Kaspersky Lab WorkSpace Security EU ED, 250-499u, 1Y, RNW KL4851XATFR Manual Do Utilizador
Códigos do produto
KL4851XATFR
P
R O A C T I V E
D
E F E N S E
71
set of criteria that can determine how dangerous the activity of an application is. If analysis of a sequence of actions
considers an application suspicious, Kaspersky Anti-Virus takes the action specified in the rule for dangerous activity.
considers an application suspicious, Kaspersky Anti-Virus takes the action specified in the rule for dangerous activity.
Let us take a closer look at the Proactive Defense's algorithm.
1. Immediately after the computer is started, Proactive Defense analyzes the following factors:
Actions of each application running on the computer. Proactive Defense records the history of actions taken
in order and compares them to sequences typical of dangerous activity (a database of dangerous activity
types is included in the application installation package and is updated together with the application
databases).
in order and compares them to sequences typical of dangerous activity (a database of dangerous activity
types is included in the application installation package and is updated together with the application
databases).
Each attempt of editing the system registry by deleting or adding system registry keys, entering
inappropriate values for keys impacting viewing and editing, etc.
inappropriate values for keys impacting viewing and editing, etc.
2. The analysis is based on the allow and block rules of Proactive Defense.
3. After the analysis, you have the following available courses of action:
If the activity meets the conditions of the Proactive Defense allow rule or does not match any block rule, it
will not be blocked.
will not be blocked.
If a block rule covers the activity, the component's further steps will be determined by the instructions
specified in the rule. Such activity is usually blocked. A notification will be displayed on the screen
specifying the application, its activity type, and the history of actions taken. You should make a decision on
whether you want to block, or to allow this activity. You can create a rule for such activity and cancel the
actions taken in the system.
specified in the rule. Such activity is usually blocked. A notification will be displayed on the screen
specifying the application, its activity type, and the history of actions taken. You should make a decision on
whether you want to block, or to allow this activity. You can create a rule for such activity and cancel the
actions taken in the system.
S
EE ALSO
Proactive Defense ...........................................................................................................................................................
A
PPLICATION
A
CTIVITY
A
NALYZER
The Application Activity Analyzer component of Kaspersky Anti-Virus monitors applications' activity on your computer.
The application includes a set of event descriptions that can be regarded as dangerous. A monitoring rule is created for
each such event. If the activity of any application is classified as a dangerous event, Proactive Defense will strictly adhere
to the instructions stated in the rule for that event.
The application includes a set of event descriptions that can be regarded as dangerous. A monitoring rule is created for
each such event. If the activity of any application is classified as a dangerous event, Proactive Defense will strictly adhere
to the instructions stated in the rule for that event.
S
EE ALSO
Using the list of dangerous activity ..................................................................................................................................
Changing the dangerous activity monitoring rule .............................................................................................................
System accounts control .................................................................................................................................................
Proactive Defense events ................................................................................................................................................
U
SING THE LIST OF DANGEROUS ACTIVITY
Note that configuring application control under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista
or Microsoft Windows Vista x64 differs from the configuration process applied to an application running under other
operating systems.
or Microsoft Windows Vista x64 differs from the configuration process applied to an application running under other
operating systems.