The Behavior Detection component receives data on the actions of applications on your computer and provides this information to other protection components to improve their performance.
The Behavior Detection component utilizes Behavior Stream Signatures (BSS) for applications. If application activity matches a behavior stream signature, Kaspersky Endpoint Security performs the selected responsive action. Kaspersky Endpoint Security functionality based on behavior stream signatures provides proactive defense for the computer.
Behavior Detection component settings
Parameter |
Description |
---|---|
On detecting malware activity |
|
Protection of shared folders against external encryption |
If the toggle button is switched on, Kaspersky Endpoint Security analyzes activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Endpoint Security performs the selected action. Kaspersky Endpoint Security prevents external encryption of only those files that are located on media that have the NTFS file system and are not encrypted by the EFS system. |
On detection of external encryption of shared folders |
If the Remediation Engine component is enabled and the Block connection option is selected, Kaspersky Endpoint Security restores modified files from backup copies. |
Block connection for N minutes |
The time for which Kaspersky Endpoint Security blocks the network activity of the remote computer performing encryption of shared folders. |
Exclusions |
List of computers from which attempts to encrypt shared folders will not be monitored. To apply the list of exclusions of computers from protection of shared folders against external encryption, you must enable Audit Logon in the Windows security audit policy. Audit Logon is disabled by default. For more details about a Windows security audit policy, please visit the Microsoft website. |