The Behavior Detection component receives data on the actions of applications on your computer and provides this information to other protection components, to improve their performance. The Behavior Detection component utilizes Behavior Stream Signatures (BSS) for applications. If application activity matches a behavior stream signature, Kaspersky Endpoint Security performs the selected responsive action. The Kaspersky Endpoint Security functionality is based on behavior stream signatures and provides proactive defense for the computer.
The Behavior Detection component additionally monitors network ports for application processes that may threaten the security of the computer. The application gets information about such processes with anti-virus databases.
By default, Behavior Detection is enabled and runs in the mode recommended by Kaspersky experts. When malicious activity is detected, Kaspersky Endpoint Security deletes the executable file of the malicious application.
It is not recommended to disable Behavior Detection unless absolutely necessary because doing so would reduce the effectiveness of the protection components. The protection components may request data collected by the Behavior Detection component to detect threats.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Behavior Detection.
Use the Behavior Detection check box to enable or disable the component.
Select the relevant action in the Action on malware activity detection block:
Delete. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
Block. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application.
Inform. If this item is selected and malware activity of an application is detected, Kaspersky Endpoint Security adds information about the malware activity of the application to the list of active threats.
Save your changes. To apply the policy on computers, close the padlocks .
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Behavior Analysis → Behavior Detection.
Use the Behavior Detection ENABLED toggle to enable or disable the component.
Select the relevant action in the Action on threat detection block:
Delete. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
Block. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application.
Inform. If this item is selected and malware activity of an application is detected, Kaspersky Endpoint Security adds information about the malware activity of the application to the list of active threats.
Save your changes. To apply the policy on computers, close the padlocks .
In the application settings window, select Advanced Threat Protection → Behavior Detection.
Behavior Detection settings
Use the Behavior Detection toggle to enable or disable the component.
Select the relevant action in the Action on malware activity detection block:
Delete. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
Block. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application.
Inform. If this item is selected and malware activity of an application is detected, Kaspersky Endpoint Security adds information about the malware activity of the application to the list of active threats.
Save your changes.
As a result, if Behavior Detection is enabled, Kaspersky Endpoint Security will use behavior stream signatures to analyze the activity of applications in the operating system.
.
.
button.