in this case all objects will be deleted, even if they

could be available for the user after disinfection.


Kaspersky Lab specialists recommend to select the following actions for the detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


In this case the program performs the following actions over an object:

Disinfect, if disinfection is possible. After disinfection you can continue your work with the

object.

Quarantine, if the program failed to define if the object is infected or not. If the option to

scan quarantined files after each database update is enabled, then when a new

disinfection signature is received the quarantined object can be disinfected and returned to

the user.

Delete, if the virus status is assigned to the object and its disinfection is impossible.

Actions specified for every detected object

You can also specify actions for every detected object individually. For this, enable Kaspersky

PURE 3.0 interactive mode:

1. In the top part of the Settings window select the Protection section.

2. In the left menu select General Settings.

3. In the Interactive protection section, uncheck the Select action automatically box.

4. Click the Apply button.


Interactive mode can only be enabled for the whole program. When the mode is enabled you

will have to select an action for every object detected by any Kaspersky PURE 3.0 component.

To specify an action over detected threats, perform the following actions:

1. In the top part of the Settings window select the Scan section.

2. In the menu select the necessary task.

3. For the selected task in the Action on threat detection section specify the necessary

action:

► Prompt when the scan is complete;

► Prompt on detection;

► Select action:

Disinfect objects if possible;

Delete if disinfection fails.


4. In the Settings window click the Apply button.

If the Select action option is enabled but no action is chosen, the application will block

dangerous objects and quarantine them notifying the user about the quarantined objects.


The Delete, if disinfection fails option appears only if the Disinfect objects if possible box is

checked.


Run mode and scan scope

Run mode

In Kaspersky PURE 3.0 you can choose whether to start the full scan task manually or by

schedule (automatically).

If you select the Manually variant, then you can start the task at any time convenient for you. The

scan process takes some time to be completed and you cannot use some applications installed

on your computer during the scan process.

Selecting the By schedule variant allows to configure the automatic start of the full scan task. If

you select this variant, you can set the scan task frequency. In the schedule settings you can

select one of the following frequencies: minutes, hours, days, every week, at a specified time,

every month, after application startup, after every update.

For every frequency you can specify the interval. For example, if you select Every month you

can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).

To protect your computer, it would be optimal to perform full computer scan not less than one

time a week.

In order to schedule a scan task, perform the following actions:

1. In the right part of the settings window of the selected task in the Run mode and scan

scope section click the Run mode button.

2. On the Run mode tab in the Schedule section select the required value.

3. If you select By schedule, create a task launch schedule with the frequency and a

definite time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes

possible. For example, the computer was not on at that time when a full scan task was

scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the

Schedule section check the Run skipped tasks box.


Scheduled tasks feature additional functionality, for example, you can pause scheduled scan

when screensaver is inactive or computer is unlocked. This functionality postpones the task

launch until the user has finished working on the computer. So, the scan task will not take up

system resources during the work.

4. Click the OK button.

5. In the Settings window click the Apply button.

Creating a scan scope

You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For

example, if you do not want to scan the whole system and all applications installed on your

computer you can create your own list of applications, network and logical drives to scan.

In order to add, modify or delete objects from the scan scope, perform the following actions:

1. In the right part of the Settings window of the selected task in the Run mode and scan

scope section click the Scan scope button.

2. In the Scan scope window you can modify the list of objects to scan. To add a new

object, click the Submit link, to change or delete an existing object – Edit or Delete

correspondingly.


Note, that objects which appear in the list by default (System Memory, Startup Objects,

Disk boot sectors) cannot be edited or deleted.

3. You can also enable scan of subfolders. For this, in the Select object to scan window

check the Include subfolders box, when adding or editing an object.

4. In the lower part of the Select object to scan window click the OK button.

5. In the Settings window click the OK button.


Custom Scan

Security levels

A security level is a set of predefined scan settings.

Kaspersky Lab specialists distinguish three security levels. You can set one of the following

security levels:

► High. Use this level is the probability of computer infection is very high;

► Recommended. This is the optimal level for most cases and is recommended by

Kaspersky Lab;

► Low. If you are using applications requiring considerable RAM resources, select the Low

security level because the list of files under scan is reduced on this level.

To select a security level, perform the following actions:

1. In the left part of the Settings window select Scan.

2. In the menu select the required task - Custom Scan.

3. For the selected task in the Security level section select the required security level.

4. In the Settings window click the Apply button.

If none of the predefined security levels satisfies your needs, configure scan settings on your

own. As a result of your actions the security level changes to Custom.

When configuring scan task settings, you can always restore the recommended ones. They are

considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended

security level.

To restore the default scan settings, perform the following actions:

1. For the selected scan task in the Settings window in the Security level section click the

Default button.

2. In the Settings window click the Apply button.


Modifying type of scanned objects

You can define files of what format and size should be scanned by the selected scan task.

To change the type of scanned objects, perform the following actions:

1. For the selected task in the Security level section click the Settings button.


2. On the Scope tab in the File types section select the required variant.

► All files. Kaspersky PURE 3.0 scans files of all formats and extensions.

► Files scanned by format. If you select this option, Kaspersky PURE 3.0 only scans

potentially infectious files – i.e. files into which a virus may penetrate. Before searching


for viruses an inner header of an object is analyzed for the file format (txt, doc, exe and

etc). the file extension is also considered during scan.

► Files scanned by extension. In this case, Kaspersky PURE 3.0 only scans potentially

infectious files – i.e. files into which a virus may penetrate. At this, the file format is

defined by its extension.

Files without extensions are always scanned!

When selecting file types please remember the following:

► Probability of penetration of malicious code into several file formats (such as .txt)

and its further activation is quite low. At the same time, there are formats that

contain or may contain an executable code (such as .exe, .dll, .doc). The risk of

penetrating and activating malicious code in such files is quite high.

► The intruder can send a virus to your computer in an executable file renamed as txt

file. If you have selected the scan of files by extension, such a file is skipped by the

scan. If the scan of files by format is selected, then, regardless of the extension,

File Anti-Virus will analyze the file header, and reveal that the file is an .exe file.

Such a file would be thoroughly scanned for viruses.

3. Click the OK button.

4. In the Settings window click the Apply button.

Scan optimization

You can shorten the scan time and speed up Kaspersky PURE 3.0. This can be achieved by

scanning only new files and those files that have altered since the last time they were scanned.

This mode applies both to simple and compound files.

You can also set a restriction on scan duration for an object. When the specified time interval

expires, the object will be excluded from the current scan (except for archives and files comprised

of several objects).

To optimize scan, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the Scan optimization section set the required settings:

► To scan only new and changed files, check the Scan only new and changed files

box;

► To set restriction on scan duration for one object, check the Skip objects scanned

longer than box and specify scan duration for one object.


3. Click the OK button.

4. In the Settings window click the Apply button.

Scan of compound files

A common method of concealing viruses is to embed them into compound files: archives,

databases, etc. To detect viruses that are hidden this way a compound file should be unpacked,

which can significantly lower the scan speed.

To modify the list of scanned compound files, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the Scan of compound files section select types of the scanned

compound files.


For each type of compound file, you can select to scan either all files or only new ones. To make

your selection, click the link next to the name of the object. It changes its value when you leftclick

it.

If you select the scan new and changed files only scan mode, you will not be able to select the

links allowing you to scan all or new only files.


You can restrict the maximum size of the compound file being scanned. Compound files larger

than the specified value will not be scanned. For this in the Scan of compound files section,

click the Additional button. In the Compound files window check the Do not unpack large

compound files box and specify the maximum size of scanned files.

3. Click the OK button.

4. In the Settings window click the Apply button.

When large files are extracted from archives, they will be scanned even if the Do not unpack

large compound files box is checked.

Selecting scan method

Kaspersky PURE 3.0 uses various scan methods:

► Signature analysis. When performing signature analysis, Kaspersky PURE 3.0 uses

databases that contain descriptions of known threats and ways of neutralizing them.

Protection using signature analysis provides a minimal level of security.

► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose

operations allow to draw a conclusion about the nature of a file with a certain probability.

The advantage of the method is that new threats are detected even before they are known

to virus analysts.

Additionally you can set the detail level for scans: light scan, medium scan, or deep scan.

► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating

system. These tools penetrate the system and mask their presence and the presence of

processes, folders, registry keys of other malicious programs, described in the rootkit

configuration.

If you are scanning for viruses, you can enable the deep scan for rootkits by checking

the Detailed scan box, which will scan carefully for these programs by analyzing a large

number of various objects. These checkboxes are deselected by default, since this mode

requires significant operating system resources.

The Signature analysis method is always enabled. To enhance the scan efficiency you can

enable other scan methods. For this, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Additional tab in the Scan methods select the necessary scan methods.

3. Click the OK button.


4. In the Settings window click the Apply button.

Selecting scan technology

In addition to the scan methods you can use special technologies:

► iChecker is a technology that increases scan speed by excluding certain objects from the

scan. An object is excluded from the scan with a special algorithm that uses the release

date of Kaspersky PURE 3.0 databases, the date of the object's last scan, and any

changes in the scan settings.

There are limitations to iChecker: it does not work with large files and applies only to the

objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .tbtf,

.inf, .sys, .com, .chm, .zip, .rar).

► iSwift is a technology that builds on iChecker technology for computers using NTFS.

There are limitations to iSwift: it is bound to a specific file's location in the file system and

can apply only to objects in NTFS.

The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the

files that have not been modified since they were last scanned. By default, both technologies are

used.

To change the set of scan technologies, perform the following actions:

1. For the selected task in the Security level section click the Settings button.

2. On the Additional tab in the Scan technologies section select the required values.


3. Click the OK button.

4. In the Settings window click the Apply button.


Actions over detected threats

If infected or potentially infectious objects are detected, the application performs the specified

action. Depending on your current preferences you can configure virus scan settings or allow the

program to select an action.

Default actions

By default, the application defines an action upon a detected object on its own. If in the result of

scan the application failed to define whether the object is infected or not, such object is placed to

quarantine.

If an object gets an infected status, the application will try to disinfect such object. If disinfection

fails, such object will be deleted.

Before an object disinfection or deletion Kaspersky PURE 3.0 creates its backup copy in case

you want to restore the object or the application can neutralize the threat.

Actions defined by the user

You can also define an action to be performed for detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


If the Disinfect objects if possible variant is selected, the program functions the following way:

If the object can be disinfected, it will be disinfected and will return to the user.

If as a result of scan the program failed to define whether the object is infected or not, the

object is quarantined. If the option to scan quarantined files after each database update

is enabled, then when a new disinfection signature is received the quarantined object can

be disinfected and returned to the user.

If the status of a virus is assigned to the object and its disinfection is impossible, the object

is blocked and is added to the report about detected threats.

You can select only the Delete variant, but in this case all objects will be deleted, even if they

could be available for the user after disinfection.


Kaspersky Lab specialists recommend to select the following actions for the detected threats:

► Disinfect objects if possible;

► Delete if disinfection fails.


In this case the program performs the following actions over an object:

Disinfect, if disinfection is possible. After disinfection you can continue your work with

the object.

Quarantine, if the program failed to define if the object is infected or not. If the option to

scan quarantined files after each database update is enabled, then when a new

disinfection signature is received the quarantined object can be disinfected and returned to

the user.

Delete, if the virus status is assigned to the object and its disinfection is impossible.

Actions specified for every detected object

You can also specify actions for every detected object individually. For this enable Kaspersky

PURE 3.0 interactive mode:

1. In the top part of the Settings window select the Protection section.

2. In the left menu select General Settings.

3. In the Interactive protection section, uncheck the Select action automatically box.

4. Click the Apply button.


Interactive mode can only be enabled for the whole program. When the mode is enabled you

will have to select an action for every object detected by any Kaspersky PURE 3.0 component.

To specify an action over detected threats, perform the following actions:

1. In the top part of the Settings window select the Scan section.

2. In the left menu select the required task.

3. For the selected task in the Action on threat detection section specify the necessary

action:

► Prompt when the scan is complete;

► Prompt on detection;

► Select action:

Disinfect objects if possible;

Delete if disinfection fails.


4. In the Settings window click the Apply button.

If the Select action option is enabled but no action is chosen, the application will block

dangerous objects and quarantine them notifying the user about the quarantined objects.


The Delete, if disinfection fails option appears only if the Disinfect objects if possible box is

checked.


Vulnerability scan

Vulnerability scan performs the diagnostics of operating system and detects software features

that can be used by intruders to spread malicious objects and obtain access to personal

information.

Starting vulnerability scan with an existing shortcut

Vulnerability scan can be started:

► From the main application window (from the Protection section);

► Using an already existing shortcut.

To create a task shortcut, perform the following actions:

1. In the left menu select General Settings.

2. In the right part of the window in the Quick tasks section click the Create shortcut next

to the Vulnerability Scan task.

3. In the Save as window browse the path to save the shortcut and its name. By default the

shortcut is created with a name of a task on the Desktop of the current computer user.


4. Click the OK button.

A shortcut for vulnerability scan will appear in the specified location.

Run mode

In Kaspersky PURE 3.0 you can choose whether to start the vulnerability scan task manually or

by schedule (automatically).

If you select the Manually variant, then you can start the task at any time convenient for you. The

scan process takes some time to be completed and you cannot use some applications installed

on your computer during the scan process.

Selecting the By schedule variant allows to configure the automatic start of the vulnerability scan

task. If you select this variant, you can set the vulnerability scan task frequency. In the schedule

settings you can select one of the following frequencies: minutes, hours, days, every week, at

a specified time, every month, after application startup, after every update.

For every frequency you can specify the interval. For example, if you select Every month you

can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).

In order to schedule a scan task, perform the following actions:

1. In the top part of the Settings window select the Scan section.

2. In the left menu select Vulnerability Scan.

3. In the right part of the window click the Run mode button.


4. On the Run mode tab in the Schedule section select By schedule and create a task

launch schedule with the frequency and a definite time interval to start a scan task.


You can configure the program to automatically start a skipped scan task as soon as it becomes

possible. For example, the computer was not on at that time when a full scan task was

scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the

Schedule section check the Run skipped tasks box.

Scheduled tasks feature additional functionality, for example, you can Pause scheduled scan

when screensaver is inactive or computer is unlocked. This functionality postpones the task

launch until the user has finished working on the computer. So, the scan task will not take up

system resources during the work.

5. Click the OK button.

6. In the Settings window click the Apply button.

Starting vulnerability scan task under different account

By default scant tasks are started under an account you registered in the system. If your account

does not have enough rights, you can specify a different account under whose rights each scan

task will be started.

To specify an account, perform the following steps:

1. In the top part of the Settings window select the Scan section.

2. In the left menu select Vulnerability Scan.

3. In the right part of the window click the Run mode button.

4. On the Run mode tab in the User account section check the Run task as box. In

the fields below specify the user name and password.


5. Click the OK button.

6. In the Settings window click the Apply button.

Creating a scan scope for vulnerability scan

You can create your own list of objects for the Vulnerabilities Scan task.

By default, the applications already installed on the computer are selected as scan objects. You

cannot modify or delete an object from this list.

In order to add, modify or delete objects from the scan scope, perform the following actions:

1. In the top part of the Settings window select the Scan section.

2. In the left menu select Vulnerability Scan.

3. In the right part of the window click the Scan scope button.


4. In the Scan scope window you can change the list of scanned objects. To add a new

object, click the Submit link, to change or delete an existing object – Edit or Delete

correspondingly.

5. You can also enable scan of subfolders. For this, in the Select object to scan window

check the Include subfolders box, when adding or editing an object.


6. In the lower part of the Select object to scan window click the OK button.

7. In the Settings window click the Apply button.


Settings. Update

Update task’s run modes

In Kaspersky PURE 3.0 the update task can be launched using one of the following modes:

► Automatically. Kaspersky PURE 3.0 checks the update source for updates at specified

intervals. Scanning frequency can be increased during anti-virus outbreaks and decreased

when there are none. Having discovered new updates, the program downloads and

installs them on the computer.

► Manually. If you select this option, you will run Kaspersky PURE 3.0 updates on your own.

► By schedule (time interval changes depending on settings). Updates will run

automatically according to the schedule created.

In order to configure the update run mode, perform the following actions:

1. Open the program settings window.

2. In the top part of the window select Update and then select Update Settings.

3. In the right part of the window click the Run mode button.

4. In the Update window on the Run mode tab in the Schedule section select the required

update run mode.


If you have selected the By schedule variant and an update was skipped for any reason (for

example, the computer was not on at that time), you can configure the task to start automatically

as soon as it becomes possible. To do so, check the Run skipped tasks box.

You can also postpone automatic start of the task after the application startup. For this, in the

Postpone running after application startup for field specify the time. A scheduled task will be

run only when the specified time has expired after Kaspersky PURE 3.0 startup.

5. Click the OK button, to save the made changes.


Running update under different user account

By default, the update procedure is run under your system account. However, Kaspersky PURE

3.0 can update from a source for which you have no access rights (for example, from a network

folder containing updates) or authorized proxy user credentials. You can run Kaspersky PURE

3.0 updates on behalf of the user account that has such rights.

To start the update under a different user's account, perform the following actions:

1. Open the application settings window.

2. In the top part of the window select Update, and then select Update Settings.

3. In the right part of the window click the Run mode button.

4. In the Update window on the Run mode tab in the User account section check the Run

task as box. In the fields below specify the user name and password.

5. Click the OK button, to save the made changes.

Selecting an update source

Update source is a resource containing updates for databases and application modules of

Kaspersky PURE 3.0. Update sources can be HTTP or FTP servers, or local or network folders.

The main update sources are Kaspersky Lab update servers where database updates and

application module updates for all Kaspersky Lab products are stored.

If you do not have access to Kaspersky Lab update servers (for example, the access to the

Internet is restricted), you can call the Kaspersky Lab headquarters

(http://www.kaspersky.com/contacts) to request contact information of b partners who can

provide you with updates on removable media.

When ordering updates on removable drives, specify if you need updates for application

modules.


By default, the list of update sources contains only Kaspersky Lab update servers. If several

resources are selected as update sources, Kaspersky PURE 3.0 tries to connect to them