Applies to Kaspersky PURE R2
Features of the Proactive defense module, which controls and analyzes behavior of all programs installed on the PC, have been improved In Kaspersky PURE R2. Based on the program’s actions Kaspersky PURE R2 makes a decision whether the program is dangerous or not. Thus your computer is protected both from already known and new viruses.
The difference compared with
Application Control is that
Proactive Defense detects specific activity sequences.
Proactive Defense analyses activity of all applications, even if an application is included to the list of trusted applications of
Application Control.
The following activity can be referred to as dangerous or malicious software behavior:
- Trojan-like activity
- access to the system resources (e.g. to the system registry)
- program self-copying into the network resources, autorun folder and system registry with the further sending of its copies
- keylogger
- hidden drivers install
- operating system kernel modification
- hidden object and hidden process
- file HOSTS modification
- intrusion into other processes
- sending of DNS-queries
All above mentioned types of activities are controlled and analyzed by the product with the help of statistical set of heuristics (models of suspicious application activities). In order to increase the response time to new threats a special functionally – support of
updatable heuristics - is embedded into
Kaspersky PURE R2, additionally to the static sets of heuristics.
Updatable heuristics are a regularly updated set of templates (signatures) of the programs' dangerous behavior. Unlike previous product version upon detection of a new virus or new modification of the already known malware the new technology allows updating not the whole module of
Proactive defense, but adding a new signature to the heuristics database and updating it together with the anti-virus databases of the product.
Besides the possibility of regular update, the heuristics database also supports trial behavior templates. If Proactive defense according to one of these templates detects the application behavior as suspicious, then a special report is sent to Kaspersky Lab via Kaspersky Security Network (KSN) (in case the user confirmed to participate in KSN). This feature allows in future minimize the possibility of false alarms.
