The Behavior Detection, Exploit Prevention, and Remediation Engine components obtain information about the actions of applications on the user's computer and provide this information to other components. Based on the information received by these components, when disinfecting malware the security application on a Windows device can also roll back the actions performed by malware in the operating system.
The Behavior Detection, Exploit Prevention, and Remediation Engine components provide proactive protection of the computer by using BSS (Behavior Stream Signatures, hereinafter also referred to as behavior templates). These templates contain sequences of actions performed by applications that have been classified as dangerous. If the activity of an application matches any of the behavior templates, the security application on the Windows device performs the specified action.
To configure the Behavior Detection, Exploit Prevention, and Remediation Engine components on Windows devices:
The Security profiles section contains a list of security profiles configured in Kaspersky Next.
The security profile properties window displays settings available for all devices.
The Behavior Detection window opens.
This option obtains and analyzes information about activity in shared folders. If this activity matches a behavior stream signature that is typical for external encryption, the selected action is performed.
By default, this option is enabled.
Kaspersky Next monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS.
Specify the number of minutes for which the connection will be blocked.
This option blocks external processes that attempt to gain access to system processes.
By default, this option is enabled.
After the security profile is applied, the Behavior Detection, Exploit Prevention, and Remediation Engine components are configured on Windows devices.
Page top