Configuring the Behavior Detection, Exploit Prevention, and Remediation Engine components on Windows devices

The Behavior Detection, Exploit Prevention, and Remediation Engine components obtain information about the actions of applications on the user's computer and provide this information to other components. Based on the information received by these components, when disinfecting malware the security application on a Windows device can also roll back the actions performed by malware in the operating system.

The Behavior Detection, Exploit Prevention, and Remediation Engine components provide proactive protection of the computer by using BSS (Behavior Stream Signatures, hereinafter also referred to as behavior templates). These templates contain sequences of actions performed by applications that have been classified as dangerous. If the activity of an application matches any of the behavior templates, the security application on the Windows device performs the specified action.

To configure the Behavior Detection, Exploit Prevention, and Remediation Engine components on Windows devices:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. Select the Security managementSecurity profiles section.

    The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

  3. In the list, select the security profile for the devices on which you want to configure the components.
  4. Click the link with the profile name to open the security profile properties window.

    The security profile properties window displays settings available for all devices.

  5. In the Windows group, select the Security settings section.
  6. Use the corresponding toggle button to enable or disable the Behavior Detection, Exploit Prevention, and Remediation Engine components.
  7. Click the Settings link under Behavior Detection, Exploit Prevention, and Remediation Engine are enabled.

    The Behavior Detection window opens.

  8. Switch the toggle button to Protection of shared folders against external encryption is enabled.

    The Protection of shared folders against external encryption option obtains and analyzes information about activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, the selected action is performed.

    Kaspersky Endpoint Security Cloud monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS.

  9. Select the action to be performed upon detection of external encryption:
    • Select Notify if you want the system to add an entry to the list of active threats.
    • Select Block connection for (minutes) if you want the system to block network activity of the computer attempting the modification.

      Specify the number of minutes for which the connection will be blocked.

  10. Click the Save button.

After the security profile is applied, the Behavior Detection, Exploit Prevention, and Remediation Engine components are configured on Windows devices.

Page top