The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.
System Watcher receives data on the actions of applications on a protected virtual machine and provides this information to other application components for more effective protection.
Behavior stream signatures
Behavior Stream Signatures (BSS) (also called "behavior stream signatures" and "behavior stream signatures of applications") contain sequences of application actions that Kaspersky Security classifies as dangerous. If application activity matches a behavior stream signature, Kaspersky Security performs the specified action. Kaspersky Security functionality based on behavior stream signatures provides proactive defense for the virtual machine.
Rolling back actions that have been performed by malware
Based on information received by the System Watcher component, Kaspersky Security can roll back actions that have been performed by malware in the operating system while performing disinfection.
A rollback of malware actions can be initiated by File Anti-Virus or during a virus scan.
Rolling back malware activity has no adverse effects on the operating system or the integrity of protected virtual machine data.