What is System Watcher?
The System Watcher component collects data about applications activity on the computer and provides the collected data to other components to optimize and enhance their work.
Dangerous activity patterns BSS (Behaviour Stream Signatures) contain action sequences which are identified by Kaspersky Endpoint Security 8 for Windows as malicious actions.
If an application activity is similar to these activity patterns, Kaspersky Endpoint Security 8 for Windows performs actions set by administrators.
By default, if the application activity is similar to dangerous activity patterns, System Watcher quarantines the executable file of the application.
System Watcher provides proactive protection of the computer.
According to collected data, after disinfection the application can roll back malicious actions performed in the system.
Actions rollback can be set by proactive defense, File Anti-Virus or during the computer scan.
Actions roll back does not influence on OS work and files contains.
Configuring System Watcher
In order to configure settings of malicious activity detection, perform the following actions:
- Open the settings window of the application.
- In the left part of the window select System Watcher in the Anti-Virus section.
- In the right part of the window available settings for System Watcher are displayed.
You can configure the following System Watcher settings:
- Store history of applications activity for BSS database:
- The option enables/disables applications activity history storing . The information is used for BSS databases enlarging.
By default, System Watcher stores application activity history used by the Application Control, File Anti-Virus, Firewall and Scan components in their work.
- Enable the option Do not control applications activity with digital signatures to disable monitoring of applications with digital signatures by System Watcher.
- Perform malicious actions rollback on disinfection:
- Enable the option if it is required to rollback actions performed by malicious objects after disinfection by Kaspersky Endpoint Security 8 for Windows.
- Disable the option if you wish Kaspersky Endpoint Security 8 for Windows not to roll back actions of malicious objects after disinfection.
- Use updatable patterns of dangerous activity (BSS):
- Select action automatically (set by default). In this case Kaspersky Endpoint Security 8 for Windows performs actions set by Kaspersky Lab specialists.
- Move file to Quarantine. In this case the application will quarantines a malicious executable file.
- Terminate the malicious application. In this case Kaspersky Endpoint Security 8 for Windows terminates a detected malware.
- Ignore. In this case Kaspersky Endpoint Security 8 for Windows does not perform any actions on malware detection.
- Click on the Save button to apply changes.