In interactive protection mode you can view data about an incident collected by the System Watcher
component. These data are then saved to a report showing history of dangerous activity. This report with the program actions helps to make a decision and to select the required action in the notification window.
When the component detects potentially dangerous software, a link to the System Watcher report is displayed at the top of the notification window with a request for action.
A new functionality of preventing and blocking actions of exploit-programs has been included into the System Watcher component.
Use of the updatable heuristics technology (set of templates of dangerous applications behavior updated on a regular basis) allows adding new patterns to the existing heuristic databases and, therefore, do not update the whole module. New signatures are added during anti-virus databases update. Heuristic analysis use allows blocking malicious actions of an application according to signatures of heuristic database.
In Kaspersky Internet Security you can configure the System Watcher settings to apply a selected action when the application’s activity matches a dangerous behavior template.System Watcher
uses heuristic analysis
to detect actions which partially match to patterns of dangerous activity. If such actions are detected the application will ask a user to select an action to be performed with a suspicious program
Depending on the selected protection mode you can set the following actions:
- Select action automatically (if automatic protection mode is enabled). In this case System Watcher will automatically apply an action recommended by Kaspersky Lab specialists.
- Prompt for action (if interactive protection mode is enabled). In this case System Watcher will inform you of a detected suspicious activity and will prompt for action: allow or block the activity.
- Select action:
- Terminate the malware (all malware processes will be terminated).
- Ignore (no actions will be applied to the malware).
Rolling back malware actions
On the basis of the information collected, the System Watcher
component allows you to roll back malware actions. In Kaspersky Internet Security 2013
, information about suspicious actions in the system is collected not only for the current session, but also for previous sessions. This makes it possible to roll back all actions performed by the application if the application is subsequently recognized as malicious. Rolling back actions after malicious activity is detected in the system can be initiated either by the System Watcher
component on the basis of patterns of dangerous behavior, or by Proactive Defense
, or by running a virus scan task, or during the operations of File Anti-Virus
Application Control module
Kaspersky Internet Security includes the Applications Activity module with which you can view information about installed and running applications (such as information about an application's status and the level of trust attributed to it by Kaspersky Internet Security).