System Watcher - Kaspersky Lab

Kaspersky Anti-Virus 2012
System Watcher
System Watcher in Kaspersky Anti-Virus 2012 collects data about applications actions on your
computer and provides information to other components for improved protection.
In Kaspersky Anti-Virus 2012 you can configure the System Watcher settings to perform a
specified action when the application’s activity matches with the pattern of dangerous activity.
System Watcher also allows you to roll back actions performed by malicious programs.
Enabling/disabling System Watcher
By default, System Watcher is enabled, running in a mode that depends on the current mode of
Kaspersky Anti-Virus 2012 – automatic or interactive.
You are advised to avoid disabling the component, except for emergency cases, since this
inevitably impacts efficiency of Proactive Defense and other protection components operation
that may request the data collected by System Watcher in order to identify the potential threat
detected.
To disable System Watcher, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection Center select System Watcher.
3. In the right part of the window
► Uncheck the Enable System Watcher box, if you want to disable the component.
► Check the Enable System Watcher box, if you want to enable the component.
4. Click the Apply button.
Using patterns of dangerous behavior (BSS)
Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of
actions typical of applications classified as dangerous. In addition to exact matching between
applications' activities and patterns of dangerous activity, System Watcher also detects actions
that partly match patterns of dangerous activity, being considered suspicious based on the
2 | 5