If the interactive protection mode is enabled, System Watcher collects malware activity data to a report. You can open the report by clicking the link in the upper part of the notification window of System Watcher.
A new functionality of preventing and blocking actions of exploit-programs has been included into the System Watcher component.
System Watcher analyzes applications' activity. If an application is identified as a malware, one of the following actions will be performed (according to the selected protection mode):
- Select action automatically (if the automatic protection mode is enabled). In this case, System Watcher will automatically select actions recommended by Kaspersky Lab specialists.
- Prompt for action (if the interactive protection mode is enabled). In this case, the application will notify your about suspicious actions and ask to select one of the following actions: Allow or Block.
- Delete the malware (detected malware will be deleted).
- Terminate the malware (all processes of detected malware will be terminated).
- Ignore (no actions will be performed).
Rolling back malware actions
In Kaspersky Internet Security 2014, information about suspicious actions in the system is collected not only for the current session, but also for previous sessions. This makes it possible to roll back all actions performed by the application if the application is subsequently recognized as malicious.
Rolling back actions after malicious activity is detected in the system can be initiated either by the System Watcher component on the basis of patterns of dangerous behavior, or by Proactive Defense, or by running a virus scan task, or during the operations of File Anti-Virus.
Protection against screen lockers
System Watcher includes the technology of protection against screen lockers.