The Behavior Detection component receives data on the actions of applications on your computer and provides this information to other protection components to improve their performance. The Behavior Detection component utilizes Behavior Stream Signatures (BSS) for applications. If application activity matches a behavior stream signature, Kaspersky Endpoint Security performs the selected responsive action. Kaspersky Endpoint Security functionality based on behavior stream signatures provides proactive defense for the computer.
Behavior Detection component settings
Parameter |
Description |
---|---|
Action on malware activity detection |
Delete. If this option is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup. Block. If this option is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application. Inform. If this option is selected and malicious activity of an application is detected, Kaspersky Endpoint Security does not terminate this application but adds information about the malicious activity of this application to the list of active threats. |
Protect shared folders |
If the toggle button is switched on, Kaspersky Endpoint Security analyzes activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, Kaspersky Endpoint Security performs the selected action. Kaspersky Endpoint Security prevents external encryption of only those files that are located on media that have the NTFS file system and are not encrypted by the EFS system.
If the Remediation Engine component is enabled and the Block connection for N min option is selected, modified files are restored from backup copies. |
Protection scope |
The protection scope is a list of paths to shared folders in which Kaspersky Endpoint Security monitors file activity. Kaspersky Endpoint Security supports environment variables and the |
Exclusions by name or IP address |
Exclusions by name or IP address. List of computers from which attempts to encrypt shared folders will not be monitored. To apply the list of exclusions of computers from protection of shared folders against external encryption, you must enable Audit Logon in the Windows security audit policy. Audit Logon is disabled by default. For more details about a Windows security audit policy, please visit the Microsoft website. Exclusions by mask. Protection scope exclusions. Excluding a folder from the protection scope can reduce the amount of false positives if your organization uses data encryption when exchanging files using shared folders. For example, Behavior Detection can raise false positives when the user works with files with the ENC extension in a shared folder. Such activity matches a behavioral pattern that is typical for external encryption. If you have encrypted files in a shared folder to protect data, add that folder to exclusions. Use masks:
|