How to protect against file-encrypting malware with Kaspersky Internet Security 2018
To reduce the risk of infection by file-encrypting malware and avoid false virus detections when you install applications and games, Kaspersky Lab specialists recommend to configure Kaspersky Internet Security 2018 as follows:
1. Create a Protected file types category
- In the main window of Kaspersky Internet Security 2018, click the gear button
.
- If you have problems opening the application window, see this guide.
- In the Settings window, go to the Protection section and select Application Control in the right frame.
- In the Application Control settings window, click Manage resources.
- In the Manage resources window, the Resources tab, select the folder wher the new category will be created.
- Click Add and select Category.
- Create the category named Protected file types and click Add.
- Select the Protected file types category and create several subcategories in it (Documents, Photos, etc.).
- Select the category corresponding to the protected files type (for example, Documents for files with the *.doc extension), click Add and select a file or folder.
- Specify the mask for the file type *.<extension>
- Click Add.
- Add the other file types the same way.
- In the Manage resources window, click Save.
2. Create rules for applications
Configure the rules for the Protected file types category on access of applications with high and low restrictions:
- In the main window of Kaspersky Internet Security 2018, click the gear button
.
- If you have problems opening the application window, see this guide.
- In the Settings window, go to the General section and clear the check box Perform recommended actions automatically.
- In the Settings window, go to the Protection section and select Application Control in the right frame.
- In the Application Control settings window, click Manage applications.
- In the Application management window, select Restrictions.
- Right-click the Trusted group and select Details and rules.
- In the Group rules window, go to the Files and system registry tab. Make sure the rule that allows to read, write, create, and delete is set for the Protected file types resource.
- Close the Group rules window.
- Right-click the Low Restricted or High Restricted group and select Details and rules.
- In the Application rules window, go to the Files and system registry tab. Make sure the Prompt for action rule is set on sections Read, Write, Create, and Delete for the Protected file types resource.
- Close the Group rules window.
3. Turn on System Watcher
Enable System Watcher and adjust its settings so that Kaspersky Internet Security 2018 can detect the launch of file-encrypting malware. The System Watcher component of Kaspersky Internet Security 2018 collects data about actions performed by applications on your computer and shares this information with other components for improved protection. When System Watcher is enabled, Kaspersky Internet Secuirty 2018 can detect and finish the malicious process. The file from which the process was run is sent to Quarantine.
4. Adjust Firewall settings
File-encrypting malware gets encryption keys from the Internet. Block Internet access for Low Restricted, High Restricted, and Untrusted groups of applications to avoid such cases.
File types
| File type | Extension |
|---|---|
Documents | .doc .docx .pdf |
.ppt .pptx .rtf | |
.odt .odp .ods | |
.djvu .xls .xlsx | |
Images | .jpg .jpeg .bmp |
.gif .png .psd | |
.cdr .dwg .max | |
.3ds | |
Archives | .rar .zip .7z |
.tar .gz | |
Multimedia | .avi .mp3 .wav |
.mkv .flac .mp4 | |
.mov .wmv | |
Databases | .mdb .1cd .sqlite |
.sql | |
Other | .kwm .iso .torrent |
.php .c .cpp | |
.pas .cer .key | |
.pst .lnk | |
