The Remediation Engine lets Kaspersky Industrial CyberSecurity for Nodes roll back actions that have been performed by malware in the operating system.
When rolling back malware activity in the operating system, Kaspersky Industrial CyberSecurity for Nodes performs the following actions:
File activity
Deletes executable files that were created by malware on all media except network drives.
Deletes executable files that were created by programs that have been infiltrated by malware.
Restores files that have been modified or deleted by malware.
It is not possible to restore files residing on network drives or on rewritable CD/DVD discs.
It is not possible to restore files that were encrypted with the Encryption File System (EFS). For more details on EFS operation, please visit the Microsoft website.
The application does not monitor modifications to files performed by processes at the level of the operating system kernel.
The application does not monitor modifications made to files over a network interface (for example, if a file is stored in a shared folder and a process is started remotely from another computer).
Registry activity
Deletes registry keys that were created by malware.
Kaspersky Industrial CyberSecurity for Nodes does not restore registry keys that have been modified or deleted by malware.
System activity
Terminates processes that have been initiated by malware.
Terminates processes into which a malicious application has penetrated.
Kaspersky Industrial CyberSecurity for Nodes does not resume processes that have been halted by malware.
Network activity
Blocks the network activity of malware.
Blocks the network activity of processes that have been infiltrated by malware.
A rollback of a malicious application's actions can be initiated by the Real-Time File Protection component or during an On-Demand Scan.
Rolling back malware operations affects a strictly defined set of data. Rollback has no adverse effects on the operating system or on the integrity of your computer data.