About System Watcher

System Watcher collects data on the actions of applications on your computer and passes this information to other components for more reliable protection.

Behavior stream signatures

Behavior Stream Signatures (BSS) (also called "behavior stream signatures") contain sequences of application actions that Kaspersky Endpoint Security classifies as dangerous. If application activity matches a behavior stream signature, Kaspersky Endpoint Security performs the specified action. Kaspersky Endpoint Security functionality based on behavior stream signatures provides proactive defense for the computer.

By default, if application activity matches a behavior stream signature, System Watcher moves the executable file of that application to Quarantine.

Rolling back actions that have been performed by malware

Based on information that System Watcher collects, Kaspersky Endpoint Security can roll back actions that have been performed by malware in the operating system while performing disinfection.

A rollback of malware actions can be initiated by File Anti-Virus or during a virus scan.

Rolling back malware operations affects a strictly defined set of data. Rollback has no adverse effects on the operating system or on the integrity of your computer data.

Page top