January 10, 2024
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
The System Watcher component analyzes the behavior of applications on a protected virtual machine and provides this information to other application components to improve their performance.
The System Watcher component utilizes Behavior Stream Signatures (BSS). Behavior stream signatures contain sequences of actions taken by applications that Kaspersky Security classifies as dangerous. If application activity corresponds to a behavior stream signature, Kaspersky Security performs the specified action. Use of behavior stream signatures lets you detect brand new and unknown malicious programs based on their behavior and stop their activity, thereby providing proactive protection of the virtual machine.
Based on information received by the System Watcher component, Kaspersky Security can roll back actions that have been performed by malware in the operating system. A rollback of malware actions can be initiated by File Anti-Virus or during a virus scan.
Rolling back malware activity has no adverse effects on the operating system or the integrity of protected virtual machine data.
The System Watcher component can also protect shared folders against external encryption by monitoring operations performed from a remote device.
The System Watcher component monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS file system.
This section describes how to configure System Watcher settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the System Watcher settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → System Watcher).