System Watcher: Heuristic Analyzer - Kaspersky Lab
System Watcher: Heuristic Analyzer - Kaspersky Lab
System Watcher: Heuristic Analyzer - Kaspersky Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Kaspersky</strong> PURE 2.0<br />
<strong>System</strong> <strong>Watcher</strong>. <strong>Heuristic</strong> Analysis<br />
Using patterns of dangerous behavior (BSS)<br />
Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of<br />
actions typical of applications classified as dangerous. In addition to exact matching between<br />
applications' activities and patterns of dangerous activity, <strong>System</strong> <strong>Watcher</strong> also detects<br />
actions that partly match patterns of dangerous activity, being considered suspicious based on<br />
the heuristic analysis. If suspicious activity is detected, <strong>System</strong> <strong>Watcher</strong> prompts the user for<br />
action regardless of the operation mode.<br />
Upon detection of a new virus or new modification of already known malware the application<br />
does not update the entire <strong>System</strong> <strong>Watcher</strong> component, but simply adds a new template to<br />
the database of heuristics and updates it together with the <strong>Kaspersky</strong> <strong>Lab</strong> databases.<br />
To select the action that the component should perform if an application's activity matches a<br />
pattern of dangerous activity, perform the following actions:<br />
1. Open the application settings window.<br />
2. In the left part of the window under Protection select <strong>System</strong> <strong>Watcher</strong>.<br />
3. In the right part of the component settings in the <strong>Heuristic</strong> Analysis section check the<br />
Use behavior stream signatures (BSS) box.<br />
4. In the On detecting malware activity section perform the following actions:<br />
► Select the Select action automatically variant (if the automatic protection mode is<br />
enabled). In this case <strong>System</strong> <strong>Watcher</strong> will automatically apply an action<br />
recommended by <strong>Kaspersky</strong> <strong>Lab</strong> specialists.<br />
► Select the Prompt for action variant (if the interactive protection mode is enabled).<br />
In this case <strong>System</strong> <strong>Watcher</strong> will notify you of any suspicious activity detected in the<br />
system and will prompt for action: allow or block activity.<br />
► Choose the Select action variant:<br />
► Move file to Quarantine (malicious application will be moved to Quarantine).<br />
► Terminate the malicious application (all processes of the malicious application<br />
will be terminated).<br />
► Ignore (<strong>System</strong> <strong>Watcher</strong> takes no actions on the application).<br />
1 | 2