Files and system registry
|
Rules for accessing system registry keys and files related to operation of the operating system or to your personal data.
The individual access settings for read, write, create, and delete operations can be defined independently by using the menu in the cells of the corresponding table columns. The menu items are described in the Intrusion Prevention rules section.
|
Network rules
|
Rules applied by Kaspersky application to regulate the network activity of an application or application group.
By default, the list displays the predefined application network rules that are recommended by Kaspersky experts. You cannot delete or edit predefined network rules (except changing the action in the Permission column; please refer to the description of available actions in the Intrusion Prevention rules section).
When adding or editing a rule, you can define the following settings:
- Action:
- Allow. Kaspersky application allows the network connection.
- Block. Kaspersky application blocks the network connection.
- Ask user. If the Perform recommended actions automatically check box is cleared under Settings → Security settings → Exclusions and actions on object detection, Kaspersky application asks the user to decide whether or not to allow or deny the network connection. If the check box is selected, the action is chosen automatically. You can follow the footnote in the application window to read about exactly which action will be selected.
- Name.
- Direction:
- Inbound. Kaspersky application applies the rule to network connections opened by a remote computer.
- Outbound. Kaspersky application applies the rule to the network connection that was opened by your computer.
- Inbound / Outbound. Kaspersky application applies the rule both to inbound and outbound data packets or streams, regardless of which computer (your computer or a remote computer) initiated the network connection.
- Protocol.
- ICMP settings. You can specify the type and code of data packets to be scanned. The settings section is available if the ICMP or ICMPv6 protocols are selected.
- Remote ports (ports of a remote computer).
- Local ports (ports of your computer).
You can specify a range of remote or local ports (for example, 6660–7000 ), list multiple ports separated by commas, or combine both methods (for example, 80–83,443,1080 ).
- Address:
- Any address.
- Subnet addresses. Kaspersky application applies the rule to IP addresses of all networks that are currently connected and are of the specified type (Public, Local or Trusted). The network type can be selected from the drop-down list that is displayed below if the Subnet addresses option is selected.
- Addresses from the list. Kaspersky application applies the rule to IP addresses within the specified range. You can specify IP addresses in the Remote address field, which is displayed below if the Addresses from the list option is selected.
- Network adapters traversed by network packets.
- Use of TTL. Kaspersky application controls the transmission of network packets whose time to live (TTL) does not exceed the specified value.
- Logging events to Kaspersky application report.
To quickly add a rule, you can select one of the predefined templates in the drop-down list in the lower part of the window.
|
Exclusions
(only in the Application rules window)
|
You can select rules that will be used to exclude an application from scans:
- Do not scan opened files.
- Do not monitor application activity. Intrusion Prevention does not monitor any application activity.
- Do not inherit restrictions from the (application’s) parent process. If restrictions of a parent process or application are not inherited, application activity is monitored according to your defined rules or according to the rules of the trust group to which the application belongs.
- Do not monitor the activity of child applications.
- Do not block interaction with Kaspersky application interface. The application is allowed to manage Kaspersky application by using its graphical interface. You may need to allow the application to manage the interface of Kaspersky application when using a remote desktop connection application or an application supporting the operation of a data input device. Examples of such devices include touch pads and graphic tablets.
- Do not scan all traffic (or encrypted traffic). Depending on the selected option (Do not scan all traffic or Do not scan encrypted traffic), Kaspersky application excludes all network traffic of the application or traffic transmitted over SSL from being scanned. The value of this setting does not affect Firewall operation: Firewall scans application traffic in accordance with Firewall settings. Exclusions affect Mail Anti-Virus, Safe Browsing, and Anti-Spam. You can specify the IP addresses or network ports to which the traffic control restriction must apply.
|