Remediation Engine

The Remediation Engine lets Kaspersky Endpoint Security roll back actions that have been performed by malware in the operating system.

When rolling back malware activity in the operating system, Kaspersky Endpoint Security handles the following types of malware activity:

• File activity

  Kaspersky Endpoint Security performs the following actions:

  • Deletes executable files that were created by malware (on all media except network drives).
  • Deletes executable files that were created by programs that have been infiltrated by malware.
  • Restores files that have been modified or deleted by malware.

  The file recovery feature has a number of limitations.

• Registry activity

  Kaspersky Endpoint Security performs the following actions:

  • Deletes registry keys that were created by malware.
  • Does not restore registry keys that have been modified or deleted by malware.
• System activity

  Kaspersky Endpoint Security performs the following actions:

  • Terminates processes that have been initiated by malware.
  • Terminates processes into which a malicious program has penetrated.
  • Does not resume processes that have been halted by malware.
• Network activity

  Kaspersky Endpoint Security performs the following actions:

  • Blocks the network activity of malware.
  • Blocks the network activity of processes that have been infiltrated by malware.

A rollback of malware actions can be started by the File Threat Protection or Behavior Detection component, or during a virus scan.

Rolling back malware operations affects a strictly defined set of data. Rollback has no adverse effects on the operating system or on the integrity of your computer data.

In this section File recovery limitations Enabling and disabling Remediation Engine

Page top