Remediation Engine
The Remediation Engine lets Kaspersky Endpoint Security roll back actions that have been performed by malware in the operating system.
When rolling back malware activity in the operating system, Kaspersky Endpoint Security handles the following types of malware activity:
- File activity
Kaspersky Endpoint Security performs the following actions:
- Deletes executable files that were created by malware (on all media except network drives).
- Deletes executable files that were created by programs that have been infiltrated by malware.
- Restores files that have been modified or deleted by malware.
The file recovery feature has a number of limitations.
- Registry activity
Kaspersky Endpoint Security performs the following actions:
- Deletes registry keys that were created by malware.
- Does not restore registry keys that have been modified or deleted by malware.
- System activity
Kaspersky Endpoint Security performs the following actions:
- Terminates processes that have been initiated by malware.
- Terminates processes into which a malicious application has penetrated.
- Does not resume processes that have been halted by malware.
- Network activity
Kaspersky Endpoint Security performs the following actions:
- Blocks the network activity of malware.
- Blocks the network activity of processes that have been infiltrated by malware.
A rollback of malware actions can be started by the File Threat Protection or Behavior Detection component, or during a malware scan.
Rolling back malware operations affects a strictly defined set of data. Rollback has no adverse effects on the operating system or on the integrity of your computer data.
How to enable or disable the Remediation Engine component in the Administration Console (MMC)
How to enable or disable the Remediation Engine component in the Web Console and Cloud Console
How to enable or disable the Remediation Engine component in the application interface
As a result, if Remediation Engine is enabled, Kaspersky Endpoint Security will roll back the actions taken by malicious applications in the operating system.