Enabling and disabling Behavior Detection

By default, Behavior Detection is enabled and runs in the mode recommended by Kaspersky experts. When malicious activity is detected, Kaspersky Endpoint Security deletes the executable file of the malicious application.

It is not recommended to disable Behavior Detection unless absolutely necessary because doing so would reduce the effectiveness of the protection components. The protection components may request data collected by the Behavior Detection component to detect threats.

How to enable or disable Behavior Detection in the Administration Console (MMC)

How to enable or disable Behavior Detection in the Web Console and Cloud Console

How to enable or disable Behavior Detection in the application interface

As a result, if Behavior Detection is enabled, Kaspersky Endpoint Security will use behavior stream signatures to analyze the activity of applications in the operating system.

Page top