Course documentation - Kaspersky Lab

Kaspersky PURE 3.0
Training course documentation for
Kaspersky PURE 3.0

Contents
Glossary ..................................................................................................................................................... 6
CHAPTER 1. Introduction ........................................................................................................................... 8
What is Kaspersky PURE 3.0 .................................................................................................................. 8
Key functions and advantages ............................................................................................................. 8
What’s new in Kaspersky PURE 3.0 .................................................................................................... 8
Interface of Kaspersky PURE 3.0 .......................................................................................................... 11
Application icon in the Microsoft Windows taskbar notification area ................................................... 11
Main window of Kaspersky PURE 3.0 ................................................................................................ 16
Notification windows and pop-up messages ...................................................................................... 19
The program settings window ............................................................................................................ 20
Cloud Protection (Kaspersky Security Network service) .................................................................... 22
CHAPTER 2. Kaspersky PURE 3.0 vs other Kaspersky Lab products (PURE 2.0, KIS 2013, KAV 2013) . 26
CHAPTER 3. Installation of Kaspersky PURE 3.0 ..................................................................................... 30
System requirements for Kaspersky PURE 3.0 ..................................................................................... 30
Supported operating systems ............................................................................................................ 30
General requirements ........................................................................................................................ 30
Limitations ......................................................................................................................................... 31
Netbooks hardware requirements ...................................................................................................... 31
Uninstalling third-party software or earlier versions of Kaspersky Lab products..................................... 31
Removing third-party anti-virus software with Microsoft Windows means .......................................... 31
Removing third-party anti-virus software with special tools ................................................................ 35
List of applications incompatible with Kaspersky PURE 3.0 .................................................................. 36
Installation procedure of Kaspersky PURE 3.0 ...................................................................................... 36
Installation of Kaspersky PURE 3.0 if other Kaspersky Lab products are installed ................................ 39
FAQ ...................................................................................................................................................... 40
CHAPTER 4. License management and migration to new product version ............................................... 41
License management ............................................................................................................................ 41
About license agreement ................................................................................................................... 41
About license ..................................................................................................................................... 41
About activation code ........................................................................................................................ 42
Purchasing license after the product installation ................................................................................ 43
About activation procedure ................................................................................................................ 44
Viewing license information ............................................................................................................... 47
License renewal procedure ................................................................................................................ 50
Migration policy from Kaspersky Lab products to Kaspersky PURE 3.0 ................................................ 53

CHAPTER 5. Backup and Restore ........................................................................................................... 55
Creating a backup task .......................................................................................................................... 55
Selecting data category for backing up .............................................................................................. 55
Creating a backup storage ................................................................................................................. 73
Connecting earlier created storage .................................................................................................... 87
Recording restore utility ..................................................................................................................... 88
Password protection .......................................................................................................................... 90
Files storage settings ......................................................................................................................... 92
Configuring schedule of automatic backup run .................................................................................. 96
Summary ......................................................................................................................................... 101
Starting, editing and deleting backup tasks ......................................................................................... 103
Starting a backup task ..................................................................................................................... 103
Editing and deleting a backup task .................................................................................................. 106
Restoring data from backup ................................................................................................................ 107
Managing backup storages ................................................................................................................. 114
Viewing backup reports ....................................................................................................................... 124
CHAPTER 6. Computer protection ......................................................................................................... 127
Protection Center ................................................................................................................................ 128
Scan .................................................................................................................................................... 132
Scan for viruses ............................................................................................................................... 133
Starting scan for viruses .................................................................................................................. 133
Full Scan ......................................................................................................................................... 136
Critical Areas Scan .......................................................................................................................... 139
Custom Scan ................................................................................................................................... 141
Vulnerability Scan ............................................................................................................................... 146
Eliminating system vulnerabilities .................................................................................................... 148
Eliminating vulnerable applications .................................................................................................. 150
Update ................................................................................................................................................ 154
Quarantine .......................................................................................................................................... 156
What is Quarantine .......................................................................................................................... 156
Working with quarantined objects .................................................................................................... 157
Network Monitor .................................................................................................................................. 161
Network activity ............................................................................................................................... 163
Open ports ....................................................................................................................................... 166
Network traffic .................................................................................................................................. 168
Blocked computers .......................................................................................................................... 169
Applications Activity ............................................................................................................................ 170

Changing trusted group for an individual application ........................................................................ 172
Editing rules for an individual application ......................................................................................... 173
Reports ............................................................................................................................................... 174
CHAPTER 7. Parental Control ................................................................................................................ 178
Starting work with Parental Control ..................................................................................................... 178
Control levels ...................................................................................................................................... 181
Configuring Parental Control settings .................................................................................................. 185
Account settings .............................................................................................................................. 185
Control over computer usage ........................................................................................................... 188
Control over Internet usage ............................................................................................................. 193
Instant Messaging............................................................................................................................ 203
CHAPTER 8. Home Network Control ...................................................................................................... 215
Protecting access with an administrator password .............................................................................. 215
Searching computers .......................................................................................................................... 217
Configuring group update .................................................................................................................... 221
Group launch of update and virus scan ............................................................................................... 223
How to start group scan for viruses .................................................................................................. 223
How to start group update ................................................................................................................ 225
Detailed protection setting of networked computers ............................................................................ 226
Information ...................................................................................................................................... 227
Parental Control ............................................................................................................................... 228
Scan ................................................................................................................................................ 229
Update ............................................................................................................................................. 230
Backup ............................................................................................................................................ 234
CHAPTER 9. Additional Tools ................................................................................................................ 236
Browser Configuration ......................................................................................................................... 236
Running Browser Configuration Wizard ........................................................................................... 237
Rolling back wizard actions which resulted in problems when working on the Internet ..................... 241
Kaspersky Rescue Disk ...................................................................................................................... 243
Creating Kaspersky Rescue Disk ..................................................................................................... 243
Starting the computer from the rescue disk ...................................................................................... 254
Microsoft Windows Troubleshooting .................................................................................................... 256
What is Microsoft Windows Troubleshooting? .................................................................................. 256
Running Post-infection Microsoft Windows Troubleshooting Wizard ................................................ 256
File Shredder ...................................................................................................................................... 260
What is File Shredder? .................................................................................................................... 260
Data deletion methods ..................................................................................................................... 261

Permanent data deletion procedure ................................................................................................. 261
Erase Your Activities History (Privacy Cleaner Wizard) ....................................................................... 265
Unused Data Cleaner .......................................................................................................................... 269
CHAPTER 10. Safe Money ..................................................................................................................... 274
CHAPTER 11. Data Encryption .............................................................................................................. 281
Creating an encrypted container ......................................................................................................... 281
Encrypting data ................................................................................................................................... 285
Connecting an earlier created container .............................................................................................. 288
Decrypting data. Configuring container ............................................................................................... 290
Deleting container ............................................................................................................................... 296
CHAPTER 12. Password Manager ......................................................................................................... 298
What is Password Manager ................................................................................................................. 298
Main functions of Password Manager .................................................................................................. 299
Starting Password Manager ................................................................................................................ 300
Enabling password synchronization ................................................................................................. 300
Enabling password sync .................................................................................................................. 309
What is Master Password ................................................................................................................ 313
Creating Master Password ............................................................................................................... 313
If you forgot your master password .................................................................................................. 314
Locking/ unlocking passwords database .......................................................................................... 317
Caption button of Password Manager .............................................................................................. 320
Adding accounts to Password Manager .............................................................................................. 321
Adding website account to Passwords database ............................................................................. 321
Adding account for application to passwords database .................................................................... 327
Adding and using Identities .............................................................................................................. 335
Adding and using Notes ................................................................................................................... 342
Configuring Password Manager .......................................................................................................... 350
Virtual keyboard .................................................................................................................................. 362
Password Generator ........................................................................................................................... 365
What is Password Generator ........................................................................................................... 365
Creating password for account with Password Generator ................................................................ 365
CHAPTER 13. Advanced application settings ......................................................................................... 369
Settings. Protection ............................................................................................................................. 369
General protection settings .............................................................................................................. 370
Self-Defense .................................................................................................................................... 377
File Anti-Virus .................................................................................................................................. 380
Mail Anti-Virus ................................................................................................................................. 397

Web Anti-Virus ................................................................................................................................. 419
IM Anti-Virus .................................................................................................................................... 437
Application Control ........................................................................................................................... 441
System Watcher .............................................................................................................................. 467
Firewall ............................................................................................................................................ 475
Network Attack Blocker .................................................................................................................... 506
Anti-Spam ........................................................................................................................................ 510
Anti-Banner...................................................................................................................................... 526
Safe Money ..................................................................................................................................... 533
Secure Data Input ............................................................................................................................ 540
Threats and exclusions .................................................................................................................... 550
Settings. Scan ..................................................................................................................................... 560
General settings .............................................................................................................................. 560
Full Scan ......................................................................................................................................... 563
Critical Areas Scan .......................................................................................................................... 585
Custom Scan ................................................................................................................................... 606
Vulnerability scan............................................................................................................................. 622
Settings. Update .................................................................................................................................. 629
Update task’s run modes ................................................................................................................. 629
Running update under different user account .................................................................................. 631
Selecting an update source ............................................................................................................. 631
Proxy server settings ....................................................................................................................... 633
Notifications on updates or new versions releases........................................................................... 635
Settings. Password ............................................................................................................................. 636
Settings. Additional ............................................................................................................................. 637
Battery Saving ................................................................................................................................. 637
Compatability ........................................................................................ Error! Bookmark not defined.
Network ........................................................................................................................................... 640
Notifications ..................................................................................................................................... 644
Reports and Quarantine................................................................................................................... 648
Feedback ......................................................................................................................................... 652
Gaming Profile ................................................................................................................................. 654
View ................................................................................................................................................ 655
Manage Settings .............................................................................................................................. 657
Restoring default Kaspersky PURE 3.0 settings .................................................................................. 661

Glossary
KSN, Kaspersky Security Network is an infrastructure of online services that provides access
to the online Knowledge Base of Kaspersky Lab, which contains information about the reputation
of files, web resources, and software. Using data from the Kaspersky Security Network ensures a
faster response time for Kaspersky PURE 3.0 when encountering new types of threats, improves
performance of some protection components, and reduces the risk of false positives.
Phishing is a specific form of cybercrime. Phishing attacks are created the following way: the
criminal creates an almost 100 percent perfect replica of a chosen financial institution’s website,
then attempts to trick the user in to disclosing their personal details – username, password, PIN
etc. – via a form on the fake website, allowing the criminal to use the details to obtain money.
Script is a computer program or a part of a program (function), created to perform a specific
small task. Scripts are usually inserted as parts of web pages to provide extended web page
functionality and they are executed when the web page is loaded.
Network Attack is network activity aimed to perform some actions (mostly malicious) on the
remote computer.
POP3, SMTP, IMAP, MAPI and NNTP are network protocols designed to create, receive and
send E-mail.
TCP, UDP, ICMP, ICMPv6, IGMP, GRE are network protocols (sets of rules) designed for data
transfer on the network.
VLSM is Variable Length Subnet Mask.
FTP (File Transfer Protocol) is a protocol, designed to transfer files on the network.
HTTP is Hypertext Transfer Protocol.
HTTPS (Hypertext Transfer Protocol Secure) is an HTTP-protocol extension with encryption
support.
IMAP4 is a standard protocol designed to access E-mail.
SSL is a protocol designed for safe transfer (encryption) of data of other protocols (ex. POP3 or
IMAP).
ICMP-packet is a packet containing a report about an error or an exception occurred during data
transfer. ICMP-packet includes segments called Type and Code that contain info about type and
code of occurred error.
Classless InterDomain Routing, CIDR is a methodology of allocating IP addresses and routing
Internet Protocol packets without rigid class addressing. This methodology allows economical
use of finite amount of IP-addresses and therefore performance increase in Kaspersky PURE
3.0.
Databases — contain records about threats and network attacks, as well as methods used for
their disinfection. Protection components use them for searching for dangerous objects on a
computer and further disinfection.

Registry is a hierarchical database that stores configuration settings in most Microsoft Windows
OS.
Cookies are small text files with data created by a web server and stored on a user's computer.
They are sent to a web server each time a user accesses that server. Cookies are used for
authenticating (ex. login, password), remembering specific information about users, such as site
preferences, and for gathering statistic.
Every website matches its own cookie file.
Сompound file is a structured storage of files. Examples of compound files include archives and
OLE-objects. Often malefactors hide malicious objects by inserting them into compound files
(archives).
Rootkit is a program kit that hides the presence of malware in the system. Rootkits penetrate
into the system and hide their presence. Moreover rootkits can hide the presence of particular
processes, folders, files and registry keys.
Keylogger is a malicious program that tracks the sequence of keystrokes on the keyboard in
order to record a user’s personal information, such as passwords.
Clipboard is a software facility can be used for short-term data storage and/or data transfer
between documents or applications, via copy and paste operations.
Exploit is a program that contains data or an executable code that allow to use one or more
software vulnerabilities either on a local or remote computer with harmful intentions.

CHAPTER 1. Introduction
What is Kaspersky PURE 3.0
Kaspersky PURE 3.0 is an optimal solution for comprehensive protection of computers within
your home network.
Kaspersky PURE 3.0 ensures protection of your computer against all types of information threats
in real time, secures your personal data from loss and unauthorized use, protects children and
teenagers from threats related to computer and Internet usage, and manages the security of all
computers within your home network from any single computer.
Key functions and advantages
► Safe Money. A unique technology (similar to previous years’ Safe Run technology) that
provides additional layers of protection while using online banking and payment
systems, and while making online purchases.
► Automatic Exploit Prevention goes beyond scanning for vulnerabilities to also
analyzing and controlling the actions of programs, applications, etc. that have
vulnerabilities.
► Secure Keyboard protects personal data entered via a physical keyboard.
► Online Backup. Kaspersky PURE 3.0 integrates a useful new feature allowing backup
copies of files to be stored online free of charge. You can access the backup copies of
your files from any computer with an Internet connection.
► Password Sync. Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e.,
online), so you can synchronize them across all of your Windows machines. So, now,
from any of your PCs, you can access your Password Manager, and you’ll automatically
be logged into websites and applications.
► Windows 8 Compatibility. Kaspersky PURE 3.0 is fully compatible with Microsoft
Windows 8 and includes a set of features for delivering maximum PC protection within
this operating system: protection of apps developed for Microsoft’s new user interface,
and integration with the enhanced Windows Security Center and Early-Launch Anti-
Malware (ELAM) system support.
► Improved usability. The new version of product has an intuitive and easy-to-use
interface with rapid access to key features and management from the main window.
What’s new in Kaspersky PURE 3.0
► Safe Money technology is added. Kaspersky PURE 3.0 includes significantly improved
protection of financial operations via online banking and payment systems (e.g., PayPal,
WebMoney, etc.) and while shopping online.
► Automatic Exploit Prevention. The technology is designed to protect from malware
that exploits vulnerabilities in popular applications such as Adobe Reader, Internet
Explorer, and Firefox to try to gain control over the computer, steal your personal data,
etc.
► Password Sync. Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e.,
online), so you can synchronize them across all of your Windows machines. So, now,

from any of your PCs, you can access your Password Manager, and you’ll automatically
be logged into websites and applications.
► Online Backup. Kaspersky PURE 3.0 now integrates an online backup functionality,
allowing you to backup copies of files online for free.
► Kaspersky PURE 3.0 can be easily installed on Windows 8 machines. To ensure
the highest levels of protection, the product is fully integrated with the new operating
system, allowing for virus scanning of applications developed for the new user interface,
the use of the enhanced functionality of Windows Security Centre, etc.
► Kaspersky PURE 3.0 provides for the protection of apps developed for Microsoft’s
new user interface. The product will scan these apps for viruses. If an application is
infected, the product will remove the infected files and flag the infected application. It will
then be replaced by the system with a clean, fresh copy taken from the Windows Store.
► Reduced battery drain for laptops. Kaspersky PURE 3.0 reduces battery drain by
postponing resource-intensive tasks, thereby increasing the battery life of your laptop.
What’s improved in Kaspersky PURE 3.0:
► Kaspersky PURE 3.0 includes a feature for additional protection of personal data, even
when you are using a physical keyboard. If you open a bank or payment website or
insert a password on any web page, Secure Keyboard mode will activate automatically.
The product settings allow you to select other categories of sites where the Secure
Keyboard protection mode should be activated.
► A variety of features and modules of Kaspersky PURE 3.0 (URL Advisor, Anti-Banner,
Virtual Keyboard, Safe Money, etc.) support recent versions of the following web
browsers:
Internet Explorer 8, 9, 10
Mozilla Firefox 9.x-12.x
Google Chrome15.x-17.x
Opera 12.61
In these browser versions the product installs the appropriate plugins for a fast call-out of
Kaspersky PURE 3.0 features.
► To receive access to your personal information, cybercriminals often resort to fake
(phishing) sites. To make protection against visiting phishing websites much more
effective, Kaspersky PURE 3.0 integrates an enhanced updatable Anti-Phishing
module. In particular, heuristic analysis has been improved, which checks to see if a
URL has the characteristics typical of a phishing website.
► Built into browser toolbars, URL Advisor flags links to infected or fraudulent (phishing)
resources using a special color indicator within search engine results. To receive more
detailed information about a specific website, place the cursor over the colored indicator.
► File Advisor
You can check whether an application you have downloaded from the Internet is going
to harm your computer by simply right-clicking the file icon and selecting the context
menu option: ―Check reputation in KSN (Kaspersky Security Network)‖. You will

eceive detailed information about the file, including the level of trust assigned by other
users.
► Kaspersky PURE 3.0 now provides fast access to the Virtual Keyboard from web
browsers. When banking or payment sites are opened in the web browser, the Virtual
Keyboard’s quick launch element is automatically activated in the input field.
► Kaspersky PURE 3.0 is integrated with the enhanced functionality of the Windows
Security Center (WSC) in Windows 8. This means that the following can now be
performed directly from WSC: extending the license period, updating antivirus
databases, etc.
► Kaspersky PURE 3.0 fully supports Microsoft’s new Early-Launch Anti-Malware
(ELAM) technology. ELAM allows PURE 3.0 to launch itself before other third-party
software components. At the same time, Microsoft’s Measured Boot provides PURE 3.0
with the detailed information on all the Windows components launched during the boot
process. As a result, PURE 3.0 is able to detect and block complex malware, such as
rootkits, with more efficiency.
► Kaspersky PURE 3.0 is significantly optimized to reduce the impact on your computer’s
performance when performing the most common online user scenarios (running web
browsers and other programs, installing programs and using the Internet, etc).

Interface of Kaspersky PURE 3.0
The interface of the main application window in Kaspersky PURE 3.0 has been considerably
improved. The modern animated design eases perception of the information and allows to
simplify operational process of the product.
Now in the main window you can see all the necessary information about the computer protection
status, activity of the protection components, up-to-dateness of the anti-virus databases and the
license expiry date.
Let’s view the following main elements of Kaspersky PURE 3.0 in detail:
► Application icon in the Microsoft Windows taskbar notification area
► Main window of Kaspersky PURE 3.0
► Kaspersky Security Network (KSN) service
► Notification windows and pop-up messages
► Application settings window
Application icon in the Microsoft Windows taskbar notification area
Immediately after installation of Kaspersky PURE 3.0, the application icon appears in the
Microsoft Windows taskbar notification area.
In Microsoft Windows 7 the application icon is hidden by default, you can display the icon to work
with the application (see documentation to the operating system).

The icon performs the following functions:
► is an indicator of the application's operation;
► provides access to the context menu, the main application window and the news
window.
This icon serves as an indicator of the application's operation. It also indicates the protection
status and displays the basic functions currently being performed by the application:
scanning an email message;
scanning web traffic;
updating databases and application modules;
computer needs to be restarted to apply updates;
a failure occurred in the operation of an application component.
The icon is animated by default. You can disable the animation the following way:
1. Open the main application window and in top right corner of the window click the Settings
link.

2. In the top part of the Settings window select the Additional tab and the View subsection.
3. In the Icon in the taskbar notification area section uncheck the Animate taskbar icon
when executing tasks box.

4. Click the OK button, to save the made changes.
When the animation is disabled, the icon can take the following form:
(colored symbol) – all or certain protection components are activated;
(black-and-white symbol) – all protection components are disabled.
Using the icon, you can open the context menu and the main application window.
► To open the context menu, hover the cursor over the icon and right-click the area.
► To open the main application window, hover the cursor over the icon and left-click the
area.
Using the context menu, you can quickly take various actions on the application.

The Kaspersky PURE 3.0 menu contains the following items:
► Task Manager — opens the Task Manager window where you can view the list of scan
tasks which were performed or are being performed at the moment.
► Update — runs the update of application databases and modules.
► Tools — opens a submenu containing the following items:
Virtual Keyboard — displays the Virtual Keyboard.
Application Control — opens the Applications Activity window.
Network Monitor — opens the Network Monitor window.
► Kaspersky PURE 3.0 — opens the main program window.
► Enable Parental Control — enables/disables Parental Control for the current account.
► Pause protection — temporarily disables / enables real-time protection components.
This menu item does not affect the application's updates or the execution of virus scan.
► Settings — opens the application settings window.
► About — opens a window containing information about the application.
► Exit — closes Kaspersky PURE 3.0 (when this item is selected, the application is
unloaded from the computer’s RAM).
If a virus scan or update task is running at the moment that you open the context menu, its name
as well as its progress status (percentage complete) is displayed in the context menu. When you
select a menu item with the name of a task, you can switch to the main window with a report of
current task run results.

Main window of Kaspersky PURE 3.0
The main application window contains interface elements that provide access to all the main
features of the application.
You can open the main application window one of the following ways:
► By left-clicking the application icon in the Microsoft Windows taskbar notification area. In
Microsoft Windows 7 the application icon is hidden by default. You can display the
program icon to work with the program (see the documentation to the operating system).
► By selecting Kaspersky PURE 3.0 from the context menu of the application icon in the
Microsoft Window taskbar notification area.
The main window can be divided into three parts:

► The top part of the window provides information about the current protection status of
your computer.
Three protection statuses are predefined and each status is color-coded. Green color
means your protection is on the due level; yellow and red warn about various security
threats. Malicious programs, old program databases, some disabled components,
minimal protection settings and etc. refer to threats.
► The central part of the window allows quickly launch one of the computer scan types,
launch update of anti-virus databases, and go to the Backup, Parental Control and
Computer Protection modules. The Computer Protection module lets you quickly go to
the list of all protection components of Kaspersky PURE 3.0.
► The bottom part of the window allows to access additional program modules which
provide enhanced protection and optimize the system work:
Additional Tools – optimizes system work and offers tools for advanced protection of
your data.
Safe Money – a unique component that provides additional layers of protection while
using online banking and payment systems.

Home Network Control – remote management of Kaspersky PURE 3.0.
Data Encryption – prevents from unauthorized access to private information.
Password Manager – protects personal data, such as: passwords, user names, numbers
of internet pagers, contact data and etc.
When you select a module in the central or bottom part of the window, a window for the
corresponding module opens. You can return by clicking the Back button in the bottom right
corner of the window or by clicking the arrow in the upper left corner of the window.
You can also use the following buttons and links from the main program window:
► Settings – to open the application settings window.
► Help – to view the Kaspersky PURE 3.0 help system.
► My Kaspersky Account – to enter the user's personal account on the Technical
Support Service website.
► Support – to open the window containing information about the system and links to
Kaspersky Lab information resources (Technical Support Service website, forum).
► License – to go to Kaspersky PURE 3.0 activation and license renewal.

Notification windows and pop-up messages
Kaspersky PURE 3.0 notifies you of important events occurring during its operation using
notification windows and pop-up messages that appear over the application icon in the taskbar
notification area.
Notification windows are displayed by Kaspersky PURE 3.0 when various actions can be taken in
connection with an event: for example, if a malicious object is detected, you can block access to
it, delete it, or try to disinfect it. The application prompts you to select one of the available actions.
A notification window only disappears from the screen if you select one of the actions.

Pop-up messages are displayed by Kaspersky PURE 3.0 in order to inform you of events that do
not require you to select an action. Some pop-up messages contain links that you can use to take
an action offered by the application: for example, run a database update or initiate activation of
the application). Pop-up messages automatically disappear from the screen soon after they
appear.
Notifications and pop-up messages are divided into three types:
► Critical notifications – inform you of events that have a critical importance for the
computer's security, such as detection of a malicious object or a dangerous activity in
the system. Windows of critical notifications and pop-up messages are red-colored.
► Important notifications – inform you of events that are potentially important for the
computer's security, such as detection of a potentially infected object or a suspicious
activity in the system. Windows of important notifications and pop-up messages are
yellow-colored.
► Information notifications – inform you of events that do not have critical importance
for the computer's security. Windows of information notifications and pop-up messages
are green-colored.
To know how to configure notification settings, read the chapter Settings - Additional.
The program settings window

The Kaspersky PURE 3.0 settings window is designed for configuring the entire application and
separate protection components, scanning and update tasks.
To open the settings window, click the Settings link in the top part of the main application
window or select the Settings item from the application context menu in the Windows taskbar
notification area.
The program settings window consists of three parts.

► In the top left part of the window you can choose the section that should be configured;
► In the left part of the window you can choose the application component, task or another
item that should be configured;
► The right part of the window contains the controls that you can use to configure the item
selected in the left part of the window.
Cloud Protection (Kaspersky Security Network service)
To increase the efficiency of your computer's protection, Kaspersky PURE 3.0 uses data received
from users from all over the world. Kaspersky Security Network is designed for collecting those
data and thus provides Cloud protection.
Kaspersky Security Network (KSN) is a global service of the operative threat analysis that
unites millions of users all over the world.
When Kaspersky PURE 3.0 detects suspicious or not scanned data on a computer of a KSN
participant, it automatically sends such data to Kaspersky Lab where virus analysts analyze
potential threats round the clock and release protection updates for customers in real time.
User participation in Kaspersky Security Network enables Kaspersky Lab to gather real-time
information about the types and sources of new threats, develop methods to neutralize them, and
reduce the number of false positives. The more users participate in KSN, the safer cloud
protection is for all the participants.
Thus, Kaspersky Security Network allows the user to obtain:
► additional level of protection;
► operative data about applications reputation;
► operative data about sites reputation;

► on-the-fly response to appearance of new threats.
To know the current operational status of the Kaspersky Security Network service, perform the
following actions:
1. In the main application window click the Computer Protection button.
2. In the Computer Protection window click the Cloud protection button.
3. In the left part of the Cloud Protection Technology window you can see the current
service status – Connected\Disconnected. In the right part of the window you can view
the information received by the service for the time being. To get more information about
the cloud protection technology of Kaspersky Security Network (KSN), click the Read
more button.

User participation in Kaspersky Security Network allows Kaspersky Lab to operatively collect
information about types and sources of new threats, develop disinfection methods, and decrease
the number of false alerts.
No privacy data are collected, processed, or stored.
Participating in the Kaspersky Security Network is voluntary. You should decide whether to
participate when installing Kaspersky PURE 3.0; however, you can change your decision at any
time later.
To participate/ not participate in the Kaspersky Security Network service, perform the following
actions:
1. Open the application settings window by clicking the Settings button in the top right corner of
the main application window.
2. In the top part of the window select the Additional section.
3. Select the Feedback subsection.
4. In the right part of the window check/uncheck the I agree to participate in Kaspersky
Security Network box.

5. Click the OK button to save the changes.
Now you can check the reputation of a file with one mouse click. For this, right-click a file icon
and from the context menu select Check reputation in KSN.

CHAPTER 2. Kaspersky PURE 3.0 vs other Kaspersky Lab
products (PURE 2.0, KIS 2013, KAV 2013)
Kaspersky PURE 3.0 delivers the ultimate protection for PCs, identity, passwords, photos and
more. Plus, unique Safe Money technology ensures maximum security for your online financial
transactions. And PURE 3.0 is incredibly simple to use, allowing you to easily manage the
security of all the PCs in your home –from a single PC.
Use the table below to compare Kaspersky PURE 3.0 with Kaspersky PURE 2.0, as well as with
Kaspersky Internet Security 2013 (KIS 2013) and Kaspersky Anti-Virus 2013 (KAV 2013).
A greyed cell in the table means the described option is available in the product. A white cell
means the option is missing from the product.
Pay attention to new functionality and possibilities of Kaspersky PURE 3.0. For your convenience
they are red-framed and their short description is given below.
Real-Time Protection against all
known & emerging threats
Hybrid Protection combines the
power of the cloud & your PC
File Anti-Virus
Mail Anti-Virus
Web Anti-Virus
IM Anti-Virus
System Watcher
Network Attack Blocker
Anti-Spam Need to train Anti-
Spam
(use of ―cloud‖
technologies)
Anti-Banner
Application Control
Firewall
Parental Control
Kaspersky URL Advisor
Expanded compatibility of the
URL Advisor module with web
browsers
Block dangerous websites
Geo Filter
Trusted URLs
Check reputation in KSN
(Kaspersky Security Network)
Data collection on behavioral
patterns of programs
Browser Configuration Wizard
Kaspersky Rescue Disk
Post-infection Microsoft Windows
troubleshooting
KAV 2013 KIS 2013 PURE 2.0 PURE 3.0

Privacy Cleaner
Vulnerability Scan
Identity protection
Backup
Password Manager
Data Encryption
File Shredder
Unused Data Cleaner
Intellectual system of
downloading updates
Rollback of malware actions
Protection Center
Anti-Phishing
Safe Money
Quick launch of Virtual Keyboard
from entry fields
Automatic Exploit prevention
Online Backup
Password Sync
Compatibility with Windows 8

PURE 3.0 now includes the following new protection technologies:
1. Safe Money
Safe Money technology provides security during financial operations via online banking and
payment systems (e.g., PayPal, WebMoney, etc.) and while shopping online. How it works:
1. Verifies that the request goes to the genuine site of the bank or payment system (checked
against an updatable list of sites in the product).
2. Verifies the security certificate to avoid redirection to a fake website.
3. Scans the operating system for vulnerabilities critical for online banking.
4. Suggests opening the website in Safe Money mode to protect your personal data against
theft. When this mode is activated all the transferred data is specially protected from theft. To
show that the mode is active, a green frame appears around the browser window.
2. Secure Keyboard
Kaspersky PURE 3.0 includes a feature for additional protection of personal data from
keyloggers, even when you are using a physical keyboard. If you open a bank or payment
website or insert a password on any web page, Secure Keyboard mode will activate
automatically. The product settings allow you to select other categories of sites where the Secure
Keyboard protection mode should be activated, as well.
3. Automatic Exploit Prevention
It is common for malicious programs to exploit vulnerabilities in popular applications such as
Adobe Reader, Internet Explorer, and Firefox to try to gain control over the computer, steal your
personal data, etc. PURE 3.0 includes a new technology, Automatic Exploit Prevention, which
prevents and blocks such exploits.
Specifics include:
1. Control over the launch of executable files (including web browsers) if any vulnerabilities were
found, or from applications which are not intended for the launch of executable files (Microsoft
Word, Excel etc.).
2. If executable files are launched, their activities are checked for any signs of exploit behavior.
3. Control of any activities performed by an application where a vulnerability is detected (i.e.,
following the link, recording other processes to the memory, etc.).
4. Online Backup New!
Kaspersky PURE 3.0 now integrates an online backup functionality, allowing you to backup
copies of files online via Dropbox – a service trusted by over 100 million users. Free storage is
based on the standard Dropbox conditions –up to 2 GB free of charge.
The advantages of online backup storage are:
The backup copies of files are stored in one place – a protected online storage. In case
of emergency (e.g., damage to the hard drive, computer theft, etc.) your most important files
will not be lost or damaged.
You can access the backup copies of your files from any computer with an Internet
connection.
Note that to use this functionality, you’ll need to register your account in Dropbox or to use your
current account if you already have one. You will be prompted to register or login when you
create a backup task and choose the source ―Online Storage‖.
5. Password Sync New!

Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e., online), so you can
synchronize them across all of your Windows machines. So, now, from any of your PCs, you
can access your Password Manager, and you’ll automatically be logged into websites and
applications.
Simply choose the option Enable Sync during set up of Password Manager.
Note that to use the online password database, you’ll need to create your Kaspersky account.
You will be prompted to register when you choose the Enable Sync option.
6. Compatibility with Windows 8
Kaspersky PURE 3.0 is fully compatible with Microsoft Windows 8 and includes a set of features
for delivering maximum PC protection:
protection of apps developed for Microsoft’s new user interface;
integration with the enhanced Windows Security Center;
Early-Launch Anti-Malware (ELAM) system support.
7. Better Internet Security
In addition to the technologies described above, Kaspersky PURE 3.0 includes better protection
from spam and phishing due to the integration of a new anti-phishing engine and anti-spam
module, and an expanded list of compatible web browsers (Internet Explorer 8-10, Mozilla
FireFox 9.x-12.x, Google Chrome 15.x-17.x, Opera 12.61).
8. Better Overall Protection
Kaspersky PURE 3.0 includes improved overall protection technologies. A good example is the
technology added to protect against Duqu. It first appeared in the fall of 2011, and attempts to
hide from antivirus software by injecting malicious code into system processes, including boot
time – before antivirus software boots up.
9. Better Performance
Kaspersky PURE 3.0 is significantly optimized to reduce the impact on your computer’s
performance when performing the most common online user scenarios, such as: running web
browsers and other programs, installing programs, using the Internet, etc. The product also
reduces battery drain by postponing resource-intensive tasks, thereby increasing the battery life
of your laptop.
10. Easier Installation and User Experience
Kaspersky PURE 3.0 includes a web installer for the automatic download and installation of the
product, automatic removal of incompatible programs and treatment of active infection.
Additionally, the intuitive, engaging design makes it easier to understand and use the basic
Kaspersky PURE 3.0 options. The main window monitors the computer’s protection status
(sections requiring special attention are highlighted in red) and provides access to key features. It
is possible to manage the operation of individual modules directly from the main window.

CHAPTER 3. Installation of Kaspersky PURE 3.0
System requirements for Kaspersky PURE 3.0
Supported operating systems
Operating systems Hardware requirements
► Microsoft Windows XP Home Edition (Service
Pack 3 or higher)
► Microsoft Windows XP Professional (Service
Pack 3 or higher)
► Microsoft Windows XP Professional x64
Edition (Service Pack 2 or higher)
► Microsoft Windows Vista Home Basic (32/64
bit)(Service Pack 2 or higher)
► Microsoft Windows Vista Home Premium
(32/64 bit) (Service Pack 2 or higher)
► Microsoft Windows Vista Business (32/64 bit)
(Service Pack 2 or higher)
► Microsoft Windows Vista Enterprise (32/64 bit)
(Service Pack 2 or higher)
► Microsoft Windows Vista Ultimate (32/64 bit)
(Service Pack 2 or higher)
► Microsoft Windows 7 Starter (Service Pack 1
or higher)
► Microsoft Windows 7 Home Basic (32/64 bit)
(Service Pack 1 or higher)
► Microsoft Windows 7 Home Premium (32/64
bit) (Service Pack 1 or higher)
► Microsoft Windows 7 Professional (32/64 bit)
(Service Pack 1 or higher)
► Microsoft Windows 7 Ultimate (32/64 bit)
(Service Pack 1 or higher)
► Microsoft Windows 8
► Microsoft Windows 8 Pro
► Microsoft Windows 8 Enterprise
General requirements
Intel Pentium 800 MHz or higher
(or equivalent)
512 MB available RAM
Intel Pentium 1 GHz 32 bit (x86) /
64 bit (x64) or higher (or
equivalent)
1 GB available RAM
Intel Pentium 1 GHz 32- bit
(x86)/64- bit (x64) or higher (or
equivalent)
1 GB RAM (32-bit) or 2 GB RAM
(64-bit)
Intel Pentium 1 GHz 32-bit
(x86)/64-bit (x64) or higher (or
equivalent)
1 GB RAM (32-bit) or 2 GB RAM
(64-bit)

► About 700 MB free space on the hard drive (depending on antivirus database size);
► CD-ROM or DVD-ROM for installation of the program from CD;
► Computer mouse;
► Internet connection for product activation;
► Microsoft Internet Explorer 8.0 or higher;
► Microsoft Windows Installer 3.0.
Limitations
► Password Manager works only with 32-bit applications;
► ARM is not supported.
Netbooks hardware requirements
► Intel Atom 1.6 GHz (Z520) (or compatible);
► 1GB DDR2 available RAM;
► Video adapter Intel GMA950 with at least 64 MB of memory (or compatible);
► Screen size 10.1" with resolution 1024x600 or above.
Uninstalling third-party software or earlier versions of Kaspersky Lab
products
Before installation of Kaspersky PURE 3.0 all earlier versions of Kaspersky Lab products or thirdparty
anti-virus software need to have been uninstalled. If such third-party anti-virus software has
not been removed, during installation it is detected by the wizard and is deleted automatically. In
case third-party software cannot be deleted automatically, you will be offered to delete such
software manually.
Removing third-party anti-virus software with Microsoft Windows means
You can use standard Windows means, to uninstall anti-virus software:
For users of Windows XP:
1. In the bottom left corner of the screen click the Start button.
2. Select the Control Panel item.

3. In the Control Panel window select the Add or Remove Programs section.
4. In the Add or Remove Programs window select a program you need to remove.
5. Click the Change/Remove button.
6. Anti-virus software will be deleted from your computer.

For users of Windows Vista/7:
1. In the bottom left corner of the screen click the Start button.
2. Select the Control Panel item.
3. In the Control Panel window select the Programs and features section.
4. In the Programs and Features window select an application you need to remove.
5. Double-click the application’s name.

6. Anti-virus software will be deleted from your computer.
For users of Windows 8
1. On the start screen, right-click free space.
2. At the bottom of the screen, click All Apps.
3. On the Apps screen, find and right-click the required software.
4. At the bottom of the screen select Uninstall.

5. In the Programs and Features window select the application you need to uninstall.
6. Double-click the application.
7. The uninstallation process will start.
Some folders and files of previously installed anti-virus applications may still remain in the
Program Files folder after removal with the Windows standard means. If the folder contains
folders and files of other anti-virus applications, delete them.
Sometimes after removal of anti-virus software with the standard means and the computer restart
some records may still remain in the system registry and prevent Kaspersky PURE 3.0 from
installation. You will know about the records of the previous anti-virus software in the registry
during the product installation.
Removing third-party anti-virus software with special tools
Before the files are copied onto a hard disk the Setup Wizard scans the disk for software
incompatible with Kaspersky PURE 3.0. Records in the system registry are recognized by the
Setup Wizard as fully installed software, even though the product was removed and is no longer
installed on the PC. As a result Kaspersky Lab Setup Wizard asks to delete the detected
incompatible software manually and terminates the installation process.
To resolve the situation, use the links to the special removal utilities that will fully remove a
product from your computer.
Removing Norton products
Removing McAfee products
Removing TrendMicro products
Removing BitDefender products
Removing Avast products
Removing F-Secure products
How to remove Norton products
Removal tool to uninstall Norton products
(NORTON REMOVAL TOOL (С)
Symantec Corporation.
Distributed under the terms of the
NORTON Software Tool Usage
Agreement)
How to remove McAfee products
Removal tool to uninstall McAfee products
(MCPR (C) McAfee, Inc)
How to remove TrendMicro products
Removal tool to uninstall Trend Micro
products (TISSUPRT (C) Trend Micro, Inc)
How to remove BitDefender products
Removal tool to uninstall BitDefender
products (BITDEFENDER UNINSTALL
TOOL (C) BITDEFENDER)
How to uninstall Avast products
Removal tool to uninstall Avast products
(ASWCLEAR5 (С) ALWIL Software)
How to uninstall F-Secure products
Removal tool to uninstall F-Secure
products

Removing AVG products
Removing ESET products
Removing Agnitum
Outpost products
Removing Norman Virus Control product
(UNINSTALLATION TOOL (C) F-Secure
Corporation. Distributed under the terms of
the F-Secure License
Terms)
How to uninstall AVG products.
Removal tools to uninstall AVG anti-virus
(AVGREMOVER (C) AVG Technologies):
For 32-bit systems.
For 64-bit systems.
How to uninstall ESET products
Removal tool to uninstall ESET
Nod32 (ESET UNINSTALLER (C) ESET,
LLC).
How to uninstall Agnitum
Outpost products
Removal tools to uninstall Agnitum
Outpost (for Outpost 2008/2009) (CLEAN
(C) Agnitum Ltd):
For 32-bit systems.
For 64-bit systems.
How to uninstall Norman Virus Control.
Removal tool to uninstall Norman Virus
Control (version 5.x) (DELNVC5 (C)
Norman ASA).
List of applications incompatible with Kaspersky PURE 3.0
During installation of any Kaspersky PURE 3.0 component, products from the list which can be
found in the article from the link are always detected and automatically deleted – List of
applications incompatible with Kaspersky PURE 3.0.
Installation procedure of Kaspersky PURE 3.0
Before the installation make sure that your computer meets system and hardware requirements
described in the chapter System requirements for Kaspersky PURE 3.0. If any third-party
software is installed, then go to the chapter Uninstalling incompatible third-party software. To
know the list of applications incompatible with Kaspersky PURE 3.0, go to the chapter List of
applications incompatible with Kaspersky PURE 3.0. If previous application versions or other
Kaspersky Lab products are installed on the computer, go to the chapter Installation of
Kaspersky PURE 3.0 if other Kaspersky Lab products are installed.
Step 1. Starting installation.
If you purchased Kaspersky PURE 3.0 on a CD, then the installation starts automatically after
you have inserted your CD in the CD-ROM drive. If an executable installer file from the CD is not
started automatically, then it should be run manually.
For this, open the CD and the Install folder via Windows Explorer and double-click an executable
file (with the exe. extension).

If you purchased Kaspersky PURE 3.0 in the eStore in this case you get a download link to an
executable installer file which you have to run manually (by double-clicking the file). The Setup
Wizard will be launched. To start express installation, click the Install button.
If you want to read the License Agreement concluded by you and Kaspersky Lab, click the End
User License Agreement link. Read the agreement carefully, and if you accept each of its
terms, click the Install button.
To cancel the application installation, click the cross button in the top right corner of the window.
In the same window you are invited to participate in the Kaspersky Security Network program.
Participation in the program involves sending information about new threats detected on your
computer, running applications, and downloaded signed applications to Kaspersky Lab, along
with the unique ID assigned to your copy of Kaspersky PURE 3.0 and your system information.
We guarantee that none of your personal data will be sent. Review the Kaspersky Security
Network Data Collection Statement by clicking KSN agreement link. If you agree with all terms of
the statement, check the I want to participate in Kaspersky Security Network (KSN) to
provide optimal protection for my computer box. To continue the installation, click the Install
button.
Step 2. Searching for incompatible software.
On this step the wizard searches for applications installed on your computer, incompatible with
Kaspersky PURE 3.0. If such applications are not found, the wizard goes to the next step
automatically.
Upon detection incompatible software is listed and you are offered to delete such software from
your computer. Applications which Kaspersky PURE 3.0 cannot delete automatically should be
removed manually. During removal of incompatible software, the system reboots. After reboot
installation of Kaspersky PURE 3.0 continues automatically.

You can find more information about removal of incompatible software from the chapter List of
applications incompatible with Kaspersky PURE 3.0.
Step 3. Installation.
Installation of the application can take some time. Wait for it to finish. Once the installation is
complete, the Wizard will automatically proceed to the next step.
If an installation error occurs, which may be due to malicious programs that prevent anti-virus
applications from being installed on your computer, the Setup Wizard will prompt you to
download Kaspersky Virus Removal Tool, a special utility for neutralizing an infection. You can
read about the utility in the KB6219.
If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers,
after which installation of the utility starts automatically. If the Wizard cannot download the utility,
you will be asked to download it on your own by clicking the link provided.
After you finish working with the utility, you should delete it and restart the installation of
Kaspersky PURE 3.0.
Step 4. Finishing the installation.
After the program files have been copied and the modules have been registered, the Wizard
informs you of successful completion of the application installation. If you want to launch
Kaspersky PURE 3.0, check the Start Kaspersky PURE 3.0 box and click the Finish button.
Before you activate the product, make sure the system date is set correctly.
Step 5. Activation

During the first application launch, you will be offered to activate Kaspersky PURE 3.0.
Activation is the procedure of activating a license that allows you to use a fully functional version
of the application until the license expires.
► If you have an activation code, select the Activate commercial version option and
enter an activation code of 20 characters. An Internet access is required to activate the
application.
► If you do not have an activation code, you can activate trial version. In this case the
Configuration Wizard will download and install a trial key valid for 30 days. An Internet
access is required to activate the application.
The difference between trial and commercial versions, and the activation procedure are
described in detail in the License management chapter.
Installation of Kaspersky PURE 3.0 if other Kaspersky Lab products
are installed
You can install Kaspersky PURE 3.0 on top of the following Kaspersky Lab products:
► Kaspersky PURE 2.0
► Kaspersky PURE R2
► KIS 2012/2013
► KAV 2012/2013
In order to install Kaspersky PURE 3.0 on top of one of the mentioned programs, do the
following:

FAQ
1. Download the product distributive of Kaspersky PURE 3.0 from the Kaspersky Lab official
site.
2. Run the distributive of Kaspersky PURE 3.0.
3. Follow the instructions of the Setup Wizard (see the chapter Installation procedure of
Kaspersky PURE 3.0).
What to do if an error occurred during activation?
Check if you have the Internet connection (try to open any web page) and make sure your
Internet browser operates in the online mode.
How to activate the product I purchased a license for several computers?
To install and activate a Kaspersky Lab product on several computers use the same activation
code.
What to do if errors with Firewall and third party software occurred during installation of
Kaspersky Lab products?
You are recommended to uninstall third party software.
For Windows 8: Computer-> «Computer» -> Uninstall or change a program.
When trying to update an error message occurred “Fail to connect to an update source”.
1. Make sure Firewall and third party software are not installed on your computer.
2. Check the product update settings and/or connection settings (you can get this information
from your Internet provider) and try to update later (see KB9250).

CHAPTER 4. License management and migration to new
product version
License management
This chapter contains information regarding the basic concepts used in the context of the
application licensing. You will also learn about the automatic renewal of the license and where to
view information regarding the current license.
About license agreement
The End User License Agreement – is an agreement between natural or legal person lawfully in
possession of a copy of Kaspersky PURE 3.0 and Kaspersky Lab, ZAO. The EULA is included
in each Kaspersky Lab application. It contains a detailed description of rights and Kaspersky
PURE 3.0 usage restrictions. According to the EULA, when you purchase and install a Kaspersky
Lab application, you get an unlimited right to own its copy.
About license
License is a right to use Kaspersky PURE 3.0 and the related additional services offered by
Kaspersky Lab or its partners. Each license is defined by its expiry date and a type.
License term is a period during which the additional services are offered:
► Technical support;
► Updating databases and application modules.
The scope of provided services depends on the type of the license.
The following license types are provided:
1. Trial – a free license with a limited validity period, for example, 30 days, offered to become
familiar with Kaspersky PURE 3.0.
As soon as the trial license expires, all Kaspersky PURE 3.0 features become disabled.
Trial license can only be used once and cannot be used after a commercial license!
To continue using the application you should activate it with an activation code. The activation
procedure will be described below.
NOTE: Technical support is provided only to the customers of commercial license.
2. Commercial – a commercial license with a limited validity period (for example, one year),
offered upon purchase of Kaspersky PURE 3.0. One license can cover several computers.
If a commercial license is activated, all application features and additional services (technical
support, update of bases and application modules) are available.
As soon as a commercial license expires, Kaspersky PURE 3.0 remains a full-featured
application, but the anti-virus databases are not updated. You can still scan your computer for
viruses and use the protection components, but only using the databases that you had when the
license expired.
Two weeks before the license expiration date, the application will notify you of this event so you
can renew the license in advance. The procedure of a license renewal will be described below.

3. Commercial with an update subscription and commercial with an update and
protection subscription – a paid license with flexible management.
You can suspend and resume the subscription, extend its validity period in the automatic mode
and cancel the subscription. A license with subscription is distributed by service providers.
You can manage the subscription from the user's Personal Cabinet on the service
provider's website.
The validity period of a subscription can be limited (for example, to one year) or unlimited. If a
subscription with a limited validity period is activated, you should renew it on your own when it
expires. A subscription with an unlimited validity period is extended automatically subject to
timely prepayment to the provider.
If the subscription term is limited, when it expires, you will be offered a grace period for
subscription renewal, during which the full functionality of the program will be maintained.
If the subscription is not renewed, when grace period expires, Kaspersky PURE 3.0 ceases to
update the application databases (for licenses with an update subscription) and stops performing
computer protection or executing scan tasks (for licenses with a protection subscription).
When using the subscription, you will not be able to use another activation code to renew the
license. This is only possible after the subscription expiry date.
If you already have an activated license with a limited term at the time of subscription activation, it
is substituted with the subscription license. To cancel the subscription, contact the service
provider from whom you purchased Kaspersky PURE 3.0.
About activation code
An activation code is a unique set of Latin letters and digits that comes in four blocks of five
symbols, separated by a hyphen, for example AA111-AA111-AA111-AA111.
Activation code is the code supplied with a Kaspersky PURE 3.0 commercial license. This
code is required for activation of the application.
If you purchased a box version of the Kaspersky Lab product, the activation code can be found
printed on the first page of the user manual left cover.
If you purchased Kaspersky Lab product via E-Store, the activation code will be sent to you via email
you have specified when making the order.
The activation code which has never been activated does not have an expiry date. An unused
activation code can be activated at any time, but the license will begin to expire on the day of
initial activation.
Kaspersky Lab products can be activated with an activation code only if you have established
Internet connection. In this case the Configuration Wizard will connect to the Kaspersky Lab
servers and send the activation code to the servers. If the activation code is verified, the wizard
receives a key file which is automatically installed to the program. The activation process is
complete and is accompanied by a window with the detailed information about the purchased
license.
If the activation code was not verified, the corresponding message is displayed on the screen. In
this case contact the company where you purchased the license.
If the number of activations with one activation code is exceeded a corresponding message will
appear on the screen. The activation process will be terminated and the program will offer you to
contact Kaspersky Lab Technical Support.

If an activation error occurred and the activation code was not activated, contact Technical
Support via My Account service from any computer with an Internet connection. Give the
following information in your request:
► Place where you purchased Kaspersky Lab product;
► Information about the owner: surname, name;
► Exact purchase date;
► Full registration number of your license (this number is written on the first page of the
user manual left cover from the box version of the product or in an email (if you
purchased the product via eStore);
► Product activation code.
Without an activation code the application will work in limited functionality.
For example, you will be able to update the program only once (further updates will not be
performed), some other functionalities will be unavailable.
Purchasing license after the product installation
If you have installed Kaspersky PURE 3.0 without a license, you can purchase one after
installation:
1. Open the main application window.
2. Click the Purchase license link in the bottom right corner of the window.
The eStore web page of Kaspersky Lab opens where you can purchase a license or find the
partner nearest to you.

About activation procedure
Activation is the procedure of activating a license that allows you to use a fully functional version
of the application until the license expires.
Activation during the application installation
You can activate the commercial version of the application during the first launch of Kaspersky
PURE 3.0.
Before you activate the product, make sure the system date is set correctly.
For this, perform the following actions:
1. In the Activation of Kaspersky PURE 3.0 window select a license type — commercial or
trial. See the chapter About license for the details.
► If you have selected Activate commercial version, enter an activation code into the
corresponding field and click the Next button.
► If you want to activate trial version, select the corresponding option and click the Next
button.
Pay attention, on this step you can purchase a commercial license by clicking the Buy activation
code link. A Kaspersky Lab web-page opens where you can purchase a license and obtain an
activation code.
2. The Wizard sends a request to the activation server to obtain permission for activation of
the selected version of the application.

If the request is sent successfully, the Wizard automatically proceeds to the next step.
3. Click the Finish button, to complete the work of the Wizard.
Activation after the application installation
On the activation step during the application installation you can click the Cancel button. In this
case the application will not be activated. To activate the application after the installation, perform
the following actions:
1. In the bottom right corner of the window click the link License: not available.

2. In the Licensing window click the Activate the application button in order to activate the
program with a new license.

3. Select Activate commercial version/ Activate trial version. If you want to activate a
commercial license, enter the activation code into the corresponding field. Click the Next
button. After successful activation completion, information about the license type and the
expiry date will be shown in the wizard window.
Activation issues of Kaspersky Lab products
Kaspersky Lab products can be activated by activation codes purchased in the region where the
product will be used.
The error may appear if you try to activate your application using an activation code in one region
(country), but the activation code you use is intended for use in another region (country). For
example, you bought Kaspersky PURE 3.0 via E-Store in India, but you try to install and activate
the application in the United Kingdom.
In order to eliminate the problem, you need to install and activate your Kaspersky Lab product in
the region (country), where you bought the application.
Viewing license information
In order to view current license information, perform the following actions:
1. Open the main application window.
2. Click on the License link in the bottom right corner of the window.

In the Licensing window you can view the following license information:
► License number (for example, 0101-010101-01010101);
► License status (for example, active);
► License type (for example, commercial for 2 computers for 365 days);
► Expiration date (for example,13/03/2012 11:59 PM);
► Remaining (for example, 364 days).

You can delete the active license in the top section of the Licensing window. For this, click the
icon next to the number of license you wish to delete.
The lower section of the Licensing window allows you to select an action to be performed over
the license depending on its type and its current state:
If a trial license is installed, then the section A trial version of the application is installed is
available. Using the buttons in the section you can:
► Activate the application — if you have an activation code then in the opened window you
can activate the application with a commercial license.
► Buy activation code — the button will take you to the Kaspersky Lab page where you
can buy a license for the product via eStore or to know the address of the nearest partner.

License renewal procedure
To protect your computer after the license validity period, you can extend the license for the next
term prematurely.
To prolong the license validity period, perform the following actions:
1. Open the main application window.
2. In the bottom of the window click the License link.
3. In the Licensing window in the New activation code section:
If you already have an activation code (for example, you purchased a box version), then
perform the following actions:
a) Click on the Enter activation code button.
b) Enter your activation code in the Enter activation code window.
c) Click on the Next button.
For the convenient work with the Kaspersky PURE 3.0 license you can add a new code,
additionally to the already installed activation code.
When the main activation code is going to expire you can prolong the license for Kaspersky
PURE 3.0 and add a new code to the program as a reserved one.
When the main activation code expires, a new code is activated automatically and the program
continues operating in the fully functioning mode.
To prolong license validity period, do the following:
► If you already have an activation code, then do the following:
1. In the main application window in the bottom right corner click the License link.

2. In the Licensing window click the Enter activation code button.
3. Enter the code in the Add new activation code window.
4. Click the Next button.

► If you do not have an activation code and you want to buy a new license, then in the
Licensing window perform the following actions:
1. Click the Buy license renewal button.
2. A Kaspersky Lab web-page opens where you can prolong your license validity period
online in the License Renewal Center or find the partner nearest to you and then
prolong your license offline.

Migration policy from Kaspersky Lab products to Kaspersky PURE 3.0
The migration terms depend on the status of the license in use.
If you have an active license for the products:
► Kaspersky PURE, Kaspersky PURE R2, Kaspersky PURE 2.0 — you can use your current
license to migrate.
Kaspersky
PURE
Kaspersky
PURE R2
Kaspersky
PURE 2.0
FREE
Kaspersky
PURE 3.0
► KIS 2007, KIS 2009, KIS 2010, KIS 2011, KIS 2012, KIS 2013— You can purchase a
license renewal for Kaspersky PURE 3.0 with a discount in the E-Store or from a partner.

KIS
7.0
► KAV 7.0, KAV 2009, KAV 2010, KAV 2011, KAV 2012, KAV 2013- — You can purchase a
license renewal for Kaspersky PURE 3.0 with a discount in the E-Store or from a partner.
KAV
7.0
KIS
2009
KAV
2009
KIS
2010
KAV
2010
KIS
2011
KAV
2011
KIS
2012
KAV
2012
IF the license for a product has expired:
► Kaspersky PURE/ Kaspersky PURE R2/ Kaspersky PURE 2.0
► KAV 2013 / KIS 2013
► KAV 2012 /KIS 2012
► KAV 2011 / KIS 2011
► KAV 2010 /KIS 2010
► KAV 2009 / KIS 2009
► KIS 7.0 / KAV 7.0,
KIS
2013
KAV
2013
With a
discount
With a
discount
Kaspersky
PURE 3.0
Kaspersky
PURE 3.0
you can purchase a license renewal for Kaspersky PURE 3.0 with a discount in the E-Store or
from a partner.

CHAPTER 5. Backup and Restore
The Backup component in Kaspersky PURE 3.0 allows to quickly restore your data in case of a
loss or erasing.
Data stored on a computer can be lost or damaged due to various issues, such as impact of a
virus, information modification or deletion by another user, etc. To avoid losing important
information, you should regularly back up data.
Duration of the backup process directly depends on the volume of the information you wish to
save. That is why Kaspersky Lab experts recommend creating backup copies of the files and
folders which contain important information (documents, photos, music and etc.).
Backup copying creates backup copies of objects in a special storage on the selected device.
Backup storage is a specially assigned area of disk space or a data storage media.
Online backup is a new function integrated into Kaspersky PURE 3.0 that allows to store
backup copies in the ―cloud‖.
The advantages of the online backup storage are:
► The backup copies of files are stored in one place – a protected online storage. In case
of emergency (e.g., damage to the hard drive, computer theft, etc.) your most important
files will not be lost or damaged.
► You can access the backup copies of your files from any computer with an Internet
connection.
When creating a storage area, the user performs the following actions:
► selects the data medium;
► specifies the name of the new storage area’
► specifies the settings for storing backup copies’
► may also password-protect stored data against unauthorized access.
Creating a backup task
During a task execution, backup copies of the selected files are created and saved into a
specified storage. If necessary these copies can be restored.
A task is created with the help of the wizard. The wizard consists of the following steps:
► Selecting data category for backing up
► Creating a storage
► Recording restore utility (optional)
► Password protection (optional)
► Files storage settings (optional)
► Setting automatic schedule for a backup task
► Summary
Selecting data category for backing up
In order to select a category of data for backing up, perform the following actions:
1. In the main program window select the Backup button.

2. In the Backup window click the Create a backup task button.
3. In the Create backup task window select a data category you want to back up. You can
select one of the following categories:
► My Documents and Desktop (all files from the My Documents folder and from
Desktop);
► Movies and Video (all video files);

► Pictures and Photos (all image files);
► Music (all music files);
Creating backup copies for custom files
If you select the Custom files variant, you can specify manually what files to back up. Click the
Next button to continue.
In order to create a backup task for custom files, do the following:
1. In the main program window select the Backup button.

2. In the Backup window click the Create a backup task button.
3. In the Create backup task window select Custom files and click the Next button.

4. In the open window click the Add folder button.

5. In the Select folder window specify the documents that should be backed up.
6. Click the OK button to add the folder to the backing up list.
7. To select specific files for backing up, click the link in the Number of files column.

8. In the Selecting data for backup by location window on the Location of files tab check
the required files.

9. To select the data for backing up by categories, go to the File categories tab. In the left
part of the window select the necessary category. In the right part of the window check the
required files.

10. Click the OK button.
11. By default system and hidden files are backed up. If you want to back up these categories
of files, then in the bottom part of the Create backup task window click the Hidden and
system files link

12. To select a storage for backup copies, click the Next button.

Editing categories of files during a backup task creation
When creating a backup task Kaspersky PURE 3.0 distributes the selected files by categories.
Each category has a list of file extensions by which the program refers a file to a specific
category.
The default categories include:
► Audio;
► Documents;
► Images;
► Video;
► Financial documents.

To select or edit categories during a backup task, do the following:
1. Check the boxes next to the categories you need to create backup copies, if necessary.
You can use the Select all /Clear all links, to select or clear all boxes correspondingly.

2. To edit categories, click the Category editor link.
3. To create a new category, in the Category Editor window click the Add category button.

4. In the New category window enter a category name and click the OK button.

5. To add a new extension, in the right part of the Category Editor window select a
category. Click the Add extension link at the top of the window.

6. In the New extension window enter an extension you want to add (for example, .flv).
Click the OK button.

7. Using the Edit and Delete buttons you can make changes to the extensions.

8. In order to select or delete extensions from a category, check/uncheck the boxes next to
the necessary extensions.
9. You can reject changes made in the extensions for a default category. For this, click the
Default button at the top of the window.

10. In the Restore settings window click OK.
11. In the Category Editor window click the OK button
Creating a backup storage
You can select the following storage for the backup copies:
► Online storage – to store backup copies online.
► Local disk — a folder or a logical disk on the computer hard drive.
► Removable drive — any portable device (memory card, CD, etc.) connected to the
computer.
► Network drive — network folder.
► FTP-server — server that ensures file exchange via the FTP protocol.
If you have not been granted sufficient privileges to record data on the selected medium, you will
not be able to create a storage on it.

You can use extended settings for a backup storage. For this, in the Select storage for this
backup task window check the box Use extended settings for storage.
Extended settings are not available for Online backup.
Creating online backup storage
Online Backup allows you to backup copies of files online via Dropbox.
Note that to use this functionality, you’ll need to register your account in Dropbox or to use your
current account if you already have one.
You can use the same Dropbox account to save all your backup copies into one Online Backup
Storage from different computers with Kaspersky PURE 3.0 installed.
You can find more detailed information about usage conditions of the web service on the
Dropbox site.
Before using an online backup storage for creating backup copies, you need to activate the
online storage.
Activating online storage
To activate an online storage, do the following:
1. In the Create backup task window select Online storage and click the Activate now
button.

2. A sign in Dropbox window will open. If you are a registered user, log in your account. For
this, enter your email address, specified during the registration into the Email field and
your password into the Password field. Click the Sign in button.

3. Create a Dropbox account (if you are a registered user, go to step 4). To create an
account, do the following:
a. In the open window click the Create an account link.
b. Enter your first and last names, email and password in Latin symbols into the
corresponding fields.
c. Check the box I agree to Dropbox Terms, if you accept the terms of Dropbox
agreement (the use conditions are available from the Dropbox Terms link). Click
the Create an account button to complete registration.

d. In the Create backup task window click the Activate now button once.
4. To complete activation of an online storage you should confirm that Kaspersky PURE 3.0
can use your Dropbox account to back up and restore information. For this, in the browser
window click the Allow button.

5. The storage has been successfully activated.
Kaspersky PURE 3.0 will place backup copies of the saved data into a separate folder which is
created in the folder where Dropbox applications are stored.
Online storage can now be selected. If an online storage is activated, then the size of occupied
space and of free space available for recording information is displayed.

Creating online storage
When creating a backup copy using an online storage Kaspersky PURE 3.0 does not create
backup copies for the types of data which are restricted by the Dropbox use rules.
In order to create an online storage, in the select storage to create backup task window, do the
following:
1. Select an Online storage.

2. Click the Next button to go to Configuring schedule of automatic backup run.
Creating storage on local drive
In order to create a storage on a local drive, do the following:
1. In the Select storage for backup copies window click the area with the name of your
computer hard drive.

2. Click the Next button.
Creating storage on removable drive
In order to create a storage on a removable drive, do the following:
1. Connect a removable drive to your computer.
2. Wait until a connected removable drive will appear in the list of backup storages.
3. Select a drive from the list.
4. Click the Next button.

Creating storage on network drive
In order to create a storage on a network drive, do the following:
1. In the Select storage for this backup task window on the selecting storage for backup
copies stage click the Add storage link.

2. In the Network storage type window on the Network drive tab click the Browse button
to specify a path to the network folder.

3. If access to the selected folder is restricted, then you can enter account data for
authorization. For this, enter your data in the User name and Password fields.
1. Value of the User name field should be identical to an entry line |.
2. Example how to enter the settings of a network drive:
3. Drive: \\Z
4. User name: kl-12345\smith
5. Password: ***

4. Click the Next button.
Creating storage on FTP-server
In order to create a storage on a FTP server, do the following:
1. In the Select storage for this backup task window on the selecting storage for backup
copies stage click the Add storage link.

2. In the Network storage type window on the FTP server tab specify connection settings
to FTP server. When using an FTP server, you should also specify the following
connection settings:
► Server – address of the server;
► Port – number of the port;
► Folder – folder on the server into which backup copies will be saved;
► User name and Password – account data to pass authentication on the server;
► Mode – server operation mode (active or passive).

3. Click the Next button.
Connecting earlier created storage
In order to be able to operate a backup storage which was created with the help of the Backup
module, and then relocated/copied from one computer to another, this storage should initially be
connected via Kaspersky PURE 3.0. You may have to reconnect a storage after system
reinstallation.
Only connected storages are displayed in the list of storages in the program interface. Not
connected storages will not be displayed in the list of backup storages.
In order to connect an existing storage, do the following:
1. In the Create backup task window click the Connect storage link.

2. In the Connect storage window elect a storage type and specify the required connection
settings. Click the OK button.
4. If the settings are set correctly, the storage will appear in the list.
Recording restore utility
The Restore utility window is available only if you are saving your storage on a removable drive
and when selecting a storage the box Use extended settings for storage is checked.

You can record a special utility on a removable drive that will allow to extract the data from the
storage on any computer even if Kaspersky PURE 3.0 is not installed on the computer. For this,
do the following:
1. Check the box Copy Kaspersky Restore Utility to storage.
2. Click the Next button.

Password protection
The Password protection window is available only if the Use extended settings for storage
box is selected during a storage selection.

In the Password protection window do the following:
1. Check the Enable password protection (recommended) box to protect the data in the
storage against unauthorized access. Enter a password and confirm it.

2. Click the Next button.
Files storage settings
The Files storage settings window is available only if the Use extended settings for storage
box is selected during a storage selection.

To configure files storage settings, do the following:
1. In the Files storage settings window check the box Restrict the number of file
versions and restrict the number of file versions which would be simultaneously stored in
the storage.

2. To limit the storage period of backup copies, check the box Restrict storage period of
file versions and set the time period to keep old versions of files.

3. Click the Next button.
Configuring schedule of automatic backup run
By default, backup is launched manually. In order to set an automatic schedule of a backup task,
do the following:
1. If you want the task to be performed when a removable drive with a backup storage is
connected, check the box Run task on connecting the removable drive.

2. If you want the task to be started automatically at a specified time, check the box Run
automatically according to the schedule.

3. From the drop-down menu select the task frequency (minutes, hours, days, at the
specified time, every month or after application startup).

4. Set the task frequency and start time in the corresponding fields.

5. If you want the tasks skipped due to some reasons (for example, computer restart or OS
failure) to be performed, then check the box Run skipped tasks.

6. Click the Next button.
Summary
1. In the Summary window enter the name of a new task.
2. Check the box Run task when the wizard is complete, if you want to launch the task
immediately after its creation.

3. Confirm the task creation with the specified settings by clicking the Finish button.

4. The task is added to the list of backup tasks.
Starting, editing and deleting backup tasks
Starting a backup task
Backup tasks can be started either automatically (by schedule) or manually.
An automatic schedule is created during the task creation and can be changed later.
In order to run a backup task manually, do the following:
1. In the main program window select Backup.
2. In the right part of the Backup window select the necessary task from the list and click the
Run button.

3. Wait till the task is finished. In the line of the selected task, the time from the beginning of
the task execution is displayed. As a result of the task execution, an archive of backup
copies for the current date is created in the storage.
4. In order to postpone the task, click the Stop button.

5. In order to pause the backup task, click the arrow on the Stop button and in the dropdown
list select Pause.
6. You can later resume the task by clicking the Resume button.

Editing and deleting a backup task
All options of a created backup task can be changed. For this, do the following:
1. In the main program window select Backup.
2. In the Backup window click the arrow right of the Run button. In the drop-down menu
select Edit.

3. In the opened window edit the necessary settings of the backup task.
See the chapter Creating a backup task, to know how to configure parameters of a
backup task.
4. In order to delete a backup task, in the Backup window click the arrow on the right of the
Run button and in the drop-down menu select Delete.
5. In the Delete task window confirm the task deletion by clicking the OK button. If you want
the backup copes created by the task to be deleted too, check the box Delete backup
files created by this task.
Restoring data from backup
The data may be restored from the backup copies of files, if necessary. When restoring data
from backup copies a restoring procedure is launched and the Kaspersky Restore Utility is used
(if you are restoring data on the computer with no Kaspersky PURE 3.0 installed). Files from the
backup copies can be restored either to their initial location or to a random folder.
In order to restore data from backup, do the following:

1. In the main program window click the Backup button.
2. In the Backup window go to the Restore data tab.
3. In the right part of the window select a storage where the required backup copies are
stored and click the Restore data button.

4. At the top part of the Restoring data from storage window select the name of a backup
task, date of the backup copies creation and the category of data. Use search to find the
necessary file.
5. In the left part of the window select the folders to be restored and in the right part of the
window specify what files from which folders should be restored. For this, check the
required files and folders.
6. A click upon the Open button opens the latest version of a selected file.

7. In order to restore a specific version of a file, in the right part of the window select a file
and click the Versions button.
8. Select the required version of a file and click the Restore file version button.

9. At the lower part of the Restoring data from storage window click the Restore data
button (this step is skipped when a file version is restored).
10. In the Restore window select a location to save the restored files. By default the restored
files are saved into a source folder.

If you want to save the restored files into a specified folder, select Specified folder and click the
Browse button.
In the Select folder window select the specified folder. Click OK.

11. In the Restore window click the Restore button.
12. Wait till the data has been restored. In the In the Restore window click the Close button.

Managing backup storages
Connecting a storage
If a backup storage created with the Backup module was moved/copied from one computer to
another, such storage should first be connected via Kaspersky PURE 3.0 in order to become
available. You may need to connect a storage after system reinstallation.
List of storages contains only storages which are connected. You will not be able to find a
storage in the list, if that storage is not connected.
In order to connect an existing storage, do the following:
1. In the main program window select Backup.
2. In the Backup window go to the Restore data tab.
3. In the bottom part of the Restore data from backup window click the Connect backup
storage link.

4. In the Connect storage window select a drive type and define the required connection
settings. Click the OK button.
5. If the settings were specified correctly, the storage will be added to the list.
Editing storage settings
You can restrict the number of file versions and the storage period of file versions. For this, do
the following:
1. In the main program window select Backup.
2. In the Backup window go to the Restore data tab.

3. Select the required storage.
4. Click the arrow on the right of the Restore data button. In the drop-down menu select
Edit.
5. In order to restrict the number of file versions that should be simultaneously stored in the
storage, in the File storage settings window check the box Restrict the number of file
versions and specify the number of stored versions. Click the Next button.

6. In the Summary window confirm the changes by clicking the Finish button.

Clearing a storage
Backup copies of the selected files are created in a special storage during the backup process. If
storage volume is not sufficient for your current operations, you can delete obsolete versions and
backup copies of files which have been already deleted from the computer.
In order to clear the storage, please perform the following:
1. In the main program window select Backup.
2. In the Backup window go to the Restore data tab.
3. Select the necessary storage.
4. Click the arrow on the right of the Restore data button. In the drop-down menu select
Clear.

5. In the Clear storage window select the file versions you want to delete from the storage:
► If you wish to delete not all data from the storage but only file versions created before a
certain date, then check the File versions created earlier than box. Use scrolling
arrows or enter manually from the keyboard to set the date which should be the starting
point for saving object copies. Backup copies created before the date you have
specified, will be deleted.
► If you want to save only some file versions and to delete other versions, check the box
Previous file versions. Specify the number of versions to keep, including the
latest current one. Use the scrolling arrows to set the value from 1 to 99 or enter the
value manually using the keyboard. All backup copies above this number will be
deleted.
► If you wish to delete the backup copies of all files that have been deleted from the
computer, check the Backup copies of files deleted from the computer box.

6. To start the clearing process, click the OK button.
7. Wait until the clearing process is over and the Operation completed successfully
message appears. Click the OK button.
Deleting a storage
To remove a storage for backup data, you should use Storage Removal Wizard.
In order to remove a storage for backup data, please do the following:
1. In the main program window select Backup.
2. In the Backup window go to the Restore data tab.

3. Select the necessary storage.
4. Click the arrow on the right of the Restore data button. In the drop-down menu select
Delete.
5. In the Storage Removal window on the Content tab select an action to perform on the
backup copies that are located within the storage to be removed:
► Save;

► Delete.
If you select the Delete variant, all data stored on the storage will be permanently deleted!
6. Click the Next button.
7. On the Tasks tab select an action to be performed over the tasks that use the storage for
backup:
► Do not delete (in this case tasks will be saved not related to any storage; you will
have to select another storage for each task).
► Delete (all tasks will be deleted).

8. Click the Next button.
9. On the Summary tab confirm deletion of the storage with the specified settings by clicking
the Finish button.
A storage was removed.

Viewing backup reports
Each event related to data backup and restore is displayed in the report.
To get and save a report about executed backup and restore tasks, please do the following:
1. In the main program window select Backup.
2. In right upper corner of the Backup window click the Reports link.
3. In the Report window on the Backup tab you can select the period within which you need
to get a report: day, week, month, year, entire period. Use the arrows to view a report for a
required time interval: for example, create a report from January 1, 2012 till May 1, 2012.

4. In the Report window on the Restore tab you can select the period within which you need
to get a report: day, week, month, year, entire period.
5. After you have finished working with the report, click the Close button.

CHAPTER 6. Computer protection
Kaspersky PURE 3.0 provides complex protection of your computer and home network.
Complex protection includes protection of a computer, data and users, and remote
management of Kaspersky PURE 3.0 functions on all computers in the network.
To know the current protection state, click the Computer Protection module in the main program
window.
Computer Protection includes the three main sections: Protection Center, Scan and Update.
The following links are available from the Computer Protection window: Quarantine, Network
Monitor and Applications Activity. The Cloud protection button and the links Settings and
Reports reside at the top of the window.

Protection Center
Protection Center is a Kaspersky PURE 3.0 module which provides protection of personal data
against all kinds of threats. The module also protects the computer from spam and network
attacks. Components of Protection Center allow to protect the computer from unknown threats
and Internet-fraud, phishing; it lets you control user access to the Internet. This comprehensive
protection covers all channels that are used to receive and transfer data.
Protection Center lets you enable/disable protection components and go to their configuration
windows.
Real-time protection of your computer is provided by the following components:
► File Anti-Virus prevents infection of the computer's file system. The component starts
upon startup of the operating system, continuously remains in the computer's RAM, and
scans all files being opened, saved, or launched on your computer and all connected
drives. Kaspersky PURE 3.0 intercepts each access to files and scan. The file will be
accessible only if the file is not infected or is disinfected by the application. If the file
cannot be disinfected, the file will be deleted. In this case the file copy will be saved in a
backup quarantine store.
► Mail Anti-Virus scans incoming and outgoing messages for dangerous objects. Messages
will be accessible only if contain no dangerous objects.
► Web Anti-Virus protects incoming web traffic and prevents dangerous scripts from
running on your computer. The component also blocks access to dangerous web sites.

► IM Anti-Virus provides protection of your computer when you work with instant
messengers. The component protects incoming data via instant messengers’ protocols. IM
Anti-Virus provides secure work with most of internet messengers.
► Application Control tracks actions in the system performed by applications installed on
the computer, and regulates them based on the rules of Application Control. These rules
regulate potentially dangerous activity, including applications' access to protected
resources.
► System Watcher collects the data about applications’ activity on your computer and gives
this information to other components for more effective protection.
► Firewall ensures your security on local networks and the Internet. Protection against
various types of attacks is performed based on two groups of rules: packet rules and
application rules.
► Network Attack Blocker loads during the operating system launch, and scans incoming
network traffic for activities characteristic of network attacks. As soon as an attempt to
attack the computer is detected, Kaspersky PURE 3.0 blocks any network activity of the
attacking computer towards your computer.
► Anti-Spam embeds into your mail client and filters all incoming mail for unwanted mail and
sorts it according to the settings configured by the user. All emails containing spam will be
marked with a special subject. You can configure work of the Anti-Spam component
(automatic deleting, removing to a specified folder and etc.).
► Anti-Phishing. The component is embedded to Web Anti-Virus, Anti-Spam and IM Anti-
Virus. The component filters access to phishing web sites and prevents phishing attacks.
► Anti-Banner blocks ads and banners in your web browser and in some applications.
You can enable/disable any of the protection components. In order to do this, perform the
following actions:
1. Select Computer Protection in the main application window.

2. In the Computer Protection window click on the List button in the Protection
components section.
3. In order to enable/disable the required component, click on the button located in the right
part of the window in the section of the required component.
The icon shows that a component is enabled, the icon – a component is disabled.

4. In order to go to the component configuration window click on the button . You can find
detailed instructions on how to configure components in the Settings. Protection section.
Also in the Protection Center window you can find out the status of detected threats and
databases status.
Anti-virus databases statuses of Kaspersky PURE 3.0:
► Obsolete;
► Out of date;
► Have not been updated for a long time;
► Update is in progress;
► Up to date.

Scan
Scanning the computer for viruses and vulnerabilities is one of the most important tasks in
ensuring the computer's security. It is necessary to scan your computer for viruses on a regular
basis in order to rule out the possibility of spreading malicious programs that have not been
discovered by protection components, for example, because of a low security level set, or for
other reasons.
Vulnerability scan performs the diagnostics of operating system and detects software features
that can be used by intruders to spread malicious objects and obtain access to personal
information.
Further we will study peculiarities configuring settings of the scan tasks, as well as security
levels, scan methods and technologies.

Scan for viruses
Kaspersky PURE 3.0 comprises the following tasks to scan for viruses:
► Full Scan. A thorough scan of the entire system. The following objects are scanned by
default: system memory, objects loaded on startup, system backup, email databases, hard
drives, removable storage media and network drives.
► Critical Areas Scan. Virus scan of operating system startup objects (system memory,
startup objects and bootable sectors).
► Custom Scan. Scan of objects selected by the user. You can create your own list by
adding or excluding from scan any object of the computer's file system from the default list.
Starting scan for viruses
Scan tasks can be started from the main application window or from the Computer Protection
window.
Starting scan from the main application window
To start a scan task from the main application window, perform the following actions:
1. Open the main application window.
2. In the bottom part of the Computer Protection section click on the Scan link.

3. Select the required scan type from the open menu.

Starting scan from the Computer Protection window
In order to start a scan task from the Computer Protection window, perform the following
actions:
1. In the main application window select Computer Protection.
2. In the left part of the window select Scan.
3. In the right part of the window launch the necessary task. For example, Full Scan.

Full Scan
In order to start the Full Scan task, click on the icon next to the task name.

Before the first launch of a scan task, a short description of the task is given in the Full Scan
section. After the first launch of the task, the window will contain task execution time (time
reference is a link to the scan report window), number of scanned objects and scan results.
During the Full Scan task performing you can specify an action for the computer to be performed
when scan is complete. In order to do this, perform the following actions:
1. Click on the details link under Full Scan.

2. In the Task Manager window click the button keep the computer turned on and select
the required action to be performed when scan is complete:
► keep the computer turned on;
► shut down the computer;
► switch the computer to standby mode;
► switch the computer to sleep mode;
► reboot the computer.
By default, the keep the computer turned on option is selected.

You can stop the launched task by pressing on the button .
In order to resume the scan task, click the button and you will be asked to select one of the
following options: Resume scan or Start new scan.
Critical Areas Scan
In order to launch the Critical Areas Scan, click on the button next to the scan name in the
Computer Protection window.

Before the first launch of a scan task, a short description of the task is given in the Critical Areas
Scan section. After the first launch of the task, the window will contain task execution time (time
reference is a link to the scan report window), number of scanned objects and scan results.
You can stop the launched task by pressing on the button .

In order to resume the scan task, click on the button and you will be asked to select one of the
following options: Resume scan or Start new scan.
Custom Scan
Using Custom Scan you can scan individual objects on the computer. You can create your own
list by adding or excluding from scan any object of the computer's file system from the default list.
In comparison with custom scan, tasks of full scan and critical areas scan are specific scan tasks
– it is not recommended to edit scan lists for these scan types.
In order to launch a custom scan task, perform the following actions:
1. Drag the required object and drop it to the Custom Scan section. You can also click on
the select link and select the object to scan.

2. The Custom Scan window contains the pre-defined list of objects to scan.
3. Check the required boxes next to the objects or select an object by pressing the Add link:

4. In the Select object to scan window select the required object and click on the Add
button. Perform the same actions to add all required objects to scan. Once all objects are
added click on the OK button.
5. You can also check the Include subfolders box to scan all subfolders from the selected
object.

6. The selected objects appear in the Custom Scan window:
7. In order to edit or delete objects in the list of objects to scan, click on the Edit or Delete
links, correspondingly.

8. At the bottom of the Custom Scan window click the OK button to start scan of the
selected objects.
9. Once the scan task is complete the Task Manager window appears on the screen. When
the custom scan task is complete, in the Task Manager window click the Close button.

Vulnerability Scan
Vulnerability scan is a special tool which helps to search and eliminate security vulnerabilities of
applications, installed on your computer, and in operating system settings. All the problems
detected at the system analysis stage will be grouped based on the degree of danger it poses.
Kaspersky Lab specialists offer a set of actions for each group of problems which help to
eliminate vulnerabilities and weak points in the system's settings.
There are three groups of problems distinguished, and, respectively, three groups of actions
associated with them:
► Strongly recommended actions will help eliminate problems posing a serious security
threat. You are advised to perform all actions of this group.
► Recommended actions help eliminate problems posing a potential threat. You are
advised to perform all actions of this group too.
► Additional actions help repair system damages which do not pose a current threat but
may threat the computer's security in the future.
As a result of search of possible vulnerabilities in the operating system and in the applications
installed on the computer direct links to critical fixes (application updates) are displayed.
After the vulnerability scan task start, its progress is displayed in the Vulnerability Scan section,
on the Scan tab in the Computer Protection window. Vulnerabilities detected when scanning
the system and applications, are displayed in Task Manager window.
When searching for threats, information on the results is logged in a Computer Protection
report.
By default, the applications already installed on the computer are selected as scan objects.
In order to launch a Vulnerability Scan task, In the left part of the Computer Protection window
select Scan and in the right part of the window click on the button next to Vulnerability Scan.
Before the first launch of a scan task, a short description of the task is given in the Vulnerability
Scan section. After the first launch of the task, the window will contain task execution time,
number of scanned objects and scan results.

You can stop the task by clicking the button . In order to resume the task, click the
button once again.
Once the Vulnerability Scan task is complete, click on the link displaying number of detected
threats.
The scan results will be displayed in the Vulnerability Scan window on two tabs:
► System vulnerabilities;
► Vulnerable applications.

Eliminating system vulnerabilities
In order to fix vulnerabilities, perform the following actions:
1. Select the System vulnerabilities tab.

2. Select the required item in the list and click the Fix it button.
3. In order to display fixed vulnerabilities, check the Show fixed vulnerabilities box at the
bottom of the window.

Eliminating vulnerable applications
If you select an item on the Vulnerable applications tab:
► you can read the vulnerability description on the web site http://www.securelist.com,
by clicking on the Details button;
► you can create an exclusion rule for the selected vulnerability by clicking the Add to
exclusions button.
The full report contains the information about the time when the task was started, paused or
finished and the list of detected vulnerabilities with the links to their description. To go to the
report, click the Completed link at the bottom of the Vulnerability Scan window.

In order to create an exclusion rule for the vulnerability of the application, perform the following
actions:
1. In the Vulnerability Scan window go to the Vulnerable applications tab.

2. Select the required application from the list of vulnerable applications.
3. Click the Add to exclusions button.

4. In the Exclusion rule window select the required Properties by checking the boxes:
► Object;
► Threat type.
5. If the Threat type box is checked, the Rule description field displays also the Threat
type section (threat type name mask according to Virus Encyclopedia).
6. In the Exclusion rule window in the Protection components section of the Rule
description field click the any link and then on the select components.
7. In the Protection components window specify the components for which the exclusion
rule should be applied.

8. Click the OK button.
9. In the Exclusion rule window click the OK button.
10. In the Vulnerability Scan window click the Close button.
Update
Updating databases and program modules of Kaspersky PURE 3.0 ensures the up-to-date
protection status for your computer. New viruses, Trojans, and other types of malware appear
worldwide on a daily basis.
Kaspersky PURE 3.0 databases contain information about threats and ways of eliminating them,
so regular application update is required for ensuring your computer's security and for timely
detection of new threats.
Regular update requires an active license for application usage and an Internet connection.
Without a license, you will only be able to update the application once.
Application update downloads and installs the following updates on your computer:
► Kaspersky PURE 3.0 databases.
The protection of information is based on databases which contain signatures of threats
and network attacks, and the methods used to fight them. Protection components use
these databases to search for and disinfect dangerous objects on your computer. The
databases are supplemented every hour with records of new threats. That is why it is
recommended to update on a daily basis. In addition to the anti-virus databases, the
network drivers that enable the application's components to intercept network traffic are
also updated.
► Application modules.
In addition to the databases of Kaspersky PURE 3.0, you can also update the program
modules (i.e. some parts of the application). The update packages fix Kaspersky PURE
3.0 vulnerabilities, and supplement or improve the existing functionality.
The main update source of Kaspersky PURE 3.0 are special Kaspersky Lab update servers.
While updating Kaspersky PURE 3.0, you can copy databases and program module updates
received from Kaspersky Lab servers into a local folder, providing access to other networked
computers. This saves Internet traffic.
You can also run update automatically, by schedule or manually.
Your computer should be connected to the Internet for successful downloading of updates from
our servers. By default, the Internet connection settings are determined automatically. If you use
a proxy server, you may need to adjust the connection settings.

During an update, the application modules and databases on your computer are compared with
those at the update source. If the databases and modules on your computer differ from those on
the update server, the application downloads only the incremental part of the updates.
If the databases outdated, the update package can be large and it can cause the additional
Internet traffic (up to several tens of MB).
Information on the update results and events, which have occurred during the execution of the
update task, is logged in a Kaspersky PURE 3.0 report.
Update of anti-virus databases and application modules can be launched from the context menu
or via Protection Center.
To launch update from the context menu, right-click the application icon in the Windows
notification area and in the context menu select the Update item.
To launch update via Protection Center, perform the following actions:
1. Open the main program window.
2. In the main window select the Computer Protection module. In the Computer
Protection window select Update in the left menu.
3. In the right part of the window click the Update button. As a result update of anti-virus
databases and application modules starts.

The Update window displays the information about the current state of Kaspersky PURE 3.0
databases, date of the last update and the run mode.
The Virus activity review link in the bottom right corner takes you to the site
www.securelist.com.
Click upon the arrow on the Update button allows you to go to the update settings.
In the Settings you can configure an update schedule, run update under another account, if
necessary or select an update source.
To know more about Update settings, go to the Settings. Update chapter.
Quarantine
What is Quarantine
Quarantine is a special area storing files probably infected with viruses and files that cannot be
disinfected at the time when they are detected.
Potentially infected objects are objects that are suspected of being infected with viruses or
their modifications.
Files are quarantined in the following cases:

► File code resembles a known but partially modified threat or has a malware-like
structure, but is not registered in the database.
In this case files are moved to Quarantine after heuristic analysis performed by the File
Anti-Virus, Mail Anti-Virus or during an anti-virus scan. Heuristic analysis rarely causes
false alarms.
► The sequence of operations performed by an object looks suspicious. In this case files
are moved to Quarantine after analysis of their behavior by the Network Monitor
component.
When you place a file in Quarantine, it is moved, not copied: the file is deleted from the disk or
email and saved in the Quarantine folder. Files in Quarantine are saved in a special format and
are not dangerous.
You can either restore a file from the Quarantine or delete it.
By default, quarantined objects are stored 30 days. When the period expires, all objects are
deleted. You can cancel this restriction by time or modify the maximum storage time of objects.
Additionally you can specify the maximum size for quarantine. When the maximum size is
achieved the quarantine content is overwritten with new objects. By default, restriction of the
maximum quarantine size is disabled.
Working with quarantined objects
If Kaspersky PURE 3.0 placed a potentially infected object to Quarantine, you can:
► restore files in original folders, from which they have been moved to Quarantine (by
default);
► delete selected files from Quarantine;
► clear Quarantine by deleting all objects.
To restore a file from Quarantine, perform the following actions:
1. Select the Computer Protection module in the main program window.
2. In the bottom left corner of the window click the Quarantine link.

3. In the Quarantine window select the object you need to restore.
4. Right-click the object and in the context menu select Restore. Or use the corresponding
button in the top row.

To delete a quarantined object, do the following:
1. Select the Computer Protection module in the main program window.
2. In the bottom left corner of the window click the Quarantine link.
3. In the Quarantine window right-click the object and in the context menu select Delete. Or
use the corresponding button in the top row.

To clear Quarantine (delete all objects from the quarantine), do the following:
1. Select the Computer Protection module in the main program window.
2. In the bottom left corner of the window click the Quarantine link.
3. In the Quarantine window click the Clear Quarantine button.

Kaspersky Lab specialists do not recommend restoring files from Quarantine, as they may
pose threat to your computer security.
Network Monitor
Network Monitor is a tool in Kaspersky PURE 3.0 used to display information about network
activities filtered by the Firewall component in real time as a report.
The Network Monitor window can be opened from the application context menu and from the
main program window.
To open the Network Monitor window from the application context menu, do the following:
1. Right-click the Kaspersky PURE 3.0 icon in the Windows taskbar notification area.
2. In the menu select Tools > Network Monitor.

In order to open the Network Monitor tool from the main application window, perform the
following actions:
1. Select Computer Protection in the main program window.
2. In the bottom left corner of the window click the Network Monitor link.
The Network Monitor window provides the information grouped on the following tabs:
► Network Activity;
► Open ports;
► Network traffic;
► Blocked computers.
Let’s study each tab in detail.

Network activity
The Network activity tab contains all active network connections currently established on your
computer.
The following information for each connection is displayed:
► name of the process (program, service, server) that initiated the connection;
► the connection protocol;
► connection settings (local and remote ports and IP addresses);
► connection duration;
► transferred / received data volume.
Clicking the «+» icon in the header of the Protocol, Remote address and Bytes received/sent
data column splits these columns into several smaller ones with more detailed information about
the network activity of the selected process.
For each connection it lists the following information: the name of an application that initiated this
connection, the connection protocol, the direction of the connection (inbound or outbound), the
connection settings (local and remote ports and IP addresses). Here you can also check the
lifetime of this connection and the volume of data sent/received.
The bottom part of the window displays a network traffic chart that shows volumes of inbound
and outbound traffic for a process selected from the list. The chart reflects traffic volume in real
time. Traffic volume is displayed in kilobytes. You can use the «+» and «-» buttons to change the
scale of the chart.
The Rules settings button on the Network activity tab takes you to the Firewall window where
you can configure network rules. According to the rule, set by Kaspersky PURE 3.0 or by the
user, Firewall allows or blocks network activity to the data packet or application.

Correspondingly, only activity allowed by the established network rules is displayed in the
Network Monitor window on the Network activity tab.
If you have configured a blocking network rule, activity which was blocked by this rule is not
displayed in the Network Monitor window on the Network activity tab.
To configure a packet rule, click the Rules settings button and in the drop-down menu select the
All network rules item.
To configure a rule for an application, click the Rules settings button and in the drop-down menu
select the Application network rules item.

Pay attention, that the Application network rules item becomes active only after a process has
been selected in a list.
You can find more detailed information about how to configure rules from the Firewall window in
the Firewall chapter.
If you click the Block network traffic button, Firewall blocks network activity of any processes. If
network activity is blocked, this button is designated as Unblock network traffic. If you click the
Unblock network traffic button, Firewall allows network activity of any processes.

Clicking the Filter button in the right upper corner of the Network Monitor window opens a menu
that contains the following items:
► Show connections established by Kaspersky PURE 3.0 – the list displays information
about connections established by Kaspersky PURE.
► Show local connections – the list displays information about connections to other
computers on the same local network.
Open ports
The tab contains information about all open ports for each process.

The following information is displayed for each port:
► name of the process (application, service, server) which uses the port;
► number of the port;
► local IP address of the process;
► data transfer protocol.
To configure packet rules and rules for applications click the Rules settings button. The opened
menu contains the following items:
► All network rules – opens the Firewall window, where you can configure packet rules
for an application selected from the list.
► Application network rules – opens the Application rules window, where you can
configure a network rule for an application selected from the list.
Pay attention, that the Application network rules item becomes active only after a process has
been selected in a list.

You can find more detailed information about rules for applications and how to edit these rules in
the Firewall chapter.
Network traffic
The tab contains information about all inbound and outbound connections established between
your computer and other computers.
Incoming and outgoing traffic volume is displayed for each program (computer, service, server,
process). Traffic volume is displayed in bytes, kilobytes and megabytes.
The bottom part of the window displays a chart that shows time distribution of traffic of the
selected application for the specified time interval.
You can view information for a day, week, month, year or the entire period of the application
operation. To set the required time interval, use the drop-down Period list.
Clicking the arrow buttons in the top left part of the window allows you to view the
data distribution for the previous and following time intervals. For example, if the Week interval
was selected from the Period drop-down list, then using the arrows you can view the information
for the last week, before the last week and etc.

The search bar is designed for quickly searching for records in the list. As the symbols are
entered, the list displays only entries that contain that particular combination of character.
Pay attention, after installation of a Kaspersky Lab product onto a computer, you may notice
sharp increase of incoming and outgoing traffic on this computer. The matter is Kaspersky Lab
products function in the proxy-server mode and therefore scan all Internet traffic before the
downloaded information gets onto your hard drive.
Kaspersky Lab products include their own internal requests into the general statistics of the
incoming and outgoing internet traffic. Third-party applications for statistics calculation also
consider their internal traffic. This statistics differs from the traffic statistics calculated by your
Internet provider and no payment is taken for the internal traffic on your computer, i.e. in reality
your traffic is not spent. This can be easily proven by a request on statistics from your provider.
Blocked computers
The tab contains information about the hosts for which Network Attack Blocker has forbidden
all network activity aimed at your computer.

The Address column displays the IP address of a blocked host.
The Time column displays the time elapsed since blocking of the host.
By default, Network Attack Blocker blocks the incoming traffic of an attacking computer for one
hour.
Clicking the Unblock button cancels blocking of the selected computer.
Applications Activity
Applications Activity tracks work of the Application Control component and displays the
information about all applications installed on the computer, and about all processes running at
the moment.
To view applications activity, perform the following actions:
1. Select Computer Protection in the main program window.
2. In the bottom right corner of the window click the Applications Activity link.

3. In the top part of the Applications Activity window from the drop-down menu select the
category of applications (All or Running).

4. If you select to display running applications, the Filter button becomes available in the
Applications Activity window. Using the button you can sort out the applications
according to the following criteria:
► Run on startup – processes, run on the startup of the operating system.
► System processes – processes, required for the operation of the operating system.
► Kaspersky PURE 3.0 processes – processes, launched by Kaspersky PURE 3.0.
5. If you select to display all installed applications, applications filtering by status and by kind
becomes available in the Applications Activity window:
► A click upon green, yellow or red light sorts out applications according to the groups they
belong to: Trusted, Low / High Restricted, Untrusted.
► A click upon the View button groups the applications by time or by vendor.
Changing trusted group for an individual application
In the Application Activity window in the Status/Group column you can see the group to which
an application belongs.
However, Kaspersky Lab specialists recommend that you avoid moving applications from default
groups.
To move an application to another group, perform the following actions:
1. In the Applications Activity window select the required applications category (Running
or All).
2. If necessary, set the filter: click either the Filter or View button and select the required
display category.
3. Left-click the status of the required application and in the context menu select the group to
which an application should be moved:

► Trusted;
► Low Restricted;
► High Restricted;
► Untrusted.
4. Wait till the status icon changes.
To restore an application to the default group, perform the following actions:
1. In the Applications Activity window select the required applications category (Running
or All).
2. Left-click the status of the required application and in the context menu, select the
Restore default group item.
3. In the Applications Activity window click the Close button.
Editing rules for an individual application
The Application Control component registers actions performed by every application in the
system, regulates the application’s activity depending on the trust group of an application. Each

group has a specific set of rules. According to these rules the Application Control component
allows, prompts the user, or denies an action for an application. When an application accesses a
resource, the component verifies its rights and performs an action set by the rule.
In the Applications Activity window you can edit applications rules. For this perform the
following actions:
1. Open the main application window and select Computer Protection.
2. In the bottom left corner of the window click the Applications Activity link.
3. In the Applications Activity window right-click the required application and in the context
menu select Application rules.
You can find more detailed information about application’s rules and how to edit them from the
Settings. Applications Control chapter.
Reports
Events which occur in the work of protection components or task execution are logged in the
reports. Kaspersky PURE 3.0 creates reports about work of every component as well as monitors
the update processes.
In order to view a brief report, perform the following actions:
1. In the main program window select Computer Protection.
2. In the top right corner of the window click the Reports link.

3. To view a detailed report, click the Detailed report button.
4. In the left part of the window select the necessary component (for example, Protection
Center report).

5. For a convenient display of information set the required period of time in the Period dropdown
list.
6. You can select more proper view to present the information in the View drop-down list.
7. If you need to save a report to a file, use the Save link in the bottom left corner of the
window.

CHAPTER 7. Parental Control
The Parental Control component in Kaspersky PURE 3.0 enables you to apply restrictions on
use of the computer and Internet for each user account on the computer.
The Parental Control features can help protect children and teenagers from negative influences
while using the computer and Internet, for example by preventing them spending long periods of
time on the computer and Internet, and wasting time and money when visiting certain websites,
and by limiting access to websites intended for adults.
Parental Control can help you control:
► Use of the computer.
► Launch of various applications.
► Use of the Internet (time restriction on Internet use).
► Visits to websites depending on their content.
► Downloading of files from the Internet depending on their category.
► Correspondence with specified contacts through IM clients (such as ICQ, Miranda, and
mIRC).
► Correspondence with specified contacts on social networks (Facebook, Yahoo, Twitter).
► Sending of personal data.
► Use of specified words and word combinations in correspondence through IM clients.
Starting work with Parental Control
By default after the program installation the Parental Control component is disabled.
You can enable Parental Control for all users or for an individual account.
You can enable Parental Control:
► from the main program window;
► from the context menu in the taskbar panel.
To enable a component from the main program window, perform the following actions:
1. In the main program window select the Parental Control component.

2. In the Administrator Password window specify a password to protect the settings against
modification by other users. Click Continue.
The Administrator Password window appears only when Parental Control is launched
for the first time.

3. In the Apply administrator password to section, you can specify which features of the
application management should be protected with a password. Check the boxes next a
required variant:
► Managing Parental Control (set by default);
► Configuring the application settings;
► Exiting the application;
► Removing the application.
4. Click Apply password to finish setting an administrator password.

In order to quickly enable the Parental Control component for a configured account, rightclick
the application icon in the taskbar notification area and select Enable Parental Control.
Control levels
Kaspersky Lab specialists have developed three preset control levels (or profiles):
► Data collection;
► Child profile;
► Teenager profile.
You can use either a preset profile or customize a control level by selecting Custom
restrictions.
Each profile has a set of restrictions and settings:

► Data collection. For this profile the program logs the statistics of the user activity on the
computer and on the Internet but does not apply Parental Control restrictions.
► "Child" profile. The program logs the statistics of the user activity on the computer and
on the Internet, and blocks file downloads and visits to websites belonging to unwanted
categories.
► "Teenager” profile. The program logs the statistics of the user activity on the compute
and on the Internet, and blocks visits to websites belonging to unwanted categories.
In order to set a profile for a user account registered on the computer, perform the following
actions:
1. In the main application window select Parental Control.
2. In the open window enter a password you specified at the beginning of work with Parental
Control and click the Enter button. Check the box Save password for current session,
so that that program would not request a password during the working session.

3. In the Computer Users window click the Select control level button next to the required
account.
4. In the open window select a profile.

5. You can set different control levels for different accounts. Once a control level is assigned
to an account, the corresponding profile will be displayed on the buttons right of the
account name.

Configuring Parental Control settings
Using Parental Control you can monitor:
► Computer usage. You can restrict computer usage and control and limit running of
some applications by restricting the time spent at the computer and the launch of
blocked applications.
► Internet usage. You can enable control over the Internet usage, restrict visiting websites
depending on their contents and loading files from the Internet depending on their
category.
► Instant messaging. You can control messaging using the instant messengers (for
example, ICQ, Miranda) and social network (for example, Facebook, Yahoo, Twitter),
block transferring personal data (for example, passwords) and control presence of the
specified words and phrases in messages.
Account settings
You can specify an alias or select another image that would be displayed in the application
interface for an account. For this perform the following actions:
1. In the main program window select Parental Control.
2. Enter your administrator password in the window. Check the Save password for current
session box, if you do not want to enter your password when you open the Parental
Control window once again (after closing it).

3. In the Computer Users window next to the required account click the Settings and
reports button.

4. In the right part of the Parental Control window on the Settings tab go to the User
Account Settings section.
5. Enter an alias and select an image.
6. To save the changes, click the Apply button.

Control over computer usage
In the sections Computer Usage and Applications Usage you can disable control over
computer usage for a user, enable control over applications usage and create lists of allowed and
blocked applications for launching.
Computer Usage
If you want to limit the time which the user spends working on the computer, restrict use of the
computer by time. You can also limit the overall time spent on the computer (for example, 9
hours) and specify the required time interval for every weekday (for example, from 10am to 7pm
Mondays – Fridays). For this, perform the following actions:
1. In the left part of the Parental Control window select the Computer Usage section.
2. In the right part of the Parental Control window check the Enable control box.
3. Check the Limit usage on the selected days box.
4. Highlight green the time intervals on certain weekdays when the computer will be available
for the user. To prohibit computer use, highlight grey the time interval on certain
weekdays.

5. You can set the overall number of hours and minutes when the computer will be available
to the user. For this check the box Limit daily usage time and specify the total operating
time. Thus, the user will spend by the computer set number of hours at the specified time
interval (highlighted green in the table).

Application Usage
If you want to control applications launch by the user, you can enable control over the
applications usage and create lists of allowed and blocked applications and create the list of
allowed applications. For this, perform the following actions:
1. In the left part of the Parental Control window select the Applications Usage section.
2. In the right part of the Parental Control window check the Enable control box.
3. To create the list of allowed or blocked applications, in the right part of the window in the
Applications section click the Add button.
4. In the Control running the application window select the application executable file by
clicking the Select button:
► To select the software installed on the computer, click the Browse item. In the
Open window find the software executable file and click the Open button.
► To select among running software, select the Applications item. In the Select
application window select the application and click the OK button.

5. Allow or block the application launch and set the necessary restrictions:
► To limit the overall time of the application’s usage, check the Limit usage on the
selected days box. Highlight green the time intervals on certain weekdays when the
application will be available for the user. Highlight grey the time interval on certain
weekdays block the application usage.
► To set the overall number of hours and minutes when the application startup will be
available to the user, check the box Limit daily usage time and specify the total
operating time.

6. Click the OK button, to add an application to the list of uncontrolled.
You can edit the list of applications using the buttons Add/Block, Edit, Delete.

Computer Usage Reports
If the control is enabled the start time and the usage time of the computer and the applications
will be displayed in the report.
If you want to view the report, in the Parental Control window go to the Reports tab.
► To view the report of the computer usage, select Computer Usage. The following
information will be available to you in the right part of the window: session start time,
usage time, result.
► To view the report of the applications startup, select Applications Usage. The following
information will be available to you in the right part of the window: application, usage
time and result (allowed or blocked access).
You can create a report for a definite time interval, for this select the period in the corresponding
drop-down list.
Control over Internet usage
In the Internet Usage section you can configure access settings to the Internet and web sites,
enable control of files loading from the Internet and the safe search mode when working with
search engines.
Internet Usage

If you want to limit the time which the user spends on the Internet, you can configure Internet
access. You can also limit the overall time spent on the Internet (for example, 3 hours) and
specify the required overall time on the Internet for every weekday (for example, from 3pm to
8pm Mondays – Fridays and from 5pm to 11pm Saturdays – Sundays). For this:
1. In the left part of the Parental Control window select Internet Usage.
2. In the right part of the Internet Usage section check the Enable control box.
3. Check the box Limit usage on the selected days.
4. Highlight green the time intervals on certain weekdays when the Internet will be available
for the user. To prohibit Internet access, highlight grey the time interval on certain
weekdays.
5. To set the overall number of hours and minutes when the Internet will be available to the
user, check the box Limit daily usage time and specify the total operating time.
6. Click the Apply button, to save the changes.
Web Browsing
When working with the search engines (for example, Google, Bing) the search results may
display unacceptable materials (for example, web sites containing pornography).You can exclude
such web sites from the search results the following way:
1. In the left part of the Parental Control window select Web Browsing.
2. In the right part of the Parental Control window check the Enable safe search box.

3. Click the Apply button.
Use the Control Web Browsing option, to restrict access for the user to a web-site.
You can block or allow the access to all sites except the sites which are added to the list of
allowed sites or specify the categories according to which access to a site will be granted. For
example you can block web-sites from the Violence or Weapons category.
To restrict access, in the right-part of the Web Browsing section make sure the control is
enabled.
If you want to restrict access to some web-site categories, perform the following actions:
1. In the left part of the Parental Control window select Web Browsing.
2. In the right part of the window select the Block websites from the following categories
variant.

3. Check the categories you want to block or use the links Select all/Clear all.
4. Click the Apply button.
If you want to restrict access to all sites, except sites from the Allowed list, perform the following
actions:

1. In the left part of the Parental Control window select Web Browsing.
2. In the right part of the Parental Control window in the Block websites section select the
Block access to all websites except websites allowed in the list of exclusions
variant.
3. Click the Exclusions button to create the list of allowed websites.
4. To create the list of allowed URLs, do the following:
a. In the Exclusions window in the Allowed URLs section click the Add button.

. In the Website address window enter the address of an allowed website.

c. If you want to allow access to all pages of the site, then select Allow access to the
entire web resource. If you want to allow access to the specified page only, then
select Allow access only to the specified web page.
d. In the Website address window click the OK button.
5. To create the list of blocked URLs, do the following:
a. In the Exclusions window in the Blocked URLs section click the Add button.
b. In the Website address window enter the address of a blocked website.

c. If you want to block access to all pages of the site, then select Block access to the
entire web resource. If you want to block access to the specified page only, then
select Block access only to the specified web page.
d. In the Website address window click the OK button.
6. You can edit the lists of allowed and blocked web sites using the buttons Add, Edit,
Delete.

7. In the Exclusions window click OK, to save the changes.
File Downloads
You can control and block downloading files depending on their category from the Internet. For
this, perform the following actions:
1. In the left part of the Parental Control window select File Downloads.
2. In the right part of the Parental Control window check the Enable control box.

3. In the File categories section, select the necessary category, for example Video and click
the Block button. The status will change to Blocked in the Status column.
Internet Usage Reports

You can view the report about actions of every user for whom Parental Control is enabled, on
each category of the controlled events.
To view a report, go to the Reports tab in the Parental Control window and select the necessary
section:
► To view the report of the Internet usage, select Internet Usage. The following
information will be available to you in the right part of the window: start time, usage time
and the result (whether Internet usage is allowed or blocked).
► To view the report of the access to web sites, select Web Browsing. The following
information will be available to you in the right part of the window: URL, time and reason
(whether access is allowed or blocked).
► To view the report on the file downloading, select File Downloads. The following
information will be available to you in the right part of the window: file, time and reason
(allowed or blocked).
You can create a report for a specified time period. For this, select the corresponding period in
the drop-down list.
Instant Messaging
In the Instant Messaging section you can enable control over messaging via instant
messengers in social networks, as well as control sending of private data and use of unwanted
words in the correspondence.
Control messaging over instant messengers

If you want to restrict messaging of the user with other users via instant messengers (ICQ,
Miranda), you can enable control and create lists of allowed or blocked contacts. For this in the
right part of the Instant Messaging section click the Enable control box.
If you want to create the list of allowed contacts, perform the following actions:
1. In the left part of the Parental Control window select Instant Messaging.
2. In the right part of the Parental Control window on the Settings tab check the Enable
control box.
3. In the Contacts section click the Add contact button.

4. In the New contact window select the necessary contact from the list of existing contacts
or click the manually link and enter an account number or contact email address.
5. In the Description field enter a proper description which will be displayed in the list of
allowed contacts. Click the OK button.

6. In the Control Instant Messaging window check the box Block messaging to/from
contacts who not on the list to allow messaging only with contacts from the created list
of contacts.
7. Click the Apply button, to save the changes.
8. You can allow/block messaging with a contact, view messages from a contact or delete a
contact from the list using the buttons Allow/Block, View messages, Delete.

Control over social networking
If you want to control messaging with other users in social networks (for example, Yahoo or
Facebook), you can enable control and create lists of allowed and blocked contacts. For this in
the right part of the Social Networking section check the Enable control box.
To create the list of allowed or blocked contacts, perform the following actions:
1. In the left part of the Parental Control window select Social Networking.
2. In the right part of the Parental Control window on the Settings tab in the Contacts
section click the Add button.

The possibility to add contacts becomes available only when an account for whom Parental
Control is being configured, logs in a social network under his/her account and becomes active
there (sends/receives a message).
3. In the Adding contact window select the necessary contact from the list of existing
contacts.
4. Messages from the selected contact are displayed in the bottom part of the window.
5. Click the OK button.

6. To block a contact, highlight the contact and click the Block button.

7. To block messaging with the contacts not included in the list, check the Block messages
to/from contacts who are not on the list box.
8. Save the changes by clicking the Apply button in the Parental Control window.
Controlling or restricting sending private data
You can also control or restrict sending private data (for example, passwords) via instant
messengers. For this create the list of records which contain confidential data (for example, home
address, phone number and etc.).
Any attempts to send such data will be blocked and the information about blocked messages will
be added to the report.
In order to enable control sending private data and create the list of data blocked for sending,
perform the following actions:
1. In the left part of the Parental Control window select Private Data.
2. In the right part of the Parental Control window on the Settings tab check the Enable
control box.
3. In the Parental Control window in the Private Data section click the Add button.

4. In the Private Data window in the Data field enter the data restricted for sending (for
example, 12345 for ―Password‖, 1234567 for ―Phone number‖).
5. In the Description field enter a proper description which will be displayed in the data list
(for example, ―Password‖, ―Phone number‖).
6. Click the OK button.
7. You can edit the list of data using the Edit and Delete buttons.

8. In the Parental Control window click the Apply button.
Control over word usage
If you want to monitor use of unwanted words or phrases (for example, referring to confidential
data) within the user’s messaging, perform the following actions:
1. In the left part of the Parental Control window select Word Usage.
2. In the right part of the Parental Control window on the Settings tab check the Enable
control box.
3. In the Parental Control window in the Key words section click the Add button.

4. In the Key word window enter a word or a phrase which will be detected in the user’s
messaging. Click the OK button.
5. You can edit the list of data using the Edit and Delete buttons.
6. In the Parental Control window click the Apply button.

Instant Messaging Reports
If the control is enabled the text, time, recipients, messages with personal data and every key
word detected in the messaging will be displayed in the report.
To view a report, go to the Reports tab in the Parental Control window and select the necessary
section in the left part of the window.
► To view the report of the instant messaging, select Instant Messaging. The following
information will be available to you in the right part of the window: direction, contact,
time, and the result.
► To view the report of the social networking, select Social Networking. The following
information will be available to you in the right part of the window: direction, contact,
time.
► To view the report of the personal data transfer, select Private Data. The following
information will be available to you in the right part of the window: private data, recipient,
time, result.
► To view the report of the key words usage, select Word Usage. The following
information will be available to you in the right part of the window: key word,
recipient/sender, time.
You can create a report for a specified time period. For this, select the corresponding period in
the drop-down list.

CHAPTER 8. Home Network Control
The Home Network Control functions are designed to control Kaspersky PURE 3.0 installed on
home network computers remotely from the administrator's workstation.
Home Network Control lets you accomplish the following home network security tasks:
► analyze the level of home network protection;
► scan of the whole network or individual computers for threats;
► update anti-virus databases simultaneously;
► configure protection settings for networked computers;
► monitor computer and internet usage by the users;
► back up the data on networked computers;
► view reports on security subsystems' operation.
Protecting access with an administrator password
At the first launch of Home Network Control Kaspersky PURE 3.0 will suggest that you set an
administrator password to protect unauthorized access to networked computers. In order to set
an administrator password, do the following:
1. Open the main application window and in the lower part of the window click the Home
Network Control button.
2. If you launch Home Network Control for the first time, then a welcome window appears
giving a short description of the features of the component. Click the Start using Home
Network Control button to continue.

3. If you launch Home Network Control for the first time, then the Protect with
Administrator Password window will appear. Enter your password in the fields
Password and Confirm password. Then click the Specify password button.

Specifying a password for Home Network Control, you also specify a password to
access either the entire program or its functions. In order to change settings of the
administrator password, click the Administrator password settings link. In the open
window select components that should be password-protected.
4. If you have already set protection with an administrator password, then in an opened
window enter your password.
If you use Home Network Control to remotely manage Kaspersky PURE 3.0 via a local network,
then the password for Home Network Control must be the same on all computers in the
network.
Searching computers
To search computers to manage, first select a network for remote management (if your computer
hosts more than one network). Next, click the Searching computers button.

Computers found in the network are displayed as a table with a status assigned for each
computer. The following computer statuses are possible:
► Controlled. Kaspersky PURE 3.0 is installed on the computer, and the administrator
password is identical to the password set on this computer. Remote administration of
Kaspersky PURE 3.0 is available.
► Kaspersky PURE 3.0 not installed. Kaspersky PURE 3.0 was not found on the
computer.
► Remote control is not allowed. The option to manage Kaspersky PURE 3.0 services
remotely has been disabled on the computer.

Buttons at the top of the table allow to add a computer manually, delete a computer from the list
or clear the entire list.
Check the Hide computers not controlled box at the bottom of the window, to display only
controlled computers in the table.

To display the computer in the Home Network Control on each computer, the status
"Trusted network" or "Local network" should be installed in the Firewall settings for your
home network. Otherwise, the computer will not be found when scanning the network.
To check the Firewall settings on the current computer, click the Settings link in the main
program window and in the Settings window select Firewall. In the Networks section right-click
the required network and select either Local or Trusted network.

Configuring group update
Via Home Network Control you can remotely manage update of Kaspersky PURE 3.0 on the
networked computer.
Below are the available database update modes:
► Update databases on the computers independently.
► Load updates from a selected computer in the network. In this update scenario, one
computer in the network should be assigned as an update server. Other networked
computers will download updates from this computer.
By default, updates are downloaded on each computer in the network individually. In order to
change an update method in the networked computers, do the following:
1. In the Home Network Control window click the Configure group update button.

2. In the Configure group update window select the required update method.
3. For the computers to update from a selected computer on the network, from the dropdown
list select a computer to be the update source.
4. In the list of computers at the top, a computer – update source will change the icon – a
server instead of a computer.

Group launch of update and virus scan
Via Home Network Control you can start scan for viruses and update tasks remotely either for
the entire network or for an individual computer.
How to start group scan for viruses
In order to start a group scan for viruses, perform the following actions:
1. In the main program window click the Home Network Control button.
2. At the top of the Home Network Control window click the Scan for viruses link.

3. Select a scan type: Full Scan or Critical Areas Scan.
4. Check the computers you want to scan. Click the Run scan button.

How to start group update
In order to start a group update of databases, perform the following actions:
1. In the main program window click the Home Network Control button.
2. At the top of the Home Network Control window click the Update databases link.
3. In the Group start of update window select the computers you want to update.
4. Click the Run update button.

Detailed protection setting of networked computers
In order to manage protection of every computer on the network remotely, perform the following
actions:
1. In the main program window click the Home Network Control button.
2. Enter your administrator password.
3. At the top part of the Home Network Control window select the necessary computer by
clicking it.

4. On the corresponding tabs in the lower part of the Home Network Control window you
can see information about the selected computer, configure Parental Control, scan
computer for viruses, update databases, and get backup information.
Let’s study each tab in detail.
Information
In the Home Network Control window on the Information tab displays you can view the
following information about a selected computer:
► Computer name in the local network.
► Protection components store current operation settings of all protection components
with the possibility of their remote enabling/disabling.
► Security problems – is a list of problems in the computer security and the ways of
troubleshooting these problems.
► License – the section contains information about the license in use, prolong and
activation links.

Click the corresponding buttons in the right part of the window (List, List, Details) to see the list
of protection components, list of security problems and license info.
Parental Control
The Parental Control tab allows to enable or disable Parental Control remotely on a controlled
computer, to change the Parental Control settings for each account and to view reports.

You can find more detailed information on how to configure the Parental Control component (on
your own or on the controlled computer) in the Parental Control chapter.
Scan
The tab is designed to run a virus and vulnerabilities task remotely for a selected computer:
► Full Scan. Full system scan. The following objects are scanned by default: system
memory, startup objects, system backup, email databases, hard drives, removable
storage media and network drives.
► Critical Areas Scan. A quick scan of objects that are loaded with the operating system at
startup.
► Vulnerability Scan performs the diagnostics of operating system and detects software
features that can be used by intruders to spread malicious objects and obtain access to
personal information.

Update
The Update tab provides the information about the last update on a selected computer and the
update source.

Any computer can be selected as an update server from which other computers will download
updates.
To assign a selected computer an update source, click the Make this computer an update
source button.

In the opened window confirm that you want to make this computer an update source.
The Virus activity review link takes you to http://www.securelist.com, where you can view actual
information about network threats.
To start application update on a selected computer, click the Update button.

Click the arrow in the right part of the Update button to configure an update schedule.

Backup
The Backup tab is designed for remote management of backup tasks.
The list of tasks includes all the backup tasks created on the selected computer.
You cannot create a backup task remotely. The task should be created from the main application
window on the computer (from the Backup module). After that a backup task will appear in the
Home Network Control window of this computer.

In order to run the task, click the Run button. You can pause or stop the task.

CHAPTER 9. Additional Tools
To facilitate solving specific tasks of providing computer security, Kaspersky PURE 3.0 includes
the following wizards and tools:
► Browser Configuration;
► Kaspersky Rescue Disk;
► Post-infection Microsoft Windows troubleshooting;
► File Shredder;
► Privacy Cleaner;
► Unused Data Cleaner.
Browser Configuration
The Browser Configuration Wizard analyzes Microsoft Internet Explorer settings from the
perspective of security, since some settings selected by the user or set by default may cause
security problems.
The Wizard checks whether the latest software updates for the browser have been installed, and
whether its settings contain any potential vulnerability which can be used by intruders to inflict
damage on your computer. In the result of analysis the wizard will offer you to select from the list
the problems you wish to eliminate. The list is divided into three groups:
► Additional actions. List of the least dangerous threats.
► Recommended actions. List of problems posing a potential threat.
► Strongly recommended actions. List of problems posing a serious security threat.
Browser Configuration Wizard checks the following objects:

► Microsoft Internet Explorer cache. The cache contains confidential data, from which a
history of websites visited by the user can also be obtained. Some malware objects also
scan the cache while scanning the disk, and intruders can obtain, for example, the user's
email addresses. You are advised to clear the cache every time you close your browser to
improve the protection.
► Display of known file types extensions. It is useful to see the file extension. File names
of many malicious objects contain combinations of symbols imitating an additional file
extension before the real one. If the real file extension is not displayed, users can see just
the file name part with the imitated extension. Such scheme is commonly used by cyber
criminals. To improve protection, you are advised to enable the display of files of known
formats.
► List of trusted websites. Malicious objects can add to this list links to websites created
by intruders.
Running Browser Configuration Wizard
In order to run Browser Configuration Wizard, perform the following:
1. Open the main program window.
2. At the lower part of the window click the Additional Tools button.
3. In the Additional Tools window in the Browser settings section click the Start button to
configure the browser.

4. In the Browser Configuration Wizard window (if launched for the first time) only one
action is available Perform diagnostics for Microsoft Internet Explorer. To start the
search process, click the Next button.
Close all browser windows before starting the diagnostics.

When you start the Wizard next time, you will be able to select from the two options:
► Perform diagnostics for Microsoft Internet Explorer.
► Roll back changes. You can roll back changes if after the Wizard's work some
problems when working on the Internet appear.
5. Wait until the system is being checked.

6. In the wizard window, check the boxes for problems to be fixed. Click the Next button.
7. In the wizard window, click the Finish button.

Rolling back wizard actions which resulted in problems when working on the Internet
If the Wizard's work causes problems with the Internet, you can roll back the changes which were
made by the Wizard. In order to do so, perform the following actions:
1. Start the Browser Configuration Wizard.
2. In the welcome window, select the Roll back changes option and then click the Next
button.

3. In the list of made changes, select the changes for rollback and click the Next button.
4. Wait until the rollback process is completed.

5. In the wizard window, click the Finish button. Make sure problems with the Internet are
eliminated.
Kaspersky Rescue Disk
Kaspersky PURE 3.0 includes a service which allows to create rescue disk designed to scan and
disinfect x86-compatible computers.
It is required when a computer is so damaged that the anti-virus solution or disinfection tools (for
example, Kaspersky AVPTool), run under control of the operating system, fail to disinfect a
computer. Efficiency of such disinfection enhances considerably as malicious programs in the
system do not get control during the boot of the operating system.
Rescue disk is an .iso image which includes the following:
► system and configuration files;
► a set of utilities to diagnose the system;
► a set of additional utilities (file manager and etc.);
► Kaspersky Rescue Disk files;
► anti-virus databases files.
A computer with the damaged operating system is booted from a CD/DVD-disk or a USB-medium
(a corresponding device should be installed on the computer).
Creating Kaspersky Rescue Disk
You can create the disk image (an .iso file) with up-to-date anti-virus databases and
configuration files. A source image can be downloaded from Kaspersky Lab servers or copied

from a local source. The file created by the Wizard is saved in the path specified during the work
of the Wizard.
To create a Rescue Disk, perform the following actions:
1. Open the main application window.
2. At the lower part of the window click the Additional Tools button.
3. In the Additional Tools window in the Kaspersky Rescue Disk section click the Create
button.
4. Kaspersky Rescue Disk is created with the help of the wizard. The Wizard consists of a
series of screens (steps) navigated using the Back and Next buttons. To close the Wizard
once it has completed its task, click the Finish button. To stop the Wizard at any stage,
click the Cancel button.
5. The Create and record Kaspersky Rescue Disk on a CD / DVD or USB drive window
of the Wizard contains information about the Rescue Disk that will be created by the
Wizard.
If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder, the Use existing
disk image box will be displayed in the first window of the Wizard. Check the box to use the
detected file as original ISO image and go directly to the Updating disk image step. Uncheck
this box if you do not want to use the disk image that has been found.

The Select disk image source window is skipped if you have checked the Use existing
disk image box in the first Wizard window.
At this step, you should select the image file source from the list of options:
► Select Copy ISO image from local or network drive if you already have a Rescue
Disk or an image prepared for it and stored on your computer or on a local network
resource.
► Select the Download ISO image from Kaspersky Lab server option if you do not
have an image file, and you want to download it from the Kaspersky Lab server.
Make sure that the Internet connection is established on your computer. The latest
version of an image is downloaded from the Kaspersky Lab server. The file size is
about 200 MB.
After you have selected an image source, click the Next button.
6. The Downloading disk image window is skipped if you have checked the Use existing
ISO image box in the first Wizard window,
If you have selected Download ISO image from Kaspersky Lab server, the disk image
downloading progress is displayed immediately.

If you have selected the option to copy the image from a local source at the previous step (Copy
ISO image from local or network drive), you should specify the path to the ISO file at this
current step.
To do this, click the Browse button. After you have specified the path to the file, click the Next
button. The disk image copying progress is displayed in the Wizard window.

When copying or downloading the ISO image is complete, the Wizard automatically proceeds to
Updating disk image.
7. Disk update procedure includes:
► update of anti-virus databases;
► update of configuration files.
Configuration files determine the possibility of starting the computer from a removable disk or CD
/ DVD written using a rescue disk image provided by the Wizard.
When updating anti-virus databases, those distributed at the last update of Kaspersky PURE 3.0
are used. If the databases are obsolete, it is recommended to update the program and restart the
Rescue Disk Creation Wizard.
To begin updating of the files, click the Next button. The updating progress will be displayed in
the Wizard window.

8. The Wizard informs you of a successful creation of the Rescue Disk and offers you to
record it on a data medium.

Specify a data medium for recording the disk image:
► Select Record to CD / DVD to record the image on a CD / DVD. You will be prompted to
specify the CD / DVD on which the image should be recorded. Then, the ISO image will
be recorded on this CD / DVD. The recording process may take some time so please wait
until it has completed.

A special program is needed for burning. For example, Nero.
► Select the Record to USB drive option to record the image on a removable drive.
Kaspersky Lab recommends that you do not record the ISO image on devices which are
not designed specifically for data storage, such as smartphones, cellphones, PDAs, and
MP3 players. Recording ISO images on these devices may lead to their incorrect
functioning in the future. You will be prompted to specify the removable drive on which the
image should be recorded. Then, the image will be recorded on this removable drive. The
recording process may take some time so please wait until it has completed.

► Select Save the disk image to file on local or network drive to record the ISO image to
the hard drive installed on your computer or another one that you can access over a
network. You will be offered to specify the folder into which the image should be recorded,
and the name of the ISO file, after which it will be recorded on the hard drive. The
recording process may take some time so please wait until it has completed. Later you
will have to record this file on the CD/DVD disk or a USB drive on your own.

9. To complete the Wizard, click the Finish button. You can use the disk that you have
created for further booting of the computer (see Starting the computer from the rescue
disk).

Creation and record of a rescue disk is completed.
Starting the computer from the rescue disk
To boot the operating system from the rescue disk, you should use a CD / DVD or removable
drive with a rescue disk image (.iso) file recorded on it, and start the computer. To start a
computer from a rescue disk, do the following:
1. Insert a medium drive with the recorded disk image into the corresponding slot and switch
the computer.
If a disk cannot be inserted before computer is enabled, in this case first, switch on the
computer, and then insert a disk into the disk drive. Try to insert the disk into the drive
quickly so the computer would boot from the rescue disk and not from an infected system.
2. Immediately after the computer restart, press the Delete key several times to enter
BIOS 1 .
3. In BIOS in the Advanced BIOS Features menu set CD/DVD-ROM (or USB-drive) as the
first boot device (the BIOS interface may vary depending on its version).
4. Exit BIOS saving the made changes.
5. When a screen with Kaspersky Rescue Disk 10 appears, press any key within 10
seconds, to prevent your computer to boot from the hard drive.
6. Using the keys to move the cursor in the left part of the screen, select the language of the
graphic interface. Press the ENTER key.
If no choice is made for some time, English is used as a default language.
Next, the folders for anti-virus databases, reports, the quarantine and auxiliary files are
searched (created). By default, folders of a Kaspersky Lab product, installed on an
infected computer, are used (ProgramData/Kaspersky Lab/AVP13 – for Microsoft
Windows Vista/7/8, Documents and Settings/All Users/Application Data/Kaspersky
Lab/AVP13 – for earlier versions of Microsoft Windows).
Pay attention, the folders Application Data in Microsoft Windows XP and ProgramData
in Microsoft Windows Vista, Microsoft Windows 7 and Microsoft Windows 8 are hidden by
default. Read KB3580, to know how to enable display of hidden folders.
If the application’s folders are not found, an attempt is made to create them. If the folders
cannot be found or created, the kl.files folder is created on one of the drives.
7. Next you are offered to select from one of the following boot modes:
► Kaspersky Rescue Disk. Graphic mode loads the graphic subsystem
(recommended for most of the users).
► Kaspersky Rescue Disk. Text mode loads the user text interface provided by the
console file manager Midnight Commander (MC).
► Boot from the hard drive.
1 BIOS is a part of the system hardware designed to provide access to computer hardware and the connected
devices.

8. Using the Up/Down arrows on the keyboard select Graphic mode. Press the ENTER
key.
Carefully read the text of a license agreement for Kaspersky Rescue Disk 10 and if you agree
with its conditions, press the C key on the keyboard.
When the operating system has booted you can start working with Kaspersky Rescue Disk 10.
If the operating system of the booting computer is in the sleep mode or its work was finished
incorrectly, you will be suggested to mount the file system for usage (prepare the file system tor
usage in the operating system) or restart the computer. In this case select one of the three
variants:
► Continue. If you click the Continue button, Kaspersky Rescue Disk 10 continues
mounting the file system but the file system can be damaged.
► Skip. If you click the Skip button, Kaspersky Rescue Disk 10 skips mounting of the file
system. In this case you can only scan boot sectors and startup elements for viruses.
However, some file systems can be mounted.
► Restart computer. In this scenario you can boot from a hard drive and finish work of the
operating system correctly.
Kaspersky Rescue Disk 10 allows the user to perform the following actions:
1. Scan objects for viruses and configure scan settings, including:
► modify the security level;
► change an action performed upon a threat detection;
► create the list of objects to scan;
► change type of scanned objects;

► restrict scan duration;
► specify scan settings of compound files;
► change the scan method;
► restore default scan settings.
2. Start update of anti-virus databases and configure the update settings:
► select an update source;
► configure proxy-server settings;
► specify regional settings;
► if necessary, roll the latest update back.
3. Configure additional settings:
► specify the category of the detected threats;
► create the trusted zone;
► configure notification settings;
► set the storage time for report files;
► configure settings of storing objects on quarantine and backup.
4. Create a report for scan and update tasks.
5. View statistics of the application operation.
You can find more detailed information about the features of the rescue disk in the KB article
8093.
Microsoft Windows Troubleshooting
What is Microsoft Windows Troubleshooting?
The Microsoft Windows Troubleshooting Wizard allows to neutralize the consequences of
malicious activity in the system. Kaspersky Lab recommends that you run the Wizard after the
computer has been disinfected to make sure that all threats and damage caused by infections
have been fixed. You can also use the Wizard if you suspect that your computer is infected.
The Wizard checks whether there are any changes to the system, such as the following:
► access to the network being blocked (for example, it is impossible to address other
computers in the LAN);
► known file format extensions have been changed;
► the toolbar is locked (as a result applications cannot be deleted) and etc.
Such damage can have various causes:
► the activity of malicious programs;
► system failures;
► incorrect operation of system optimization applications.
Running Post-infection Microsoft Windows Troubleshooting Wizard
To start the Wizard, perform the following actions:
1. Open the main application window.
2. At the lower part of the main window click the Additional Tools button.

3. In the Additional Tools window in the Post-infection Microsoft Windows
troubleshooting section click the Start button.

4. The Microsoft Windows troubleshooting Wizard will be started.
The Wizard consists of a series of screens (steps) navigated using the Next buttons. To stop the
Wizard at any stage, click the Cancel button.
If the wizard is started for the first time, then only the option Search for problems caused by
malware activity will be available.
If the wizard was started earlier and some changes were made, then you will also be able to
select the Roll back changes option.
Click the Next button to continue.

5. Next window displays the progress of searching for system damage. The scan may take
some time.
If you have selected Roll back changes at the first step, the Microsoft Windows
Troubleshooting searches for changes that it has made before.
6. Clicking the Finish button causes Kaspersky PURE 3.0 to terminate the System Recovery
Wizard.

File Shredder
What is File Shredder?
In some cases (for example, when you want to sell your computer) you may need to permanently
delete your personal data which are stored on your computer. Deleting data with the standard
Microsoft Windows tools (sending them to the Recycle Bin and then emptying the Recycle
Bin) cannot ensure safety and prevent possible restoration. Files may be restored using any
high-performance software tools. Formatting data storage media (such as hard disk drives, flash
cards, or USB cards) cannot guarantee total data deletion either.
In order to protect your confidential data from unauthorized restoration, Kaspersky PURE 3.0
includes the File Shredder option. Data deletion is based on rewriting deleted information with
ones, zeroes, or random symbols. In Kaspersky PURE 3.0 algorithms of re-recording symbol
chains (methods for permanent deletion of personal data) are standardized. Rewriting cycles and
number of them may vary depending on the selected method for permanent deletion.
The wizard supports data deletion from the following information carrier:
► Local drives. Deletion is possible if the user has the rights required for recording and
deleting information.
► Removable drives or other devices that are recognized as removable drives (such as
floppy disks, flash memory cards, USB disks, or cell phones). Data can be deleted from a
flash memory card if its mechanical protection from rewriting is disabled.

Before permanently deleting data from a medium, the program finds out whether deletion from a
selected drive is available. The deleting procedure will be performed only of the selected drive
supports data deletion. Otherwise the data cannot be permanently deleted from a drive.
You can delete the data that you can access under your personal account. Before deleting data,
make sure that it is not used by running applications.
Such objects as a file or a folder can be deleted. To prevent accidental deletion of important files
at a time you can select only one object for deletion (a selected folder may contain several files or
sub-folders).
Deletion of system files and folders may cause operating system malfunctions. If you select
system files or folders for deletion, the application will request additional confirmation of their
deletion.
Methods for permanent deletion of personal data are standardized. They are all based on
overwriting deleted information with ones, zeros, or random characters multiple times. Deletion
speed and quality may vary depending on the number of overwrite cycles.
Data deletion methods
Sure methods are methods when data rewriting contains three or more cycles.
In the File Shredder Tool from Kaspersky PURE 3.0 you are offered to select one of the
following data deletion standards:
► Quick delete (Recommended). Deletion process consists of two cycles of data
rewriting: writing zeroes and pseudorandom numbers. The main advantage of this
algorithm is performance speed. Two cycles are enough to complicate the operations of
data restoration tools. Even if the file itself will be restored, the data will turn out to be
annihilated.
► GOST state standard P 50739-95, Russian Federation. The algorithm carries out one
rewriting cycle using pseudorandom numbers and protects the data from restoration with
common tools. This algorithm corresponds to protection class 2 out of 6 total, according
to the State Technical Commission classification.
► VSITR standard, Germany. The algorithm carries out seven rewriting cycles. The
algorithm is considered reliable but it requires more time for execution.
► Bruce Schneier algorithm. The process consists of seven rewriting cycles. The method
differs from VSITR by its rewriting sequence. This enhanced method of data deletion is
considered the most reliable.
► NAVSO P-5239-26 (MFM) standard, USA and NAVSO P-5239-26 (RLL) standard,
USA. The algorithm carries out three rewriting cycles. The standards differ from one
another by their sequences of data deletion.
► DoD 5250.22-M standard, USA. The algorithm carries out three rewriting cycles. It is
considered a reliable method of protection against people who do not have special tools
but, however, data are successfully restored in many cases.
Permanent data deletion procedure
In order to permanently delete data, do the following:
1. Open the main program window.
2. At the lower part of the window click the Additional Tools button.

3. In the Additional Tools window in the File Shredder section click the Open button.

4. In the File Shredder window click the Browse button. In the Select file or folder window
select an object for deletion and click the OK button.
5. In the drop-down list Data deletion method, select a required deletion method.

6. Click the Delete button.
7. In the opened window confirm deletion by clicking the OK button.

Erase Your Activities History (Privacy Cleaner Wizard)
Many of user's actions performed on the Internet or with applications are registered in the
system. The following data is saved:
► Histories containing information about visited websites, applications launch , search
requests, opening / saving files by different applications;
► Microsoft Windows system log records;
► Temporary files and etc.
Privacy Cleaner Wizard allows to delete the files, including files with the user private data (for
example, passwords).
To start Privacy Cleaner Wizard, perform the following actions:
1. Open the main application window.
2. At the lower part of the main window click the Additional Tools button.

3. In the Additional Tools window in the Erase Your Activities History section click the
Start button.
4. In the Privacy Cleaner window select an action:
► Search for user activity traces;

► Roll back changes (the option is available if the wizard was used before)
5. Click the Next button.
6. Wait until the process is completed.
7. Select the required information about the user's actions to delete. The list contains three
sections:
► Additional actions – the list of the least dangerous problems;
► Recommended actions – the list of potentially dangerous problems;
► Strongly recommended actions – this group includes dangerous problems.

8. To start the process, click the Next button.
9. Wait until the deletion is completed.
10. In the Activity traces cleaned successfully window, you can specify the mode that the
wizard will be started automatically every time on Kaspersky PURE 3.0 exit. To do so,
check the box Clean activity traces every time on Kaspersky PURE 3.0 exit.

11. To finish the wizard's work, click the Finish button.
In order to delete some files, the wizard will suggest that you restart the system.
Repeated running of the Privacy Cleaner Wizard may detect activity traces which were not
cleaned up by the previous run of the Wizard. The matter is that data related to user activity in
the system are accumulated constantly. Some files, for example the Microsoft Windows log file,
may be in use by the system while the Wizard is attempting to delete them. In order to delete
these files, the Wizard will prompt you to restart the system. However, during the restart, these
files may be recreated and detected again as activity traces.
Unused Data Cleaner
The temporary files are created at the launch of any applications or operating systems. But some
of them remain undeleted when closing the application or operating system. However in some
cases (emergency shutdown, incorrect program installation, error in the program and etc.)
temporary files are not automatically deleted. Whereas deletion of temporary and unused files will
save free place on your hard drive.
Kaspersky PURE 3.0 includes the Unused Data Clearing Wizard to delete unused files. The
wizard deletes the following:
► system event logs, where the names of all active applications are recorded;
► event logs of various applications (such as Microsoft Office, Microsoft Visio, Macromedia
Flash Player) or update utilities (such as Windows Updater, Adobe Updater);
► system connection logs;
► temporary files of Internet browsers (cookies);
► temporary files remaining after installation / removal of applications;

► Recycle Bin contents;
► files in the TEMP folder whose volume may grow up to several gigabytes.
To start the Unused Data Clearing Wizard, please do the following:
1. Open the main application window.
2. At the lower part of the window select the Additional Tools button.
3. In the Additional Tools window in the Unused Data Cleaner section click the Start
button.

4. In the welcome window of the window click Next to start the wizard.
5. Wait until the search of unused files is complete.

6. In the Searching for unused data is complete window check the boxes for the actions to
be performed by the Unused Data Clearing Wizard. All actions are grouped into three
categories:
► Additional actions;
► Recommended actions;
► Strongly recommended actions.
To start the deletion process, click the Next button.

7. Wait until the deletion process is over.
8. In the Unused data deletion is complete window click the Finish button.

CHAPTER 10. Safe Money
A new component Safe Money which was initially added to Kaspersky Internet Security 2013 has
been embedded into Kaspersky Pure 3.0
The component provides significantly improved protection of financial operations via online
banking and payment systems (e.g., PayPal, WebMoney, etc.) and while shopping online.
If an attempt is made to enter an online banking system, bank website or payment system
personal account, Kaspersky PURE 3.0 performs the following activities:
1. Verifies that the request goes to the genuine site of the bank or payment system
(checked against an updatable list of sites in the product).
2. Verifies the security certificate, to avoid redirection to a fake website.
3. Scans the operating system for vulnerabilities critical for online banking.
4. Suggests opening the website in Safe Money mode to protect your personal data
against theft.
If a website is opened in Safe Money mode, Kaspersky PURE 3.0 switches to HTTP protocol
(irrespective of the previously used protocol). The program also restricts how other programs and
processes can access the data that is transferred. This helps ensure your personal data is
protected against theft.
Advantages of the Safe Money component are the following:
► Safe Money protective mechanisms are enabled automatically based on the list of web
sites of banks and online payment systems recommended by Kaspersky Lab
specialists. No preliminary configuration is needed.

► At the same time you can configure automatic enabling or disabling of the Safe Money
mode for a specific site manually.
► When Safe Money mode is activated, a green frame will appear around the browser
window.

In order to configure automatic enabling and disabling of the Safe Money component for a
specific site, do the following:
1. Open the main application window and select Safe Money.

2. In the Safe Money window click the Add bank or payment system button in the left part
of the window.

If editing settings in the product is password-protected, then the Password checking window will
appear. Enter your password to continue.
3. In the Website for Safe Money window specify a web site of a bank or payment system
(you can specify either a URL-address or the mask of a URL-address). The protocol
https:// (used by default by the safe browser) should be specified before the site URLaddress
4. In the Description field give a short description of the added resource (name of the bank
or of the payment system).

5. In the Website for Safe Money window click the OK button.
6. A newly added resource will appear in the list of banks and payment systems in the Safe
Money window.
For each item on the list, a description of a bank or a payment system and the URL of the
website are displayed. On the right of the description of a bank or a payment system,
buttons are displayed, which allows edit the current item or remove it from the list.
To add another bank or a payment system, click the Add bank or payment system
button in the left part of the window.

A shortcut to quickly open the Safe Money window is created by default on the Desktop
during the product installation.
If the list is blank, Kaspersky PURE 3.0 running in Safe Money mode uses the
database of websites owned by banks and payment systems that has been
recommended by Kaspersky Lab specialists.

CHAPTER 11. Data Encryption
Data Encryption is designed for protecting confidential information against unauthorized access.
To protect your personal data, the mechanism of encryption is used. It means that data is stored
in an encrypted form in a special container.
Container is an encrypted object created by the user with the Data Encryption function. After
the container is created and connected you can work with it as with a virtual logical drive.
Containers can be copied, burnt onto CD and DVD-disks, sent by e-mail, relocated onto another
computer on which Kaspersky PURE 3.0 is installed.
To work with data in a container, it is required to decrypt them. On decryption Kaspersky PURE
3.0 will ask to enter your password. After entering the password, the container will be displayed in
the system as a virtual removable device which can be used to move or copy data to.
Creating an encrypted container
In order to store encrypted data, it is required to create a container. A container can be created
on a local disk or removable devices.
During a container creation, you will be required to specify its name, size, access password and
path to store the file.
You can also connect an earlier created container if it is not accessible on the computer (for
example, after operating system re-installation). In this case the container will appear in the list of
containers, but access to the container will be blocked until you enter the password to the
container.
In order to create a container, perform the following actions:
1. Open the main application window.
2. Click on the Data Encryption button.

3. In the Data Encryption window click on the Create container button.
4. In the Create encrypted container window, specify the main settings for the container:

► Container name;
► Password;
► Size;
► Container file location.
The Decrypt data on drive connection box becomes active if you create an encrypted
container on a removable drive.
5. Click the Next button to continue creating an encrypted container.

6. Wait until an encrypted container is created.

Encrypting data
Once the container is created, you can see the container information in the lower part of the Data
Encryption window.

Once a container is created the Create encrypted container window appears, the window
provides short tips on how to see the container. Click Next to see all tips or click Cancel to close
the window with the tips.

You can view data stored in the container by clicking the Open container button. The container
will be opened in the Microsoft Windows Explorer. Copy to the container data you wish to
encrypt.
In order to encrypt data, click the Encrypt data button in the Data Encryption window of
Kaspersky PURE 3.0.

Connecting an earlier created container
In order to connect an earlier created container (for example, created on another computer with
installed Kaspersky PURE 3.0), perform the following actions:

1. Open the main application window.
2. Click on the Data Encryption button.
3. In the Data Encryption window click on the Connect container link.
4. Select the container file and click the Open button.

Decrypting data. Configuring container
In order to access data stored in a container, perform the following actions:
1. Open the main application window.
2. Select Data Encryption.
3. Select the required container from the list and click on the Decrypt data button in the
container section.

4. Enter a password to the container in the open window.
5. Click on the OK button. The container opens in the Microsoft Windows Explorer window.

6. Click the Open container button to open the container and copy the necessary data into
it.
Pay attention that once container is decrypted and until it is encrypted once again, the container
is displayed in the Explorer as a separate disk.

You can change the password of name of the container. Also you can create a shortcut to the
container or delete the container.
In order to configure the container settings, perform the following actions:
1. In the section of the created container click the Configure button.
2. Enter the password to access the container.

3. In the Container settings window you can change the name of the container, change
password or create a desktop shortcut.
4. To change the password to the container click the Change password link. In the open
window enter your current password in the Old password field and your new password in
the New password and Confirm password fields. Click the OK button.

5. In order to create a shortcut to the container, click the Create desktop shortcut link.
The shortcut to the container will appear on the desktop:

Deleting container
In order to delete a container, perform the following actions:
1. In the Data Encryption window click on the arrow next to the Configure button.
2. Select Delete from the open menu.
3. In the Delete container window enter the password to the container and click OK.
4. In the Confirm deletion window confirm deletion by clicking the OK button.

CHAPTER 12. Password Manager
What is Password Manager
Using passwords is the most common authorization method, and frequently a password is the
only obstacle for intruders who try to get access to your personal data.
Password Manager is an indispensable tool for the active Internet user. It fully automates the
process of entering passwords and other data into websites and saves the user going to the
trouble of creating and remembering multiple passwords.
When you use Password Manager to log in, you can rest assured that your data is safe. The
software creates exceptionally strong passwords and prevents your login information from being
stolen. All confidential data is encrypted and kept in a dedicated database on your computer.
Kaspersky PURE 3.0 now stores your passwords in the cloud (i.e., online), so you can
synchronize them across all of your Windows machines. For example, you can add new
accounts via the Password Manager component in Kaspersky PURE 3.0 installed on a home
notebook, and then use new data on other computers with Kaspersky PURE 3.0 installed (on a
workstation).
Note, that to synchronize password and data on all computers you need to have installed
Kaspersky PURE 3.0 on them and during initial configuration of Password Manager to have
created (if necessary) or specified the same Kaspersky Account (if existing (see below)). In this

case, every time Password Manager from Kaspersky PURE 3.0 is started it will automatically
synchronize passwords and data on all computers and devices.
Using the data synchronizing option not only can you keep your passwords and personal data in
actual state, but restore the data in case of changes or device loss.
You can cancel use of synchronization. In this case Password Manager will save your
passwords and data locally on your computer. However, you can enable the synchronizing option
later and synchronize all your data on all devices and computers.
Synchronizing state of passwords and data is displayed at the lower part of the Password
Manager window.
Main functions of Password Manager
1. One-click authorization
Password Manager saves the parameters you use to access web resources or applications
(login and password). With each subsequent visit to the site or a program, Kaspersky PURE 3.0
will insert your credentials automatically.
2. Secure protection of your passwords
Password Manager stores your passwords and other personal information in a secure,
encrypted database on your computer. Access to the passwords database can be granted only
after authorization in the program.
Password Manager inserts information directly into web resources and applications without
using the keyboard and effectively protects your passwords against keyloggers (a keylogger is a
malicious program that tracks the sequence of keystrokes on the keyboard in order to record a
user’s personal information, such as passwords).
Password Manager effectively combats phishing attacks as it verifies the authenticity of web
addresses and the software version before any passwords are inserted.
3. Accounts
You can use several user accounts for one website (application), or one account for several
websites (applications).
4. Identification cards
Password Manager allows long registration forms to be completed automatically based on
identification cards containing personal data which the user creates in advance. Several cards
can be used to store business and personal information separately (e.g. first and last name, year
of birth, sex, email address, telephone number, country of residence, etc.).
5. Secure memos
Password Manager enables you not only to securely store logins and passwords but also
personal records which you would like to remain confidential such as: SIM card PIN codes,
software keys, passport details, etc.

6. Password generator
The Password generator included in Password Manager will help you to create strong
passwords that would be difficult for cybercriminals to crack.
7. One passwords database for all computers
You can synchronize your passwords database, personal data and identities with the ―cloud‖ and
thus make it available on all computers where Kaspersky PURE 3.0 or Kaspersky Password
Manager alone is installed.
Starting Password Manager
Enabling password synchronization
Kaspersky Account is needed to synchronize all passwords on all your devices and computers.
If you have Kaspersky Account, then you can use it to manage the Password Manager
component. For this, enter your email address and a password (not less than eight symbols)
which you specified during registration.
If you do not have Kaspersky Account, then during the first launch of Password Manager and
sync configuration, you will be offered to create one. Once you have created and activated your
account, you can use it to sync passwords and data via the ―cloud‖ on all devices and computers
with Kaspersky PURE 3.0 installed.
Steps of the Password Sync Wizard are the following:
1. To start working with Password Manager, in the main application window select
Password Manager.
2. Click the Start Password Manager button.

3. In the open Password Manager window click the Enable sync button.
4. Read Terms of Use. If you accept the agreement check the box I accept Terms of use.
Click the Next button.

You need a Kaspersky Account to enable synchronization.
If you do not have Kaspersky Account:
a. In the Password Manager window select I do not have Kaspersky Account.
Click the Next button.

. Enter your email address and specify a password. To read the terms of use and
conditions, click the corresponding link in the window.
Check the box I would like to subscribe to news from Kaspersky Lab ZAO, if
you want to receive company news.
Click the Next button.
c. Click the Finish button. Check your email box specified during the registration.

d. The message from Kaspersky Account Message will contain a link you need
to click in order to confirm your created account.
e. Once you have followed the link, enter your password for the account and click
the Activate button.
f. Your Kaspersky Account is created.
g. In appeared window enter a password for your Kaspersky Account. Click
Unlock button.
Your Password Manager is unlocked now and passwords database has been
synchronized.

Now in order to get access to the created database of passwords and data on all
devices and computers, you need to install Kaspersky PURE 3.0 and during
initial configuration of Password Manager specify the same Kaspersky Account.
In this case when the Password Manager component from Kaspersky PURE
3.0 is started, the component will automatically synchronize passwords and data
on all devices and computers.
h. In order to see the sync status or to cancel sync, click the Last sync link at the
bottom of the Password Manager window.
If you have Kaspersky Account:
a. In the Password Manager window select I already have Kaspersky Account.
Click the Next button.

. Enter your email address and a password which you used when creating
Kaspersky Account. Use the link Forgot your password? if necessary. Click
the Next button.
c. The sync configuration is complete. Now your passwords and data will be
synchronized and can be used on other devices and computers.
Click the Finish button.

d. Go to the Password Manager component in Kaspersky PURE 3.0 Your
passwords database has been synchronized.
Now in order to get access to the created database of passwords and data on all
devices and computers, you need to install Kaspersky PURE 3.0 and during
initial configuration of Password Manager specify the same Kaspersky Account.
In this case when the Password Manager component from Kaspersky PURE
3.0 is started, the component will automatically synchronize passwords and data
on all devices and computers.

e. In order to see the sync status or to cancel sync, click the Sync link at the
bottom of the Password Manager window.
f. To add a new account or personal data, click the Unlock Password Manager
button and enter your password for Kaspersky Account.

Enabling password sync
On the first step of Password Manager configuration you can cancel synchronization.
In this case Password Manager will save all your passwords and data locally on a device or a
computer. You can enable synchronization and synchronize your data any time you want.
Steps of the Password Manager sync wizard are the following:
1. In the Password Manager window click the Start Password Manager button.

2. In the open Password Manager window click the Don’t enable sync button.
3. In the Password Manager sync wizard is complete window click the Finish button.

4. The Create master password for new vault window will open. To know what a master
password is and how to create a master password, read the chapters What is Master
Password and Creating Master Password.
5. You can enable synchronization later from the Password Manager window later. To
enable synchronization, click the Sync disabled link at the bottom part of the window.

6. Go to the chapter Enabling passwords synchronization, to know the sync wizard steps.

What is Master Password
Master Password is your personal key to access your password database containing your
passwords and other personal data. Without master password it is impossible to access the
password database. Keep it in secret.
When creating your master password, it is recommended to follow the following
recommendations:
► a password can contain digits, Latin characters, space and special characters («.», «,»,
«?», «!», «», «‖», etc.);
► You must not use in the password:
words found in a dictionary or set expressions;
any easy-to-guess sequence like: qwerty, 123456789, qazxsw etc.;
personal data: first and last names, addresses, passport numbers, social security
numbers etc.;
it is strongly advised not to reuse the passwords which you use to run other
programs (e-mail, databases, etc).
Creating Master Password
If you canceled synchronization on the first step of Password Manager sync wizard, you will be
offered to create a master password to protect your data from cyber-criminals who may try to get
access to your passwords database.
In this case Password Manager will save your data and data locally on your computer.
In order to create a master password, do the following:
1. In the Password Manager window enter and confirm your master password. Click the
Next button. (See tips on how to make a master password above).

2. To finish Password Manager configuration, click the OK button.
If you forgot your master password
If you forgot your master password, do the following:
1) Click the link Master password is forgotten in the в master password entry window (the
link appears after the first unsuccessful attempt to enter a password).

2) In the Master password is forgotten window carefully read conditions of the previous
password reset to new one. Pay attention, creation of a new password leads to the
creation of a new passwords vault, whereas the previous passwords vault will be
destroyed. Click the Next button.
3) In the Creating master password for new vault window enter your new password twice.
Click the Next button.

4) In the Connecting to online vault with Kaspersky Account window enter your login
and password.
5) You can enable synchronization later from the Password Manager window later. To
enable synchronization, click the Sync disabled link at the bottom part of the window.
6) Go to the chapter Enabling passwords synchronization, to know the sync wizard steps.

Locking/ unlocking passwords database
By default, Password Manager locks the database at the program start and after the specified
locking time. Password Manager is available only if the passwords database is unlocked.
You can lock/unlock the database with the following methods:
► From the Password Manager window;
► From the Kaspersky PURE 3.0 context menu;
► By key combination CTRL + ALT + L.
You can lock/unlock Password Manager with the following methods:
► From the main application window;
► From the context menu.
In order to lock Password Manager from the main application window, perform the following
actions:
1. In the lower part of the main application window, select Password Manager.
2. In the Password Manager window, click the Lock Password Manager button.

In order to lock Password Manager from the context menu, perform the following actions:
1. Right-click the Kaspersky PURE 3.0 icon in the taskbar notification area.
2. From the open context menu select Lock Password Manager.
In order to unlock Password Manager from the main application window, perform the following
actions:

1. In the lower part of the main application window, click on the Password Manager button.
2. In the Password Manager window, click on the Unlock Password Manager.
3. Enter a master password to unlock Password Manager. You can use Virtual keyboard
which allows to enter passwords without pressing keys on the physical keyboard to enter
your master password or enable the option Show password by clicking the corresponding
icons in the right part of the entry field.

If at the Password Manager configuration stage Password sync was enabled, then you
need password from your Kaspersky Account to unlock Password Manager.
In order to unlock Password Manager from the context menu, perform the following actions:
1. Right-click the Kaspersky PURE 3.0 icon in the taskbar notification area.
2. Select Unlock Password Manager.
3. Enter your master password for Password Manager and click on the Unlock button.
If at the Password Manager configuration stage Password sync was enabled, then you
need password from your Kaspersky Account to unlock Password Manager.
Caption button of Password Manager
The caption button is displayed in the top part of the browser (application) and allows to:
► Add an account (identity) to the database;
► Add personal data;
► Lock Password Manager;
► Open the Password Manager window;

► Open the Password generator and passwords history.
If Password Manager is locked, the Caption Button is inactive.
Adding accounts to Password Manager
Adding website account to Passwords database
You can manually add a new web-site account to the passwords database the following way:

► From the Kaspersky PURE 3.0 context menu in the taskbar notification area – for this
right-click the Kaspersky PURE 3.0 icon, click Add and select the necessary item.
► Form the Password Manager main window.
In order to add a website account from the Password Manager main window, perform the
following actions:
1. Open the main application window.
2. In the bottom part of the window select Password Manager.
3. In the open Password Manager window click the Add Account button.

4. In the left part of the opened Password Manager window select Web accounts. In the
right part of the window click the Add web account button.

5. In the right part of the new window fill out the required fields: Account name (My
Facebook account), URL (www.facebook.com), login and password.
6. Check the Auto sign in box, if you want Password Manager to enter your account data
and automatically sign in upon opening a web site.
7. If you want to add a date when the password for the account expires, perform the following
actions:
a. Click the Password never expires link. In the drop-down list select Password
expires.
b. In the entry field next to the link specify the date when the password will expire.

8. Click the Password Generator link to automatically create a strong password. Using
Password Generator you can create strong password by specified conditions (special
characters, numbers and symbols use).
You can find detailed description of Password Generator in the Password Generator
section.

9. By checking the Advanced settings box you can specify a default browser where the
account opens (at Password Manager start), link the account to a specific web page,
manually configure the login form and add comments to the account.
In the Advanced settings section next to Login form click the Edit settings button to manually
configure authorization fields. In the Manual form editing window you can configure field
correspondence with entered data. In the Description column you can find action to be
performed with the field.
Now when the form for facebook.com is edited, login will be automatically entered in the Email
field.
To save the made changes click the OK button.
10. To add the created web account, click the Add button in the lower part of the window.

The web account has been added to the passwords database.
Adding account for application to passwords database
The Caption button is located on the upper part of application window. Using the button you can
quickly add an account to the password database and authorize in an application.
In order to add your account for an application to the password database using the Caption
button, perform the following actions:
1. Launch an application (for example, Google Talk)
2. Click on the Caption Button and select Add Account.
3. In the open window specify your login and password in the Login and Password fields.

4. Click the Add Account button.
The account has been added to the passwords database.
In order to sign in using Password Manager, perform the following actions:
1. Open the authorization window of the application (for example, gtalk).
2. Click on the Caption Button and select the required user to sign in from the drop-down
menu (for example, user).
Password Manager will automatically sign the user in.
You can also manually add an account for an application to the password database of Password
Manager. You can open the window of adding accounts with the following methods:
► From the Kaspersky PURE 3.0 context menu in the taskbar notification area.
To do this, perform the following actions:
1. In the Taskbar notification area right-click the Kaspersky PURE 3.0 icon and select
Add.

2. From the open menu select App Account.
► From the Password Manager window.
In order to add a new account for an application from the Password Manager window, perform
the following actions:
1. Open the main application window.
2. In the lower part of the window select Password Manager.
3. In the Password Manager window click the Add Account button.

4. In the left part of the window select Application accounts and click the Add application
account button.
5. In the opened window select the application to create the account for. You can do this with
the following methods:
► Drag the shortcut of the necessary program into the Application field;
► Drag the pointer icon to the open window of the application;
► Select the application by clicking on the Browse button.

6. In the upper part of the window enter or edit the required name for the account.
7. Enter your login in the Login field and password in the Password field.

9. If you want Password Manager to automatically enter your authentication data in the
application and to sign you in, check the Auto sign in box.
10. You can also specify a date when the account password expires. In order to do this,
perform the following actions:
a. Click on the Password never expires link and select Password expires from
the drop-down menu.
b. In the field next to the link specify the required date when the password expires.
11. Click the Password Generator button to automatically create a strong password. Using
Password Generator you can create strong password by specified conditions (special
characters, numbers and symbols use).
You can find detailed description of Password Generator in the Password Generator
chapter.

12. Check the Advanced settings box to open additional settings.
13. You can use the account:
► In the specified window
► In all application windows

14. You can configure the authorization form filling in manually and specify some
comments. For this in the Login form section click the Edit settings button.
15. In the open window you can configure automatic form authorization filling in. The
Description column contains information on actions to be performed with the
corresponding field.

16. Click the Add button to complete account creation.
The account for the application has been added to the passwords database.
Adding and using Identities
Password Manager can fill in web-forms for registration or online banking using existing
identities with your personal information (for example, full name, birth date, e-mail addresses,
phone numbers, country of living, bank accounts information).
You can add an identity with the following methods:
► Using the Caption Button. To do this, click on the Caption Button and select Identities ->
Add Identity.

► From the context menu of Kaspersky PURE 3.0. To do this, right-click the Kaspersky
PURE 3.0 icon in the taskbar notification area and select Add -> Private Data from the
open menu.
► From the Password Manager window.
In order to add an Identity from the Password Manager window, perform the following actions:
1. Open the Password Manager window.
2. Click on the Add Identity data button.

3. A window with a form to create a new identity with personal data will open.

4. In the upper part of the window enter the required type of the Identity (for example,
Work).
5. Identity data comprise the following sections:
► Personal details;
► Contact;
► Internet;
► Business;
► Finance.
6. In order to fill out each section use the buttons located next to each section or the
buttons available next to the Summary tab.
7. In the Personal details section enter the main information about yourself. Fill out the
main fields and go to the next section by selecting the corresponding button in the upper
menu.

8. In the Contact section fill out the required fields and go to the next section by selecting
the corresponding button in the upper menu.

9. In the Internet section fill out the required fields and go to the next section by selecting
the corresponding button in the upper menu.
10. In the Business section fill out the required fields and go to the next section by selecting
the corresponding button in the upper menu.

11. In the Finance section fill out the required fields and go to the next section by selecting
the corresponding button in the upper menu.

To add information about your credit card, click the Credit Card button.
To add information about your bank account card, click the Bank Account button.
When all sections are filled out, click the Save button.
In order to apply an identity, perform the following actions:
1. Open the required page with identity fields.
2. Click the Caption Button and from the open menu select Identities -> .
Password Manager automatically fills in identity fields.
Adding and using Notes
Notes save text information in an encrypted form (for example, passport information, numbers of
bank accounts and etc) and allow quick access to the saved data. Preset templates can be used
to create a note.
A note can be edited.
You can create a note the following way:
► From the Kaspersky PURE 3.0 context menu in the taskbar notification area.
In order to create a note from the context menu, do the following:
1. Right-click the Kaspersky PURE 3.0 icon in the taskbar notification area.

2. Select Add > Note.
► From the Password Manager window.
In order to create a note from the Password Manager window, do the following:
1. Open the Password Manager window.
2. In the left part of the window select Passwords and data.

3. In the left part of the window select Notes.
4. In the right part of the window click the Add note button.
5. In the right part of the new window enter name of your note.

6. You can use templates with the set of standard types of data when creating a note. This is
convenient as each template comprises fields where you can enter your data. For
example, a note for driver’s license contains the following fields: first name, surname,
address, sex, height, weight, hair, eyes, date of issue, expiration, license number, class.
The following templates are predefined in Kaspersky PURE 3.0:

► Software license;
► Credit card;
► Bank account;
► ID card;
► Driver’s License;
► Passport;
► Visa;
► Voter card;
► Student card;
► Internet settings.
7. In order to use a template, click the Template button.
8. You can create your own template. For this, enter the necessary types of data. Click the
Template button and in the drop-down menu select Save as template.

9. Enter a template name.
10. Click the OK button.

11. If you do not want to use or create your own templates, then simply enter the necessary
information into the text field.
12. Click the Add button to save a template.
In the open window with the list of created notes, you can merge notes into groups, and view
or edit any note from the list.

In order to merge several notes into a group, do the following:
1. Pressing the Shift key on the keyboard, select the notes to add to a group.
2. Click the Add group button.
3. In the Add group window in the Name field specify the name of a group. In the Icon
section select an icon for your group from the drop-down list.

4. In the Add group window click the OK button.
5. In the Password Manager window click the OK button.
Configuring Password Manager
You can configure settings of Password Manager by clicking on the Settings button in the
Password Manager window.
In order to open the Settings window of Password Manager, perform the following actions:
1. In the main application window select Password Manager.
2. In the left part of the Password Manager window click the Settings button.

3. In the left part of the Password Manager Settings window select the required item. You
can select one of the following options:
► General
Here you can:
Enable/disable automatic start of Password Manager on Kaspersky PURE 3.0
startup;
Specify to automatically minimize Password Manager after start in the taskbar
notification area;
Specify period after which Password Manager should be locked;
Change your master password;
Select action to be performed on the Password Manager icon double-click;
Enable asking for confirmation of paste from clipboard;
Specify time to store password in the clipboard.

► Supported browsers
This section contains the list of web browsers and applications supported by Password
Manager.

For the auto sign-in and the caption button functions to work correctly in web browsers and
applications, Password Manager extensions need to be installed.
By default, all necessary extensions are installed automatically during the first start of
Password Manager. If necessary you can additionally install extensions for a required
web browser or application.
Web browsers and applications are displayed in the list of supported browsers respective
of the installed extensions:
o icon (extension is installed) next to the web browser name or application means
an extension is installed;
o icon (extension is not installed) next to the web browser name or application
means an extension is not installed.
► My passwords
Password Manager saves all data into a separate file which can be stored on a local,
removable and network drive. In this section you can also specify a path to the file with
passwords and data.

► Caption button
In the Display caption button in the selected browsers section you can select web
browsers where the Caption button should be displayed. To select a web browser, check
the box next to it.
By default, all web browsers in the list are selected.

The Caption button position in window header section lets you configure the way the
caption button is displayed in a browser or application.
Move caption button to the left – number of caption button’s position relative to the
buttons of other applications in the upper part of the browser window. The value in the entry
field determines how menu buttons are located to the right of the caption button (by how
much the caption button is shifted to the left of the browser window).
If the Hide caption button if Password Manager is locked check box is selected, the
caption button is not displayed in the browser or application window when Password
Manager is locked. If the check box is cleared, the caption button is displayed in the
browser or application window at all times regardless of the status of Password Manager.
The check box is cleared by default.
► Favorites
This section contains the list of most popular accounts in Password Manager.

Check the Show the list in the system tray menu if you want to see the list in the system
tray. In the List size specify the number of displayed items in the list.
► Ignored web sites
This section contains the list of ignored web sites. Password Manager will not add logins
and passwords and will not automatically sign in on these sites. Also Password Manager
does not suggest to create an account and to save login and password for the ignored
web sites.

► Trusted web sites
This section contains the list of trusted web sites.

Password Manager protects personal data from phishing attacks. The program will notify
you if upon an authorization attempt you are being redirected to another web site.
Cyber criminals often use redirection on web sites which grant access to bank accounts (it
might be pages of online banking and payment services). Redirection is configured on the
authorization page of the official web site and the user is redirected to a fake site which is
visually alike. All data entered on the fake page are received by hackers.
The program does not display notification about transfer of personal data to trusted web
sites added to the list. Before adding a web site to the list of trusted web sites make sure
the site is genuine.
► Ignored applications
The section contains list of ignored applications. The program does not add a login and a
password and does not automatically sign in in these applications. Password Manager
does not suggest to create an account and save a login and a password for the ignored
applications.

► Hot keys
In this section you can set hot keys for Password Manager actions. You can specify key
combinations for the following actions:
o Lock/unlock Password Manager;
o Enter credentials;
o Show / hide Quick Launch Box.

► Manage templates
The section contains a list of templates to create memos. You can add, edit or delete
templates for secure memos.

► Miscellaneous
In this section you can configure the Password Manager and browser notifications.

Virtual keyboard
When working on your computer, the cases frequently occur when it is required to enter your
personal data, or username and password. For instance, when registering on Internet sites, using
online stores etc.
There is a danger that this personal information will be intercepted using hardware keyboard
interceptors or keyloggers, which are programs that register keystrokes.
Virtual Keyboard prevents the interception of data entered at the keyboard.
Virtual Keyboard cannot protect your personal data if the website, that required entering such
data, has been hacked, since in this case the information will be obtained directly by the
intruders.
Many of the applications classified as spyware have the functions of making screenshots which
then are transferred to an intruder for further analysis and for stealing the user's personal data.
Virtual Keyboard prevents the personal data being entered, from being intercepted with the use
of screenshots.

Before using Virtual Keyboard, see its working peculiarities:
► Before you enter your data with the virtual keyboard, make sure the cursor is set in the
correct field.
► Press the button on the virtual keyboard using the mouse.
► Unlike on real keyboard, on the virtual keyboard you cannot press two keys
simultaneously. That is why if you need to use the combinations of keys (for example,
ALT+F4), you need to press the first key (ALT), then the next (F4) and then press the first
one again. Repetitive pressing substitutes release of a key on a real keyboard.
► You can switch the language for the virtual keyboard using the key combination Ctrl +
right-clicking Shift, or Ctrl + right-clicking Left Alt, depending on the settings selected.
You can start virtual keyboard with the following methods:
► From the Password Manager window;
► From the context menu of Kaspersky PURE 3.0;
► From the browser Microsoft Internet Explorer, Mozilla Firefox and Google Chrome;
► Using the keys combination CTRL+ALT+SHIFT+P.
In order to open Virtual Keyboard from the Password Manager window, click the Virtual
Keyboard button.

In order to open Virtual Keyboard from the Kaspersky PURE 3.0 context menu, right-click the
Kaspersky PURE 3.0 icon in the taskbar notification area and select Tools -> Virtual Keyboard
from the open menu.
In order to open Virtual Keyboard from a browser, click the Keyboard icon in the upper part of
the browser.

Password Generator
What is Password Generator
During an account creation you need to specify a new account. A special tool for automatic
password creation – Password Generator – is embedded into Password Manager. Using
Password Generator you can create unique and strong passwords (with lower- and upper-case
letter, digits and special symbols).
Creating password for account with Password Generator
In order to create a password for a web or application account, perform the following actions:
1. Open the Password Manager window.
2. In the lower part of the window click the Password Generator button.
3. In the Password Generator window in the Password length field specify the number of
symbols in the password (not less than 8 symbols are recommended).

4. In the Advanced settings section check the boxes for the required settings (use of A-Z, az,
numbers 0-9 and special symbols). You can disable use of similar symbols by checking
the box Exclude repeating characters. The more boxes are checked, the stronger
password will be created.
5. Click the Generate button.

The generated password appears in the field.
6. In the Strength section Password Generator shows how your password is strong
according to the specified parameters.
7. To view the password click the button in the password field. The password is
displayed while you keep the button pressed.
8. Click the Copy to clipboard button. Clipboard is a special storage designed to store
copied data and transfer it between applications.

9. Paste the password to the authorization field by pressing the key combination Ctrl + V.
10. To view history of created password, in the Password Generator window go to the
Passwords History tab. You can copy a password from the list to clipboard or clear the
history by clicking on the corresponding buttons.

CHAPTER 13. Advanced application settings
Settings. Protection
The section provides detailed information about all application components, describing the
operational algorithm and settings of each component.
To start advanced application setting, open the settings window with one of the following
methods:
► Click the Settings link in the top part of the main application window.
► Select the Settings item from the context menu of the application icon.

In the top left part of the Settings window select Protection:
General protection settings

In the application settings window, in the General Settings subsection of the Protection Center
section, you can perform the following operations:
► enable/disable all protection components;
► select the interactive or automatic protection mode;
► disable or enable automatic launch of the application at the startup of the operating
system.
Enabling and disabling protection
By default, Kaspersky PURE 3.0 is started automatically at computer startup and protects your
computer during its operational session. After the application is started, all the application
components are enabled.
You can partially or entirely disable protection in Kaspersky PURE 3.0.
Kaspersky Lab experts strongly recommend not to disable protection as it may lead to your
computer infection and data loss. If you need to disable protection, you are recommended to
pause protection for the required period (see below).
When the protection is disabled, work of all protection components is disabled.
There are the following indications of disabled protection:
► Grey Kaspersky icon in the Taskbar notification area.
► Red banner in the main application window.

In this case, the protection is regarded as the set of protection components. Disabling or
pausing protection components does not affect the performance of virus scan tasks and
Kaspersky PURE 3.0 updates.
You can fully enable or disable protection from the application settings window.
To disable or enable protection, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select the General
Settings subsection.
3. Uncheck the Enable protection box if you need to disable protection. Check the box, if
you need to enable protection.

To disable or enable a protection component from the settings window, perform the following
actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select a component you
need to enable or disable.
3. In the right part of the window uncheck the box Enable , if you need
to disable the component. Check the box, if you need to enable the component.
Pausing and resuming protection
Protection pausing means disabling all application components for a specific time.
There are the following indications of protection pause:
► Grey Kaspersky icon in the Taskbar notification area.
► Red central part in the main application window.

In this case, the protection is regarded as the set of protection components. Disabling or
pausing protection components does not affect the performance of virus scan tasks and
Kaspersky PURE 3.0 updates.
Network connections established at the moment of protection pause will be terminated and a
corresponding notification will be displayed on the screen.
To pause computer protection, perform the following actions:
1. Select the Pause protection item from the context menu of the application.
2. In the Pause protection window select the required variant:
► Pause for the specified time — protection is automatically enabled after a specified
time interval.
► Pause until reboot — protection is enabled after the application is restarted or the
operating system is rebooted (if automatic startup of the application is enabled).
► Pause — protection is enabled only when you decide to resume it.

In order to resume protection, select the Resume protection item from the context menu of the
application icon.
You can resume protection this way (by selecting the Resume protection item from the context
menu of the application icon) irrespective of the ―pause protection‖ variant you have selected:
should it be the Pause, Pause until reboot or Pause for the specified time variant.
Selecting protection mode
By default, Kaspersky PURE 3.0 runs in automatic protection mode. In this mode the
application automatically applies actions recommended by Kaspersky Lab experts in response
to dangerous events. If you wish Kaspersky PURE 3.0 to notify you of all hazardous and
suspicious events in the system and to allow to decide which of the actions offered by the
application should be applied, you can enable interactive protection mode.
To select a protection mode, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select General Settings.
3. In the Interactive protection section uncheck or check the boxes you need:
► to enable interactive protection mode, uncheck the Select action automatically box;
► to enable automatic protection mode, check the Select action automatically box.

To prevent Kaspersky PURE 3.0 from deleting suspicious objects in automatic mode, check the
Do not delete probably infected objects box.
Enabling and disabling autorun
Automatic launch of the application means that Kaspersky PURE 3.0 launches after the operating
system startup. This is the default start mode.
In order to enable or disable the application autorun, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select General Settings.
3. To disable the application autorun, in the right part of the window in the Autorun section
uncheck the Launch Kaspersky PURE 3.0 at computer startup box. To enable the
application autorun, check the box.

Self-Defense
Kaspersky PURE 3.0 protects a computer from malware. Therefore, malware which penetrate
into the computer tries to block work of Kaspersky PURE 3.0 or remove the application from the
computer. Stable computer protection system is provided by the self-defense and disabling
external service control technologies of Kaspersky PURE 3.0.
Self-Defense of Kaspersky PURE 3.0 blocks outside attempts to modify or delete the application
files, memory processes and system registry records. The Disable external service control
option blocks all attempts to control services remotely.
On computers working under 64-bit operating systems and Microsoft Windows Vista only selfdefense
from attempts to modify or delete the application files, memory processes and system
registry entries is available.
Enabling and disabling self-defense
By default, Self-Defense of Kaspersky PURE 3.0 is enabled. If you need you can disable selfdefense.
In order to enable or disable self-defense of Kaspersky PURE 3.0, perform the following actions:
1. Open the main application window.
2. In the top part of the window click Settings.
3. In the left part of the window select Self-Defense in the Protection Center section.
4. In the right part of the window clear the Enable Self-Defense box if you need to disable
the application self-defense. Check the box if you need to enable self-defense.

Protection from external control
In the Self-Defense section you can disable external service control. If the option is enabled, all
attempts to control Kaspersky PURE 3.0 remotely are blocked.
In order to disable external service control, perform the following actions:
1. Open the main application window.
2. In the top part of the window click Settings.
3. In the left part of the window select Self-Defense in the Protection Center section.
4. In the right part of the window in the External control section clear the Disable
external service control box.

File Anti-Virus
What is File Anti-Virus
The file system may contain viruses and other malicious programs. Such malware may reside in
your file system for several years having once intruded your computer and not reveal themselves.
However once you open an infected file or, for example, try to copy it on the disk, the virus will
reveal itself.
The File Anti-Virus component monitors the computer file system and prevents infection of the
computer's file system. The component starts upon startup of the operating system, continuously
remains in the computer's RAM, and scans all files being opened, saved, or launched on your
computer and all connected drives.
Enabling/Disabling File Anti-Virus
To enable/disable File Anti-Virus, perform the following actions:
1. Open the application settings window.
2. In the Settings window in the Protection Center section select File Anti-Virus from the
list of components.
3. In the right part of the window perform the following actions:
► To enable the component, check the Enable File Anti-Virus box.
► To disable the component, uncheck the Enable File Anti-Virus box.
4. In the Settings window click the Apply button.
Operating algorithm of File Anti-Virus
By default, File Anti-Virus operates according to the following algorithm:

File Anti-Virus scans iChecker and iSwift databases (see details further) or information
about the intercepted file, and determines if it should scan the file, based on the
information retrieved.
The file is scanned for viruses. Based on the analysis, File Anti-Virus performs one of
the following actions:
► If malicious code is detected in the file, File Anti-Virus blocks the file, creates a
backup copy in the Backup storage and attempts to perform disinfection. If the
file is successfully disinfected, it becomes available again. If disinfection fails, the
file is deleted.
► If potentially malicious code is detected in the file, the file proceeds to disinfection
and then is sent to the special storage area called Quarantine.
► If no malicious code is discovered in the file, it is immediately restored.
Security levels of File Anti-Virus
The security level is defined as a preset configuration of the File Anti-Virus component settings
which provide a protection level to files and system memory. Kaspersky Lab specialists
distinguish three security levels. The decision of which level to select should be made by the user
based on the current situation.
► High. Set this level if you suspect that your computer has a high chance of being infected.
► Recommended. This level provides an optimum balance between the efficiency and
security and is suitable for most cases.
► Low. If you work in a protected environment (for example, in a corporate network with
centralized security management), the low security level may be suitable.
To change the security level, perform the following actions:
1. In the right part of the Settings window of the File Anti-Virus component set a security
level by dragging the vertical slider to the required position.
2. In the Settings window click the Apply button.

Actions to be performed by File Anti-Virus on detected threats
Default actions
By default program chooses the actions on detected objects itself.
If as a result of scan the program failed to define whether the object is infected or not, the object
is quarantined. Quarantine is a special storage, which contains objects that can be infected
viruses. Objects in the quarantine cannot harm your computer.
If as a result of the scan object is given the status of malicious software, File Anti-Virus will try to
disinfect it. If the disinfection is impossible, the object is deleted.
Before disinfecting or deleting of the object Kaspersky PURE 3.0 creates its backup in case there
is necessity to restore the object or in case the way to disinfect the object turns up. The storage
period for a backup copy makes 30 days.
Actions set by the user
You can set the action to be performed on detected threats by yourself. File Anti-Virus can
perform the following actions on detected threats:
► Disinfect;
► Delete;
► Delete if disinfection fails (appears if Disinfect option is enabled).

If the Disinfect variant is selected, the program functions the following way:
If the object can be disinfected, it will be disinfected and will return to the user.
If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined. If the option to scan quarantined files after each database update is
enabled, then when a new disinfection signature is received the quarantined object can
be disinfected and returned to the user.
If the virus status is assigned to the object and its disinfection is impossible, the object is
blocked and is added to the report about detected threats. If you want infected objects
which cannot be disinfected would be deleted check the Delete if disinfection fails box
(the box appears if the Disinfect option is enabled).
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be returned to the user after disinfection.
In order to select the necessary action, check the box next to the action and click the Apply
button to save the changes.
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible
► Delete if disinfection fails
In this case the program will perform the following actions over an object:

Disinfect, if disinfection is possible. After disinfection you can continue your work with the
object.
Quarantine, if the program failed to define if the object is infected or not. If the option to
scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and returned to
the user.
Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions for each object
You can also specify File Anti-Virus actions for every detected object individually. For this
enable interactive mode the following way:
1. In the left of the Settings window go to the Protection tab. In the left part of the window
select the General Settings subsection.
2. In the Interactive protection section, uncheck the Select action automatically box.
3. In the Settings window click the Apply button.
Interactive mode is enabled for the entire application. That is why when interactive mode is
enabled you will have to define an action for each object detected by any Kaspersky PURE 3.0
component.
How to specify action on detected threats
To specify an action on detected threats, please do the following:
1. In the left part of the Settings window select the File Anti-Virus component.
2. Make sure the Enable File Anti-Virus box is enabled in the right part of the window.
3. In the Action on threat detection section select an action on detected threats:
Prompt for action.

Select action:
o Disinfect.
o Delete (Delete if disinfection fails).
4. In the Settings click the Apply button.
If you have selected the Select action variant and have not selected any action, File Anti-
Virus will block dangerous objects and quarantine then, notifying the user of its actions
The Delete if disinfection fails box appears only if the Disinfect box is enabled.
Customizing security level in File Anti-Virus
To fine-tune the File Anti-Virus settings, in the Security level section click the Settings button.
The File Anti-Virus window will open.
Selecting file types scanned by File Anti-Virus

In the File Anti-Virus window on the General tab you can set/ select file types to be scanned by
File Anti-Virus. By default File Anti-Virus scans only potentially infected files (files into which a
virus can penetrate), started on all hard, removable and network drives.
You can select on your own the file types which should be scanned by File Anti-Virus for
viruses.
The following file types can be set for scan:
All files — File Anti-Virus analyzes all files irrespective of their name (for example,
―press-release‖) or extension (for example, «.doc»).
Files scanned by format — File Anti-Virus scans the internal header of a file to
determine the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file format
cannot be infected, the file is not scanned and is returned to the user. If a file format is
infectable, such file is scanned for viruses;
Files scanned by extension — File Anti-Virus scans files respective of their extension
(for example, files with the extensions .com, .exe, .sys, .bat, .dll and etc). The file format
is determined based on its extension. A file extension helps the user and software define
the type of data in the file.
When selecting the file type scanned by File Anti-Virus, consider the following peculiarities. For
example, the cyber-criminal can send a virus to your computer with a txt extension, though in
reality such file can be executable, renamed into a txt-file.
If the Files scanned by extension option is selected, then during scan such file will be skipped.
If the Files scanned by format option is selected, then in spite of the extension File Anti-Virus
will analyze the file header. In the result of scan it will become clear that the file has an exeformat.
Such file will be scanned for viruses.
Selecting File Anti-Virus protection scope
You can also specify location of the scanned files in the Protection scope section. In order to
add a new object to the scan scope, perform the following actions:
1. In the File Anti-Virus window click the Add link.

2. In the Select object to scan window select an object and click the Add button.
3. Once you have added all the necessary objects, in the Select object to scan window click
the OK button.
4. In the File Anti-Virus window click the OK button.
Scan methods of File Anti-Virus
By default, File Anti-Virus scans objects using signature analysis (bases with the description of
known threats and their disinfection methods). The component compares the object under scan
with the records in the base and defines whether the object is malicious. Since new malicious
objects appear daily, there is always some malware which are not described in the databases,
and which can only be detected using heuristic analysis. This method presumes the analysis of
the actions an object performs within the system. If its actions are typical of malicious objects, the
object is likely to be classed as malicious or suspicious.
In order to configure heuristic analysis, perform the following actions:

1. In the File Anti-Virus window go to the Performance tab.
2. In the Scan methods section specify the detail level 2 for heuristic analysis scan moving
the horizontal slider to the necessary position.
3. Click the OK button.
Optimization of files scan
To reduce the scan time and accelerate the application operation, you can configure scan of only
new and recently changed files, which were modified after the previous scan. For this, perform
the following actions:
1. In the File Anti-Virus window go to the Performance tab.
2. In the Scan optimization section check the Scan only new and changed files box.
2 The higher the detail level is, the more resources and time are needed for scan, however the more thorough the
analysis will be.

3. Click the OK button.
Setting scan of compound files
A compound file is structured storage for several other files. Examples of compound files are
archives and OLE-objects. A common method of concealing viruses is to embed them into
compound files (archives). To detect viruses that are hidden in this way a compound file should
be unpacked, which can significantly lower the scan speed.
To enable scan of archives, perform the following actions:
1. In the File Anti-Virus window go to the Performance tab.
2. In the Scan of compound files section, check the Scan archives box.
3. Click the OK button.
Installation packages (files to install software) and files containing OLE objects (objects (images,
texts, tables, drawings) created in one program but which can be opened using other programs)
are executed when they are opened, which makes them more dangerous than archives.
To enable scan of installer packages and embedded OLE-objects, perform the following actions:
1. In the File Anti-Virus window on the Performance tab in the Scan of compound files
section, check the corresponding boxes.
2. Click the OK button.

When large compound files are scanned, their preliminary unpacking may take a long period of
time. This period can be reduced by enabling unpacking of compound files in background mode
(while the user is working with other programs). If a malicious object is detected when processing
such a file, File Anti-Virus will notify you of this.
To scan compound files in background mode, perform the following actions:
1. In the File Anti-Virus window on the Performance tab in the Scan of compound files
section, click the Additional button.
2. In the Compound files window check the Extract compound files in the background
box.
3. In the Minimum file size field specify the minimum file size to be scanned in the
background. Files of smaller size are scanned in the normal mode.

To reduce access time to compound files, you can disable extracting of files whose size exceeds
the specified value. For this, perform the following actions:
1. In the Size limit section specify the maximum file size to be scanned. The setting is not
applied to scan of files extracted from archives.
2. Click the OK button.

Scan modes of File Anti-Virus
You can select one of four scan modes in File Anti-Virus:
► Smart mode.
► On access and modification (the application scans objects when they are opened or
modified).
► On access (the application scans objects only when they are attempted to open).
► On execution (the application scans objects only when they are attempted to run).
By default, Kaspersky PURE 3.0 uses smart mode, which determines if the object is subject to
scan, based on the actions performed on it. For example, when working with a Microsoft Office
document, File Anti-Virus scans the file when it is first opened and last closed. Intermediate
operations that overwrite the file do not cause it to be scanned.
To set a scan mode, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Scan mode section select the required scan mode.
3. Click the OK button.
iSwift и iChecker scan technologies
Intellectual technologies iChecker and iSwift allow accelerating work of File Anti-Virus.
Technologies achieve the highest efficiency sometime after installation of the product. These
technologies add to each other thus accelerating anti-virus scan of various objects in different file
and operating systems.
During the first scan with iChecker technology the check sum of an object is saved. Check sum
is a unique digital signature of an object (file) that allows identifying this object (file). Check sum
changes every time the object is modified. This information is saved in a special table. During the
next scan of an object the previous and current check sums are compared. If the check sum is
different the object should be scanned for a malicious code once again, if the check sum is the
same, the object is not scanned.
The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf, sys,
com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker to
scan the whole file, than to calculate its check sums.

The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier is
given to each object. This NTFS-identifier is compared with the values in the special iSwift
database. This algorithm considers the previous scan date. If from the moment of the first scan to
the last scan the same period or more passed then the object will be re-scanned. The object will
be also scanned in the case of the object settings were changed to stricter ones.
The technology is connected to a definite file location in the file system. If the file was copied /
relocated then it is scanned again.
In order to enable the use of iSwift and iChecker technologies, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Scan technologies section check the boxes iSwift Technology and iChecker
Technology.
3. Click the OK button.
Pausing File Anti-Virus
When carrying out resource-intensive works, you can pause File Anti-Virus. To reduce workload
and ensure quick access to objects, you can configure automatic pausing of the component at a
specified time. For this, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Pause task section check the By schedule box.
3. Click the Schedule button.

4. In the Pausing the task window in the fields Pause and Resume task at define the time
interval during which the component will remain inactive.
5. Click the OK button.
6. In the File Anti-Virus window click the OK button.
Additionally to disabling File Anti-Virus on schedule, you can configure disabling File Anti-Virus
when handling specified programs. For this, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Pause task section check the At application startup box.
3. Click the Select button.

4. In the Applications window click the Add link. Next, perform the following actions:
► Select an application from the Applications list;
or
► Click Browse and select an application using the browser window.
5. Having created the list of applications, click the OK button in the Applications window.
6. In the File Anti-Virus window click the OK button.
Rolling back to default settings of File Anti-Virus
You can always roll back to default File Anti-Virus settings. For this, perform the following
actions:
1. Close the File Anti-Virus window.
2. In the Settings window in the Security level section click the Default button.

3. Click the OK button to save the made changes.

Mail Anti-Virus
What is Mail Anti-Virus
Mail Anti-Virus from Protection Center of Kaspersky PURE 3.0 scans incoming and outgoing
messages for the presence of malicious objects.
The component scans all email sent or received on the POP3, SMTP, IMAP, MAPI and NNTP
protocols, as well as on secure connections (SSL) for POP3 and IMAP. 3
Enabling/disabling Mail Anti-Virus
By default the Mail Anti-Virus component is enabled. You can disable Mail Anti-Virus, if
necessary.
To enable or disable Mail Anti-Virus, do the following:
1. Open the main application window.
2. In the top right part of the window click the Settings button.
3. In the left part of the Settings window under Protection select Mail Anti-Virus.
4. In the right part of the Settings window:
► Uncheck the Enable Mail Anti-Virus box, to disable the component.
► Check the Enable Mail Anti-Virus box, to enable the component
5. In the Settings window click the Apply button.
Operation algorithm of Mail Anti-Virus
3 POP3, SMTP, IMAP, MAPI and NNTP are protocols intended for creation, receiving and transfer of e-mail.
SSL protocol provides secure transfer (encryption) of data by other protocols (example, POP3 and IMAP).

By default the mail protection functions according to the following algorithm:
1. Mail Anti-Virus intercepts each message the user sends or receives.
2. A mail message is parsed into basic components: message header (part of an e-mail
message which contains technical information and shows its route since its sending to the
receiving by the recipient’s server), body (the text of the message itself), attachments (files
attached to the message).
3. Message body and attachments (including attached OLE objects 4 are scanned for the
presence of threats. Recognition of the malicious objects is performed based on the
application databases 5, and the heuristic analysis 6 . The databases include the description
of all known malicious programs and the disinfection methods. Heuristic analysis allows to
detect new viruses whose description is not added to the virus database yet.
4. If a threat is detected, Kaspersky PURE 3.0 assigns one of the following statuses to the
found object:
► malicious program (such as a virus or Trojan);
► potentially infected (suspicious) status if the scan cannot determine whether the object
is infected or not. The file may contain a sequence of code appropriate for viruses, or
modified code from a known virus.
The application blocks a message, displays a notification about the detected threat and
performs the assigned action.
Changing Mail Anti-Virus actions to be performed on detected threats
By default the program itself defines an action to be performed over an infected object. If as a
result of scan the program failed to define whether the object is infected or not, the object is
quarantined.
If as a result of a scan Kaspersky PURE 3.0 assigns the status of a malicious program to the
object, Mail Anti-Virus will try to disinfect an infected object. If disinfection is impossible, the
object is deleted.
Before attempting to disinfect or delete an infected object, Kaspersky PURE 3.0 creates a backup
copy of it to allow later restoration or disinfection.
To make sure, Mail Anti-Virus performs default actions upon threat detection, do the following:
1. In the left part of the Settings window select Mail Anti-Virus.
2. In the right part of the window in the Action on threat detection section the Select action
automatically option should be enabled.
4 In this case OLE-objects are understood as graphic information implemented into the body of a message. For
example, images, Excel tables and graphs in the text (not in the mail attachment).
5 Databases are anti-virus databases which contain records about threats and network attacks, as well methods to
fight them. Protection components use these records when searching for dangerous objects on the computer and
disinfecting them.
6 Heuristic analysis is the analysis of the objects activity in the system. If such activity is typical for malicious
objects in this case an object under analysis will be recognized as suspicious or malicious. Analysis of the object
activity allows to detect a virus even if it has not been defined by virus analysts.

You can also define an action to be performed for detected threats. In this case the following
actions upon threat detection can be defined for Mail Anti-Virus:
► Prompt user for action
► Disinfect
► Delete
► Delete, if disinfection fails (this option appears if you checked the Disinfect box).

The Prompt for action option becomes available only when the interactive mode is enabled.
When interactive protection mode is set, Kaspersky PURE 3.0 will notify you of all dangerous or
suspicious events in the system and will prompt for an allowing or blocking actions.
You can find how to enable the interactive protection mode in the Selecting protection mode
chapter.
If the Disinfect variant is selected, the program functions the following way:
► If the object can be disinfected, it will be disinfected and will return to the user.
► If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined. If the option to scan quarantined files after each database update
is enabled, then when a new disinfection signature is received the quarantined object can
be disinfected and returned to the user.
► If the status of a virus is assigned to the object and its disinfection is impossible, the object
is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

In this case the program will perform the following actions over an object:
Disinfect, if disinfection is possible. After disinfection you can continue your work
with the object.
Quarantine, if the program failed to define if the object is infected or not. If the
option to scan quarantined files after each database update is enabled, then when a
new disinfection signature is received the quarantined object can be disinfected
and returned to the user.
Delete, if the virus status is assigned to the object and its disinfection is impossible.
If the Select action variant is chosen, but not action is enabled, then Mail Anti-Virus will block
dangerous objects and move them to quarantine notifying the user of its actions.
The Delete if disinfection fails variant appears only after the Disinfect option is enabled.
Security levels of Mail Anti-Virus
Different sets of the protection parameters (security levels) suit different working conditions. A
user can manually change these settings. Kaspersky Lab specialists distinguish three security
levels.
► When set at the high security level Mail Anti-Virus maximally scans e-mail messages. If
you work in a non-secure environment, the maximum security level will suit you the best.
An example of such environment is a connection to a free email service, from a network
that is not guarded by centralized email protection.
► Recommended. This level provides an optimum balance between the efficiency and
security and is suitable for most cases. This is also the default setting.
► Low. If you work in a well secured environment, low security level can be used. An
example of such an environment might be a corporate network with centralized email
security.
To change the security level, perform the following actions:
1. In the left part of the Settings window select the Mail Anti-Virus component.
2. Make sure, in the right part of the Settings window the Enable Mail Anti-Virus box is
checked.
3. In the Security level section configure the necessary security level.

4. In the Settings window click the Apply button.
If you are not satisfied with any preset security levels you can independently configure Mail Anti-
Virus settings. In this case when the settings are modified in the Settings window in the Mail
Anti-Virus section the security level changes to Other.
You can roll back to the recommended security level at any moment, set by default, by clicking
the Default button.
Customizing security level
By default, Mail Anti-Virus works with the settings recommended by Kaspersky Lab experts for
the optimal protection of your mail. However, you can customize the security level of Mail Anti-
Virus the following way:
1. In the Settings window select the Mail Anti-Virus component.
2. Make sure that Mail Anti-Virus is enabled (the Enable Mail Anti-Virus box is checked).
3. In the right part of the Settings window in the Security level section click the Settings
button.

The Mail Anti-Virus window will open.
Creating protection scope
By default, Kaspersky PURE 3.0 scans both incoming and outgoing mails.
If you are sure that outgoing mails are not infected, in this case you can configure scan of
incoming messages only.
Before you disable scan of outgoing mails you are advised to scan your computer for viruses,
because it is likely that there are mail worms on your computer which will propagate themselves
via email.
To disable scan of outgoing emails, please do the following:
1. In the Mail Anti-Virus window on the General tab in the Protection scope section check
the Incoming email only box.

2. In the bottom right corner of the window click the OK button.
3. In the Settings window click the Apply button.

Heuristic analysis
During Mail Anti-Virus operation, signature analysis is always used: Kaspersky PURE 3.0
compares the object found with the database records.
Additionally to the analysis based on the refilled anti-virus databases, heuristic analysis is added
to Mail Anti-Virus.
Essentially, the heuristic method analyzes the object's activities in the system. If those actions
are typical of malicious objects, the object is likely to be classed as malicious or suspicious. This
allows new threats to be detected before they have been analyzed by virus analysts.
You can select one of the three scanning levels of the heuristic analysis: light scan, medium
scan and deep scan. If you select deep scan mode the probability of threat detection is higher
but scanning takes longer. With the light scan enabled scanning is faster but the probability of
threat detection in that mode is somewhat lower. Only the medium scan mode provides optimal
combination of the detail level and scanning time.
By default, heuristic analysis is enabled. To enable or disable heuristic analysis in Mail Anti-
Virus, please do the following:
1. In the Mail Anti-Virus window on the General tab, in the Scan methods section make
sure the Heuristic Analysis box is checked. If you do not want to use this technology,
uncheck the box correspondingly.
2. Move the slider bar to select the scan method: light, medium, deep.
3. In the Mail Anti-Virus window click the OK button.
4. In the Settings window click the Apply button.
Scan of compound files
Compound files are a set of files and folders placed into one file (archive).
By default Kaspersky PURE 3.0 scans all compound files. However you should remember, that
the selection of compound files scan mode affects the performance of the computer.
You can enable or disable the scan of attached archives and limit the maximum size of archives
to be scanned in Mail Anti-Virus.
To configure Mail Anti-Virus scan settings, perform the following actions:

1. In the Mail Anti-Virus window on the General tab In the Scan of compound files section
check/uncheck the following boxes:
► Skip attached archives;
► Do not process archives larger than (limit the maximum size). The default size is 8
MB.
2. In the Mail Anti-Virus window click the OK button.
3. In the Settings window click the Apply button.
Filtering attachments
Malware is most often distributed in mail as objects attached to messages. Files of various
formats can be attached to a message. To protect your computer, for example, from automatic
launch of attached files, you can enable filtering of attachments, which can automatically rename
or delete files of specified types. Thus you can configure filtering of objects attached to an email
message using Mai Anti-Virus and to prevent penetration of malicious software onto your
computer.
If you access the Internet directly without a proxy server or a firewall, you are advised not to
disable scanning of attached archives.
To configure filtering of attached objects in Mail Anti-Virus, please do the following:
1. In the Mail Anti-Virus window go to the Attachment filter tab.
2. Select the filtering mode for attachments:
► Disable filtering;
► Rename selected attachment types;
► Delete selected attachment types.
When you select the modes Rename or Delete attachments, select the necessary file
types (extensions) in the list or add a mask to select a new type. To add a new type of
mask, click the Add link. In the Input file name mask window enter the mask and click the
OK button.

3. In the Mail Anti-Virus window click the OK button.
4. In the Settings window click the Apply button.
Configuring embedded plug-ins for Microsoft Office Outlook and The Bat!
Integration of Mail Anti-Virus into the system allows the application plug-ins to embed into the
mail clients Microsoft Office Outlook and The Bat!.
Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2003/2007
When installing Kaspersky PURE 3.0, a special plug-in is installed in Microsoft Office Outlook.
It allows you to configure Mail Anti-Virus settings quickly, and determine when email messages
will be scanned for dangerous objects. The plug-in comes in the form of Email protection tab.
To go to the tab in the mail client, do the following:
1. Open the main window of Microsoft Office Outlook.
2. In the main application menu select Tools -> Options.

3. In the Options window go to the Email protection tab and specify the necessary scan
mode.
► Scan upon receiving;
► Scan when read;
► Scan upon sending.

4. Click the OK button to save the made changes.
Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2010
To go to the Mail Anti-Virus tab from Microsoft Office Outlook 2010, perform the following
actions:
1. Open the main window of Microsoft Office Outlook.
2. Go to the File menu.
3. In the File menu select the Options item.

4. In the Outlook Options window go to the Add-ins section.
5. In the right part of the Outlook Options window in the Add-in Options section click the
Add-in Options button.
6. In the Add-in Options window on the Email protection tab specify the necessary scan
mode:
► Scan upon receiving;
► Scan when read;
► Scan upon sending.
7. Save the made the changes by clicking the OK button.

Installing Mail Anti-Virus plug-in in The Bat!
If The Bat! is installed as a mail client on the computer, then actions on infected email objects in
The Bat! are defined using the application's own tools. Mail Anti-Virus settings extend to the
scanning of attached archives only.
Note that incoming email messages are first scanned by Mail Anti-Virus and only after that – by
the plug-in of The Bat!. If you select the Disinfect (Delete) action upon detection of a malicious
object, actions aimed at eliminating the threat will be performed by Mail Anti-Virus. If you select
the Ignore option, the object will be disinfected by the plug-in of The Bat!.
When sending email messages, they are first scanned by The Bat! plug-in and then - by Mail
Anti-Virus.
To set up email protection rules in The Bat!, do the following:
1. Open the main The Bat! window.
2. In the Options menu select Preferences.

3. In the settings tree select Anti-Virus. In the right part of the window specify the necessary
settings of mail scan.
Disabling embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Outlook or
The Bat!
To disable embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Office Outlook
or The Bat!, do the following:
1. Open the main window of Kaspersky PURE 3.0.
2. In the top right corner of the window click the Settings button.
3. In the left part of the Settings window on the Protection tab select the Mail Anti-Virus
component.
4. In the right part of the window in the Security level section click the Settings button.

5. In the Mail Anti-Virus window go to the Additional tab.
6. Clear the box:
► Additional: Microsoft Office Outlook plug-in, if you are using Microsoft Office
Outlook.
► Additional: The Bat! Plug-in, if you are using The Bat!.

7. In the Mail Anti-Virus window click the OK button.
8. In the Settings window click the Apply button.

Scan of SMTP, POP3, NNTP, IMAP mail traffic
By default, Mail Anti-Virus in Kaspersky PURE 3.0 scans a stream of mail messages using
protocols SMTP, POP3, NNTP, IMAP in the ―real-time‖ mode, i.e. while receiving them. If you
disable protocol scan, mail will only be scanned after it is received (after it is loaded from the
server onto your computer).
To disable traffic scan of these protocols by Mail Anti-Virus in the ―real-time‖ mode, perform the
following actions:
1. In the right part of the Settings window in the Security level section of the Mail Anti-
Virus component click the Settings button.
2. In the Mail Anti-Virus window go to the Additional tab.
3. On the Additional tab uncheck the box POP3/SMTP/NNTP/IMAP traffic.

4. In the bottom right corner of the window click the OK button.
5. In the Settings window click the Apply button.
Working features with Microsoft Outlook and Mozilla Thunderbird version 1.5 and above
Microsoft Office Outlook
IMAP4 is a standard protocol to access your e-mail. With IMAP4 email is stored on the IMAP
mail server and can be accessed from any email client on the network. The mail client gets
access to the user’s email on the server and works with this mail as if it were stored on the user’s
computer. E-mail messages can be managed from the user’s computer and files with the full
content of the message are not constantly sent to server and back.
In Kaspersky PURE 3.0 when the mail is scanned by the protocol IMAP4 in Microsoft Office
Outlook by default before scan all messages are downloaded on the computer locally as a result
the Internet traffic may increase.
In order Mail Anti-Virus would not scan these messages on delivery but would scan them only
on read, do the following:
1. Open the mail client Outlook MS Office.
2. In the upper menu select Tools -> Options.
3. In the Options window go to the Email protection tab.
4. Uncheck the Scan upon receiving box.
5. Check the Scan when read box.

6. Click the OK button.
Mozilla Thunderbird version 1.5 and above
If a mail client Mozilla Thunderbird version 1.5 or above is installed, then a default filter is
embedded into the mail which allows to receive messages by IMAP protocol by chunks. For the
mail to be scanned correctly by Mail Anti-Virus from Kaspersky PURE 3.0 a message should be
received as a whole.
For the mail to be received as a whole it is recommended to specify the following parameters in
Mozilla Thunderbird version 1.5 or above, perform the following actions:
1. Open Mozilla Thunderbird.
2. In the upper menu Tools -> Options.
3. In the Options window click the Advanced button.
4. On the General tab click the Config Editor button.
5. In the about:config window click the I’ll be careful, I promise! button.
6. In the Filter field enter CHUNK.
7. Right-click the filter mail.server.default.fetch_by_chunks.
8. In the context menu select Toggle.
9. Make sure the Value field has changed from True to False.
10. Right-click the filter mail.imap.chunk_add.
11. In the context menu select Change.
12. Change the value to "0".
13. Click the OK button.
14. Click OK to close the Options window.

Note that when working with Mozilla Thunderbird mail client, email messages transferred via
IMAP will not be scanned for viruses if any filters moving messages from the Inbox folder are
used.
Rolling back to Web Anti-Virus default settings
You can always roll back to the default Mail Anti-Virus settings. For this, do the following:
1. Close the Web Anti-Virus window.
2. In the Settings window in the Security level section click the Default button.
3. Click the OK button, to save the made changes.

Web Anti-Virus
What is Web Anti-Virus
Surfing the Internet you may be at risk of getting a virus infection. Such malicious programs can
penetrate your computer during download of free programs or while browsing the information on
the knowingly safe sites which have undergone a hacker attack before your visit. More than that
network worms can penetrate your computer even before you open a web-page or download a
file – directly during the connection establishment.
Web Anti-Virus has been specially designed to prevent such infections. This component
protects the information which gets onto your computer by HTTP, HTTPS and FTP protocols and
also prevents dangerous scripts execution.
Enabling/disabling Web Ant-Virus
The Web Anti-Virus component is enabled by default.
To enable or temporarily disable Web Anti-Virus, perform the following actions:
1. Open the main application window.
2. In the top right corner of the window click the Settings button.
3. In the left part of the Settings window under Protection select Web Anti-Virus.
4. In the right part of the Settings window:
► Uncheck the Enable Web Anti-Virus box, to disable the component.
► Check the Enable Web Anti-Virus box, to enable the component.

5. In the Settings window click the Apply button.
Working algorithm of Web Anti-Virus
Web Anti-Virus has the following working algorithm:
1. Each web-page or file, the user/program addresses to, is intercepted and analyzed by Web
Anti-Virus. Recognition of malicious objects is based on the anti-virus bases and the
heuristic analyzer.
2. If a web page or an object to each the user addresses contains a malicious code then access
to the page/object is blocked. A corresponding notification message explaining that the
required object or page is infected is displayed on the screen.
In automatic mode In interactive mode
If a file or a web page does not contain a malicious code such objects/pages are immediately
returned to the user.
Scripts are scanned by the following algorithm:
1. Each executable script is intercepted by Web Anti-Virus and analyzed for a malicious code.
2. If the script contains any malicious code, then Web Anti-Virus blocks the script and notifies
the user of it with a special message.
3. If no malicious code is detected in the script, such script is executed.
Web Anti-Virus only intercepts the scripts based on Microsoft Windows Script Host technology.
Security levels of Web Anti-Virus
Web Anti-Virus can work in several modes – security levels. A security level is a set of
predefined parameters of Web Anti-Virus which provides a level of data security that are
received and transferred by HTTP, HTTPS and FTP protocols.
Kaspersky Lab experts have developed three security levels:
► If no HTTP security tools – firewall or proxy-server – are installed on your computer, use
High security level.

► If you work in the protected environment (for example, a firewall is installed on your
computer and you connect to the Internet via a corporate proxy-server), then set a Low
security level.
► Recommended is the optimal security level as it rationally uses system resources and
provides secure protection. This security level suits most cases.
Select a security level which best suits your situation.
In order to change the security level, simply drag the vertical slider to the needed position.
If you have already added some changes to the predefined settings you can always roll back to
the default Web Anti-Virus settings by clicking the Default button.
Customizing security level
Checking suspicious and phishing URLs by Web Anti-Virus
Web Anti-Virus scans web traffic for viruses and checks if the links are included in the list of
suspicious web-address and to the list of phishing 7 web addresses.
7 Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an
almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to
disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the
criminal to use the details to obtain money.

To make sure the settings are active, in the Web Anti-Virus window click the Settings button
and see that on the General tab under Kaspersky URL Advisor the following boxes are
checked:
► Check if URLs are listed in the database of suspicious URLs.
This box enables/disables the option to check whether links are included in the list of
suspicious web addresses from the black list. The list is created by Kaspersky Lab
specialists.
► Check web pages for phishing.
The lists of phishing addresses are included in to Kaspersky PURE 3.0 distribution kit.
Since the link to a phishing site may be received not only in an email message but in any
other way, for example, in the text of an ICQ message, Web Anti-Virus component traces
the attempts of accessing a phishing site at the level of HTTP traffic scan, and blocks
them.
Additionally to the analysis based on the refilled phishing databases, heuristic analysis is added
to Web Anti-Virus. Heuristic Analysis allows to evaluate the information about an internet
resource, for example presence of signs typical of phishing resources in the URL addresses. As
a result, if these signs are detected, the resource is defined as phishing and access to it is
blocked, even if the resource is not yet added to the phishing database.
To enable the heuristic analysis for scan of web pages for phishing, click the Additional button in
the Kaspersky URL Advisor section, check the corresponding box and set the required detail
level of scan.

Heuristic Analyzer
Heuristic Analysis allows to trace activity of an objects in the system. If the tool finds the activity
suspicious, then most probably the objects will be defined as malicious or suspicious, even if its
malicious code is not known to virus analysts.
Upon detection of a suspicious object, Kaspersky PURE 3.0 will notify you of it and offer to apply
a corresponding action to the detected object.
You can select one of the three scanning levels of the heuristic analysis:
► light scan
► medium scan
► deep scan
The higher the detail level, the more resources and time the scan takes, and the higher is the
probability of threat detection.
By default, heuristic analysis is enabled and the detail level is set to medium.
To enable heuristic analyzer, on the General tab in the Heuristic Analysis section check the
Use Heuristic Analysis box. In the field below specify the required level by moving the
horizontal slider to the necessary position. Uncheck the Use Heuristic Analysis box, if you do
not want to use this method.

Scan optimization
To detect malicious code more efficiently, Web Anti-Virus buffers fragments of objects
downloaded from the Internet.
When Web Anti-Virus scans objects downloaded by HTTP and FTP traffic, the user may
experience a delay while accessing the file. This delay is caused by the operational algorithm of
Web Anti-Virus: first, all fragments are saved into cache memory, then are analyzed for viruses
and then depending on the analysis result are either returned to the user or blocked.
To accelerate access to the object, we suggest limiting the caching time for web object fragments
downloaded from the Internet. When the specified time expires each downloaded fragment of a
file is given to the user not scanned, and the object is scanned by Web Anti-Virus, when it is
fully copied.
Disabling limitation of the caching time leads to enhanced efficiency of the anti-virus scan but
at the same time slows down access to the object.
To limit traffic caching time or to disable this limitation, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
opens.
4. To set the restriction, on the General tab in the Additional section check the Limit traffic
caching time to 1 sec to optimize scan box. If you need to disable restriction, uncheck
the box.

Kaspersky URL Advisor
Web Anti-Virus in Kaspersky PURE 3.0 includes Kaspersky URL Advisor.
This module checks if links located on the webpage belong to the list of suspicious and phishing
web addresses. You can
► create a list of web addresses whose content will not be checked for the presence of
suspicious or phishing URLs;
► create a list of web sites whose content must be scanned;
► completely exclude scan of URLs.
Kaspersky PURE 3.0 features expanded URL Advisor compatibility with browsers. The following
browsers are now fully supported:
► Internet Explorer 8, 9, 10
► Mozilla Firefox 9.x-12.x
► Google Chrome15.x-17.x
► Opera 12.61
To create a list of websites whose content will not be scanned for the presence of suspicious or
phishing URLs, on the Safe Surf tab in the Kaspersky URL Advisor section uncheck the Check
URLs box.
To configure scan settings and select categories of web sites where Web Anti-Virus should scan
URLs, do the following:
1. Open the application settings window.
2. In the left part of the window in the Protection section select Web Anti-Virus.

3. In the right part of the window click the Settings button. The Web Anti-Virus window will
open.
4. In the Web Anti-Virus window go to the Safe Surf tab.
5. Make sure the Kaspersky URL Advisor module is enabled (the Check URLs box is
checked).
6. In the Kaspersky URL Advisor section click the Settings button.
7. In the Kaspersky URL Advisor settings window do the following:
a. In the Scan mode section select a variant to check URLs:
• All URLs;
• Only URLs in search results.

. In the Website categories section do the following:
• Make sure the box Show information on the categories of website content is
selected.
• Use the links Select all / Clear all, to select or clear all categories of websites on
which Web Anti-Virus should check URLs.
• Select the website categories where Web Anti-Virus should check URLs.

The URL Advisor module can function in two modes: check links on all web sites except the sites
added to exclusions, or check only web sites specified in the list.
In order Kaspersky URL Advisor would check all web sites, except those added to exclusions,
perform the following actions:
1. In the Web Anti-Virus window in the Kaspersky URL Advisor section check the Check
URLs box.
2. Select the All but the exclusions variant and click the Exclusions button.

3. In the Exclusions window create the list of web addresses whose contents should not
scanned for suspicious or phishing URLs.
4. Click the OK button in the Exclusions window.
For Kaspersky URL Advisor to scan only the sites specified by you, perform the following
actions:
1. On the Safe Surf tab in the Kaspersky URL Advisor section check the Only web sites
from the list box and click the Specify button.

2. In the Checked URLs window create the list of web addresses whose content should be
scanned for suspicious or phishing URLs.
3. Click the OK button in the Checked URLs window.
4. In the Web Anti-Virus window click the OK button to save the made changes.
The Kaspersky URL Advisor options mentioned above can be set either in the Web Anti-Virus
window or in the module settings widow opened in the web browser. To open the module settings
window from the web browser window, click the button with the Kaspersky PURE 3.0 icon
from the tool panel of the browser.

Blocking access to dangerous websites
Web Anti-Virus in Kaspersky PURE 3.0 contains a special module Block dangerous websites.
The module is designed to provide safe Internet surfing by restricting access to unsecure web
resources. This module blocks access to websites which have been considered as suspicious or
phishing by Kaspersky URL Advisor.
To block access to dangerous web sites, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window will
open.
4. In the Web Anti-Virus window on the Safe Surf tab in the Blocking Dangerous
Websites section check the Block dangerous websites box.

5. Click the OK button, to save the made changes.
Controlling access to regional web domains
Depending on the user's choice, Web Anti-Virus in the Geo Filter mode can block or allow
access to websites on the grounds of their belonging to regional web domains. This allows you,
for example, to block access to websites which belong to regional domains with a high risk of
infection.
To allow or block access to web sites which belong to specified domains, perform the following
actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window will
open.
4. On the Geo Filter tab check the Enable filtering by regional domains box and specify in
the list of controlled domains below which domains should be allowed or blocked, and for
which ones the application should request access permission using a notification. For this:
a) Select a domain which should be allowed, blocked or prompted for action.
b) Click the button Allow, Block or Prompt. The corresponding icon will
appear in the Access column.
By default, access is allowed for regional domains that match your location.
Access permission request is set for other domains by default.
5. Click the OK button.
Creating the list of trusted URLs
You can create a list of web addresses whose content you trust unconditionally. In this case Web
Anti-Virus will not analyze information from these URL addresses for dangerous objects. You

can use this option, for example, if Web Anti-Virus prevents download of a file from a known
web site.
To create the list of trusted URLs, perform the following actions:
1. In the right part of the Web Anti-Virus settings window click the Settings button.
2. On the Trusted URLs tab check the Do not scan web traffic from trusted URLs box
and create the list of trusted addresses whose content you trust. For this:
a) Click the Add button.
b) In the Address mask (URL) window enter an address, whose content you trust.
For example, kaspersky.com.
c) Click the OK button.
If you want to exclude an address from the trusted list, you do not have to delete an address from
the list, unchecking an address will be sufficient.
3. In the Web Anti-Virus window click the OK button.

Changing Web Anti-Virus actions on detected threats
The Action on threat detection section allows you to select an action to be performed by Web
Anti-Virus if scanning web traffic reveals that it contains malicious code. By default the section
contains the following options:
► If automatic protection mode is enabled the application decides on its own what action
to perform upon a threat detection. In this case, check the Select action automatically
box. Kaspersky PURE 3.0 will automatically apply an action recommended by Kaspersky
Lab.
► If interactive protection mode is enabled, then you can decide yourself what action the
application should perform upon a detected threat. In this case, check the Prompt for
action box. Kaspersky PURE 3.0 will inform you of all dangerous or suspicious events in
the system and will prompt for an allowing or blocking action.

► Block download (Web Anti-Virus blocks access to the object and displays a message on
the screen informing that the required object is infected).
► Allow download (Web Anti-Virus allows you to download the object. Once the object is
downloaded onto your computer, it will be scanned by File Anti-Virus and Proactive
Defense).
To modify an action that Web Anti-Virus should perform upon threat detection:
1. If the automatic protection mode is set, in the right part of the component settings window
in the Action on threat detection section select an action:
► Select action automatically
► Block download
► Allow download
2. If the interactive protection mode is set, in the right part of the component settings window
in the Action on threat detection section select an action:
► Prompt for action
► Block download
► Allow download
3. Click the OK button, to save the made changes.

IM Anti-Virus
What is IM Anti-Virus
IM Anti-Virus is designed to provide secure work with the instant messaging clients (hereafter
Internet pagers) such as ICQ, AIM, Jabber, Google Talk and etc.
IM messages may contain links to suspicious web sites and to the web sites deliberately used by
hackers to organize phishing attacks 8 . Malicious programs use IM clients to send spam
messages and links to the programs (or the programs themselves), which steal users' ID
numbers and passwords.
Enabling/Disabling IM Anti-Virus
In order to enable or disable the IM Anti-Virus component, do the following:
1. Open the application settings window.
2. In the left part of the window under Protection select the IM Anti-Virus component.
3. In the right part of the Settings window perform the following actions:
► If you want to disable the component, uncheck the Enable IM Anti-Virus box.
► If you want to enable the component, check the Enable IM Anti-Virus box.
4. In the Settings window click the Apply button.
8 Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an
almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to
disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the
criminal to use the details to obtain money.

Operation algorithm of IM Anti-Virus
By default the protection of traffic of the Internet-pagers is performed according to the following
algorithm:
1. Each incoming and outgoing message is intercepted by the component.
2. IM Anti-Virus checks each message for the presence of dangerous objects or URLs
included to the databases of suspicious or phishing web-addresses.
3. If a threat is detected in a message, IM Anti-Virus substitutes this message with a
warning message for the user. If no security threats are detected in the message, such
message becomes available for the user.
Traffic is scanned based on a certain combination of settings. Your IM traffic protection level is
determined by a group of settings. The settings can be broken down into the following groups:
► Settings creating the protection scope;
► Settings determining the scan methods.
Creating a protection scope of IM Anti-Virus
Protection scope is understood as the type of messages (incoming and outgoing) to be scanned.
If you select the Incoming and outgoing messages option, IM Anti-Virus will scan all incoming
and outgoing messages.
If you are sure that messages sent by you cannot contain any dangerous objects, you may
disable the scan of outgoing traffic by selecting the Incoming messages only option. In this
case IM Anti-Virus will scan incoming messages only.
In order to create a protection scope of IM Anti-Virus, do the following:
1. In the Protection scope block select one of the options:
► Incoming and outgoing messages.
► Incoming messages only.

2. Click the Apply button.
Selecting the scan methods of IM Anti-Virus
For more efficient work with the Internet pager the following scan methods are implemented in
the IM Anti-Virus component:
► Check if URLs are listed in the database of malicious URLs. IM Anti-Virus will scan
the links inside the messages to identify if they are included in the black list (this list is
supplemented by Kaspersky Lab experts).
► Check if URLs are listed in the database of phishing URLs. The databases include all
the sites currently known to be used for phishing attacks. Your local copy of this list is
updated when you update databases.
► Heuristic Analysis. The technology analyzes activity that an object performs in the
system. When using heuristic analysis, any script 9 included in an IM client's message is
executed in a protected environment.
You can select one of the three scanning levels of the heuristic analysis: light scan, medium
scan and deep scan.
► If you select deep scan mode the probability of threat detection is higher but scanning
takes longer.
► With the light scan enabled scanning is faster but the probability of threat detection in that
mode is somewhat lower.
► Only the medium scan mode provides optimal combination of the detail level and
scanning time.
In order to use the described options, do the following:
1. In the settings window of the IM Anti-Virus component, in the Scan methods section
check the boxes:
► Check if URLs are listed in the database of malicious URLs;
► Check if URLs are listed in the database of phishing URLs;
► Heuristic Analysis (below set the detail level for scan by dragging the slide-bar).
9 Script is a small computer program or an independent part of the program (function) written to execute a specific
task. Scripts are often included to the web pages to enhance their possibilities and are executed when the web page
is opened by the Internet browser.

2. Click the Apply button.

Application Control
What is Application Control
Kaspersky PURE 3.0 prevents applications from performing actions that may be dangerous for
the system, and ensures control of access to operating system resources and your identity data
with the help of the following tools:
► Application Control. The component tracks actions in the system performed by
applications installed on the computer, and regulates them based on the rules of
Application Control. These rules regulate potentially dangerous activity, including
applications' access to protected resources.
► Protection of identity data and operating system resources. Application control
monitors the rights of applications to perform actions with user’s identity data. Identity data
include files, folders and registry keys, containing operational settings and important data
of the most frequently used applications, as well as the user files (the My Documents
folder, cookies files, data about the user activity).
Operational algorithm of Application Control
At the first startup of an application on the computer, the Application Control component verifies
its safety and includes it into one of the trust groups. The trust group defines the rules that
Kaspersky PURE 3.0 should apply to control the activity of this application. Rules of Application
Control is a set of rights of access to the computer resources and restrictions posed on various
actions being performed by applications on the computer.
When calculating the threat rating Application Control can also use the Kaspersky Security
Network (KSN) database. The data received with the help of KSN allow more accurately to
define an application to this or that trusted group and apply optimal application control rules.
Application Control has been revamped in Kaspersky PURE 3.0: the application now checks
the reputation of not only executable files but also application components (for example, dynamic
libraries – DLL files).
When the application is restarted, Application Control checks its integrity. If the application has
not been changed, the component applies the current rule to it. If the application has been
modified, Application Control re-scans it as at the first startup.
Enabling/disabling Application Control
By default, Application Control is enabled, functioning in the mode developed by Kaspersky
Lab specialists. However, you can disable it, if required.
To enable or disable Application Control, perform the following actions:
1. Open the main application window.
2. In the top right corner of the window click the Settings link.
3. In the left part of the window under Protection select the Application Control component.
4. In the right part of the window perform the following actions:
► If you need to disable the component, uncheck the Enable Application Control
box.
► If you need to enable the component, check the Enable Application Control box.

5. In the Settings window click the Apply button.
Loading rules from Kaspersky Security Network (KSN)
By default, for the applications found in the Kaspersky Security Network database the component
applies rules loaded from the KSN database.
If at the first application launch the application’s entry was not added to the Kaspersky Security
Network database but the entry was added later, Kaspersky PURE 3.0 will automatically update
the application control rules.
To make sure that loading of rules from Kaspersky Security Network is enabled, perform the
following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control component.
3. In the right part of the window in the Restrict applications section make sure the Load
rules for applications from Kaspersky Security Network (KSN) box is checked.
You can see if update of Kaspersky Security Network rules for previously unknown applications is
also enabled: in the right part of the window in the Restrict applications section the Update
rules for previously unknown applications from KSN box should be checked.

Placing applications into groups
At the first startup of an application on the computer, the Application Control component verifies
its safety and searches the internal database of known applications for a matching entry, and
then sends a request to the Kaspersky Security Network database or having a digital signature 10 .
After search Application Control places the application into one of the following trusted groups:
► Trusted. Applications with digital signatures of trusted vendors and applications signatures
of those are included to the trusted applications database. Applications of that group are
allowed to perform any network activity. Activities of such applications are monitored by
File Anti-Virus.
► Low Restricted. Applications are without digital signatures of trusted vendors and are not
included to the trusted applications database. Nevertheless, the low risk rating 11 is
assigned to such applications. Applications of that group are allowed to perform some
operations, to manage the system, hidden access to the network. Most operations require
user authorization.
► High Restricted. Applications without digital signatures and which are not included to the
trusted applications database. The high risk rating is assigned to such applications.
Applications of this group require user authorization for most activities in the system; some
actions, however, are restricted for these applications.
10 Digital signature is an electronic security mark which carries the information about the software vendor and
shows if the software was changed after the signing (i.e. after release). If software is signed by its vendor and the
signature authenticity is verified by the certificate center, then you can be sure that the software is authentic and was
not modified.
11 Risk rating is an indicator of the application danger for the system. The risk rating is calculated based on definite
criteria.

► Untrusted. Applications without digital signatures and which are not included to the
trusted applications database. Very high risk rating is assigned to such applications.
Application Control blocks any activity of such applications.
Applications with the digital signature of trusted vendors and applications whose records are
added to the database of trusted applications are automatically included into the Trusted group.
To disable the automatic inclusion of applications into the Trusted group, perform the following
actions:
1. In the right part of the window of the Application Control component in the Restrict
applications section, uncheck the Trust applications with digital signature box.
2. In the Settings window click the Apply button.
If an application record is not included into Kaspersky Security Network database and the
application does not have a digital signature, then Kaspersky PURE 3.0 uses the heuristic
analysis 12. The analysis helps defining the threat rating of the application based on which it is
included into a group.
To use the heuristic analysis for distributing unknown applications by groups, perform the
following actions:
1. In the Restrict applications section select the Use the heuristic analysis to determine
group 13 option.
2. In the Settings window click the Apply button.
12 Heuristic analysis is analysis of objects activity in the system. If the activity is typical of malicious objects in this
case the object under analysis will be defined as suspicious or malicious. Analysis of the object activity allows to
detect a virus even if it has not been defined by virus analysts.
13 By default, the heuristic analysis is enabled.

Instead of using the heuristic analysis, you can specify a group into which Kaspersky PURE 3.0
should automatically include all unknown applications. For this, perform the following actions:
1. In the Restrict applications section select the Move to the following group
automatically option and in the drop-down menu select the necessary group:
► Low Restricted;
► High Restricted;
► Untrusted.
2. In the Settings window click the Apply button.
By default, Application Control analyzes an application for 30 seconds. If this time interval turns
out to be insufficient for defining the threat rating, the application is included into the Low
restricted group, while defining the threat rating continues in background mode. After that, the
application is finally included into another group. If you are sure that all applications started on
your computer do not pose any threat to its security, you can decrease the time spent on

analysis. If, on the contrary, you are installing the software and are not sure that this is safe, you
are advised to increase the time for analysis.
To change the time allowed for calculation of the application group, perform the following actions:
1. In the right part of the settings window of the Application Control component in the
Restrict applications section edit the value of the Maximum time to determine the
application group setting.
2. In the Settings window click the Apply button.
Application control rules
Rules of Application Control is a set of rights of access to the computer resources and
restrictions posed on various actions being performed by applications on the computer.
The following component reactions are possible:
► Inherit. Application or group inherits the reaction from the parent group. This is a default
reaction.
► Allow. Application is allowed to perform an action with the resource.
► Deny. Application is not allowed to perform an action with the resource.
► Prompt for action. Application Control prompts the user for granting access to the
resource for an application.
► Log events. In addition to the specified reaction, Application Control records in the
report information about the application's attempts to access the resource. Adding
information to a report can be used in combination with any other action of the component

Editing the group rule
By default, optimal access rights to computer resources are set for different trust groups in
Kaspersky PURE 3.0. However you can edit preset rules for each group of application.
To change the preset group rule, do the following:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the necessary group from the list and click the Edit
button in the top part of the window.

5. In the Group rules window go to the tab which corresponds the necessary category of
resources (Files and System registry, Rights).

6. Select the required resource and right-click the corresponding action, in the context menu
of an action set the necessary value (Allow, Block or Prompt for action).

7. Click the OK button, to save the changes.
Editing rules for an individual application
Application Control logs actions performed by each application in the system, and manages its
activity based on the group it belongs to. When an application accesses a resource, the
component checks if an application has the required access rights, and performs the action
determined by the rule.
To edit rules for an individual application, perform the following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window click the Applications button.

4. In the Applications window select the necessary program from the list and click the Edit
button in the top part of the window.

5. In the Application rules window go to the tab which corresponds the necessary
category of resources (Files and System registry, Rights).
6. Select the required resource and right-click the corresponding action, in the context menu
of an action set the necessary value (Allow, Block or Prompt for action).

7. Click the OK button, to save the changes.
You can disable application of group rules to control access to selected categories of protected
resources. Application access to such resources will be regulated by the application rules.
To disable inheritance of group rules to access resources, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Application Control component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the necessary program from the list.
5. Click the Edit button in the top part of the window.
6. In the Application rules window go to the tab which corresponds the necessary category of
resources (Files and System registry, Rights).
7. Select the required resource and right-click the corresponding action, in the context menu of
an action select the Inherit item.

8. Click the OK button, to save the changes.
Application rules have a higher priority than group rules.
For example, if an application rule allows the Internet access, and in the rules of the group, into
which the application is included, the Internet access is denied, in this case the application will
get access to the system resources.
Setting exclusions
You can also exclude some actions form the application rules. Kaspersky PURE 3.0 will not
control actions added to the application exclusions.
To add exclusion to the application rule, perform the following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the application from the list and click the Edit button in
the top part of the window.
5. In the Application rules window go to the Exclusions tab.
6. Check the actions which should not be controlled.

7. Click the OK button, to save the changes.
When excluding network traffic of the application you can configure additional exclusion settings,
such as remote IP-addresses or network ports.
Inheriting restrictions of the parent process
Application startup may be initiated either by the user or by another application running. If the
startup is initiated by another application, it creates a startup procedure including parent and child
applications.
A parent application is an application which initiated startup of another application.
A child application is an application whose startup was initiated by another application.
When an application attempts to obtain access to a protected resource, Application Control
analyzes the rights of all parent processes of this application, and compares them to the rights
required to access this resource.
Access right priority:
► Allow. An application or group is allowed to perform an action with the resource. Access
right data has the highest priority.
► Prompt for action.
► Block. An application or group is blocked from performing any actions with the resource.
Access right data has the lowest priority.
You should modify the rights of a parent process only if you are absolutely certain that the
process' activities do not threaten the security of the system.
To disable inheritance of restrictions from the parent process, perform the following steps:
1. Open the Settings window.

2. In the left part of the window, in the Protection Center section, select the Application
Control component.
3. In the right part of the window, click the Applications button.
4. In the Applications window, select the required application from the list.
5. Click the Edit button.

6. In the Application rules window go to the Exclusions tab.
7. Check the Do not inherit restrictions from the parent process (application)
box.

Modifying the storage time for rules
By default, the rules for applications which have not been started for the 60 days are deleted
automatically.
You can modify the storage time for rules for unused applications, or disable rules' automatic
removal.
To set the storage time for rules, perform the following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window in the Additional section check the Delete rules for
applications that are not started for more than box and enter the number of days.

4. In the Settings window click the Apply button.
To disable automatic deletion of rules for unused applications, in the right part of the Settings
window in the Additional section, uncheck the Delete rules for applications that are not
started for more than box.

Identity protection
Application Control manages the applications' rights to take actions on various resource
categories. Two categories of resources were distinguished in Kaspersky PURE 3.0: the
operating system and identity data.
The Operating system category includes the following system resources:
► registry keys with autorun parameters;
► registry keys with parameters of work on the Internet;
► registry keys which influence system security;
► system files and folders;
► autorun folders.
Registry is a hierarchical settings database in most Microsoft Windows operating systems.
The Identity data category includes the following resources:
► user’s files (the folder My Documents, files cookies, data about user’s activity);
► files, folders and registry keys which contain working parameters and important data of
the most frequently used applications: Internet-browser, file managers, mail clients,
Internet-pagers and electronic purses.
Cookies files are files saved on the user’s computer. These files store personal data of the user
(for example, password and login) used during the visit of various sites or when returning to the
site after some time. Each site has its own cookie file.
You cannot delete this list. However, you can disable their protection by unchecking a box next to
a category.
You can also expand this list by adding user categories and / or individual resources.
To expand the list of system resources for the Operating system category, perform the following
actions:
1. Open the Settings window.
2. In the left part of the window in the Protection section select the Application Control
component.
3. In the right part of the window click the Identity protection button.

4. In the Digital Identity Protection window on the Operating system tab from the dropdown
list in the Category section, select a category.
5. In the top left part of the window click the Add link to add an additional resource to the
selected category. Select the resource type (File or folder or Registry key).

6. In the User resource window click the Browse button.
7. In the Select file or folder window select a resource and click the OK button.
8. In the User resource window click the OK button.
9. The added resource will be displayed in the Digital Identity Protection window.
After you add a resource, you can edit or remove it using the respective buttons in the top
part of the tab. To disable the control of a resource or category, uncheck the box next to it.

10. In the Digital Identity Protection window click the OK button.
11. In the Settings window click the Apply button.
To expand the list of system resources for the Identity Data category, perform the following
actions:
1. Open the Settings window.
2. In the left part of the window in the Protection section select the Application Control
component.
3. In the right part of the window click the Identity protection button.

4. In the Digital Identity Protection window on the Identity data tab select a category from
the drop-down menu in the Category section.
5. In the top left part of the window click the Add category button to add a new category of
resources.
6. In the Identity data category window enter the name of a new group and click the OK
button

7. In the Digital Identity Protection window click the Add button to add an additional
resource to the selected or added category.
8. In the User resource window click the Browse button.

9. In the Select file or folder window select a resource and click the OK button.
10. In the User resource window click the OK button.
11. A newly added resource will be displayed in the Digital Identity Protection window.
After you add a resource, you can edit or remove it using the respective buttons in the top
part of the tab. To disable the control of a resource or category, uncheck the box next to it.
12. In the Digital Identity Protection window click the OK button.
13. In the Settings window click the OK button.

System Watcher
System Watcher in Kaspersky PURE 3.0 collects data about applications actions on your
computer and provides information to other components for improved protection.
System Watcher also includes the Exploit Prevention component which scans computer for
vulnerabilities, analyzes and monitors actions of programs and applications with vulnerabilities.
In Kaspersky PURE 3.0 you can configure the System Watcher settings to perform a specified
action when the application’s activity matches with the pattern of dangerous activity.
System Watcher also allows you to roll back actions performed by malicious programs.
Enabling/disabling System Watcher
By default, System Watcher is enabled, running in a mode that depends on the current mode of
Kaspersky PURE 3.0 — automatic or interactive.
You are advised to avoid disabling the component, except for emergency cases, since this
inevitably impacts efficiency of other protection components operation that may request the data
collected by System Watcher in order to identify the potential threat detected.
To disable System Watcher, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select System Watcher.
3. In the right part of the window
► uncheck the Enable System Watcher box, if you want to disable the component.
► check the Enable System Watcher box, if you want to enable the component.

4. Click the Apply button.
Exploit prevention
A technology of exploit prevention has been added to Kaspersky PURE 3.0.
Exploit is a threat which uses errors and system or program vulnerabilities to get control over
computer, steal personal data and perform other malicious actions.
Exploits run malicious codes using vulnerabilities of programs and operating systems. The
system can be infected by opening a special document (Office document, PDF-file or even
picture) or web browser which will be redirected to an infected website. Infected links or files can
be received via email systems, instant messengers or social networks.
Usually, to launch exploits cyber criminals use common applications such as Adobe Flash,
Adobe Reader, Java Runtime Environment, web browsers or operating system Windows.
Kaspersky PURE 3.0 uses different methods to protect your computer from exploits. Signatures
updated with the application databases allow to detect malicious objects (for example, attached
to messages) before a message with such objects is open. Protective technologies allow to
detect and block malicious files at launch. Vulnerability Scan allows to detect vulnerabilities on
the computer and update vulnerable applications installed on the computer. The best way to
protect your computer from exploits is to regularly update components of the operating system
and installed applications.
However, in some cases main protection methods can be not effective, for example, against new
and unknown exploits. To protect your computer from such exploits, Kaspersky PURE 3.0
includes a special technology of exploit prevention. The technology is based on exploit analysis
and includes the following protection methods:
► Control of executable files start from vulnerable applications and web browsers (for
example, an attempt to run an executable file by a program designed for viewing
documents).
► Controls of suspicious actions of vulnerable applications (for example, if the rights of a
running vulnerable application are exceeded and it writes itself into other system memory
processes).
► Analysis of previous program starts (for example, whether the program was started by the
user or by an exploit).
► Tracking a source of a malicious code (for example, a web browser that started download
of an infected file; remote web address).
► Preventing application vulnerabilities use.
If an exploit is detected, Kaspersky PURE 3.0 blocks the application activity, allows activity or
prompts for an action depending on the selected protection mode.
If the automatic protection mode is enabled and suspicious activity is detected, Kaspersky PURE
3.0 automatically blocks or allows activity. If the activity is blocked, information about the activity
is added to the report of Exploit Prevention.
If the interactive protection mode is enabled and suspicious activity is detected, Kaspersky PURE
3.0 prompts the user for an action.
You can also select a specific action to be performed on detected suspicious activity. You can
select one of the following actions: allow activity or block activity.

Enabling/disabling Exploit Prevention
The Exploit Prevention function is enabled by default. In order to enable/disable Exploit
Prevention, perform the following actions:
1. Open the application settings window.
2. In the left part of the Settings window in the Protection Center section select System
Watcher.
3. In the right part of the Settings window:
► Check the Enable Exploit Prevention box if you want to enable Exploit
prevention.
► Clear the Enable Exploit Prevention box if you want to disable Exploit
prevention.
Setting exploit prevention
By default upon an attempt of unauthorized action the program defines an action over a detected
object on its own
You can configure Exploit prevention so that upon unauthorized actions the program would
block or allow this action. For this, do the following:
1. Make sure that in the System Watcher Settings window the option Enable Exploit
Prevention is enabled and click the Settings button next to it.

2. In the Exploit Prevention Settings window select an action to be performed upon
unauthorized action:
► Select action automatically;
► Allow action;
► Block action.
3. In the Exploit Prevention Settings window click the OK button.
4. In the Settings window click the Apply button.
If you want to define actions of Exploit prevention for each unauthorized operation, then enable
Interactive protection mode. For this, do the following:
1. In the left part of the Settings window go to the Protection Center section. In the left
menu select General Settings.
2. In the Interactive protection section deselect the Select action automatically box.
3. In the Settings window click the Apply button.

Interactive mode can be enabled for the whole program only. If you enable interactive
protection mode, then you will have to define actions for each object detected by any Kaspersky
PURE 3.0 component.
4. In the left part of the Settings window select System Watcher.
5. Make sure that in the System Watcher Settings window the Enable Exploit Prevention
box is checked. Click the Settings button next to the option.
6. In the Exploit Prevention Settings window select an action to be performed upon
unauthorized operation:
► Prompt for action
► Allow action
► Block action
7. In the Exploit Prevention Settings window click the OK button.
8. In the Settings window click the Apply button.

Using patterns of dangerous behavior (BSS)
Patterns of dangerous activity (BSS, Behavior Stream Signatures) contain sequences of
actions typical of applications classified as dangerous. In addition to exact matching between
applications' activities and patterns of dangerous activity, System Watcher also detects actions
that partly match patterns of dangerous activity, being considered suspicious based on the
heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for action
regardless of the operation mode.
Upon detection of a new virus or new modification of already known malware the application
does not update the entire System Watcher component, but simply adds a new template to the
database of heuristics and updates it together with the Kaspersky Lab databases. Heuristic
analysis allows to block actions of other malicious software with similar behavior.
To select the action that the component should perform if an application's activity matches a
pattern of dangerous activity, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select System Watcher.
3. In the right part of the component settings in the Heuristic Analysis section check the
Use behavior stream signatures (BSS) box.
4. In the On detecting malware activity section perform the following actions:
► Select the Select action automatically variant (if the automatic protection mode is
enabled). In this case System Watcher will automatically apply an action
recommended by Kaspersky Lab specialists.

► Select the Prompt for action variant (if the interactive protection mode is enabled).
In this case System Watcher will notify you of any suspicious activity detected in
the system and will prompt for action: allow or block activity.
► Choose the Select action variant and click the Delete button to select an action:
Delete;
Terminate the malicious application (all processes of the malicious
application will be terminated);
Skip (System Watcher takes no actions on the application).
5. Click the Apply button.
Rolling back actions performed by malware
You can use the product feature for rolling back the actions performed by malware in the system.
To enable a roll-back, System Watcher should log the history of program activity.
By default, Kaspersky PURE 3.0 rolls back relevant operations automatically when the protection
components detect malicious activity (rolling back actions after malicious activity is detected in
the system can be initiated either by the System Watcher component based on patterns of
dangerous activity, or during virus scan task or File Anti-Virus operation).
When running in interactive mode, System Watcher prompts the user for action. You can specify
the operation which should be performed whenever malicious activity is detected. The procedure
of rolling back malware operations affects a strictly defined set of data. It causes no negative
consequences for the operating system or data integrity on your computer.
To configure rollback of malware operations, perform the following actions:

1. Open the application settings window.
2. In the left part of the window under Protection select System Watcher.
3. In the right part of the component settings in the Rollback of malware actions section
specify actions that System Watcher should perform if it has a possibility to roll back
changes made by a malicious program:
► Select the Select action automatically variant (if the automatic protection mode is
enabled). In this case System Watcher will automatically apply an action
recommended by Kaspersky Lab specialists.
► Select the Prompt for action variant (if the interactive protection mode is enabled). In
this case System Watcher will notify you that rollback is necessary and will prompt for
action: perform or cancel rollback.
► Select action
If you choose the Select action variant, select an action from the drop-down list:
Roll back
Do not roll back
Pay attention, you can limit the amount of data stored for rollback by clicking the Limit data to be
stored for rollback box in the Rollback of malware actions section. Specify the maximum
amount of stored information.

Firewall
What is Firewall
Today computers have become quite vulnerable when on the Internet. They are subjected not
only to virus infections but other types of attacks as well that take advantage of vulnerabilities in
operating systems and software.
Kaspersky PURE 3.0 contains a special component – Firewall – to ensure your security on local
networks and the Internet. Firewall applies rules to all network connections.
A Firewall rule is either an allowing or blocking action performed by Firewall once it detects a
connection attempt.
Protection against various types of attacks is performed on two levels: network and application.
Protection on the network level is performed by using global packet filtration rules where
network activity is allowed or blocked based on analyzing settings such as:
► packet direction;
► the data packet transfer protocol;
► the outbound packet port.
A network package is a block of information transferred in the network. As a rule the package
consists of the header (package information, such as the creation date, size, recipient and etc),
the body (the transferred information itself) and the ending (checking information which
guarantees that the package was not changed during the transfer).
Protection on the application level is applying application rules for using network resources to
the applications installed on your computer. Like the network protection level, the application
protection level is built on analyzing data packets for direction, transfer protocol, and what ports
they use. However, on the application level, both data packet traits and the specific application
that sends and receives the packet are taken into account. Using application rules helps you to
configure more specific protection when, for example, a certain connection type is banned for
some applications but not for others.
Enabling/disabling Firewall
By default, Firewall is enabled. You can disable Firewall if needed.
To enable or disable Firewall, perform the following actions:
1. Open the main application window.
2. In the top right corner click the Settings button.
3. In the left part of the window in the Protection section select the Firewall component.
4. In the right part of the window perform the following:
► uncheck the Enable Firewall box, if you need to disable the component.
► check the Enable Firewall box, if you need to enable the component.

5. In the Settings window click the Apply button.
Changing the network status
To ease configuration and application of network rules, all network space in Kaspersky PURE 3.0
is divided into security zones. Frequently, these security zones coincide with the subnetworks
into which the computer is included. You can specify manually the status to each zone. The
policy of rules application and control of network activity in this zone are defined based on the
assigned status:
► Public network (Internet). We recommend that you select this status for networks
not protected by any anti-virus applications, firewalls or filters (for example, for
Internet cafe filters). Users of such networks are not allowed to access to files and
printers located on or connected to your computer. Even if you have created a
shared folder, the information in it will not be available to users from networks with
this status. If you allowed remote access to the desktop, users of this network will
not be able to obtain it. Filtering of the network activity for each application is
performed according to the rules for this application. By default, this status is
assigned to Internet.
► Local network. We recommend that you assign this status to networks to which
users you wish to grant access to files and printers on your computer (for example,
for your internal corporate network or home network).
► Trusted network. This status is only recommended for areas that you consider
absolutely safe within which your computer will not be subjected to attacks or
unauthorized attempts to gain access to your data. If you select this status, all
network activity is allowed within this network.

You can specify manually the status of a new network in the notification window which appears
once a new network is detected.
In order to change the network connection status, perform the following actions:
1. In the settings window of the Firewall component in the Networks section right-click the
required connection.
2. From the context menu select the necessary network status (Public, Local or Trusted
network).
3. Click the Apply button.
Firewall rules
There are two Firewall rule types, used to control network connections:
► Packet rules are used to create general restrictions on network activity, regardless of the
applications installed. Example: if you create a packet rule that blocks inbound connections
on port 21, no applications that use that port (an ftp server, for example) will be accessible
from the outside.
► Rules for applications are used to create restrictions on network activity for specific
applications. Example: If connections on port 80 are blocked for each application, you can
create a rule that allows connections on that port for Firefox only.
Packet rules have higher priority than application rules. If both packet rules and rules for
applications are applied to the same type of network activity, this network activity is processed
using the packet rules.
Creating a packet rule
All network connections on your computer are monitored by Firewall. Firewall assigns a specific
status to each connection and applies various rules for filtering of network activity depending on
that status, thus, it allows or blocks a network activity.
Packet rules are used in order to restrict packets transferring regardless applications.
You can specify an action performed by Firewall if it detects the network activity:
► Allow
► Block
► By application rules. The packet rule is not used, but the rule for the application is used.
The Allow or Block rules can be logged. In order to do this, check the Log events box in the
Action section.

To create a packet rule, for example, to allow remote access to your computer desktop, please
do the following:
1. In the right part of the Firewall settings window in the Network rules section, click
the Settings button.
2. In the Firewall window go to the Packet rules tab.

3. Click the Add button in the top part of the window. In the Network rule window that
opens specify the settings for a rule.
4. In the Network rule window in the Action section select the Allow variant.

5. In the Name section click an arrow next to the input field and select the Remote
Desktop item.
6. In the Address section select Any address.

7. Check the Log events box if you want to log actions performed according to the
rule.
8. In the Network rule window click the OK button. The created rule appears in the list
of packet rules on the Packet rules tab.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button.

Now any user has remote access to your desktop.
Editing packet rules
All packet rules (default or created by the user) can be edited. For example, if you want to block
remote access to your computer desktop, then edit the Remote Desktop packet rule:
1. In the right part of the Firewall Settings window click the Settings button.
2. In the Firewall window go to the Packet rules tab.
3. In the list of packet rules select the Remote Desktop rule.

4. Click the Edit button. In the Network rule window that opens you can edit the settings of
the selected rule.
5. In the Action section change the Allow variant to Block.
6. In the Address section select the Subnet address variant and choose the Public
networks item from the displayed list.
7. In the Network rule window click the OK button.
8. The made changes are displayed in the Firewall window on the Packet rules tab in the
list of packet rules: for the Remote Desktop rule the network type in the Address column will

change to Public networks, and an allowing icon in the Permission column will change to a
blocking icon.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button.
Now only users of local and trusted networks have access to your computer desktop.

Creating application rules
You can create applications 14 rules for more subtle filtering of the network activity, edit rules for a
group of applications or for an individual application in a group.
Custom rules for individual applications have a higher priority than the rules inherited from a
group.
When creating an application rule, you can define an action to be performed by Firewall upon
detection of this type of the network activity when working with an application:
► Allow;
► Block;
► Prompt (user) for action.
An allowing or blocking action of a rule can be displayed in a report, for this during the rule
creation in the Action section, check the Log events box.
To create a rule for an individual application, for example a rule blocking the QIP internet pager
any network activity outside your local and trusted networks, perform the following actions:
1. In the right part of the Settings window in the Network rules section click the Settings
button.
2. In the Firewall window on the Application rules tab select QIP 2012.
3. Click the Edit button in the top part of the window.
4. In the Application rules window that opens, go to the Network rules tab.
14 Application rules monitor connections only by TCP and UDP protocols.

5. At the top of the window click the Add button.
6. In the Network rule window perform the following actions:
► In the Action section select the Block action.
► In the Name section select the Any network activity service.
► In the Address section select the Subnet address variant and in the displayed list
select Public networks.
► Check the Log events box if you want to log actions performed according to the rule.
► Click the OK button.

7. The created rule will appear in the Application rules window on the Network rules tab
in the list of rules for QIP 2012.

8. Click the OK button in the Application rules window.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button
Editing an application rule
For the default network rules created by Kaspersky PURE 3.0 only actions can be edited (such
rules cannot be deleted). For this, perform the following actions:
1. In the right part of the Settings window in the Network rules section click the Settings button.
2. In the Firewall window on the Application rules tab select a required application.
3. Click the Edit button. In the Application rules window that opens, go to the Network rules
tab.
4. From the list of rules for an application, select a rule whose action you want to change.
5. In the Permission column for the selected rule right-click the action icon.
6. From the context menu select the required action:
► Allow
► Block
► Prompt for action
7. In the Application rules window click the OK button.
8. In the Firewall window click the OK button.
9. In the Settings window click the Apply button.
For a network rule created by the user you can edit all earlier created settings. For this, perform
the following actions:

1. In the right part of the Settings window in the Network rules section click the Settings
button.
2. In the Firewall window on the Application rules tab select an application whose rule
you want to edit.
3. Click the Edit button. In the Application rules window that opens, go to the Network
rules tab.
4. From the list of rules select a rule you want to edit.
5. Click the Edit button at the top of the window.
6. In the Network rule window change the required settings.

7. In the Network rule window click the OK button.
8. In the Application rules window click the OK button.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button.
Configuring network service
When creating any network rule you should specify the network service. Settings characterizing
the activity of the network for which a rule is created are described by the network service.
You can select type of the network activity from the list or create a new type.
Network service includes the following parameters:
Name. Preferably use the names which would explicitly describe the rule. For example,
DNS over TCP.

Protocol. Firewall restricts connections via TCP, UDP, ICMP, ICMPv6, IGMP and GRE 15
protocols. If protocol ICMP or ICMPv6 was selected as the protocol, you can specify the
type and the code of the ICMP packet.
Direction. Firewall controls connections with the following directions:
15 TCP, UDP, ICMP, ICMPv6, IGMP, GRE are protocols (sets of rules) of the data transfer in the network.
ICMP-packet —is a packet which contains the error message about the error or any other exceptional situation
which occurred during the data transfer. The fields’ code and type of the ICMP-packet correspondingly contain the
type and code of the occurred situation.

o Inbound (stream). The rule is for network connections created from another
computer.
o Inbound/Outbound. The rule is for inbound and outbound data packets and data
streams regardless the direction.
o Outbound (stream). The rule is only for network connections created by your
computer.
Remote and Local ports. You can specify ports which are used by your and remote
computers for TCP and UDP protocols. These ports will be controlled by Firewall.
Allocating range of IP-addresses
While creating the rule's conditions you can specify the network service and the network address.
You can use an IP address as the network address or specify the network status. In the latter
case the addresses will be copied from all networks that are connected and have the specified
status at this moment.
You can select one of the following statuses:

Any address – the rule will be applied to any IP address;
Subnet address – the rule will be applied to IP addresses of all networks that are
connected and have the specified status at the moment:
► Trusted networks
► Local networks
► Public networks
Addresses from the list – the rule will be applied to IP addresses included into the
specified range. Select one of the existing lists of addresses. If no range of IP addresses in
any list satisfies you, create a new one. For this perform the following steps:
1. At the bottom of the section click the Add link.

2. In the IP address or DNS name window specify the addresses from the list.
3. Click the OK button.
4. In the Network rule window click the OK button.
A method to allocate IP-addresses using Classless Inter-Domain Routing (CIDR) 16 has been
implemented in Kaspersky PURE 3.0.
CIDR uses Variable Length Subnet Mask (VLSM) whereas in Class Inter-Domain Routing the
mask length is strictly set by 0, 1, 2 or 3 bytes.
For example, let’s take a record of the range of IP-addresses as 10.96.0.0/11. In this case the
subnet mask will look as 11111111 11100000 00000000 00000000, or as 255.224.0.0 in a
decimal view. 11 bits of the IP-address are allocated to the number of network; the other 21 bits
(32-11= 21) of the full address are allocated to the local address in the network. To sum up,
10.96.0.0/11 is a range of addresses from 10.96.0.1 to 10.127.255.255.
Remember, when defining CIDR-addressing in the networks of the IP-protocol version 4 (IPv4) in
any case the rule will be applied to the whole network.
To convert IP-addresses into CIDR Kaspersky Lab experts recommend using any web site
which provides free service of converting IP-addresses to CIDR-addressing (for example, the
web site http://ip2cidr.com/).
16 CIDR (Classless Inter-Domain Routing, CIDR) is the method of IP-addressing which allows managing the
range of IP-address flexibly, without rigid frames of the Class Inter-Domain Routing. CIDR allows using the end
resource of IP-addresses economically, thus enhancing efficiency of Kaspersky PURE 3.0.

Extending the range of IP addresses
Each network matches one or more ranges of IP address. If you connect to a network, access to
subnetwork of which is performed via a router, you can manually add subnetworks accessible
through it.
Example: You are connecting to the network in an office of your company and wish to use the
same filtering rules for the office where you are connected directly and for the offices accessible
over the network.
Obtain network address ranges for those offices from the network administrator and add them.
To extend the range of network address, please perform the following:
1. In the right part of the Firewall settings window in the Networks section select an active
connection and click the Edit button.
2. In the Network connection window on the Properties tab in the Additional
subnetworks section click the Add link.

3. In the IP address window specify an IP address or address masks.
4. Click the OK button.
5. In the Network connection window click the OK button.
6. In the Settings window click the Apply button.
Changing the rule for a group of applications
Firewall analyzes the activity of each application running on your computer. Depending on the
threat rating, every application is included to one of the following groups:
► Trusted 17 . Trusted applications are applications with digital signatures of trusted vendors and
applications signatures of those are included to the trusted applications database. Activities
of such applications are monitored by File Anti-Virus and other protective components.
► Low Restricted 18 . Low restricted applications are applications which are without digital
signatures of trusted vendors and which are not included to the trusted applications
database. Nevertheless, the low risk rating is assigned to such applications.
► High Restricted 19 . High restricted applications are applications without digital signatures and
which are not included to the trusted applications database. The high risk rating is assigned
to such applications.
17 Applications of that group are allowed to perform any network activity irrespectively of the network status.
18 Applications of that group are allowed to perform any network activity in non-interactive mode. If you are using
the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection,
or create an application rule using the Wizard.
19 Applications of that group are not allowed to perform network activity in non-interactive mode. If you are using
the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection,
or create an application rule using the Wizard.

► Untrusted 20 . Untrusted applications are applications without digital signatures and which are
not included to the trusted applications database. Very high risk rating is assigned to such
applications.
You can modify rules for a whole group.
Custom rules for individual applications have a higher priority than the rules inherited
from a group. If you create an allowed rule for a whole group of applications and a prohibited
rule for a certain application from this group, then any network activity of a certain application will
be restricted according to a rule for this application, because it has a higher priority level.
In order to change rules for a group of applications, for example, if you want that low restricted
programs would have unrestricted rights to the network activity within the local networks, perform
the following actions:
1. In the right part of the settings window of the Firewall component in the Network rules
section click the Settings button.
2. In the Firewall window go to the Application rules tab.
3. Select the Low restricted group of applications.
4. Click the Edit button.
20 Any network activity is prohibited for the applications of that group.

5. In the Group rules window go to the Network rules tab and click the Add button.

6. In the Network rule window in the Action section select Allow, and in the Name section
select Any network activity and click the OK button.
7. In the Network rule window click the OK button.
8. In the Firewall window click the OK button.
9. In the Settings window click the OK button.
Now all applications of the Low Restricted group have unrestricted right to the network activity.

Changing the rule priority
The priority of a rule is determined by its position on the list of rules. The first rule on the list has
the highest priority. Each packet rule created manually will be added to the end of the list of
packet rules.
Application groups are integrated by the name of the program and rule priority applies to a
definite group only.
Manually created rules for applications have a higher priority, than the rules inherited from the
group.
To change the rule priority, please perform the following actions:
1. In the right part of the settings window of the Firewall component in the Network rules
section click the Settings button.
2. In the Firewall window go to the Application rules tab select the required application.
3. Click the Edit button.
4. The Application rules window opens. Go to the Network rules tab.
5. Select a rule and move it to the required place in the list by clicking the Move up and
Move down button.
6. In the Application rules window click the OK button.
7. In the Firewall window click the OK button.
8. In the Settings window click the Apply button.
Configuring notifications of changes in the network

Network connection settings can be changed during the work. You can receive notifications of the
following modifications in the settings:
When network connection is established.
When the correspondence between MAC address and IP address is changed. The
notification will appear if IP address of a network computer was changed.
When new MAC address appears. The notification appears if a new computer was added
to the network.
Pay attention, that notifications about changes in the work can be configured only for the
networks with the status Local or Trusted network.
To enable notification about changes to network connection settings, please perform the
following:
1. In the right part of the Firewall settings window in the Networks section select an active
connection and click the Edit button.
2. In the Network connection window go to the Additional tab.
3. Check the boxes next to the events whose notifications you want to receive.

4. In the Network connection window click the OK button.
5. In the Settings window click the Apply button.
Advanced Firewall settings
You can specify additional settings of the Firewall operation:
► Allow active FTP mode. Active mode suggests that to ensure connection between the
server on the client computer a port to which the server will connect will be opened on the
client computer (unlike the passive mode when the client connects to the server). The mode
allows to control which exactly port will be opened. The mechanism works even if a blocking
rule was created. By default, active FTP mode is allowed.
► Block connections if there cannot be prompted for action (application interface is not
loaded). This setting allows to avoid disruption of the Firewall operation when the interface of
Kaspersky PURE 3.0 is not loaded. This is the default action.
► Do not disable Firewall until the system totally stops. This setting allows to avoid
disruption of the Firewall operation until the system is completely stopped. This is the default
action.
By default all settings are enabled.
To modify advanced Firewall settings, please perform the following:
1. In the right part of the Firewall settings window in the Network rules section click the
Settings button.

2. In the Firewall window go to the Packet rules tab and click the Additional button.
3. In the Additional window check or uncheck the boxes next to the required settings and
click the OK button.

4. In the Firewall window click the OK button.
5. In the Settings window click the Apply button.
Firewall working features
When working with the Firewall component you should remember about the following
peculiarities:
► Firewall rules do not influence Network Attack Blocker;
► For the zone Local network ICMP packages are always allowed.

Network Attack Blocker
What is Network Attack Blocker
The Network Attack Blocker from Kaspersky PURE 3.0 loads during the operating system
launch, and scans incoming network traffic for activities characteristic of network attacks.
Network attack is a network activity aimed to remotely perform (usually malicious) actions on the
computer. Vulnerabilities in the operating systems and/or installed programs are used for network
attacks.
As soon as an attempt to attack the computer is detected, Network Attack Blocker blocks any
network activity of the attacking computer towards your computer with Kaspersky PURE 3.0
installed.
A notification will appear on the screen that a network attack has been attempted, with specific
information about the computer that attacked you.
Descriptions of currently known network attacks and methods to fight them are provided in
application databases and are updated upon update of databases.
Enabling/Disabling Network Attack Blocker
By default, Network Attack Blocker is enabled and functions in the optimal mode. You can
disable Network Attack Blocker if necessary the following way:
1. Open the application settings window.
2. In left part of the window in the Protection section select the Network Attack Blocker
component.
3. In the right part of the window perform the following actions:
► If you need to disable the component, uncheck the Enable Network Attack Blocker
box.
► If you need to enable the component, check the Enable Network Attack Blocker box.
4. In the Settings window click the Apply button.

Changing blocking settings
By default, Network Attack Blocker blocks the activity of a computer making an attack for one
hour. You can cancel blockage of the selected computer or change the time of blockage.
To change the time for which the attacking computer will be blocked:
1. In the right part of the Settings window check the Add attacking computer to blocked list
for box and enter the blocking time.
2. Click the Apply button.

To unblock an attacking computer, perform the following actions:
1. Open the application main window.
2. Select the Computer Protection section.

3. In the bottom left corner of the Protection Center window click the Network
Monitor link.
4. In the Network Monitor window on the Blocked computers tab select a blocked
computer and unblock it using the Unblock link.

Anti-Spam
What is Anti-Spam
The Anti-Spam component filters all incoming mail for unwanted mail (spam) and sorts it
according to the settings configured by the user.
Enabling/Disabling Anti-Spam
By default, the Anti-Spam component is enabled and functions in the optimal mode.
In order to enable or disable Anti-Spam in Kaspersky PURE 3.0, perform the following actions:
1. Open the main application window.
2. In the top right corner of the widow click the Settings button.
3. In the left part of the window in the Protection section select the Anti-Spam component.
4. In the right part of the window in the Anti-Spam section perform the following actions:
► If you want to enable the component, check the Enable Anti-Spam box.
► If you want to disable the component, uncheck the Enable Anti-Spam box.
5. In the Settings window click the Apply button.
Security levels of Anti-Spam
The Anti-Spam component uses two methods to fight spam. Using the first (―exact‖) method,
Anti-Spam defines a message as unwanted by typical phrases, unwanted senders (whose
addresses are already added to the Anti-Spam database), malicious or phishing links. The
second (―expert‖) method allows to evaluate probability of spam, based on the analysis of the text
in the message and its service information.

A security level is a set of predefined Anti-Spam settings which provide a scan level of incoming
and outgoing messages.
Kaspersky Lab specialists distinguish three security levels:
► High. This security level should be used if you receive spam frequently; for example, while
using free mail services. When you select this level, the frequency of false positives rises:
that is, useful mail is more often recognized as spam. When analyzing a message for
spam the Anti-Spam component calculates the potential rating: if the rating exceeds 50
but does not reach 80, the message is considered to be potential spam. If the rating
exceeds 80, then such message is labeled as spam. All messages with the rating less
than 50 are considered useful. At this level Anti-Spam analyzes all embedded documents
in the rtf. format for spam.
► Recommended. This security level should be used in most cases. When analyzing a
message for spam the Anti-Spam component calculates the potential rating: if the rating
exceeds 60 but does not reach 90, the message is considered to be potential spam. If the
rating exceeds 90, then such message is labeled as spam.
► Low. This security level should be used if you rarely receive spam, for example, if you are
working in a protected corporate email environment. When this level is selected, spam and
potential spam messages are less frequently recognized. When analyzing a message for
spam the Anti-Spam component calculates the potential rating: if the rating exceeds 80 but
does not reach 90, the message is considered to be potential spam. If the rating exceeds
99 out of 100, then such message is labeled as spam.
The higher the security level, the higher the protection from spam.
To modify the security level in Anti-Spam, perform the following actions:
1. In the component settings window in the Security level section drag the vertical slider
to the necessary position.
2. In the Settings window click the Apply button.

Customizing security level
To customize the security level of the Anti-Spam component, click the Settings button.

Exact methods
On the Exact methods tab you can enable/disable filters which Anti-Spam will use to scan a
message.
You can specify the range within which Anti-Spam will recognize messages as spam:
► If it contains phishing elements
► If it contains URLs from the database of malicious URLs

Anti-Spam can compare links in mail messages with the list of suspicious and phishing URLs.
These lists are included in the distribution kit of Kaspersky PURE 3.0. If a phishing or suspicious
link is detected in a message, or if a message contains any phishing element, such message is
recognized as spam.
Clicking the Additional button next to the If it contains phishing elements box allows to enable
heuristic analysis when scanning emails for phishing and to set the necessary detail level of
analysis.
► If it is from a blocked sender
In order to create a list of your addresses, perform the following actions:
1. In the Anti-Spam window on the Exact methods tab check the If it is from a
blocked sender.
2. Click the Select button.
3. In the Blocked senders window click the Add link.
4. In the Email address mask window enter an email address (for example,
usekaspersky@kaspersky.com) and click OK.

Mask is a template string that a phrase or an address is compared against.
Certain symbols in a mask are used to represent others: * substitutes any sequence of
characters, ? – any single character. If a mask uses such wildcards, it can match several phrases
or addresses.
If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be
preceded with the \ character to ensure that Anti-Spam recognizes it correctly. Thus, instead of
the * character you should use in masks the \* combination, the ? character should be
represented as \? (e.g., What's the time\?).
Sample phrase masks:
Visit our * – this mask corresponds to a message that begins with the words Visit our and
continues with any text.
Examples of address masks:
admin@test.com – the mask only matches the address admin@test.com.
admin@* – the mask matches the sender address with the admin name, for example,
admin@test.com, admin@example.org.
*@test* – the mask matches the address of any message sender from a domain beginning with
test, for example: admin@test.com, info@test.org.
info.*@test.??? – this mask corresponds to the address of any sender whose name begins with
info. and whose mail domain name begins with test. and ends with any three characters, for
example: info.product@test.com, info.company@test.org, not info.product@test.ru.
1. In order to quickly configure Anti-Spam on another computer, save the list of your
email addresses to a file by clicking the Export button and saving the file to a
specified location. At the next stage copy the file on any computer with Kaspersky
PURE 3.0 installed, open the Blocked senders window, click the Import link and
specify the path to the address file.

2. To edit/delete a record, highlight the record and click Edit/Delete.
3. When the list is created, in the Blocked senders window click the OK button.
► If it contains blocked phrases.
To create the list of blocked phrases, perform the following actions:
1. In the Anti-Spam window on the Exact methods tab check If it contains blocked
phrases box.
2. Next to the If it contains blocked phrases box click the Select button.

3. In the Blocked phrases window check the boxes next to the listed phrases. All
phrases in the list are selected by default.
4. To add a new phrase, click the Add link
5. In the Blocked phrase window enter a phrase (for example, viagra) or a phrase
mask (for example, *viagra*). Specify the weighting coefficient for the entered
phrase and click OK.
6. When the list is created, click the OK button in the Blocked phrase window
You do not have to delete a mask to stop using it; unchecking the corresponding box next to it
will be sufficient.

Kaspersky Lab experts have compiled the list of obscene words included in the distribution
package of Kaspersky PURE 3.0. The list contains obscene words that indicate with a high
probability that the message is spam if present. You can supplement the list by adding complete
phrases and their masks to it. For this, perform the following actions:
1. In the Blocked phrases window check the Classify as obscene words box. Click
the obscene words link to open the Explicit language window.
Before opening the Explicit language window you have to confirm you are of age.

2. Click the Add link and open the Blocked phrase window.
3. Enter an entire phrase or a phrase mask, specify the weighting coefficient and click
the OK button.
You do not have to delete a mask to stop using it; unchecking the corresponding box in
the Explicit language window next to it will be sufficient.
You can also configure to give the useful status (which does not refer to the Spam and Probable
Spam categories) to the following emails:
► If it is from an allowed sender
In order to create a list of allowed senders, perform the following actions:
1. On the Exact methods tab check the If it is from an allowed sender box.
2. Next to the checked box click the Select button.

3. In the Allowed senders window check the boxes next to allowed senders. If no
sender has been added to the list, the list will be empty. To add a sender to the list,
go to the next step.
4. To add a new sender:
Click the Add link;
In the Email address mask window enter email address (for example,
usekaspersky@kaspersky.com) and click the OK button.
In Kaspersky PURE 3.0 all information about operation of the Anti-Spam
component is received from the ―cloud‖ which already contains the database of
sample spam messages. However, you can additionally configure loading
addresses from the list of Allowed senders. For this, in the Allowed senders
window check the Add allowed senders’ addresses when training Anti-Spam
box. If you want to disable the option, uncheck the box.

5. In the Allowed senders window click the OK button.
If it contains allowed phrases
To create the list of allowed phrases, which would not be considered by Anti-Spam as spam,
perform the following actions:
1. On the Exact methods tab check the If it contains allowed phrases box.
2. Next to the checked box click the Select button.
3. In the Allowed phrases window check the boxes next to the listed phrases. If no
phrase has been added, the list will be empty. To add a new phrase, go to the next
step.
4. To add a new phrase:
Click the Add link;
In the Allowed phrase window enter a phrase (for example, kaspersky.com)
and click the OK button.

Expert methods
5. When the list is ready, in the Allowed phrases window click the OK button.
Anti-Spam can add appropriate labels to the message recognized after analysis as spam or
potential spam. This value is called a spam factor.
Having processed a message, Anti-Spam assigns one of the following statuses to it:
► Spam
► Probable spam
► Useful email
On the Expert methods tab you can specify the maximum and the minimum values for the
Spam and Probable spam rate, by changing the Anti-Spam security level.

In order to change the values of the spam rate, upon whose exceeding a status Spam/Probable
Spam will be assigned to the message, move the corresponding horizontal sliders or specify a
value using the arrow-buttons.
Additional
On the Additional tab you can:
► Specify what labels should be added to the subject of a message classified as
spam/probable spam;
► Enable/disable mail scan transferred by POP3, SMTP, IMAP protocols;

► Configure embedding and display of the component plugins in various mail clients
(Microsoft Office Outlook, Microsoft Outlook Express (Windows Mail),
Thunderbird, The Bat!);
In order to enable/disable additional settings, check/clear the corresponding options in the Anti-
Spam window and click OK.

Rolling back to Anti-Spam default settings
You can roll back to the default settings at any moment, after you have changed the Anti-Spam
settings. For this, perform the following steps:
1. In the settings window of the Anti-Spam component in the Security level section
click the Default button.
2. In the Settings windows click the Apply button.

Anti-Banner
What is Anti-Banner
Anti-Banner is a protection component designed to block banners on web pages, whose
addresses are added to the anti-virus databases of Kaspersky PURE 3.0.
Ads on banners may distract you from your business activity while banner downloads increase
the amount of inbound traffic.
Enabling/disabling Anti-Banner
By default, the Anti-Banner component in Kaspersky PURE 3.0 is disabled.
To enable Anti-Banner, perform the following actions:
1. Open the application settings window, by clicking the Settings button in the top right
corner of the window.
2. In the left part of the Settings window select the Protection section,
3. Select the Anti-Banner component.
4. In the right part of the window, check the Enable Anti-Banner box.
5. Click the Apply button.
Selecting the scan method
Anti-Banner may use various methods to scan addresses from which banner can be
downloaded:
► Use common banner list. The lists of URL masks from which most common ads
banners are downloaded are compiled by the Kaspersky Lab experts and are added
to the product distribution kit. With the scan method enabled Anti-Banner blocks ads
banners from the addresses which correspond to the masks in the list. If the scan

method is disabled, then Anti-Banner does not block banners from the addresses in
the list.
By default, this scan method is enabled.
► Resolve IP-addresses to domain names. This box enables / disables automatic
resolution of IP addresses to URLs on the lists of allowed / blocked banner addresses.
This box is unchecked by default.
You can specify which methods should be used by Anti-Banner. For this, perform the following
actions:
1. In the right part of the window, in the Scan methods group, check the boxes next to
the names of the methods that should be used.
2. Click the Apply button.
Creating the list of blocked and allowed banner addresses
Additionally to the scan methods Anti-Banner checks the banner addresses with the masks from
the list of blocked or allowed addresses if they are used.
Using the lists of blocked and allowed banners addresses, you can allow banners to be
downloaded for a specified group of addresses and block them for another group. Create a list of
blocked address masks to let Anti-Banner block download and display of banners from the
addresses that correspond to those masks. Create a list of allowed address masks to let Anti-
Banner download and display banners from the addresses that correspond to those masks.
To create a list of blocked addresses, do the following:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, check the Use the list of blocked URLs box.
2. Click the Settings button.

3. Click the Add button, to add a new mask.
4. In the Address mask (URL) window enter a blocked banner mask and click the OK
button.
5. When all the necessary masks are added, in the Blocked URLs window click the
OK button.
6. In the Settings window click the Apply button.
You do not have to delete a mask to stop using it, unchecking the corresponding box next to it
will be sufficient for the purpose.
To create and use the list of allowed addresses, perform the following actions:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, check the Use the list of allowed URLs box.

2. Click the Settings button.
3. Click the Add button, to add a new mask.
4. In the Address mask (URL) window enter an allowed banner mask and click the OK
button.
5. When all the necessary masks are added, in the Allowed URLs window click the OK
button.
6. In the Settings window click the Apply button.
To exclude a mask from the list of allowed URLs, uncheck the corresponding box next to the
address mask.

Exporting and importing the lists of addresses
After you have created the lists of allowed or blocked banner addresses, you can use them
repeatedly: for example, export banner addresses to a similar list on another computer with
Kaspersky PURE 3.0 installed on it.
To do this:
1. Make export – copy records from the list into a file.
2. Move the file you have saved to another computer (for example, send it by email or
use a removable data medium).
3. Make import – add the records from the file to the list of the same type on another
computer.
While exporting the list, you can copy either the selected list element only, or the entire list. While
importing the list, you can add the new elements to the existing list, or replace the existing list
with the one being imported.
To export banner addresses from the list of allowed or blocked URLs, perform the following
steps:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, click the Settings button located in the line with the name of the
list from which you should copy addresses into a file (list of blocked or allowed
URLs).

2. In the window that opens, check the boxes next to the addresses that you need to
include in the file.
3. Click the Export button.
4. In the window, take one of the following actions:
► click the Yes button if you need to include only selected addresses in the file;
► click the No button if you need to include the entire list in the file.

5. In the Save as window, enter a name for the file you want to save and click the Save
button.
To import banner addresses from a file to the list of allowed or blocked URLs, perform the
following actions:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, click the Settings button located in the line with the name of the
list into which you need to add addresses from a file (list of allowed or blocked
URLs).
2. In the window that opens, click the Import button.
3. If the list is not empty, a window opens offering you to add items to be imported. In
this window, take one of the following actions:
► click the Yes button if you want to add records from the file into the list;
► click the No button if you want to replace the existing records with the list from
the file.
4. In the Open file window, select the file with the list of records that you want to import
and click the Open button.
5. Click the OK button.
6. In the Settings window click the OK button.

Safe Money
What is Safe Money
Personal data leak during work with online banking systems may cause financial losses.
Therefore, users who work with online banking services need to be high protected. Kaspersky
PURE 3.0 includes a new service Safe Money. The service provides secure access to websites
of online banking and payment systems.
The Safe Money technology includes the following modules:
1. Trusted websites. When you open a web page of an online banking or payment system,
Kaspersky PURE 3.0 checks whether the address is included to the following lists:
created by Kaspersky Lab specialists and created by users. If the web page is included
to the lists, then your web browsers will be switched to the Safe Run mode. The mode
provides secure operations.
2. Secure connection. Kaspersky PURE 3.0 checks certificates of online banking and
payment systems. If the certificate cannot be confirmed, the application blocks the
website.
3. Safe environment. Your operating system will be analyzed for vulnerabilities each time a
bank or payment system website is opened. If vulnerabilities are detected, you will be
prompted to fix them. You can fix vulnerabilities by launching Windows Update. Once
the vulnerabilities are fixed the web site opens in the Safe Money mode.
Additionally, the following components provide secure data input:
► Virtual Keyboard. The keyboard is displayed on the screen and can be managed only by
a mouse.
► Secure keyboard. This is a new function added to Kaspersky PURE 3.0. The component
provides secure input from a hardware keyboard.
Once you finish work with an online banking or payment system, the web browser automatically
switches for Safe Run to the standard mode.
Enabling Safe Money
By default the Safe Money component is enabled. In order to make sure that the protection is
enabled, perform the following actions:
1. Open the application settings window.
2. In the Settings window go to the Protection tab and select the Safe Money component.
3. In the right part of the window, make sure the Enable Safe Money box is checked.

The Safe Money component can be enabled only when the application’s Self-Defense is
enabled.
In order to make sure that the application’s self-defense is enabled, perform the following
actions:
1. Open the application settings window.
2. In the left part of the window, go to the Protection tab and then select Self-Defense.
3. In the right part of the window, make sure the Enable Self-Defense box is checked.

Creating shortcut to Safe Money
During installation of Kaspersky PURE 3.0 the shortcut to quickly access the Safe Money
window is automatically created. If the shortcut was deleted by mistake and you want to create a
new shortcut, perform the following actions:
1. In the Settings window under Protection Center select the Safe Money component.
2. In the right part of the window click the Create shortcut button.

3. The Safe Money shortcut appears on the Desktop.
Creating list of banks and payment system websites
When you open an online banking or payment system web page, Kaspersky PURE 3.0 suggests
to open it in the Safe Money mode.
If a website does not use the secure HTTPS protocol, then Kaspersky PURE 3.0 does not
identify the website as a bank or payment system and does not suggest to open the website in
the Safe Money mode.
Also when you access a bank web page Kaspersky PURE 3.0 suggests to add the bank website
to the list of banking services. The list can be opened from the main application window and
from the Settings window

When you access the website next time, Kaspersky PURE 3.0 automatically performs the
selected action: opens the website in the protected browser or prompts the user for an action.
You can add a web address to the list of banking services by performing the following actions:
1. In the Settings window under Protection Center select the Safe Money component.
2. In the right part of the window in the Banks and payment systems websites section
click the Add button.

3. In the Website for Safe Money window perform the following actions:
► In the Bank or payment system website section enter the required web address,
for example, https://esk.sbrf.com.
► In the Description field enter a description for the address, for example, a bank
name.
► In the On access to this website section select the required action:
Prompt for action. In this case Kaspersky PURE 3.0 prompts the user to
open the website in the protected or standard browser.
Run the protected browser automatically. In this case the application will
automatically open the web page in the protected web browser.
Do not run the protected browser. In this case the web site will be opened
in standard unprotected mode.
4. Click the OK button.

5. In the Settings window click the Apply button.
In order to delete or change a web address of a bank or payment system in the list, select the
required item and click the Edit or Delete button correspondingly.
Enabling notifications about operating system vulnerabilities
If there are vulnerabilities in the system, Kaspersky PURE 3.0 cannot guarantee secure access
to online banking systems. Therefore, on each bank or payment system website access
Kaspersky PURE 3.0 scans the system for vulnerabilities.

In order to make sure the option of vulnerability scan on each access to payment systems is
enabled, perform the following actions:
1. In the Settings window under Protection Center select the Safe Money component.
2. In the right part of the window, make sure that the Notify about operating system
vulnerabilities box is checked.
3. Click the OK button.
Secure Data Input
What is Secure Data Input
When working on your computer, there are occasions when entering of your personal data, or
username and password are required. That happens, for example, during account registration
on web sites, web shopping or Internet banking. There is a risk that this personal information is
intercepted using hardware keyboard interceptors or keyloggers, which are programs that
register keystrokes. Then, the stolen data is transferred to a cybercriminal via the Internet.
Kaspersky PURE 3.0 includes the Virtual Keyboard and Secure keyboard input modules. The
modules protect personal data from being intercepted by spyware.
Configuring Virtual Keyboard
To open the Virtual Keyboard using the computer keyboard, use the following key combination:
CTRL+ALT+SHIFT+P. By default, the option of quick access to the keyboard is enabled.
If you want to disable launch of Virtual Keyboard by pressing the key combination, perform the
following actions:
1. Open the application settings window.

2. Go to the Protection tab and in the left part of the window select the Secure Data Input
component.
3. To disable launch of Virtual Keyboard by pressing the key combination, clear the box
Open Virtual Keyboard by typing CTRL+ALT+SHIFT+P.
4. Click the Apply button.
By default, the option of quick access to Virtual Keyboard by clicking the icon in the data entry
fields is enabled. You can specify websites categories where the quick launch icon will be
displayed.
To select websites categories, perform the following actions:
1. Open the application settings window.
2. In the left part of the Settings window go to the Protection tab and then select Secure
Data Input.
3. In the right part of the window, make sure that the Show quick launch icon in data
entry fields box is checked.
4. Click the Settings button.

1. In the Virtual Keyboard window on the Categories tab, check the boxes for the required
categories:
► Banks
► Payment systems
► Mail
► Communication websites
► Social networking
2. Check the Show Virtual Keyboard quick launch icon in Safe Money fields box if you
want to enable additional protection when you enter your personal data on online banking
and payment systems websites.
3. Click the OK button.

Additionally, you can create lists of websites where the quick launch icon will be displayed and
where the icon will be hidden. To do this, perform the following actions:
1. In the right part of the Secure Data Input window, make sure that the Show quick
launch icon in data entry fields box is checked.
2. Click the Settings button.

3. In the Virtual Keyboard window on the Exclusions tab add required websites to the lists
be clicking the Add button in the corresponding section.

4. In the (Do not) Show quick launch icon window enter a required web address and
select one of the following options:
► (Do not) Show icon only on the specified web page;
► (Do not) Show icon on the whole website.
5. Click the OK button.
6. When all required web addresses are added to the lists, click the OK button.
Secure keyboard input
Kaspersky PURE 3.0 includes a new option of secure keyboard input. By default, the option will
be automatically enabled after first reboot of the computer after the application installation.
In order to make sure that the protection is enabled, perform the following actions:

1. Open the application settings window.
2. In the left part of the Settings window under Protection Center select Secure Data
Input.
3. In the right part of the window in the Secure keyboard input section, make sure that the
Enable secure keyboard input box is checked.
You can configure the module by selecting categories and websites on which secure keyboard
input will be enabled. To do this, perform the following actions:
1. In the right part of the window, make sure that the Enable secure keyboard input box is
checked.
2. Click the Settings button.

3. In the Secure Keyboard Input window on the Categories tab check the required boxes:
► Protect password fields on all websites;
► Enable secure keyboard input for Safe Money.
4. Select the required website categories by checking the corresponding boxes:
► Banks
► Payment systems
► Mail
► Communication websites
► Social networking
5. Click the OK button.

Also you can create lists of websites to configure (enable or disable) secure input from keyboard
on these websites. To do this, perform the following actions:
1. In the right part of the Secure Data Input window, make sure that the Enable secure
keyboard input box is checked.
2. Click the Settings button.
3. In the Secure Keyboard Input window on the Exclusions tab click the Add button in the
corresponding section.

4. In the (Un)Protected website window enter the web address and select one of the
following options:
► Enable/Disable protection only on the specified web page;
► Enable/Disable protection on the whole website.
5. Click the OK button.
6. Add all required web addresses to the list and then click OK to save the changes.

7. In the Settings window click the Apply button.
Threats and exclusions
Detecting definite types of threats
Kaspersky PURE 3.0 can detect hundreds thousands of malware programs that may reside on
your computer. Some of these programs impose a greater threat for your computer, others are
only dangerous when certain conditions are met. After the application detects a malware
application, it classifies it and assigns to it a danger level (high or medium).
Kaspersky Lab virus analysts distinguish three main categories:
► Malware programs (Malware) are created with the purpose to damage a computer and
its user, for example, to steal, block, modify or erase information, disrupt operation of a
computer or a computer network. Malware programs are divided into three subcategories:
Viruses and worms (Viruses\Worms) can create copies of themselves which are, in
turn, capable of creating their own copies. Some of them run without user's knowledge
or participation, others require actions on the user's part to be run. These programs
perform their malicious actions when run.
Trojan programs (Trojan programs) do not create copies of themselves, unlike
worms and viruses. They sneak into a computer, for example, via e-mail or using a
web browser when the user visits an "infected" website. To be launched they require
user's actions and start performing their malicious actions as they run.
Malware utilities (Malicious tools) are created specifically to inflict damage.
However, unlike other malware programs, they do not perform malicious actions
immediately as they are run and can be safely stored and run on the user's computer.

Such programs have functions used to create viruses, worms and Trojan programs,
arrange network attacks on remote servers, hacking computers or other malicious
actions.
► Potentially unwanted programs (PUPs), unlike malware programs, are not intended
solely to inflict damage. Potentially unwanted programs include adware, auto-dialers and
other potentially unwanted programs.
Adware display advertising information to the user.
Auto-Dialers do not harm the system directly but in case of careless use may lead to
considerable financial loses of the owner of the phone number from which dialing to a
paid resource is performed.
Other Riskware – more often than not they are useful programs used by many
computer users. However, if an intruder obtains access to these programs or install
them to the user's computer, such intruder can use their functionality to breach the
security.
► Compressed files. Such files exclude detecting malicious actions and make them difficult
to be analyzed by heuristic methods.
Potentially unwanted programs are installed using one of the following methods:
► They are installed by the user, individually or along with another program (for example,
software developers include adware programs into freeware or shareware programs).
► They are also installed by intruders, for example they include such programs into
packages with other malware programs, use "vulnerabilities" of the web browser or Trojan
downloaders and droppers, when the user visits an "infected" website.
By default the following types of threats are detected in Kaspersky PURE 3.0:
► Viruses and worms (their detection cannot be disabled);
► Trojan programs (their detection cannot be disabled);
► Malicious tools;
► Adware;
► Auto-dialers;
► Suspicious compressed files;
► Multi-packed objects.
In order to enable/disable detection of some types of threats, perform the following actions:
1. In the upper part of the Settings window under Protection select Threats and
Exclusions.
2. In the right part of the window in the Detection of the following threat types is
enabled section click the Settings button.

Exclusions
3. In the Detection scope window check/clear the box(es) for the types of threats
which should be\should not be detected.
4. In the bottom right corner of the window click OK.
5. In the Settings window click the Apply button.
Trusted zone is a list of objects created by the user whose work is not controlled by the program.
Namely, it is a set of exclusions from Kaspersky PURE 3.0 protection.

Trusted zone is created based on the list of trusted applications and exclusion rules
depending on the peculiarities of objects you are working with and programs installed on this
computer. You may need to add objects to trusted zone, for example if Kaspersky PURE 3.0
blocks access to an object or program, while you are sure that this object/ program is harmless.
For example, you consider that the objects used by the standard Microsoft Windows Notepad
are secure and do not have to be scanned. In other words, you trust this application. To exclude
the objects used by this process, add the application Notepad into the list of trusted
applications.
Some actions classified as dangerous can be normal indeed depending on application functions.
For example, hooking the text being typed is a normal action for automatic keyboard layout
switch programs (Punto Switcher, etc.). It is recommended to add such specific applications to
the list of trusted applications to disable monitoring of their activity.
When a program is added to the list of trusted, its file and network activity (including suspicious
activity) and queries to the system registry are not monitored. At the same time an executable file
and the process of a trusted program are still scanned for viruses. In order to fully exclude a
program from scan, you should use exclusion rules.
Excluding trusted applications from scan is a way to solve possible compatibility issues between
Kaspersky PURE 3.0 and other software (for example, network traffic from another PC which has
already been scanned by antivirus software). It also allows to increase performance of a
computer, which is essential when using software for servers.
In their turn, exclusion rules of trusted zone allow to work with legal software which can be used
by invaders to corrupt your computer or user’s data. Such programs do not have malicious
functionality, but can be used as an auxiliary component of a malicious program. The list of such
potentially dangerous software includes remote administrating programs, IRC-clients, FTPservers,
various tools to stop processes or hide their work, key loggers, password breaking
programs, auto-dialers and etc. As a result of work of Kaspersky PURE 3.0 such programs can
be blocked. In order to avoid blocking, configure rules excluding such programs from scan.
Exclusion rules are sets of conditions that Kaspersky PURE 3.0 uses to verify if it can skip an
object during the scan. In all other cases an object will be scanned by protection components
according to the protection settings configured for them.
Exclusion rules of trusted zone can be used by some application components. For example, by
File Anti-Virus, Mail Anti-Virus, Web Anti-Virus, and during scan for viruses tasks.
Creating the list of trusted applications
By default, Kaspersky PURE 3.0 scans objects opened, started or saved by any system process
as well as controls activity of all programs and the created network traffic. Upon adding
applications to the list of trusted applications, Kaspersky PURE 3.0 excludes them from scan.
In order to add a program to the list of trusted, perform the following actions:
1. In the upper part of the Settings window select Protection and then select Threats
and Exclusions.
2. In the right part of the window in the Exclusions section, click the Settings button.

3. In the open window on the Trusted applications tab click the Add link to open the
menu. In the menu select one of the items:
► Browse. Selecting this item opens the standard browse window. In this window, you can
select the executable file of an application. Once an application is selected, the
Exclusions for application window will open.
► Applications. Selecting this item opens the Select application window with a list of
applications currently running. You can select the required application from the list. Once
an application is selected, the Exclusions for application window will open.

4. In the opened window Exclusions for application check the boxes for activities
which should not be monitored.
You can modify the program scan settings or delete the program from the list using the
corresponding links in the lower part of the list. In order to exclude a program from the list without
deletion, clear the box next to the program name.

Creating exclusion rules
If you use in your work programs classified by Kaspersky PURE 3.0 as illegal and which can be
used by cyber criminals to harm either your computer or user’s data, you are recommended to
configure exclusion rules for such programs.
Exclusion rules are sets of conditions that Kaspersky PURE 3.0 uses to verify if it can skip an
object during the scan.
In Kaspersky PURE 3.0 you can create exclusion rules only for the following components:
► File Anti-Virus;
► Mail Anti-Virus;
► Web Anti-Virus;
► Application Control;
► Scan;
► System Watcher.
Exclusion rules allow adding exclusions by:
► Object - exclusion of a certain object, directory, or files that match a certain mask / format
from scans.
► Threat type - exclude objects according the Virus Encyclopedia threat type
classification.
The following parameters can be configured/ modified for the Object type:
► Define file, folder or mask excluded from scan;
► Define exclusions for subfolders, if a definite folder is given as an exclusion;
► Define component(s) and tasks for which the exclusion will work.
For the Threat type you can define the name / mask of the threat type classification according to
the Kaspersky Lab Virus Encyclopedia.
You can also define component(s) and tasks for which the exclusion will work.
In order to create an exclusion rule, perform the following actions:

1. In the upper part of the Settings window under Protection select Threats and Exclusions.
1. In the right part of the window in the Exclusions section click the Settings button.
2. In the open window on the Exclusion rules tab, click the Add link.
3. In the Exclusion rule window specify the rule’s properties by checking the boxes in the
Properties section:
► File or folder;
► Object name.
4. In the Rule description section click the select file or folder link.
5. In the File or folder window click the Browse button and select the file for which you are
creating the rule. Select the necessary folder with the file or enter the full path to the file.

6. Check the option Include subfolders if the rule is created for more than one file.
7. In the File or folder window, click OK.
8. If in the Properties section you selected Object name, then the Object name option will be
displayed in the Rule description section. Click the enter object name link.
9. In the Object name type window, enter the classification type according to the Virus
Encyclopedia.
10. In the Object name window, click OK.
11. In the Exclusion rule window in the Rule description section in the Protection
components string click the specified: select components link.

12. In the Protection components window, define the components for which the exclusion rule
will be applied.
13. Click OK.
14. In the Exclusion rule window, click the OK button.
15. In the Trusted zone window click the OK button.
16. In the bottom right corner of the Settings window click the Apply button.

Settings. Scan
General settings
Background scan
Kaspersky PURE 3.0 allows you to start scan tasks (scan of the system memory, system
partition, and startup objects) and automatic update of anti-virus databases when your computer
is idle or when screensaver is enabled.
In order to configure background scan, perform the following actions:
1. In the application settings window select Scan.
2. In the left menu select General Settings.
3. In the Background scanning section, check Perform Idle Scan and Perform regular
rootkit scan, if necessary.
If your computer works from a battery, Kaspersky PURE 3.0 does not perform tasks while the
computer is idle.
A click upon the icon , takes you to the Kaspersky Lab Technical Support site, to the page
with an article which describes how to enable scan task while your computer is idle.
Scanning removable drives on connection

Nowadays, malicious objects using operating systems' vulnerabilities to replicate via networks
and removable media have become increasingly widespread. Kaspersky PURE 3.0 allows to
scan removable drives when connecting them to the computer.
To configure scanning of removable media at connection, perform the following actions:
1. In the application settings window select Scan.
2. In the left menu select General Settings.
3. In the Scan removable drives on connection section select an action and define the
maximum size of a drive to scan, if necessary.
4. In the Settings window click the Apply button.
Starting scan using a shortcut
You can start full scan, critical areas scan and vulnerabilities scan tasks using a shortcut. A
shortcut allows to start a scan task without opening an application window. To create a shortcut
for a scan task, perform the following actions:
1. In the application settings window select Scan.
2. In the left menu select General Settings.
3. In the right part of the window in the Quick tasks section click the Create shortcut
button next to the required task: Full Scan, Critical Areas Scan, Vulnerability Scan.

4. In the Save as window specify the path for saving the shortcut and its name. By default,
the shortcut is created with the name of the task in the Desktop folder of the current
computer user.
5. In the Settings window click the OK button.
6. On the Desktop find the created shortcut and double-click it to start a task.

Full Scan
Security levels
A security level is a set of predefined scan settings.
To select a security level, perform the following actions:
1. In the application settings window select Scan.
2. In the menu select the required task - Full Scan.
3. For the selected task in the Security level section select the required security level.
4. In the Settings window click the Apply button.
Kaspersky Lab specialists distinguish three security levels. You can set one of the following
security levels:
► High. Use this level is the probability of computer infection is very high;
► Recommended. This is the optimal level for most cases and is recommended by
Kaspersky Lab;
► Low. If you are using applications requiring considerable RAM resources, select the Low
security level because the list of files under scan is reduced on this level.
If none of the predefined security levels satisfies your needs, configure scan settings on your
own. As a result of your actions the security level changes to Custom.
When configuring scan task settings, you can always restore the recommended ones. They are
considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended
security level.
To restore the default scan settings, perform the following actions:
1. For the selected scan task in the Settings window in the Security level section click the
Default button.
2. In the Settings window click the Apply button.

Modifying type of scanned objects
You can define on your own files of what format and size should be scanned during a selected
scan task.
To change the type of scanned objects, perform the following actions:
1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the File types section select the required variant.
► All files. Kaspersky PURE 3.0 scans files of all formats and extensions.
► Files scanned by format. If you select this option, Kaspersky PURE 3.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. Before

searching for viruses an inner header of an object is analyzed for the file format (txt,
doc, exe and etc). The file extension is also considered during scan.
► Files scanned by extension. In this case, Kaspersky PURE 3.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. At this, the file
format is defined by its extension.
Files without extensions are always scanned!
When selecting file types please remember the following:
► Probability of penetration of malicious code into several file formats (such as
.txt) and its further activation is quite low. At the same time, there are formats
that contain or may contain an executable code (such as .exe, .dll, .doc). The
risk of penetrating and activating malicious code in such files is quite high.
► The intruder can send a virus to your computer in an executable file renamed as
txt file. If you have selected the scan of files by extension, such a file is skipped
by the scan. If the scan of files by format is selected, then, regardless of the
extension, File Anti-Virus will analyze the file header, and reveal that the file is
an .exe file. Such a file would be thoroughly scanned for viruses.
3. Click OK.
4. In the Settings window click the Apply button.
Scan optimization
You can shorten the scan time and speed up Kaspersky PURE 3.0. This can be achieved by
scanning only new files and those files that have altered since the last time they were scanned.
This mode applies both to simple and compound files.
You can also set a restriction on scan duration for an object. When the specified time interval
expires, the object will be excluded from the current scan (except for archives and files comprised
of several objects).
To optimize scan, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan optimization section set the required settings:
► To scan only new and changed files, check the Scan only new and changed files
box;
► To set restriction on scan duration for one object, check the Skip objects scanned
longer than box and specify scan duration for one object.

3. Click the OK button.
4. In the Settings window click the Apply button.
Scan of compound files
A common method of concealing viruses is to embed them into compound files: archives,
databases, etc. To detect viruses that are hidden this way a compound file should be unpacked,
which can significantly lower the scan speed.
To modify the list of scanned compound files, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan of compound files section select types of the scanned
compound files.

For each type of compound file, you can select to scan either all files or only new ones. To make
your selection, click the link next to the name of the object. It changes its value when you leftclick
it.
If you select the scan new and changed files only scan mode, you will not be able to select the
links allowing you to scan all or new only files.

You can restrict the maximum size of the compound file being scanned. Compound files larger
than the specified value will not be scanned. For this in the Scan of compound files section,
click the Additional button. In the Compound files window check the Do not unpack large
compound files box and specify the maximum size of scanned files.
3. Click the OK button.
4. In the Settings window click the Apply button.
When large files are extracted from archives, they will be scanned even if the Do not unpack
large compound files box is checked.
Selecting scan method
Kaspersky PURE 3.0 uses various scan methods:
► Signature analysis. When performing signature analysis, Kaspersky PURE 3.0 uses
databases that contain descriptions of known threats and ways of neutralizing them.
Protection using signature analysis provides a minimal level of security.
► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose
operations allow to draw a conclusion about the nature of a file with a certain probability.
The advantage of the method is that new threats are detected even before they are known
to virus analysts.
Additionally you can set the detail level for scans: light scan, medium scan, or deep scan.
► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating
system. These tools penetrate the system and mask their presence and the presence of
processes, folders, registry keys of other malicious programs, described in the rootkit
configuration.
If you are scanning for viruses, you can enable the deep scan for rootkits by checking
the Detailed scan box, which will scan carefully for these programs by analyzing a large
number of various objects. These checkboxes are deselected by default, since this mode
requires significant operating system resources.
The Signature analysis method is always enabled. To enhance the scan efficiency you can
enable other scan methods. For this, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan methods select the necessary scan methods.
3. Click the OK button.

4. In the Settings window click the Apply button.
Selecting scan technology
In addition to the scan methods you can use special technologies:
► iChecker is a technology that increases scan speed by excluding certain objects from the
scan. An object is excluded from the scan with a special algorithm that uses the release
date of Computer Protection databases, the date of the object's last scan, and any
changes in the scan settings.
There are limitations to iChecker: it does not work with large files and applies only to the
objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,
.inf, .sys, .com, .chm, .zip, .rar).
► iSwift is a technology that builds on iChecker technology for computers using NTFS.
There are limitations to iSwift: it is bound to a specific file's location in the file system and
can apply only to objects in NTFS.
The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the
files that have not been modified since they were last scanned. By default, both technologies are
used. To change the set of scan technologies, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan technologies section select the required values.

3. Click the OK button.
4. In the Settings window click the Apply button.
Creating scan schedule
In Kaspersky PURE 3.0 you can choose whether to start the full scan task manually or by
schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you. The
scan process takes some time to be completed and you cannot use some applications installed
on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the full scan task. If
you select this variant, you can set the scan task frequency. In the schedule settings you can
select one of the following frequencies: minutes, hours, days, every week, at a specified time,
every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
In order to schedule a scan task, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Run mode tab in the Schedule section select the required values.
3. Select By schedule and create a task launch schedule with the frequency and a definite
time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes
possible. For example, the computer was not on at that time when a full scan task was
scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the
Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled scan
when screensaver is inactive or computer is unlocked. This functionality postpones the task
launch until the user has finished working on the computer. So, the scan task will not take up
system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Starting scan under a different account
By default scan tasks are started under an account you registered in the system. If your account
does not have enough rights, you can specify a different account under whose rights each scan
task will be started.
To specify an account, perform the following steps:
1. In the top part of the Settings window select Scan.
2. In the left menu select Full Scan.
3. In the right part of the window click the Run mode button.
4. On the Run mode tab in the User account section check the Run task as box. In the
fields below specify the user name and password.

5. Click the OK button.
6. In the Settings window click the Apply button.

Actions over detected treats
If infected or potentially infectious objects are detected, the application performs the specified
action. Depending on your current preferences you can configure virus scan settings or allow the
program to select an action.
Default actions
By default program chooses the actions on detected objects itself.
If as a result of scan the program failed to define whether the object is infected or not, the object
is quarantined.
If an object gets an infected status, the application will try to disinfect such object. If disinfection
fails, such object will be deleted.
Before an object disinfection or deletion Kaspersky PURE 3.0 creates its backup copy in case
you want to restore the object or the application can neutralize the threat.
Actions defined by the user
You can also define an action to be performed for detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

If the Disinfect objects if possible variant is selected, the program functions the following way:
If the object can be disinfected, it will be disinfected and will return to the user.
If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined. If the option to scan quarantined files after each database update is
enabled, then when a new disinfection signature is received the quarantined object can
be disinfected and returned to the user.
If the status of a virus is assigned to the object and its disinfection is impossible, the object
is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.

Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

In this case the program performs the following actions over an object:
Disinfect, if disinfection is possible. After disinfection you can continue your work with
the object.
Quarantine, if the program failed to define if the object is infected or not. If the option to
scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and returned to
the user.
Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions for every detected object
You can also specify actions for every detected object individually. For this enable Kaspersky
PURE 3.0 interactive mode:
1. In the top part of the Settings window select the Protection section.
2. In the left menu select General Settings.
3. In the Interactive protection section, uncheck the Select action automatically box.
4. Click the Apply button.

Interactive mode can only be enabled for the whole program. When the mode is enabled you
will have to select an action for every object detected by any Kaspersky PURE 3.0 component.
To specify an action over detected threats, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select the required task.
3. For the selected task in the Action on threat detection section specify the necessary
action:
► Prompt when the scan is complete;
► Prompt on detection;
► Select action:
Disinfect objects if possible;
Delete if disinfection fails.

4. In the Settings window click the Apply button.
If the Select action option is enabled but no action is chosen, the application will block
dangerous objects and quarantine them notifying the user about the quarantined objects.

The Delete, if disinfection fails options appears only if the Disinfect objects if possible box is
checked.

Run mode and scan scope
Run mode
In Kaspersky PURE 3.0 you can choose whether to start the full scan task manually or by
schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you. The
scan process takes some time to be completed and you cannot use some applications installed
on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the full scan task. If
you select this variant, you can set the scan task frequency. In the schedule settings you can
select one of the following frequencies: minutes, hours, days, every week, at a specified time,
every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
In order to schedule a scan task, perform the following actions:
1. In the right part of the settings window of the selected task in the Run mode and scan
scope section click the Run mode button.
2. On the Run mode tab in the Schedule section select the necessary values.
3. Select By schedule and create a task launch schedule with the frequency and a definite
time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes
possible. For example, the computer was not on at that time when a full scan task was
scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the
Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled scan
when screensaver is inactive or computer is unlocked. This functionality postpones the task
launch until the user has finished working on the computer. So, the scan task will not take up
system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Creating list of objects to scan
You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For
example, if you do not want to scan the whole system and all applications installed on your
computer you can create your own list of applications, network and logical drives to scan.
In order to add, modify or delete objects from the scan scope, perform the following actions:
1. In the right part of the settings window of the selected task in the Run mode and scan
scope section click the Scan scope button.
2. In the Scan scope window you can modify the list of objects to scan. To add a new
object, click the Submit link, to change or delete an existing object – Edit or Delete
correspondingly.

Note, that objects which appear in the list by default (System Memory, Startup Objects,
Disk boot sectors, System Backup Storage, My email, All hard drives, All removable
drives and All network drives) cannot be edited or deleted.
3. You can also enable scan of subfolders. For this, in the Select object to scan window
check the Include subfolders box, when adding or editing an object.
4. In the lower part of the Select object to scan window click the OK button.
5. In the Settings window click the OK button.

Critical Areas Scan
Security levels
A security level is a set of predefined scan settings.
Kaspersky Lab specialists distinguish three security levels. You can set one of the following
security levels:
► High. Use this level is the probability of computer infection is very high;
► Recommended. This is the optimal level for most cases and is recommended by
Kaspersky Lab;
► Low. If you are using applications requiring considerable RAM resources, select the Low
security level because the list of files under scan is reduced on this level.
To select a security level, perform the following actions:
1. In the left part of the Settings window select the Scan section.
2. In the menu select the required task - Critical Areas Scan.
3. For the selected task in the Security level section select the required security level.
4. In the Settings window click the Apply button.
If none of the predefined security levels satisfies your needs, configure scan settings on your
own. As a result of your actions the security level changes to Custom.
When configuring scan task settings, you can always restore the recommended ones. They are
considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended
security level.
To restore the default scan settings, perform the following actions:

1. For the selected scan task in the Settings window in the Security level section click the
Default level button.
2. In the Settings window click the Apply button.
Modifying type of scanned objects
You can define files of what format and size should be scanned by the selected scan task.
To change the type of scanned objects, perform the following actions:
1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the File types section select the required variant.

► All files. Kaspersky PURE 3.0 scans files of all formats and extensions.
► Files scanned by format. If you select this option, Kaspersky PURE 3.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. Before
searching for viruses an inner header of an object is analyzed for the file format (txt,
doc, exe and etc). the file extension is also considered during scan.
► Files scanned by extension. In this case, Kaspersky PURE only scans potentially
infectious files – i.e. files into which a virus may penetrate. At this, the file format is
defined by its extension.
Files without extensions are always scanned!
When selecting file types please remember the following:
► Probability of penetration of malicious code into some file formats (such as
.txt) and its further activation is quite low. At the same time, there are formats
that contain or may contain an executable code (such as .exe, .dll, .doc). The
risk of penetrating and activating malicious code in such files is quite high.
► The intruder can send a virus to your computer in an executable file renamed
as txt file. If you have selected the scan of files by extension, such a file is
skipped by the scan. If the scan of files by format is selected, then, regardless
of the extension, File Anti-Virus will analyze the file header, and reveal that the
file is an .exe file. Such a file would be thoroughly scanned for viruses.
3. Click the OK button.
4. In the Settings window click the Apply button.
Scan optimization
You can shorten the scan time and speed up Kaspersky PURE 3.0. This can be achieved by
scanning only new files and those files that have altered since the last time they were scanned.
This mode applies both to simple and compound files.
You can also set a restriction on scan duration for an object. When the specified time interval
expires, the object will be excluded from the current scan (except for archives and files comprised
of several objects).
To optimize scan, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan optimization section set the required settings:
► To scan only new and changed files, check the Scan only new and changed files
box;
► To set restriction on scan duration for one object, check the Skip objects scanned
longer than box and specify scan duration for one object.

3. Click the OK button.
4. In the Settings window click the Apply button.
Scan of compound files
A common method of concealing viruses is to embed them into compound files: archives,
databases, etc. To detect viruses that are hidden this way a compound file should be unpacked,
which can significantly lower the scan speed.
To modify the list of scanned compound files, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan of compound files section select types of the scanned
compound files.

For each type of compound file, you can select to scan either all files or only new ones. To make
your selection, click the link next to the name of the object. It changes its value when you leftclick
it.
If you select the scan new and changed files only scan mode, you will not be able to select the
links allowing you to scan all or new only files.

You can restrict the maximum size of the compound file being scanned. Compound files larger
than the specified value will not be scanned. For this in the Scan of compound files section,
click the Additional button. In the Compound files window check the Do not unpack large
compound files box and specify the maximum size of scanned files.
3. Click the OK button.
4. In the Settings window click the Apply button.
When large files are extracted from archives, they will be scanned even if the Do not unpack
large compound files box is checked.
Selecting scan method
Kaspersky PURE 3.0 uses various scan methods:
► Signature analysis. When performing signature analysis, Kaspersky PURE 3.0 uses
databases that contain descriptions of known threats and ways of neutralizing them.
Protection using signature analysis provides a minimal level of security.
► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose
operations allow to draw a conclusion about the nature of a file with a certain probability.

The advantage of the method is that new threats are detected even before they are known
to virus analysts.
Additionally you can set the detail level for scans: light scan, medium scan, or deep scan.
► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating
system. These tools penetrate the system and mask their presence and the presence of
processes, folders, registry keys of other malicious programs, described in the rootkit
configuration.
If you are scanning for viruses, you can enable the deep scan for rootkits by checking
the Detailed scan box, which will scan carefully for these programs by analyzing a large
number of various objects. These checkboxes are deselected by default, since this mode
requires significant operating system resources.
The Signature analysis method is always enabled. To enhance the scan efficiency you can
enable other scan methods. For this, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan methods select the necessary scan methods.
3. Click the OK button.
4. In the Settings window click the Apply button.
Selecting scan technology
In addition to the scan methods you can use special technologies:
► iChecker is a technology that increases scan speed by excluding certain objects from the
scan. An object is excluded from the scan with a special algorithm that uses the release
date of Kaspersky PURE databases, the date of the object's last scan, and any changes in
the scan settings.

There are limitations to iChecker: it does not work with large files and applies only to the
objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,
.inf, .sys, .com, .chm, .zip, .rar).
► iSwift is a technology that builds on iChecker technology for computers using NTFS.
There are limitations to iSwift: it is bound to a specific file's location in the file system and
can apply only to objects in NTFS.
The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the
files that have not been modified since they were last scanned. By default, both technologies are
used. To change the set of scan technologies, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan technologies section select the required values.
3. Click the OK button.
4. In the Settings window click the Apply button.
Creating scan schedule
In Kaspersky PURE 3.0 you can choose whether to start the vulnerability scan task manually or
by schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you. The
scan process takes some time to be completed and you cannot use some applications installed
on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the vulnerability scan
task. If you select this variant, you can set the vulnerability scan task frequency. In the schedule
settings you can select one of the following frequencies: minutes, hours, days, every week, at
a specified time, every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.

In order to schedule a scan task, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Run mode tab in the Schedule section select the necessary values.
3. If you select By schedule, create a task launch schedule with the frequency and a
definite time interval to start a scan task.
You can configure the program to automatically start a skipped scan task as soon as it becomes
possible. For example, the computer was not on at that time when a full scan task was
scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the
Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled scan
when screensaver is inactive or computer is unlocked. This functionality postpones the task
launch until the user has finished working on the computer. So, the scan task will not take up
system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Starting Critical Areas Scan under a different account
By default critical areas scan tasks are started under an account you registered in the system. If
your account does not have enough rights, you can specify a different account under whose
rights each scan task will be started. To specify an account, perform the following steps:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Critical Areas Scan.
3. In the right part of the window click the Run mode button.
4. On the Run mode tab in the User account section check the Run task as checkbox.
Enter the user name and password in the fields below.

5. Click the OK button.
6. In the Settings window click the Apply button.

Actions upon threat detection
If infected or potentially infectious objects are detected, the application performs the specified
action. Depending on your current preferences you can configure virus scan settings or allow the
program to select an action.
Default actions
By default, the application defines an action upon a detected object on its own. If in the result of
scan the application failed to define whether the object is infected or not, such object is placed to
quarantine.
If an object gets an infected status, the application will try to disinfect such object. If disinfection
fails, such object will be deleted.
Before an object disinfection or deletion Kaspersky PURE 3.0 creates its backup copy in case
you want to restore the object or the application can neutralize the threat.
Actions defined by the user
You can also define an action to be performed for detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

If the Disinfect objects if possible variant is selected, the program functions the following way:
If the object can be disinfected, it will be disinfected and will return to the user.
If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined. If the option to scan quarantined files after each database
update is enabled, then when a new disinfection signature is received the quarantined
object can be disinfected and returned to the user.
If the status of a virus is assigned to the object and its disinfection is impossible, the object
is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.

Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

In this case the program performs the following actions over an object:
Disinfect, if disinfection is possible. After disinfection you can continue your work with the
object.
Quarantine, if the program failed to define if the object is infected or not. If the option to
scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and returned to
the user.
Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions specified for every detected object
You can also specify actions for every detected object individually. For this, enable Kaspersky
PURE 3.0 interactive mode:
1. In the top part of the Settings window select the Protection section.
2. In the left menu select General Settings.
3. In the Interactive protection section, uncheck the Select action automatically box.
4. Click the Apply button.

Interactive mode can only be enabled for the whole program. When the mode is enabled you
will have to select an action for every object detected by any Kaspersky PURE 3.0 component.
To specify an action over detected threats, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the menu select the necessary task.
3. For the selected task in the Action on threat detection section specify the necessary
action:
► Prompt when the scan is complete;
► Prompt on detection;
► Select action:
Disinfect objects if possible;
Delete if disinfection fails.

4. In the Settings window click the Apply button.
If the Select action option is enabled but no action is chosen, the application will block
dangerous objects and quarantine them notifying the user about the quarantined objects.

The Delete, if disinfection fails option appears only if the Disinfect objects if possible box is
checked.

Run mode and scan scope
Run mode
In Kaspersky PURE 3.0 you can choose whether to start the full scan task manually or by
schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you. The
scan process takes some time to be completed and you cannot use some applications installed
on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the full scan task. If
you select this variant, you can set the scan task frequency. In the schedule settings you can
select one of the following frequencies: minutes, hours, days, every week, at a specified time,
every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
In order to schedule a scan task, perform the following actions:
1. In the right part of the settings window of the selected task in the Run mode and scan
scope section click the Run mode button.
2. On the Run mode tab in the Schedule section select the required value.
3. If you select By schedule, create a task launch schedule with the frequency and a
definite time interval to start a scan task.
You can configure the program to automatically start a skipped scan task as soon as it becomes
possible. For example, the computer was not on at that time when a full scan task was
scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the
Schedule section check the Run skipped tasks box.

Scheduled tasks feature additional functionality, for example, you can pause scheduled scan
when screensaver is inactive or computer is unlocked. This functionality postpones the task
launch until the user has finished working on the computer. So, the scan task will not take up
system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Creating a scan scope
You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For
example, if you do not want to scan the whole system and all applications installed on your
computer you can create your own list of applications, network and logical drives to scan.
In order to add, modify or delete objects from the scan scope, perform the following actions:
1. In the right part of the Settings window of the selected task in the Run mode and scan
scope section click the Scan scope button.
2. In the Scan scope window you can modify the list of objects to scan. To add a new
object, click the Submit link, to change or delete an existing object – Edit or Delete
correspondingly.

Note, that objects which appear in the list by default (System Memory, Startup Objects,
Disk boot sectors) cannot be edited or deleted.
3. You can also enable scan of subfolders. For this, in the Select object to scan window
check the Include subfolders box, when adding or editing an object.
4. In the lower part of the Select object to scan window click the OK button.
5. In the Settings window click the OK button.

Custom Scan
Security levels
A security level is a set of predefined scan settings.
Kaspersky Lab specialists distinguish three security levels. You can set one of the following
security levels:
► High. Use this level is the probability of computer infection is very high;
► Recommended. This is the optimal level for most cases and is recommended by
Kaspersky Lab;
► Low. If you are using applications requiring considerable RAM resources, select the Low
security level because the list of files under scan is reduced on this level.
To select a security level, perform the following actions:
1. In the left part of the Settings window select Scan.
2. In the menu select the required task - Custom Scan.
3. For the selected task in the Security level section select the required security level.
4. In the Settings window click the Apply button.
If none of the predefined security levels satisfies your needs, configure scan settings on your
own. As a result of your actions the security level changes to Custom.
When configuring scan task settings, you can always restore the recommended ones. They are
considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended
security level.
To restore the default scan settings, perform the following actions:
1. For the selected scan task in the Settings window in the Security level section click the
Default button.
2. In the Settings window click the Apply button.

Modifying type of scanned objects
You can define files of what format and size should be scanned by the selected scan task.
To change the type of scanned objects, perform the following actions:
1. For the selected task in the Security level section click the Settings button.

2. On the Scope tab in the File types section select the required variant.
► All files. Kaspersky PURE 3.0 scans files of all formats and extensions.
► Files scanned by format. If you select this option, Kaspersky PURE 3.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. Before searching

for viruses an inner header of an object is analyzed for the file format (txt, doc, exe and
etc). the file extension is also considered during scan.
► Files scanned by extension. In this case, Kaspersky PURE 3.0 only scans potentially
infectious files – i.e. files into which a virus may penetrate. At this, the file format is
defined by its extension.
Files without extensions are always scanned!
When selecting file types please remember the following:
► Probability of penetration of malicious code into several file formats (such as .txt)
and its further activation is quite low. At the same time, there are formats that
contain or may contain an executable code (such as .exe, .dll, .doc). The risk of
penetrating and activating malicious code in such files is quite high.
► The intruder can send a virus to your computer in an executable file renamed as txt
file. If you have selected the scan of files by extension, such a file is skipped by the
scan. If the scan of files by format is selected, then, regardless of the extension,
File Anti-Virus will analyze the file header, and reveal that the file is an .exe file.
Such a file would be thoroughly scanned for viruses.
3. Click the OK button.
4. In the Settings window click the Apply button.
Scan optimization
You can shorten the scan time and speed up Kaspersky PURE 3.0. This can be achieved by
scanning only new files and those files that have altered since the last time they were scanned.
This mode applies both to simple and compound files.
You can also set a restriction on scan duration for an object. When the specified time interval
expires, the object will be excluded from the current scan (except for archives and files comprised
of several objects).
To optimize scan, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan optimization section set the required settings:
► To scan only new and changed files, check the Scan only new and changed files
box;
► To set restriction on scan duration for one object, check the Skip objects scanned
longer than box and specify scan duration for one object.

3. Click the OK button.
4. In the Settings window click the Apply button.
Scan of compound files
A common method of concealing viruses is to embed them into compound files: archives,
databases, etc. To detect viruses that are hidden this way a compound file should be unpacked,
which can significantly lower the scan speed.
To modify the list of scanned compound files, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan of compound files section select types of the scanned
compound files.

For each type of compound file, you can select to scan either all files or only new ones. To make
your selection, click the link next to the name of the object. It changes its value when you leftclick
it.
If you select the scan new and changed files only scan mode, you will not be able to select the
links allowing you to scan all or new only files.

You can restrict the maximum size of the compound file being scanned. Compound files larger
than the specified value will not be scanned. For this in the Scan of compound files section,
click the Additional button. In the Compound files window check the Do not unpack large
compound files box and specify the maximum size of scanned files.
3. Click the OK button.
4. In the Settings window click the Apply button.
When large files are extracted from archives, they will be scanned even if the Do not unpack
large compound files box is checked.
Selecting scan method
Kaspersky PURE 3.0 uses various scan methods:
► Signature analysis. When performing signature analysis, Kaspersky PURE 3.0 uses
databases that contain descriptions of known threats and ways of neutralizing them.
Protection using signature analysis provides a minimal level of security.
► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose
operations allow to draw a conclusion about the nature of a file with a certain probability.
The advantage of the method is that new threats are detected even before they are known
to virus analysts.
Additionally you can set the detail level for scans: light scan, medium scan, or deep scan.
► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating
system. These tools penetrate the system and mask their presence and the presence of
processes, folders, registry keys of other malicious programs, described in the rootkit
configuration.
If you are scanning for viruses, you can enable the deep scan for rootkits by checking
the Detailed scan box, which will scan carefully for these programs by analyzing a large
number of various objects. These checkboxes are deselected by default, since this mode
requires significant operating system resources.
The Signature analysis method is always enabled. To enhance the scan efficiency you can
enable other scan methods. For this, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan methods select the necessary scan methods.
3. Click the OK button.

4. In the Settings window click the Apply button.
Selecting scan technology
In addition to the scan methods you can use special technologies:
► iChecker is a technology that increases scan speed by excluding certain objects from the
scan. An object is excluded from the scan with a special algorithm that uses the release
date of Kaspersky PURE 3.0 databases, the date of the object's last scan, and any
changes in the scan settings.
There are limitations to iChecker: it does not work with large files and applies only to the
objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .tbtf,
.inf, .sys, .com, .chm, .zip, .rar).
► iSwift is a technology that builds on iChecker technology for computers using NTFS.
There are limitations to iSwift: it is bound to a specific file's location in the file system and
can apply only to objects in NTFS.
The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the
files that have not been modified since they were last scanned. By default, both technologies are
used.
To change the set of scan technologies, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan technologies section select the required values.

3. Click the OK button.
4. In the Settings window click the Apply button.

Actions over detected threats
If infected or potentially infectious objects are detected, the application performs the specified
action. Depending on your current preferences you can configure virus scan settings or allow the
program to select an action.
Default actions
By default, the application defines an action upon a detected object on its own. If in the result of
scan the application failed to define whether the object is infected or not, such object is placed to
quarantine.
If an object gets an infected status, the application will try to disinfect such object. If disinfection
fails, such object will be deleted.
Before an object disinfection or deletion Kaspersky PURE 3.0 creates its backup copy in case
you want to restore the object or the application can neutralize the threat.
Actions defined by the user
You can also define an action to be performed for detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

If the Disinfect objects if possible variant is selected, the program functions the following way:
If the object can be disinfected, it will be disinfected and will return to the user.
If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined. If the option to scan quarantined files after each database update
is enabled, then when a new disinfection signature is received the quarantined object can
be disinfected and returned to the user.
If the status of a virus is assigned to the object and its disinfection is impossible, the object
is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.

Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.

In this case the program performs the following actions over an object:
Disinfect, if disinfection is possible. After disinfection you can continue your work with
the object.
Quarantine, if the program failed to define if the object is infected or not. If the option to
scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and returned to
the user.
Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions specified for every detected object
You can also specify actions for every detected object individually. For this enable Kaspersky
PURE 3.0 interactive mode:
1. In the top part of the Settings window select the Protection section.
2. In the left menu select General Settings.
3. In the Interactive protection section, uncheck the Select action automatically box.
4. Click the Apply button.

Interactive mode can only be enabled for the whole program. When the mode is enabled you
will have to select an action for every object detected by any Kaspersky PURE 3.0 component.
To specify an action over detected threats, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select the required task.
3. For the selected task in the Action on threat detection section specify the necessary
action:
► Prompt when the scan is complete;
► Prompt on detection;
► Select action:
Disinfect objects if possible;
Delete if disinfection fails.

4. In the Settings window click the Apply button.
If the Select action option is enabled but no action is chosen, the application will block
dangerous objects and quarantine them notifying the user about the quarantined objects.

The Delete, if disinfection fails option appears only if the Disinfect objects if possible box is
checked.

Vulnerability scan
Vulnerability scan performs the diagnostics of operating system and detects software features
that can be used by intruders to spread malicious objects and obtain access to personal
information.
Starting vulnerability scan with an existing shortcut
Vulnerability scan can be started:
► From the main application window (from the Protection section);
► Using an already existing shortcut.
To create a task shortcut, perform the following actions:
1. In the left menu select General Settings.
2. In the right part of the window in the Quick tasks section click the Create shortcut next
to the Vulnerability Scan task.
3. In the Save as window browse the path to save the shortcut and its name. By default the
shortcut is created with a name of a task on the Desktop of the current computer user.

4. Click the OK button.
A shortcut for vulnerability scan will appear in the specified location.
Run mode
In Kaspersky PURE 3.0 you can choose whether to start the vulnerability scan task manually or
by schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you. The
scan process takes some time to be completed and you cannot use some applications installed
on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the vulnerability scan
task. If you select this variant, you can set the vulnerability scan task frequency. In the schedule
settings you can select one of the following frequencies: minutes, hours, days, every week, at
a specified time, every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
In order to schedule a scan task, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Vulnerability Scan.
3. In the right part of the window click the Run mode button.

4. On the Run mode tab in the Schedule section select By schedule and create a task
launch schedule with the frequency and a definite time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes
possible. For example, the computer was not on at that time when a full scan task was
scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the
Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can Pause scheduled scan
when screensaver is inactive or computer is unlocked. This functionality postpones the task
launch until the user has finished working on the computer. So, the scan task will not take up
system resources during the work.
5. Click the OK button.
6. In the Settings window click the Apply button.
Starting vulnerability scan task under different account
By default scant tasks are started under an account you registered in the system. If your account
does not have enough rights, you can specify a different account under whose rights each scan
task will be started.
To specify an account, perform the following steps:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Vulnerability Scan.
3. In the right part of the window click the Run mode button.
4. On the Run mode tab in the User account section check the Run task as box. In
the fields below specify the user name and password.

5. Click the OK button.
6. In the Settings window click the Apply button.
Creating a scan scope for vulnerability scan
You can create your own list of objects for the Vulnerabilities Scan task.
By default, the applications already installed on the computer are selected as scan objects. You
cannot modify or delete an object from this list.
In order to add, modify or delete objects from the scan scope, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Vulnerability Scan.
3. In the right part of the window click the Scan scope button.

4. In the Scan scope window you can change the list of scanned objects. To add a new
object, click the Submit link, to change or delete an existing object – Edit or Delete
correspondingly.
5. You can also enable scan of subfolders. For this, in the Select object to scan window
check the Include subfolders box, when adding or editing an object.

6. In the lower part of the Select object to scan window click the OK button.
7. In the Settings window click the Apply button.

Settings. Update
Update task’s run modes
In Kaspersky PURE 3.0 the update task can be launched using one of the following modes:
► Automatically. Kaspersky PURE 3.0 checks the update source for updates at specified
intervals. Scanning frequency can be increased during anti-virus outbreaks and decreased
when there are none. Having discovered new updates, the program downloads and
installs them on the computer.
► Manually. If you select this option, you will run Kaspersky PURE 3.0 updates on your own.
► By schedule (time interval changes depending on settings). Updates will run
automatically according to the schedule created.
In order to configure the update run mode, perform the following actions:
1. Open the program settings window.
2. In the top part of the window select Update and then select Update Settings.
3. In the right part of the window click the Run mode button.
4. In the Update window on the Run mode tab in the Schedule section select the required
update run mode.

If you have selected the By schedule variant and an update was skipped for any reason (for
example, the computer was not on at that time), you can configure the task to start automatically
as soon as it becomes possible. To do so, check the Run skipped tasks box.
You can also postpone automatic start of the task after the application startup. For this, in the
Postpone running after application startup for field specify the time. A scheduled task will be
run only when the specified time has expired after Kaspersky PURE 3.0 startup.
5. Click the OK button, to save the made changes.

Running update under different user account
By default, the update procedure is run under your system account. However, Kaspersky PURE
3.0 can update from a source for which you have no access rights (for example, from a network
folder containing updates) or authorized proxy user credentials. You can run Kaspersky PURE
3.0 updates on behalf of the user account that has such rights.
To start the update under a different user's account, perform the following actions:
1. Open the application settings window.
2. In the top part of the window select Update, and then select Update Settings.
3. In the right part of the window click the Run mode button.
4. In the Update window on the Run mode tab in the User account section check the Run
task as box. In the fields below specify the user name and password.
5. Click the OK button, to save the made changes.
Selecting an update source
Update source is a resource containing updates for databases and application modules of
Kaspersky PURE 3.0. Update sources can be HTTP or FTP servers, or local or network folders.
The main update sources are Kaspersky Lab update servers where database updates and
application module updates for all Kaspersky Lab products are stored.
If you do not have access to Kaspersky Lab update servers (for example, the access to the
Internet is restricted), you can call the Kaspersky Lab headquarters
(http://www.kaspersky.com/contacts) to request contact information of b partners who can
provide you with updates on removable media.
When ordering updates on removable drives, specify if you need updates for application
modules.

By default, the list of update sources contains only Kaspersky Lab update servers. If several
resources are selected as update sources, Kaspersky PURE 3.0 tries to connect to them