By default, Behavior Detection is enabled and runs in the mode recommended by Kaspersky experts. When malicious activity is detected, Kaspersky Endpoint Security deletes the executable file of the malicious application.
It is not recommended to disable Behavior Detection unless absolutely necessary because doing so would reduce the effectiveness of the protection components. The protection components may request data collected by the Behavior Detection component to detect threats.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Advanced Threat Protection → Behavior Detection.
Use the Behavior Detection check box to enable or disable the component.
Select the relevant action in the Action on malware activity detection block:
Delete. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
Block. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application.
Inform. If this item is selected and malware activity of an application is detected, Kaspersky Endpoint Security adds information about the malware activity of the application to the list of active threats.
Save your changes. To apply the policy on computers, close the padlocks .
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Advanced Threat Protection → Behavior Detection.
Use the Behavior Detection toggle to enable or disable the component.
Select the relevant action in the Action on malware activity detection block:
Delete. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
Block. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application.
Inform. If this item is selected and malware activity of an application is detected, Kaspersky Endpoint Security adds information about the malware activity of the application to the list of active threats.
Save your changes. To apply the policy on computers, close the padlocks .
In the application settings window, select Advanced Threat Protection → Behavior Detection.
Behavior Detection settings
Use the Behavior Detection toggle to enable or disable the component.
Select the relevant action in the Action on malware activity detection block:
Delete. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security deletes the executable file of the malicious application and creates a backup copy of the file in Backup.
Block. If this item is selected, on detecting malicious activity Kaspersky Endpoint Security terminates this application.
Inform. If this item is selected and malware activity of an application is detected, Kaspersky Endpoint Security adds information about the malware activity of the application to the list of active threats.
Save your changes.
As a result, if Behavior Detection is enabled, Kaspersky Endpoint Security will use behavior stream signatures to analyze the activity of applications in the operating system.