Kaspersky Lab Internet Security 2011, Base, 5U, 1Y, ENG KL1837UCEFS 用户手册
产品代码
KL1837UCEFS
U
S E R
G
U I D E
112
C
HANGING THE DANGEROUS ACTIVITY MONITORING RULE
Applications' actions classified as dangerous activity cannot be edited. You can perform the following actions:
), by listing applications the activities of which you do not consider
dangerous;
edit the rule that Proactive Defense uses when it detects dangerous activity.
To edit Proactive Defense rule:
1. Open the application settings window.
2. In the left part of the window, in the Protection Center section, select the Proactive Defense component.
3. Click the Settings button in the right part of the window.
4. In the Proactive Defense window that opens, in the Event column, select the required event for which you want
to edit the rule.
5. Configure the settings for the selected event using the links in the Rule description section. For example:
a. Click the link with the preset action and select the required action in the Select action window that opens.
b. Click the On / Off link to indicate that a report on operation execution should be created.
S
YSTEM
W
ATCHER
System Watcher collects data about applications actions on your computer and provides information to other
components for improved protection.
components for improved protection.
If saving applications' activity logs is enabled, System Watcher allows you to roll back actions performed by malicious
programs (see page
programs (see page
). Rolling back actions after malicious activity is detected in the system can be initiated either by
the System Watcher component based on patterns of dangerous activity (see section "Using patterns of dangerous
activity (BSS)" on page
activity (BSS)" on page
), or by Proactive Defense, and during virus scan task run or File Anti-Virus operation (see
The component's response to matching between applications' actions and patterns of dangerous activity and rollback of
malicious programs' actions depend on Kaspersky Internet Security's mode of operation.
malicious programs' actions depend on Kaspersky Internet Security's mode of operation.
If suspicious actions are detected in the system, Kaspersky Internet Security protection components can request Activity
monitor for additional information. When Kaspersky Internet Security runs in interactive mode, you can view the event
data collected by the System Watcher component in a dangerous activity report, which helps you make a decision when
selecting actions in the notification window. When the component detects a malicious program, the link to the System
Watcher's report is displayed in the top part of the notification window (see page
monitor for additional information. When Kaspersky Internet Security runs in interactive mode, you can view the event
data collected by the System Watcher component in a dangerous activity report, which helps you make a decision when
selecting actions in the notification window. When the component detects a malicious program, the link to the System
Watcher's report is displayed in the top part of the notification window (see page
), prompting you for action.
I
N THIS SECTION
:
Enabling and disabling System Watcher .......................................................................................................................
Using patterns of dangerous activity (BSS) ...................................................................................................................
Rolling back a malicious program's actions ...................................................................................................................