The Behavior Detection component receives data on the actions of applications on your computer and provides this information to other protection components to improve their performance. The Behavior Detection component uses applications' Behavior Stream Signatures (BSS). If application activity matches a behavior stream signature, Kaspersky Endpoint Security performs the selected response action. Kaspersky Endpoint Security functionality based on behavior stream signatures provides proactive defense for the computer.
By default, Behavior Detection is enabled and runs in the mode recommended by Kaspersky experts. You can disable Behavior Detection if necessary.
In the main window of the Web Console, select Devices > Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Kaspersky Security Network > Behavior Detection.
Turn on/off the Behavior Detection toggle switch.
If Behavior Detection is enabled, select one of the following actions to be performed when malware activity is detected:
If this option is selected, when detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
If this option is selected, then when malware activity is detected, Kaspersky Endpoint Security displays a notification window with information about the malicious object and prompts the user to choose the action to be taken by Kaspersky Endpoint Security. The available actions may vary depending on the status of the object.
If this option is selected, when detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
If this option is selected, then when malware activity is detected, Kaspersky Endpoint Security displays a notification window with information about the malicious object and prompts the user to choose the action to be taken by Kaspersky Endpoint Security. The available actions may vary depending on the status of the object.
As a result, if Behavior Detection is enabled, Kaspersky Endpoint Security uses behavior stream signatures to analyze applications' activity in the operating system.
Important: We do not recommend to disable Behavior Detection unless absolutely necessary because doing so will reduce the effectiveness of protection components. To detect threats, the protection components may request data collected by the Behavior Detection component.