System Watcher - Kaspersky Lab

More documents

Recommendations

Info

Kaspersky Anti-Virus 2012 heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for action regardless of the operation mode. Upon detection of a new virus or new modification of already known malware the application does not update the entire System Watcher component, but simply adds a new template to the database of heuristics and updates it together with the Kaspersky Lab databases. To select the action that the component should perform if an application's activity matches a pattern of dangerous activity, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection Center select System Watcher. 3. In the right part of the component settings in the Heuristic Analysis section check the Use updatable patterns of dangerous activity (BSS) box. 4. In the On detecting malware activity section perform the following actions: ► Select the Select action automatically variant (if the automatic protection mode is enabled). In this case System Watcher will automatically apply an action recommended by Kaspersky Lab specialists. ► Select the Prompt for action variant (if the interactive protection mode is enabled). In this case System Watcher will notify you of any suspicious activity detected in the system and will prompt for action: allow or block activity. ► Choose the Select action variant: ► Move file to Quarantine (malicious application will be moved to Quarantine). ► Terminate the malicious application (all processes of the malicious application will be terminated). ► Ignore (System Watcher takes no actions on the application). 5. Click the Apply button. 3 | 5
Kaspersky Anti-Virus 2012 Rolling back actions performed by malware You can use the product feature for rolling back the actions performed by malware in the system. To enable a roll-back, System Watcher should log the history of program activity. By default, KAV 2012 rolls back relevant operations automatically when the protection components detect malicious activity (rolling back actions after malicious activity is detected in the system can be initiated either by the System Watcher component based on patterns of dangerous activity, or by Proactive Defense, and during virus scan task run or File Anti-Virus operation). When running in interactive mode, System Watcher prompts the user for action. You can specify the operation which should be performed whenever malicious activity is detected. The procedure of rolling back malware operations affects a strictly defined set of data. It causes no negative consequences for the operating system or data integrity on your computer. To configure rollback of malware operations, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection Center select System Watcher. 3. In the right part of the component settings in the Rollback of malware action s section specify actions that System Watcher should perform if it has a possibility to roll back changes made by a malicious program: ► Select the Select action automatically variant (if the automatic protection mode is enabled). In this case System Watcher will automatically apply an action recommended by Kaspersky Lab specialists. ► Select the Prompt for action variant (if the interactive protection mode is enabled). In this case System Watcher will notify you that rollback is necessary and will prompt for action: perform or cancel rollback. ► Select action If you choose the Select action variant, select an action from the drop-down list: ► Roll back ► Do not roll back 4 | 5
Page 1 and 2: Anti-Virus 2012 System Watcher
Page 3: Kaspersky Anti-Virus 2012 System Wa

System Watcher - Kaspersky Lab

Create successful ePaper yourself

Delete template?

Save as template?