Changing the action taken when malware activity is detected

When Kaspersky Security detects malicious activity of an application, it takes the action defined in the settings of the System Watcher component. By default, when Kaspersky Security detects malware activity, it terminates the malicious program and removes the executable file of the program.

To change the action of System Watcher through Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the Light Agent for Windows policy properties window, select the System Watcher section in the list on the left.

    In the right part of the window, the System Watcher component's settings are displayed.

  6. In the Proactive Defense section, in the On detecting malware activity drop-down list, select the relevant action:
    • Select action automatically. If this item is selected and Kaspersky Security detects malicious activity of a program, it performs the default actions set by Kaspersky experts: terminates the malicious program and deletes the executable file of this program.

      This action is set by default.

    • Terminate the malicious program and delete the executable file. If this item is selected and Kaspersky Security detects malicious activity of a program, it terminates this program and deletes its executable file.
    • Terminate the malicious program. If this item is selected and Kaspersky Security detects malicious activity of a program, it terminates this program.
    • Skip. If this item is selected and Kaspersky Security detects malicious activity of a program, it does not take any action on the executable file of this program.
  7. Click the Apply button.

To change the action of System Watcher in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Anti-Virus protection section, select System Watcher.

    In the right part of the window, the System Watcher component's settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. In the Proactive Defense section, in the On detecting malware activity drop-down list, select the relevant action:
    • Select action automatically. If this item is selected, on detecting malicious activity Kaspersky Security performs the default actions specified by Kaspersky specialists: Kaspersky Security terminates the malicious program and deletes the executable file of this program.

      This action is set by default.

    • Terminate the malicious program and delete the executable file. If this item is selected and Kaspersky Security detects malicious activity of a program, it terminates this program and deletes its executable file.
    • Terminate the malicious program. If this item is selected, on detecting malicious activity Kaspersky Security terminates this application.
    • Skip. If this item is selected, on detecting malicious activity Kaspersky Security does not take any action on the executable file of this application.
  4. To save changes, click the Save button.
Page top