System Watcher in Kaspersky Internet Security 2011 / Kaspersky Anti-Virus 2011 collects data about applications actions on your computer and provides information to other components for improved protection.
If saving applications' activity logs is enabled, System Watcher allows you to roll back actions performed by malicious programs. Rolling back actions after malicious activity detected in the system can be initiated either by the System Watcher component based on patterns of dangerous activity, or by Proactive Defense, and during virus scan task run or File Anti-Virus operation.
If suspicious actions are detected in the system, Kaspersky Internet Security 2011 / Kaspersky Anti-Virus 2011 protection components can request Activity monitor for additional information.
When Kaspersky Internet Security 2011 / Kaspersky Anti-Virus 2011 runs in interactive mode, you can view the event data collected by the System Watcher component in a dangerous activity report, which helps you make a decision when selecting actions in the notification window. When the component detects a potentially dangerous program, the link to the Activity monitor's report is displayed in the top part of the notification window, prompting for action.
Kaspersky Anti-Virus 2011 / Kaspersky Internet Security 2011 includes a technology of updatable heuristics. Updatable heuristics are dangerous activity patterns which are regularly updated.
The technology allows to add new patterns of dangerous activity to System Watcher databases during general anti-virus databases update without updating the whole component.
You can configure the following settings for the System Watcher component: