Kaspersky Internet Security 2012
Kaspersky Internet Security 2012
Kaspersky Internet Security 2012
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong><br />
User Guide<br />
APPLICATION VERSION: 12.0
Dear User!<br />
Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers<br />
to most of your questions that may arise.<br />
Warning! This document is the property of <strong>Kaspersky</strong> Lab ZAO (herein also referred to as <strong>Kaspersky</strong> Lab): all rights to<br />
this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal<br />
reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability in<br />
accordance with applicable law.<br />
Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission<br />
of <strong>Kaspersky</strong> Lab.<br />
This document and related graphic images can be used exclusively for informational, non-commercial or personal use.<br />
This document may be amended without prior notification. The latest version of this document can be found on the<br />
<strong>Kaspersky</strong> Lab website at http://www.kaspersky.com/docs.<br />
<strong>Kaspersky</strong> Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in this<br />
document the rights to which are held by third parties, or for any potential damages associated with the use of such<br />
documents.<br />
This document uses registered trademarks and service marks which are the property of their respective owners.<br />
Document revision date: 4/19/2011<br />
© 1997-2011 <strong>Kaspersky</strong> Lab ZAO. All Rights Reserved.<br />
http://www.kaspersky.com<br />
http://support.kaspersky.com<br />
2
CONTENT<br />
ABOUT THIS GUIDE ..................................................................................................................................................... 9<br />
In this guide .............................................................................................................................................................. 9<br />
Document conventions ........................................................................................................................................... 11<br />
SOURCES OF INFORMATION ABOUT THE APPLICATION ..................................................................................... 12<br />
Sources of information for independent research ................................................................................................... 12<br />
Discussing <strong>Kaspersky</strong> Lab applications on the Forum ........................................................................................... 13<br />
Contacting the Sales Department ........................................................................................................................... 13<br />
Contacting the Documentation Development Team by email ................................................................................. 13<br />
KASPERSKY INTERNET SECURITY.......................................................................................................................... 14<br />
What's new ............................................................................................................................................................. 14<br />
Distribution kit ......................................................................................................................................................... 14<br />
Service for registered users .................................................................................................................................... 15<br />
Hardware and software requirements ..................................................................................................................... 15<br />
INSTALLING AND REMOVING THE APPLICATION .................................................................................................. 17<br />
Standard installation procedure .............................................................................................................................. 17<br />
Step 1. Searching for a newer version of the application .................................................................................. 18<br />
Step 2. Making sure the system meets the installation requirements ............................................................... 18<br />
Step 3. Selecting installation type ..................................................................................................................... 19<br />
Step 4. Reviewing the license agreement ......................................................................................................... 19<br />
Step 5. <strong>Kaspersky</strong> <strong>Security</strong> Network Data Collection Statement ...................................................................... 19<br />
Step 6. Searching for incompatible applications ............................................................................................... 19<br />
Step 7. Selecting the destination folder ............................................................................................................. 20<br />
Step 8. Preparing for installation ....................................................................................................................... 20<br />
Step 9. Installing ............................................................................................................................................... 21<br />
Step 10. Finishing the installation ..................................................................................................................... 21<br />
Step 11. Activating the application .................................................................................................................... 21<br />
Step 12. Registering a user............................................................................................................................... 21<br />
Step 13. Completing the activation ................................................................................................................... 22<br />
Updating the previous version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>................................................................................ 22<br />
Step 1. Searching for a newer version of the application .................................................................................. 23<br />
Step 2. Making sure the system meets the installation requirements ............................................................... 23<br />
Step 3. Selecting installation type ..................................................................................................................... 24<br />
Step 4. Reviewing the license agreement ......................................................................................................... 24<br />
Step 5. <strong>Kaspersky</strong> <strong>Security</strong> Network Data Collection Statement ...................................................................... 24<br />
Step 6. Searching for incompatible applications ............................................................................................... 24<br />
Step 7. Selecting the destination folder ............................................................................................................. 25<br />
Step 8. Preparing for installation ....................................................................................................................... 25<br />
Step 9. Installing ............................................................................................................................................... 26<br />
Step 10. Wizard completion .............................................................................................................................. 26<br />
Non-standard installation scenarios ........................................................................................................................ 26<br />
Getting started ........................................................................................................................................................ 27<br />
Removing the application ....................................................................................................................................... 27<br />
Step 1. Saving data for reuse............................................................................................................................ 27<br />
Step 2. Confirmation of application removal...................................................................................................... 28<br />
3
U S E R G U I D E<br />
Step 3. Removing the application. Completing removal .................................................................................... 28<br />
LICENSING THE APPLICATION ................................................................................................................................. 29<br />
About the End User License Agreement ................................................................................................................ 29<br />
About data provision ............................................................................................................................................... 29<br />
About the license .................................................................................................................................................... 29<br />
About the activation code ....................................................................................................................................... 30<br />
APPLICATION INTERFACE ........................................................................................................................................ 31<br />
The notification area icon........................................................................................................................................ 31<br />
The context menu ................................................................................................................................................... 32<br />
The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window ....................................................................................................... 33<br />
Notification windows and pop-up messages ........................................................................................................... 34<br />
The application settings window ............................................................................................................................. 36<br />
The <strong>Kaspersky</strong> Gadget ........................................................................................................................................... 37<br />
News Agent ............................................................................................................................................................ 37<br />
STARTING AND STOPPING THE APPLICATION ...................................................................................................... 38<br />
Enabling and disabling automatic launch ............................................................................................................... 38<br />
Launching and closing the application manually ..................................................................................................... 38<br />
MANAGING THE COMPUTER PROTECTION ............................................................................................................ 39<br />
Diagnostics and elimination of problems in your computer protection .................................................................... 39<br />
Enabling and disabling the protection ..................................................................................................................... 40<br />
Pausing and resuming protection ........................................................................................................................... 41<br />
SOLVING TYPICAL TASKS ......................................................................................................................................... 43<br />
How to activate the application ............................................................................................................................... 43<br />
How to purchase or renew a license ....................................................................................................................... 44<br />
What to do when application notifications appear ................................................................................................... 45<br />
How to update application databases and modules .............................................................................................. 45<br />
How to scan critical areas of your computer for viruses ........................................................................................ 46<br />
How to scan a file, folder, disk, or another object for viruses .................................................................................. 46<br />
How to perform a full scan of your computer for viruses ........................................................................................ 48<br />
How to scan your computer for vulnerabilities ........................................................................................................ 48<br />
How to protect your personal data against theft ..................................................................................................... 48<br />
Protection against phishing ............................................................................................................................... 49<br />
Protection against data interception at the keyboard ........................................................................................ 50<br />
Protection of confidential data entered on websites .......................................................................................... 51<br />
What to do if you suspect an object is infected with a virus .................................................................................... 51<br />
How to run an unknown application without doing any harm to the system ........................................................... 52<br />
What to do with a large number of spam messages ............................................................................................... 52<br />
What to do if you suspect your computer is infected .............................................................................................. 53<br />
How to restore a file that has been deleted or disinfected by the application ........................................................ 54<br />
How to create and use a Rescue Disk .................................................................................................................... 54<br />
Creating a Rescue Disk .................................................................................................................................... 55<br />
Starting the computer from the Rescue Disk..................................................................................................... 57<br />
How to view the report on the application's operation ............................................................................................. 57<br />
How to restore default application settings ............................................................................................................. 58<br />
How to transfer settings to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installed on another computer ......................................... 59<br />
How to use the <strong>Kaspersky</strong> Gadget ......................................................................................................................... 59<br />
How to know the reputation of an application ......................................................................................................... 61<br />
4
C O N T E N T<br />
ADVANCED APPLICATION SETTINGS ...................................................................................................................... 62<br />
General protection settings ..................................................................................................................................... 63<br />
Restricting access to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ............................................................................................ 63<br />
Selecting a protection mode.............................................................................................................................. 64<br />
Scan ....................................................................................................................................................................... 64<br />
Virus scan ......................................................................................................................................................... 64<br />
Vulnerability Scan ............................................................................................................................................. 72<br />
Managing scan tasks. Task Manager ............................................................................................................... 72<br />
Update .................................................................................................................................................................... 72<br />
Selecting an update source............................................................................................................................... 73<br />
Creating the update startup schedule ............................................................................................................... 75<br />
Rolling back the last update .............................................................................................................................. 76<br />
Running updates under a different user account .............................................................................................. 76<br />
Using a proxy server ......................................................................................................................................... 77<br />
File Anti-Virus ......................................................................................................................................................... 77<br />
Enabling and disabling File Anti-Virus ............................................................................................................... 78<br />
Automatically pausing File Anti-Virus ................................................................................................................ 78<br />
Creating the protection scope of File Anti-Virus ................................................................................................ 79<br />
Changing and restoring the file security level.................................................................................................... 80<br />
Selecting file scan mode ................................................................................................................................... 80<br />
Using heuristic analysis when working with File Anti-Virus ............................................................................... 81<br />
Selecting file scan technology ........................................................................................................................... 81<br />
Changing the action to take on infected files..................................................................................................... 81<br />
Scan of compound files by File Anti-Virus ......................................................................................................... 82<br />
Optimizing file scan ........................................................................................................................................... 83<br />
Mail Anti-Virus ........................................................................................................................................................ 83<br />
Enabling and disabling Mail Anti-Virus .............................................................................................................. 84<br />
Creating the protection scope of Mail Anti-Virus ............................................................................................... 84<br />
Changing and restoring the email security level ................................................................................................ 85<br />
Using heuristic analysis when working with Mail Anti-Virus ............................................................................. 86<br />
Changing the action to take on infected email messages ................................................................................. 86<br />
Filtering attachments in email messages .......................................................................................................... 86<br />
Scan of compound files by Mail Anti-Virus ........................................................................................................ 87<br />
Email scanning in Microsoft Office Outlook ....................................................................................................... 87<br />
Email scanning in The Bat! ............................................................................................................................... 87<br />
Web Anti-Virus ........................................................................................................................................................ 88<br />
Enabling and disabling Web Anti-Virus ............................................................................................................. 89<br />
Changing and restoring the web traffic security level ........................................................................................ 90<br />
Changing the action to take on dangerous objects from web traffic ................................................................. 90<br />
Checking URLs on web pages .......................................................................................................................... 90<br />
Using heuristic analysis when working with Web Anti-Virus ............................................................................. 93<br />
Blocking dangerous scripts ............................................................................................................................... 93<br />
Scan optimization .............................................................................................................................................. 94<br />
Controlling access to regional domains ............................................................................................................ 94<br />
Controlling access to online banking services................................................................................................... 95<br />
Creating a list of trusted addresses ................................................................................................................... 95<br />
IM Anti-Virus ........................................................................................................................................................... 96<br />
Enabling and disabling IM Anti-Virus ................................................................................................................ 96<br />
5
U S E R G U I D E<br />
Creating the protection scope of IM Anti-Virus .................................................................................................. 96<br />
Checking URLs in messages from IM clients .................................................................................................... 97<br />
Using heuristic analysis when working with IM Anti-Virus ................................................................................. 97<br />
Proactive Defense .................................................................................................................................................. 97<br />
Enabling and disabling Proactive Defense ........................................................................................................ 98<br />
Creating a group of trusted applications ........................................................................................................... 98<br />
Using the dangerous activity list ........................................................................................................................ 99<br />
Changing the action to be taken on applications' dangerous activity ................................................................ 99<br />
System Watcher ..................................................................................................................................................... 99<br />
Enabling and disabling System Watcher ......................................................................................................... 100<br />
Using patterns of dangerous activity (BSS)..................................................................................................... 100<br />
Rolling back a malicious program's actions .................................................................................................... 101<br />
Application Control ............................................................................................................................................... 101<br />
Enabling and disabling Application Control ..................................................................................................... 102<br />
Placing applications into groups ...................................................................................................................... 102<br />
Viewing application activity ............................................................................................................................. 103<br />
Modifying a group and restoring the default group .......................................................................................... 103<br />
Working with Application Control rules ............................................................................................................ 104<br />
Interpreting data on application usage by the participants of the <strong>Kaspersky</strong> <strong>Security</strong> Network ...................... 108<br />
Network protection ................................................................................................................................................ 109<br />
Firewall............................................................................................................................................................ 109<br />
Network Attack Blocker ................................................................................................................................... 113<br />
Encrypted connections scan ........................................................................................................................... 116<br />
Network Monitor .............................................................................................................................................. 118<br />
Configuring the proxy server ........................................................................................................................... 118<br />
Creating a list of monitored ports .................................................................................................................... 119<br />
Anti-Spam ............................................................................................................................................................. 120<br />
Enabling and disabling Anti-Spam .................................................................................................................. 121<br />
Changing and restoring the spam protection level .......................................................................................... 122<br />
Training Anti-Spam ......................................................................................................................................... 122<br />
Checking URLs in email messages ................................................................................................................ 125<br />
Detecting spam by phrases and addresses. Creating lists ............................................................................. 125<br />
Regulating threshold values of the spam rate ................................................................................................. 130<br />
Using additional features affecting the spam rate ........................................................................................... 131<br />
Selecting a spam recognition algorithm .......................................................................................................... 131<br />
Adding a label to the message subject ........................................................................................................... 132<br />
Scanning messages from Microsoft Exchange Server .................................................................................... 132<br />
Configuring spam processing by mail clients .................................................................................................. 132<br />
Anti-Banner ........................................................................................................................................................... 135<br />
Enabling and disabling Anti-Banner ................................................................................................................ 135<br />
Selecting a scan method ................................................................................................................................. 135<br />
Creating lists of blocked and allowed banner addresses ................................................................................ 136<br />
Exporting and importing lists of addresses ..................................................................................................... 136<br />
Safe Run for Applications and Safe Run for Websites ......................................................................................... 137<br />
About Safe Run ............................................................................................................................................... 138<br />
About Safe Run for Websites .......................................................................................................................... 141<br />
Using a shared folder ...................................................................................................................................... 143<br />
Parental Control .................................................................................................................................................... 143<br />
Configuring a user's Parental Control ............................................................................................................. 144<br />
6
C O N T E N T<br />
Viewing reports of a user's activity .................................................................................................................. 153<br />
Trusted zone ......................................................................................................................................................... 154<br />
Creating a list of trusted applications .............................................................................................................. 154<br />
Creating exclusion rules .................................................................................................................................. 155<br />
Performance and compatibility with other applications ......................................................................................... 155<br />
Selecting detectable threat categories ............................................................................................................ 156<br />
Battery saving ................................................................................................................................................. 156<br />
Advanced Disinfection .................................................................................................................................... 156<br />
Distributing computer resources when scanning for viruses ........................................................................... 157<br />
Running tasks in background mode ................................................................................................................ 157<br />
Full-screen mode. Gaming Profile ................................................................................................................... 158<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> self-defense ............................................................................................................. 159<br />
Enabling and disabling self-defense ............................................................................................................... 159<br />
Protection against external control .................................................................................................................. 159<br />
Quarantine and Backup ........................................................................................................................................ 160<br />
Storing files in Quarantine and Backup ........................................................................................................... 160<br />
Working with quarantined files ........................................................................................................................ 161<br />
Working with objects in Backup ...................................................................................................................... 162<br />
Scanning files in Quarantine after an update .................................................................................................. 163<br />
Additional tools for better protection of your computer ......................................................................................... 163<br />
Privacy Cleaner ............................................................................................................................................... 164<br />
Configuring a browser for safe work ............................................................................................................... 165<br />
Rolling back changes made by Wizards ......................................................................................................... 167<br />
Reports ................................................................................................................................................................. 167<br />
Creating a report for the selected protection component ................................................................................ 168<br />
Data filtering .................................................................................................................................................... 168<br />
Events search ................................................................................................................................................. 169<br />
Saving a report to file ...................................................................................................................................... 170<br />
Storing reports ................................................................................................................................................ 170<br />
Clearing application reports ............................................................................................................................ 170<br />
Recording non-critical events into the report ................................................................................................... 171<br />
Configuring the notification of report availability .............................................................................................. 171<br />
Application appearance. Managing active interface elements .............................................................................. 171<br />
Translucence of notification windows .............................................................................................................. 171<br />
Animation of the application icon in the notification area ................................................................................ 172<br />
Text on Microsoft Windows logon screen........................................................................................................ 172<br />
Notifications .......................................................................................................................................................... 172<br />
Enabling and disabling notifications ................................................................................................................ 172<br />
Configuring the notification method ................................................................................................................. 173<br />
Disabling news delivery .................................................................................................................................. 174<br />
<strong>Kaspersky</strong> <strong>Security</strong> Network ................................................................................................................................. 174<br />
Enabling and disabling participation in <strong>Kaspersky</strong> <strong>Security</strong> Network .............................................................. 175<br />
Verifying connection to <strong>Kaspersky</strong> <strong>Security</strong> Network ...................................................................................... 175<br />
TESTING THE APPLICATION'S OPERATION .......................................................................................................... 176<br />
About the test file EICAR ...................................................................................................................................... 176<br />
Testing the application's functioning using the test file EICAR ............................................................................. 176<br />
About the types of the test file EICAR .................................................................................................................. 177<br />
7
U S E R G U I D E<br />
CONTACTING THE TECHNICAL SUPPORT SERVICE ........................................................................................... 179<br />
How to get technical support ................................................................................................................................ 179<br />
Using the trace file and the AVZ script ................................................................................................................. 179<br />
Creating a system state report ........................................................................................................................ 180<br />
Creating a trace file ......................................................................................................................................... 180<br />
Sending data files ........................................................................................................................................... 180<br />
AVZ script execution ....................................................................................................................................... 181<br />
Technical support by phone .................................................................................................................................. 182<br />
Obtaining technical support via My <strong>Kaspersky</strong> Account ....................................................................................... 182<br />
APPENDIX ................................................................................................................................................................. 184<br />
Working with the application from the command line ............................................................................................ 184<br />
Activating the application ................................................................................................................................ 185<br />
Starting the application ................................................................................................................................... 186<br />
Stopping the application .................................................................................................................................. 186<br />
Managing application components and tasks ................................................................................................. 186<br />
Virus scan ....................................................................................................................................................... 188<br />
Updating the application ................................................................................................................................. 190<br />
Rolling back the last update ............................................................................................................................ 191<br />
Exporting protection settings ........................................................................................................................... 191<br />
Importing protection settings ........................................................................................................................... 191<br />
Creating a trace file ......................................................................................................................................... 192<br />
Viewing Help ................................................................................................................................................... 192<br />
Return codes of the command line ................................................................................................................. 193<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> notifications list ......................................................................................................... 194<br />
Notifications in any protection mode ............................................................................................................... 194<br />
Notifications in interactive protection mode ..................................................................................................... 201<br />
GLOSSARY ............................................................................................................................................................... 212<br />
KASPERSKY LAB ZAO ............................................................................................................................................. 221<br />
INFORMATION ABOUT THIRD-PARTY CODE ........................................................................................................ 222<br />
INDEX ........................................................................................................................................................................ 223<br />
8
ABOUT THIS GUIDE<br />
Greetings from <strong>Kaspersky</strong> Lab specialists!<br />
This guide contains information about how to install, configure, and use <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. We hope that<br />
information provided by this guide, will help you work with the application with the maximum of ease.<br />
This guide is intended to:<br />
help you install, activate, and use <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>;<br />
ensure a quick search of information on application-related issues;<br />
describe additional sources of information about the application and ways of cooperating with the Technical<br />
Support Service.<br />
For proper use of the application, you should have basic computer skills: be acquainted with the interface of the<br />
operating system that you use, handle the main techniques specific for that system, know how to work with email and the<br />
<strong>Internet</strong>.<br />
IN THIS SECTION:<br />
In this guide ....................................................................................................................................................................... 9<br />
Document conventions .................................................................................................................................................... 11<br />
IN THIS GUIDE<br />
This guide comprises the following sections.<br />
Sources of information about the application<br />
This section describes sources of information about the application and lists websites that you can use to discuss the<br />
application's operation.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong><br />
This section describes the application's features and provides brief information about the application's functions and<br />
components. You will learn what items are included in the distribution kit, and what services are available for registered<br />
users of the application. This section provides information about software and hardware requirements that a computer<br />
should meet to allow a user to install the application on it.<br />
Installing and removing the application<br />
This section provides information about how to install the application on a computer and how to uninstall it.<br />
Licensing the application<br />
This section provides information about general terms related to the application activation. Read this section to learn<br />
more about the purpose of the license agreement, license types, ways of activating the application, and the license<br />
renewal.<br />
9
U S E R G U I D E<br />
Application interface<br />
This section provides information about basic elements of the graphic interface of the application: application icon and<br />
application icon context menu, main window, settings window, and notification windows.<br />
Starting and stopping the application<br />
This section contains information on starting and shutting down the application.<br />
Managing the computer protection<br />
This section provides information about how to detect threats to the computer's security and how to configure the security<br />
level. Read this section to learn more about how to enable, disable, and pause the protection when using the application.<br />
Solving typical tasks<br />
This section provides information about how to resolve the most common issues related to protection of the computer<br />
using the application.<br />
Advanced application settings<br />
This section provides detailed information about how to configure each of the application components.<br />
Testing the application's operation<br />
This section provides information about how to ensure that the application detects viruses and their modifications and<br />
performs the correct actions on them.<br />
Contacting the Technical Support Service<br />
This section provides information about how to contact the Technical Support Service at <strong>Kaspersky</strong> Lab.<br />
Appendix<br />
This section provides information that complements the document text.<br />
Glossary<br />
This section contains a list of terms mentioned in the document and their respective definitions.<br />
<strong>Kaspersky</strong> Lab ZAO<br />
This section provides information about <strong>Kaspersky</strong> Lab.<br />
Information about third-party code<br />
This section provides information about the third-party code used in the application.<br />
Index<br />
This section allows you to quickly find required information within the document.<br />
10
A B O U T T H I S G U I D E<br />
DOCUMENT CONVENTIONS<br />
The text herein is accompanied by semantic elements that should be given particular attention – warnings, hints,<br />
examples.<br />
Document conventions are used to highlight semantic elements. Document conventions and examples of their use are<br />
shown in the table below.<br />
Table 1.<br />
Document conventions<br />
SAMPLE TEXT<br />
Note that...<br />
It is recommended to use...<br />
Example:<br />
DOCUMENT CONVENTIONS DESCRIPTION<br />
Warnings are highlighted with red color and boxed.<br />
Warnings provide information about probable unwanted actions that may lead to<br />
data losses or failures in the computer's operation.<br />
Notes are boxed.<br />
Notes may contain useful hints, recommendations, specific values, or important<br />
particular cases in the application's operation.<br />
Examples are set out on a yellow background under the heading "Example".<br />
...<br />
Update means...<br />
The Databases are out of date event<br />
occurs.<br />
Press ENTER.<br />
Press ALT+F4.<br />
Click the Enable button.<br />
To configure a task schedule:<br />
Enter help in the command line.<br />
The following message then appears:<br />
Specify the date in dd:mm:yy<br />
format.<br />
<br />
The following semantic elements are italicized in the text:<br />
new terms;<br />
names of application statuses and events.<br />
Names of keyboard keys appear in a bold typeface and are capitalized.<br />
Names of keys connected by a + (plus) sign indicate the use of a key<br />
combination. Those keys should be pressed simultaneously.<br />
Names of application interface elements, such as entry fields, menu items, and<br />
buttons, are set off in bold.<br />
Introductory phrases of instructions are italicized and accompanied by the arrow<br />
sign.<br />
The following types of text content are set off with a special font:<br />
text in the command line;<br />
text of messages displayed on the screen by the application;<br />
data that the user should enter.<br />
Variables are enclosed in angle brackets. Instead of a variable, the<br />
corresponding value should be inserted, with angle brackets omitted.<br />
11
SOURCES OF INFORMATION ABOUT THE<br />
APPLICATION<br />
This section describes sources of information about the application and lists websites that you can use to discuss the<br />
application's operation.<br />
You can select the most suitable information source, depending on the issue's level of importance and urgency.<br />
IN THIS SECTION:<br />
Sources of information for independent research ............................................................................................................ 12<br />
Discussing <strong>Kaspersky</strong> Lab applications on the Forum .................................................................................................... 13<br />
Contacting the Sales Department ................................................................................................................................... 13<br />
Contacting the Documentation Development Team by email .......................................................................................... 13<br />
SOURCES OF INFORMATION FOR INDEPENDENT RESEARCH<br />
You can use the following sources to find information about the application:<br />
the application page on the <strong>Kaspersky</strong> Lab website;<br />
the application page on the Technical Support Service website (Knowledge Base);<br />
online help;<br />
documentation.<br />
If you cannot solve an issue on your own, we recommend that you contact the Technical Support Service at <strong>Kaspersky</strong><br />
Lab (see section "Technical support by phone" on page 182).<br />
To use information sources on the <strong>Kaspersky</strong> Lab website, an <strong>Internet</strong> connection should be established.<br />
The application page on the <strong>Kaspersky</strong> Lab website<br />
The <strong>Kaspersky</strong> Lab website features an individual page for each application.<br />
On such a page (http://www.kaspersky.com/kaspersky_internet_security), you can view general information about an<br />
application, its functions and features.<br />
The page http://www.kaspersky.com features a URL to the eStore. There you can purchase or renew the application.<br />
The application page on the Technical Support Service website (Knowledge Base)<br />
Knowledge Base is a section of the Technical Support Service website that provides recommendations on how to work<br />
with <strong>Kaspersky</strong> Lab applications. Knowledge Base comprises reference articles grouped by topics.<br />
12
S O U R C E S O F I N F O R M A T I O N A B O U T T H E A P P L I C A T I O N<br />
On the page of the application in the Knowledge Base (http://support.kaspersky.com/kis<strong>2012</strong>), you can read articles that<br />
provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install,<br />
and use the application.<br />
Articles may provide answers to questions that are out of scope of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, being related to other<br />
<strong>Kaspersky</strong> Lab applications. They also may contain news from the Technical Support Service.<br />
Online help<br />
The online help of the application comprises help files.<br />
The context help provides information about each window of the application, listing and describing the corresponding<br />
settings and a list of tasks.<br />
The full help provides detailed information about how to manage the computer's protection using the application.<br />
Documentation<br />
The application user guide provides information about how to install, activate, and configure the application, as well as<br />
application operation data. The document also describes the application interface and provides ways of solving typical<br />
user tasks while working with the application.<br />
DISCUSSING KASPERSKY LAB APPLICATIONS ON THE<br />
FORUM<br />
If your question does not require an urgent answer, you can discuss it with <strong>Kaspersky</strong> Lab specialists and other users on<br />
our Forum (http://forum.kaspersky.com).<br />
In this forum you can view existing topics, leave your comments, create new topics.<br />
CONTACTING THE SALES DEPARTMENT<br />
If you have any questions on how to select, purchase, or renew the application, you can contact our Sales Department<br />
specialists in one of the following ways:<br />
By calling our HQ office in Moscow by phone (http://www.kaspersky.com/contacts).<br />
By sending a message with your question to sales@kaspersky.com.<br />
The service is provided in Russian and English.<br />
CONTACTING THE DOCUMENTATION DEVELOPMENT<br />
TEAM BY EMAIL<br />
To contact the Documentation Development Team, send an email to docfeedback@kaspersky.com. Please use<br />
"<strong>Kaspersky</strong> Help Feedback: <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>" as the subject line in your message.<br />
13
KASPERSKY INTERNET SECURITY<br />
This section describes the application's features and provides brief information about the application's functions and<br />
components. You will learn what items are included in the distribution kit, and what services are available for registered<br />
users of the application. This section provides information about software and hardware requirements that a computer<br />
should meet to allow a user to install the application on it.<br />
IN THIS SECTION:<br />
What's new ...................................................................................................................................................................... 14<br />
Distribution kit .................................................................................................................................................................. 14<br />
Service for registered users ............................................................................................................................................ 15<br />
Hardware and software requirements ............................................................................................................................. 15<br />
WHAT'S NEW<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> provides the following new features:<br />
The improved interface of the main window of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ensures quick access to the<br />
application's functions.<br />
The logic of operations with Quarantine and Backup (see page 160) has been improved: now they are<br />
represented on two separate tabs, each of them with its respective unique scope.<br />
The Task Manager has been added for an easy task management in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see section<br />
"Managing scan tasks. Task Manager" on page 72).<br />
Participation in the <strong>Kaspersky</strong> <strong>Security</strong> Network (see page 174) allows us to identify the reputation of<br />
applications and websites based on data received from users from all over the world.<br />
When Web Anti-Virus is enabled, you can separately enable the heuristic analysis to check web pages for<br />
phishing (see section "Using heuristic analysis when working with Web Anti-Virus" on page 93). When checking<br />
pages for phishing, the heuristic analysis will be applied regardless of whether it has been enabled for Web Anti-<br />
Virus.<br />
The appearance of <strong>Kaspersky</strong> Gadget has been redesigned (see page 37).<br />
DISTRIBUTION KIT<br />
You can purchase the application in one of the following ways:<br />
Boxed. Distributed via stores of our partners.<br />
At the online store. Distributed at online stores of <strong>Kaspersky</strong> Lab (for example, http://www.kaspersky.com,<br />
section eStore) or via partner companies.<br />
14
K A S P E R S K Y I N T E R N E T S E C U R I T Y<br />
If you purchase the boxed version of the application, the distribution kit contains the following items:<br />
sealed envelope with the setup CD that contains application files and documentation files;<br />
brief User Guide with an activation code;<br />
license agreement that stipulates the terms, on which you can use the application.<br />
The content of the distribution kit may differ depending on the region, in which the application is distributed.<br />
If you purchase <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> at an online store, you copy the application from the website of the store.<br />
Information required for the application activation, will be sent to you by email on payment.<br />
For more details on ways of purchasing and the distribution kit, contact the Sales Department.<br />
SERVICE FOR REGISTERED USERS<br />
On purchasing a user license for the application, you become a registered user of <strong>Kaspersky</strong> Lab applications and can<br />
benefit from the following services during the entire validity term of the license:<br />
updating databases and providing new versions of the application;<br />
consulting by phone and by email on issues related to installation, configuration, and use of the application;<br />
notifying you of releases of new applications by <strong>Kaspersky</strong> Lab and new viruses. To use this service, you should<br />
be subscribed to the news delivery from <strong>Kaspersky</strong> Lab on the Technical Support Service website.<br />
No consulting services are provided on issues related to the functioning of operating systems, third-party<br />
software and technologies.<br />
HARDWARE AND SOFTWARE REQUIREMENTS<br />
To ensure the proper functioning of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, your computer should meet the following requirements:<br />
General requirements:<br />
480 MB free disk space on the hard drive (including 380 MB on the system drive).<br />
CD / DVD-ROM (for installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from a distribution CD).<br />
<strong>Internet</strong> access (for the application activation and for updating databases and software modules).<br />
Microsoft <strong>Internet</strong> Explorer 6.0 or higher.<br />
Microsoft Windows Installer 2.0.<br />
Requirements for Microsoft Windows XP Home Edition (Service Pack 2 or higher), Microsoft Windows XP Professional<br />
(Service Pack 2 or higher), and Microsoft Windows XP Professional x64 Edition (Service Pack 2 or higher):<br />
Intel Pentium 800 MHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent);<br />
512 MB free RAM.<br />
15
U S E R G U I D E<br />
Requirements for Microsoft Windows Vista Home Basic, Microsoft Windows Vista Home Premium, Microsoft Windows<br />
Vista Business, Microsoft Windows Vista Enterprise, Microsoft Windows Vista Ultimate, Microsoft Windows 7 Starter,<br />
Microsoft Windows 7 Home Basic, Microsoft Windows 7 Home Premium, Microsoft Windows 7 Professional, and<br />
Microsoft Windows 7 Ultimate:<br />
Intel Pentium 1 GHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent).<br />
1 GB free RAM (for 32-bit operating systems); 2 GB free RAM (for 64-bit operating systems).<br />
You cannot enable Safe Run when working under a Microsoft Windows XP (64-bit) operating system. Use of Safe Run is<br />
restricted when working in Microsoft Windows Vista (64-bit) and Microsoft Windows 7 (64-bit) operating systems.<br />
Requirements for netbooks:<br />
Intel Atom 1.6 GHz processor or a compatible equivalent.<br />
Intel GMA950 video card with at least 64 MB of video RAM (or a compatible equivalent).<br />
Screen size no less than 10.1".<br />
16
INSTALLING AND REMOVING THE<br />
APPLICATION<br />
This section provides information about how to install the application on a computer and how to uninstall it.<br />
IN THIS SECTION:<br />
Standard installation procedure ....................................................................................................................................... 17<br />
Updating the previous version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ........................................................................................ 22<br />
Non-standard installation scenarios ................................................................................................................................ 26<br />
Getting started ................................................................................................................................................................. 27<br />
Removing the application ................................................................................................................................................ 27<br />
STANDARD INSTALLATION PROCEDURE<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will be installed on your computer in an interactive mode using the Setup Wizard.<br />
The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To<br />
close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the<br />
Cancel button.<br />
If the application protects more than one computer (the maximum number of computers depends on your license), it will<br />
be installed in the same manner on all computers. Note that in this case, according to the license agreement, the license<br />
term begins from the date of the first activation. When you activate the application on the second computers and so on,<br />
the license validity term decreases for the amount of time that has elapsed since the first activation. So, the license<br />
validity term will expire simultaneously for all installed copies of the application.<br />
To install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on your computer,<br />
run the setup file (the file with an EXE extension) from the CD with the product.<br />
Installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from a setup file downloaded online is identical to installation from the<br />
installation CD.<br />
17
U S E R G U I D E<br />
IN THIS SECTION:<br />
Step 1. Searching for a newer version of the application ................................................................................................ 18<br />
Step 2. Making sure the system meets the installation requirements .............................................................................. 18<br />
Step 3. Selecting installation type ................................................................................................................................... 19<br />
Step 4. Reviewing the license agreement ....................................................................................................................... 19<br />
Step 5. <strong>Kaspersky</strong> <strong>Security</strong> Network Data Collection Statement ..................................................................................... 19<br />
Step 6. Searching for incompatible applications .............................................................................................................. 19<br />
Step 7. Selecting the destination folder ........................................................................................................................... 20<br />
Step 8. Preparing for installation ..................................................................................................................................... 20<br />
Step 9. Installing .............................................................................................................................................................. 21<br />
Step 10. Finishing the installation .................................................................................................................................... 21<br />
Step 11. Activating the application .................................................................................................................................. 21<br />
Step 12. Registering a user ............................................................................................................................................. 21<br />
Step 13. Completing the activation .................................................................................................................................. 22<br />
STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION<br />
Before setup, the Setup Wizard checks the <strong>Kaspersky</strong> Lab update servers for a newer version of <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>.<br />
If it does not find a newer product version on the <strong>Kaspersky</strong> Lab update servers, the Setup Wizard for the current version<br />
will be started.<br />
If the update servers offer a newer version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, you will see a prompt to download and install it<br />
on the computer. It is recommended that you install the new version of the application, because newer versions include<br />
further enhancements that ensure you have the most reliable protection for your computer. If you cancel the new version<br />
download, the Setup Wizard for the current version will be started. If you decide to install the newer version, product<br />
distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started<br />
automatically. For a further description of the installation procedure for the newer version, please refer to the<br />
corresponding documentation.<br />
STEP 2. MAKING SURE THE SYSTEM MEETS THE INSTALLATION<br />
REQUIREMENTS<br />
Before installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on your computer, the installer checks the operating system and<br />
service packs to make sure they meet the software requirements for product installation (see section "Hardware and<br />
software requirements" on page 15). In addition, the installer checks for the presence of required software and the<br />
credentials necessary to install applications. If any of the above-listed requirements is not met, a notification to that effect<br />
will be displayed on the screen.<br />
If the computer meets all the requirements, the Wizard searches for <strong>Kaspersky</strong> Lab applications which, when run<br />
together with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, may result in conflicts. If such applications are found, you will be asked to<br />
remove them manually.<br />
18
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N<br />
If an earlier version of <strong>Kaspersky</strong> Anti-Virus or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is found, all data that can be used by<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> (for example, activation information or application settings) will be saved and used<br />
when installing the new application, while the one installed earlier will be automatically removed.<br />
STEP 3. SELECTING INSTALLATION TYPE<br />
At this step, you can choose the most suitable type of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installation:<br />
Standard installation. If you choose this option (the Change installation settings box is unchecked), the<br />
application will be fully installed on your computer with the protection settings recommended by <strong>Kaspersky</strong> Lab<br />
experts.<br />
Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify<br />
the destination folder into which the application should be installed (see section "Step 7. Selecting the<br />
destination folder" on page 20) and disable the installation process protection, if necessary (see section "Step 8.<br />
Preparing for installation" on page 20).<br />
To proceed with the installation, click the Next button.<br />
STEP 4. REVIEWING THE LICENSE AGREEMENT<br />
At this step, you should review the license agreement between you and <strong>Kaspersky</strong> Lab.<br />
Read the agreement carefully and, if you accept all its terms, click the I agree button. The installation will continue.<br />
If you cannot accept the license agreement, cancel the application installation by clicking the Cancel button.<br />
STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION<br />
STATEMENT<br />
At this stage, you will be invited to participate in the <strong>Kaspersky</strong> <strong>Security</strong> Network. Participation in the program involves<br />
sending information about new threats detected on your computer, running applications, and downloaded signed<br />
applications, as well as your system information, to <strong>Kaspersky</strong> Lab. We guarantee that none of your personal data will be<br />
sent.<br />
Review the <strong>Kaspersky</strong> <strong>Security</strong> Network Data Collection Statement. To read the complete version of the Statement, click<br />
the Full KSN Agreement button. If you agree with all terms of the Statement, check the I accept the terms of<br />
participation in <strong>Kaspersky</strong> <strong>Security</strong> Network box in the Wizard window.<br />
Click the Next button if you have selected the custom installation (see section "Step 3. Selecting installation type" on<br />
page 19). If performing the standard installation, click the Install button. The installation will continue.<br />
STEP 6. SEARCHING FOR INCOMPATIBLE APPLICATIONS<br />
At this step, the application checks whether any applications incompatible with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> are installed<br />
on your computer.<br />
If no such applications are found, the Wizard automatically proceeds to the next step.<br />
If any incompatible applications are detected, they are displayed in a list on the screen, and you will be prompted to<br />
remove them. Applications that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> cannot remove automatically should be removed manually.<br />
When removing incompatible applications, you will need to reboot your operating system, after which installation of<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will continue automatically.<br />
To proceed with the installation, click the Next button.<br />
19
U S E R G U I D E<br />
STEP 7. SELECTING THE DESTINATION FOLDER<br />
This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting<br />
installation type" on page 19). When performing a standard installation, this step is skipped and the application is<br />
installed to the default folder.<br />
At this stage you are asked to choose the folder to which <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will be installed. The following path<br />
is set by default:<br />
\Program Files\<strong>Kaspersky</strong> Lab\<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> – for 32-bit systems;<br />
\Program Files (х86)\<strong>Kaspersky</strong> Lab\<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> – for 64-bit systems.<br />
To install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to a different folder, specify the path to the desired folder in the input field or click<br />
the Browse button and choose a folder in the window that opens.<br />
Keep in mind the following restrictions:<br />
The application cannot be installed on network or removable drives, or on virtual drives (those created using the<br />
SUBST command).<br />
We recommend that you avoid installing the application in a folder that already contains files or other folders,<br />
because that folder will then become inaccessible for editing.<br />
The path to the installation folder cannot be longer than 160 characters or contain the special characters<br />
/, ?, :, *, ", >, < or |.<br />
To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the<br />
window that opens you can view the disk space information. To close the window, click OK.<br />
To proceed with the installation, click the Next button in the Wizard window.<br />
STEP 8. PREPARING FOR INSTALLATION<br />
This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting<br />
installation type" on page 19). For the standard installation, this step is skipped.<br />
Since your computer may be infected with malicious programs that may impact the installation of <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>, the installation process should be protected.<br />
By default, installation process protection is enabled – the Protect the installation process box is checked in the<br />
Wizard window.<br />
You are advised to uncheck this box if the application cannot be installed (for example, when performing remote<br />
installation using Windows Remote Desktop). Enabled protection may be the reason.<br />
In this case, you should interrupt installation, restart it, check the Change installation settings box at the Select<br />
installation type step (see section "Step 3. Selecting installation type" on page 19), and when you reach the Preparing for<br />
installation step, uncheck the Protect the installation process box.<br />
To proceed with the installation, click the Install button.<br />
When installing the application on a computer running under Microsoft Windows XP, active network connections are<br />
terminated. The majority of terminated connections are restored after a pause.<br />
20
I N S T A L L I NG A N D R E M O V I N G T H E A P P L I C A T I O N<br />
STEP 9. INSTALLING<br />
Installation of the application can take some time. Wait for it to finish.<br />
Once the installation is complete, the Wizard will automatically proceed to the next step.<br />
If an installation error occurs, which may be due to malicious programs that prevent anti-virus applications from being<br />
installed on your computer, the Setup Wizard will prompt you to download <strong>Kaspersky</strong> Virus Removal Tool, a special<br />
utility for neutralizing infections.<br />
If you agree to install the utility, the Setup Wizard downloads it from the <strong>Kaspersky</strong> Lab servers, after which installation of<br />
the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by<br />
clicking the link provided.<br />
After you finish working with the utility, you should delete it and restart the installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
STEP 10. FINISHING THE INSTALLATION<br />
This window of the Wizard informs you of the successful completion of the application installation. To run <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>, make sure that the Run <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> box is checked and click the Finish<br />
button.<br />
In some cases, you may need to reboot your operating system. If the Run <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> box is<br />
checked, the application will be run automatically after you reboot your operating system.<br />
If you unchecked the box before closing the Wizard, you should run the application manually (see section "Launching<br />
and closing the application manually" on page 38).<br />
STEP 11. ACTIVATING THE APPLICATION<br />
Activation is the procedure of activating a license that allows you to use a fully functional version of the application until<br />
the license expires.<br />
You will need an <strong>Internet</strong> connection to activate the application.<br />
You will be offered the following options for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> activation:<br />
Activate commercial version. Select this option and enter the activation code if you have purchased a<br />
commercial version of the application.<br />
If you specify an activation code for <strong>Kaspersky</strong> Anti-Virus in the entry field, the procedure of switching to<br />
<strong>Kaspersky</strong> Anti-Virus starts after the completion of activation.<br />
Activate trial version. Use this activation option if you want to install the trial version of the application before<br />
making the decision to purchase a commercial version. You will be able to use the fully-functional version of the<br />
application for the duration of a term limited by the license for the trial version of the application. When the<br />
license expires, it cannot be activated for a second time.<br />
STEP 12. REGISTERING A USER<br />
This step is only available when activating the commercial version of the application. When activating the trial version,<br />
this step is skipped.<br />
21
U S E R G U I D E<br />
You need to register in order to be able to contact <strong>Kaspersky</strong> Lab Technical Support Service in the future.<br />
If you agree to register, specify your registration data in the corresponding fields and click the Next button.<br />
STEP 13. COMPLETING THE ACTIVATION<br />
The Wizard informs you that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> has been successfully activated. In addition, information about<br />
the license is provided: license type (commercial or trial), date of expiry, and number of hosts for the license.<br />
If you have activated a subscription, information about the subscription status is displayed instead of the license expiry<br />
date.<br />
Click the Finish button to close the Wizard.<br />
UPDATING THE PREVIOUS VERSION OF KASPERSKY<br />
INTERNET SECURITY<br />
If <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> 2010 or 2011 is already installed on your computer, you should update the application to<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong>. If you have an active license for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> 2010 or 2011, you will not<br />
have to activate the application: the Setup Wizard will automatically retrieve the information about your license for<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> 2010 or 2011 and use it during the installation process.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will be installed on your computer in an interactive mode using the Setup Wizard.<br />
The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To<br />
close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the<br />
Cancel button.<br />
If the application protects more than one computer (the maximum number of computers depends on your license), it will<br />
be installed in the same manner on all computers. Note that in this case, according to the license agreement, the license<br />
term begins from the date of the first activation. When you activate the application on the second computers and so on,<br />
the license validity term decreases for the amount of time that has elapsed since the first activation. So, the license<br />
validity term will expire simultaneously for all installed copies of the application.<br />
To install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on your computer,<br />
run the setup file (the file with an EXE extension) from the CD with the product.<br />
Installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from a setup file downloaded online is identical to installation from the<br />
installation CD.<br />
22
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N<br />
IN THIS SECTION:<br />
Step 1. Searching for a newer version of the application ................................................................................................ 23<br />
Step 2. Making sure the system meets the installation requirements .............................................................................. 23<br />
Step 3. Selecting installation type ................................................................................................................................... 24<br />
Step 4. Reviewing the license agreement ....................................................................................................................... 24<br />
Step 5. <strong>Kaspersky</strong> <strong>Security</strong> Network Data Collection Statement ..................................................................................... 24<br />
Step 6. Searching for incompatible applications .............................................................................................................. 24<br />
Step 7. Selecting the destination folder ........................................................................................................................... 25<br />
Step 8. Preparing for installation ..................................................................................................................................... 25<br />
Step 9. Installing .............................................................................................................................................................. 26<br />
Step 10. Wizard completion ............................................................................................................................................ 26<br />
STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION<br />
Before setup, the Setup Wizard checks the <strong>Kaspersky</strong> Lab update servers for a newer version of <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>.<br />
If it does not find a newer product version on the <strong>Kaspersky</strong> Lab update servers, the Setup Wizard for the current version<br />
will be started.<br />
If the update servers offer a newer version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, you will see a prompt to download and install it<br />
on the computer. It is recommended that you install the new version of the application, because newer versions include<br />
further enhancements that ensure you have the most reliable protection for your computer. If you cancel the new version<br />
download, the Setup Wizard for the current version will be started. If you decide to install the newer version, product<br />
distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started<br />
automatically. For a further description of the installation procedure for the newer version, please refer to the<br />
corresponding documentation.<br />
STEP 2. MAKING SURE THE SYSTEM MEETS THE INSTALLATION<br />
REQUIREMENTS<br />
Before installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on your computer, the installer checks the operating system and<br />
service packs to make sure they meet the software requirements for product installation (see section "Hardware and<br />
software requirements" on page 15). In addition, the installer checks for the presence of required software and the<br />
credentials necessary to install applications. If any of the above-listed requirements is not met, a notification to that effect<br />
will be displayed on the screen.<br />
If the computer meets all the requirements, the Wizard searches for <strong>Kaspersky</strong> Lab applications which, when run<br />
together with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, may result in conflicts. If such applications are found, you will be asked to<br />
remove them manually.<br />
If an earlier version of <strong>Kaspersky</strong> Anti-Virus or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is found, all data that can be used by<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> (for example, activation information or application settings) will be saved and used<br />
when installing the new application, while the one installed earlier will be automatically removed.<br />
23
U S E R G U I D E<br />
STEP 3. SELECTING INSTALLATION TYPE<br />
At this step, you can choose the most suitable type of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installation:<br />
Standard installation. If you choose this option (the Change installation settings box is unchecked), the<br />
application will be fully installed on your computer with the protection settings recommended by <strong>Kaspersky</strong> Lab<br />
experts.<br />
Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify<br />
the destination folder into which the application should be installed (see section "Step 7. Selecting the<br />
destination folder" on page 20) and disable the installation process protection, if necessary (see section "Step 8.<br />
Preparing for installation" on page 20).<br />
To proceed with the installation, click the Next button.<br />
STEP 4. REVIEWING THE LICENSE AGREEMENT<br />
At this step, you should review the license agreement between you and <strong>Kaspersky</strong> Lab.<br />
Read the agreement carefully and, if you accept all its terms, click the I agree button. The installation will continue.<br />
If you cannot accept the license agreement, cancel the application installation by clicking the Cancel button.<br />
STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION<br />
STATEMENT<br />
At this stage, you will be invited to participate in the <strong>Kaspersky</strong> <strong>Security</strong> Network. Participation in the program involves<br />
sending information about new threats detected on your computer, running applications, and downloaded signed<br />
applications, as well as your system information, to <strong>Kaspersky</strong> Lab. We guarantee that none of your personal data will be<br />
sent.<br />
Review the <strong>Kaspersky</strong> <strong>Security</strong> Network Data Collection Statement. To read the complete version of the Statement, click<br />
the Full KSN agreement button. If you agree with all terms of the Statement, check the I accept the terms of<br />
participation in <strong>Kaspersky</strong> <strong>Security</strong> Network box in the Wizard window.<br />
Click the Next button if you have selected the custom installation (see section "Step 3. Selecting installation type" on<br />
page 19). If performing the standard installation, click the Install button. The installation will continue.<br />
STEP 6. SEARCHING FOR INCOMPATIBLE APPLICATIONS<br />
At this step, the application checks whether any applications incompatible with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> are installed<br />
on your computer.<br />
If no such applications are found, the Wizard automatically proceeds to the next step.<br />
If any incompatible applications are detected, they are displayed in a list on the screen, and you will be prompted to<br />
remove them. Applications that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> cannot remove automatically should be removed manually.<br />
When removing incompatible applications, you will need to reboot your operating system, after which installation of<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will continue automatically.<br />
To proceed with the installation, click the Next button.<br />
24
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N<br />
STEP 7. SELECTING THE DESTINATION FOLDER<br />
This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting<br />
installation type" on page 19). When performing a standard installation, this step is skipped and the application is<br />
installed to the default folder.<br />
At this stage you are asked to choose the folder to which <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will be installed. The following path<br />
is set by default:<br />
\Program Files\<strong>Kaspersky</strong> Lab\<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> – for 32-bit systems;<br />
\Program Files (х86)\<strong>Kaspersky</strong> Lab\<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> – for 64-bit systems.<br />
To install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to a different folder, specify the path to the desired folder in the input field or click<br />
the Browse button and choose a folder in the window that opens.<br />
Keep in mind the following restrictions:<br />
The application cannot be installed on network or removable drives, or on virtual drives (those created using the<br />
SUBST command).<br />
We recommend that you avoid installing the application in a folder that already contains files or other folders,<br />
because that folder will then become inaccessible for editing.<br />
The path to the installation folder cannot be longer than 160 characters or contain the special characters<br />
/, ?, :, *, ", >, < or |.<br />
To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the<br />
window that opens you can view the disk space information. To close the window, click OK.<br />
To proceed with the installation, click the Next button in the Wizard window.<br />
STEP 8. PREPARING FOR INSTALLATION<br />
This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting<br />
installation type" on page 19). For the standard installation, this step is skipped.<br />
Since your computer may be infected with malicious programs that may impact the installation of <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>, the installation process should be protected.<br />
By default, installation process protection is enabled – the Protect the installation process box is checked in the<br />
Wizard window.<br />
You are advised to uncheck this box if the application cannot be installed (for example, when performing remote<br />
installation using Windows Remote Desktop). Enabled protection may be the reason.<br />
In this case, you should interrupt installation, restart it, check the Change installation settings box at the Select<br />
installation type step (see section "Step 3. Selecting installation type" on page 19), and when you reach the Preparing for<br />
installation step, uncheck the Protect the installation process box.<br />
To proceed with the installation, click the Install button.<br />
When installing the application on a computer running under Microsoft Windows XP, active network connections are<br />
terminated. The majority of terminated connections are restored after a pause.<br />
25
U S E R G U I D E<br />
STEP 9. INSTALLING<br />
Installation of the application can take some time. Wait for it to finish.<br />
Once the installation is complete, the Wizard will automatically proceed to the next step.<br />
If an installation error occurs, which may be due to malicious programs that prevent anti-virus applications from being<br />
installed on your computer, the Setup Wizard will prompt you to download <strong>Kaspersky</strong> Virus Removal Tool, a special<br />
utility for neutralizing infections.<br />
If you agree to install the utility, the Setup Wizard downloads it from the <strong>Kaspersky</strong> Lab servers, after which installation of<br />
the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by<br />
clicking the link provided.<br />
After you finish working with the utility, you should delete it and restart the installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
STEP 10. WIZARD COMPLETION<br />
This window of the Wizard informs you of the successful completion of the application installation. To run <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>, make sure that the Run <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> box is checked and click the Finish<br />
button.<br />
In some cases, you may need to reboot your operating system. If the Run <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> box is<br />
checked, the application will be run automatically after you reboot your operating system.<br />
If you unchecked the box before closing the Wizard, you should run the application manually (see section "Launching<br />
and closing the application manually" on page 38).<br />
NON-STANDARD INSTALLATION SCENARIOS<br />
This section describes application installation scenarios which differ from those of standard installation or update from<br />
the previous version.<br />
Installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> and activating later using a <strong>Kaspersky</strong> Anti-Virus activation<br />
code<br />
If, when installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, at the Activating the application step, you enter a <strong>Kaspersky</strong> Anti-Virus<br />
activation code, a switching procedure starts which results in <strong>Kaspersky</strong> Anti-Virus being installed on your computer.<br />
If, when installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, at the Activating the application step, you select Activate later and then<br />
activate the installed application with a <strong>Kaspersky</strong> Anti-Virus activation code, the switching procedure also starts, which<br />
results in <strong>Kaspersky</strong> Anti-Virus being installed on your computer.<br />
Installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> over <strong>Kaspersky</strong> Anti-Virus 2010 or 2011<br />
If you run the installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> on a computer, on which <strong>Kaspersky</strong> Anti-Virus 2010 or<br />
2011 with an active license is already installed, the Setup Wizard detects the information about the license and prompts<br />
you to select one of the following further actions:<br />
Use the current license of <strong>Kaspersky</strong> Anti-Virus 2010 or 2011. In this case, the switching procedure starts,<br />
which results in <strong>Kaspersky</strong> Anti-Virus <strong>2012</strong> being installed on your computer. You will be able to use <strong>Kaspersky</strong><br />
Anti-Virus <strong>2012</strong> as long as the license for <strong>Kaspersky</strong> Anti-Virus 2010 or 2011 remains valid.<br />
Proceed with installation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong>. In this case, the installation procedure will<br />
continue according to the standard scenario, starting from the Activating the application step.<br />
26
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N<br />
GETTING STARTED<br />
The application is ready to be used after installation. To ensure proper protection of your computer, we recommend<br />
performing the following immediately after installation and configuration:<br />
Update application databases (see section "How to update application databases and modules" on page 45).<br />
Scan your computer for viruses (see section "How to perform a full scan of your computer for viruses" on<br />
page 48) and vulnerabilities (see section "How to scan your computer for vulnerabilities" on page 48).<br />
Check the protection status of your computer and eliminate problems in protection, if necessary.<br />
REMOVING THE APPLICATION<br />
After uninstalling <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, your computer and personal data will be unprotected!<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is uninstalled with the help of the Setup Wizard.<br />
To start the Wizard,<br />
in the Start menu, select Programs <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> Remove <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> <strong>2012</strong>.<br />
IN THIS SECTION:<br />
Step 1. Saving data for reuse .......................................................................................................................................... 27<br />
Step 2. Confirmation of application removal .................................................................................................................... 28<br />
Step 3. Removing the application. Completing removal .................................................................................................. 28<br />
STEP 1. SAVING DATA FOR REUSE<br />
At this point you can specify which of the data used by the application you want to retain for reuse during the next<br />
installation of the application (e.g., a newer version of the application).<br />
By default, the application is completely removed from the computer.<br />
To save data for reuse:<br />
1. Choose the option Save application objects.<br />
2. Check the boxes for the data types you want to save:<br />
Activation data – data that eliminates the need to activate the application in the future by automatically<br />
using the current license as long as it has not expired by the time of the next installation.<br />
Backup and Quarantine files – files checked by the application and placed into backup storage or<br />
quarantine.<br />
Operational settings of the application – values of the application settings selected during configuration.<br />
iChecker data – files which contain information about the objects that have already been scanned for<br />
viruses.<br />
27
U S E R G U I D E<br />
Anti-Spam databases – databases containing signatures of spam messages downloaded and saved by<br />
the application.<br />
Safe Run shared folder data – files saved by the application when working in a safe environment in a<br />
special folder that is also accessible in the normal environment.<br />
STEP 2. CONFIRMATION OF APPLICATION REMOVAL<br />
Since removing the application threatens the security of the computer and your personal data, you will be asked to<br />
confirm your intention to remove the application. To do this, click the Remove button.<br />
To stop removal of the application at any time, you can cancel this operation by clicking the Cancel button.<br />
STEP 3. REMOVING THE APPLICATION. COMPLETING REMOVAL<br />
At this step, the Wizard removes the application from your computer. Wait until removal is complete.<br />
When removing the application, you may need to reboot your operating system. If you cancel the immediate reboot,<br />
completion of the removal procedure will be postponed until the operating system is rebooted or the computer is turned<br />
off and then restarted.<br />
28
LICENSING THE APPLICATION<br />
This section provides information about general terms related to the application activation. Read this section to learn<br />
more about the purpose of the license agreement, license types, ways of activating the application, and the license<br />
renewal.<br />
IN THIS SECTION:<br />
About the End User License Agreement ......................................................................................................................... 29<br />
About data provision ....................................................................................................................................................... 29<br />
About the license ............................................................................................................................................................. 29<br />
About the activation code ................................................................................................................................................ 30<br />
ABOUT THE END USER LICENSE AGREEMENT<br />
License Agreement is a legal agreement concluded between you and <strong>Kaspersky</strong> Lab ZAO that stipulates the terms of<br />
use for the application.<br />
Read through the terms of the License Agreement carefully before you start using the application.<br />
You can read through the terms of the License Agreement when installing the <strong>Kaspersky</strong> Lab application.<br />
The terms of the License Agreement are regarded as accepted in the following cases:<br />
Upon unsealing the box with the setup CD (only if you have purchased the application in the boxed version or at<br />
a store of any of our partners).<br />
Upon confirming your acceptance of the text of the License Agreement when installing the application.<br />
If you do not accept the terms of the License Agreement, you have to interrupt the application installation.<br />
ABOUT DATA PROVISION<br />
In order to increase the level of real-time protection, accepting the terms of the License Agreement means that you agree<br />
to send information about checksums of processed objects (MD5), information required to determine the reputation of<br />
URLs, and statistical data for anti-spam protection, in automatic mode. Information retrieved does not contain any private<br />
data and other types of confidential information. Information retrieved is protected by <strong>Kaspersky</strong> Lab pursuant to the<br />
requirements stipulated by the existing legislation. You can obtain more details on the website:<br />
http://support.kaspersky.com.<br />
ABOUT THE LICENSE<br />
License is a time-limited right to use the application provided to you in accordance with the License Agreement. The<br />
license contains a unique code for the activation of your copy of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
29
U S E R G U I D E<br />
The license grants you the right to benefit the following services:<br />
Using the application on one or several devices.<br />
Number of devices, on which you can use the application, is specified in the License Agreement.<br />
Contacting the Technical Support Service of <strong>Kaspersky</strong> Lab.<br />
Enjoying the complete set of services provided to you by <strong>Kaspersky</strong> Lab or its partners during the validity term<br />
of the license (see section "Service for registered users" on page 15).<br />
The scope of services provided and the validity term of the application depend on the type of license used to activate the<br />
application.<br />
The following license types are provided:<br />
Trial – a free license with a limited validity period, offered to allow you to become familiar with the application.<br />
If you copy the application from the website http://www.kaspersky.com, you automatically become the owner of<br />
the trial license. As soon as the license expires, all <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> features are disabled. To<br />
continue using the application, you should purchase the commercial license.<br />
Commercial – a paid license with a limited validity period, offered upon purchase of the application.<br />
After the expiration of the commercial license, the application keeps on running in limited functionality mode.<br />
You will still be able to scan your computer for viruses and use other application components but only with<br />
databases installed before the license has expired. To continue using <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, you should<br />
renew the commercial license.<br />
We recommend that you renew the license on the day the current license expires at the latest in order to ensure<br />
the most comprehensible anti-virus protection of your computer.<br />
ABOUT THE ACTIVATION CODE<br />
Activation code is a code that you receive on purchasing the commercial license for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. This<br />
code is required for activation of the application.<br />
The activation code is an alphanumeric string of Latin characters in xxxxx-xxxxx-xxxxx-xxxxx format.<br />
The activation code is provided in one of the following forms, depending on the way you purchase the application:<br />
If you have purchased the boxed version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, the activation code is specified in the<br />
documentation or on the box containing the setup CD.<br />
If you have purchased <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> at an online store, the activation code is sent to the email<br />
address that you have specified when ordering the product.<br />
The validity term of the license starts from the moment you have activated the application. If you have purchased a<br />
license intended for the use of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on several devices, the validity term of the license starts<br />
counting down from the moment you have entered the code on the first of those devices.<br />
If you have lost or accidentally deleted your activation code after the activation, you should send a request to the<br />
Technical Support Service at <strong>Kaspersky</strong> Lab from My <strong>Kaspersky</strong> Account (see section "Obtaining technical support via<br />
My <strong>Kaspersky</strong> Account" on page 182).<br />
On completion of the application activation with a code, you are assigned a client ID. Client ID is the personal ID for a<br />
user, that is needed for receiving technical support by phone or via My <strong>Kaspersky</strong> Account (see section "Obtaining<br />
technical support via My <strong>Kaspersky</strong> Account" on page 182).<br />
30
APPLICATION INTERFACE<br />
This section provides information about basic elements of the graphic interface of the application: application icon and<br />
application icon context menu, main window, settings window, and notification windows.<br />
IN THIS SECTION:<br />
The notification area icon ................................................................................................................................................ 31<br />
The context menu ........................................................................................................................................................... 32<br />
The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window ................................................................................................................ 33<br />
Notification windows and pop-up messages ................................................................................................................... 34<br />
The application settings window ...................................................................................................................................... 36<br />
The <strong>Kaspersky</strong> Gadget.................................................................................................................................................... 37<br />
News Agent ..................................................................................................................................................................... 37<br />
THE NOTIFICATION AREA ICON<br />
Immediately after installation of the application, the application icon appears in the Microsoft Windows taskbar notification<br />
area.<br />
In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access<br />
the application more easily (see the operating system documentation).<br />
The icon has the following purposes:<br />
It is an indicator of the application's operation.<br />
It provides access to the context menu, the main application window and the news window.<br />
Indication of application operation<br />
This icon serves as an indicator of the application's operation. It also indicates the protection status and displays the<br />
basic functions currently being performed by the application:<br />
– scanning an email message;<br />
– scanning web traffic;<br />
– updating databases and application modules;<br />
– computer needs to be restarted to apply updates;<br />
– a failure occurred in the operation of an application component.<br />
31
U S E R G U I D E<br />
The icon is animated by default: for example, during the email message scan, a tiny letter symbol blinks in front of the<br />
application icon; when the update is in progress, you see a revolving globe. Animation can be deactivated (see section<br />
"Translucence of notification windows" on page 171).<br />
When the animation is disabled, the icon may take the following forms:<br />
(colored symbol) – all or some protection components are activated;<br />
(black-and-white symbol) – all protection components are disabled.<br />
Access to the context menu and application windows<br />
Using the icon, you can open the context menu (on page 32) (by right-clicking) and the main application window (see<br />
section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33) (by left-clicking).<br />
If news from <strong>Kaspersky</strong> Lab is available, the icon appears in the Microsoft Windows taskbar notification area. Doubleclick<br />
this icon to open the News Agent (see section "News Agent" on page 37).<br />
THE CONTEXT MENU<br />
Using the context menu, you can quickly take various actions on the application.<br />
The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> menu contains the following items:<br />
Task Manager – opens the Task Manager window.<br />
Update – runs the update of application databases and modules.<br />
Tools – opens a submenu containing the following items:<br />
Applications Activity – opens the Applications Activity window;<br />
Network Monitor – opens the Network Monitor window;<br />
Virtual Keyboard – displays the Virtual Keyboard.<br />
Safe Run for Applications – runs a safe desktop designed for handling applications that you suppose to be<br />
unsafe. If Safe Run for Applications is already active, the application switches to it.<br />
When working with Safe Run for Applications, this menu item is named Return to the main desktop, serving<br />
for switching to the main desktop.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> – opens the main application window.<br />
Pause protection / Resume protection – temporarily disables / enables real-time protection components. This<br />
menu item does not affect the application's updates or the execution of virus scans.<br />
Enable Parental Control / Disable Parental Control – enables / disables Parental Control for the current<br />
account.<br />
Settings – opens the application settings window.<br />
About – opens a window containing information about the application.<br />
32
A P P L I C A T I O N I N T E R F A C E<br />
News – opens the News Agent window (see section "News Agent" on page 37). This menu item is displayed if<br />
there is unread news.<br />
Exit – closes <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (when this item is selected, the application is unloaded from the<br />
computer’s RAM).<br />
Figure 1. The context menu<br />
If a virus scan or update task is running at the moment that you open the context menu, its name as well as its progress<br />
status (percentage complete) is displayed in the context menu. If you select a menu item with the name of a task, you<br />
can switch to the main window with a report of current task run results.<br />
To open the context menu,<br />
position the cursor over the application icon in the taskbar notification area and right-click it.<br />
In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access<br />
the application more easily (see the operating system documentation).<br />
THE KASPERSKY INTERNET SECURITY MAIN WINDOW<br />
The main application window contains interface elements that provide access to all the main features of the application.<br />
The main window can be divided into two parts:<br />
The top part of the window provides information about the protection status of your computer.<br />
Figure 2. Top part of the main window<br />
33
U S E R G U I D E<br />
In the bottom part of the window, you can quickly switch to using the main features of the application (for<br />
example, running virus scan tasks, updating databases and software modules).<br />
Figure 3. Bottom part of the main window<br />
If you select any of the sections in the bottom part of the window, the window of the corresponding function opens. You<br />
can return to selecting functions by clicking the Back button in the top left corner of the window.<br />
You can also use the following buttons and links:<br />
Cloud protection – to switch to information about <strong>Kaspersky</strong> <strong>Security</strong> Network (on page 174).<br />
Settings – to open the application settings window (see section "The application settings window" on page 36).<br />
Reports – to switch to the application operation reports.<br />
News – to switch to viewing news in the News Agent window (see section "News Agent" on page 37). This link<br />
is displayed after the application receives a piece of news.<br />
Help – to view the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> help system.<br />
My <strong>Kaspersky</strong> Account – to enter the user's personal account on the Technical Support Service website.<br />
Support – to open the window containing information about the system and links to <strong>Kaspersky</strong> Lab information<br />
resources (Technical Support Service website, forum).<br />
Manage License – to go to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> activation and license renewal.<br />
You can open the main application window using one of the following methods:<br />
By left-clicking the application icon in the taskbar notification area.<br />
In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to<br />
access the application more easily (see the operating system documentation).<br />
By selecting <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from the context menu (see section "Context menu" on page 32).<br />
By clicking the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> icon located in the center of the <strong>Kaspersky</strong> Gadget (only for<br />
Microsoft Windows Vista and Microsoft Windows 7).<br />
NOTIFICATION WINDOWS AND POP-UP MESSAGES<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> notifies you of important events occurring during its operation using notification windows and<br />
pop-up messages that appear over the application icon in the taskbar notification area.<br />
34
A P P L I C A T I O N I N T E R F A C E<br />
Notification windows are displayed by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> when various actions can be taken in connection with<br />
an event: for example, if a malicious object is detected, you can block access to it, delete it, or try to disinfect it. The<br />
application prompts you to select one of the available actions. A notification window only disappears from the screen if<br />
you select one of the actions.<br />
Figure 4. Notification window<br />
Pop-up messages are displayed by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> in order to inform you of events that do not require you<br />
to select an action. Some pop-up messages contain links that you can use to take an action offered by the application:<br />
for example, run a database update or initiate activation of the application). Pop-up messages automatically disappear<br />
from the screen soon after they appear.<br />
Figure 5. Pop-up message<br />
Depending on the importance of an event for the viewpoint of the computer's security, notifications and pop-up<br />
messages are divided into three types:<br />
Critical notifications – inform you of events that have a critical importance for the computer's security, such as<br />
detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and popup<br />
messages are red-colored.<br />
Important notifications – inform you of events that are potentially important for the computer's security, such as<br />
detection of a potentially infected object or a suspicious activity in the system. Windows of important<br />
notifications and pop-up messages are yellow-colored.<br />
Information notifications – inform you of events that do not have critical importance for the computer's security.<br />
Windows of information notifications and pop-up messages are green-colored.<br />
35
U S E R G U I D E<br />
THE APPLICATION SETTINGS WINDOW<br />
The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> settings window (also referred to as "settings window") is designed for configuring the<br />
entire application and separate protection components, scanning and update tasks, and for running other advanced<br />
configuration tasks (see section "Advanced application settings" on page 62).<br />
Figure 6. The application settings window<br />
The application settings window consists of two parts:<br />
in the left part of the window you can choose the application component, task or another item that should be<br />
configured;<br />
the right part of the window contains the controls that you can use to configure the item selected in the left part<br />
of the window.<br />
The components, tasks and other items in the left part of the window are grouped in the following sections:<br />
– Protection Center;<br />
– Scan;<br />
– Update;<br />
– Advanced Settings.<br />
36
A P P L I C A T I O N I N T E R F A C E<br />
You can open the settings window using one of the following methods:<br />
by clicking the Settings link in the top part of the main application window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> main window" on page 33);<br />
by selecting <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from the context menu (see section "Context menu" on page 32);<br />
by clicking the button with the Settings icon in the <strong>Kaspersky</strong> Gadget interface (only for Microsoft Windows<br />
Vista and Microsoft Windows 7 operating systems). The function of opening the settings window should be<br />
assigned to the button (see section "How to use the <strong>Kaspersky</strong> Gadget" on page 59).<br />
THE KASPERSKY GADGET<br />
When using <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on a computer running under Microsoft Windows Vista or Microsoft Windows 7,<br />
you can also use the <strong>Kaspersky</strong> Gadget (hereinafter the gadget). The <strong>Kaspersky</strong> Gadget is designed for quick access to<br />
the main features of the application (for example, protection status indication, virus scanning of objects, application<br />
operation reports).<br />
After you install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on a computer running under Microsoft Windows 7, the gadget appears on<br />
your desktop automatically. After you install the application on a computer running under Microsoft Windows Vista, you<br />
should add the gadget to the Microsoft Windows Sidebar manually (see the operating system documentation).<br />
Figure 7. The <strong>Kaspersky</strong> Gadget<br />
NEWS AGENT<br />
Using News Agent, <strong>Kaspersky</strong> Lab informs you of all important events related to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> and<br />
protection against computer threats.<br />
The application will notify you of news by displaying a special icon in the taskbar notification area (see below) and a popup<br />
message. Information about the number of unread news items is also displayed in the main application window. A<br />
news icon appears in the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> gadget interface.<br />
You can read the news in one of the following ways:<br />
by clicking the<br />
icon in the taskbar notification area;<br />
by clicking the Read news link in the pop-up news message;<br />
by clicking the News link in the main application window;<br />
by clicking the icon which is displayed in the center of the Gadget when a piece of news appears (only for<br />
Microsoft Windows Vista and Microsoft Windows 7).<br />
The above-listed methods of opening the News Agent window are only operable if any unread news is available.<br />
If you do not want to receive any news, you can disable the news delivery.<br />
37
STARTING AND STOPPING THE<br />
APPLICATION<br />
This section contains information on starting and shutting down the application.<br />
IN THIS SECTION:<br />
Enabling and disabling automatic launch ........................................................................................................................ 38<br />
Launching and closing the application manually ............................................................................................................. 38<br />
ENABLING AND DISABLING AUTOMATIC LAUNCH<br />
Automatic launch of the application means that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> launches after the operating system startup.<br />
This is the default start mode.<br />
To disable or enable automatic launch of the application:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the General Settings subsection.<br />
3. To disable automatic launch of the application, uncheck the Launch <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> at computer<br />
startup box in the Autorun section in the right part of the window. Check this box to enable automatic launch of<br />
the application.<br />
LAUNCHING AND CLOSING THE APPLICATION MANUALLY<br />
<strong>Kaspersky</strong> Lab specialists do not recommend that you stop <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, because the protection of your<br />
computer and personal data will then be at risk. It is recommended that you temporarily pause the computer's protection,<br />
without closing the application.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> should be started manually if you have disabled automatic launch of the application (see<br />
section "Enabling and disabling automatic launch" on page 38).<br />
To launch the application manually,<br />
in the Start menu, select Programs <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong> <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> <strong>2012</strong>.<br />
To exit the application,<br />
right-click to open the context menu of the application icon in the taskbar notification area and select Exit.<br />
In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to<br />
access the application more easily (see the operating system documentation).<br />
38
MANAGING THE COMPUTER PROTECTION<br />
This section provides information about how to detect threats to the computer's security and how to configure the security<br />
level. Read this section to learn more about how to enable, disable, and pause the protection when using the application.<br />
IN THIS SECTION:<br />
Diagnostics and elimination of problems in your computer protection ............................................................................. 39<br />
Enabling and disabling the protection ............................................................................................................................. 40<br />
Pausing and resuming protection .................................................................................................................................... 41<br />
DIAGNOSTICS AND ELIMINATION OF PROBLEMS IN YOUR<br />
COMPUTER PROTECTION<br />
Problems with computer protection are indicated by the computer indicator located in the left part of the main application<br />
window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33). The indicator is shaped as a monitor<br />
icon that changes color depending on the protection status of the computer: green means that the computer is protected,<br />
yellow indicates protection-related problems, red alerts of serious threats to the computer's security.<br />
Figure 8. Protection status indicator<br />
You are advised to fix the problems and security threats immediately.<br />
39
U S E R G U I D E<br />
Clicking the indicator in the main application window opens the <strong>Security</strong> Problems window (see the figure below)<br />
containing detailed information about the status of computer protection and troubleshooting suggestions for the detected<br />
problems and threats.<br />
Figure 9. The <strong>Security</strong> Problems window<br />
Problems with the protection are grouped by categories. For each problem, actions are listed that you can use to solve<br />
the problem.<br />
ENABLING AND DISABLING THE PROTECTION<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is launched when the operating system loads and protects your computer until it<br />
is switched off. All protection components are running.<br />
You can fully or partially disable the protection provided by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
<strong>Kaspersky</strong> Lab specialists strongly recommend that you do not disable protection, since this may lead to an infection of<br />
your computer and data loss. It is recommended that you pause the protection for the required time interval (see section<br />
"Pausing and resuming protection" on page 41).<br />
The following signs indicate that the protection is paused or disabled:<br />
inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on<br />
page 31);<br />
a red security indicator in the upper part of the main application window.<br />
40
M A N A G I N G T H E C O M P U T E R P R O T E C T I O N<br />
In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components<br />
does not affect the performance of virus scan tasks and <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> updates.<br />
You can enable or disable the protection or individual application components from the application settings window (see<br />
section "The application settings window" on page 36).<br />
To completely enable or disable protection:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the General Settings subsection.<br />
3. Uncheck the Enable protection box if you need to disable protection. Check this box if you need to enable<br />
protection.<br />
To disable or enable a protection component:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the component that should be enabled or<br />
disabled.<br />
3. In the right part of the window, uncheck the Enable box if you need to disable this<br />
component. Check this box if you need to enable the component.<br />
PAUSING AND RESUMING PROTECTION<br />
Pausing protection means temporarily disabling all protection components for a period of time.<br />
The following signs indicate that the protection is paused or disabled:<br />
inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on<br />
page 31);<br />
a red security indicator in the upper part of the main application window.<br />
In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components<br />
does not affect the performance of virus scan tasks and <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> updates.<br />
If network connections were established at the moment protection was paused, a notification about the termination of<br />
such connections is displayed.<br />
When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can pause protection<br />
using the <strong>Kaspersky</strong> Gadget. To do this, you should assign the protection pausing function to a button of the gadget (see<br />
section "How to use the <strong>Kaspersky</strong> Gadget" on page 59).<br />
To pause the protection of your computer:<br />
1. Open the Pause protection window using one of the following methods:<br />
select Pause protection from the context menu of the application icon (see section "The context menu" on<br />
page 32);<br />
click the button with the Pause protection icon in the <strong>Kaspersky</strong> Gadget interface (only for Microsoft<br />
Windows Vista and Microsoft Windows 7 operating systems).<br />
41
U S E R G U I D E<br />
2. In the Pause protection window, select the time interval after which protection should be resumed:<br />
Pause for the specified time – protection will be enabled on expiration of the time interval selected from<br />
the dropdown list below.<br />
Pause until reboot – protection will be enabled after the application is restarted or the operating system is<br />
rebooted (provided that automatic application launch is enabled (see section "Enabling and disabling<br />
automatic launch" on page 38)).<br />
Pause – protection will be enabled when you decide to resume it (please see below).<br />
To resume computer protection,<br />
select Resume protection from the context menu of the application icon (see section "The context menu" on<br />
page 32).<br />
You can use this method to resume computer protection when the Pause option has been selected, or when you have<br />
selected Pause for the specified time or Pause until reboot.<br />
42
SOLVING TYPICAL TASKS<br />
This section provides information about how to resolve the most common issues related to protection of the computer<br />
using the application.<br />
IN THIS SECTION:<br />
How to activate the application ........................................................................................................................................ 43<br />
How to purchase or renew a license ............................................................................................................................... 44<br />
What to do when application notifications appear ........................................................................................................... 45<br />
How to update application databases and modules ........................................................................................................ 45<br />
How to scan critical areas of your computer for viruses .................................................................................................. 46<br />
How to scan a file, folder, disk, or another object for viruses .......................................................................................... 46<br />
How to perform a full scan of your computer for viruses ................................................................................................. 48<br />
How to scan your computer for vulnerabilities ................................................................................................................. 48<br />
How to protect your personal data against theft .............................................................................................................. 48<br />
What to do if you suspect an object is infected with a virus............................................................................................. 51<br />
How to run an unknown application without doing any harm to the system .................................................................... 52<br />
What to do with a large number of spam messages ....................................................................................................... 52<br />
What to do if you suspect your computer is infected ....................................................................................................... 53<br />
How to restore a file that has been deleted or disinfected by the application .................................................................. 54<br />
How to create and use a Rescue Disk ............................................................................................................................ 54<br />
How to view the report on the application's operation ..................................................................................................... 57<br />
How to restore default application settings ...................................................................................................................... 58<br />
How to transfer settings to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installed on another computer .................................................. 59<br />
How to use the <strong>Kaspersky</strong> Gadget .................................................................................................................................. 59<br />
How to know the reputation of an application .................................................................................................................. 61<br />
HOW TO ACTIVATE THE APPLICATION<br />
Activation is the procedure of activating a license that allows you to use a fully functional version of the application until<br />
the license expires.<br />
If you did not activate the application during installation, you can do so later. You will be reminded about the need to<br />
activate the application by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> messages appearing in the taskbar notification area.<br />
43
U S E R G U I D E<br />
To run the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> activation wizard, perform one of the following:<br />
Click the Activate link in the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> notice window that appears in the taskbar notification<br />
area.<br />
Click the Insert your activation code here link in the bottom part of the main application window. In the<br />
Manage License window that opens, click the Activate the application button.<br />
When working with the application activation wizard, you should specify values for a collection of settings.<br />
Step 1. Enter activation code<br />
Enter the activation code in the corresponding field and click the Next button.<br />
Step 2. Requesting activation<br />
If the activation request is sent successfully, the Wizard automatically proceeds to the next step.<br />
Step 3. Entry of registration data<br />
User registration is necessary for the user to be able to contact the Technical Support Service. Unregistered<br />
users receive only minimal support.<br />
Specify your registration data and click the Next button.<br />
Step 4. Activation<br />
If the application activation has been successful, the Wizard automatically proceeds to the next window.<br />
Step 5. Wizard completion<br />
This window displays information on the activation results: the type of license used and the license expiry date.<br />
Click the Finish button to close the Wizard.<br />
HOW TO PURCHASE OR RENEW A LICENSE<br />
If you have installed <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> without a license, you can purchase one after installation. When<br />
purchasing a license, you receive an activation code that you should use to activate the application (see section "How to<br />
activate the application" on page 43).<br />
When your license expires, you can renew it. You can purchase a new license before the validity period of your current<br />
activation code expires. To do this, you should add the new code as a reserve activation code. When the validity term of<br />
the current license expires, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will be automatically activated using the reserve activation code.<br />
To purchase a license:<br />
1. Open the main application window.<br />
2. Click the Manage License link in the bottom part of the main window to open the Manage License window.<br />
3. In the window that opens, click the Buy activation code button.<br />
The eStore web page opens, where you can purchase a license.<br />
44
S O L V I N G T Y P I C A L T A S K S<br />
To add a reserve activation code:<br />
1. Open the main application window.<br />
2. Click the Manage License link in the bottom part of the main window to open the Manage License window.<br />
The Manage License window opens.<br />
3. In the window that opens, in the New activation code section, click the Enter activation code button.<br />
The Application Activation Wizard opens.<br />
4. Enter the activation code in the corresponding fields and click the Next button.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> then sends the data to the activation server for verification. If the verification is<br />
successful, the Wizard automatically proceeds to the next step.<br />
5. Select New code and click the Next button.<br />
6. When you have finished with the Wizard, click the Finish button.<br />
WHAT TO DO WHEN APPLICATION NOTIFICATIONS APPEAR<br />
Notifications that appear in the taskbar notification area inform you of events occurring in the application's operation<br />
which require your attention. Depending on how critical the event is, you may receive the following types of notification:<br />
Critical notifications – inform you of events that have a critical importance for the computer's security, such as<br />
detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and popup<br />
messages are red-colored.<br />
Important notifications – inform you of events that are potentially important for the computer's security, such as<br />
detection of a potentially infected object or a suspicious activity in the system. Windows of important<br />
notifications and pop-up messages are yellow-colored.<br />
Information notifications – inform you of events that do not have critical importance for the computer's security.<br />
Windows of information notifications and pop-up messages are green-colored.<br />
If such a notification is displayed on the screen, you should select one of the options suggested in it. The optimal option<br />
is the one recommended as the default by <strong>Kaspersky</strong> Lab experts.<br />
HOW TO UPDATE APPLICATION DATABASES<br />
AND MODULES<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> automatically checks for updates on the <strong>Kaspersky</strong> Lab update servers. If the<br />
server stores a set of recent updates, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> downloads and installs them in background mode. You<br />
can start updating <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> manually at any moment.<br />
To download updates from <strong>Kaspersky</strong> Lab servers, you should be connected to <strong>Internet</strong>.<br />
To start an update from the context menu,<br />
select Update from the context menu of the application icon.<br />
To start an update from the main application window:<br />
1. Open the main application window and select the Update section in the lower part of the window.<br />
2. In the Update window that opens, click the Run update button.<br />
45
U S E R G U I D E<br />
HOW TO SCAN CRITICAL AREAS OF YOUR COMPUTER<br />
FOR VIRUSES<br />
Critical areas scan means scanning the following objects:<br />
objects loaded at the startup of the operating system;<br />
system memory;<br />
boot sectors of the disk;<br />
objects added by the user (see section "Creating a list of objects to scan" on page 67).<br />
You can start the scan of critical areas using one of the following methods:<br />
using a shortcut created earlier (see page 71).<br />
from the main application window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33).<br />
To start the scan using a shortcut:<br />
1. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut.<br />
2. Double-click the shortcut to start the scan.<br />
To start a scan from the main application window:<br />
1. Open the main application window and select the Scan section in the lower part of the window.<br />
2. In the Scan window that opens, in the Critical Areas Scan section, click the button.<br />
HOW TO SCAN A FILE, FOLDER, DISK, OR ANOTHER<br />
OBJECT FOR VIRUSES<br />
You can use the following methods to scan an object for viruses:<br />
using the context menu for the object;<br />
from the main application window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33);<br />
using the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> Gadget (only for Microsoft Windows Vista and Microsoft Windows 7<br />
operating systems).<br />
To start a virus scan task from the object context menu:<br />
1. Open Microsoft Windows Explorer and go to the folder which contains the object to be scanned.<br />
2. Right-click to open the context menu of the object (see the figure below) and select Scan for Viruses.<br />
46
S O L V I N G T Y P I C A L T A S K S<br />
The process and the outcome of the task will be displayed in the Task Manager window.<br />
Figure 10. The context menu of an object in Microsoft Windows<br />
To start scanning an object from the main application window:<br />
1. Open the main application window and select the Scan section in the lower part of the window.<br />
2. Specify the object to scan using one of the following methods:<br />
Click the specify link in the bottom right part of the window to open the Custom Scan window, and check<br />
the boxes next to folders and drives that you need to scan.<br />
If the window displays no object to be scanned:<br />
a. Click the Add button.<br />
b. In the Select object to scan window that opens, select an object to be scanned.<br />
Drag an object to scan into the dedicated area of the main window (see figure below).<br />
The progress of the task will be displayed in the Task Manager window.<br />
Figure 11. An area of the Scan window, into which you should drag an object to scan<br />
To scan an object for viruses using the gadget,<br />
drag the object to scan onto the gadget.<br />
The progress of the task will be displayed in the Task Manager window.<br />
47
U S E R G U I D E<br />
HOW TO PERFORM A FULL SCAN OF YOUR COMPUTER<br />
FOR VIRUSES<br />
You can start a full scan for viruses using one of the following methods:<br />
using a shortcut created earlier (see page 71);<br />
from the main application window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33).<br />
To start a full scan using a shortcut:<br />
1. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut.<br />
2. Double-click the shortcut to start the scan.<br />
To start a full scan from the main application window:<br />
1. Open the main application window and select the Scan section in the lower part of the window.<br />
2. In the Scan window that opens, in the Full Scan section, click the button.<br />
HOW TO SCAN YOUR COMPUTER FOR VULNERABILITIES<br />
Vulnerabilities are unprotected portions of software code which intruders may deliberately use for their purposes, for<br />
example, to copy data used in unprotected applications. Scanning your computer for vulnerabilities helps you to reveal<br />
any such weak points in your computer. You are advised to remove the detected vulnerabilities.<br />
You can use the following methods to scan the system for vulnerabilities:<br />
from the main application window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33);<br />
using a shortcut created earlier (see page 71).<br />
To start the task using a shortcut:<br />
1. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut.<br />
2. Double-click the shortcut to start scanning the system for vulnerabilities.<br />
To start the task from the main application window:<br />
1. Open the main application window and select the Scan section in the lower part of the window.<br />
2. In the Scan window that opens, in the Vulnerability Scan section, click the button.<br />
HOW TO PROTECT YOUR PERSONAL DATA AGAINST THEFT<br />
With <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, you can protect your personal data against theft; this includes data such as:<br />
passwords, usernames, and other registration data;<br />
account numbers and bank card numbers.<br />
48
S O L V I N G T Y P I C A L T A S K S<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> comprises the following components and tools that help you protect your private data:<br />
Anti-Phishing. Protects against data thefts involving the phishing.<br />
Virtual Keyboard. Prevents interception of data entered at the keyboard.<br />
Parental Control (see page 143). Restricts sending of private data over the <strong>Internet</strong>.<br />
IN THIS SECTION:<br />
Protection against phishing ............................................................................................................................................. 49<br />
Protection against data interception at the keyboard ...................................................................................................... 50<br />
Protection of confidential data entered on websites ........................................................................................................ 51<br />
PROTECTION AGAINST PHISHING<br />
Protection against phishing is ensured by Anti-Phishing, implemented in the Web Anti-Virus, Anti-Spam, and IM Anti-<br />
Virus components. <strong>Kaspersky</strong> Lab recommends that you enable the checking for phishing for all protection components.<br />
To enable protection against phishing when Web Anti-Virus is running:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. The Web Anti-Virus window opens.<br />
5. In the window that opens, on the General tab, in the <strong>Kaspersky</strong> URL Advisor section, check the Check web<br />
pages for phishing box.<br />
To enable protection against phishing when IM Anti-Virus is running:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component.<br />
3. In the right part of the window, in the Scan methods section, check the Check if URLs are listed in the<br />
database of phishing URLs box.<br />
To enable protection against phishing when Anti-Spam is running:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. In the window that opens, on the Exact methods tab, in the Consider message as spam section, check the If<br />
it contains phishing elements box.<br />
49
U S E R G U I D E<br />
PROTECTION AGAINST DATA INTERCEPTION AT THE KEYBOARD<br />
When working on the <strong>Internet</strong>, you frequently need to enter your personal data or your username and password. This<br />
happens, for example, during account registration on web sites, web shopping or <strong>Internet</strong> banking.<br />
There is a risk that this personal information can be intercepted using hardware keyboard interceptors or keyloggers,<br />
which are programs that register keystrokes.<br />
The Virtual Keyboard tool prevents the interception of data entered via the keyboard.<br />
The Virtual Keyboard cannot protect your personal data if the website requiring the entry of such data has been hacked,<br />
because in this case the information is obtained directly by the intruders.<br />
Many of the applications classified as spyware have the function of making screenshots which are then transmitted to an<br />
intruder for further analysis and extraction of the user's personal data. The Virtual Keyboard prevents the personal data<br />
being entered, from being intercepted through the use of screenshots.<br />
The Virtual Keyboard only prevents the interception of personal data when working with Microsoft <strong>Internet</strong> Explorer,<br />
Mozilla Firefox and Google Chrome browsers.<br />
The Virtual Keyboard has the following features:<br />
You can click the Virtual Keyboard buttons using the mouse.<br />
Unlike with real keyboards, there is no way to click several keys simultaneously on a Virtual Keyboard.<br />
Therefore, to use combinations of keys (e.g., ALT+F4), you have to click the first key (e.g., ALT), then the next<br />
key (e.g., F4), and then click the first key again. The second click of the key acts in the same way as the key<br />
release on a real keyboard.<br />
Input language for the Virtual Keyboard is toggled using the key combination CTRL+SHIFT (the SHIFT key<br />
should be clicked using the right mouse button) or CTRL+LEFT ALT (the LEFT ALT key should be clicked<br />
using the right mouse button), depending upon the specified settings.<br />
You can open the Virtual Keyboard in the following ways:<br />
from the context menu of the application icon;<br />
from the main application window;<br />
from the Microsoft <strong>Internet</strong> Explorer, Mozilla Firefox or Google Chrome browser windows;<br />
using keyboard shortcuts.<br />
To open the Virtual Keyboard from the context menu of the application icon,<br />
select Tools<br />
Virtual Keyboard from the context menu of the application icon.<br />
To open the Virtual Keyboard from the main application window,<br />
in the lower part of the main application window select Virtual Keyboard.<br />
To open the Virtual Keyboard from the browser window,<br />
click the<br />
Chrome.<br />
Virtual Keyboard button in the toolbar of Microsoft <strong>Internet</strong> Explorer, Mozilla Firefox, or Google<br />
To open the Virtual Keyboard using the computer keyboard,<br />
press the CTRL+ALT+SHIFT+P shortcut.<br />
50
S O L V I N G T Y P I C A L T A S K S<br />
PROTECTION OF CONFIDENTIAL DATA ENTERED ON WEBSITES<br />
To protect confidential data entered on websites (for example, bank card numbers, passwords to access online banking<br />
services), <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> prompts you to open such websites in Safe Run for Websites.<br />
You can enable access control for online banking services (see section "Controlling access to online banking services"<br />
on page 94) to determine banking websites automatically and also start Safe Run for Websites manually.<br />
Safe Run for Websites can be started in the following ways:<br />
from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window"<br />
on page 33);<br />
using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141).<br />
To start Safe Run for Websites from the main <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> window:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Safe Run for Websites section.<br />
3. In the window that opens, click the Start Safe Run for Websites button.<br />
WHAT TO DO IF YOU SUSPECT AN OBJECT IS INFECTED<br />
WITH A VIRUS<br />
If you suspect an object is infected, scan it using <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see section "How to scan a file, folder,<br />
disk, or another object for viruses" on page 46).<br />
If the application scans an object and then considers it as not infected although you suspect the contrary, you can<br />
perform any of the following actions:<br />
Move the object to Quarantine. Objects moved to Quarantine do not pose any threat to your computer. After the<br />
databases are updated, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> may be able to clearly identify and remove the threat.<br />
Send the object to the Virus Lab. Virus Lab specialists scan the object. If it turns out to be infected with a virus,<br />
they add the description of the new virus into the databases that will be downloaded by the application with an<br />
update (see section "How to update application databases and modules" on page 45).<br />
You can move a file to Quarantine using one of two methods:<br />
by clicking the Move to Quarantine button in the Quarantine window;<br />
using the context menu for the file.<br />
To move a file to Quarantine from the Quarantine window:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Quarantine tab click the Move to Quarantine button.<br />
4. In the window that opens, select the file that you want to move to Quarantine.<br />
51
U S E R G U I D E<br />
To move a file to Quarantine using the context menu:<br />
1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to<br />
Quarantine.<br />
2. Right-click to open the context menu of the file and select Move to Quarantine.<br />
To send a file to the Virus Lab:<br />
1. Go to the Virus Lab request page (http://support.kaspersky.com/virlab/helpdesk.html).<br />
2. Follow the instructions on this page to send your request.<br />
HOW TO RUN AN UNKNOWN APPLICATION<br />
WITHOUT DOING ANY HARM TO THE SYSTEM<br />
When the safety of any application raises doubts, it can be executed in Safe Run.<br />
Safe Run is isolated from the main operating system of the computer. In Safe Run, real operating system files do not<br />
undergo changes. Thus, if you launch an infected application in Safe Run, its actions will not affect the operating system<br />
of the computer.<br />
You can start Safe Run as a separate desktop (see page 138) or run an application in Safe Run on the main desktop.<br />
Applications started in Safe Run are marked with a green frame around the application window and have a safe run<br />
indicator in the list of applications monitored by Application Control (see section "Application Control" on page 101).<br />
After the application is closed, all changes made by this application will be discarded automatically.<br />
To run an application in the safe environment from the Microsoft Windows context menu,<br />
right-click to open the context menu for the selected object (application shortcut or executable file) and select Safe<br />
Run.<br />
WHAT TO DO WITH A LARGE NUMBER OF SPAM MESSAGES<br />
If you receive large amounts of unwanted messages (spam), enable the Anti-Spam component and set the<br />
recommended security level for it.<br />
To enable Anti-Spam and set the recommended security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. In the right part of the window, check the Enable Anti-Spam box.<br />
4. Make sure that the Recommended security level is set in the <strong>Security</strong> level section.<br />
If the security level is set to Low or Custom, click the Default level button. The security level will automatically<br />
be set to Recommended.<br />
52
S O L V I N G T Y P I C A L T A S K S<br />
WHAT TO DO IF YOU SUSPECT YOUR COMPUTER IS<br />
INFECTED<br />
If you suspect your operating system of being corrupted due to malware activity or system failures, use Microsoft<br />
Windows Troubleshooting, which removes any traces of malicious objects from the system. <strong>Kaspersky</strong> Lab recommends<br />
that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by<br />
infections have been fixed.<br />
Microsoft Windows Troubleshooting checks the system for modifications and faults (such as modifications of file<br />
extensions, blockage of the network environment and control panel). Modifications and faults may be caused by malware<br />
activity, an improper system configuration, system failures, or incorrect operation of system optimization applications.<br />
After the review is complete, the Wizard analyzes the information to evaluate whether there is system damage which<br />
requires immediate attention. Based on the review, a list of actions necessary to eliminate the problems is generated.<br />
The Wizard groups these actions by category based on the severity of the problems detected.<br />
To start the System Restore Wizard:<br />
1. Open the main application window (see page 33).<br />
2. In the lower part of the window, select the Tools section.<br />
3. In the window that opens, in the Microsoft Windows Troubleshooting section, click the Start button.<br />
The Microsoft Windows Troubleshooting window opens.<br />
The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To<br />
close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the<br />
Cancel button.<br />
Step 1. Starting system restoration<br />
Make sure that the Wizard option to Search for problems caused by malware activity is selected and click<br />
the Next button.<br />
Step 2. Problems search<br />
The Wizard will search for problems and damage which should be fixed. Once the search is complete, the<br />
Wizard will proceed automatically to the next step.<br />
Step 3. Selecting troubleshooting actions<br />
All damage found during the previous step is grouped on the basis of the type of danger it poses. For each<br />
damage group, <strong>Kaspersky</strong> Lab recommends a sequence of actions to repair the damage. There are three<br />
groups of actions:<br />
Strongly recommended actions eliminate problems posing a serious security threat. You are advised to<br />
perform all actions in this group.<br />
Recommended actions eliminate problems presenting a potential threat. You are also advised to perform all<br />
actions in this group.<br />
Additional actions repair system damage which does not pose a current threat, but may pose a danger to<br />
the computer's security in the future.<br />
To view the actions within a group, click the + icon to the left of the group name.<br />
53
U S E R G U I D E<br />
To make the Wizard perform a certain action, check the box to the left of the corresponding action description.<br />
By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to<br />
perform a certain action, uncheck the box next to it.<br />
It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your<br />
computer vulnerable to threats.<br />
Having defined the set of actions which the Wizard will perform, click the Next button.<br />
Step 4. Eliminating problems<br />
The Wizard will perform the actions selected during the previous step. The elimination of problems may take<br />
some time. Once the troubleshooting is complete, the Wizard will automatically proceed to the next step.<br />
Step 5. Wizard completion<br />
Click the Finish button to close the Wizard.<br />
HOW TO RESTORE A FILE THAT HAS BEEN DELETED<br />
OR DISINFECTED BY THE APPLICATION<br />
<strong>Kaspersky</strong> Lab recommends that you avoid restoring deleted and disinfected files, as they may pose a threat to your<br />
computer.<br />
If you want to restore a deleted or disinfected file, you can use a backup copy of it which was created by the application<br />
during the scan.<br />
To restore a file that has been deleted or disinfected by the application:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Storage tab, select the required file from the list and click the Restore button.<br />
HOW TO CREATE AND USE A RESCUE DISK<br />
After you install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> and perform the first scan of your computer, it is recommended that you<br />
create the Rescue Disk.<br />
The Rescue Disk is an application named <strong>Kaspersky</strong> Rescue Disk and recorded on a removable medium (CD or USB<br />
flash drive).<br />
You will then be able to use <strong>Kaspersky</strong> Rescue Disk for scanning and disinfecting infected computers that cannot be<br />
disinfected using other methods (e.g., with anti-virus applications).<br />
IN THIS SECTION:<br />
Creating a Rescue Disk................................................................................................................................................... 55<br />
Starting the computer from the Rescue Disk ................................................................................................................... 57<br />
54
S O L V I N G T Y P I C A L T A S K S<br />
CREATING A RESCUE DISK<br />
Creating a Rescue Disk consists in creating a disk image (ISO file) with the up-to-date version of <strong>Kaspersky</strong> Rescue<br />
Disk, and writing it on a removable medium.<br />
You can download the original disk image from the <strong>Kaspersky</strong> Lab server or copy it from a local source.<br />
The Rescue Disk is created using the <strong>Kaspersky</strong> Rescue Disk Creation Wizard. The rescuecd.iso file created by the<br />
Wizard is saved on your computer's hard drive:<br />
in Microsoft Windows XP – in the following folder: Documents and Settings\All Users\Application<br />
Data\<strong>Kaspersky</strong> Lab\AVP12\Data\Rdisk\;<br />
in Microsoft Windows Vista and Microsoft Windows 7 operating systems – in the following folder:<br />
ProgramData\<strong>Kaspersky</strong> Lab\AVP12\Data\Rdisk\.<br />
To create a Rescue Disk:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Tools section.<br />
3. In the window that opens, in the <strong>Kaspersky</strong> Rescue Disk section, click the Create button.<br />
The <strong>Kaspersky</strong> Rescue Disk Creation Wizard window opens.<br />
The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To<br />
close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the<br />
Cancel button.<br />
Let us review the steps of the Wizard in more detail.<br />
Step 1. Starting the Wizard. Searching for an existing disk image<br />
The first window of the Wizard contains information about <strong>Kaspersky</strong> Rescue Disk.<br />
If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder (see above), the Use existing ISO<br />
image box will be displayed in the first window of the Wizard. Check the box to use the detected file as the<br />
original ISO image and go directly to the Updating disk image step (see below). Uncheck this box if you do not<br />
want to use the disk image that was detected. The Wizard will proceed to the Select disk image source<br />
window.<br />
Step 2. Selecting a disk image source<br />
If you have checked the Use existing ISO image box in the first Wizard window, then this step will be skipped.<br />
At this step, you should select a disk image source from the options suggested:<br />
If you already have a recorded copy of the Rescue Disk or an ISO image saved on your computer or on a<br />
local network resource, select Copy ISO image from local or network drive.<br />
If you have no ISO image file created for the Rescue Disk, and you want to download one from the<br />
<strong>Kaspersky</strong> Lab server (file size is about 175 MB), select Download ISO image from <strong>Kaspersky</strong> Lab<br />
server.<br />
55
U S E R G U I D E<br />
Step 3. Copying (downloading) the disk image<br />
If you have checked the Use existing ISO image box in the first Wizard window, then this step will be skipped.<br />
If you have selected Copy ISO image from local or network drive at the previous step, click the Browse<br />
button. After you have specified the path to the file, click the Next button. The progress of copying the disk<br />
image is displayed in the Wizard window.<br />
If you have selected Download ISO image from <strong>Kaspersky</strong> Lab server at the previous step, the progress of<br />
downloading the disk image is displayed immediately.<br />
When copying or downloading of the ISO image is complete, the Wizard automatically proceeds to the next<br />
step.<br />
Step 4. Updating the ISO image file<br />
The updating procedure for the ISO image file comprises the following operations:<br />
updating anti-virus databases;<br />
updating configuration files.<br />
Configuration files determine whether the computer can be booted from a removable medium (such as a<br />
CD / DVD or a USB flash drive with <strong>Kaspersky</strong> Rescue Disk) created by the Wizard.<br />
When updating anti-virus databases, those distributed at the last update of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> are<br />
used. If databases are out of date, it is recommended that you run the update task and launch the <strong>Kaspersky</strong><br />
Rescue Disk Creation Wizard again.<br />
To begin updating the ISO file, click the Next button. The update's progress will be displayed in the Wizard<br />
window.<br />
Step 5. Recording the disk image on a medium<br />
At this step, the Wizard informs you of a successful creation of a disk image and offers you to record it on a<br />
medium.<br />
Specify a data medium for recording <strong>Kaspersky</strong> Rescue Disk:<br />
To record the disk image on a CD / DVD, select Record to CD / DVD and specify a medium, on which you<br />
want to record the disk image.<br />
To record the disk image on a USB flash drive, select Record to USB flash drive and specify a device, on<br />
which you want to record the disk image.<br />
<strong>Kaspersky</strong> Lab recommends that you do not record the ISO image on devices which are not designed<br />
specifically for data storage, such as smartphones, cellphones, PDAs, and MP3 players. Recording ISO<br />
images on these devices may lead to their functioning incorrectly in the future.<br />
To record the disk image on the hard drive of your computer or on the hard drive of another one that you<br />
can access via a network, select Save the disk image to file on local or network drive and specify a<br />
folder, in which you want to record the disk image, and the name of the ISO file.<br />
56
S O L V I N G T Y P I C A L T A S K S<br />
Step 6. Wizard completion<br />
To close the Wizard once it has completed its task, click the Finish button. You can use the newly created<br />
Rescue Disk to boot the computer (see page 57) if you cannot boot it and run <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> in<br />
normal mode due to an impact caused by viruses or malware.<br />
STARTING THE COMPUTER FROM THE RESCUE DISK<br />
If the operating system cannot be booted as a result of a virus attack, use the Rescue Disk.<br />
To boot the operating system, you should use a CD / DVD or a USB flash drive with <strong>Kaspersky</strong> Rescue Disk copied on it<br />
(see section "Creating a Rescue Disk" on page 55).<br />
Booting a computer from a removable media is not always possible. In particular, this mode is not supported by some<br />
obsolete computer models. Before shutting down your computer for subsequent booting from a removable media, make<br />
sure that this operation can be performed.<br />
To boot your computer from the Rescue Disk:<br />
1. In the BIOS settings, enable booting from a CD / DVD or a USB device (for detailed information, please refer to<br />
the documentation for your computer's motherboard).<br />
2. Insert a CD / DVD into the CD / DVD drive of an infected computer or connect a USB flash device with<br />
<strong>Kaspersky</strong> Rescue Disk copied on it.<br />
3. Restart your computer.<br />
For detailed information about the use of the Rescue Disk, please refer to the <strong>Kaspersky</strong> Rescue Disk User Guide.<br />
HOW TO VIEW THE REPORT ON THE APPLICATION'S<br />
OPERATION<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> creates operation reports for each component. Using a report, you can obtain statistical<br />
information about the application's operation (for example, learn how many malicious objects have been detected and<br />
neutralized for a specified time period, how many times the application has been updated for the same period, how many<br />
spam messages have been detected and much more).<br />
When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can open reports<br />
using the <strong>Kaspersky</strong> Gadget. To do this, the <strong>Kaspersky</strong> Gadget should be configured so that the option of opening the<br />
reports window is assigned to one of its buttons (see section "How to use the <strong>Kaspersky</strong> Gadget" on page 59).<br />
To view the application operation report:<br />
1. Open the Reports window using any of the following methods:<br />
click the Reports link in the top part of the main application window;<br />
click the button with the Reports icon in the <strong>Kaspersky</strong> Gadget interface (only for Microsoft Windows<br />
Vista and Microsoft Windows 7 operating systems).<br />
The Reports window displays reports on the application's operation represented as diagrams.<br />
2. If you want to view a detailed application operation report (for example, a report on the operation of each<br />
component), click the Detailed report button in the bottom part of the Report window.<br />
The Detailed report window will open, where data are represented in a table. For convenient viewing of reports,<br />
you can select various entry sorting options.<br />
57
U S E R G U I D E<br />
HOW TO RESTORE DEFAULT APPLICATION SETTINGS<br />
You can restore the default application settings recommended by <strong>Kaspersky</strong> Lab for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, at any<br />
time. The settings can be restored using the Application Configuration Wizard.<br />
When the Wizard completes its operation, the Recommended security level is set for all protection components. When<br />
restoring the recommended security level, you can save the previously specified values for some of the settings of<br />
application components.<br />
To restore the default settings of the application:<br />
1. Open the application settings window.<br />
2. Run the Application Configuration Wizard using one of the following methods:<br />
click the Restore link in the bottom part of the window;<br />
in the left part of the window, select the Manage Settings subsection in the Advanced Settings section<br />
and click the Restore button in the Restore default settings section.<br />
Let us review the steps of the Wizard in more detail.<br />
Step 1. Starting the Wizard<br />
Click the Next button to proceed with the Wizard.<br />
Step 2. Restore settings<br />
This Wizard window shows which <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> protection components have settings that differ<br />
from the default value because they were either changed by the user or accumulated by <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> through training (Firewall or Anti-Spam). If special settings have been created for any of the<br />
components, they will also be shown in this window.<br />
Special settings include lists of allowed and blocked phrases and addresses used by Anti-Spam, lists of trusted<br />
web addresses and ISP phone numbers, protection exclusion rules created for application components, and<br />
filtering rules applied by Firewall to packets and applications.<br />
The special settings are created when working with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> with regard for individual tasks<br />
and security requirements. <strong>Kaspersky</strong> Lab recommends that you save your special settings when restoring the<br />
default application settings.<br />
Check the boxes for the settings that you want to save and click the Next button.<br />
Step 3. System analysis<br />
At this stage, information about Microsoft Windows applications is collected. These applications are added to<br />
the list of trusted applications which have no restrictions imposed on the actions they perform in the system.<br />
Once the analysis is complete, the Wizard will automatically proceed to the next step.<br />
Step 4. Finishing restoration<br />
To close the Wizard once it has completed its task, click the Finish button.<br />
58
S O L V I N G T Y P I C A L T A S K S<br />
HOW TO TRANSFER SETTINGS TO KASPERSKY INTERNET<br />
SECURITY INSTALLED ON ANOTHER COMPUTER<br />
Once you have configured the product, you can apply its settings to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installed on another<br />
computer. Consequently, the application will be configured identically on both computers. This is a helpful feature when,<br />
for example, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is installed on your home computer and in your office.<br />
The application settings are stored in a special configuration file that you can transfer to another computer.<br />
The settings of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> can be transferred to another computer in three steps:<br />
1. Saving the application settings in a configuration file.<br />
2. Transferring a configuration file to another computer (for example, by email or on a removable medium).<br />
3. Applying settings from a configuration file to the application installed on another computer.<br />
To export the current settings of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Manage Settings subsection.<br />
3. Click the Save button in the right part of the window.<br />
4. In the window that opens, enter the name of the configuration file and the path where it should be saved.<br />
5. Click the OK button.<br />
To import the application's settings from a saved configuration file:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Manage Settings subsection.<br />
3. Click the Load button in the right part of the window.<br />
4. In the window that opens, select the file from which you wish to import the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> settings.<br />
5. Click the OK button.<br />
HOW TO USE THE KASPERSKY GADGET<br />
When using <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on a computer running under Microsoft Windows Vista or Microsoft Windows 7,<br />
you can also use the <strong>Kaspersky</strong> Gadget (hereinafter the gadget). After you install <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> on a<br />
computer running under Microsoft Windows 7, the gadget appears on your desktop automatically. After you install the<br />
application on a computer running under Microsoft Windows Vista, you should add the gadget to the Microsoft Windows<br />
Sidebar manually (see the operating system documentation).<br />
The Gadget color indicator displays your computer's protection status in the same manner as the indicator in the main<br />
application window (see section "Diagnostics and elimination of problems in your computer protection" on page 39).<br />
Green indicates that your computer is duly protected, while yellow indicates that there are protection problems, and red<br />
indicates that your computer's security is at serious risk. Gray indicates that the application is stopped.<br />
While updating the application databases and software modules, a revolving globe-shaped icon is displayed in the center<br />
part of the gadget.<br />
59
U S E R G U I D E<br />
You can use the gadget to perform the following actions:<br />
resume the application if it has been paused earlier;<br />
open the main application window;<br />
scan specified objects for viruses;<br />
open the news window.<br />
Also, you can configure the buttons of the gadget so that they could initiate additional actions:<br />
run an update;<br />
edit the application settings;<br />
view application reports;<br />
switch to Safe Run (for 32-bit operating systems only);<br />
view Parental Control reports;<br />
view information about network activity (Network Monitor) and applications' activity;<br />
pause the protection;<br />
open the Virtual Keyboard;<br />
open the Task Manager window.<br />
To start the application using the gadget,<br />
click the<br />
Enable icon located in the center of the gadget.<br />
To open the main application window using the gadget,<br />
click the monitor icon in the center area of the gadget.<br />
To scan an object for viruses using the gadget,<br />
drag the object to scan onto the gadget.<br />
The progress of the task will be displayed in the Task Manager window.<br />
To open the news window using the gadget,<br />
click the icon<br />
, which is displayed in the center of the gadget when news is released.<br />
To configure the gadget:<br />
1. Open the gadget settings window by clicking the icon that appears in the upper right corner of the gadget<br />
block if you position the cursor over it.<br />
2. In the dropdown lists corresponding to gadget buttons, select actions that should be performed when you click<br />
those buttons.<br />
3. Click the OK button.<br />
60
S O L V I N G T Y P I C A L T A S K S<br />
HOW TO KNOW THE REPUTATION OF AN APPLICATION<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> allows you to learn the reputation of applications from users all over the world. Reputation of<br />
an application comprises the following criteria:<br />
name of the vendor;<br />
information about the digital signature (available if a digital signature exists);<br />
information about the group, in which the application has been included by Application Control or a majority of<br />
users of <strong>Kaspersky</strong> <strong>Security</strong> Network;<br />
number of users of <strong>Kaspersky</strong> <strong>Security</strong> Network that use the application (available if the application has been<br />
included in the Trusted group in <strong>Kaspersky</strong> <strong>Security</strong> Network database);<br />
time, at which the application has become known in <strong>Kaspersky</strong> <strong>Security</strong> Network;<br />
countries, in which the application is the most widespread.<br />
To verify the reputation of an application, you should agree to participate in <strong>Kaspersky</strong> <strong>Security</strong> Network (see page 175)<br />
when installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
To know the reputation of an application,<br />
open the context menu of the executable file of the application and select Check reputation in KSN.<br />
SEE ALSO:<br />
<strong>Kaspersky</strong> <strong>Security</strong> Network ......................................................................................................................................... 174<br />
61
ADVANCED APPLICATION SETTINGS<br />
This section provides detailed information about how to configure each of the application components.<br />
IN THIS SECTION:<br />
General protection settings ............................................................................................................................................. 63<br />
Scan ................................................................................................................................................................................ 64<br />
Update............................................................................................................................................................................. 72<br />
File Anti-Virus .................................................................................................................................................................. 77<br />
Mail Anti-Virus ................................................................................................................................................................. 83<br />
Web Anti-Virus ................................................................................................................................................................ 88<br />
IM Anti-Virus .................................................................................................................................................................... 95<br />
Proactive Defense ........................................................................................................................................................... 97<br />
System Watcher .............................................................................................................................................................. 99<br />
Application Control ........................................................................................................................................................ 101<br />
Network protection ........................................................................................................................................................ 109<br />
Anti-Spam ..................................................................................................................................................................... 120<br />
Anti-Banner ................................................................................................................................................................... 135<br />
Safe Run for Applications and Safe Run for Websites .................................................................................................. 137<br />
Parental Control ............................................................................................................................................................ 143<br />
Trusted zone ................................................................................................................................................................. 154<br />
Performance and compatibility with other applications .................................................................................................. 155<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> self-defense ...................................................................................................................... 159<br />
Quarantine and Backup................................................................................................................................................. 160<br />
Additional tools for better protection of your computer .................................................................................................. 163<br />
Reports.......................................................................................................................................................................... 167<br />
Application appearance. Managing active interface elements ....................................................................................... 171<br />
Notifications ................................................................................................................................................................... 172<br />
<strong>Kaspersky</strong> <strong>Security</strong> Network ......................................................................................................................................... 174<br />
62
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
GENERAL PROTECTION SETTINGS<br />
In the application settings window, in the General Settings subsection of the Protection Center section, you can:<br />
disable all protection components (see section "Enabling and disabling protection" on page 40);<br />
select the interactive or automatic protection mode (see section "Selecting a protection mode" on page 64);<br />
restrict users' access to the application by setting a password (see section "Restricting access to <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>" on page 63);<br />
disable or enable automatic launching of the application at operating system startup (see section "Enabling and<br />
disabling automatic launch" on page 38);<br />
enable a custom key combination for displaying the virtual keyboard on the screen (see section "Protection<br />
against data interception at the keyboard" on page 50).<br />
IN THIS SECTION:<br />
Restricting access to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> .......................................................................................................... 63<br />
Selecting a protection mode ............................................................................................................................................ 64<br />
RESTRICTING ACCESS TO KASPERSKY INTERNET SECURITY<br />
A computer may be used by several users with various levels of computer literacy. Unrestricted user access to<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> and its settings may lead to a reduced level of computer protection.<br />
To restrict access to the application, you can set a password and specify which actions should require the password to<br />
be entered:<br />
changing application settings;<br />
enabling and configuring Parental Control;<br />
closing the application;<br />
removing the application.<br />
Be careful when using a password to restrict access to application removal. If you forget the password, the application<br />
will be difficult to remove from your computer.<br />
To restrict access to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> with a password:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the General Settings subsection.<br />
3. In the right part of the window, in the Password protection section, check the Enable password protection<br />
box and click the Settings button.<br />
4. In the Password protection window that opens, enter the password and specify the area to be covered by the<br />
access restriction.<br />
63
U S E R G U I D E<br />
SELECTING A PROTECTION MODE<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> runs in automatic protection mode. In this mode the application automatically<br />
applies actions recommended by <strong>Kaspersky</strong> Lab in response to dangerous events. If you wish <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> to notify you of all hazardous and suspicious events in the system and to allow you to decide which of the<br />
actions offered by the application should be applied, you can enable the interactive protection mode.<br />
To select a protection mode:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the General Settings subsection.<br />
3. In the Interactive protection section, check or uncheck the boxes depending on your choice of protection<br />
mode:<br />
to enable the interactive protection mode, uncheck the Select action automatically box;<br />
to enable automatic protection mode, check the Select action automatically box.<br />
If you do not want <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to delete suspicious objects when running in automatic<br />
mode, check the Do not delete suspicious objects box.<br />
SCAN<br />
Scanning the computer for vulnerabilities, viruses and other riskware is one of the most important tasks when ensuring<br />
the computer's security.<br />
It is necessary to regularly scan your computer for viruses and other riskware in order to rule out the possibility of<br />
spreading malicious programs that have not been detected by protection components, for example, due to a low security<br />
level set, or for other reasons.<br />
The vulnerability scan performs diagnostics of operating system safety and detects software features that could be used<br />
by intruders to spread malicious objects and obtain access to personal information.<br />
This section contains information about scan task features and configuration, security levels, scan methods, and scan<br />
technologies.<br />
IN THIS SECTION:<br />
Virus scan ....................................................................................................................................................................... 64<br />
Vulnerability Scan ........................................................................................................................................................... 72<br />
Managing scan tasks. Task Manager .............................................................................................................................. 72<br />
VIRUS SCAN<br />
To detect viruses and other riskware, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> comprises the following tasks:<br />
Full Scan. Scan of the entire system. By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans the following objects:<br />
system memory;<br />
objects loaded on operating system startup;<br />
64
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
system backup;<br />
email databases;<br />
removable storage media, hard and network drives.<br />
Critical Areas Scan. By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans objects loaded at the startup of the<br />
operating system.<br />
Custom Scan. <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans objects selected by the user. You can scan any object from<br />
the list below:<br />
system memory;<br />
objects loaded on operating system startup;<br />
system backup;<br />
email databases;<br />
removable storage media, hard and network drives;<br />
any file or folder that you have selected.<br />
The Full Scan and the Critical Areas Scan tasks have their peculiarities. For these tasks, it is not recommended that you<br />
edit the lists of objects to scan.<br />
Each scan task is performed in a specified area and can be started according to a previously created schedule. Each<br />
scan task is also characterized by a security level (a combination of settings that impact the depth of the scan). By<br />
default, the signature mode (the one using records from application databases to search for threats) is always enabled.<br />
You can also apply various scan methods and technologies.<br />
After the full scan task or the critical areas scan task is started, the scan run progress is displayed in the Scan window, in<br />
the section with the name of the task running, and in the Task Manager (see section "Managing scan tasks. Task<br />
Manager" on page 72).<br />
If a threat is detected, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> assigns one of the following statuses to the found object:<br />
Malicious program (such as a virus or Trojan).<br />
Potentially infected (suspicious) status if the scan cannot determine whether the object is infected or not. The<br />
file may contain a sequence of code characteristic of viruses, or modified code from a known virus.<br />
The application displays a notification (see page 172) about the detected threat and performs the prescribed action. You<br />
can change the actions to be taken when a threat is detected.<br />
If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects<br />
are detected, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> automatically applies the actions recommended by <strong>Kaspersky</strong> Lab specialists.<br />
For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects – Move to Quarantine.<br />
If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on<br />
page 64), the application displays a notification on the screen that you can use to select the required action the list of<br />
available ones.<br />
Before attempting to disinfect or delete an infected object, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> creates a backup copy for<br />
subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable<br />
automatic scanning of quarantined objects after each update.<br />
Information on the scan results and events which have occurred during the execution of the task is logged in a<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> report (see page 167).<br />
65
U S E R G U I D E<br />
IN THIS SECTION:<br />
Changing and restoring the security level ....................................................................................................................... 66<br />
Creating the scan startup schedule ................................................................................................................................. 67<br />
Creating a list of objects to scan ..................................................................................................................................... 67<br />
Selecting a scan method ................................................................................................................................................. 68<br />
Selecting scan technology ............................................................................................................................................... 68<br />
Changing the actions to be performed when a threat is detected ................................................................................... 69<br />
Running a scan under a different user account ............................................................................................................... 69<br />
Changing the type of objects to scan .............................................................................................................................. 69<br />
Scanning of compound files ............................................................................................................................................ 70<br />
Scan optimization ............................................................................................................................................................ 70<br />
Scanning removable drives on connection ...................................................................................................................... 71<br />
Creating a task shortcut .................................................................................................................................................. 71<br />
CHANGING AND RESTORING THE SECURITY LEVEL<br />
Depending on your current needs, you can select one of the preset security levels or modify the scan settings manually.<br />
When configuring scan task settings, you can always restore the recommended ones. These settings are considered<br />
optimal, recommended by <strong>Kaspersky</strong> Lab, and grouped in the Recommended security level.<br />
To change the established security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, set the desired security level for the task selected, or click the Settings button to<br />
modify scan settings manually.<br />
If you modify the settings manually, the name of the security level will change to Custom.<br />
To restore the default scan settings:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Default level button for the task selected.<br />
66
A D V A N C E D A P P L I C A T I O N S E T T I NGS<br />
CREATING THE SCAN STARTUP SCHEDULE<br />
You can create a schedule to automatically start virus scan tasks: specify task run frequency, start time (if necessary),<br />
and advanced settings.<br />
If it is not possible to start the task for any reason (for example, the computer was not on at that time), you can configure<br />
the skipped task to start automatically as soon as it becomes possible. You can automatically pause the scan when a<br />
screensaver is inactive or the computer is unlocked. This functionality postpones launching the task until the user has<br />
finished working on the computer. The scan will then not take up system resources during work.<br />
The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start<br />
automatic updates when your computer is idle.<br />
To modify the schedule for scan tasks:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Vulnerability Scan).<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab, in the Schedule section, select By schedule and configure<br />
the scan run mode by specifying required values for the Frequency setting.<br />
To enable automatic launching of a skipped task:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan or<br />
Vulnerability Scan).<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab in the Schedule section, select By schedule and check the<br />
Run skipped tasks box.<br />
To launch scans only when the computer is not being used:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Vulnerability Scan).<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab, in the Schedule section, select By schedule and check the<br />
Run scheduled scan when screensaver is active or computer is locked box.<br />
CREATING A LIST OF OBJECTS TO SCAN<br />
Each virus scan task has its own default list of objects. These objects may include items in the computer's file system,<br />
such as logical drives and email databases, or other types of objects, such as network drives. You can edit this list.<br />
If the scan scope is empty, or it contains no selected objects, a scan task cannot be started.<br />
67
U S E R G U I D E<br />
To create a list of objects for a custom scan task:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Scan section.<br />
3. In the bottom part of the window that opens, click the specify link to open a list of objects to be scanned.<br />
4. In the Custom Scan window that opens, click the Add button.<br />
5. In the Select object to scan window that opens, select the desired object and click the Add button. Click the<br />
OK button after you have added all the objects you need. To exclude any objects from the list of objects to be<br />
scanned, uncheck the boxes next to them.<br />
You can also drag files to be scanned directly into a marked area located in the Scan section.<br />
To create a list of objects for Full Scan, Critical Areas Scan or Vulnerability Scan tasks:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired scan task (Full Scan, Critical Areas Scan,<br />
or Vulnerability Scan).<br />
3. In the right part of the window, click the Scan scope button.<br />
4. In the Scan scope window that opens, use the Add, Edit, and Delete buttons to create a list. To exclude any<br />
objects from the list of objects to be scanned, uncheck the boxes next to them.<br />
Objects which appear in the list by default cannot be edited or deleted.<br />
SELECTING A SCAN METHOD<br />
During a virus scan, signature analysis is always used: <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> compares the object found with the<br />
database records.<br />
You can use additional scan methods to increase scan efficiency: heuristic analysis (analysis of the actions an object<br />
performs within the system) and rootkit scan (a scan for tools that can hide malicious programs in your operating<br />
system).<br />
To select which scan method to use:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Additional tab in the Scan methods section, select the desired scan<br />
methods.<br />
SELECTING SCAN TECHNOLOGY<br />
In addition to the scan methods you can use special object scan technologies which allow you to increase virus scan<br />
speed by excluding the files that have not been modified since they were last scanned.<br />
68
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To specify the object scan technologies:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values.<br />
CHANGING THE ACTIONS TO BE PERFORMED WHEN A THREAT IS DETECTED<br />
If infected objects are detected, the application performs the selected action.<br />
To change the action that should be performed when a threat is detected:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the right part of the window, select the desired option in the Action on threat detection section.<br />
RUNNING A SCAN UNDER A DIFFERENT USER ACCOUNT<br />
By default, the scan tasks are run under your system account. However, you may need to run a task under a different<br />
user account. You can specify an account to be used by the application when performing a scan task.<br />
To start a scan under a different user's account:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Vulnerability Scan).<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab in the User account section, check the Run task as box.<br />
Specify the user name and password.<br />
CHANGING THE TYPE OF OBJECTS TO SCAN<br />
When specifying the type of objects to scan, you establish which file formats will be scanned for viruses when the<br />
selected scan task runs.<br />
When selecting file types, please remember the following:<br />
The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation is<br />
quite low. However, there are formats that contain or may contain an executable code (such as EXE, DLL,<br />
DOC). The risk of penetration and activation of malicious code in such files is quite high.<br />
An intruder can send a virus to your computer in an executable file renamed as a TXT file. If you have selected<br />
scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then,<br />
regardless of the extension, File Anti-Virus will analyze the file header and reveal that the file is an EXE file.<br />
Such a file would be thoroughly scanned for viruses.<br />
69
U S E R G U I D E<br />
To change the type of objects to be scanned:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Scope tab in the File types section, select the desired option.<br />
SCANNING OF COMPOUND FILES<br />
A common method of concealing viruses is to embed them into compound files: archives, installation packages,<br />
embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be<br />
unpacked, which can significantly decrease scanning speed.<br />
For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click<br />
the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed<br />
files only mode (see page 70), the links for choosing whether to scan all or only new files will not be available.<br />
You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will<br />
not be scanned.<br />
When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box<br />
is checked.<br />
To modify the list of compound files to be scanned:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Scope tab in the Scan of compound files section, select the desired types of<br />
compound files to be scanned.<br />
To set the maximum size of compound files to be scanned:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Scope tab in the Scan of compound files section, click the Additional<br />
button.<br />
5. In the Compound files window that opens, check the Do not unpack large compound files box and specify<br />
the maximum file size.<br />
SCAN OPTIMIZATION<br />
You can shorten the scan time and speed up <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. This can be achieved by scanning only new<br />
files and those files that have altered since the last time they were scanned. This mode applies both to simple and<br />
compound files.<br />
70
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
You can also set a restriction on scan duration for any one object. When the specified time interval expires, the object will<br />
be excluded from the current scan (except for archives and files comprised of several objects).<br />
To scan only new and changed files:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Scope tab in the Scan optimization section, check the Scan only new and<br />
changed files box.<br />
To set a restriction on scan duration:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or<br />
Custom Scan).<br />
3. In the <strong>Security</strong> level section, click the Settings button for the task selected.<br />
4. In the window that opens, on the Scope tab in the Scan optimization section, check the Skip objects<br />
scanned longer than box and specify the scan duration for a single file.<br />
SCANNING REMOVABLE DRIVES ON CONNECTION<br />
Nowadays, malicious objects which use operating systems' vulnerabilities to replicate via networks and removable media<br />
have become increasingly widespread. <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> allows you to scan removable drives when<br />
connecting them to the computer.<br />
To configure scanning of removable media on connection:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select General Settings.<br />
3. In the Scan removable drives on connection section, select the action and define the maximum size of a<br />
drive to be scanned in the field below, if necessary.<br />
CREATING A TASK SHORTCUT<br />
The application provides the option of creating shortcuts for the full, quick, and vulnerability scan tasks. This allows you<br />
to start the required scan without opening the main application window or a context menu.<br />
To create a shortcut to start a scan:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select General Settings.<br />
3. In the right part of the window, in the Scan tasks quick run section, click the Create shortcut button next to<br />
the name of the desired task (Critical Areas Scan, Full Scan, or Vulnerability Scan).<br />
4. Specify the path for saving the shortcut and its name in the window that opens. By default, the shortcut is<br />
created with the name of the task in the My Computer folder of the current computer user.<br />
71
U S E R G U I D E<br />
VULNERABILITY SCAN<br />
Vulnerabilities may appear in the operating system, for example, due to programming errors, insecure passwords, or<br />
actions of malicious programs. When performing the vulnerability scan, the application refers to various security<br />
procedures, for example, examining the system, analyzing the settings of the operating system and the browser, and<br />
searching for vulnerable services.<br />
The diagnostics may take some time. When it is complete, detected problems are analyzed from the standpoint of the<br />
danger they pose to the system.<br />
After the vulnerability scan task is started (see page 48), its run progress is displayed in the Scan window (in the<br />
Vulnerability Scan section) and in the Task Manager (see section "Managing scan tasks. Task Manager" on page 72).<br />
Information about results of the vulnerability scan task run is recorded in a report of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see<br />
page 167).<br />
As with virus scan tasks, you can set a startup schedule for a vulnerability scan task, create a list of objects to scan (see<br />
page 67), specify an account (see section "Running a scan under a different user account" on page 69) and create a<br />
shortcut for quick start of the task. By default, the applications already installed on the computer are selected as scan<br />
objects.<br />
MANAGING SCAN TASKS. TASK MANAGER<br />
Task Manager displays information about last scan tasks that have been run or that are currently running (for example,<br />
virus scan, vulnerability scan, rootkit scan, or advanced disinfection).<br />
You can use Task Manager to view the progress and the result of a task run, or stop a task. For some tasks, additional<br />
actions are also available (for example, on completion of vulnerability scan, you can open the list of detected<br />
vulnerabilities and fix them).<br />
To open Task Manager:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Scan section.<br />
3. In the Scan window that opens, click the Manage Tasks button in the top right corner of the window.<br />
UPDATE<br />
Updating the databases and program modules of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ensures up-to-date protection for your<br />
computer. New viruses, Trojans, and other types of malware appear worldwide on a daily basis. Information about<br />
threats and ways of neutralizing them is provided by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases. For timely detection of new<br />
threats, you should update databases and application modules on a regular basis.<br />
Regular updates require an active license for application usage. If no license is installed, you can perform an update only<br />
once.<br />
When performing an update, the application downloads and installs the following objects on your computer:<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases.<br />
Protection of information is ensured by databases containing threat signatures, descriptions of network attacks,<br />
and information about how to resist them. Protection components use this information to search for and disinfect<br />
dangerous objects on your computer. The databases are supplemented every hour with records of new threats<br />
and ways to fight them. Therefore, you are strongly advised to update databases on a regular basis.<br />
72
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
In addition to the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases, the network drivers that enable the application's<br />
components to intercept network traffic are updated.<br />
Application modules.<br />
In addition to the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases, you can also update the program modules. The<br />
updates for the application modules fix <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>'s vulnerabilities and supplement or improve<br />
the existing functionality.<br />
During an update, the application modules and databases on your computer are compared with the up-to-date version at<br />
the update source. If your current databases and application modules differ from those in the current version of the<br />
application, the missing portion of the updates will be installed on your computer.<br />
If the databases are outdated, the update package may be large, which may cause additional <strong>Internet</strong> traffic (up to<br />
several dozen MB).<br />
Prior to updating the databases, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> creates backup copies of them in case you want to return to<br />
the previous version of the databases (see section "Rolling back the last update" on page 76).<br />
Information about the current condition of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases is displayed in the Update section of<br />
the main application window.<br />
Information on the update results and events which occurred during the execution of the update task is logged in a<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> report (see page 167).<br />
You can select an update source (see section "Selecting an update source" on page 73) and configure the automatic<br />
update startup.<br />
IN THIS SECTION:<br />
Selecting an update source ............................................................................................................................................. 73<br />
Creating the update startup schedule ............................................................................................................................. 75<br />
Rolling back the last update ............................................................................................................................................ 76<br />
Running updates under a different user account ............................................................................................................. 76<br />
Using a proxy server ....................................................................................................................................................... 76<br />
SELECTING AN UPDATE SOURCE<br />
An update source is a resource containing updates for databases and application modules of <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>.<br />
The main update sources are the <strong>Kaspersky</strong> Lab update servers, where database updates and application module<br />
updates for all <strong>Kaspersky</strong> Lab products are stored.<br />
Your computer should be connected to the <strong>Internet</strong> for successful downloading of updates from our servers. By default,<br />
the <strong>Internet</strong> connection settings are determined automatically. If you use a proxy server, you may need to adjust the<br />
connection settings (see section "Configuring the proxy server" on page 118).<br />
When updating <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, you can copy database and program module updates received from<br />
<strong>Kaspersky</strong> Lab servers into a local folder (see section "Updating the application from a shared folder" on page 74) and<br />
then provide access to other networked computers. This saves <strong>Internet</strong> traffic.<br />
73
U S E R G U I D E<br />
If you do not have access to <strong>Kaspersky</strong> Lab's update servers (for example, <strong>Internet</strong> access is restricted), you can call the<br />
<strong>Kaspersky</strong> Lab headquarters (http://www.kaspersky.com/contacts) to request the contact information of <strong>Kaspersky</strong> Lab<br />
partners who can provide you with updates on removable media.<br />
When ordering updates on removable media, please specify whether you also require updates for the application<br />
modules.<br />
ADDING AN UPDATE SOURCE<br />
By default, the list of update sources contains only <strong>Kaspersky</strong> Lab's update servers. You can add a local folder or a<br />
different server as update source. If several resources are selected as update sources, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> tries<br />
to connect to them one after another, starting from the top of the list, and retrieves updates from the first available<br />
source.<br />
To add an update source:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Update source button in the right part of the window.<br />
4. In the window that opens, on the Source tab, open the selection window by clicking the Add button.<br />
5. In the Select update source window that opens, select the folder that contains the updates, or enter an<br />
address in the Source field to specify the server from which the updates should be downloaded.<br />
SELECTING THE UPDATE SERVER REGION<br />
If you use <strong>Kaspersky</strong> Lab servers as the update source, you can select the optimal server location when downloading<br />
updates. <strong>Kaspersky</strong> Lab servers are located in several countries.<br />
Using the closest <strong>Kaspersky</strong> Lab update server allows you to reduce the time required for receiving updates and<br />
increase operation performance speed. By default, the application uses information about the current region from the<br />
operating system's registry. You can select the region manually.<br />
To select the server region:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Update source button in the right part of the window.<br />
4. In the window that opens, on the Source tab in the Regional settings section, select the Select from the list<br />
option, and then select the country nearest to your current location from the dropdown list.<br />
UPDATING THE APPLICATION FROM A SHARED FOLDER<br />
To save <strong>Internet</strong> traffic, you can configure updates of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from a shared folder when updating the<br />
application on networked computers. If you do this, one of the networked computers receives an update package from<br />
<strong>Kaspersky</strong> Lab servers or from another web resource that contains the required set of updates. The updates received<br />
are copied into a shared folder. Other networked computers access this folder to receive updates for <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>.<br />
When logged on under a guest account in Microsoft Windows 7, updates are not copied into the shared folder. It is<br />
recommended that you log on under a different account in order to allow copying updates.<br />
74
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To enable update distribution mode:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Check the Copy updates to folder box in the Additional section and specify the path to a public folder where<br />
all downloaded updates will be copied in the field below. You can also select a folder by clicking the Browse<br />
button.<br />
To download updates for your computer from a specified shared folder:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Update source button in the right part of the window.<br />
4. In the window that opens, on the Source tab, open the selection window by clicking the Add button.<br />
5. In the Select update source window that opens, select a folder or enter the full path to it in the Source field.<br />
6. On the Source tab uncheck the <strong>Kaspersky</strong> Lab update servers box.<br />
CREATING THE UPDATE STARTUP SCHEDULE<br />
You can create a schedule to automatically start an update task: specify the frequency, start time (if necessary), and<br />
advanced settings.<br />
If it is not possible to start the task for any reason (for example, the computer was not on at that time), you can configure<br />
the skipped task to start automatically as soon as it becomes possible.<br />
You can also postpone automatic startup of the task after the application is started. Note that all scheduled tasks will be<br />
run only after a specified time interval elapses from the startup of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start<br />
automatic updates when your computer is idle.<br />
To configure the update task startup schedule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab in the Schedule section, select the By schedule option and<br />
configure the update run mode.<br />
To enable automatic launching of a skipped task:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab in the Schedule section, select By schedule and check the<br />
Run skipped tasks box.<br />
75
U S E R G U I D E<br />
To postpone running a task after application startup:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab in the Schedule section, select the By schedule option and fill<br />
in the Postpone running after application startup for field to specify how long the task run should be<br />
postponed.<br />
ROLLING BACK THE LAST UPDATE<br />
After the first update of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, the option of rolling back to the previous databases becomes<br />
available.<br />
The update rollback feature is useful in case a new database version contains an invalid signature that makes <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong> block a safe application.<br />
In the event of damage done to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases, it is recommended that you run the update task<br />
to download the up-to-date set of databases.<br />
To roll back to the previous database version:<br />
1. Open the main application window.<br />
2. Select the Update section in the lower part of the window.<br />
3. In the Update window that opens, click the button and select Roll back to the previous databases from<br />
the menu that opens.<br />
RUNNING UPDATES UNDER A DIFFERENT USER ACCOUNT<br />
By default, the update procedure is run under your system account. However, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> can update<br />
from a source for which you have no access rights (for example, from a network folder containing updates) or authorized<br />
proxy user credentials. You can run <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> updates on behalf of a user account that has such<br />
rights.<br />
To start the update under a different user's account:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Run mode button in the right part of the window.<br />
4. In the window that opens, on the Run mode tab in the User account section, check the Run task as box.<br />
Specify the user name and password.<br />
76
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
USING A PROXY SERVER<br />
If you use a proxy server for <strong>Internet</strong> connection, you should reconfigure it to allow proper updating of <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>.<br />
To configure the proxy server:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Click the Update source button in the right part of the window.<br />
4. In the window that opens, on the Source tab, click the Proxy server button.<br />
5. Configure the proxy server settings in the Proxy server settings window that opens.<br />
FILE ANTI-VIRUS<br />
File Anti-Virus prevents infection of the computer's file system. The component launches at the startup of the operating<br />
system, remains in the RAM of the computer, and scans all files opened, saved, or run on your computer and on all<br />
connected drives for viruses and other riskware.<br />
You can create a protection scope and set a security level (a collection of settings that determine the scan's<br />
thoroughness).<br />
When the user or a program attempts to access a protected file, File Anti-Virus checks whether iChecker and iSwift<br />
databases contain information about this file, and makes a decision on whether the file should be scanned.<br />
By default, the signature analysis – a mode that uses records from application databases to search for threats – is<br />
always enabled. You can also enable heuristic analysis and various scan technologies.<br />
If a threat is detected in a file, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> assigns one of the following statuses to the file:<br />
Status designating the type of the malicious program detected (for example, virus, Trojan).<br />
Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. The file<br />
may contain a code sequence typical of viruses and other malware, or the modified code of a known virus.<br />
After that, the application displays a notification (see page 172) of the detected threat on the screen and performs the<br />
action specified in the File Anti-Virus settings. You can change the action (see page 81) that the application should<br />
perform if a threat is detected.<br />
If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects<br />
are detected, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> automatically applies the actions recommended by <strong>Kaspersky</strong> Lab specialists.<br />
For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects – Move to Quarantine.<br />
If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on<br />
page 64), the application displays a notification on the screen that you can use to select the required action the list of<br />
available ones.<br />
Before attempting to disinfect or delete an infected object, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> creates a backup copy for<br />
subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable<br />
automatic scanning of quarantined objects after each update.<br />
77
U S E R G U I D E<br />
IN THIS SECTION:<br />
Enabling and disabling File Anti-Virus ............................................................................................................................. 78<br />
Automatically pausing File Anti-Virus .............................................................................................................................. 78<br />
Creating the protection scope of File Anti-Virus .............................................................................................................. 79<br />
Changing and restoring the file security level .................................................................................................................. 80<br />
Selecting file scan mode ................................................................................................................................................. 80<br />
Using heuristic analysis when working with File Anti-Virus ............................................................................................. 81<br />
Selecting file scan technology ......................................................................................................................................... 81<br />
Changing the action to take on infected files ................................................................................................................... 81<br />
Scan of compound files by File Anti-Virus ....................................................................................................................... 82<br />
Optimizing file scan ......................................................................................................................................................... 83<br />
ENABLING AND DISABLING FILE ANTI-VIRUS<br />
By default, File Anti-Virus is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can disable<br />
File Anti-Virus if necessary.<br />
To disable File Anti-Virus:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the right part of the window, uncheck the Enable File Anti-Virus box.<br />
AUTOMATICALLY PAUSING FILE ANTI-VIRUS<br />
When doing resource-intensive work, you can pause File Anti-Virus. To reduce workload and ensure quick access to<br />
objects, you can configure automatic pausing of the component at a specified time or when handling specified programs.<br />
Pausing File Anti-Virus in case of a conflict with some applications is an emergency measure. If any conflicts arise when<br />
working with the component, please contact <strong>Kaspersky</strong> Lab Technical Support Service (http://support.kaspersky.com).<br />
The support specialists will help you resolve the simultaneous operation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> with other<br />
applications on your computer.<br />
To pause the component at a specified time:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
78
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
4. In the window that opens, on the Additional tab in the Pause task section, check the By schedule box and<br />
click the Schedule button.<br />
5. In the Pause task window, specify the time (in 24-hour hh:mm format) for which protection will be paused (the<br />
Pause task at and Resume task at fields).<br />
To pause the component when running specified applications:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Additional tab in the Pause task section, check the At application startup<br />
box and click the Select button.<br />
5. In the Applications window, create a list of applications which pause the component when running.<br />
CREATING THE PROTECTION SCOPE OF FILE ANTI-VIRUS<br />
The protection scope implies the location and type of files being scanned. By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans<br />
only potentially infectable files stored on any hard drive, network drive or removable media.<br />
To create the protection scope:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the General tab, in the File types section, specify the type of files that you want to<br />
be scanned by File Anti-Virus:<br />
If you want to scan all files, select All files.<br />
If you want to scan files of formats that are the most vulnerable to infection, select Files scanned by<br />
format.<br />
If you want to scan files with extensions that are the most vulnerable to infection, select Files scanned by<br />
extension.<br />
When selecting type of files to be scanned, you should note that:<br />
The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation<br />
is quite low. However, there are formats that contain or may contain an executable code (such as EXE,<br />
DLL, DOC). The risk of penetration and activation of malicious code in such files is quite high.<br />
A hacker may send a virus or other riskware to your computer within an executable file renamed as one<br />
with the TXT extension. If you have selected scanning files by extension, such a file is skipped by the scan.<br />
If scanning of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the<br />
file header and reveal that the file is an EXE file. Such file is thoroughly scanned for viruses and other<br />
riskware.<br />
5. In the Protection scope list, perform one of the following actions:<br />
If you want to add a new object to the list of objects to be scanned, click the Add link.<br />
If you want to change an object's location, select one from the list and click the Edit link.<br />
79
U S E R G U I D E<br />
The Select object to scan window opens.<br />
If you want to delete an object from the list of objects to be scanned, select one from the list and click the<br />
Delete link.<br />
The deletion confirmation window opens.<br />
6. Perform one of the following actions:<br />
If you want to add a new object to the list of objects to be scanned, select one in the Select object to scan<br />
window and click the OK button.<br />
If you want to change an object's location, edit the path to one in the Object field in the Select object to<br />
scan window and click the OK button.<br />
If you want to delete an object from the list of objects to be scanned, click the Yes button in the deletion<br />
confirmation window.<br />
7. If necessary, repeat steps 6 – 7 to add, relocate, or delete objects from the list of objects to be scanned.<br />
8. To exclude an object from the list of objects to be scanned, uncheck the box next to one in the Protection<br />
scope list. However, the object remains on the list of objects to be scanned, though it is excluded from the scan<br />
by File Anti-Virus.<br />
CHANGING AND RESTORING THE FILE SECURITY LEVEL<br />
Depending on your current needs, you can select one of the preset file/memory security levels or configure File Anti-<br />
Virus on your own.<br />
When configuring File Anti-Virus, you can always restore the recommended values. These settings are considered<br />
optimal, recommended by <strong>Kaspersky</strong> Lab, and grouped in the Recommended security level.<br />
To change the file security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the right part of the window, in the <strong>Security</strong> level section, set the desired security level, or click the Settings<br />
button to modify the settings manually.<br />
If you modify the settings manually, the name of the security level will change to Custom.<br />
To restore the default file security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. Click the Default level button in the <strong>Security</strong> level section in the right part of the window.<br />
SELECTING FILE SCAN MODE<br />
A scan mode means a condition, under which File Anti-Virus starts scanning files. By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong><br />
runs in smart mode. When running in this file scan mode, File Anti-Virus makes decisions on file scan based on the<br />
analysis of actions that the user takes on files, and on the type of those files. For example, when working with a Microsoft<br />
Office document, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans the file when it is first opened and last closed. Intermediate<br />
operations that overwrite the file do not cause it to be scanned.<br />
80
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To change the files scan mode:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Additional tab in the Scan mode section, select the desired mode.<br />
When selecting scan mode, you should take account of the types of files, with which you have to work with the<br />
majority of time.<br />
USING HEURISTIC ANALYSIS WHEN WORKING WITH FILE ANTI-VIRUS<br />
During File Anti-Virus operation, signature analysis is always used: <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> compares the object<br />
found with the database records.<br />
To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the<br />
system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases.<br />
To enable heuristic analysis:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Performance tab in the Scan methods section, check the Heuristic Analysis<br />
box and specify the detail level for the scan.<br />
SELECTING FILE SCAN TECHNOLOGY<br />
In addition to the heuristic analysis, you can involve specific technologies that allow optimizing the file scan performance<br />
due to excluding files from scan if they have not been modified since the last scan.<br />
To specify the object scan technologies:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values.<br />
CHANGING THE ACTION TO TAKE ON INFECTED FILES<br />
If infected objects are detected, the application performs the selected action.<br />
To change the action that should be taken on infected objects:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the right part of the window, select the desired option in the Action on threat detection section.<br />
81
U S E R G U I D E<br />
SCAN OF COMPOUND FILES BY FILE ANTI-VIRUS<br />
A common method of concealing viruses is to embed them into compound files: archives, installation packages,<br />
embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be<br />
unpacked, which can significantly decrease scanning speed.<br />
For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click<br />
the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed<br />
files only mode, the links for choosing whether to scan all or only new files will not be available.<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans only embedded OLE objects.<br />
When large compound files are scanned, their preliminary unpacking may take a long time. This period can be reduced<br />
by enabling unpacking of compound files in background mode if they exceed the specified file size. If a malicious object<br />
is detected while working with such a file, the application will notify you about it.<br />
You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will<br />
not be scanned.<br />
When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box<br />
is checked.<br />
To modify the list of compound files to be scanned:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Performance tab in the Scan of compound files section, select the desired<br />
type of compound files to be scanned.<br />
To set the maximum size of compound files to be scanned:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Performance tab in the Scan of compound files section, click the Additional<br />
button.<br />
5. In the Compound files window, check the Do not unpack large compound files box and specify the<br />
maximum file size.<br />
To unpack large compound files in background mode:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the Performance tab in the Scan of compound files section, click the Additional<br />
button.<br />
5. In the Compound files window, check the Extract compound files in the background box and specify the<br />
minimum file size.<br />
82
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
OPTIMIZING FILE SCAN<br />
You can shorten the scan time and speed up <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. This can be achieved by scanning only new<br />
files and those files that have altered since the last time they were scanned. This mode applies both to simple and<br />
compound files.<br />
To scan only new and changed files:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Performance tab in the Scan optimization section, check the Scan only new<br />
and changed files box.<br />
MAIL ANTI-VIRUS<br />
Mail Anti-Virus scans incoming and outgoing messages for malicious objects. It starts when the operating system<br />
launches and runs continually, scanning all email messages sent or received via the POP3, SMTP, IMAP, MAPI and<br />
NNTP protocols, as well as over secure connections (SSL) via POP3 and IMAP (see section "Encrypted connections<br />
scan" on page 116).<br />
The indicator of the component's operation is the application icon in the taskbar notification area, which looks like<br />
whenever an email message is being scanned.<br />
Mail Anti-Virus intercepts and scans each email message received or sent by the user. If no threats are detected in an<br />
email message, it becomes available for the user.<br />
You can specify the types of messages which should be scanned and select the security level (see page 85)<br />
(configuration settings affecting the scan intensity).<br />
By default, the signature analysis – a mode that uses records from application databases to search for threats – is<br />
always enabled. In addition, you can enable heuristic analysis. Furthermore, you can enable filtering of attachments (see<br />
page 86), which allows automatic renaming or deletion of specified file types.<br />
If a threat is detected in a file, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> assigns one of the following statuses to the file:<br />
Status designating the type of the malicious program detected (for example, virus, Trojan).<br />
Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. The file<br />
may contain a code sequence typical of viruses and other malware, or the modified code of a known virus.<br />
After that, the application blocks the email message, displays a notification (see page 172) of the detected threat on the<br />
screen, and performs the action specified in the settings of Mail Anti-Virus. You can change the actions to be taken when<br />
a threat is detected (see section "Changing the action to take on infected email messages" on page 86).<br />
If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects<br />
are detected, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> automatically applies the actions recommended by <strong>Kaspersky</strong> Lab specialists.<br />
For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects – Move to Quarantine.<br />
If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on<br />
page 64), the application displays a notification on the screen that you can use to select the required action the list of<br />
available ones.<br />
Before attempting to disinfect or delete an infected object, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> creates a backup copy for<br />
subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable<br />
automatic scanning of quarantined objects after each update.<br />
83
U S E R G U I D E<br />
If disinfection is successful, the email message becomes available. If the disinfection fails, the infected object is deleted<br />
from the email message. Mail Anti-Virus expands the subject of the email message by adding text that notifies the user<br />
that this email message has been processed by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
An integrated plug-in is provided for Microsoft Office Outlook that allows you to fine-tune the email client.<br />
If you use The Bat!, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> can be used in conjunction with other anti-virus applications. At that, the<br />
email traffic processing rules are configured directly in The Bat! and have a higher priority than the mail protection<br />
settings of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
When working with other widespread mail clients, including Microsoft Outlook Express/Windows Mail, Mozilla<br />
Thunderbird, Eudora, and Incredimail, Mail Anti-Virus scans email on the SMTP, POP3, IMAP, and NNTP protocols.<br />
Note that when working with the Thunderbird mail client, email messages transferred via IMAP will not be scanned for<br />
viruses if any filters moving messages from the Inbox folder are used.<br />
IN THIS SECTION:<br />
Enabling and disabling Mail Anti-Virus ............................................................................................................................ 84<br />
Creating the protection scope of Mail Anti-Virus ............................................................................................................. 84<br />
Changing and restoring the email security level .............................................................................................................. 85<br />
Using heuristic analysis when working with Mail Anti-Virus............................................................................................. 86<br />
Changing the action to take on infected email messages ............................................................................................... 86<br />
Filtering attachments in email messages ........................................................................................................................ 86<br />
Scan of compound files by Mail Anti-Virus ...................................................................................................................... 87<br />
Email scanning in Microsoft Office Outlook ..................................................................................................................... 87<br />
Email scanning in The Bat! .............................................................................................................................................. 87<br />
ENABLING AND DISABLING MAIL ANTI-VIRUS<br />
By default, Mail Anti-Virus is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can disable<br />
Mail Anti-Virus if necessary.<br />
To disable Mail Anti-Virus:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. In the right part of the window, uncheck the Enable Mail Anti-Virus box.<br />
CREATING THE PROTECTION SCOPE OF MAIL ANTI-VIRUS<br />
Protection scope comprises a type of email messages to be scanned, protocols with traffic scanned by <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>, and settings for integration of Mail Anti-Virus into the system.<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is integrated into Microsoft Office Outlook and The Bat!, scans both incoming and<br />
outgoing email messages, and scans traffic of POP3, SMTP, NNTP and IMAP email protocols.<br />
84
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To disable scanning of outgoing emails:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. Use the General tab in the Protection scope section of the displayed window to select the Incoming<br />
messages only option.<br />
If you have selected scanning incoming messages only, it is recommended that you scan outgoing mail when<br />
first running <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, since your computer may be infected with email worms that use your<br />
email to breed and spread. Scanning outgoing mail allows you to avoid problems occurring due to uncontrolled<br />
sending of email messages from your computer.<br />
To select the protocols to scan and the settings for integrating Mail Anti-Virus into the system:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Additional tab in the Connectivity section, select the desired settings.<br />
CHANGING AND RESTORING THE EMAIL SECURITY LEVEL<br />
Depending on your current needs, you can select one of the preset email security levels or configure Mail Anti-Virus on<br />
your own.<br />
<strong>Kaspersky</strong> Lab advises you not to configure Mail Anti-Virus settings on your own. In most cases, it is sufficient to select a<br />
different security level.<br />
When configuring Mail Anti-Virus, you can always restore the recommended values. These settings are considered<br />
optimal, recommended by <strong>Kaspersky</strong> Lab, and grouped in the Recommended security level.<br />
To change the current email security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. In the right part of the window, in the <strong>Security</strong> level section, set the desired security level, or click the Settings<br />
button to modify the settings manually.<br />
If you modify the settings manually, the name of the security level will change to Custom.<br />
To restore the default mail protection settings:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. Click the Default level button in the <strong>Security</strong> level section in the right part of the window.<br />
85
U S E R G U I D E<br />
USING HEURISTIC ANALYSIS WHEN WORKING WITH MAIL<br />
ANTI-VIRUS<br />
During Mail Anti-Virus operation, signature analysis is always used: <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> compares the object<br />
found with the database records.<br />
To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the<br />
system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases.<br />
To enable heuristic analysis:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. In the <strong>Security</strong> level section in the right part of the window click the Settings button.<br />
4. In the window that opens, on the General tab in the Scan methods section, check the Heuristic Analysis box<br />
and specify the detail level for the scan.<br />
CHANGING THE ACTION TO TAKE ON INFECTED EMAIL MESSAGES<br />
If infected objects are detected, the application performs the selected action.<br />
To change the action that should be taken on infected email messages:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. In the right part of the window, select the desired option in the Action on threat detection section.<br />
FILTERING ATTACHMENTS IN EMAIL MESSAGES<br />
Malicious programs may spread via email as attachments in email messages. You can configure filtering by type of<br />
attachments in email messages, which allows the renaming or deleting files of specified types automatically.<br />
To configure filtering of attachments:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. Use the Attachment filter tab of the displayed window to select the filtering mode for attachments. When you<br />
select either of the last two modes, the list of file types (extensions) will be enabled; there you can select the<br />
desired types or add a new type mask.<br />
To add a mask of a new type to the list, click the Add link to open the Input file name mask window and enter<br />
the required information.<br />
86
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
SCAN OF COMPOUND FILES BY MAIL ANTI-VIRUS<br />
A common method of concealing viruses is to embed them into compound files: archives, installation packages,<br />
embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be<br />
unpacked, which can significantly decrease scanning speed.<br />
You can enable or disable scanning of compound files, and limit the maximum size of compound files to be scanned.<br />
If your computer is not protected by any local network software (you access the <strong>Internet</strong> directly without a proxy server or<br />
a firewall), it is not recommended that you disable the scanning of compound files.<br />
To configure the scanning of compound files:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. Use the General tab in the window that opens to define the necessary settings.<br />
EMAIL SCANNING IN MICROSOFT OFFICE OUTLOOK<br />
While installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, a special plug-in is integrated into Microsoft Office Outlook. It allows you to<br />
quickly switch to configuration of Mail Anti-Virus from Microsoft Office Outlook, and determine when email messages<br />
should be scanned for viruses and other riskware, whether this should be done when receiving, opening, or sending a<br />
message.<br />
Configuration of Mail Anti-Virus from Microsoft Office Outlook is available if this option is selected in the protection scope<br />
settings of Mail Anti-Virus.<br />
To switch to the email scan settings in Microsoft Office Outlook:<br />
1. Open the main Microsoft Office Outlook window.<br />
2. Select Tools Options from the application menu.<br />
3. In the Settings window that opens, select the Email protection tab.<br />
EMAIL SCANNING IN THE BAT!<br />
Actions with regard to infected email objects in The Bat! are defined using the application's own tools.<br />
Mail Anti-Virus settings which determine whether incoming and outgoing messages should be scanned, which actions<br />
should be performed in regard to dangerous objects in email, and which exclusions should apply are ignored. The only<br />
thing that The Bat! takes into account is the scanning of attached archives.<br />
The email protection settings extend to all the anti-virus components installed on the computer that support working with<br />
the Bat!.<br />
Note that incoming email messages are first scanned by Mail Anti-Virus and only then by the plug-in for The Bat!. If a<br />
malicious object is detected, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> immediately notifies you of this. If you select the Disinfect<br />
(Delete) action in the Mail Anti-Virus notification window, actions aimed at eliminating the threat are performed by Mail<br />
Anti-Virus. If you select the Ignore option in the notification window, the object will be disinfected by the plug-in for The<br />
Bat!. When sending email messages, they are first scanned by the plug-in and then by Mail Anti-Virus.<br />
87
U S E R G U I D E<br />
The settings of Mail Anti-Virus are available from The Bat! if this option is selected in the protection scope settings of Mail<br />
Anti-Virus.<br />
To configure email scanning in The Bat! you must define the following criteria:<br />
which mail stream (incoming, outgoing) should be scanned;<br />
when mail objects should be scanned (when opening a message, before saving to disk);<br />
what actions are to be performed by the mail client if dangerous objects are detected in email messages. For<br />
example, you can select:<br />
Attempt to disinfect infected parts – if this option is selected, the attempt is made to disinfect the infected<br />
object; if it cannot be disinfected, the object remains in the message.<br />
Delete infected parts – if this option is selected, the dangerous object in the message is deleted<br />
regardless of whether it is infected or suspected to be infected.<br />
By default, The Bat! places all infected email objects in Quarantine without attempting to disinfect them.<br />
Email messages that contain dangerous objects are not marked with the special subject add-on when scanned by the<br />
plug-in for The Bat!.<br />
To switch to the email scan settings in The Bat!:<br />
1. Open the main window of the The Bat!.<br />
2. In the Properties menu, select Settings.<br />
3. Select the Virus protection object from the settings tree.<br />
WEB ANTI-VIRUS<br />
Each time you work on the <strong>Internet</strong>, you endanger information stored on your computer, by exposing it to a risk of being<br />
infected with viruses and other malware. They may penetrate your computer when you download free applications or<br />
view information on websites that had been attacked by hackers before you have visited them. Moreover, network worms<br />
may penetrate into your computer even before you open a web page or download a file, just at the moment your<br />
computer establishes an <strong>Internet</strong> connection.<br />
Web Anti-Virus protects information received by your computer and sent from it over HTTP, HTTPS and FTP protocols,<br />
and prevents hazardous scripts from being run on your computer.<br />
Web Anti-Virus only monitors web traffic transferred via ports specified on the list of monitored ports. A list of monitored<br />
ports that are most commonly used for data transfer, is included in the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> distribution kit. If you<br />
use ports that are not included in the list of monitored ports, you should add them to the list of monitored ports (see<br />
section "Creating a list of monitored ports" on page 119) to ensure protection of web traffic transferred via them.<br />
Web Anti-Virus scans web traffic with regard for a specific collection of settings named security level. If Web Anti-Virus<br />
detects a threat, it will perform the prescribed action. Malicious objects are detected using both <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> databases and a heuristic algorithm.<br />
<strong>Kaspersky</strong> Lab advises you not to configure Web Anti-Virus settings on your own. In most cases, it is sufficient to select<br />
an appropriate security level.<br />
88
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
Web traffic scan algorithm<br />
Each web page or file that is accessed by the user or an application via the HTTP, HTTPS, or FTP protocols is<br />
intercepted and scanned for malicious code by Web Anti-Virus:<br />
If a web page or a file accessed by the user contains malicious code, access to it is blocked. A notification is<br />
displayed that the requested file or web page is infected.<br />
If the file or web page does not contain malicious code, the program immediately grants the user access to it.<br />
Script scan algorithm<br />
Each script run is intercepted by Web Anti-Virus and is analyzed for malicious code:<br />
If a script contains malicious code, Web Anti-Virus blocks it and displays a notification on the screen.<br />
If no malicious code is discovered in the script, it is run.<br />
Web Anti-Virus intercepts only scripts based on the Microsoft Windows Script Host functionality.<br />
IN THIS SECTION:<br />
Enabling and disabling Web Anti-Virus ........................................................................................................................... 89<br />
Changing and restoring the web traffic security level ...................................................................................................... 90<br />
Changing the action to take on dangerous objects from web traffic ................................................................................ 90<br />
Checking URLs on web pages ........................................................................................................................................ 90<br />
Using heuristic analysis when working with Web Anti-Virus ............................................................................................ 93<br />
Blocking dangerous scripts ............................................................................................................................................. 93<br />
Scan optimization ............................................................................................................................................................ 94<br />
Controlling access to regional domains ........................................................................................................................... 94<br />
Controlling access to online banking services ................................................................................................................. 94<br />
Creating a list of trusted addresses ................................................................................................................................. 95<br />
ENABLING AND DISABLING WEB ANTI-VIRUS<br />
By default, Web Anti-Virus is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can disable<br />
Web Anti-Virus, if necessary.<br />
To disable Web Anti-Virus:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. In the right part of the window, uncheck the Enable Web Anti-Virus box.<br />
89
U S E R G U I D E<br />
CHANGING AND RESTORING THE WEB TRAFFIC SECURITY LEVEL<br />
Depending on your current needs, you can select one of the preset web traffic security levels or configure Web Anti-Virus<br />
on your own.<br />
When configuring Web Anti-Virus, you can always restore the recommended values. These settings are considered<br />
optimal, recommended by <strong>Kaspersky</strong> Lab, and grouped in the Recommended security level.<br />
To change the web traffic security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. In the right part of the window, in the <strong>Security</strong> level section, set the desired security level, or click the Settings<br />
button to modify the settings manually.<br />
If you modify the settings manually, the name of the security level will change to Custom.<br />
To restore the default web traffic security level:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Default level button in the <strong>Security</strong> level section in the right part of the window.<br />
CHANGING THE ACTION TO TAKE ON DANGEROUS OBJECTS<br />
FROM WEB TRAFFIC<br />
If infected objects are detected, the application performs the selected action.<br />
Web Anti-Virus always blocks actions by dangerous scripts and displays messages that inform the user of the action<br />
taken. You cannot change the action to be taken on a dangerous script; all you can do is disable script scan (see section<br />
"Blocking dangerous scripts" on page 93).<br />
To change the action to be performed with regard to detected objects:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. In the right part of the window, select the desired option in the Action on threat detection section.<br />
CHECKING URLS ON WEB PAGES<br />
Scanning web pages for phishing allows you to prevent phishing attacks. Phishing attacks are, as a rule, email<br />
messages from alleged financial organizations that contain URLs to websites of such organizations. The email message<br />
convinces the reader to click the URL and enter private information in the window that opens, for example, the number of<br />
a banking card or the login and the password of an online banking account. A phishing attack can be disguised, for<br />
example, as a letter from your bank with a link to its official website. By clicking the link, you go to an exact copy of the<br />
bank's website and can even see the bank site's address in the browser, even though you are on a counterfeit site. From<br />
this point forward, all your actions on the site are tracked and can be used to steal your money.<br />
Since links to phishing web sites may be received not only in email, but also from other sources, such as ICQ messages,<br />
Web Anti-Virus monitors attempts to access a phishing web site on the level of web traffic and blocks access to such<br />
locations.<br />
90
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
In addition to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases, heuristic analysis (see page 93) can also be used for scanning web<br />
pages for phishing.<br />
IN THIS SECTION:<br />
Enabling and disabling the checking of URLs ................................................................................................................. 91<br />
Using <strong>Kaspersky</strong> URL Advisor ........................................................................................................................................ 91<br />
Blocking access to dangerous websites .......................................................................................................................... 92<br />
ENABLING AND DISABLING THE CHECKING OF URLS<br />
To enable URL checks using the databases of suspicious web addresses and phishing addresses:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the General tab, in the <strong>Kaspersky</strong> URL Advisor section, check the Check if URLs are listed in the<br />
database of suspicious URLs and Check web pages for phishing boxes.<br />
USING KASPERSKY URL ADVISOR<br />
<strong>Kaspersky</strong> URL Advisor is integrated into Microsoft <strong>Internet</strong> Explorer, Mozilla Firefox, and Google Chrome as a plug-in.<br />
<strong>Kaspersky</strong> URL Advisor checks all URLs on a web page to find out if they are included in the list of suspicious URLs. It<br />
also checks them for phishing, highlighting each one in the browser window.<br />
You can create a list of websites, on which all URLs should be checked, check URLs on all websites except those<br />
included in the list of exclusions, check URLs in search results only, or specify categories of websites with URLs that<br />
should be checked.<br />
Not only can you configure <strong>Kaspersky</strong> URL Advisor in the application settings window, but also in the <strong>Kaspersky</strong> URL<br />
Advisor settings window, which is available from your web browser.<br />
To specify websites, on which all URLs should be checked:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. The Web Anti-Virus window opens.<br />
5. On the Safe Surf tab, in the <strong>Kaspersky</strong> URL Advisor section, check the Check URLs box.<br />
6. Select the websites on which the links need to be scanned:<br />
a. If you want to create a list of websites, on which all URLs should be checked, select Only websites from<br />
the list and click the Specify button. In the Checked URLs window that opens, create a list of websites to<br />
be checked.<br />
b. If you want to check URLs on all websites except those specified, select All but the exclusions and click<br />
the Exclusions button. In the Exclusions window that opens, create a list of websites that do not need any<br />
check of URLs on them.<br />
91
U S E R G U I D E<br />
To check URLs in search results only:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. The Web Anti-Virus window opens.<br />
5. On the Safe Surf tab, in the <strong>Kaspersky</strong> URL Advisor section, check the Check URLs box and click the<br />
Settings button.<br />
6. In the <strong>Kaspersky</strong> URL Advisor settings window that opens, in the Check mode section, select Only URLs in<br />
search results.<br />
To select categories of websites with URLs that should be checked:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
4. The Web Anti-Virus window opens.<br />
5. On the Safe Surf tab, in the <strong>Kaspersky</strong> URL Advisor section, check the Check URLs box and click the<br />
Settings button.<br />
6. In the <strong>Kaspersky</strong> URL Advisor settings window that opens, in the Websites categories section, check the<br />
Show information on the categories of websites content box.<br />
7. In the list of categories, check the boxes next to categories of websites with URLs that should be checked.<br />
To open the <strong>Kaspersky</strong> URL Advisor settings window from your web browser,<br />
click the button with the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> icon in the browser toolbar.<br />
BLOCKING ACCESS TO DANGEROUS WEBSITES<br />
You can block access to websites which have been deemed suspicious or phishing sites by <strong>Kaspersky</strong> URL Advisor (see<br />
section "Using <strong>Kaspersky</strong> URL Advisor" on page 91).<br />
To block access to dangerous websites:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the Safe Surf tab, in the Blocking Dangerous Websites section, check the Block dangerous websites<br />
box.<br />
92
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
USING HEURISTIC ANALYSIS WHEN WORKING WITH WEB<br />
ANTI-VIRUS<br />
To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the<br />
system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases.<br />
When Web Anti-Virus is running, you can separately enable the heuristic analysis for scanning web traffic and for<br />
checking web pages for phishing.<br />
To enable the heuristic analysis for scanning web traffic:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the General tab in the Heuristic Analysis section, check the Use Heuristic Analysis box and set a scan<br />
detail level.<br />
To enable the heuristic analysis for checking web pages for phishing:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the General tab, in the <strong>Kaspersky</strong> URL Advisor section, click the Additional button.<br />
5. In the Anti-Phishing settings window that opens, check the Use Heuristic Analysis to check web pages for<br />
phishing box and set a scan detail level.<br />
BLOCKING DANGEROUS SCRIPTS<br />
Web Anti-Virus scans all scripts processed in Microsoft <strong>Internet</strong> Explorer, as well as any other WSH scripts (for example,<br />
JavaScript, Visual Basic Script, etc.) launched when you are working on the computer. If a script presents a threat to<br />
your computer, it will be blocked.<br />
To disable blocking of dangerous scripts:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the General tab in the Additional section uncheck the Block dangerous scripts in Microsoft <strong>Internet</strong><br />
Explorer box.<br />
93
U S E R G U I D E<br />
SCAN OPTIMIZATION<br />
To improve efficiency of detection of malicious code, Web Anti-Virus uses the caching of fragments of objects coming<br />
from the <strong>Internet</strong>. Using the caching, Web Anti-Virus scans objects only after they are received on the computer in their<br />
entirety.<br />
The caching increases the amount of time required to process objects and pass it to the user for further operations.<br />
Caching can cause problems when downloading or processing large objects, as the connection with the HTTP client may<br />
time out.<br />
You can solve this problem using the option of limiting the caching of fragments of objects coming from the <strong>Internet</strong>.<br />
Upon expiration of a certain time interval, each fragment of an object is passed to the user unscanned. When copying is<br />
complete, the object will be scanned entirely. This allows us to reduce the amount of time required to pass objects to the<br />
user and solving the problem with connection losses. The <strong>Internet</strong> security level is not reduced.<br />
Lifting restrictions on the duration of web traffic caching leads to improved efficiency of virus scans, though it may slow<br />
down access to objects.<br />
To set or remove a time limit for fragment buffering:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the General tab, in the Additional section, check the Limit traffic caching time to 1 sec to optimize scan<br />
box.<br />
CONTROLLING ACCESS TO REGIONAL DOMAINS<br />
Depending on your choice, Web Anti-Virus in Geo Filter mode can block or allow access to websites on the grounds of<br />
their belonging to regional web domains. This allows you, for example, to block access to websites which belong to<br />
regional domains with a high risk of infection.<br />
To allow or block access to websites which belong to specified domains:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the Geo Filter tab, check the Enable filtering by regional domains box and specify in the list of controlled<br />
domains below which domains should be allowed or blocked, and for which ones the application should request<br />
permission for access using a notification (see section "Request for permission to access a website from a<br />
regional domain" on page 197).<br />
By default, access is allowed for regional domains that match your location. Requesting permission for access is<br />
set for other domains by default.<br />
94
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
CONTROLLING ACCESS TO ONLINE BANKING SERVICES<br />
When working with online banking, your computer needs an especially reliable protection, since leakages of confidential<br />
information may lead to financial losses. Web Anti-Virus can control access to online banking services, thus ensuring<br />
safe interaction with them (see section "About Safe Run for Websites" on page 141). Web Anti-Virus automatically<br />
determines which web resources are online banking services. For guaranteed identification of a web resource as online<br />
banking service, you can specify its URL in the list of banking websites.<br />
To configure control of access to online banking services:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the Online Banking tab, check the Enable control box. You will be prompted to start the Certificate<br />
Installation Wizard that you can use to install a <strong>Kaspersky</strong> Lab certificate for scanning encrypted connections.<br />
5. If necessary, create a list of resources that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> should identify as online banking<br />
services.<br />
CREATING A LIST OF TRUSTED ADDRESSES<br />
Web Anti-Virus does not scan web traffic for dangerous objects if it comes from trusted URLs.<br />
To create a list of trusted web addresses:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component.<br />
3. Click the Settings button in the right part of the window.<br />
The Web Anti-Virus window opens.<br />
4. On the Trusted URLs tab, check the Do not scan web traffic from trusted URLs box.<br />
5. Create a list of websites / web pages with content that you trust. To do this:<br />
a. Click the Add button.<br />
The Address mask (URL) window will open.<br />
b. Enter the address of a website / web page or the address mask of a website / web page.<br />
c. Click the OK button.<br />
A new record appears on the list of trusted URLs.<br />
6. If necessary, repeat steps from a to c.<br />
95
U S E R G U I D E<br />
IM ANTI-VIRUS<br />
IM Anti-Virus scans the traffic of instant messaging clients (so-called <strong>Internet</strong> pagers).<br />
IM messages may contain links to suspicious websites and to websites used by hackers to organize phishing attacks.<br />
Malicious programs use IM clients to send spam messages and links to programs (or the programs themselves) which<br />
steal users' ID numbers and passwords.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ensures safe operation of various instant messaging applications, including ICQ, MSN, AIM,<br />
Yahoo! Messenger, Jabber, Google Talk, Mail.Ru Agent and IRC.<br />
Some IM clients, such as Yahoo! Messenger and Google Talk, use encrypted connections. To scan the traffic generated<br />
by those programs, you have to enable encrypted connections scanning (see page 116).<br />
IM Anti-Virus intercepts messages and scans them for dangerous objects or URLs. You can select the types of<br />
messages to scan and various scanning methods.<br />
If threats are detected in a message, IM Anti-Virus replaces this message with a warning message for the user.<br />
Files transferred via IM clients are scanned by the File Anti-Virus component (on page 77) when attempts are made to<br />
save them.<br />
IN THIS SECTION:<br />
Enabling and disabling IM Anti-Virus ............................................................................................................................... 96<br />
Creating the protection scope of IM Anti-Virus ................................................................................................................ 96<br />
Checking URLs in messages from IM clients .................................................................................................................. 97<br />
Using heuristic analysis when working with IM Anti-Virus ............................................................................................... 97<br />
ENABLING AND DISABLING IM ANTI-VIRUS<br />
By default, IM Anti-Virus is enabled and functions in normal mode. You can disable IM Anti-Virus if necessary.<br />
To disable IM Anti-Virus:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component.<br />
3. In the right part of the window, uncheck the Enable IM Anti-Virus box.<br />
CREATING THE PROTECTION SCOPE OF IM ANTI-VIRUS<br />
The protection scope is the type of messages to be scanned. By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans both<br />
incoming and outgoing messages. If you are sure that messages you send cannot contain any dangerous objects, you<br />
may disable scanning of outgoing traffic.<br />
96
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To disable scanning of outgoing messages:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component.<br />
3. In the right part of the window, in the Protection scope section, select the Incoming messages only option.<br />
CHECKING URLS IN MESSAGES FROM IM CLIENTS<br />
To scan messages for suspicious and phishing URLs:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component.<br />
3. In the right part of the window, in the Scan methods section, check the Check if URLs are listed in the<br />
database of suspicious URLs and Check if URLs are listed in the database of phishing URLs boxes.<br />
USING HEURISTIC ANALYSIS WHEN WORKING WITH IM ANTI-VIRUS<br />
To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the<br />
system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases.<br />
When using heuristic analysis, any script included in an IM client's message is executed in a protected environment. If<br />
the script's activity is typical of malicious objects, the object is likely to be classed as malicious or suspicious. By default,<br />
heuristic analysis is enabled.<br />
To enable heuristic analysis:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component.<br />
3. In the right part of the window, in the Scan methods section, check the Heuristic Analysis box and set the<br />
necessary scanning intensity level.<br />
PROACTIVE DEFENSE<br />
Proactive Defense protects your computer against new threats which are not yet included in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong><br />
databases.<br />
The functioning of Proactive Defense is based on proactive technologies. Proactive technologies allow you to neutralize<br />
a new threat before it does any harm to your computer. Unlike responsive technologies, which analyze code based on<br />
records in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases, preventative technologies recognize a new threat on your computer by<br />
the sequence of actions executed by a program. If, as a result of activity analysis, the sequence of an application's<br />
actions arouses suspicion, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> blocks the activity of this application.<br />
For example, when actions such as a program copying itself to network resources, the startup folder and the system<br />
registry are detected, it is highly likely that this program is a worm.<br />
Hazardous sequences of actions also include attempts to modify the HOSTS file, hidden installation of drivers, etc. You<br />
can turn off monitoring (see page 99) for any hazardous activity or edit its monitoring rules (see page 99).<br />
As opposed to the Application Control protection component (on page 101), Proactive Defense responds immediately to<br />
a defined sequence of an application's actions. Activity analysis is applied to all applications running on your computer,<br />
including those allocated in the Trusted group by the Application Control protection component.<br />
97
U S E R G U I D E<br />
You can create a group of trusted applications (see page 98) for Proactive Defense. You will not be notified of the<br />
activities of these applications.<br />
If your computer runs under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, Microsoft<br />
Windows Vista x64, Microsoft Windows 7, or Microsoft Windows 7 x64, control will not apply to all events. This is due to<br />
specific features of these operating systems. For example, control will not apply fully to the sending of data through<br />
trusted applications and suspicious system activities.<br />
IN THIS SECTION:<br />
Enabling and disabling Proactive Defense ...................................................................................................................... 98<br />
Creating a group of trusted applications .......................................................................................................................... 98<br />
Using the dangerous activity list ...................................................................................................................................... 99<br />
Changing the action to be taken on applications' dangerous activity .............................................................................. 99<br />
ENABLING AND DISABLING PROACTIVE DEFENSE<br />
By default, Proactive Defense is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can<br />
disable Proactive Defense if necessary.<br />
To disable Proactive Defense:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Proactive Defense component.<br />
3. In the right part of the window, uncheck the Enable Proactive Defense box.<br />
CREATING A GROUP OF TRUSTED APPLICATIONS<br />
Programs recognized by the Application Control protection component as Trusted pose no threat for the system.<br />
However, their activities will also be monitored by Proactive Defense.<br />
You can create a group of trusted applications exerting activity that should not be controlled by Proactive Defense. By<br />
default, the list of trusted applications includes applications with verified digital signatures and applications that are<br />
trusted in the <strong>Kaspersky</strong> <strong>Security</strong> Network database.<br />
To change the settings of the trusted applications group:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Proactive Defense component.<br />
3. In the right part of the window, in the Trusted applications section, perform the following actions:<br />
If you want applications with verified digital signatures to be included in the group of trusted applications,<br />
check the Applications with digital signature box.<br />
If you want applications trusted by the <strong>Kaspersky</strong> <strong>Security</strong> Network database to be included in the group of<br />
trusted applications, check the Trusted in <strong>Kaspersky</strong> <strong>Security</strong> Network database box.<br />
98
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
USING THE DANGEROUS ACTIVITY LIST<br />
The list of actions typical of dangerous activity cannot be edited. However, you can refuse to control a selected case of<br />
dangerous activity.<br />
To turn off monitoring for one dangerous activity or another:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Proactive Defense component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the Proactive Defense window that opens, uncheck the box next to the type of activity which you do not want<br />
to be monitored.<br />
CHANGING THE ACTION TO BE TAKEN ON APPLICATIONS'<br />
DANGEROUS ACTIVITY<br />
The list of actions typical of dangerous activity cannot be edited. However, you can change the action that <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong> takes when applications' dangerous activity is detected.<br />
To change the action that <strong>Kaspersky</strong> Lab application takes on dangerous activity of another application:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Proactive Defense component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the Proactive Defense window that opens, in the Event column, select the desired event for which you want<br />
to edit the rule.<br />
5. Configure the settings for the selected event using the links in the Rule description section. For example:<br />
a. Click the link with the preset action and select the desired action in the Select action window that opens.<br />
b. Click the On / Off link to indicate that a report on operation execution should be created.<br />
SYSTEM WATCHER<br />
System Watcher collects data about application actions on your computer and provides information to other components<br />
for improved protection.<br />
Based on information collected by System Watcher, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> can roll back actions performed by<br />
malicious programs.<br />
Rolling back actions performed by malicious programs can be initiated by one of the following protection components:<br />
System Watcher - based on patterns of dangerous activity;<br />
Proactive Defense;<br />
File Anti-Virus;<br />
when performing a virus scan.<br />
99
U S E R G U I D E<br />
If suspicious events are detected in the system, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> protection components can request<br />
additional information from System Watcher. In interactive protection mode of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see section<br />
"Selecting a protection mode" on page 64), you can view data collected by the System Watcher component and<br />
presented as a report on dangerous activity history. This data can help you make a decision when selecting an action in<br />
the notification window. When the component detects a malicious program, the link to the System Watcher's report is<br />
displayed in the top part of the notification window (see page 197), along with a prompt for action.<br />
IN THIS SECTION:<br />
Enabling and disabling System Watcher ....................................................................................................................... 100<br />
Using patterns of dangerous activity (BSS) ................................................................................................................... 100<br />
Rolling back a malicious program's actions ................................................................................................................... 101<br />
ENABLING AND DISABLING SYSTEM WATCHER<br />
By default, System Watcher is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can disable<br />
System Watcher if necessary.<br />
You are advised not to disable the component unless it is absolutely necessary, since this inevitably decreases the<br />
efficiency of Proactive Defense and other protection components that may request data collected by System Watcher in<br />
order to identify the potential threat detected.<br />
To disable System Watcher:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the System Watcher component.<br />
3. In the right part of the window, uncheck the Enable System Watcher box.<br />
USING PATTERNS OF DANGEROUS ACTIVITY (BSS)<br />
Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of actions typical of applications<br />
classified as dangerous. If an application's activity matches a pattern of dangerous activity, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong><br />
performs the prescribed action.<br />
To provide real-time effective protection, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> adds patterns of dangerous activity, which are used<br />
by System Watcher, during the database updates.<br />
By default, when <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is running in automatic mode, if an application's activity matches a pattern<br />
of dangerous activity, System Watcher moves this application to Quarantine. When running in interactive mode, System<br />
Watcher prompts for action. You can specify the action that the component should perform when an application's activity<br />
matches a pattern of dangerous activity.<br />
In addition to exact matches between applications' activities and patterns of dangerous activity, System Watcher also<br />
detects actions that partly match patterns of dangerous activity and are considered suspicious based on the heuristic<br />
analysis. If suspicious activity is detected, System Watcher prompts for action regardless of the operation mode.<br />
To select the action that the component should perform if an application's activity matches a pattern of dangerous<br />
activity:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the System Watcher component.<br />
100
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
3. In the right part of the window, in the Heuristic Analysis section, check the Use updatable patterns of<br />
dangerous activity (BSS) box.<br />
4. Click Select action and then specify the desired action on the dropdown list.<br />
ROLLING BACK A MALICIOUS PROGRAM'S ACTIONS<br />
You can use the option of rolling back the actions performed by malware in the system. To enable a rollback, System<br />
Watcher logs the history of program activity. You can limit the volume of information that System Watcher stores for a<br />
rollback.<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> rolls back relevant operations automatically when the protection components<br />
detect malicious activity. When running in interactive mode, System Watcher prompts for action. You can specify an<br />
action that should be taken if a rollback of actions performed by a malicious program is available.<br />
The procedure of rolling back malware operations affects a strictly defined set of data. It causes no negative<br />
consequences for the operating system or data integrity on your computer.<br />
To select an action that should be taken if a rollback of actions performed by a malicious program is available:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the System Watcher component.<br />
3. In the right part of the window, in the Rollback of malware actions section, choose Select action, and then<br />
select the required action from the dropdown list.<br />
To limit the volume of information that System Watcher stores for a rollback:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the System Watcher component.<br />
3. In the right part of the window, in the Rollback of malware actions section, check the Limit data to be stored<br />
for rollback box and specify the maximum data volume that System Watcher should store for a rollback.<br />
APPLICATION CONTROL<br />
Application Control prevents applications from performing actions that may be dangerous for the system and ensures<br />
control of access to operating system resources and your identity data.<br />
The component tracks actions performed in the system by applications installed on the computer and regulates them<br />
based on the Application Control rules. These rules regulate potentially dangerous activity, including applications' access<br />
to protected resources, such as files and folders, registry keys, and network addresses.<br />
Applications' network activity is controlled by the Firewall component (on page 109).<br />
At the first startup of an application on the computer, the Application Control component verifies its safety and includes it<br />
in one of the groups. The group defines the rules that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> should apply for controlling the activity<br />
of this application. The Application Control rules are a set of access rights to computer resources and restrictions posed<br />
on various actions being performed by applications on the computer.<br />
You can configure the conditions for distribution of applications by groups (see page 102), move an application to<br />
another group (see page 103), or edit the rules of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see page 104).<br />
101
U S E R G U I D E<br />
We recommend that you participate in the <strong>Kaspersky</strong> <strong>Security</strong> Network in order to improve the performance of<br />
Application Control (see section "<strong>Kaspersky</strong> <strong>Security</strong> Network" on page 174). Data obtained using the <strong>Kaspersky</strong><br />
<strong>Security</strong> Network allows you to group applications with more accuracy and apply optimal Application Control rules.<br />
When the application is restarted, Application Control checks its integrity. If the application has not been changed, the<br />
component applies the current rule to it. If the application has been modified, Application Control re-scans it as at the first<br />
startup.<br />
To control applications' access to various resources of your computer, you can use the preset list of protected resources<br />
or add user resources to the list (see page 107).<br />
IN THIS SECTION:<br />
Enabling and disabling Application Control ................................................................................................................... 102<br />
Placing applications into groups .................................................................................................................................... 102<br />
Viewing application activity ............................................................................................................................................ 103<br />
Modifying a group and restoring the default group ........................................................................................................ 103<br />
Working with Application Control rules .......................................................................................................................... 104<br />
Interpreting data on application usage by the participants of the <strong>Kaspersky</strong> <strong>Security</strong> Network ..................................... 108<br />
ENABLING AND DISABLING APPLICATION CONTROL<br />
By default, Application Control is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can<br />
disable Application Control, if necessary.<br />
To disable Application Control:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, uncheck the Enable Application Control box.<br />
PLACING APPLICATIONS INTO GROUPS<br />
At the first startup of an application on the computer, the Application Control component verifies its safety and includes it<br />
in one of the groups.<br />
Applications that do not pose any threat to the system are placed in the Trusted group. By default, this group includes<br />
applications with a digital signature and applications whose parent objects have one. You can disable the automatic<br />
inclusion of applications with a digital signature in the Trusted group.<br />
The behavior of applications included in the Trusted group will, however, be controlled by the Proactive Defense<br />
component (on page 97).<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> uses the heuristic analysis to group unknown applications (those not included in<br />
the <strong>Kaspersky</strong> <strong>Security</strong> Network database and functioning without a digital signature). The analysis helps determine the<br />
application's threat rating, based on which it is placed into a group. Instead of using heuristic analysis, you can specify a<br />
group into which <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> should automatically place all unknown applications.<br />
102
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
By default, Application Control analyzes an application for 30 seconds. If this time interval turns out to be insufficient for<br />
determining the threat rating, the application is placed into the Low Restricted group, while determination of the threat<br />
rating continues in background mode. After that, the application is placed into its final group. You can change the time<br />
allocated for application analysis. If you are sure that no applications started on your computer pose any threat to its<br />
security, you can decrease the time spent on analysis. If, on the contrary, you are installing software and are not sure<br />
that it is safe, you are advised to increase the time for analysis.<br />
If the application threat rating is high, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> notifies you and prompts you to select a group into<br />
which to place the application. Notification (see page 195) contains statistics on the application's use by <strong>Kaspersky</strong><br />
<strong>Security</strong> Network participants. Based on the statistics and taking into account the history of how this application<br />
appeared on your computer, you can make a more objective decision regarding the group into which the application<br />
should be placed (see section "Interpreting data on application usage by the participants of the <strong>Kaspersky</strong> <strong>Security</strong><br />
Network" on page 108).<br />
To configure distribution of applications by groups:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Applications restriction section, perform the following actions:<br />
a. If you want applications with digital signatures to be automatically included in the Trusted group, check the<br />
Trust applications with digital signature box.<br />
b. Select a method of allocating unknown applications by groups:<br />
If you want to use heuristic analysis to allocate unknown applications by groups, select Use the<br />
heuristic analysis to define group.<br />
If you want to place all unknown applications into a specified group, select Move to the following<br />
group automatically and specify the required group in the dropdown list.<br />
c. Specify a time interval for scanning an application being run, using the Maximum time to define the<br />
application group field.<br />
VIEWING APPLICATION ACTIVITY<br />
You can view information about applications used on your computer and about processes running.<br />
To view application activity:<br />
1. Open the main application window (see page 33).<br />
2. In the lower part of the window, select the Applications Activity section.<br />
3. In the Applications Activity window that opens, in the top left corner, select the desired category of<br />
applications from the dropdown list.<br />
MODIFYING A GROUP AND RESTORING THE DEFAULT GROUP<br />
At the first startup of an application, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> automatically includes it into a group (see section<br />
"Placing applications into groups" on page 102). You can move the application to another group manually. At any<br />
moment, you can move the application back to the default group.<br />
<strong>Kaspersky</strong> Lab specialists recommend that you avoid moving applications from default groups. Instead, if needed, edit<br />
the rules for an individual application.<br />
103
U S E R G U I D E<br />
To move an application to another group:<br />
1. Open the main application window (see page 33).<br />
2. In the lower part of the window, select the Applications Activity section.<br />
3. In the Applications Activity window that opens, in the top left corner, select the desired category of<br />
applications from the dropdown list.<br />
4. Right-click to open the context menu for the desired application and select Move to group .<br />
To restore an application in the default group:<br />
1. Open the main application window (see page 33).<br />
2. In the lower part of the window, select the Applications Activity section.<br />
3. In the Applications Activity window that opens, in the top left corner, select the desired category of<br />
applications from the dropdown list.<br />
4. Right-click to open the context menu for the desired application and select Move to group Restore default<br />
group.<br />
WORKING WITH APPLICATION CONTROL RULES<br />
The Application Control rules are a set of access rights to computer resources and restrictions posed on various actions<br />
being performed by applications on the computer.<br />
By default, an application is controlled according to the rules of the group into which <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> placed<br />
the application when it was run for the first time. The group rules have been developed by <strong>Kaspersky</strong> Lab specialists for<br />
optimum control of application activity. If necessary, you can edit these rules or adjust them for an individual application.<br />
The rules for an application have higher priority than the rules for a group.<br />
IN THIS SECTION:<br />
Editing group rules ........................................................................................................................................................ 104<br />
Editing application rules ................................................................................................................................................ 105<br />
Use of rules from <strong>Kaspersky</strong> <strong>Security</strong> Network by Application Control ......................................................................... 106<br />
Inheritance of restrictions of the parent process ............................................................................................................ 106<br />
Deleting rules for unused applications .......................................................................................................................... 107<br />
Protecting operating system resources and identity data .............................................................................................. 107<br />
EDITING GROUP RULES<br />
By default, different groups have different optimal sets of access rights to computer resources. You can edit the preset<br />
group rules.<br />
To change a group rule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
104
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
3. In the right part of the window, in the Configure application rules, protect digital identity data and other<br />
resources section, click the Applications button.<br />
4. In the Applications window that opens, select the desired group from the list and click the Edit button.<br />
5. In the Group rules window that opens, select the tab that matches the desired resource category (Files and<br />
system registry or Rights).<br />
6. Right-click the column with the appropriate action for the desired resource to open the context menu and select<br />
the desired value (Allow, Block, or Prompt for action).<br />
EDITING APPLICATION RULES<br />
You can modify restrictions at the level of an individual application or exclude some actions from the rules for an<br />
application. <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will not control actions that have been added to the exclusions from the rules for<br />
an application.<br />
All exclusions created in the rules for applications are available in the application settings window (see section "The<br />
application settings window" on page 36) in the Threats and Exclusions section.<br />
You can also disable the application of group rules to the control of access to selected categories of protected resources.<br />
Access to these resources is managed by the application rules.<br />
To change an application rule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Configure application rules, protect digital identity data and other<br />
resources section, click the Applications button.<br />
4. In the Applications window that opens, select the desired application from the list and click the Edit button.<br />
5. In the Application rules window that opens, select the tab that matches the desired resource category (Files<br />
and system registry or Rights).<br />
6. Right-click the column with the appropriate action for the desired resource to open the context menu and select<br />
the desired value (Allow, Block, or Prompt for action).<br />
To disable applying group rules to access to resources:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Configure application rules, protect digital identity data and other<br />
resources section, click the Applications button.<br />
4. In the Applications window that opens, select the desired application from the list.<br />
5. Click the Edit button.<br />
6. In the Application rules window that opens, select the tab that matches the desired resource category (Files<br />
and system registry or Rights).<br />
7. Right-click the column with the appropriate action for the required resource to open the context menu and select<br />
the Inherit item with the box checked.<br />
105
U S E R G U I D E<br />
To add an exclusion to the application rules:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Configure application rules, protect digital identity data and other<br />
resources section, click the Applications button.<br />
4. In the Applications window that opens, select the desired application from the list and click the Edit button.<br />
5. In the Application rules window that opens, select the Exclusions tab.<br />
6. Check the boxes for the actions that should not be controlled.<br />
USE OF RULES FROM KASPERSKY SECURITY NETWORK BY APPLICATION<br />
CONTROL<br />
By default, applications found in the <strong>Kaspersky</strong> <strong>Security</strong> Network database are processed according to the rules loaded<br />
from this database.<br />
If an application was not found in the <strong>Kaspersky</strong> <strong>Security</strong> Network database at the first run but information about it was<br />
added later, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will automatically update the rules for the control of this application by default.<br />
You can disable the usage of rules from the <strong>Kaspersky</strong> <strong>Security</strong> Network and / or the automatic update of the rules for<br />
previously unknown applications.<br />
To disable the usage of rules from the <strong>Kaspersky</strong> <strong>Security</strong> Network:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Applications restriction section, uncheck the Load rules for<br />
applications from <strong>Kaspersky</strong> <strong>Security</strong> Network (KSN) box.<br />
To disable updates of <strong>Kaspersky</strong> <strong>Security</strong> Network rules for previously unknown applications:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Applications restriction section, uncheck the Update rules for<br />
previously unknown applications from KSN box.<br />
INHERITANCE OF RESTRICTIONS OF THE PARENT PROCESS<br />
On your computer, you are not the only one that has rights to launch programs and processes. Other running programs<br />
(processes) also can do it; thus they become parent ones. If a parent process has a lower rights priority than a program<br />
that it launches, Application Control applies the same restrictions to the program being launched as to the parent<br />
process. Thus, the program being launched inherits all restrictions from its parent process.<br />
This mechanism prevents a non-trusted application or an application with restricted rights from using a trusted<br />
application to perform actions requiring certain privileges.<br />
If an application's activity is blocked because a parent process has insufficient rights, you can modify these rights or<br />
disable inheritance of restrictions from the parent process.<br />
You should modify the rights of a parent process only if you are absolutely certain that the process' activities do not<br />
threaten the security of the system!<br />
106
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To disable inheritance of restrictions from the parent process, perform the following steps:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Configure application rules, protect digital identity data and other<br />
resources section, click the Applications button.<br />
4. In the Applications window that opens, select the desired application from the list.<br />
5. Click the Edit button.<br />
6. In the Application rules window that opens, select the Exclusions tab.<br />
7. Check the Do not inherit restrictions from the parent process (application) box.<br />
DELETING RULES FOR UNUSED APPLICATIONS<br />
By default, the rules for applications which have not been started for 60 days are deleted automatically. You can modify<br />
the storage time for rules for unused applications or disable automatic removal of rules.<br />
To change the storage time for application rules:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, check the Delete rules for applications remaining inactive for more than box<br />
in the Additional section and specify the desired number of days.<br />
To disable the automatic removal of the rules for unused applications:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. In the right part of the window, in the Additional section, uncheck the Delete rules for applications remaining<br />
inactive for more than box.<br />
PROTECTING OPERATING SYSTEM RESOURCES AND IDENTITY DATA<br />
Application Control manages the applications' rights to perform actions with various resource categories of the operating<br />
system and personal data.<br />
<strong>Kaspersky</strong> Lab specialists have created preset categories of protected resources. You cannot edit this list. However, you<br />
can expand this list by adding user categories and / or individual resources, or stop controlling the selected resources.<br />
In addition, you can add specified resources to the exclusions. Access to those resources will not be controlled.<br />
To add personal data to be protected:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. Click the Identity protection button in the right part of the window.<br />
4. In the window that opens, on the Identity data tab, select the required category of identity data from the<br />
dropdown list.<br />
107
U S E R G U I D E<br />
5. Click the Add button and select the desired type of resource from the menu that opens.<br />
6. In the User resource window that opens, specify the desired settings based on the resource being added.<br />
To create a category of identity data items to be protected:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. Click the Identity protection button in the right part of the window.<br />
4. In the window that opens, on the Identity data tab, click the Add category button.<br />
5. In the Identity data category window that opens, enter a name for the new resource category.<br />
To add operating system settings and resources to be protected:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. Click the Identity protection button in the right part of the window.<br />
4. In the window that opens, on the Operating system tab, select the desired category of operating system<br />
objects from the Category dropdown list.<br />
5. Click the Add button and select the desired type of resource from the menu that opens.<br />
6. In the User resource window that opens, specify the desired settings based on the resource being added.<br />
To add a resource to the exclusions list:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Application Control component.<br />
3. Click the Identity protection button in the right part of the window.<br />
4. In the window that opens, on the Exclusions tab, click the Add button and specify the desired resource from<br />
the menu that opens.<br />
5. In the User resource window that opens, specify the desired settings based on the resource being added.<br />
INTERPRETING DATA ON APPLICATION USAGE BY THE PARTICIPANTS<br />
OF THE KASPERSKY SECURITY NETWORK<br />
Information about application usage by the participants of the <strong>Kaspersky</strong> <strong>Security</strong> Network (see page 175) will allow you<br />
to make an objective decision on which status should be assigned to an application running on your computer. To assess<br />
the maliciousness or safety of an application accurately based on KSN data, you should know the history of how this<br />
application appeared on your computer.<br />
<strong>Kaspersky</strong> Lab specialists distinguish the following possible sources of new applications:<br />
the user downloads a setup file from the <strong>Internet</strong> and then opens it;<br />
a setup file is automatically downloaded and opened when the user clicks a link on a web page;<br />
the user opens a setup file stored on a CD / DVD or copied to the hard disk from it;<br />
108
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
the user opens a setup file stored on a USB drive or copied to the hard disk from it;<br />
the user opens a setup file received in a message via email, IM client, or social network.<br />
Statistics of application usage by the participants of the <strong>Kaspersky</strong> <strong>Security</strong> Network include the frequency of application<br />
usage and how long ago it was used. Below are the main categories of application usage:<br />
very rarely (less than 100 participants of KSN use this application) and recently (the file appeared a few days<br />
ago);<br />
rarely (less than 1,000 participants of KSN) and relatively long ago (a few months ago); most users restrict the<br />
activity of this application;<br />
frequently (more than 100,000 participants of KSN) and long ago (more than six months ago); most users trust<br />
this application;<br />
frequently (more than 100,000 participants of KSN) and recently (a few weeks ago); most users trust or restrict<br />
this application;<br />
very frequently (more than 100,000 participants of KSN) and recently; most users trust this application.<br />
NETWORK PROTECTION<br />
The various protection components, tools, and settings of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> together ensure security and<br />
control of your network activities.<br />
The sections below contain detailed information about the principles of operation and configuration of the Firewall,<br />
Network Attack Blocker, Network Monitor, scanning of secure connections, proxy server settings, and monitoring of<br />
network ports.<br />
IN THIS SECTION:<br />
Firewall .......................................................................................................................................................................... 109<br />
Network Attack Blocker ................................................................................................................................................. 113<br />
Encrypted connections scan ......................................................................................................................................... 116<br />
Network Monitor ............................................................................................................................................................ 118<br />
Configuring the proxy server ......................................................................................................................................... 118<br />
Creating a list of monitored ports .................................................................................................................................. 119<br />
FIREWALL<br />
The Firewall ensures the security of your work in local networks and on the <strong>Internet</strong>.<br />
This component filters the entire network activity according to the network rules of Application Control. A network rule is<br />
an action that the Firewall performs when it detects a connection attempt with a specified status. A status is assigned to<br />
each network connection and is defined by set parameters: data transfer direction and protocol, addresses and ports to<br />
which the connection is established.<br />
109
U S E R G U I D E<br />
The Firewall analyzes the settings of the networks to which you connect your computer. If the application is running in<br />
the interactive mode, the Firewall, when first connected, asks you for the status of the connected network (see<br />
page 196). If interactive mode is disabled, the Firewall defines the status based on the network type, ranges of<br />
addresses and other specifications. If necessary, you can change the status (see page 110) of a network connection<br />
manually.<br />
IN THIS SECTION:<br />
Enabling and disabling the Firewall ............................................................................................................................... 110<br />
Changing the network status ......................................................................................................................................... 110<br />
Working with Firewall rules ............................................................................................................................................ 110<br />
Configuring notifications of changes in the network ...................................................................................................... 113<br />
Advanced Firewall settings ............................................................................................................................................ 113<br />
ENABLING AND DISABLING THE FIREWALL<br />
By default, the Firewall is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. If necessary, you can<br />
disable the Firewall.<br />
To disable the Firewall:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. In the right part of the window, uncheck the Enable Firewall box.<br />
CHANGING THE NETWORK STATUS<br />
The network connection status affects the set of rules used to filter network activity for that connection. You can change<br />
the network status, if necessary.<br />
To change the network connection status:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. In the right part of the window, in the Networks list, select a network connection and click the Edit button to<br />
open the network settings window.<br />
4. In the window that opens, select the desired status from the drop-down list on the Properties tab.<br />
WORKING WITH FIREWALL RULES<br />
The Firewall operates on the basis of two types of rules:<br />
Packet rules. These are used for posing restrictions on packets, regardless of the application. Typically, such<br />
rules restrict incoming network activity on specified TCP and UDP ports and filter ICMP messages.<br />
Application rules. These are used to set limits on the network activity of a particular application. Such rules allow<br />
fine-tuning of activity filtering, for example, when a certain type of network connection is prohibited for some<br />
applications but allowed for others.<br />
110
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
Packet rules have higher priority than application rules. If both packet rules and application rules are applied to the same<br />
type of network activity, this network activity is processed using the packet rules. You can also set a priority for each rule<br />
(see page 112).<br />
C R E A T I N G A P A C K E T R U L E<br />
Packet rules consist of a set of conditions and operations performed with regard to packets when these conditions are<br />
met.<br />
When creating packet rules, remember that they have priority over the rules for applications.<br />
To create a packet rule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Packet rules tab, click the Add button.<br />
5. In the Network rule window that opens, specify the desired settings and click the OK button.<br />
6. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list.<br />
E D I T I N G G R O U P R U L E S<br />
Similarly to the Application Control (on page 101) component, by default the Firewall filters an application's network<br />
activity using the rules of the group in which this application has been placed.<br />
The network rules of a group define which access rights to various networks can be granted to the applications that have<br />
been included in the group. You can add new network rules for a group or edit the preset ones.<br />
To add a network rule for a group:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Application rules tab, select the desired group from the list and click the Edit<br />
button.<br />
5. In the Group rules window that opens, select the Network rules tab and click the Add button.<br />
6. In the Network rule window that opens, specify the desired settings and click the OK button.<br />
7. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list.<br />
To change a network rule for a group:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Application rules tab, select the desired group from the list and click the Edit<br />
button.<br />
111
U S E R G U I D E<br />
5. In the Group rules window that opens, select the Network rules tab.<br />
6. Right-click the Permission column to open the context menu for the desired rule and select a value: Allow,<br />
Block, or Prompt for action.<br />
E D I T I N G A P P L I C A T I O N R U L E S<br />
You can create network rules for individual applications. The network rules of an application have a higher priority than<br />
network rules of a group.<br />
To create a network rule of an application:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Application rules tab, select an application and click the Edit button to open<br />
the rules configuration window.<br />
5. In the Application rules window that opens, on the Network rules tab, open the window for creating a network<br />
rule for the application by clicking the Add button.<br />
6. In the Network rule window that opens, specify the desired settings and click the OK button.<br />
7. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list.<br />
C H A N G I N G A R U L E ' S P R I O R I T Y<br />
The priority of a rule is defined by its position in the list. The first rule on the list has the highest priority.<br />
Each packet rule created manually is added to the end of the list of packet rules.<br />
Rules for applications are grouped by application name, and the rule priority applies to an individual group only. Rules for<br />
applications created manually have higher priority than inherited group rules.<br />
To change the priority of a packet rule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Packet rules tab, select the rule and move it to the required place in the list by<br />
clicking the Move up or Move down buttons.<br />
To change the priority of an application rule or a group rule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Application rules tab, select an application or group and open the rules<br />
configuration window by clicking the Edit button.<br />
5. In the window that opens, on the Network rules tab, select a rule and move it to the desired position in the list<br />
clicking the Move up or Move down buttons.<br />
112
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
CONFIGURING NOTIFICATIONS OF CHANGES IN THE NETWORK<br />
Network connection settings can be changed during operation. You can receive notifications of modifications in the<br />
network connection settings.<br />
To configure notifications about changes to network connection settings:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. In the right part of the window, in the Networks section, select a network connection and open the network<br />
settings window by clicking the Edit button.<br />
4. In the window that opens, on the Additional tab, in the Notify section, check the boxes for events that you want<br />
to be notified of.<br />
ADVANCED FIREWALL SETTINGS<br />
You can adjust the following advanced settings of the Firewall:<br />
enable the active mode for FTP;<br />
block connections if they cannot be prompted for action (application interface is not loaded);<br />
keep running until the system is shut down.<br />
By default, all the settings are enabled.<br />
To adjust the advanced settings of the Firewall:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Firewall component.<br />
3. Click the Settings button in the right part of the window.<br />
4. In the window that opens, on the Packet rules tab, open the advanced settings window by clicking the<br />
Additional button.<br />
5. In the Additional window that opens, check / uncheck the boxes next to the desired settings.<br />
NETWORK ATTACK BLOCKER<br />
The Network Attack Blocker scans inbound traffic for activity typical of network attacks. Once an attempt to attack your<br />
computer is detected, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> blocks any network activity of the attacking computer towards your<br />
computer.<br />
By default, the block lasts for one hour. A warning will appear on the screen stating that an attempted network attack has<br />
taken place, with specific information about the computer which attacked yours. Descriptions of currently known network<br />
attacks (see section "Types of detected network attacks" on page 114) and methods to fight them are provided in<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases. The list of attacks which the Network Attack Blocker can detect is updated when<br />
the application's databases are updated (see section "Update" on page 72).<br />
113
U S E R G U I D E<br />
IN THIS SECTION:<br />
Types of detected network attacks ................................................................................................................................ 114<br />
Enabling and disabling Network Attack Blocker ............................................................................................................ 115<br />
Editing the blockage settings ......................................................................................................................................... 115<br />
TYPES OF DETECTED NETWORK ATTACKS<br />
Nowadays, a great number of network attacks exist. These attacks exploit the vulnerabilities of the operating system and<br />
other software, system-type or otherwise, installed on your computer.<br />
To ensure the security of your computer, you must know what kinds of network attacks you might encounter. Known<br />
network attacks can be divided into three major groups:<br />
Port scan – this type of threat is not itself an attack, but it usually precedes one, since it is one of the common<br />
ways of obtaining information about a remote computer. The UDP / TCP ports used by the network tools on the<br />
computer targeted by an intruder are scanned to determine their status (closed or open).<br />
Port scans can tell a hacker what types of attacks work on that system and what types do not. In addition, the<br />
information obtained through the scan (a model of the system) helps the malefactor to know what operating<br />
system the remote computer uses. This, in turn, further restricts the number of potential attacks, and,<br />
correspondingly, the time spent perpetrating them. It also aids a hacker in attempting to use vulnerabilities<br />
characteristic of the operating system.<br />
DoS attacks, or Denial of Service attacks, are attacks which cause unstable performance of a system or its<br />
crash. Attacks of this type may make it impossible to use the information resources under attack (for example, it<br />
may not be possible to access the <strong>Internet</strong>).<br />
There are two basic types of DoS attacks:<br />
sending the target computer specially created packets that the computer does not expect which cause the<br />
system either to restart or to stop;<br />
sending the target computer many packets within a short timeframe such that the computer cannot process<br />
them, which causes system resources to be exhausted.<br />
Prime examples of this group of attacks are the following:<br />
The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64<br />
KB. This attack can crash some operating systems.<br />
The Land attack consists of sending a request to an open port on the target computer to establish a<br />
connection with itself. This attack sends the computer into a cycle, which intensifies the load on the<br />
processor and can lead to the crashing of some operating systems.<br />
The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The<br />
computer attempts to reply to each inbound packet, which slows the processor to a crawl.<br />
The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a<br />
fake connection. The system reserves certain resources for each of those connections, which completely<br />
drains your system resources, and the computer stops reacting to other connection attempts.<br />
Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it<br />
is successful, the hacker takes total control of your system.<br />
Hackers use this type of attack to obtain confidential information from a remote computer (for example, credit<br />
card numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes<br />
later (e.g., to use the invaded system in a zombie network, or as a platform for new attacks).<br />
114
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
This group includes the largest number of attacks. They may be divided into three groups depending on the<br />
operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and a common<br />
group for network services available in both operating systems.<br />
The following types of attacks are the most common among those which use the network resources of operating<br />
systems:<br />
Buffer overflow attacks. Buffer overflow may be caused by the absence (or insufficiency) of control when<br />
working with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit.<br />
Format string attacks. Format string errors arise from insufficient control of input values for I/O functions,<br />
such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this<br />
vulnerability, the hacker is able to send specially created queries and can take total control of the system.<br />
The Intrusion Detection System automatically analyzes and prevents attempts to exploit these<br />
vulnerabilities in the most common network services (FTP, POP3, IMAP) if they are running on the user’s<br />
computer.<br />
Attacks aimed at computers with Microsoft Windows are based on the use of the vulnerabilities of the<br />
software installed on a computer (such as Microsoft SQL Server, Microsoft <strong>Internet</strong> Explorer, Messenger,<br />
and system components available via the network – DCom, SMB, Wins, LSASS, IIS5).<br />
In addition, the use of various malicious scripts, including scripts processed by Microsoft <strong>Internet</strong> Explorer and<br />
Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type<br />
consists of sending a special type of UDP packet that can execute malicious code to a remote computer.<br />
ENABLING AND DISABLING NETWORK ATTACK BLOCKER<br />
By default, Network Attack Blocker is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can<br />
disable Network Attack Blocker if necessary.<br />
To disable Network Attack Blocker:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component.<br />
3. In the right part of the window, uncheck the Enable Network Attack Blocker box.<br />
EDITING THE BLOCKAGE SETTINGS<br />
By default, Network Attack Blocker blocks the activity of an attacking computer for one hour. You can cancel blockage of<br />
the selected computer or change the blockage time.<br />
To modify the time for which an attacking computer will be blocked:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component.<br />
3. In the right part of the window, check the Add the attacking computer to the list of blocked computers for<br />
box and specify the blockage time.<br />
To unblock an attacking computer:<br />
1. Open the main application window (see page 33).<br />
2. In the lower part of the window, select the Network Monitor section.<br />
3. In the Network Monitor window that opens, on the Blocked computers tab, select the blocked computer and<br />
click the Unblock button.<br />
115
U S E R G U I D E<br />
ENCRYPTED CONNECTIONS SCAN<br />
Connecting using the SSL / TLS protocols protects the data exchange channel on the <strong>Internet</strong>. The SSL / TLS protocols<br />
allow you to identify the parties exchanging data using electronic certificates, encode the data being transferred, and<br />
ensure their integrity during the transfer.<br />
These features of the protocol are used by hackers to spread malicious programs, since most antivirus applications do<br />
not scan SSL / TLS traffic.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans encrypted connections using a <strong>Kaspersky</strong> Lab certificate.<br />
If an invalid certificate is detected when connecting to the server (for example, if the certificate is replaced by an<br />
intruder), a notification will pop up containing a prompt to either accept or reject the certificate.<br />
If you are sure that connection with a website is always secure, in spite of an invalid certificate, you can add the website<br />
into the list of trusted URLs. <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will no longer scan the encrypted connection with this website.<br />
You can use the Certificate Installation Wizard to install a certificate for scanning encrypted connections in semiinteractive<br />
mode in Microsoft <strong>Internet</strong> Explorer, Mozilla Firefox (if it is not launched) and Google Chrome, as well as to<br />
get instructions on installing <strong>Kaspersky</strong> Lab's certificate for Opera.<br />
To enable encrypted connections scanning and install <strong>Kaspersky</strong> Lab's certificate:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Network component.<br />
3. In the window that opens, check the Scan encrypted connections box. When you first enable this setting, the<br />
Certificate Installation Wizard starts automatically.<br />
4. If the wizard does not start, click the Install certificate button. This will start a Wizard with instructions to follow<br />
for successful installation of the <strong>Kaspersky</strong> Lab certificate.<br />
IN THIS SECTION:<br />
Scanning encrypted connections in Mozilla Firefox ....................................................................................................... 116<br />
Scanning encrypted connections in Opera .................................................................................................................... 117<br />
SCANNING ENCRYPTED CONNECTIONS IN MOZILLA FIREFOX<br />
The Mozilla Firefox browser does not use Microsoft Windows certificate storage. To scan SSL connections when using<br />
Firefox, you should install the <strong>Kaspersky</strong> Lab certificate manually.<br />
You can use the Certificate Installation Wizard, if the browser is not launched.<br />
To install <strong>Kaspersky</strong> Lab's certificate:<br />
1. In the browser menu, select Tools Settings.<br />
2. In the window that opens, select the Additional section.<br />
3. In the Certificates section, select the <strong>Security</strong> tab and click the View Certificates button.<br />
4. In the window that opens, select the Authorities tab and click the Restore button.<br />
116
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
5. In the window that opens, select the <strong>Kaspersky</strong> Lab certificate file. The path to <strong>Kaspersky</strong> Lab's certificate file is:<br />
%AllUsersProfile%\Application Data\<strong>Kaspersky</strong> Lab\AVP12\Data\Cert\(fake)<strong>Kaspersky</strong> Anti-<br />
Virus personal root certificate.cer.<br />
6. In the window that opens, check the boxes to select the actions that should be scanned with the certificate<br />
installed. To view information about the certificate, click the View button.<br />
To install <strong>Kaspersky</strong> Lab's certificate for Mozilla Firefox version 3.x manually:<br />
1. In the browser menu, select Tools Settings.<br />
2. In the window that opens, select the Additional section.<br />
3. On the Encryption tab, click the View Certificates button.<br />
4. In the window that opens, select the Authorities tab and click the Import button.<br />
5. In the window that opens, select the <strong>Kaspersky</strong> Lab certificate file. The path to <strong>Kaspersky</strong> Lab's certificate file is:<br />
%AllUsersProfile%\Application Data\<strong>Kaspersky</strong> Lab\AVP12\Data\Cert\(fake)<strong>Kaspersky</strong> Anti-<br />
Virus personal root certificate.cer.<br />
6. In the window that opens, check the boxes to select the actions that should be scanned with the certificate<br />
installed. To view information about the certificate, click the View button.<br />
If your computer runs under Microsoft Windows Vista or Microsoft Windows 7, the path to <strong>Kaspersky</strong> Lab's certificate file<br />
is: %AllUsersProfile%\<strong>Kaspersky</strong> Lab\AVP12\Data\Cert\(fake)<strong>Kaspersky</strong> Anti-Virus personal root certificate.cer.<br />
SCANNING ENCRYPTED CONNECTIONS IN OPERA<br />
The Opera browser does not use Microsoft Windows certificate storage. To scan SSL connections when using Opera,<br />
you should install <strong>Kaspersky</strong> Lab's certificate manually.<br />
To install <strong>Kaspersky</strong> Lab's certificate:<br />
1. In the browser menu, select Tools Settings.<br />
2. In the window that opens, select the Additional section.<br />
3. In the left part of the window, select the <strong>Security</strong> tab and click the Manage Certificates button.<br />
4. In the window that opens, select the Vendors tab and click the Import button.<br />
5. In the window that opens, select the <strong>Kaspersky</strong> Lab certificate file. The path to <strong>Kaspersky</strong> Lab's certificate file is:<br />
%AllUsersProfile%\Application Data\<strong>Kaspersky</strong> Lab\AVP12\Data\Cert\(fake)<strong>Kaspersky</strong> Anti-<br />
Virus personal root certificate.cer.<br />
6. In the window that opens, click the Install button. <strong>Kaspersky</strong> Lab's certificate will be installed. To view<br />
information about the certificate and select the actions for which the certificate will be used, select the certificate<br />
in the list and click the View button.<br />
To install <strong>Kaspersky</strong> Lab's certificate for Opera version 9.x:<br />
1. In the browser menu, select Tools Settings.<br />
2. In the window that opens, select the Additional section.<br />
3. In the left part of the window, select the <strong>Security</strong> tab and click the Manage Certificates button.<br />
4. In the window that opens, select the Authorities tab and click the Import button.<br />
117
U S E R G U I D E<br />
5. In the window that opens, select the <strong>Kaspersky</strong> Lab certificate file. The path to <strong>Kaspersky</strong> Lab's certificate file is:<br />
%AllUsersProfile%\Application Data\<strong>Kaspersky</strong> Lab\AVP12\Data\Cert\(fake)<strong>Kaspersky</strong> Anti-<br />
Virus personal root certificate.cer.<br />
6. In the window that opens, click the Install button. <strong>Kaspersky</strong> Lab's certificate will be installed.<br />
If your computer runs under Microsoft Windows Vista or Microsoft Windows 7, the path to <strong>Kaspersky</strong> Lab's certificate file<br />
is: %AllUsersProfile%\<strong>Kaspersky</strong> Lab\AVP12\Data\Cert\(fake)<strong>Kaspersky</strong> Anti-Virus personal root certificate.cer.<br />
NETWORK MONITOR<br />
Network Monitor is a tool used to view information about network activities in real time.<br />
To view information about network activity:<br />
1. Open the main application window (see page 33).<br />
2. In the lower part of the window, select the Network Monitor section.<br />
In the Network Monitor window that opens, the Network activity tab provides information about network<br />
activity.<br />
When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can open Network<br />
Monitor using the <strong>Kaspersky</strong> Gadget. To do this, <strong>Kaspersky</strong> Gadget should be configured so that the option of opening<br />
the Network Monitor window is assigned to one of its buttons (see section "How to use the <strong>Kaspersky</strong> Gadget" on<br />
page 59).<br />
To open Network Monitor using the gadget,<br />
click the button with the<br />
Network Monitor icon in the <strong>Kaspersky</strong> Gadget interface.<br />
In the Network Monitor window that opens, the Network activity tab provides information about network activity.<br />
CONFIGURING THE PROXY SERVER<br />
If the computer's <strong>Internet</strong> connection is established via a proxy server, you may need to configure its connection settings.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> uses these settings for certain protection components, as well as for updating the databases<br />
and application modules.<br />
If your network includes a proxy server using a non-standard port, you should add the port number to the list of<br />
monitored ports (see section "Creating a list of monitored ports" on page 119).<br />
To configure connection with a proxy server:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Network component.<br />
3. In the Proxy server section, click the Proxy server settings button.<br />
4. In the Proxy server settings window that opens, specify the required settings for connection to a proxy server.<br />
118
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
CREATING A LIST OF MONITORED PORTS<br />
Such protection components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus (on page 88) monitor the data streams<br />
transferred via specific protocols and through certain open TCP ports on your computer. For example, Mail Anti-Virus<br />
scans information transferred via SMTP, while Web Anti-Virus scans information transferred via HTTP, HTTPS, and FTP.<br />
You can enable monitoring of all or just selected network ports. If you configure the product to monitor the selected ports,<br />
you can create a list of applications for which all ports will be monitored. We recommend that you expand this list by<br />
including applications that receive or transfer data via FTP.<br />
To add a port to the list of monitored ports:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Network subsection.<br />
3. In the Monitored ports section, select Monitor selected ports only and click the Select button.<br />
The Network ports window will open.<br />
4. Click the Add link located under the list of ports in the top part of the window to open the Network port window,<br />
and enter the number and description of a port.<br />
To exclude a port from the list of monitored ports:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Network subsection.<br />
3. In the Monitored ports section, select Monitor selected ports only and click the Select button.<br />
The Network ports window will open.<br />
4. In the list of ports in the top part of the window, uncheck the box next to the description of the port that should<br />
be excluded.<br />
To create a list of applications for which you wish to monitor all ports:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Network subsection.<br />
3. In the Monitored ports section, select Monitor selected ports only and click the Select button.<br />
The Network ports window will open.<br />
4. Check the Monitor all ports for specified applications box, and in the list of applications below, check the<br />
boxes for the names of the applications for which all ports should be monitored.<br />
5. If the desired application is not in the list, add it as follows:<br />
a. Click the Add link under the list of applications to open a menu, and select an item:<br />
To specify the location of the executable file of an application, select Browse and specify the file's<br />
location on the computer.<br />
To select an application from the list of applications currently running, select Applications. In the<br />
Select application window that opens, select the required application.<br />
b. In the Application window, enter a description for the application selected.<br />
119
U S E R G U I D E<br />
ANTI-SPAM<br />
Anti-Spam detects unsolicited email (spam) and processes it according to the rules of your email client.<br />
Anti-Spam is built into the following mail clients as a plug-in:<br />
Microsoft Office Outlook (on page 133);<br />
Microsoft Outlook Express (Windows Mail) (on page 133);<br />
The Bat! (on page 134);<br />
Thunderbird (on page 134).<br />
The lists of blocked and allowed senders allow to specify the addresses from which messages will be deemed useful<br />
mail or spam. Messages addressed not to you may be classified as spam (see page 129). Furthermore, Anti-Spam can<br />
check a message for the presence of allowed and blocked phrases, as well as for phrases from a list of obscene<br />
expressions.<br />
To enable efficient recognition of spam and useful mail by Anti-Spam, the component needs training (see section<br />
"Training Anti-Spam" on page 122).<br />
Anti-Spam uses a self-training algorithm that allows the component to better distinguish spam from useful mail with time.<br />
The source of data for the algorithm is the contents of the message.<br />
Anti-Spam's operation consists of two stages:<br />
1. The application of strict filtering criteria to a message. These criteria quickly determine whether the message is<br />
spam. Anti-Spam assigns the message spam or not spam status, the scan is stopped, and the message is<br />
transferred to the mail client for processing (see algorithm steps 1 to 5 below).<br />
2. Analyzing email messages that have undergone filtering. Such messages cannot be unambiguously considered<br />
spam. Therefore, Anti-Spam calculates the probability of their being spam.<br />
The Anti-Spam algorithm consists of the following steps:<br />
1. The message sender's address is checked for presence in the lists of allowed or blocked senders.<br />
If a sender's address is in the list of allowed senders, the message receives Not Spam status.<br />
If a sender's address is in the list of blocked senders, the message receives Spam status.<br />
2. If a message was sent using Microsoft Exchange Server and scanning of such messages is disabled, the<br />
message is given Not Spam status.<br />
3. A message analysis is performed to check whether it contains strings from the list of allowed phrases. If at least<br />
one line from this list has been found, the message will be assigned Not Spam status. This step is skipped by<br />
default.<br />
4. Anti-Spam analyzes a message to check whether it contains strings from the list of blocked phrases or the list of<br />
obscene words. Whenever words from these lists are found in a message, their weighting coefficients are added<br />
together. If the sum of the coefficients exceeds 100, the message will receive Spam status. This step is skipped<br />
by default.<br />
5. If the message text contains an address included in the database of phishing or suspicious web addresses, the<br />
message receives Spam status.<br />
6. Email is analyzed using heuristic rules. If the analysis finds signs typical of spam in a message, the probability<br />
of it being spam increases.<br />
120
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
7. Email is analyzed using GSG technology. In this kind of analysis, Anti-Spam analyzes images attached to the<br />
email message. If the analysis finds signs typical of spam in them, the probability of the message being spam<br />
increases.<br />
8. The application analyzes email attachments in .rtf format. It scans attached documents for signs of spam. Once<br />
the analysis is complete, Anti-Spam calculates the increase in the probability of the message being spam. By<br />
default, the use of this technology is disabled.<br />
9. It checks for the presence of additional features typical of spam. Each feature detected increases the probability<br />
that the message being scanned is spam.<br />
10. If Anti-Spam has been trained, the message will be scanned using iBayes technology. The self-training iBayes<br />
algorithm calculates the probability of a message being spam based on the frequency of phrases typical of<br />
spam found in the message text.<br />
The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy<br />
of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. Availability of this function depends on the application localization language.<br />
Message analysis determines the probability of its being spam expressed as the spam rate value. Spam or Probable<br />
spam status will be assigned to a message depending upon the specified threshold values of the spam rate (see section<br />
"Regulating threshold values of the spam rate" on page 130). By default the product adds the label [!! SPAM] or<br />
[?? Probable Spam] to the Subject field of spam and probable spam messages (see section "Adding a label to the<br />
message subject" on page 132). Then each message will be processed in accordance with the rules you have defined<br />
for email clients (see section "Configuring spam processing by mail clients" on page 132).<br />
IN THIS SECTION:<br />
Enabling and disabling Anti-Spam ................................................................................................................................ 121<br />
Changing and restoring the spam protection level ........................................................................................................ 122<br />
Training Anti-Spam ....................................................................................................................................................... 122<br />
Checking URLs in email messages ............................................................................................................................... 125<br />
Detecting spam by phrases and addresses. Creating lists ............................................................................................ 125<br />
Regulating threshold values of the spam rate ............................................................................................................... 130<br />
Using additional features affecting the spam rate ......................................................................................................... 131<br />
Selecting a spam recognition algorithm......................................................................................................................... 131<br />
Adding a label to the message subject .......................................................................................................................... 132<br />
Scanning messages from Microsoft Exchange Server .................................................................................................. 132<br />
Configuring spam processing by mail clients ................................................................................................................ 132<br />
ENABLING AND DISABLING ANTI-SPAM<br />
By default, Anti-Spam is enabled, running in a mode recommended by <strong>Kaspersky</strong> Lab specialists. You can disable Anti-<br />
Spam, if necessary.<br />
To disable Anti-Spam:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. In the right part of the window, uncheck the Enable Anti-Spam box.<br />
121
U S E R G U I D E<br />
CHANGING AND RESTORING THE SPAM PROTECTION LEVEL<br />
Depending on how often you receive spam, you can select one of the preset spam protection levels or configure Anti-<br />
Spam on your own. The levels of anti-spam protection correspond to the following security levels configured by the<br />
experts at <strong>Kaspersky</strong> Lab:<br />
High. This security level should be used if you receive spam frequently, for example, when using free mail<br />
services. When you select this level, the frequency of false positives rises; that is, useful mail is more often<br />
recognized as spam.<br />
Recommended. This security level should be used in most cases.<br />
Low. This security level should be used if you rarely receive spam, for example, if you are working in a<br />
protected corporate email environment. When this level is selected, spam and potential spam messages are<br />
less frequently recognized.<br />
When configuring Anti-Spam, you can always restore the recommended values. These settings are considered optimal,<br />
recommended by <strong>Kaspersky</strong> Lab, and grouped in the Recommended security level.<br />
To change the spam protection level set:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
In the right part of the window, in the <strong>Security</strong> level section, set the desired security level, or click the Settings<br />
button to modify the settings manually.<br />
If you modify the settings manually, the name of the security level will change to Custom.<br />
To restore the default Anti-Spam settings:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Default level button in the <strong>Security</strong> level section in the right part of the window.<br />
TRAINING ANTI-SPAM<br />
One of the most powerful spam detection tools is the self-training iBayes algorithm. The application uses the algorithm to<br />
decide which status should be assigned to a message based on the phrases it contains. Prior to beginning work, sample<br />
strings of useful and spam mail should be submitted to the iBayes algorithm, i.e., it should be trained.<br />
The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy of<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. Availability of this function depends on the application localization language.<br />
There are several approaches to training Anti-Spam:<br />
Training Anti-Spam using outgoing messages.<br />
Training is performed while working with messages in the mail client using special buttons and menu items.<br />
Training when working with Anti-Spam reports.<br />
122
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
IN THIS SECTION:<br />
Training on outgoing messages .................................................................................................................................... 123<br />
Training on the interface of a mail client ........................................................................................................................ 123<br />
Adding an address to the list of allowed senders .......................................................................................................... 124<br />
Training with reports ...................................................................................................................................................... 124<br />
TRAINING ON OUTGOING MESSAGES<br />
You can train Anti-Spam using a sample of 50 outgoing emails. Once training is enabled, Anti-Spam will analyze every<br />
message you send, using it as a sample of useful mail. Training will complete after you send the 50th message.<br />
To enable Anti-Spam training using outgoing emails:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Additional tab in the Outgoing messages section, check the Train using outgoing email messages<br />
box.<br />
While training using outgoing mail is in progress, the addresses of mail recipients are automatically added to the list of<br />
allowed senders. You can disable this feature (see section "Adding an address to the list of allowed senders" on<br />
page 124).<br />
TRAINING ON THE INTERFACE OF A MAIL CLIENT<br />
You can train Anti-Spam while handling email, using buttons on the taskbar and the menu of your email client.<br />
The buttons and menu items for Anti-Spam training only appear in the interfaces of mail client software after installation<br />
of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
To train Anti-Spam using the email client interface:<br />
1. Start the email client.<br />
2. Select a message with which you wish to train Anti-Spam.<br />
3. Do the following depending upon your email client:<br />
click the Spam or Not Spam button in the Microsoft Office Outlook toolbar;<br />
click the Spam or Not Spam button in the Microsoft Outlook Express toolbar (Windows Mail);<br />
use the special Mark as Spam and Mark as Not Spam items in the Special menu of The Bat! email client;<br />
use the Spam / Not Spam button in the Mozilla Thunderbird toolbar.<br />
123
U S E R G U I D E<br />
After selecting an action from the list above, Anti-Spam conducts training using the selected message. If you select<br />
several messages, all of them are used for training.<br />
If a message is marked as useful mail, the address of its sender will be added to the list of allowed senders<br />
automatically. You can disable this feature (see section "Adding an address to the list of allowed senders" on page 124).<br />
ADDING AN ADDRESS TO THE LIST OF ALLOWED SENDERS<br />
When Anti-Spam is trained, the addresses of useful mail senders are automatically added to the list of allowed senders<br />
(see section "Blocked and allowed senders" on page 128). The application also adds the addresses of outgoing mail<br />
recipients to that list if training with outgoing mail is used.<br />
You can disable that function to prevent the automatic addition of allowed senders to the list in the course of training.<br />
To disable adding the address to the list of allowed senders:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab in the Consider message as not spam section, check the If it is from an allowed<br />
sender box and click the Select button.<br />
The Allowed senders window opens.<br />
5. Uncheck the Add allowed senders' addresses when training Anti-Spam box.<br />
TRAINING WITH REPORTS<br />
There is the option to train Anti-Spam using its reports displaying information about messages recognized as probable<br />
spam. Essentially, the training means assigning the Spam or Not Spam labels to messages, as well as adding senders<br />
of those messages to the lists of allowed or blocked senders (see section "Blocked and allowed senders" on page 128).<br />
Messages are not marked with the spam and not spam tags if the function of self-training text analysis algorithm iBayes<br />
is enabled in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. Availability of this function depends on the application localization language.<br />
To train Anti-Spam using a report:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports button.<br />
3. In the Reports window that opens, click the Detailed report button.<br />
The Detailed report window opens.<br />
4. Select the Anti-Spam section in the left part of the window.<br />
5. Use the records in the Object column in the right part of the window to select the messages you wish to use for<br />
Anti-Spam training. For each such message, right-click to open the context menu and select one of the menu<br />
commands corresponding to the operation which should be performed on the message:<br />
Mark as Spam.<br />
Mark as Not Spam.<br />
124
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
Add to the list of allowed senders.<br />
Add to the list of blocked senders.<br />
CHECKING URLS IN EMAIL MESSAGES<br />
Anti-Spam can check the URLs in mail messages to identify the ones included in the lists of suspicious web addresses or<br />
phishing web addresses. These lists are included in the product package of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. If you<br />
participate in <strong>Kaspersky</strong> <strong>Security</strong> Network (on page 174), <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> also accesses <strong>Kaspersky</strong> <strong>Security</strong><br />
Network when checking URLs. If a phishing or suspicious link is detected in a message, or if phishing elements are<br />
detected in the message body, this message is identified as spam.<br />
To check URLs in email messages, you can also use the heuristic analysis.<br />
To enable URL checks using the databases of suspicious and phishing addresses:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab in the Consider message as spam section, check the If it contains URLs from<br />
the database of suspicious URLs and If it contains phishing elements boxes.<br />
To enable heuristic analysis:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab, in the Consider message as spam section, click the Additional button.<br />
5. In the Anti-Phishing settings window that opens, check the Use Heuristic Analysis to check mail for<br />
phishing box and set a scan detail level using the slider.<br />
DETECTING SPAM BY PHRASES AND ADDRESSES. CREATING LISTS<br />
You can create lists of allowed, blocked and obscene key phrases, as well as lists of allowed and blocked sender<br />
addresses and a list of your addresses. If these lists are used, Anti-Spam analyzes every message to check whether it<br />
contains the phrases added to the lists, and it checks whether the addresses of the mail sender and recipients match the<br />
records in the address lists. Once a sought phrase or address is found, Anti-Spam identifies the message as useful mail<br />
or spam, depending upon which list contains the phrase or address.<br />
The following mail will be recognized as spam:<br />
messages containing blocked or obscene phrases with total weighting coefficient exceeding 100;<br />
messages sent from a blocked address or not addressed to you directly.<br />
125
U S E R G U I D E<br />
The following messages will be recognized as useful mail:<br />
messages containing allowed phrases;<br />
messages sent from an allowed address.<br />
IN THIS SECTION:<br />
Using masks for phrases and addresses ...................................................................................................................... 126<br />
Blocked and allowed phrases ........................................................................................................................................ 127<br />
Obscene words ............................................................................................................................................................. 127<br />
Blocked and allowed senders ........................................................................................................................................ 128<br />
Your addresses ............................................................................................................................................................. 129<br />
Exporting and importing lists of phrases and addresses ............................................................................................... 129<br />
USING MASKS FOR PHRASES AND ADDRESSES<br />
You can use phrase masks in the lists of allowed, blocked and obscene phrases. The lists of allowed and blocked<br />
addresses and the list of trusted addresses support address masks.<br />
A mask is a template string against which a phrase or an address is compared. Certain symbols in a mask are used to<br />
represent others: * replaces any sequence of characters, while ? replaces any single character. If a mask uses such<br />
wildcards, it can match several phrases or addresses (see examples).<br />
If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be preceded by the \ character to<br />
ensure that Anti-Spam recognizes it correctly. Thus, instead of the * character you should use the \* combination in<br />
masks; the ? character should be represented as \? (e.g., What's the time\?).<br />
Sample phrase masks:<br />
Welcome to our *! – this mask covers any message containing a phrase that starts with the words "Welcome to<br />
our", continues with any text, and ends with the ! character.<br />
We offer – this mask covers any message containing a phrase that starts with the words "We offer" and<br />
continues with any text.<br />
Examples of address masks:<br />
admin@test.com – this mask only matches the address admin@test.com.<br />
admin@* – the mask matches the sender address with the admin name, for example, admin@test.com,<br />
admin@example.org.<br />
*@test* – this mask matches the address of any message sender from a domain beginning with test, for<br />
example: admin@test.com, info@test.org.<br />
info.*@test.??? – this mask corresponds to the address of any sender whose name begins with info. and whose<br />
mail domain name begins with test. and ends with any three characters, for example: info.product@test.com,<br />
info.company@test.org, but not info.product@test.ru.<br />
126
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
BLOCKED AND ALLOWED PHRASES<br />
You can add expressions which you typically observe in spam to the list of blocked phrases and define the weighting<br />
coefficient for each phrase. The weighting coefficient allows you to specify how typical a certain phrase is of spam<br />
messages: the larger the value, the higher the probability that mail containing such a phrase is spam. The weighting<br />
coefficient of a phrase can range from 0 to 100. If the total of the weighting coefficients of all phrases found in a message<br />
exceeds 100, the message will be identified as spam.<br />
Key expressions typical of useful mail can be added to the list of allowed phrases. Once Anti-Spam finds such a phrase<br />
in a message, it will be identified as useful mail (not spam).<br />
You can add both entire phrases and their masks to the list of blocked and allowed expressions (see section "Using<br />
masks for phrases and addresses" on page 126).<br />
To create a list of blocked or allowed phrases:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. Use the Exact methods tab to perform the following steps:<br />
If you need to create a list of blocked phrases, in the Consider message as spam section, check the If it<br />
contains blocked phrases box and click the Select button to the right.<br />
The Blocked phrases window will open.<br />
If you need to create a list of allowed phrases, in the Consider message as not spam section, check the If<br />
it contains allowed phrases box and click the Select button to the right.<br />
The Allowed phrases window will open.<br />
5. Click the Add link to open the Blocked phrase window (or the Allowed phrase window).<br />
6. Enter the complete phrase or phrase mask, specify the weighting coefficient for a blocked phrase, and then click<br />
OK.<br />
You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.<br />
OBSCENE WORDS<br />
<strong>Kaspersky</strong> Lab experts have compiled the list of obscene words included in the distribution package of <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>. The list contains obscene words that indicate with a high probability that the message is spam if<br />
present. You can supplement the list by adding complete phrases and their masks to it (see section "Using masks for<br />
phrases and addresses" on page 126).<br />
If Parental Control (see page 143) is enabled for the user and a password (see page 63) for editing the Parental Control<br />
settings is set, the user will have to enter the password to view the list of obscene phrases.<br />
To edit the list of obscene phrases:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
127
U S E R G U I D E<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab, in the Consider message as spam section, check the If it contains blocked<br />
phrases box and click the Select button.<br />
The Blocked phrases window will open.<br />
5. Check the Also block obscene words box and click the obscene words link to open the Agreement dialog.<br />
6. Read the agreement and, if you agree to the terms and conditions described in the window, check the box in the<br />
bottom part of the window and click the OK button.<br />
The Explicit language window will open.<br />
7. Click the Add link to open the Blocked phrase window.<br />
8. Enter the complete phrase or its mask, specify the phrase weighting coefficient and click OK.<br />
You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.<br />
BLOCKED AND ALLOWED SENDERS<br />
You can add addresses, mail from which Anti-Spam will identify as spam to the list of blocked senders. Sender<br />
addresses from which you expect no spam are stored in the list of allowed senders. This list is created automatically<br />
during Anti-Spam training (see section "Adding an address to the list of allowed senders" on page 124). You can also<br />
supplement the list manually.<br />
You can add complete addresses or address masks to the lists of allowed or blocked senders (see section "Using masks<br />
for phrases and addresses" on page 126).<br />
To create a list of blocked or allowed senders:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. Use the Exact methods tab to perform the following steps:<br />
If you need to create a list of blocked senders, in the Consider message as spam section, check the If it<br />
is from a blocked sender box and click the Select button to the right.<br />
The Blocked senders window will open.<br />
If you need to create a list of allowed senders, in the Consider message as not spam section, check the If<br />
it is from an allowed sender box and click the Select button to the right.<br />
The Allowed senders window opens.<br />
5. Click the Add link to open the Email address mask window.<br />
6. Enter an address mask and click the OK button.<br />
You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.<br />
128
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
YOUR ADDRESSES<br />
You can create a list of your mail addresses to make Anti-Spam label as spam any mail that is not addressed to you<br />
directly.<br />
To create the list of your email addresses:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab, check the If it is not addressed to me box and click the My addresses button.<br />
The My addresses window opens.<br />
5. Click the Add link to open the Email address mask window.<br />
6. Enter an address mask and click the OK button.<br />
You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.<br />
EXPORTING AND IMPORTING LISTS OF PHRASES AND ADDRESSES<br />
Once you have created the lists of phrases and addresses, you can reuse them, for example, transfer the addresses to a<br />
similar list on another computer running <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
To do this:<br />
1. Perform the export procedure – copy records from the list into a file.<br />
2. Move the file you have saved to another computer (for example, send it by email or use a removable data<br />
medium).<br />
3. Perform the import procedure – add the records from the file to the list of the same type on another computer.<br />
When exporting the list, you can copy either a selected list element only, or the entire list. When importing the list, you<br />
can add the new elements to the existing list, or replace the existing list with the one being imported.<br />
Addresses in the list of allowed senders can be imported from Microsoft Office Outlook / Microsoft Outlook Express<br />
(Windows Mail) address books.<br />
To export records from a list:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab, check the box in the line containing the name of the list from which the records<br />
should be exported and click the corresponding button to the right.<br />
5. In the displayed list window, check the records which should be included in the file.<br />
6. Click the Export link.<br />
129
U S E R G U I D E<br />
This opens a window that prompts you to export the highlighted items only. In this window, take one of the<br />
following actions:<br />
click the Yes button if you need to include only selected records in the file;<br />
click the No button if you need to include the entire list in the file.<br />
7. Specify a type and name for the file in the displayed window and confirm saving.<br />
To import records from a file to a list:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab, check the box in the line containing the name of the list to which the records should<br />
be imported and click the button to the right.<br />
5. Click the Import link in the list window. If you are importing a list of allowed senders, the application will display<br />
a menu in which you should select the Import from file item. For other list types, selection from the menu is not<br />
required.<br />
If the list is not empty, a window opens prompting you to add items to be imported. In this window, take one of<br />
the following actions:<br />
click the Yes button if you want to add records from the file to the list;<br />
click the No button if you want to replace the existing records with the list from the file.<br />
6. In the window that opens, select the file with the list of records that you want to import.<br />
To import a list of allowed senders from an address book:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Exact methods tab in the Consider message as not spam section, check the If it is from an allowed<br />
sender box and click the Select button.<br />
The Allowed senders window opens.<br />
5. Click the Import link, open the source selection menu, and select Import from the Address Book.<br />
6. Use the window that opens to select the desired address book.<br />
REGULATING THRESHOLD VALUES OF THE SPAM RATE<br />
Spam recognition is based on cutting-edge filtering methods, which allow you to train (see section "Training Anti-Spam"<br />
on page 122) Anti-Spam to distinguish spam, probable spam and useful email. In doing so, each individual element of<br />
good emails or spam is assigned a factor.<br />
130
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
When an email message comes in your inbox, Anti-Spam checks it for spam and useful mail. The component sums up<br />
the ratings of each spam (useful mail) item and calculates the resulting spam rate. The larger the spam rate, the higher<br />
the probability that such mail contains spam. A message is recognized by default as useful mail if its spam rate does not<br />
exceed 60. If the spam rate is higher than 60, such a message is considered to be potential spam. If the value exceeds<br />
90, the message is considered spam. You can modify the threshold values for the spam rate.<br />
To change the spam rate thresholds, perform the following steps:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Expert methods tab, use the Spam rate section to configure the spam rate values using the<br />
corresponding sliders or entry fields.<br />
USING ADDITIONAL FEATURES AFFECTING THE SPAM RATE<br />
The result of spam rate calculation can be affected by additional message characteristics, for example, the absence of a<br />
recipient's address in the "To" field or a very long message subject (over 250 characters). When present in a message,<br />
such signs increase the probability of its being spam. Consequently, the spam rate will increase. You can select which<br />
additional characteristics will be taken into account during message analysis.<br />
To use additional characteristics which increase the spam rate:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Expert methods tab, click the Additional button.<br />
5. In the Additional window which opens, check the boxes next to the characteristics which should be taken into<br />
account during message analysis and which increase the spam rate.<br />
SELECTING A SPAM RECOGNITION ALGORITHM<br />
Anti-Spam analyzes email messages using spam recognition algorithms.<br />
To enable the use of a spam recognition algorithm when analyzing email messages:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Expert methods tab, in the Recognition algorithms section, check the appropriate boxes.<br />
131
U S E R G U I D E<br />
ADDING A LABEL TO THE MESSAGE SUBJECT<br />
Anti-Spam can add appropriate labels to the Subject field of the message which has been deemed spam or potential<br />
spam after analysis:<br />
[!! SPAM] – for messages identified as spam;<br />
[?? Probable Spam] – for messages identified as potential spam.<br />
When present in message subject, such labels can help you distinguish spam and probable spam visually while viewing<br />
the mail lists.<br />
To configure adding of a label to messages' subjects:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. Use the Additional tab to select the checkboxes next to the labels which should be added to message subjects<br />
in the Actions section. If necessary, edit the label text.<br />
SCANNING MESSAGES FROM MICROSOFT EXCHANGE SERVER<br />
By default, the Anti-Spam component does not scan Microsoft Exchange Server messages. You can enable scan of<br />
email messages exchanged within an internal network (for example, corporate email).<br />
Messages are considered to be internal mail if Microsoft Office Outlook is used on all network computers, and if all user<br />
mailboxes are located on the same Exchange server or on linked servers.<br />
To enable scan of messages in Microsoft Exchange Server:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Spam component.<br />
3. Click the Settings button in the right part of the window.<br />
The Anti-Spam window will be displayed.<br />
4. On the Additional tab in the Exclusions section, uncheck the Do not check Microsoft Exchange Server<br />
native messages box.<br />
CONFIGURING SPAM PROCESSING BY MAIL CLIENTS<br />
If after scanning it is determined that an email is spam or probable spam, the further actions of Anti-Spam depend on the<br />
status of the message and the action selected. By default, email messages considered spam or probable spam are<br />
modified: in the Subject field of the message, the label [!! SPAM] or [?? Probable Spam], respectively, is added (see<br />
section "Adding a label to the message subject" on page 132).<br />
You can select additional actions to be taken with spam or probable spam. To do so, special plug-ins are provided in the<br />
Microsoft Office Outlook and Microsoft Outlook Express (Windows Mail) clients. You can configure mail filtering rules for<br />
The Bat! and Thunderbird email clients.<br />
132
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
IN THIS SECTION:<br />
Microsoft Office Outlook ................................................................................................................................................ 133<br />
Microsoft Outlook Express (Windows Mail) ................................................................................................................... 133<br />
Creating a rule for handling spam reports ..................................................................................................................... 133<br />
The Bat!......................................................................................................................................................................... 134<br />
Thunderbird ................................................................................................................................................................... 134<br />
MICROSOFT OFFICE OUTLOOK<br />
By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM]<br />
or [?? Probable Spam] in the Subject field. If additional processing of mail after Anti-Spam scans it is required, you can<br />
configure Microsoft Office Outlook as necessary. The spam processing settings window automatically opens the first time<br />
you run Microsoft Outlook after installing <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. The spam and probable spam processing settings<br />
for Microsoft Outlook are displayed on the special Anti-Spam tab of the Tools Options menu item.<br />
MICROSOFT OUTLOOK EXPRESS (WINDOWS MAIL)<br />
By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM]<br />
or [?? Probable Spam] in the Subject field. If additional processing of mail after Anti-Spam scans it is required, you can<br />
configure Microsoft Outlook Express (Windows Mail) as necessary.<br />
The spam processing settings window opens the first time you run your client after installing the application. You can<br />
also open it by clicking the Settings button in the email client toolbar next to the Spam and Not Spam buttons.<br />
CREATING A RULE FOR HANDLING SPAM REPORTS<br />
Below are the instructions for creating a rule for handling spam reports using Anti-Spam in Microsoft Office Outlook. You<br />
can use the guidelines to create custom rules.<br />
To create a spam processing rule:<br />
1. Run Microsoft Office Outlook and use the Tools Rules and Alerts command in the main application menu.<br />
The method used to access the wizard depends upon your version of Microsoft Office Outlook. This Help file<br />
describes how to create a rule using Microsoft Office Outlook 2003.<br />
2. In the Rules and Alerts window that opens, on the Email Rules tab, click the New Rule button. As a result, the<br />
Rules Wizard is launched. The Rules Wizard includes the following steps:<br />
a. You should decide whether you want to create a rule from scratch or use a template. Select the Start from<br />
a blank rule option and select the Check messages when they arrive scan condition. Click the Next<br />
button.<br />
b. In the message filtering condition configuration window click the Next button without checking any boxes.<br />
Confirm in the dialog box that you want to apply this rule to all emails received.<br />
c. In the window for selecting actions with regard to messages, check the perform a custom action box in<br />
the action list. In the lower part of the window, click the custom action link. Select <strong>Kaspersky</strong> Anti-Spam<br />
from the drop-down list in the window that opens and click the OK button.<br />
133
U S E R G U I D E<br />
d. Click the Next button in the exceptions from the rules window without checking any boxes.<br />
e. In the final window, you can change the rule's name (the default name is <strong>Kaspersky</strong> Anti-Spam). Make sure<br />
that the Turn on this rule box is checked, and click the Finish button.<br />
3. The default position for the new rule is first on the rule list in the Rules and Alerts window. If you like, move this<br />
rule to the end of the list so it is applied to the email last.<br />
All incoming emails are processed using these rules. The order in which rules are applied depends upon the<br />
priority specified for each rule. Rules are applied starting at the beginning of the list; the priority of each<br />
following rule is lower than that of the preceding one. You can increase or decrease rule priority by moving a<br />
rule up or down in the list. If you do not want the Anti-Spam rule to further process emails after a rule is applied,<br />
you must check the Stop processing more rules box in the rule settings (see Step 3 of the rule creation<br />
window).<br />
THE BAT!<br />
Actions with regard to spam and probable spam in The Bat! are defined by the client's own tools.<br />
To modify spam processing rules in The Bat!:<br />
1. In the Properties menu of the mail client, select the Settings item.<br />
2. Select the Spam protection object from the settings tree.<br />
Displayed settings of anti-spam protection apply to all installed Anti-Spam modules that support integration with The Bat!.<br />
You need to define the rating level and specify how messages with a certain rating should be handled (in the case of<br />
Anti-Spam – the probability of a message being spam):<br />
delete messages with ratings that exceed the specified value;<br />
move email messages with a given rating to a special spam folder;<br />
move spam marked with special headers to the spam folder;<br />
leave spam in the Inbox folder.<br />
After processing an email, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> assigns a spam or probable spam status to the message based<br />
on a rating with an adjustable value. The Bat! has its own email rating algorithm for spam, also based on a spam rate. To<br />
prevent discrepancies between spam rates in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> and The Bat!, all messages checked in Anti-<br />
Spam are assigned the rating corresponding to the message status: Not Spam email – 0%, Probable spam – 50%,<br />
Spam – 100%. Thus, the email rating in The Bat! corresponds to the rating of the relevant status and not to the spam<br />
rate assigned in Anti-Spam.<br />
For more details on the spam rate and processing rules, see the documentation for The Bat! mail client.<br />
THUNDERBIRD<br />
By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM]<br />
or [?? Probable Spam] in the Subject field. If additional processing of mail is required after Anti-Spam scans it, you can<br />
configure Thunderbird by opening its configuration window from the Tools Message Filters menu (for more details<br />
about using the mail client, see Mozilla Thunderbird Help).<br />
Thunderbird's Anti-Spam plug-in module allows training based on messages received and sent using this email client<br />
application and checking your email correspondence for spam on the server. The plug-in module is integrated into<br />
Thunderbird and forwards messages to the Anti-Spam component for scanning when commands from the<br />
Tools Run Junk Mail Controls on Folder menu are executed. Thus, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> checks<br />
messages instead of Thunderbird. This does not alter the functionality of Thunderbird.<br />
134
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
The Anti-Spam plug-in module status is displayed as an icon in the Thunderbird status line. A gray icon informs you that<br />
there is a problem in the plug-in's operation or that the Anti-Spam component is disabled. Double-click the icon to open<br />
the settings of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. To modify the Anti-Spam settings, click the Settings button in the Anti-Spam<br />
section.<br />
ANTI-BANNER<br />
Anti-Banner is designed to block banners on web pages you open and in the interface of specified applications. Adverts<br />
on banners may distract you from your activities, while banner downloads increase the amount of inbound traffic.<br />
Before a banner is displayed on a web page or in an application's window, it must be downloaded from the <strong>Internet</strong>. Anti-<br />
Banner scans the address from which the banner is downloaded. If the address matches a mask from the list included<br />
with the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> package or from the list of blocked banners addresses you have compiled on your<br />
own, Anti-Banner blocks the banner. To block banners with address masks not found in the abovementioned lists, the<br />
heuristic analyzer is used.<br />
In addition, you can create a list of allowed addresses to determine which banners should be allowed for display.<br />
IN THIS SECTION:<br />
Enabling and disabling Anti-Banner .............................................................................................................................. 135<br />
Selecting a scan method ............................................................................................................................................... 135<br />
Creating lists of blocked and allowed banner addresses............................................................................................... 136<br />
Exporting and importing lists of addresses .................................................................................................................... 136<br />
ENABLING AND DISABLING ANTI-BANNER<br />
Immediately after <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installation, the Anti-Banner component is disabled; it does not block<br />
banners. To activate banner blocking, you must enable Anti-Banner.<br />
To display all banners, disable Anti-Banner. To display some of banners, add their respective addresses to the list of<br />
allowed banner addresses (see section "Creating lists of blocked and allowed banner addresses" on page 136).<br />
To enable Anti-Banner:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Banner component.<br />
3. In the right part of the window, check the Enable Anti-Banner box.<br />
SELECTING A SCAN METHOD<br />
You can specify which methods should be used by Anti-Banner to scan addresses from which banners may be<br />
downloaded. In addition to these methods, Anti-Banner checks banner addresses for matches to the masks from the lists<br />
of allowed and blocked addresses, if those are in use.<br />
To select methods of address scanning for Anti-Banner:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Banner component.<br />
3. In the right part of the window, in the Scan methods group, check the boxes next to the names of the methods<br />
that should be used.<br />
135
U S E R G U I D E<br />
CREATING LISTS OF BLOCKED AND ALLOWED BANNER ADDRESSES<br />
You can use lists of blocked and allowed banner addresses to specify, from which addresses banners are allowed to<br />
load and display, and from which ones they are not. Create a list of blocked address masks to let Anti-Banner block<br />
download and display of banners from the addresses that correspond to those masks. Create a list of allowed address<br />
masks to let Anti-Banner download and display banners from the addresses that correspond to those masks.<br />
If you use Microsoft <strong>Internet</strong> Explorer, Mozilla Firefox, or Google Chrome, you can add masks to the list of blocked<br />
addresses directly from the browser window.<br />
To add a mask to the list of blocked (allowed) addresses:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Banner component.<br />
3. In the right part of the window, in the Additional section, check the Use the list of blocked URLs box (or the<br />
Use the list of allowed URLs box) and click the Settings button located under the box.<br />
The Blocked URLs (or Allowed URLs) window opens.<br />
4. Click the Add button.<br />
The Address mask (URL) window will open.<br />
5. Enter a banner address mask and click the OK button.<br />
You do not have to delete a mask to stop using it; unchecking the box next to the mask will be sufficient.<br />
To add a mask to the list of blocked addresses from the browser window,<br />
right-click the image in the browser window to open a context menu, and select Add to Anti-Banner.<br />
EXPORTING AND IMPORTING LISTS OF ADDRESSES<br />
Lists of allowed and blocked banner addresses can be used repeatedly (for example, you can export banner addresses<br />
to a similar list on another computer with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> installed on it).<br />
To do this:<br />
1. Perform the export procedure – copy records from the list into a file.<br />
2. Move the file you have saved to another computer (for example, send it by email or use a removable data<br />
medium).<br />
3. Perform the import procedure – add the records from the file to the list of the same type on another computer.<br />
When exporting the list, you can copy either a selected list element only, or the entire list. When importing the list, you<br />
can add the new elements to the existing list, or replace the existing list with the one being imported.<br />
To export banner addresses from the list of allowed or blocked URLs, perform the following steps:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Banner component.<br />
3. In the right part of the window, in the Additional section, click the Settings button located in the line with the<br />
name of the list from which you need to copy addresses into a file.<br />
136
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
4. In the Allowed URLs (or Blocked URLs) window that opens, check the boxes next to the addresses that you<br />
need to include in the file.<br />
5. Click the Export button.<br />
This opens a window that prompts you to export the highlighted items only. In this window, take one of the<br />
following actions:<br />
click the Yes button if you need to include only selected addresses in the file;<br />
click the No button if you need to include the entire list in the file.<br />
6. In the window that opens, enter a name for the file you want to save and confirm saving.<br />
To import banner addresses from a file to the list of allowed or blocked URLs:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Protection Center section, select the Anti-Banner component.<br />
3. In the right part of the window, in the Additional section, click the Settings button located in the line with the<br />
name of the list to which you need to add addresses from a file.<br />
4. In the Allowed URLs window that opens (or the Blocked URLs window), click the Import button.<br />
If the list is not empty, a window opens prompting you to add items to be imported. In this window, take one of<br />
the following actions:<br />
click the Yes button if you want to add records from the file to the list;<br />
click the No button if you want to replace the existing records with the list from the file.<br />
5. In the window that opens, select the file with the list of records that you want to import.<br />
SAFE RUN FOR APPLICATIONS AND SAFE RUN FOR<br />
WEBSITES<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> can perform potentially dangerous actions in isolation from the main operating system.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> provides the following features for this purpose:<br />
run separate application in Safe Run on the main desktop (see page 52);<br />
use Safe Run for Applications (see page 138);<br />
use Safe Run for Websites (see page 141).<br />
Isolation from the main operating system provides additional security for your computer because real operating system<br />
files are not modified.<br />
Suspicious files detected while you work in the safe environment are quarantined in the normal mode. When files are<br />
recovered from Quarantine, they are restored to the original folder. If the original folder cannot be found, <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong> prompts you to specify a location to restore the object in the environment (normal or safe) in which the<br />
restoration procedure was started.<br />
Safe Run and Safe Run for Websites are not available on computers running under Microsoft Windows XP x64.<br />
The functionality of certain applications launched on computers running Microsoft Windows Vista x64 and Microsoft<br />
Windows 7 x64 is limited when operating in the safe environment. If such applications are started, a message to that<br />
137
U S E R G U I D E<br />
effect is displayed on screen if you have enabled notifications (see page 172) of the Application functionality is limited<br />
in safe mode event. In addition, Safe Run for Applications is completely inaccessible.<br />
IN THIS SECTION:<br />
About Safe Run ............................................................................................................................................................. 138<br />
About Safe Run for Websites ........................................................................................................................................ 141<br />
Using a shared folder .................................................................................................................................................... 143<br />
ABOUT SAFE RUN<br />
Safe Run is a secure environment isolated from the main operating system and designed for running applications whose<br />
safety raises doubts. In Safe Run, real operating system files do not undergo changes. So even if you run an infected<br />
application in Safe Run, all of its actions will be limited to the virtual environment without affecting the operating system.<br />
IN THIS SECTION:<br />
Launching and closing applications in Safe Run ........................................................................................................... 138<br />
Automatic launch of applications in Safe Run ............................................................................................................... 139<br />
Switching between the main desktop and Safe Run for Applications ............................................................................ 139<br />
Using the pop-up toolbar in Safe Run ........................................................................................................................... 140<br />
Clearing Safe Run ......................................................................................................................................................... 140<br />
Creating a shortcut for Safe Run on the desktop .......................................................................................................... 141<br />
LAUNCHING AND CLOSING APPLICATIONS IN SAFE RUN<br />
You can activate Safe Run for Applications using one of the following methods:<br />
from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window"<br />
on page 33);<br />
from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> context menu (see section "Context menu" on page 32);<br />
using a button in the <strong>Kaspersky</strong> Gadget interface if the option of running Safe Run for Applications is assigned<br />
to a button (see section "How to use the <strong>Kaspersky</strong> Gadget" on page 59);<br />
using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141).<br />
You can close Safe Run for Applications using one of the following methods:<br />
using the operation system's Start menu;<br />
from the pop-up toolbar (see section "Using the pop-up toolbar" on page 140);<br />
using the key combination CTRL+ALT+SHIFT+K.<br />
138
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To start Safe Run for Applications from the main <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> window:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Safe Run for Applications section.<br />
3. In the window that opens, click the Go to Safe Run for Applications button.<br />
To activate Safe Run for Applications from the context menu of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>,<br />
right-click to open the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> context menu in the taskbar notification area and select Safe Run<br />
for Applications.<br />
To start Safe Run for Applications from the <strong>Kaspersky</strong> Gadget,<br />
click the button with the Safe Run icon in the <strong>Kaspersky</strong> Gadget interface (only for Microsoft Windows Vista and<br />
Microsoft Windows 7 operating systems).<br />
To close Safe Run from the Start menu,<br />
in the Start menu of the operating system, select Safe Run for Applications – shutdown.<br />
To close Safe Run from the pop-up toolbar:<br />
1. Roll over the top part of the screen with the mouse pointer.<br />
2. In the pop-up toolbar, click the button.<br />
3. In the action selection window that opens, select Disable.<br />
AUTOMATIC LAUNCH OF APPLICATIONS IN SAFE RUN<br />
You can create a list of applications that will run automatically when you start the Safe Run.<br />
An autorun list can only be created in Safe Run.<br />
To generate an autorun list for Safe Run:<br />
1. In the Start menu of the operating system, select Programs Autorun Safe Run for Applications.<br />
2. Right-click to open the context menu and select Open.<br />
3. Copy applications icons to be launched at startup of Safe Run for Applications into the opened folder.<br />
SWITCHING BETWEEN THE MAIN DESKTOP AND SAFE RUN FOR<br />
APPLICATIONS<br />
You can switch to the main desktop without closing Safe Run and then switch back. You can use the following methods<br />
to switch between the main desktop and Safe Run:<br />
from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window"<br />
on page 33);<br />
from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> context menu (see section "Context menu" on page 32);<br />
from the pop-up toolbar (see section "Using the pop-up toolbar in Safe Run" on page 140) (available in Safe<br />
Run only);<br />
using the gadget.<br />
139
U S E R G U I D E<br />
To switch to the main desktop from the main window of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Safe Run for Applications section.<br />
3. In the window that opens, click the Main desktop button.<br />
To switch to the main desktop from the context menu of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>,<br />
right-click to open the context menu for the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> icon in the notification area and select<br />
Return to the main desktop.<br />
To switch to the main desktop from the pop-up toolbar:<br />
1. Roll over the top part of the screen with the mouse pointer.<br />
2. In the pop-up toolbar, click the button.<br />
USING THE POP-UP TOOLBAR IN SAFE RUN<br />
You can use the pop-up toolbar in Safe Run to perform the following actions:<br />
close Safe Run (see section "Launching and closing applications in Safe Run" on page 138);<br />
switch to the main desktop (see section "Switching between the main desktop and Safe Run for Applications" on<br />
page 139).<br />
To display the pop-up toolbar in Safe Run,<br />
roll over the top part of the screen with the mouse pointer.<br />
To fix the pop-up toolbar:<br />
1. Roll over the top part of the screen with the mouse pointer.<br />
2. In the pop-up toolbar, click the button.<br />
CLEARING SAFE RUN<br />
During the clearing process, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> deletes data that was saved in Safe Run and restores settings<br />
that were modified.<br />
Clearing is carried out from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window on the main desktop and only if Safe Run has<br />
been closed.<br />
Prior to clearing, make sure that all data that may be needed for further work have been saved in the Safe Run shared<br />
folder. Otherwise, the data will be deleted irretrievably.<br />
To clear Safe Run data:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Safe Run for Applications section.<br />
3. In the window that opens, click the button.<br />
4. In the menu that opens, select the Clear Safe Run for Applications item.<br />
140
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
CREATING A SHORTCUT FOR SAFE RUN ON THE DESKTOP<br />
If you want to start Safe Run quickly, you can create a shortcut on the desktop.<br />
To create a desktop shortcut for Safe Run:<br />
1. Open the main application window.<br />
2. In the bottom part of the window, select the Safe Run for Applications section.<br />
3. In the window that opens, click the button.<br />
4. In the window that opens, select the Create desktop shortcut item.<br />
ABOUT SAFE RUN FOR WEBSITES<br />
Safe Run for Websites is designed for accessing online banking systems and other websites processing confidential<br />
data.<br />
You can enable access control for online banking services (see section "Controlling access to online banking services"<br />
on page 94) to determine banking websites automatically, and also start Safe Run for Websites manually (see section<br />
"Protection of confidential data entered on websites" on page 51).<br />
In Safe Run for Websites, no input data or modifications (for example, saved cookies, website logs) are stored in the<br />
operating system, which means they cannot be exploited by hackers.<br />
A browser running in Safe Run for Websites mode is marked with a green frame around the application window.<br />
IN THIS SECTION:<br />
Selecting the browser for Safe Run for Websites .......................................................................................................... 141<br />
Clearing Safe Run for Websites .................................................................................................................................... 142<br />
Creating a desktop shortcut for Safe Run for Websites ................................................................................................ 142<br />
SELECTING THE BROWSER FOR SAFE RUN FOR WEBSITES<br />
The default browser is used for Safe Run for Websites. You can select a different browser installed on your computer.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> allows the use of the following browsers:<br />
Microsoft <strong>Internet</strong> Explorer versions 6, 7, 8, 9;<br />
Mozilla Firefox versions 3.x, 4.x;<br />
Google Chrome versions 7.x, 8.x.<br />
To select the browser for Safe Run for Websites:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Safe Run for Websites section.<br />
141
U S E R G U I D E<br />
3. In the window that opens, click the button.<br />
4. In the menu that opens, select the Settings item.<br />
5. The Safe Run for Websites settings window opens.<br />
6. In the Select browser for Safe Run for Websites list in the window that opens, select the required browser.<br />
7. Click the Save button.<br />
CLEARING SAFE RUN FOR WEBSITES<br />
By default, in Safe Run for Websites <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> saves changes to browser settings and data entered on<br />
websites. To protect data, it is recommended that you clear Safe Run for Websites on a regular basis.<br />
During the clearing process, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> deletes data that was saved in Safe Run for Websites and<br />
restores settings that were modified.<br />
Prior to clearing, make sure that all data that may be needed for further work has been saved in the Safe Run shared<br />
folder. Otherwise, the data will be deleted irretrievably.<br />
Instead of clearing Safe Run for Websites manually, you can enable automatic clearing. In this case, <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> performs clearing automatically when Safe Run for Websites is closed, and manual clearing is not available.<br />
To clear Safe Run for Websites data manually:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Safe Run for Websites section.<br />
3. In the window that opens, click the button.<br />
4. In the menu that opens, select the Clear Safe Run for Websites item.<br />
To enable automatic clearing of Safe Run for Websites:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Safe Run for Websites section.<br />
3. In the window that opens, click the button.<br />
4. In the menu that opens, select the Settings item.<br />
5. The Safe Run for Websites settings window opens.<br />
6. In the Additional settings section in the window that opens, select the option Enable the automatic clearing<br />
of data.<br />
7. Click the Save button.<br />
CREATING A DESKTOP SHORTCUT FOR SAFE RUN FOR WEBSITES<br />
If you want to start Safe Run for Websites quickly, you can create a shortcut on the desktop.<br />
142
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To create a desktop shortcut for Safe Run for Websites:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Safe Run for Websites section.<br />
3. In the window that opens, click the button.<br />
4. In the window that opens, select the Create desktop shortcut item.<br />
USING A SHARED FOLDER<br />
The shared folder is designed to share files between the main operating system, Safe Run for Applications and Safe Run<br />
for Websites. All files saved in this folder when working in Safe Run for Applications and Safe Run for Websites are<br />
available from the standard desktop.<br />
The shared folder is created when the application is being installed. The location of the shared folder may vary<br />
depending on the operating system:<br />
for Microsoft Windows XP – C:\Documents and Settings\All Users\Application Data\<strong>Kaspersky</strong><br />
Lab\SandboxShared;<br />
for Microsoft Windows Vista and Microsoft Windows 7 – C:\ProgramData\<strong>Kaspersky</strong> Lab\SandboxShared.<br />
The location of the shared folder cannot be changed.<br />
The shared folder can be opened in two ways:<br />
from the main application window (see section "The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window" on page 33);<br />
using the shortcut marked with the icon. Depending on the application settings specified by developers, the<br />
shortcut may be located in the My Computer section or the My Documents section of Microsoft Windows<br />
Explorer.<br />
To open the shared folder from the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> main window:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Safe Run for Applications or Safe Run for Websites section.<br />
3. In the window that opens, click the Open shared folder button.<br />
PARENTAL CONTROL<br />
Parental Control allows the monitoring of actions users take on the computer and online. This control provides the option<br />
of restricting access to <strong>Internet</strong> resources and applications, as well as viewing reports of users' activities.<br />
Nowadays, an ever-increasing number of children and teenagers are obtaining access to computers and web resources.<br />
This means problems for security, since activity and communication on the <strong>Internet</strong> may entail a whole range of threats.<br />
These are the most frequent ones:<br />
access to websites that could waste time (chat rooms, games) or money (e-stores, auctions);<br />
access to websites targeted at an adult audience, such as those displaying pornography, extremism, firearms,<br />
drug abuse, and explicit violence;<br />
143
U S E R G U I D E<br />
downloading of files infected with malware;<br />
excessive time spent using the computer, which may result in deterioration of health;<br />
contact with unfamiliar people who may pretend to be peers to obtain personal information from the user, such<br />
as real name, physical address, time of day when nobody is home.<br />
Parental Control allows you to reduce risks posed by the computer and the <strong>Internet</strong>. To do this, the following module<br />
functions are used:<br />
limiting the time for computer and <strong>Internet</strong> use;<br />
creating lists of allowed and blocked applications, as well as temporarily limiting the number of startups for<br />
allowed applications;<br />
creating lists of allowed and blocked websites and selection of categories of websites with content not<br />
recommended for viewing;<br />
enabling a safe search mode through search engines (links to websites with dubious content are not displayed<br />
in the search results);<br />
restricting file downloads from the <strong>Internet</strong>;<br />
creating lists of contacts which are allowed or blocked for communication via IM clients and social networks;<br />
viewing message logs from IM clients and social networks;<br />
blocking sending of certain personal data;<br />
searching for specified key words in message logs.<br />
All these restrictions can be enabled independently from each other, which allows you to flexibly configure Parental<br />
Control for various users. For each account, you can view reports of events in the categories to be controlled that the<br />
component has logged over a specified period.<br />
To configure and view Parental Control reports, you must enter your username and password. If you have not yet<br />
created a password for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see section "Restricting access to <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>" on<br />
page 63), you will be prompted to do so when Parental Control starts for the first time.<br />
IN THIS SECTION:<br />
Configuring a user's Parental Control ............................................................................................................................ 144<br />
Viewing reports of a user's activity ................................................................................................................................ 153<br />
CONFIGURING A USER'S PARENTAL CONTROL<br />
You can enable and configure Parental Control for each account on your computer separately by imposing different limits<br />
on different users, for instance, depending on age. You can also disable Parental Control for users whose activity needs<br />
no control.<br />
144
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
IN THIS SECTION:<br />
Enabling and disabling user control .............................................................................................................................. 145<br />
Exporting and importing Parental Control settings ........................................................................................................ 146<br />
Displaying an account in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ................................................................................................... 147<br />
Time for computer use .................................................................................................................................................. 148<br />
Time for <strong>Internet</strong> use ..................................................................................................................................................... 148<br />
Applications Usage ....................................................................................................................................................... 148<br />
Viewing websites ........................................................................................................................................................... 149<br />
Downloading files from the <strong>Internet</strong> ............................................................................................................................... 150<br />
Communicating via IM clients ........................................................................................................................................ 150<br />
Communicating via social networks .............................................................................................................................. 151<br />
Sending confidential information ................................................................................................................................... 152<br />
Searching for key words ................................................................................................................................................ 153<br />
ENABLING AND DISABLING USER CONTROL<br />
You can enable and disable Parental Control individually for each account. For example, there is no need to control the<br />
activity of an adult user with the administrator account; Parental Control for this user can be disabled. For other users<br />
whose activity should be controlled, the Parental Control should be enabled and configured, for example, by loading the<br />
standard configuration from a template.<br />
Parental Control can be enabled or disabled in the following ways:<br />
from the main application window (see page 33);<br />
from the Parental Control settings window;<br />
from the application settings window (see page 36);<br />
from the context menu of the application icon (see page 32).<br />
Parental Control can be enabled / disabled from the context menu only for the current user account.<br />
To enable Parental Control for an account from the main window:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Enable button.<br />
To enable Parental Control for an account from the Parental Control window:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
145
U S E R G U I D E<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the User Account Settings section in the left part of the window.<br />
5. In the right part of the window, check the Enable control for the user box if you want to enable Parental<br />
Control for the account.<br />
6. Click the Apply button to save the changes you have made.<br />
To enable Parental Control for an account from the application settings window:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Parental Control component.<br />
3. In the right part of the window, select the user for whom you want to enable Parental Control.<br />
4. Above the list of users, click the Control button.<br />
To enable Parental Control for the current account from the context menu,<br />
select Enable Parental Control in the context menu of the application icon.<br />
EXPORTING AND IMPORTING PARENTAL CONTROL SETTINGS<br />
If you have configured Parental Control for a certain account, you can save the settings to a file (export). You can<br />
subsequently load the settings from that file to configure them quickly (import). Furthermore, you can apply the control<br />
settings defined for another account or a configuration template (predefined set of rules for different types of users<br />
depending upon their age, experience and other characteristics).<br />
After a certain configuration is applied to an account, you can modify the values of the settings. That will not affect the<br />
values in the source file from which these settings have been imported.<br />
To save the Parental Control settings to a file:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the User Account Settings section in the left part of the window.<br />
5. In the right part of the window in the Manage Settings section, click the Save button and save the settings file.<br />
To load the control settings from a file:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Enable button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the User Account Settings section in the left part of the window.<br />
146
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
5. In the right part of the window in the Manage Settings section, click the Load button.<br />
6. Use the Load Parental Control settings window that opens to select the Configuration file option and specify<br />
the file location.<br />
To apply the settings of another account:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Enable button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the User Account Settings section in the left part of the window.<br />
5. In the right part of the window in the Manage Settings section, click the Load button.<br />
6. Select the Another user option In the Load Parental Control settings window that opens and specify the<br />
account whose settings should be used.<br />
To use a configuration template:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Enable button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the User Account Settings section in the left part of the window.<br />
5. In the right part of the window in the Manage Settings section, click the Load button.<br />
6. Select the Template option in the Load Parental Control settings window that opens and specify the template<br />
that contains the necessary settings.<br />
DISPLAYING AN ACCOUNT IN KASPERSKY INTERNET SECURITY<br />
You can select an alias and an image with which your account will be displayed in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
To specify an alias and an image for an account:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the User Account Settings section in the left part of the window.<br />
5. In the right part of the window, specify the user's alias in the Alias field.<br />
6. Select an image for the user account in the Image section.<br />
7. Click the Apply button to save the changes you have made.<br />
147
U S E R G U I D E<br />
TIME FOR COMPUTER USE<br />
You can set up a schedule for a user's access to the computer (specifying days of the week and time of day) and limit the<br />
total time for computer use per 24 hours.<br />
To restrict the amount of time spent on the computer:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the Computer Usage section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Impose time limits on computer use.<br />
7. Click the Apply button to save the changes you have made.<br />
TIME FOR INTERNET USE<br />
You can restrict the time a user spends on the <strong>Internet</strong>. To do this, you can set up a schedule for <strong>Internet</strong> use (specifying<br />
days of the week and time of day when access should be granted or denied) and limit the total time for <strong>Internet</strong> in a 24<br />
hour period.<br />
To restrict the amount of time spent on the <strong>Internet</strong>:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the <strong>Internet</strong> Usage section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Impose time limits on <strong>Internet</strong> use.<br />
7. Click the Apply button to save the changes you have made.<br />
APPLICATIONS USAGE<br />
You can allow or block the running of specified programs and impose time limits on startup.<br />
To restrict running of applications:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
148
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
4. Open the Settings tab and select the Applications Usage section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Create lists of allowed and blocked applications and set a schedule for the use of allowed applications.<br />
7. Click the Apply button to save the changes you have made.<br />
VIEWING WEBSITES<br />
You can impose restrictions on access to specified websites depending on their content. To do this, you can select<br />
categories of websites to be blocked and create a list of exclusions, if necessary.<br />
You can also enable the safe search mode, which is applied when the user is working with search engines. Some search<br />
engines are designed to protect users against unsolicited content of web resources. To do this, when indexing websites,<br />
key words and phrases, resources' addresses and categories are analyzed. When the safe search mode is enabled,<br />
search results do not include websites belonging to unwanted categories, such as pornography, drug abuse, violence,<br />
and other materials not recommended for underage audiences.<br />
Parental Control allows enabling of the safe search mode simultaneously for the following search engines:<br />
Google;<br />
Bing.<br />
To place restrictions on visited websites:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the Web Browsing section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. In the Block websites section, select the access mode for websites:<br />
If you want to block access to certain categories of websites, select the option Block websites from the<br />
following categories and check the boxes for all the categories of websites that you want to block access<br />
to.<br />
If you need to allow access to certain websites that come under a blocked category, click the Exclusions<br />
button, add the URLs to the list of exclusions, and assign them the Allowed status.<br />
If you want to generate a list of websites to which access is allowed and block access to all other websites,<br />
select the option Block access to all websites except websites allowed in the list of exclusions, click<br />
the Exclusions button, add the URLs to the list of exclusions, and assign them the Allowed status.<br />
If you want to block access to certain websites, click the Exclusions button, add the URLs to the list of<br />
exclusions, and assign them the Blocked status.<br />
7. Check the Enable safe search box to enable safe search mode.<br />
8. Click the Apply button to save the changes you have made.<br />
149
U S E R G U I D E<br />
DOWNLOADING FILES FROM THE INTERNET<br />
You can specify the types of files that a user can download from the <strong>Internet</strong>.<br />
To restrict downloading of files from the <strong>Internet</strong>:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the File Downloads section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Select the file categories that should be allowed for downloading.<br />
7. Click the Apply button to save the changes you have made.<br />
COMMUNICATING VIA IM CLIENTS<br />
Controlling communication via instant messaging programs (IM clients) consists of controlling contacts allowed for<br />
communication, blocking banned contacts, and monitoring messaging logs. You can create lists of allowed and blocked<br />
contacts, specify key words that should be checked for in messages, and specify personal information whose<br />
transmission is to be blocked.<br />
If communication with a contact is blocked, all messages addressed to this contact or received from it will be filtered out.<br />
Information about blocked messages and key words encountered in them is displayed in a report. The report also<br />
includes messaging logs for each contact.<br />
The following restrictions are imposed on communication monitoring:<br />
If an IM client was launched before Parental Control was enabled, communication monitoring will not start until<br />
the IM client is restarted.<br />
When using an HTTP proxy, communication is not monitored.<br />
The current version of Parental Control monitors communication via the following IM clients:<br />
ICQ;<br />
QIP;<br />
Windows Live Messenger (MSN);<br />
Yahoo Messenger;<br />
GoogleTalk;<br />
mIRC;<br />
Mail.Ru Agent;<br />
Psi;<br />
Miranda;<br />
150
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
Digsby;<br />
Pidgin;<br />
Qnext;<br />
SIM;<br />
Trilian;<br />
Xchat;<br />
Instantbird;<br />
RnQ;<br />
MSN;<br />
Jabber.<br />
Some IM clients, such as Yahoo! Messenger and Google Talk, use encrypted connections. To scan the traffic generated<br />
by those programs, you have to enable encrypted connections scanning (see page 116).<br />
To restrict messaging via IM clients:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the Instant Messaging section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Create a list of allowed and blocked contacts:<br />
a. In the Contacts list, click the Add contact button.<br />
b. In the New contact window that opens, select a contact from the list or enter one manually.<br />
7. If you want to allow communication only with contacts in the list that have the Allowed status, click the Block<br />
messaging with contacts not from the list box.<br />
8. Click the Apply button to save the changes you have made.<br />
COMMUNICATING VIA SOCIAL NETWORKS<br />
Controlling communication via social networks consists of controlling contacts allowed for communication, blocking<br />
banned contacts, and monitoring messaging logs. You can create lists of allowed and blocked contacts, specify key<br />
words that should be checked for in messages, and specify personal information whose transmission is to be blocked.<br />
If communication with a contact is blocked, all messages addressed to this contact or received from it will be filtered out.<br />
Information about blocked messages and key words encountered in them is displayed in a report. The report also<br />
includes messaging logs for each contact.<br />
151
U S E R G U I D E<br />
Some social networks, such as Twitter, use encrypted connections. To scan the traffic generated by those networks, you<br />
have to enable encrypted connections scanning (see page 116).<br />
To restrict messaging via social networks:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the Social Networking section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Create a list of allowed and blocked contacts:<br />
A list cannot be generated if <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> has not yet gathered sufficient data on social network<br />
usage.<br />
a. In the Contacts list, click the Add contact button.<br />
b. In the New contact window that opens, select a contact from the list or enter one manually.<br />
7. If you want to allow communication only with contacts in the list that have the Allowed status, click the Block<br />
messaging with contacts not from the list box.<br />
8. Click the Apply button to save the changes you have made.<br />
SENDING CONFIDENTIAL INFORMATION<br />
You can block sending of data that contains confidential information via IM clients, social networks, and when sending<br />
data to websites. To do this, you should create a list of records that contain confidential data, such as physical address<br />
and phone number.<br />
Attempts to send listed data are blocked, and information about blocked messages is displayed in a report.<br />
To ban the sending of confidential information:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the Private Data section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Create a list of private data that should not be sent:<br />
a. In the Private Data list, click the Add button.<br />
b. In the Private Data window that opens, enter the information that you want to prevent from being sent.<br />
7. Click the Apply button to save the changes you have made.<br />
152
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
SEARCHING FOR KEY WORDS<br />
You can check a user's messages for specified words and word combinations in communications via IM clients and<br />
social networks and when sending data to websites.<br />
If listed key words are detected in the messages, this is displayed in a report.<br />
If you have disabled control of messaging via IM clients, social networks, or control of websites being visited, key words<br />
are not searched for.<br />
To monitor specified key words in messages and data being sent:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Open the Settings tab and select the Word Usage section in the left part of the window.<br />
5. In the right part of the window, check the Enable control box.<br />
6. Generate a list of key words to be monitored in messages and data that is sent:<br />
a. In the Key words list, click the Add button.<br />
b. In the Key word window that opens, enter the words or phrases that are to be monitored.<br />
7. Click the Apply button to save the changes you have made.<br />
VIEWING REPORTS OF A USER'S ACTIVITY<br />
You can access reports on the activity of each user account under Parental Control, reviewing individually each category<br />
of controlled events.<br />
To view a report on the activity of a controlled user account:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Parental Control section.<br />
3. In the section containing the account in the window that opens, click the Settings button.<br />
The Parental Control window will open.<br />
4. Select the Reports tab.<br />
5. Use the left part of the window that opens to select the category of supervised operations or content, for<br />
example, <strong>Internet</strong> Usage or Private Data.<br />
A report of actions and content being supervised will be displayed in the right part of the window.<br />
153
U S E R G U I D E<br />
TRUSTED ZONE<br />
The Trusted zone is a list of objects which should not be monitored by the application. In other words, it is a set of<br />
exclusions from the scope of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> protection.<br />
The Trusted zone is created based on the list of trusted applications (see section "Creating a list of trusted applications"<br />
on page 154) and exclusion rules (see section "Creating exclusion rules" on page 155), depending on the features of the<br />
objects you work with and applications installed on the computer. Including objects in the trusted zone may be required if,<br />
for example, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> blocks access to an object or application, even though you are certain that this<br />
object / application is absolutely harmless.<br />
For example, if you think objects used by Microsoft Windows Notepad are harmless and require no scanning, that is, you<br />
trust this application, add Notepad to the list of trusted applications to exclude scanning of objects used by this process.<br />
Some actions classified as dangerous may be safe in the framework of certain applications. For instance, applications<br />
that automatically toggle keyboard layouts, such as Punto Switcher, regularly intercept text being entered on your<br />
keyboard. To take into account the specifics of such applications and disable the monitoring of their activity, you are<br />
advised to add them to the list of trusted applications.<br />
When an application is added into the list of trusted ones, its file and network activities (including suspicious ones)<br />
become uncontrolled. So do its attempts to access the system registry. At the same time, the executable file and the<br />
trusted application's process are scanned for viruses as they were before. To completely exclude an application from a<br />
scan, you should use exclusion rules.<br />
Excluding trusted applications from scanning avoids problems related to the application's compatibility with other<br />
programs (e.g. the problems of double scanning of network traffic on a third-party computer by <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> and by another anti-virus application), and also increases the computer's performance rate, which is critical<br />
when using server applications.<br />
In its turn, exclusion rules for the trusted zone ensure the option of working with legal applications that may be exploited<br />
by intruders to do harm to the user's computer or data. These applications have no malicious features, but they may be<br />
used as auxiliary components of a malicious program. This category includes remote administration applications, IRC<br />
clients, FTP servers, various utility tools for halting or concealing processes, keyloggers, password hacking programs,<br />
dialers, and others. Such applications may be blocked by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. To avoid blockage, you can<br />
configure exclusion rules.<br />
An Exclusion rule is a set of conditions which determine that an object should not be scanned by <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong>. In any other case, the object is scanned by all protection components according to their respective protection<br />
settings.<br />
Exclusion rules for the trusted zone may be used by several application components, such as File Anti-Virus (see section<br />
"File Anti-Virus" on page 77), Mail Anti-Virus (see section "Mail Anti-Virus" on page 83), Web Anti-Virus (see section<br />
"Web Anti-Virus" on page 88)), or when running virus scan tasks.<br />
IN THIS SECTION:<br />
Creating a list of trusted applications ............................................................................................................................ 154<br />
Creating exclusion rules ................................................................................................................................................ 155<br />
CREATING A LIST OF TRUSTED APPLICATIONS<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans objects being opened, run, or saved by any program process and monitors<br />
the activity of all applications and the network traffic they create. When you add an application to the list of trusted ones,<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> excludes it from scanning.<br />
154
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To add an application to the trusted list:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions<br />
subsection.<br />
3. In the Exclusions section, click the Settings button.<br />
4. In the window that opens, on the Trusted applications tab, open the application selection menu by clicking the<br />
Add button.<br />
5. In the menu that opens, select an application from the Applications list, or select Browse to specify the path to<br />
the executable files of the desired application.<br />
6. In the Exclusions for applications window that opens, check the boxes for the types of application activity that<br />
should be excluded from scanning.<br />
CREATING EXCLUSION RULES<br />
If you use applications recognized by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> as legal ones that may be used by intruders to do<br />
harm to the user's computer or data, we recommend that you configure exclusion rules for them.<br />
To create an exclusion rule:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions<br />
subsection.<br />
3. In the Exclusions section, click the Settings button.<br />
4. In the window that opens, on the Exclusion rules tab, click the Add button.<br />
5. In the Exclusion rule window that opens, edit the exclusion rule settings.<br />
PERFORMANCE AND COMPATIBILITY WITH OTHER<br />
APPLICATIONS<br />
The performance of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is defined as the range of threats it can detect, as well as its<br />
consumption of energy and computer resources.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> allows you to select various categories of threats (see section "Selecting detectable threat<br />
categories" on page 156) that the application should detect.<br />
Energy consumption is of great importance for portable computers. Scanning a computer for viruses and updating the<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases often require significant amounts of resources. The special laptop mode of<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> (see section "Battery saving" on page 156) allows you to automatically postpone scheduled<br />
scan and update tasks when using batteries, thus saving battery charge, while Idle Scan mode (see section "Running<br />
tasks in background mode" on page 157) allows you to run resource-intensive tasks when your computer is not in use.<br />
Consumption of the computer's resources by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> may impact other applications' performance.<br />
To solve problems of simultaneous operations which increase the load on the CPU and disk subsystems, <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong> may pause scan tasks and concede resources to other applications (see section "Distributing computer<br />
resources when scanning for viruses" on page 157) running on your computer.<br />
In the Gaming Profile (see page 158) mode, the application automatically disables displaying notifications of <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>'s activity when starting other applications in full-screen mode.<br />
155
U S E R G U I D E<br />
In case of an active infection in the system, the advanced disinfection procedure requires restarting your computer, which<br />
may also impact other applications' performance. If necessary, you can disable the advanced disinfection technology<br />
(see page 156) to avoid an unwanted restart of your computer.<br />
IN THIS SECTION:<br />
Selecting detectable threat categories .......................................................................................................................... 156<br />
Battery saving ............................................................................................................................................................... 156<br />
Advanced Disinfection ................................................................................................................................................... 156<br />
Distributing computer resources when scanning for viruses ......................................................................................... 157<br />
Running tasks in background mode .............................................................................................................................. 157<br />
Full-screen mode. Gaming Profile ................................................................................................................................. 158<br />
SELECTING DETECTABLE THREAT CATEGORIES<br />
Threats detected by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> are divided into categories based on various attributes. The application<br />
always searches for viruses, Trojan programs, and malicious utility tools. These programs can do significant harm to your<br />
computer. To ensure a more reliable protection to your computer, you can extend the list of detected threats by enabling<br />
control of actions performed by legal applications that may be exploited by an intruder to do harm to the user's computer<br />
and data.<br />
To select detectable threat categories:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions<br />
subsection.<br />
3. In the right part of the window, click the Settings button located under the Detection of the following threat<br />
types is enabled list.<br />
4. In the Threats window that opens, check the boxes for the categories of threats that should be detected.<br />
BATTERY SAVING<br />
To save power on a portable computer, virus scanning and scheduled update tasks can be postponed. If necessary, you<br />
can update <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> or start a virus scan manually.<br />
To enable the power conservation mode when working from a battery:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Battery Saving subsection.<br />
3. In the right part of the window, check the Disable scheduled scans while running on battery power box.<br />
ADVANCED DISINFECTION<br />
Today's malicious programs can invade the lowest levels of an operating system, which makes them practically<br />
impossible to delete. If a malicious activity is detected within the system, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> offers you to apply<br />
the Advanced Disinfection technology, which eliminates the threat and removes it from the computer.<br />
156
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
When the advanced disinfection procedure is complete, the application restarts the computer. After restarting your<br />
computer, you are advised to run the full virus scan (see section "How to perform a full scan of your computer for<br />
viruses" on page 48).<br />
To enable <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to apply the Advanced Disinfection technology:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Compatibility subsection.<br />
3. Check the Enable Advanced Disinfection technology box.<br />
DISTRIBUTING COMPUTER RESOURCES WHEN SCANNING<br />
FOR VIRUSES<br />
Executing scan tasks increases the load on the CPU and disk subsystems, thus slowing down other applications. By<br />
default, if such a situation arises, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> pauses virus scan tasks and releases system resources for<br />
the user's applications.<br />
However, there are a number of applications which start immediately when CPU resources become available and run in<br />
the background. For the scan not to depend on the performance of those applications, system resources should not be<br />
conceded to them.<br />
For <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to postpone scan tasks when they slow down other applications:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Compatibility subsection.<br />
3. Check the Concede resources to other applications box.<br />
RUNNING TASKS IN BACKGROUND MODE<br />
To optimize the load on the computer's resources, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> performs regular scanning for rootkits in<br />
background mode and running of resource-intensive tasks when the computer is idle.<br />
Regular scanning for rootkits is run while you work at the computer. The scan takes 5 minutes at the most and involves a<br />
minimal share of the computer resources.<br />
When the computer is idle, the following tasks can be run:<br />
automatic update of anti-virus databases and program modules;<br />
scanning of system memory, startup objects, and system partition.<br />
Idle Scan tasks are run if the computer has been blocked by the user or if the screensaver is displayed on the screen for<br />
at least 5 minutes.<br />
If your computer is battery-powered, no tasks are run when the computer is idle.<br />
After tasks are run in background mode, their progress is displayed in the Task Manager (see section "Managing scan<br />
tasks. Task Manager" on page 72).<br />
157
U S E R G U I D E<br />
IN THIS SECTION:<br />
Searching for rootkits in background mode ................................................................................................................... 158<br />
Idle Scan ....................................................................................................................................................................... 158<br />
SEARCHING FOR ROOTKITS IN BACKGROUND MODE<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> performs regular rootkit scan. If necessary, you can disable rootkit scan.<br />
To disable regular rootkit scan:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the General Settings subsection.<br />
3. In the right part of the window, uncheck the Perform regular rootkit scan box.<br />
IDLE SCAN<br />
The first stage of Idle Scan is checking whether the databases and application modules are up-to-date. If an update is<br />
required after scanning, an automatic update task starts. At the second stage, the application verifies the date and status<br />
of the last run of Idle Scan. If Idle Scan has not been run at all, or was run more than 7 days ago, or was interrupted,<br />
then the application runs the scan task for the system memory, startup objects, and system registry.<br />
Idle Scan is performed using a deep level of heuristic analysis, which increases the probability of threat detection.<br />
When the user returns to his or her work, the Idle Scan task is automatically interrupted. Note that the application<br />
remembers the stage at which the task was interrupted to resume the scan from this stage later.<br />
If running Idle Scan tasks was interrupted while downloading an update package, the update will start from the beginning<br />
next time.<br />
To disable Idle Scan mode:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Scan section, select the General Settings subsection.<br />
3. In the right part of the window, uncheck the Perform Idle Scan box.<br />
FULL-SCREEN MODE. GAMING PROFILE<br />
Certain programs (especially computer games) running in full-screen mode are only marginally compatible with some<br />
features of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>: for example, pop-up notifications are undesirable in that mode. Quite often those<br />
applications require significant system resources, meaning that running certain <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> tasks may<br />
slow down their performance.<br />
To avoid manually disabling notifications and pausing tasks every time you launch full-screen applications, <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong> provides the option of temporarily changing the settings using the gaming profile. When the gaming<br />
profile is active, switching to full-screen mode automatically changes the settings of all product components to ensure<br />
optimal system functioning in that mode. Upon exit from the full-screen mode, product settings return to the initial values<br />
used before entering the full-screen mode.<br />
158
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To enable the gaming profile:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Gaming Profile subsection.<br />
3. Check the Use Gaming Profile box and specify the necessary gaming profile settings in the Profile options<br />
section below.<br />
KASPERSKY INTERNET SECURITY SELF-DEFENSE<br />
Because <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> ensures your computer's protection against malware, malicious programs<br />
penetrating your computer attempt to block <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> or delete the application from your computer.<br />
Stable performance of your computer defense is ensured by self-defense features and protection against external control<br />
implemented in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> self-defense prevents the modification and deletion of its own files on the hard disk,<br />
processes in the memory, and entries in the system registry. Protection against external control allows you to block all<br />
attempts to remotely control application services.<br />
On computers running under 64-bit operating systems and Microsoft Windows Vista, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> selfdefense<br />
is only available for preventing the application's own files on local drives and system registry records from being<br />
modified or deleted.<br />
IN THIS SECTION:<br />
Enabling and disabling self-defense .............................................................................................................................. 159<br />
Protection against external control ................................................................................................................................ 159<br />
ENABLING AND DISABLING SELF-DEFENSE<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> self-defense is enabled. You can disable self-defense, if necessary.<br />
To disable <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> self-defense:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Self-Defense subsection.<br />
3. In the right part of the window, uncheck the Enable Self-Defense box.<br />
PROTECTION AGAINST EXTERNAL CONTROL<br />
By default, protection against external control is enabled. You can disable protection, if necessary.<br />
When using remote administration applications (such as RemoteAdmin) you will need to add such applications to the<br />
Trusted Applications list (see section "Trusted zone" on page 154) when External Service Control is enabled and enable<br />
the Do not monitor application activity setting for them.<br />
159
U S E R G U I D E<br />
To disable protection against external control:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Self-Defense subsection.<br />
3. In the External control section, uncheck the Disable external service control box.<br />
QUARANTINE AND BACKUP<br />
Quarantine is a special area storing files probably infected with viruses and files that cannot be disinfected at the time<br />
when they are detected.<br />
A potentially infected file can be detected and quarantined in the course of a virus scan or by File Anti-Virus, Mail Anti-<br />
Virus or Proactive Defense.<br />
Files are quarantined in the following cases:<br />
File code resembles a known but partially modified threat or has a malware-like structure, but is not registered in<br />
the database. In this case, the file is moved to Quarantine after heuristic analysis performed by File Anti-Virus<br />
and Mail Anti-Virus, or during an anti-virus scan. Heuristic analysis rarely causes false alarms.<br />
The sequence of operations performed by an object looks suspicious. In this case, the file is moved to<br />
Quarantine after its behavior is analyzed by the Proactive Defense component.<br />
Files in Quarantine pose no threat. With the course of time, information about new threats and ways of neutralizing them<br />
appears, which may cause <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to disinfect a file stored in Quarantine.<br />
Backup storage is designed for storing backup copies of files that have been deleted or modified during the disinfection<br />
process.<br />
IN THIS SECTION:<br />
Storing files in Quarantine and Backup ......................................................................................................................... 160<br />
Working with quarantined files ...................................................................................................................................... 161<br />
Working with objects in Backup ..................................................................................................................................... 162<br />
Scanning files in Quarantine after an update ................................................................................................................ 163<br />
STORING FILES IN QUARANTINE AND BACKUP<br />
The default maximum storage duration for objects is 30 days. After that the objects will be deleted. You can cancel the<br />
time restriction or change the maximum object storage duration.<br />
In addition, you can specify the maximum size of Quarantine and Backup. If the maximum size value is reached, the<br />
content of Quarantine and Backup is replaced with new objects. By default, the maximum size restriction is disabled.<br />
To modify the object maximum storage time:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection.<br />
3. In the right part of the window, in the Storing Quarantine and Backup objects section, check the Store<br />
objects no longer than box and specify the maximum storage duration for quarantined objects.<br />
160
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To configure the maximum Quarantine and Backup size:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection.<br />
3. In the right part of the window, in the Storing Quarantine and Backup objects section, check the Maximum<br />
size box and specify the maximum Quarantine and Backup size.<br />
WORKING WITH QUARANTINED FILES<br />
The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> quarantine lets you perform the following operations:<br />
quarantine files that you suspect are infected;<br />
scan files in Quarantine using the current version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> databases;<br />
restore files in original folders, from which they have been moved to Quarantine;<br />
delete selected files from Quarantine;<br />
send files from Quarantine to <strong>Kaspersky</strong> Lab for research.<br />
You can use the following methods to move a file to Quarantine:<br />
using the Move to Quarantine button in the Quarantine window;<br />
using the context menu for the file.<br />
To move a file to Quarantine from the Quarantine window:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Quarantine tab click the Move to Quarantine button.<br />
4. In the window that opens, select the file that you want to move to Quarantine.<br />
To move a file to Quarantine using the context menu:<br />
1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to<br />
Quarantine.<br />
2. Right-click to open the context menu of the file and select Move to Quarantine.<br />
To scan a quarantined file:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Quarantine tab, select a file that you need to scan.<br />
4. Click the Scan button.<br />
161
U S E R G U I D E<br />
To restore a quarantined object:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Quarantine tab, select a file that you need to restore.<br />
4. Click the Restore button.<br />
To delete a quarantined object:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Quarantine tab, select a file that you need to delete.<br />
4. Right-click the file to open its context menu and select Delete.<br />
To send a quarantined object to <strong>Kaspersky</strong> Lab for analysis:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Quarantine tab, select a file that you need to send for research.<br />
4. Right-click to open the context menu of the file and select the Send for analysis item.<br />
WORKING WITH OBJECTS IN BACKUP<br />
The <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> backup storage lets you perform the following operations:<br />
restore files in a specified folder or in original ones, in which a file had been stored before it was processed by<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>;<br />
delete selected files or all files from Backup.<br />
To restore an object from Backup:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Storage tab, select a file that you need to restore.<br />
4. Click the Restore button.<br />
To delete a file from Backup:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Storage tab, select a file that you need to delete.<br />
4. Right-click the file to open its context menu and select Delete.<br />
162
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To delete all files from Backup:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Quarantine section.<br />
3. On the Storage tab, click the Clear storage button.<br />
SCANNING FILES IN QUARANTINE AFTER AN UPDATE<br />
If the application has scanned a file and has not been able to determine exactly what malicious programs have infected<br />
it, the file is quarantined. After the databases are updated, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> may be able to clearly identify<br />
and remove the threat. You can enable automatic scanning of quarantined objects after each update.<br />
We recommend that you periodically view quarantined files. Scanning may change their status. Some files can then be<br />
restored to their previous locations, and you will be able to continue working with them.<br />
To enable scanning quarantined files after update:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Update section, select the Update Settings component.<br />
3. Check the Rescan Quarantine after update box in the Additional section.<br />
ADDITIONAL TOOLS FOR BETTER PROTECTION OF YOUR<br />
COMPUTER<br />
The following wizards and tools included with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> are used to resolve specific issues concerning<br />
your computer's security:<br />
<strong>Kaspersky</strong> Rescue Disk Creation Wizard is designed for creating an ISO disk image and writing <strong>Kaspersky</strong><br />
Rescue Disk on a removable medium, which allows you to recover the system's operability after a virus attack if<br />
you load the application from the removable medium. <strong>Kaspersky</strong> Rescue Disk should be used when the<br />
infection is at such a level that it is deemed impossible to disinfect the computer using anti-virus applications or<br />
malware removal utilities.<br />
The Privacy Cleaner Wizard is designed to search for and eliminate traces of a user's activities in the system,<br />
as well as operating system settings which allow the gathering of information about user activities.<br />
The System Restore Wizard is designed to eliminate system damage and traces of malware objects in the<br />
system.<br />
The Browser Configuration Wizard is designed to analyze and adjust the settings of Microsoft <strong>Internet</strong> Explorer<br />
in order to eliminate its potential vulnerabilities.<br />
All the problems found by the Wizards (except the <strong>Kaspersky</strong> Rescue Disk Creation Wizard) are grouped based on the<br />
type of danger they pose to the operating system. <strong>Kaspersky</strong> Lab offers a set of actions for each group of problems<br />
which help eliminate vulnerabilities and weak points in the system's settings. Three groups of problems and, accordingly,<br />
three groups of actions to be taken when they are detected are distinguished:<br />
Strongly recommended actions will help eliminate problems posing a serious security threat. You are advised to<br />
perform all the actions in this group without delay to eliminate the threat.<br />
Recommended actions help eliminate problems posing a potential threat. You are advised to perform all actions<br />
in this group as well to provide the optimal level of protection.<br />
163
U S E R G U I D E<br />
Additional actions help repair system damages which do not pose a current threat but may threaten your<br />
computer's security in the future. Performing these actions ensures comprehensive protection of your computer.<br />
However, in some cases, they may lead to deletion of user settings (such as cookies).<br />
IN THIS SECTION:<br />
Privacy Cleaner ............................................................................................................................................................. 164<br />
Configuring a browser for safe work .............................................................................................................................. 165<br />
Rolling back changes made by Wizards ....................................................................................................................... 167<br />
PRIVACY CLEANER<br />
When working with the computer, a user's actions are registered in the system. Saved data includes the search queries<br />
entered by users and web sites visited, launched programs, opened and saved files, the Microsoft Windows system<br />
event log, temporary files, etc.<br />
All these sources of information about the user's activity may contain confidential data (including passwords) and may<br />
become available to intruders for analysis. Frequently, the user has insufficient knowledge to prevent information being<br />
stolen from these sources.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> includes the Privacy Cleaner Wizard. This Wizard searches for traces of user activities in the<br />
system, as well as for operation system settings which contribute to the storing of information about user activity.<br />
Please keep in mind that data related to user activity in the system, is accumulated constantly. The launch of any file or<br />
the opening of any document is logged. The Microsoft Windows system log registers many events occurring in the<br />
system. For this reason, repeated running of the Privacy Cleaner Wizard may detect activity traces which were not<br />
cleaned up by the previous run of the Wizard. Some files, for example the Microsoft Windows log file, may be in use by<br />
the system while the Wizard is attempting to delete them. In order to delete these files, the Wizard will prompt you to<br />
restart the system. However, during the restart, these files may be recreated and detected again as activity traces.<br />
The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To<br />
close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the<br />
Cancel button.<br />
To remove traces of the user's activity in the system:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Tools section.<br />
3. In the window that opens, in the Privacy Cleaner section, click the Start button.<br />
Let us review the steps of the Wizard in more detail.<br />
Step 1. Starting the Wizard<br />
Make sure the option Perform user's activity traces diagnostics is selected and click the Next button to start<br />
the Wizard.<br />
Step 2. Activity signs search<br />
This Wizard searches for traces of malware activities in your computer. The scan may take some time. Once the<br />
search is complete, the Wizard will proceed automatically to the next step.<br />
164
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
Step 3. Selecting Privacy Cleaner actions<br />
When the search is complete, the Wizard displays the detected activity traces and actions suggested to<br />
eliminate them.<br />
To view the actions within a group, click the + icon to the left of the group name.<br />
To make the Wizard perform a certain action, check the box to the left of the corresponding action description.<br />
By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to<br />
perform a certain action, uncheck the box next to it.<br />
It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your<br />
computer vulnerable to threats.<br />
Having defined the set of actions which the Wizard will perform, click the Next button.<br />
Step 4. Privacy Cleaner<br />
The Wizard will perform the actions selected during the previous step. The elimination of activity traces may<br />
take some time. To clean up certain activity traces, a reboot may be required; if so, the Wizard will notify you.<br />
Once the clean-up is complete, the Wizard will proceed automatically to the next step.<br />
Step 5. Wizard completion<br />
If you wish to clean up the traces of user activity automatically whenever <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> completes<br />
its work, use the last screen of the Wizard to check the box Clean activity traces every time on <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong> exit. If you plan to remove activity traces manually using the Wizard, do not check this box.<br />
Click the Finish button to close the Wizard.<br />
CONFIGURING A BROWSER FOR SAFE WORK<br />
The Microsoft <strong>Internet</strong> Explorer browser requires special analysis and configuration in certain cases, since some setting<br />
values selected by the user or set by default may cause security problems.<br />
Here are some examples of the objects and parameters used in the browser and how they are associated with potential<br />
security threats:<br />
Microsoft <strong>Internet</strong> Explorer cache. The cache stores data downloaded from the <strong>Internet</strong>, so the user does not<br />
have to download them next time. This speeds up the download time of web pages and reduces <strong>Internet</strong> traffic.<br />
In addition to that, the cache contains confidential data and makes it possible to find out which sites the user<br />
has visited. Some malware objects also scan the cache while scanning the disk, and intruders can obtain, for<br />
example, the user's email addresses. You are advised to clear the cache every time you close your browser to<br />
improve protection.<br />
Display of known file types extensions. To edit file names conveniently, you can disable the display of their<br />
extensions. Nevertheless, it is sometimes useful to see the file extension. File names of many malicious objects<br />
contain combinations of symbols imitating an additional file extension before the real one (e.g.,<br />
example.txt.com). If the real file extension is not displayed, users can see just the file name part with the<br />
imitated extension and so they may identify a malicious object as a harmless file. To improve protection, you are<br />
advised to enable the display of files of known formats.<br />
List of trusted websites. For some websites to run correctly, you should add them to the list of trusted sites. At<br />
the same time, malicious objects can add links to websites created by intruders to this list.<br />
The browser configuration for Safe Run may cause problems with the display of certain websites (for example, if they<br />
use ActiveX elements). This problem can be solved by adding these websites to the trusted zone.<br />
165
U S E R G U I D E<br />
Browser analysis and configuration are performed in the Browser Configuration Wizard. The Wizard checks whether the<br />
latest browser updates are installed and makes sure that the current browser settings do not make the system vulnerable<br />
to malicious exploits. Once the Wizard is complete, a report is generated which can be sent to <strong>Kaspersky</strong> Lab for<br />
analysis.<br />
The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To<br />
close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the<br />
Cancel button.<br />
Close all Microsoft <strong>Internet</strong> Explorer windows before starting the diagnostics.<br />
To configure the browser for safe work:<br />
1. Open the main application window.<br />
2. In the lower part of the window, select the Tools section.<br />
3. In the window that opens, in the Browser Configuration section, click the Start button.<br />
Let us review the steps of the Wizard in more detail.<br />
Step 1. Starting the Wizard<br />
Make sure the option Perform diagnostics for Microsoft <strong>Internet</strong> Explorer is selected and click the Next<br />
button to start the Wizard.<br />
Step 2. Microsoft <strong>Internet</strong> Explorer settings analysis<br />
The Wizard analyzes the settings of Microsoft <strong>Internet</strong> Explorer. Searching the browser settings for problems<br />
may take some time. Once the search is complete, the Wizard will proceed automatically to the next step.<br />
Step 3. Selecting actions for browser configuration<br />
When the search is complete, the Wizard displays the detected problems and actions suggested to eliminate<br />
them.<br />
To view the actions within a group, click the + icon to the left of the group name.<br />
To make the Wizard perform a certain action, check the box to the left of the corresponding action description.<br />
By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to<br />
perform a certain action, uncheck the box next to it.<br />
It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your<br />
computer vulnerable to threats.<br />
Having defined the set of actions which the Wizard will perform, click the Next button.<br />
Step 4. Browser Configuration<br />
The Wizard will perform the actions selected during the previous step. Browser configuration may take some<br />
time. Once configuration is complete, the Wizard proceeds automatically to the next step.<br />
Step 5. Wizard completion<br />
Click the Finish button to close the Wizard.<br />
166
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
ROLLING BACK CHANGES MADE BY WIZARDS<br />
Some changes made when running the Privacy Cleaner Wizard (see section "Privacy Cleaner" on page 164), System<br />
Restore Wizard (see section "What to do if you suspect your computer is infected" on page 53), and Browser<br />
Configuration Wizard (see section "Configuring a browser for safe work" on page 165) can be rolled back.<br />
To roll back changes made by Wizards:<br />
1. Open the main application window and select the Tools section in the lower part of the window.<br />
2. In the right part of the window, click the Start button in the section with the name of a Wizard, for which you<br />
need to roll back changes made:<br />
Privacy Cleaner – to roll back changes made by the Privacy Cleaner Wizard;<br />
Microsoft Windows Troubleshooting – to roll back changes made by the Microsoft Windows<br />
Troubleshooting Wizard;<br />
Browser Configuration – to roll back changes made by the Browser Configuration Wizard.<br />
Let us take a closer look at Wizards' steps taken when rolling back changes.<br />
Step 1. Starting the Wizard<br />
Select Roll back changes and click the Next button.<br />
Step 2. Search for changes<br />
The Wizard searches for the changes that it made earlier and that can be rolled back. Once the search is<br />
complete, the Wizard will proceed automatically to the next step.<br />
Step 3. Selecting changes to roll back<br />
When the search is completed, the Wizard informs you of changes found.<br />
To make the wizard roll back an action taken earlier, check the box located to the left of the action's name.<br />
After you have selected actions that you want to roll back, click the Next button.<br />
Step 4. Rolling back changes<br />
The Wizard rolls back the actions selected at the previous step. When the changes are rolled back, the Wizard<br />
automatically proceeds to the next step.<br />
Step 5. Wizard completion<br />
Click the Finish button to close the Wizard.<br />
REPORTS<br />
Events that occur during the operation of the protection components or when the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> tasks are<br />
run are logged in reports.<br />
167
U S E R G U I D E<br />
IN THIS SECTION:<br />
Creating a report for the selected protection component .............................................................................................. 168<br />
Data filtering .................................................................................................................................................................. 168<br />
Events search ............................................................................................................................................................... 169<br />
Saving a report to file .................................................................................................................................................... 170<br />
Storing reports ............................................................................................................................................................... 170<br />
Clearing application reports ........................................................................................................................................... 170<br />
Recording non-critical events into the report ................................................................................................................. 171<br />
Configuring the notification of report availability ............................................................................................................ 171<br />
CREATING A REPORT FOR THE SELECTED PROTECTION COMPONENT<br />
You can obtain a detailed report about events which occurred during the operation of each of the <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> protection components or during execution of its tasks.<br />
For added convenience when working with reports, you can change the data display on the screen: group events by<br />
various parameters, select the report period, sort events by column or by importance, and hide columns.<br />
To create a report on a certain protection component or a task:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports link.<br />
3. In the Reports window that opens, click the Detailed report button.<br />
4. In the left part of the Detailed report window that opens, select the component or task, for which a report<br />
should be created. When you select the Protection Center item, a report is created for all protection<br />
components.<br />
DATA FILTERING<br />
You can filter events in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> reports by one or several values in the report columns, as well as<br />
define complex data filtering conditions.<br />
To filter events by values:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports link.<br />
3. In the Reports window that opens, click the Detailed report button.<br />
4. In the right part of the Detailed report window that opens, move the mouse pointer to the upper left corner of<br />
the column header and click it to open the filter menu.<br />
5. Select the value which should be used to filter data in the filter menu.<br />
6. Repeat the procedure for another column, if necessary.<br />
168
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
To specify a complex filtering condition:<br />
1. Open the main application window.<br />
2. Click the Reports link in the top part of the window to open the reports window.<br />
3. In the window that opens, on the Report tab, click the Detailed report button.<br />
4. In the right part of the Detailed report window that opens, right-click the appropriate report column to display<br />
the context menu for it and select Custom.<br />
5. In the Custom filter window that opens, set the filtration conditions:<br />
a. Define the query limits in the right part of the window.<br />
b. In the left part of the window, select the necessary query condition from the Condition dropdown list (e.g.,<br />
is greater or less than, equals or does not equal the value specified as the query limit).<br />
c. If necessary, add a second condition using logical conjunction (logical AND) or disjunction (logical OR)<br />
operations. If you wish your data query to satisfy both specified conditions, select AND. If only one of the<br />
two conditions is required, select OR.<br />
EVENTS SEARCH<br />
You can search a report for the desired event using a key word in the search line or special search window.<br />
To find an event using the search line:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports link.<br />
3. In the Reports window that opens, click the Detailed report button.<br />
4. Enter the key word in the search line in the right part of the Detailed report window that opens.<br />
To find an event using the search window:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports link.<br />
3. In the Reports window that opens, click the Detailed report button.<br />
4. In the right part of the Detailed report window that opens, right-click the appropriate column header to display<br />
the context menu for it and select Search.<br />
5. Specify the search criteria in the Search window that opens:<br />
a. In the String field, enter a key word to be searched for.<br />
b. In the Column dropdown list, select the name of the column that should be searched for the specified key<br />
word.<br />
c. If necessary, check the boxes for additional search settings.<br />
6. Start the search using one of the following methods:<br />
If you want to find an event that meets the specified search criteria and comes next after the one that you<br />
have highlighted on the list, click the Find next button.<br />
If you want to find all events that meet the specified search criteria, click the Mark all button.<br />
169
U S E R G U I D E<br />
SAVING A REPORT TO FILE<br />
The report obtained can be saved to a text file.<br />
To save the report to file:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports link.<br />
3. In the Reports window that opens, click the Detailed report button.<br />
4. In the Detailed report window that opens, create a required report and click the Save link to select a location<br />
for the file that you want to save.<br />
5. In the window that opens, select a folder into which you wish to save the report file and enter the file name.<br />
STORING REPORTS<br />
The default maximum report storage duration is 30 days. After that the reports will be deleted. You can cancel the time<br />
restriction or change the maximum report storage duration.<br />
In addition, you can also define the maximum report file size. By default, the maximum size is 1024 MB. Once the<br />
maximum size has been reached, the content of the file is replaced with new records. You can cancel any limits imposed<br />
on the report's size, or enter another value.<br />
To modify the report maximum storage time:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection.<br />
3. In the right part of the window, in the Storing reports section, check the Store reports no longer than box and<br />
specify the maximum storage period for reports.<br />
To configure the maximum report file size:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection.<br />
3. In the Storing reports section in the right part of the window, check the Maximum file size box and specify the<br />
maximum size for a report file.<br />
CLEARING APPLICATION REPORTS<br />
You can clear the reports containing data that you no longer need.<br />
To clear application reports:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection.<br />
3. In the right part of the window, in the Clear reports section, click the Clear button.<br />
4. In the Clearing reports window that opens, check the boxes for the reports you wish to clear.<br />
170
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
RECORDING NON-CRITICAL EVENTS INTO THE REPORT<br />
By default, the product does not add non-critical events or registry and file system events to its reports. You can add<br />
records of such events to the report.<br />
To add non-critical events to the report:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection.<br />
3. In the right part of the window, check the Log non-critical events box.<br />
CONFIGURING THE NOTIFICATION OF REPORT AVAILABILITY<br />
You can create a schedule according to which <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> will remind you that a report is ready.<br />
To configure notification of a report's completion:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Reports link.<br />
3. In the Reports window that opens, click the button.<br />
4. In the Notifications window that opens, specify schedule settings.<br />
APPLICATION APPEARANCE. MANAGING ACTIVE<br />
INTERFACE ELEMENTS<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> allows you to adjust the settings for display of text on the logon screen in Microsoft Windows<br />
and active interface elements (the application icon in the notification area, notification windows, and pop-up messages).<br />
IN THIS SECTION:<br />
Translucence of notification windows ............................................................................................................................ 171<br />
Animation of the application icon in the notification area ............................................................................................... 172<br />
Text on Microsoft Windows logon screen ...................................................................................................................... 172<br />
TRANSLUCENCE OF NOTIFICATION WINDOWS<br />
To make notification windows translucent:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Appearance subsection.<br />
3. In the Icon in the taskbar notification area section, check the Enable semi-transparent windows box.<br />
171
U S E R G U I D E<br />
ANIMATION OF THE APPLICATION ICON IN THE NOTIFICATION AREA<br />
Animation of the application icon is displayed in the notification area when running an update or a scan.<br />
By default, animation of the application icon in the notification area is enabled.<br />
To disable animation of the application icon:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Appearance subsection.<br />
3. In the Icon in the taskbar notification area section, uncheck the Animate taskbar icon when executing<br />
tasks box.<br />
TEXT ON MICROSOFT WINDOWS LOGON SCREEN<br />
By default, if <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is enabled and protects your computer, the text "Protected by <strong>Kaspersky</strong> Lab"<br />
is displayed on the logon screen while Microsoft Windows is loading.<br />
Text "Protected by <strong>Kaspersky</strong> Lab" is only displayed in Microsoft Windows XP.<br />
To enable display of this text during the loading of Microsoft Windows:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Appearance subsection.<br />
3. In the Icon in the taskbar notification area section, uncheck the Show "Protected by <strong>Kaspersky</strong> Lab" on<br />
Microsoft Windows logon screen box.<br />
NOTIFICATIONS<br />
By default, if any events occur during operation, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> notifies you of them. If you are required to<br />
select further actions, notification windows will be displayed on the screen (see section "Notification windows and pop-up<br />
messages" on page 34). The application notifies you of events which do not require selection of an action with audio<br />
signals, email messages, and pop-up messages in the taskbar notification area (see section "Notification windows and<br />
pop-up messages" on page 34).<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> comprises the News Agent (on page 37) that <strong>Kaspersky</strong> Lab uses to notify you of various<br />
news. If you do not want to receive any news, you can disable the news delivery.<br />
IN THIS SECTION:<br />
Enabling and disabling notifications .............................................................................................................................. 172<br />
Configuring the notification method ............................................................................................................................... 173<br />
Disabling news delivery ................................................................................................................................................. 174<br />
ENABLING AND DISABLING NOTIFICATIONS<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> uses various methods to notify you of all important events related to application<br />
operation (see section "Configuring the notification method" on page 173). You can disable the delivery of notifications.<br />
172
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
Regardless of whether notification delivery is enabled or disabled, information about events that occur during the<br />
operation of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is logged in an application operation report (see page 167).<br />
When you disable the notifications delivery, it does not impact the display of notification windows. To minimize the<br />
number of notification windows displayed on the screen, use the automatic protection mode (see section "Selecting a<br />
protection mode" on page 64).<br />
To disable notification delivery:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Notifications subsection.<br />
3. In the right part of the window, uncheck the Enable events notifications box.<br />
CONFIGURING THE NOTIFICATION METHOD<br />
The application notifies you of events using the following methods:<br />
pop-up messages in the taskbar notification area;<br />
audio notifications;<br />
email messages.<br />
You can configure an individual set of notification delivery methods for each type of event.<br />
By default, critical notifications and notifications of application operation failures are accompanied by an audio signal.<br />
The Microsoft Windows sound scheme is used as the source of sound effects. You can modify the current scheme or<br />
disable sounds.<br />
To allow <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> to notify you of events by email, you should adjust the email settings of notification<br />
delivery.<br />
To select notifications delivery methods for various types of events:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Notifications subsection.<br />
3. In the right part of the window, check the Enable events notifications box and click the Settings button<br />
located under the box.<br />
4. In the Notifications window that opens, check the boxes corresponding to how you want to be notified of<br />
various events: by email, with a pop-up message, or with an audio signal.<br />
To modify the email settings for notification delivery:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Notifications subsection.<br />
3. In the right part of the window, check the Enable email notifications box and click the Settings button.<br />
4. In the Email notification settings window that opens, specify the settings for sending notifications by email.<br />
173
U S E R G U I D E<br />
To configure the sound scheme used with notifications:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Notifications subsection.<br />
3. In the right part of the window, uncheck the Enable audio notifications box.<br />
If you want to use the sound scheme of Microsoft Windows for notification of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong><br />
events, check the Use Windows Default sound scheme box. If this box is unchecked, the sound scheme from<br />
previous <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> versions is used.<br />
DISABLING NEWS DELIVERY<br />
To disable news delivery from the application settings window:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Appearance subsection.<br />
3. In the right part of the window, uncheck the Enable news notifications box.<br />
KASPERSKY SECURITY NETWORK<br />
To increase the efficiency of your computer's protection, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> uses data received from users from<br />
all over the world. <strong>Kaspersky</strong> <strong>Security</strong> Network is designed for collecting this data.<br />
The <strong>Kaspersky</strong> <strong>Security</strong> Network (KSN) is an infrastructure of online services that provides access to the online<br />
Knowledge Base of <strong>Kaspersky</strong> Lab, which contains information about the reputation of files, web resources, and<br />
software. Using data from the <strong>Kaspersky</strong> <strong>Security</strong> Network ensures a faster response time for <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> when encountering new types of threats, improves performance of some protection components, and reduces<br />
the risk of false positives.<br />
User participation in <strong>Kaspersky</strong> <strong>Security</strong> Network enables <strong>Kaspersky</strong> Lab to gather real-time information about the types<br />
and sources of new threats, develop methods to neutralize them, and reduce the number of false positives.<br />
Besides, participating in <strong>Kaspersky</strong> <strong>Security</strong> Network grants you access to information about reputation of various<br />
applications and websites.<br />
When you participate in the <strong>Kaspersky</strong> <strong>Security</strong> Network, certain statistics collected while <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong><br />
protects your computer are sent to <strong>Kaspersky</strong> Lab automatically.<br />
No private data is collected, processed, or stored.<br />
Participating in the <strong>Kaspersky</strong> <strong>Security</strong> Network is voluntary. You should decide whether to participate when installing<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>; however, you can change your decision later.<br />
IN THIS SECTION:<br />
Enabling and disabling participation in <strong>Kaspersky</strong> <strong>Security</strong> Network ............................................................................ 175<br />
Verifying connection to <strong>Kaspersky</strong> <strong>Security</strong> Network .................................................................................................... 175<br />
174
A D V A N C E D A P P L I C A T I O N S E T T I N G S<br />
ENABLING AND DISABLING PARTICIPATION IN KASPERSKY<br />
SECURITY NETWORK<br />
To participate in <strong>Kaspersky</strong> <strong>Security</strong> Network:<br />
1. Open the application settings window.<br />
2. In the left part of the window, in the Advanced Settings section, select the Feedback subsection.<br />
3. In the right part of the window, check the I agree to participate in <strong>Kaspersky</strong> <strong>Security</strong> Network box.<br />
VERIFYING CONNECTION TO KASPERSKY SECURITY NETWORK<br />
Connection to <strong>Kaspersky</strong> <strong>Security</strong> Network may be lost for the following reasons:<br />
your computer is not connected to the <strong>Internet</strong>;<br />
you do not participate in <strong>Kaspersky</strong> <strong>Security</strong> Network;<br />
your license for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is limited.<br />
To test the connection to <strong>Kaspersky</strong> <strong>Security</strong> Network:<br />
1. Open the main application window.<br />
2. In the top part of the window, click the Cloud protection button.<br />
3. In the left part of the window that opens, the status of connection to <strong>Kaspersky</strong> <strong>Security</strong> Network is displayed.<br />
175
TESTING THE APPLICATION'S OPERATION<br />
This section provides information about how to ensure that the application detects viruses and their modifications and<br />
performs the correct actions on them.<br />
IN THIS SECTION:<br />
About the test file EICAR............................................................................................................................................... 176<br />
Testing the application's functioning using the test file EICAR ...................................................................................... 176<br />
About the types of the test file EICAR ........................................................................................................................... 177<br />
ABOUT THE TEST FILE EICAR<br />
You can make sure that the application detects viruses and disinfects infected files by using a test file EICAR. The test<br />
file EICAR has been developed by the European Institute for Computer Antivirus Research (EICAR) in order to test the<br />
functionality of anti-virus applications.<br />
The test file EICAR is not a virus. The test file EICAR does not contain any program code that could damage your<br />
computer. However, a major part of anti-virus applications identify the test file EICAR as a virus.<br />
The test file EICAR is not intended for testing the functionality of the heuristic analyzer or searching for malware at the<br />
system level (rootkits).<br />
Do not use real viruses to test the functionality of anti-virus applications! This may damage your computer.<br />
Do not forget to resume the anti-virus protection of <strong>Internet</strong> traffic and files after you have finished with the test file<br />
EICAR.<br />
TESTING THE APPLICATION'S FUNCTIONING USING THE<br />
TEST FILE EICAR<br />
You can use the test file EICAR to test the <strong>Internet</strong> traffic protection, anti-virus protection of files, and computer scan.<br />
Do not forget to resume the anti-virus protection of <strong>Internet</strong> traffic and files after you have finished with the test file<br />
EICAR.<br />
To test the <strong>Internet</strong> traffic protection using the test file EICAR:<br />
1. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm.<br />
2. Try to save the EICAR test file in any folder on your computer.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> informs you that a threat has been detected at the requested URL and blocks the<br />
attempt to save the object on the computer.<br />
3. If necessary, you can use various types of the test file EICAR (see section "About the types of the test file<br />
EICAR" on page 177).<br />
176
T E S T I N G T H E A P P L I C A T I O N ' S O P E R A T I O N<br />
To test the anti-virus protection of files using the test file EICAR or a modification of it:<br />
1. Pause anti-virus protection of <strong>Internet</strong> traffic and anti-virus protection of files on your computer.<br />
When protection is paused, it is not recommended that you connect the computer to local networks or use<br />
removable devices to prevent harm to your computer caused by malware.<br />
2. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm.<br />
3. Save the EICAR test file in any folder on your computer.<br />
4. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR"<br />
on page 177).<br />
You can use any text or hypertext editor to do this, for example, Notepad. To open Notepad, select Start<br />
programs Accessories Notepad.<br />
All<br />
5. Save the resulting file under a name reflecting the modification of the file EICAR; for example, add the DELEprefix<br />
and save the file as eicar_dele.com.<br />
6. Resume anti-virus protection of <strong>Internet</strong> traffic and anti-virus protection of files on your computer.<br />
7. Try to run the file that you have saved.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> informs you of a threat detected on the hard drive of your computer and performs<br />
the action specified in the settings of the anti-virus protection of files.<br />
To test the virus scan using the test file EICAR or a modification of it:<br />
1. Pause anti-virus protection of <strong>Internet</strong> traffic and anti-virus protection of files on your computer.<br />
When protection is paused, it is not recommended that you connect the computer to local networks or use<br />
removable devices to prevent harm to your computer caused by malware.<br />
2. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm.<br />
3. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR"<br />
on page 177).<br />
You can use any text or hypertext editor to do this, for example, Notepad. To open Notepad, select Start<br />
programs Accessories Notepad.<br />
All<br />
4. Save the resulting file under a name reflecting the modification of the test file EICAR; for example, add the<br />
DELE- prefix and save the file as eicar_dele.com.<br />
5. Start the scan of the file that you have saved.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> informs you of a threat detected on the hard drive of your computer and performs<br />
the action specified in the settings of the virus scan.<br />
6. Resume anti-virus protection of <strong>Internet</strong> traffic and anti-virus protection of files on your computer.<br />
ABOUT THE TYPES OF THE TEST FILE EICAR<br />
You can test the application's functioning by creating various modifications of the test file EICAR. The application detects<br />
the test file EICAR (or a modification of it) and assigns it a status depending on the results of the scan. The application<br />
takes specified actions on the test file EICAR if they had been selected in the settings of the component that has<br />
detected the test file EICAR.<br />
177
U S E R G U I D E<br />
The first column of the table (see the table below) contains prefixes that you can use when creating modifications of the<br />
test file EICAR. The second column lists all possible statuses assigned to the file, based on the results of the scan by the<br />
application. The third column indicates how the application processes files with the specified status.<br />
Prefix File status File processing information<br />
No prefix, standard<br />
test virus.<br />
CURE-<br />
DELE-<br />
WARN-<br />
SUSP-<br />
Infected.<br />
File contains code of a<br />
known virus. File<br />
cannot be disinfected.<br />
Infected.<br />
File contains code of a<br />
known virus. File can<br />
be disinfected.<br />
Infected.<br />
File contains code of a<br />
known virus. File<br />
cannot be disinfected.<br />
Potentially infected.<br />
File contains code of<br />
an unknown virus. File<br />
cannot be disinfected.<br />
Potentially infected.<br />
File contains modified<br />
code of a known virus.<br />
File cannot be<br />
disinfected.<br />
Table 2.<br />
Modifications of the test file EICAR<br />
The application identifies this file as a file containing a virus that cannot<br />
be disinfected.<br />
The action set for infected files is applied to the file. By default, the<br />
application displays an on-screen notification that the file cannot be<br />
disinfected.<br />
The file contains a virus that can be disinfected or deleted. The<br />
application disinfects the file; the text of the virus body is replaced with<br />
the word CURE.<br />
The application displays an on-screen notification that a disinfected file<br />
has been detected.<br />
The application identifies the file as a virus that cannot be disinfected,<br />
and deletes it.<br />
The application displays an on-screen notification that the disinfected<br />
file has been deleted.<br />
File is potentially infected.<br />
The application applies the action set for potentially infected files on the<br />
file. By default, the application displays an on-screen notification that a<br />
potentially infected file has been detected.<br />
The application detected a partial correspondence of a section of file<br />
code with a section of code of a known virus. When a potentially<br />
infected file is detected, the application databases do not contain a<br />
description of the full code of the virus.<br />
The application applies the action set for potentially infected files on the<br />
file. By default, the application displays an on-screen notification that a<br />
potentially infected file has been detected.<br />
CORR- Corrupted. The application does not scan this type of file because its structure is<br />
damaged (for example, the file format is invalid). You can find the<br />
information that the file has been processed in the report on the<br />
application's operation.<br />
ERRO- Scan error. An error occurred during the scan of a file. The application could not<br />
access the file, since the integrity of the file has been breached (for<br />
example, no end to a multivolume archive) or there is no connection to<br />
it (if the file is scanned on a network drive). You can find the<br />
information that the file has been processed in the report on the<br />
application's operation.<br />
178
CONTACTING THE TECHNICAL SUPPORT<br />
SERVICE<br />
This section provides information about how to obtain technical support and what conditions should be met to receive<br />
help from the Technical Support Service.<br />
IN THIS SECTION:<br />
How to get technical support ......................................................................................................................................... 179<br />
Using the trace file and the AVZ script .......................................................................................................................... 179<br />
Technical support by phone .......................................................................................................................................... 182<br />
Obtaining technical support via My <strong>Kaspersky</strong> Account ................................................................................................ 182<br />
HOW TO GET TECHNICAL SUPPORT<br />
If you do not find a solution to your problem in the application documentation or in one of the sources of information<br />
about the application (see section "Sources of information about the application" on page 12), we recommend that you<br />
contact <strong>Kaspersky</strong> Lab's Technical Support Service. Technical Support Service specialists will answer any of your<br />
questions about installing and using the application. If the computer is infected, our specialists will help to fix any<br />
problems caused by malware.<br />
Before contacting the Technical Support Service, please read the support rules<br />
(http://support.kaspersky.com/support/rules).<br />
You can contact the Technical Support Service in one of the following ways:<br />
By telephone. This method allows you to consult with specialists from our Russian-language or international<br />
Technical Support Service.<br />
By sending a query from your <strong>Kaspersky</strong> Account on the Technical Support Service website. This method<br />
allows you to contact our specialists using the query form.<br />
To qualify for technical support, you must be a registered user of a commercial version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
Technical support is not available to users of trial versions of the application.<br />
USING THE TRACE FILE AND THE AVZ SCRIPT<br />
After you notify Technical Support Service specialists of a problem encountered, they may ask you to create a report that<br />
should contain information about your operating system, and send it to the Technical Support Service. Also, Technical<br />
Support Service specialists may ask you to create a trace file. The trace file allows you to trace the process of executing<br />
the application's commands step-by-step and find out on which stage of the application's operation an error has<br />
occurred.<br />
After Technical Support Service specialists analyze the data that you have sent, they can create an AVZ script and send<br />
it to you. Running AVZ scripts allows you to analyze active processes for malicious code, scan the system for malicious<br />
code, disinfect / delete infected files, and create reports on results of system scans.<br />
179
U S E R G U I D E<br />
CREATING A SYSTEM STATE REPORT<br />
To create a system state report:<br />
1. Open the main application window.<br />
2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support<br />
Tools link.<br />
3. In the Support Tools window that opens, click the Create system state report button.<br />
The system state report is created in HTML and XML formats and is saved in the archive sysinfo.zip. Once the<br />
information has been gathered, you can view the report.<br />
To view the report:<br />
1. Open the main application window.<br />
2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support<br />
Tools link.<br />
3. In the Support Tools window that opens, click the View button.<br />
4. Open the sysinfo.zip archive which contains the report files.<br />
CREATING A TRACE FILE<br />
To create a trace file:<br />
1. Open the main application window.<br />
2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support<br />
Tools link.<br />
3. In the Support Tools window that opens, specify the trace level from the drop-down list in Traces section.<br />
It is recommended that the required trace level be clarified by a Technical Support Service specialist. In the<br />
absence of guidance from the Technical Support Service, you are advised to set the trace level to 500.<br />
4. To start the trace process, click the Enable button.<br />
5. Reconstruct the situation in which the problem occurred.<br />
6. To stop the trace process, click the Disable button.<br />
You can switch to uploading tracing results (see section "Sending data files" on page 180) to <strong>Kaspersky</strong> Lab's server.<br />
SENDING DATA FILES<br />
After you have created the trace files and the system state report, you need to send them to <strong>Kaspersky</strong> Lab Technical<br />
Support Service experts.<br />
You will need a request number to upload data files to the Technical Support Service server. This number is available in<br />
your My <strong>Kaspersky</strong> Account on the Technical Support Service website if your request is active.<br />
180
C O N T A C T I N G T H E T E C H N I C A L S U P P O R T S E R V I C E<br />
To upload the data files to the Technical Support Service server:<br />
1. Open the main application window.<br />
2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support<br />
Tools link.<br />
3. In the Support Tools window that opens, in the Actions section, click the Upload information for Technical<br />
Support Service to the server button.<br />
The Uploading information for Technical Support Service to the server window will open.<br />
4. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the<br />
Send button.<br />
The Request number window will open.<br />
5. Specify the number assigned to your request by contacting the Technical Support Service through My<br />
<strong>Kaspersky</strong> Account and click the OK button.<br />
The selected data files are packed and sent to the Technical Support Service server.<br />
If for any reason it is not possible to contact the Technical Support Service, the data files can be stored on your computer<br />
and later sent from My <strong>Kaspersky</strong> Account.<br />
To save data files on a disk:<br />
1. Open the main application window.<br />
2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support<br />
Tools link.<br />
3. In the Support Tools window that opens, in the Actions section, click the Upload information for Technical<br />
Support Service to the server button.<br />
The Uploading information for Technical Support Service to the server window will open.<br />
4. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the<br />
Send button.<br />
The Request number window will open.<br />
5. Click the Cancel button and confirm saving the files on the disk by clicking the Yes button in the window that<br />
opens.<br />
The archive saving window will open.<br />
6. Specify the archive name and confirm saving.<br />
The created archive can be sent to the Technical Support Service from My <strong>Kaspersky</strong> Account.<br />
AVZ SCRIPT EXECUTION<br />
You are advised not to change the text of an AVZ script received from <strong>Kaspersky</strong> Lab experts. If problems occur during<br />
script execution, please contact the Technical Support Service (see section "How to get technical support" on page 179).<br />
181
U S E R G U I D E<br />
To run the AVZ script:<br />
1. Open the main application window.<br />
2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support<br />
Tools link.<br />
3. In the Support Tools window that opens, click the Execute AVZ script button.<br />
If the script successfully executes, the Wizard closes. If an error occurs during script execution, the Wizard displays a<br />
message to that effect.<br />
TECHNICAL SUPPORT BY PHONE<br />
If an urgent issue arises, you can call specialists from the Russian-speaking or international Technical Support Service<br />
by phone (http://support.kaspersky.com/support/support_local).<br />
Before contacting the Technical Support Service, you should collect information<br />
(http://support.kaspersky.com/support/details) about your computer and anti-virus applications installed on it. This will<br />
allow our specialists to help you more quickly.<br />
OBTAINING TECHNICAL SUPPORT VIA MY KASPERSKY<br />
ACCOUNT<br />
My <strong>Kaspersky</strong> Account is your personal area (https://my.kaspersky.com) on the Technical Support Service website.<br />
To obtain access to My <strong>Kaspersky</strong> Account, you should go through the registration procedure on the registration page<br />
(https://my.kaspersky.com/registration). Enter your email address and a password to log in to My <strong>Kaspersky</strong> Account.<br />
In My <strong>Kaspersky</strong> Account, you can perform the following actions:<br />
contact the Technical Support Service and Virus Lab;<br />
contact the Technical Support Service without using email;<br />
track the status of your request in real time;<br />
view a detailed history of your requests to the Technical Support Service;<br />
receive a copy of the key file if it has been lost or removed.<br />
Technical Support by email<br />
You can send an online request to the Technical Support Service in Russian, English, German, French, or Spanish.<br />
You should specify the following data in the fields of the online request form:<br />
request type;<br />
application name and version number;<br />
request description;<br />
customer ID and password;<br />
email address.<br />
182
C O N T A C T I N G T H E T E C H N I C A L S U P P O R T S E R V I C E<br />
A specialist from the Technical Support Service sends an answer to your question to your My <strong>Kaspersky</strong> Account and to<br />
the email address that you have specified in your online request.<br />
Online request to the Virus Lab<br />
Some requests should be sent to the Virus Lab instead of the Technical Support Service.<br />
You can send requests of the following types to the Virus Lab:<br />
Unknown malicious program – you suspect that a file contains a virus but <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> has not<br />
identified it as infected.<br />
Virus Lab specialists analyze malicious code sent. If they detect a previously unknown virus, they add a<br />
corresponding description to the database, which becomes available when updating anti-virus applications.<br />
False alarm – <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> classifies the file as a virus, yet you are sure that the file is not a<br />
virus.<br />
Request for description of malicious program – you want to receive the description of a virus detected by<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, using the name of the virus.<br />
You can also send requests to the Virus Lab from the page with the request form<br />
(http://support.kaspersky.com/virlab/helpdesk.html) without being registered in My <strong>Kaspersky</strong> Account. On this page, you<br />
do not have to specify the application activation code.<br />
183
APPENDIX<br />
This section provides information that complements the document text.<br />
IN THIS SECTION:<br />
Working with the application from the command line .................................................................................................... 184<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> notifications list ................................................................................................................. 194<br />
WORKING WITH THE APPLICATION FROM THE COMMAND<br />
LINE<br />
You can work with <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from the command line. The capability is provided to perform the<br />
following operations:<br />
activating the application;<br />
starting and stopping the application;<br />
starting and stopping application components;<br />
starting and stopping tasks;<br />
obtaining information on the current status of components and tasks, as well as their statistics;<br />
starting and stopping virus scan tasks;<br />
scanning selected objects;<br />
updating databases and software modules, rolling back updates;<br />
exporting and importing security settings;<br />
opening help files using command line syntax in general and for individual commands.<br />
Command prompt syntax:<br />
avp.com [options]<br />
You should access the application from the command line from the application installation folder or by specifying the full<br />
path to avp.com.<br />
The list of commands used to control the application and its components is provided in the table below.<br />
START<br />
Starts a component or a task.<br />
STOP<br />
STATUS<br />
Stops a component or a task. The command can only be executed if the password assigned via the<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> interface is entered.<br />
Displays the current status of a component or task on the screen.<br />
184
A P P E N D I X<br />
STATISTICS<br />
HELP<br />
SCAN<br />
UPDATE<br />
ROLLBACK<br />
EXIT<br />
IMPORT<br />
Displays the statistics for a component or task on the screen.<br />
Displays the list of commands and command syntax information.<br />
Scans objects for viruses.<br />
Starts the application update.<br />
Rolls back to the last <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> update made. The command can only be executed if<br />
the password assigned via the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> interface is entered.<br />
Closes the application. The command can only be run if the password assigned via the application<br />
interface is entered.<br />
Imports application protection settings. The command can only be executed if the password assigned<br />
via the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> interface is entered.<br />
EXPORT<br />
Exports the application protection settings.<br />
Each command requires its own specific set of settings.<br />
IN THIS SECTION:<br />
Activating the application............................................................................................................................................... 185<br />
Starting the application .................................................................................................................................................. 186<br />
Stopping the application ................................................................................................................................................ 186<br />
Managing application components and tasks................................................................................................................ 186<br />
Virus scan ..................................................................................................................................................................... 188<br />
Updating the application ................................................................................................................................................ 190<br />
Rolling back the last update .......................................................................................................................................... 191<br />
Exporting protection settings ......................................................................................................................................... 191<br />
Importing protection settings ......................................................................................................................................... 191<br />
Creating a trace file ....................................................................................................................................................... 192<br />
Viewing Help ................................................................................................................................................................. 192<br />
Return codes of the command line ................................................................................................................................ 192<br />
ACTIVATING THE APPLICATION<br />
You can activate <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> using a key file.<br />
Command syntax:<br />
avp.com ADDKEY <br />
The table below describes the settings of command execution.<br />
<br />
Application key file name with the *.key extension.<br />
185
U S E R G U I D E<br />
Example:<br />
avp.com ADDKEY 1AA111A1.key<br />
STARTING THE APPLICATION<br />
Command syntax:<br />
avp.com<br />
STOPPING THE APPLICATION<br />
Command syntax:<br />
avp.com EXIT /password=<br />
A description of parameters is provided in the table below.<br />
<br />
Application password specified in the interface.<br />
Note that this command is not accepted without a password.<br />
MANAGING APPLICATION COMPONENTS AND TASKS<br />
Command syntax:<br />
avp.com [/R[A]:]<br />
avp.com STOP /password= [/R[A]:]<br />
Descriptions of commands and settings are given in the table below.<br />
<br />
You can manage <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> components and tasks from the command<br />
prompt with the following commands:<br />
START – start a protection component or a task.<br />
STOP – stop a protection component or a task.<br />
STATUS – display the current status of a protection component or a task.<br />
STATISTICS – output statistics to the screen for a protection component or a task.<br />
Note that the STOP command will not be accepted without a password.<br />
<br />
You can specify any protection component of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>, component<br />
module, on-demand scan or update task as the value for the setting (the<br />
standard values used by the application are shown in the table below).<br />
You can specify the name of any on-demand scan or update task as the value for the<br />
setting.<br />
<br />
/R[A]:<br />
Application password specified in the interface.<br />
/R: – log only important events in the report.<br />
/RA: – log all events in the report.<br />
You can use an absolute or relative path to the file. If the setting is not defined, scan<br />
results are displayed on the screen, and all events are shown.<br />
In the setting, you should specify one of the values given in the table below.<br />
186
A P P E N D I X<br />
RTP<br />
FW<br />
HIPS<br />
pdm<br />
FM<br />
EM<br />
WM<br />
All protection components.<br />
The avp.com START RTP command runs all the protection components if the<br />
protection has been completely disabled.<br />
If the component has been disabled using the STOP command from the command<br />
prompt, it is not launched by the avp.com START RTP command. In order to start<br />
it, you should execute the avp.com START command with the name of<br />
the specific protection component entered for , for example, avp.com<br />
START FM.<br />
Firewall.<br />
Application Control.<br />
Proactive Defense.<br />
File Anti-Virus.<br />
Mail Anti-Virus.<br />
Web Anti-Virus.<br />
Values for Web Anti-Virus subcomponents:<br />
httpscan (HTTP) – scan HTTP traffic;<br />
sc – scan scripts.<br />
IM<br />
AB<br />
AS<br />
PC<br />
AP<br />
ids<br />
Updater<br />
Rollback<br />
Scan_My_Computer<br />
Scan_Objects<br />
Scan_Quarantine<br />
Scan_Startup (STARTUP)<br />
Scan_Vulnerabilities (SECURITY)<br />
IM Anti-Virus.<br />
Anti-Banner.<br />
Anti-Spam.<br />
Parental Control.<br />
Anti-Phishing.<br />
Network Attack Blocker.<br />
Update.<br />
Rolling back the last update.<br />
Scan.<br />
Objects Scan.<br />
Quarantine scan.<br />
Startup Objects Scan.<br />
Vulnerability Scan.<br />
Components and tasks started from the command prompt are run with the settings configured in the application<br />
interface.<br />
Examples:<br />
To enable File Anti-Virus, enter the following command:<br />
187
U S E R G U I D E<br />
avp.com START FM<br />
To stop a computer scan, enter the following command:<br />
avp.com STOP Scan_My_Computer /password=<br />
VIRUS SCAN<br />
Starting a scan of a certain area for viruses and processing malicious objects from the command prompt generally looks<br />
like this:<br />
avp.com SCAN [] [] [] []<br />
[] [] []<br />
To scan objects, you can also use the tasks created in the application by starting the one you need from the command<br />
line. The task will be run with the settings specified in the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> interface.<br />
A description of parameters is provided in the table below.<br />
– this parameter gives the list of objects that are scanned for malicious code.<br />
The parameter may include several space-separated values from the list provided.<br />
<br />
List of paths to the files and folders to be scanned.<br />
You can enter an absolute or relative path to the file. Items on the list are separated by a<br />
space.<br />
Comments:<br />
if the object name contains a space, it must be placed in quotation marks;<br />
if reference is made to a specific folder, all files in this folder are scanned.<br />
/MEMORY<br />
/STARTUP<br />
/MAIL<br />
/REMDRIVES<br />
/FIXDRIVES<br />
/NETDRIVES<br />
/QUARANTINE<br />
/ALL<br />
/@:<br />
RAM objects.<br />
Startup objects.<br />
Mailboxes.<br />
All removable media drives.<br />
All internal drives.<br />
All network drives.<br />
Quarantined objects.<br />
Full computer scan.<br />
Path to a file containing a list of objects and catalogs to be scanned. You can enter an absolute<br />
or relative path to the file with the list. The path must be indicated without quotation marks even<br />
if it contains a space.<br />
The file with the list of objects should be in a text format. Each scan object should be listed on<br />
a separate line.<br />
You are advised to specify absolute paths to objects to be scanned. When specifying a relative<br />
path, you must specify the path relative to the executable file of an application, not relative to<br />
the file with the list of objects to be scanned.<br />
188
A P P E N D I X<br />
– this parameter determines what action will be taken with malicious objects detected during the scan. If this<br />
parameter has not been defined, the default action is the one with the value of /i8.<br />
If you are working in automatic mode, then <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> automatically applies the action recommended by<br />
<strong>Kaspersky</strong> Lab's specialists when dangerous objects are detected. An action which corresponds to the <br />
parameter value is ignored.<br />
/i0 Take no action with regard to the object; record information about it in the report.<br />
/i1 Disinfect infected objects; skip if disinfection fails.<br />
/i2 Disinfect infected objects; skip if disinfection fails; do not delete infected objects from<br />
compound objects; delete infected compound objects with executable headers (sfx archives).<br />
/i3 Disinfect infected objects; skip if disinfection fails; delete all compound objects completely if<br />
infected embedded files cannot be deleted.<br />
/i4 Delete infected objects. Delete all compound objects completely if the infected parts cannot be<br />
deleted.<br />
/i8 Prompt the user for action if an infected object is detected.<br />
/i9 Prompt the user for action at the end of the scan.<br />
– this parameter defines the file types that are subject to an anti-virus scan. By default, if this parameter is<br />
not defined, only infectable files by contents are scanned.<br />
/fe<br />
/fi<br />
/fa<br />
Scan only infectable files by extension.<br />
Scan only infectable files by contents.<br />
Scan all files.<br />
– this parameter defines objects that are excluded from the scan.<br />
The parameter may include several space-separated values from the list provided.<br />
-e:a<br />
-e:b<br />
-e:m<br />
-e:<br />
-e:<br />
-es:<br />
Do not scan archives.<br />
Do not scan email databases.<br />
Do not scan plain text emails.<br />
Do not scan objects which match the mask.<br />
Skip objects that are scanned for longer than the time specified in the parameter.<br />
Skip objects whose size (in MB) exceeds the value specified in the setting.<br />
This setting is only available for compound files (such as archives).<br />
– defines the path to the configuration file that contains the application settings for the scan.<br />
The configuration file is in text format and contains the set of command line parameters for the anti-virus scan.<br />
You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application<br />
interface are used.<br />
/C:<br />
Use the settings' values specified in the configuration file.<br />
189
U S E R G U I D E<br />
– this parameter determines the format of the report on scan results.<br />
You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on the screen,<br />
and all events are shown.<br />
/R:<br />
Log important events in this file only.<br />
/RA:<br />
Log all events in this file.<br />
– settings that define the use of anti-virus scan technologies.<br />
/iChecker=<br />
/iSwift=<br />
Enable / disable the use of iChecker technology.<br />
Enable / disable the use of iSwift technology.<br />
Examples:<br />
Start a scan of memory, Startup programs, mailboxes, the directories My Documents and Program Files, and the file<br />
test.exe:<br />
avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My<br />
Documents" "C:\Program Files" "C:\Downloads\test.exe"<br />
Scan the objects listed in the file object2scan.txt, using the configuration file scan_setting.txt for the job. Use the<br />
scan_settings.txt configuration file. When the scan is complete, create a report to log all events:<br />
avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log<br />
A sample configuration file:<br />
/MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log<br />
UPDATING THE APPLICATION<br />
The syntax for updating the modules of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> and application databases from the command line is<br />
as follows:<br />
avp.com UPDATE [] [/R[A]:] [/C:]<br />
A description of parameters is provided in the table below.<br />
<br />
/R[A]:<br />
HTTP or FTP server or network folder for downloading updates. The value for the<br />
parameter may be in the form of a full path to an update source or a URL. If a path is not<br />
selected, the update source will be taken from the application update settings.<br />
/R: – log only important events in the report.<br />
/RA: – log all events in the report.<br />
You can use an absolute or relative path to the file. If the setting is not defined, scan<br />
results are displayed on the screen, and all events are shown.<br />
/C:<br />
Path to the configuration file that contains the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> update<br />
settings.<br />
A configuration file is a file in plain text format containing a list of command-line<br />
parameters for an application update.<br />
You can enter an absolute or relative path to the file. If this parameter is not defined, the<br />
values for the settings in the application interface are used.<br />
Examples:<br />
Update application databases and record all events in a report:<br />
avp.com UPDATE /RA:avbases_upd.txt<br />
190
A P P E N D I X<br />
Update the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> modules using the settings of the updateapp.ini configuration file:<br />
avp.com UPDATE /C:updateapp.ini<br />
A sample configuration file:<br />
"ftp://my_server/kav updates" /RA:avbases_upd.txt<br />
ROLLING BACK THE LAST UPDATE<br />
Command syntax:<br />
avp.com ROLLBACK [/R[A]:][/password=]<br />
A description of parameters is provided in the table below.<br />
/R[A]:<br />
<br />
/R: – log only important events in the report.<br />
/RA: – log all events in the report.<br />
You can use an absolute or relative path to the file. If the setting is not defined, scan results<br />
are displayed on the screen, and all events are shown.<br />
Application password specified in the interface.<br />
Note that this command is not accepted without a password.<br />
Example:<br />
avp.com ROLLBACK /RA:rollback.txt /password=<br />
EXPORTING PROTECTION SETTINGS<br />
Command syntax:<br />
avp.com EXPORT <br />
The table below describes the settings of command execution.<br />
<br />
<br />
Component or task for which the settings are being exported.<br />
For the setting, you can use any value listed in the "Managing application components and<br />
tasks" Help section.<br />
Path to the file to which the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> settings are being exported. An absolute or<br />
a relative path may be specified.<br />
The configuration file is saved in binary format (DAT), if no other format is specified, or it is not<br />
specified at all; it can be used later to export application settings onto other computers. The<br />
configuration file can also be saved as a text file. To do so, type the .txt extension in the file name.<br />
Note that you cannot import protection settings from a text file. This file can only be used to specify<br />
the main settings for <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> operation.<br />
Example:<br />
avp.com EXPORT RTP c:\settings.dat<br />
IMPORTING PROTECTION SETTINGS<br />
Command syntax:<br />
avp.com IMPORT [/password=]<br />
The table below describes the settings of command execution.<br />
191
U S E R G U I D E<br />
<br />
Path to the file from which the <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> settings are imported. An absolute or a<br />
relative path may be specified.<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> password specified in the application interface. <strong>Security</strong> parameters can<br />
only be imported from a binary file.<br />
Note that this command is not accepted without a password.<br />
Example:<br />
avp.com IMPORT c:\settings.dat /password=<br />
CREATING A TRACE FILE<br />
Trace file creation may be required in case of problems in <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> operation. This will help Technical<br />
Support Service specialists to diagnose problems more accurately.<br />
We only recommend creating trace files for troubleshooting a specific problem. Regularly enabling traces may slow down<br />
your computer and fill up your hard drive.<br />
Command syntax:<br />
avp.com TRACE [file] [on|off] []<br />
A description of parameters is provided in the table below.<br />
[on|off]<br />
[file]<br />
Enable / disable trace file creation.<br />
Output trace to file.<br />
This setting can be a value from 0 (minimum level, only critical messages) to 700<br />
(maximum level, all messages).<br />
Examples:<br />
To disable trace file creation:<br />
avp.com TRACE file off<br />
Technical Support will tell you what trace level you need when you contact Technical<br />
Support. If the level is not specified, we recommend setting the value to 500.<br />
To create a trace file to be sent to Technical Support with a maximum trace level of 500:<br />
avp.com TRACE file on 500<br />
VIEWING HELP<br />
The following command is used to view help about the command line syntax:<br />
avp.com [ /? | HELP ]<br />
You can use one of the following commands to view help information about the syntax of a specific command:<br />
avp.com /?<br />
avp.com HELP <br />
192
A P P E N D I X<br />
RETURN CODES OF THE COMMAND LINE<br />
This section describes the return codes of the command line (see table below). The general codes may be returned by<br />
any command from the command line. The return codes include general codes, as well as codes specific to a certain<br />
type of task.<br />
GENERAL RETURN CODES<br />
0 Operation completed successfully.<br />
1 Invalid setting value.<br />
2 Unknown error.<br />
3 Task completion error.<br />
4 Task cancelled.<br />
VIRUS SCAN TASK RETURN CODES<br />
101 All dangerous objects processed.<br />
102 Hazardous objects detected.<br />
193
KASPERSKY INTERNET SECURITY NOTIFICATIONS LIST<br />
This section provides information about notifications that <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> may display on the screen.<br />
IN THIS SECTION:<br />
Notifications in any protection mode ............................................................................................................................. 194<br />
Notifications in interactive protection mode ................................................................................................................... 201<br />
NOTIFICATIONS IN ANY PROTECTION MODE<br />
This section provides information about notifications that are displayed both in automatic and in interactive protection<br />
mode (see section "Selecting a protection mode" on page 64).<br />
IN THIS SECTION:<br />
Special treatment required ............................................................................................................................................ 194<br />
Hidden driver download................................................................................................................................................. 195<br />
An application without a digital signature is being run ................................................................................................... 195<br />
Removable drive connected .......................................................................................................................................... 196<br />
New network detected ................................................................................................................................................... 196<br />
Unreliable certificate detected ....................................................................................................................................... 197<br />
Request for permission to access a website from a regional domain ............................................................................ 197<br />
An application that may be exploited by an intruder in order to do harm to the user's computer or data,<br />
has been detected ......................................................................................................................................................... 197<br />
Quarantined file not infected ......................................................................................................................................... 198<br />
New product version released ....................................................................................................................................... 198<br />
Technical update released ............................................................................................................................................ 199<br />
Technical update downloaded ....................................................................................................................................... 199<br />
Downloaded technical update not installed ................................................................................................................... 200<br />
License expired ............................................................................................................................................................. 200<br />
We recommend that you update the databases before scan ........................................................................................ 200<br />
SPECIAL TREATMENT REQUIRED<br />
When you detect a threat that is currently active in the system (for example, a malicious process in the RAM or in startup<br />
objects), a notification is displayed on the screen requesting the confirmation of a special advanced disinfection<br />
procedure.<br />
194
A P P E N D I X<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type of threat and name of the malicious object as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with<br />
information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus<br />
Encyclopedia website and obtain more detailed information about the threat posed by the object.<br />
File name of the malicious object, including the path to it.<br />
You can select one of the following actions:<br />
Yes, disinfect with reboot – perform the special disinfection procedure (recommended).<br />
When the disinfection is in progress, all applications are blocked except for trusted ones. When the disinfection<br />
is complete, the operating system will be restarted, so it is recommended that you save the changes that you<br />
have made and close all applications before starting the disinfection. After restarting your computer, you are<br />
advised to run a full virus scan.<br />
Do not run – the detected object or process will be processed according to the selected action.<br />
To apply the selected action automatically every time such situation reoccurs, check the Apply to all objects box.<br />
HIDDEN DRIVER DOWNLOAD<br />
Some malicious applications download drivers onto the computer without being noticed by the user, after which the<br />
malicious application's activity cannot be controlled by <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>. Useful applications seldom use such<br />
methods for downloading drivers.<br />
When Application Control detects an attempt to download a driver covertly, it displays a notification on the screen.<br />
The notification provides the following information:<br />
Description of the threat.<br />
Name of the driver file, including the path to it.<br />
The icon is displayed next to the name of the file. Clicking the icon opens a window with information about<br />
the driver.<br />
You can select one of the following actions:<br />
Allow now – allow downloading the driver and adding it into the list of exclusions.<br />
Block now – block driver download.<br />
Quarantine – block driver download and move the driver file to Quarantine.<br />
AN APPLICATION WITHOUT A DIGITAL SIGNATURE IS BEING RUN<br />
When Application Control detects an application without digital signature and with high threat rating according to the<br />
heuristic analysis that runs on your computer, it displays a notification on the screen.<br />
195
U S E R G U I D E<br />
The notification provides the following information:<br />
Description of the threat.<br />
Name of the application being run.<br />
The icon is displayed next to the name of the application. Clicking the icon opens a window with information<br />
about the application.<br />
Information about the number of users that use the application and trust it.<br />
You can select one of the following actions:<br />
Yes, I trust – allow opening and running the application without any restrictions.<br />
Restrict the application – allow application startup, but block dangerous operations.<br />
Block – block the opening and running of the application currently and in the future.<br />
REMOVABLE DRIVE CONNECTED<br />
When a removable drive is connected to the computer, a notification appears on the screen.<br />
You can select one of the following actions:<br />
Quick Scan – scan only files stored on the removable drive that can pose a potential threat.<br />
Full Scan – scan all files stored on the removable drive.<br />
Do not scan – do not scan the removable drive.<br />
To apply the selected action to all removable drives that may be connected in the future, check the Always perform in<br />
such cases box.<br />
NEW NETWORK DETECTED<br />
Every time your computer connects to a new zone (i.e. network), a notification is displayed on the screen.<br />
The top part of the notification window provides information about the network:<br />
the network adapter used for network connection;<br />
network type (for example, "wireless");<br />
name of the network.<br />
The lower part of the window prompts you to assign a status to the network and network activity is allowed on the basis<br />
of that status:<br />
Yes, it is a trusted network. It is only recommended to apply this status to safe networks, where your<br />
computer is not exposed to attacks and attempts of unauthorized access to your data.<br />
Local network. This status is recommended to apply to networks with a medium risk factor (for example,<br />
corporate LANs).<br />
No, it is a public network. A high-risk network in which your computer is in danger of any possible type of<br />
threat. This status is also recommended to apply to networks that are not protected with anti-virus applications,<br />
firewalls, or filters. When you select this status, the application ensures maximum security of your computer in<br />
this zone.<br />
196
A PPEND I X<br />
UNRELIABLE CERTIFICATE DETECTED<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> verifies security of the connection established via the SSL protocol using an installed<br />
certificate. If an invalid certificate is detected when the connection to the server is attempted (for example, if the<br />
certificate is replaced by an intruder), a notification is displayed on screen.<br />
The notification provides the following information:<br />
description of the threat;<br />
a link for viewing the certificate;<br />
probable causes of the error;<br />
the URL of the web resource.<br />
You can select one of the following actions:<br />
Yes, accept the untrusted certificate – proceed with connecting to the web resource.<br />
Deny certificate – interrupt the connection with the website.<br />
REQUEST FOR PERMISSION TO ACCESS A WEBSITE FROM A REGIONAL<br />
DOMAIN<br />
If you attempt to access a website from a regional domain that is not recognized as neither blocked nor allowed, a<br />
notification is displayed on the screen.<br />
The notification provides the following information:<br />
a description of the reason for blocking access to the website;<br />
the name of the region to which the website belongs;<br />
the domain and level of infectiousness of websites in this domain;<br />
the URL of the website;<br />
the name of the application that has attempted to access the website.<br />
You can select one of the following actions:<br />
Yes, allow request – load the website.<br />
No, block request – cancel website loading.<br />
To apply the selected action to all websites from this regional domain, check the Remember for this region box.<br />
AN APPLICATION THAT MAY BE EXPLOITED BY AN INTRUDER IN ORDER TO<br />
DO HARM TO THE USER'S COMPUTER OR DATA, HAS BEEN DETECTED<br />
When Activity Monitor detects an application that may be exploited by an intruder in order to do harm to the user's<br />
computer or data, a notification is displayed on the screen.<br />
197
U S E R G U I D E<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type and name of the application that may be exploited by an intruder in order to do harm to the user's<br />
computer or data.<br />
The icon is displayed next to the name of the application. Clicking the icon opens a window with information<br />
about the application.<br />
ID of the process and name of the application file, including the path to it.<br />
Link to the window with the application emergence log.<br />
You can select one of the following actions:<br />
Allow – allow the application to run.<br />
Quarantine – close the application, move the application file to Quarantine where it poses no threat to your<br />
computer's security.<br />
With further scans of Quarantine, the status of the object may change. For example, the object may be identified<br />
as infected and can be processed using an updated database. Otherwise, the object could be assigned the not<br />
infected status and then restored.<br />
The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than<br />
three days after it is moved to Quarantine.<br />
Terminate application – interrupt the execution of the application.<br />
Add to exclusions – always allow the application to perform such actions in the future.<br />
QUARANTINED FILE NOT INFECTED<br />
By default, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> scans quarantined files after each update of the databases. If the scan of a<br />
quarantined file shows that it is not infected, a notification is displayed on the screen.<br />
The notification provides the following information:<br />
a recommendation to restore the quarantined file;<br />
the name of the file, including the path to the folder in which it had been stored before it was moved to<br />
Quarantine.<br />
You can select one of the following actions:<br />
Restore – restore the file by removing it from Quarantine and moving it to the folder in which this file had been<br />
stored before it was moved to Quarantine.<br />
Cancel – leave the file in Quarantine.<br />
NEW PRODUCT VERSION RELEASED<br />
When a new version of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> has been released and is available for downloading from <strong>Kaspersky</strong><br />
Lab servers, a notification is displayed on the screen.<br />
198
A P P E N D I X<br />
The notification provides the following information:<br />
a link to a window with detailed information about the newly released version of the application;<br />
the size of the installation package.<br />
You can select one of the following actions:<br />
Yes, download – download the installation package of the new application version into the selected folder.<br />
No – cancel the installation package download.<br />
If you do not want the notification of the new application version to be displayed on the screen in the future, check the Do<br />
not inform of this update box.<br />
TECHNICAL UPDATE RELEASED<br />
When a technical update of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> has been released and is available for downloading from<br />
<strong>Kaspersky</strong> Lab servers, a notification is displayed on the screen.<br />
The notification provides the following information:<br />
the number of the application version installed on your computer;<br />
the number of the application version after the expected technical update;<br />
a link to a window with detailed information about the technical update;<br />
the size of the update file.<br />
You can select one of the following actions:<br />
Yes, download – download the update file into the selected folder.<br />
No – cancel the update download. This option is available if the Do not inform of this update box is checked<br />
(see below).<br />
No, remind later – cancel the immediate download and receive a reminder to update later. This option is<br />
available if the Do not inform of this update box is unchecked (see below).<br />
If you do not want this notification to be displayed on the screen in the future, check the Do not inform of this update<br />
box.<br />
TECHNICAL UPDATE DOWNLOADED<br />
When downloading of the technical update of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> from <strong>Kaspersky</strong> Lab servers is completed, a<br />
notification is displayed on the screen.<br />
The notification provides the following information:<br />
the number of the application version after the technical update;<br />
a link to the update file.<br />
199
U S E R G U I D E<br />
You can select one of the following actions:<br />
Yes, install – install the update.<br />
After the update is installed, you need to reboot your operating system.<br />
Postpone installation – cancel installation to perform it later.<br />
DOWNLOADED TECHNICAL UPDATE NOT INSTALLED<br />
If a technical update of <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> has been downloaded but not installed on your computer, a<br />
notification is displayed on the screen.<br />
The notification provides the following information:<br />
the number of the application version after the technical update;<br />
a link to the update file.<br />
You can select one of the following actions:<br />
Yes, install – install the update.<br />
After the update is installed, you need to reboot your operating system.<br />
Postpone installation – cancel installation to perform it later.<br />
If you do not want notification of this update to be displayed on the screen in the future, check the Do not ask until new<br />
version is available box.<br />
LICENSE EXPIRED<br />
When the trial license expires, <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> displays a notification on the screen.<br />
The notification provides the following information:<br />
the length of the trial period;<br />
information about the application operation outcome (may include a link to more details).<br />
You can select one of the following actions:<br />
Yes, purchase – selecting this option opens a browser window and loads the eStore web page where you can<br />
purchase the commercial license.<br />
Cancel – stop using the application. If you select this option, the application stops performing all of its main<br />
functions (virus scan, update, real-time protection, etc.).<br />
WE RECOMMEND THAT YOU UPDATE THE DATABASES BEFORE SCAN<br />
If you initiate scan tasks before or during the first update of the databases, a notification is displayed on the screen.<br />
The notification contains a recommendation to update the databases or wait until the update is completed before scan.<br />
You can select one of the following actions:<br />
200
A P P E N D I X<br />
Update databases before scan – start updating the databases, after which the scan task starts automatically.<br />
This action option is unavailable if you have started the scan task before the first update of the databases.<br />
Start scan after update – wait until the update of the databases is completed and start the scan task<br />
automatically. This action option is unavailable if you have started the scan task during the first update of the<br />
databases.<br />
Start scan now – start the scan task without waiting for the update of the databases is completed.<br />
NOTIFICATIONS IN INTERACTIVE PROTECTION MODE<br />
This section provides information about notifications that are displayed in interactive protection mode (see section<br />
"Selecting a protection mode" on page 64).<br />
IN THIS SECTION:<br />
Network activity of an application has been detected .................................................................................................... 202<br />
A suspicious / malicious object detected ....................................................................................................................... 202<br />
Vulnerability detected .................................................................................................................................................... 203<br />
Request for permission for an application's actions ...................................................................................................... 204<br />
Dangerous activity detected in the system .................................................................................................................... 204<br />
Rolling back changes made by the application that may be exploited by an intruder in order to do harm<br />
to the user's computer or data ....................................................................................................................................... 205<br />
Malicious application detected ...................................................................................................................................... 205<br />
An application that may be exploited by intruders, is detected ...................................................................................... 206<br />
Suspicious / malicious link detected .............................................................................................................................. 207<br />
Dangerous object detected in traffic .............................................................................................................................. 207<br />
Attempt to access a phishing website detected ............................................................................................................. 208<br />
Attempt to access the system registry detected ............................................................................................................ 208<br />
Object cannot be disinfected ......................................................................................................................................... 208<br />
Hidden process detected............................................................................................................................................... 209<br />
Blocked domain region / Access denied........................................................................................................................ 210<br />
Dangerous web resource .............................................................................................................................................. 210<br />
No information on whether the web resource is safe .................................................................................................... 210<br />
It is recommended that you switch to Safe Run for Websites ....................................................................................... 211<br />
It is recommended that you quit Safe Run for Websites ............................................................................................... 211<br />
201
U S E R G U I D E<br />
NETWORK ACTIVITY OF AN APPLICATION HAS BEEN DETECTED<br />
If any network activity of an application is detected (by default, effective for applications included in the Low Restricted<br />
or High Restricted groups), a notification is displayed on the screen.<br />
The notification is displayed if <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> runs in interactive mode (see section "Selecting a protection<br />
mode" on page 64), and if no packet rule is created for the application, whose activity has been detected (see page 111).<br />
The notification contains the following information:<br />
the name of the application and a brief description of the connection that it initiates;<br />
information about the connection (connection type, local and remote port, address to which the connection is<br />
established);<br />
application run sequence.<br />
You can select one of the following actions:<br />
Allow now.<br />
Block now.<br />
Create a rule. If you select this option, the Firewall window opens, where you can create a rule to manage the<br />
network activity of the application (see section "Editing application rules" on page 112).<br />
You can allow or block the network activity of the application once or for a longer period by selecting one of the following<br />
actions:<br />
Allow now or Block now – once allow or block the network activity of the application.<br />
Allow now or Block now (when the Apply to current application session box is checked) – remember the<br />
selected action for the current session of the application that has shown network activity.<br />
If the Apply always box is checked in the window, you can click the always link to change its name to Apply to<br />
current application session.<br />
Allow now or Block now (when the Apply always box is checked) – remember the action selected for the<br />
application and always apply it subsequently.<br />
If the Apply to current application session box is checked in the window, you can click the to current<br />
application session link to change its name to Apply always.<br />
A SUSPICIOUS / MALICIOUS OBJECT DETECTED<br />
While File Anti-Virus, Mail Anti-Virus, or a virus scan is running, a notification is displayed on the screen if any of the<br />
following objects is detected:<br />
malicious object;<br />
object that contains the code of an unknown virus;<br />
object that contains the modified code of an unknown virus.<br />
202
A P P E N D I X<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type of threat and name of the malicious object as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with<br />
information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus<br />
Encyclopedia website and obtain more detailed information about the threat posed by the object.<br />
File name of the malicious object, including the path to it.<br />
You can select one of the following responses to the object:<br />
Disinfect – attempt to disinfect the malicious object. This option is suggested if the threat is known.<br />
Before disinfecting the object, a backup copy of it is created.<br />
Quarantine – move the object to Quarantine where it will pose no threat to your computer. This option is<br />
suggested if neither the threat nor any ways of disinfecting the object are known.<br />
With further scans of Quarantine, the status of the object may change. For example, the object may be identified<br />
as infected and can be processed using an updated database. Otherwise, the object could be assigned the not<br />
infected status and then restored.<br />
The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than<br />
three days after it is moved to Quarantine.<br />
Delete – delete the object. Before deleting the object, a backup copy of it is created.<br />
Ignore / Block – block access to the object, but perform no actions with regard to it; simply record information<br />
about it in a report.<br />
You can return to the processing of skipped objects in the report window. However, you cannot postpone the<br />
processing of objects detected in email messages.<br />
To apply the selected action to all threats of the same type detected in the current session of a protection component or<br />
task, check the Apply to all objects box. The current session is the time from when the component is started until it is<br />
disabled or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is restarted or the time from beginning a virus scan until it is complete.<br />
If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to keep the<br />
program from making repeat false positives when you use the object.<br />
VULNERABILITY DETECTED<br />
A notification is displayed on the screen if a vulnerability is detected.<br />
The notification contains the following information:<br />
Descriptions of the vulnerability.<br />
The name of the vulnerability as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name. Clicking the icon opens a window with information about the<br />
vulnerability. Clicking www.securelist.com in the window takes you to the Virus Encyclopedia website, where<br />
you can obtain more detailed information about the vulnerability.<br />
File name of the vulnerable object, including the path to it.<br />
203
U S E R G U I D E<br />
You can select one of the following responses to the object:<br />
Yes, fix – eliminate the vulnerability.<br />
Ignore – take no actions on the vulnerable object.<br />
REQUEST FOR PERMISSION FOR AN APPLICATION'S ACTIONS<br />
If an application attempts to perform an action about whose security or necessity <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is unaware,<br />
a notification is displayed on the screen.<br />
The notification provides the following information:<br />
Name and icon<br />
of the application. Clicking the icon opens a window with information about the application.<br />
Description of the application's actions.<br />
Location of the application file.<br />
Application run sequence.<br />
You can block or allow the application run by selecting one of the following actions:<br />
Make trusted – move the application to the Trusted group (so that the application will always be allowed to run).<br />
Allow now – allow the application run once.<br />
Block now – block the application run once.<br />
Terminate application and make untrusted – move the application to the Untrusted group (so that the<br />
application will always be prohibited to run).<br />
DANGEROUS ACTIVITY DETECTED IN THE SYSTEM<br />
When Proactive Defense detects dangerous application activity on your system, a notification pops up.<br />
The notification contains the following information:<br />
Description of the threat.<br />
Type of threat and name of the malicious object as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with<br />
information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus<br />
Encyclopedia website and obtain more detailed information about the threat posed by the object.<br />
ID of the process and name of the application file, including the path to it.<br />
You can select one of the following actions:<br />
Allow – allow the application to run.<br />
Quarantine – close the application, move the application file to Quarantine where it poses no threat to your<br />
computer's security.<br />
With further scans of Quarantine, the status of the object may change. For example, the object may be identified<br />
as infected and can be processed using an updated database. Otherwise, the object could be assigned the not<br />
infected status and then restored.<br />
204
A P P E N D I X<br />
The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than<br />
three days after it is moved to Quarantine.<br />
Terminate application – interrupt the execution of the application.<br />
Add to exclusions – always allow the application to perform such actions in the future.<br />
If you are sure that the program detected is not dangerous, we recommend adding it to the trusted zone to avoid<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> making repeat false positives when detecting it.<br />
ROLLING BACK CHANGES MADE BY THE APPLICATION THAT MAY BE<br />
EXPLOITED BY AN INTRUDER IN ORDER TO DO HARM TO THE USER'S<br />
COMPUTER OR DATA<br />
We recommend that you roll back (discard) changes made by the application that may be exploited by an intruder in<br />
order to do harm to the user's computer or data. When such an application ceases its activity, a notification is displayed<br />
on the screen, requesting a rollback of changes.<br />
The notification provides the following information:<br />
Requesting a rollback of changes made by the application that may be exploited by an intruder in order to do<br />
harm to the user's computer or data.<br />
Type and name of the application.<br />
The icon is displayed next to the name of the application. Clicking the icon opens a window with information<br />
about the application.<br />
ID of the process and name of the application file, including the path to it.<br />
You can select one of the following actions:<br />
Skip – cancel changes rollback.<br />
Yes, roll back – roll back the changes made by the application.<br />
MALICIOUS APPLICATION DETECTED<br />
When System Watcher detects an application whose behavior completely matches the activities of malicious<br />
applications, a notification is displayed on the screen.<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type and name of the malicious application.<br />
The icon is displayed next to the name of the application. Clicking the icon opens a window with information<br />
about the application.<br />
ID of the process and name of the application file, including the path to it.<br />
Link to the window with the application emergence log.<br />
205
U S E R G U I D E<br />
You can select one of the following actions:<br />
Allow – allow the application to run.<br />
Quarantine – close the application, move the application file to Quarantine where it poses no threat to your<br />
computer's security.<br />
With further scans of Quarantine, the status of the object may change. For example, the object may be identified<br />
as infected and can be processed using an updated database. Otherwise, the object could be assigned the not<br />
infected status and then restored.<br />
The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than<br />
three days after it is moved to Quarantine.<br />
Terminate application – interrupt the execution of the application.<br />
Add to exclusions – always allow the application to perform such actions in the future.<br />
AN APPLICATION THAT MAY BE EXPLOITED BY INTRUDERS, IS DETECTED<br />
If File Anti-Virus, Mail Anti-Virus, or the virus scan task detects an application that may be exploited by intruders, a<br />
notification is displayed on the screen.<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type of the threat and name of the object as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name of the object. Clicking the icon opens a window with information about<br />
the object. Clicking the www.securelist.com link in the window allows you to go to the Virus Encyclopedia<br />
website and obtain more details.<br />
Name of the object file, including the path to it.<br />
You can select one of the following responses to the object:<br />
Quarantine – move the object to Quarantine where it will pose no threat to your computer. This option is<br />
suggested if neither a threat nor any ways of disinfecting the object are known.<br />
With further scans of Quarantine, the status of the object may change. For example, the object may be identified<br />
as infected and can be processed using an updated database. Otherwise, the object could be assigned the not<br />
infected status and then restored.<br />
The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than<br />
three days after it is moved to Quarantine.<br />
Delete – delete the object. Before deleting the object, a backup copy of it is created.<br />
Delete archive - delete password-protected archive.<br />
Ignore / Block – block access to the object, but perform no actions with regard to it; simply record information<br />
about it in a report.<br />
You can return to the processing of skipped objects in the report window. However, you cannot postpone the<br />
processing of objects detected in email messages.<br />
Add to exclusions – create an exclusion rule for this threat type.<br />
206
A P P E N D I X<br />
To apply the selected action to all threats of the same type detected in the current session of a protection component or<br />
task, check the Apply to all objects box. The current session is the time from when the component is started until it is<br />
disabled or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is restarted or the time from beginning a virus scan until it is complete.<br />
If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to keep the<br />
program from making repeat false positives when you use the object.<br />
SUSPICIOUS / MALICIOUS LINK DETECTED<br />
When <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> detects an attempt to go to a website with suspicious or malicious content, a<br />
notification is displayed on the screen.<br />
The notification provides the following information:<br />
description of the threat;<br />
the name of the application (browser) using which the website was loaded;<br />
the URL of the website or web page with suspicious or malicious content.<br />
You can select one of the following actions:<br />
Allow – continues the website download.<br />
Block – blocks the website download.<br />
To apply the selected action to all websites with threats of the same type detected in the current session of a protection<br />
component, check the Apply to all objects box. The current session is the time from the moment the component was<br />
started until the moment it was closed or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> was restarted.<br />
DANGEROUS OBJECT DETECTED IN TRAFFIC<br />
When Web Anti-Virus detects a malicious object in traffic, a special notification is displayed on the screen.<br />
The notification contains the following information:<br />
A description of the threat or the actions performed by the application.<br />
Name of the application which performs the action.<br />
Type of threat and name of the malicious object as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with<br />
information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus<br />
Encyclopedia website and obtain more detailed information about the threat posed by the object.<br />
Object location (URL).<br />
You can select one of the following actions:<br />
Allow – continue the object download.<br />
Block – block the object download from the web resource.<br />
To apply the selected action to all threats of the same type detected in the current session of a protection component or<br />
task, check the Apply to all objects box. The current session is the time from the moment the component was started<br />
until the moment it was closed or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> was restarted.<br />
207
U S E R G U I D E<br />
ATTEMPT TO ACCESS A PHISHING WEBSITE DETECTED<br />
When <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> detects an attempt to access a website that is or may be a phishing site, a notification<br />
is displayed on the screen.<br />
The notification provides the following information:<br />
description of the threat;<br />
the URL of the website.<br />
You can select one of the following actions:<br />
Allow – continues the website download.<br />
Block – blocks the website download.<br />
To apply the selected action to all websites with threats of the same type detected in the current session of <strong>Kaspersky</strong><br />
<strong>Internet</strong> <strong>Security</strong>, check the Apply to all objects box. The current session is the time from the moment the component<br />
was started until the moment it was closed or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> was restarted.<br />
ATTEMPT TO ACCESS THE SYSTEM REGISTRY DETECTED<br />
When Proactive Defense detects an attempt to access system registry keys, a notification pops up.<br />
The notification provides the following information:<br />
the registry key being accessed;<br />
the file name of the process that initiated the attempt to access the registry keys, including the path to it.<br />
You can select one of the following actions:<br />
Allow – allows the execution of the dangerous action once;<br />
Block – blocks the dangerous action once.<br />
To apply the selected action to each attempt of obtaining access to registry keys, check the Create a rule box.<br />
If you are sure that no activity of the application that attempted to access system registry keys is dangerous, add the<br />
application to the trusted application list.<br />
OBJECT CANNOT BE DISINFECTED<br />
In some cases, an object cannot be disinfected: for example, if the file is so corrupted that the application is unable to<br />
remove malicious code from it and restore its integrity. Besides, the disinfection procedure cannot be applied to several<br />
types of malicious objects, such as Trojans. If an object cannot be disinfected, a notification is displayed on the screen.<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type of threat and name of the malicious object as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with<br />
information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus<br />
Encyclopedia website and obtain more detailed information about the threat posed by the object.<br />
File name of the malicious object, including the path to it.<br />
208
A P P E N D I X<br />
You can select one of the following actions:<br />
Delete – delete the object. Before deleting the object, a backup copy of it is created.<br />
Ignore / Block – block access to the object, but perform no actions with regard to it; simply record information<br />
about it in a report.<br />
You can return to the processing of skipped objects in the report window. However, you cannot postpone the<br />
processing of objects detected in email messages.<br />
Add to exclusions – create an exclusion rule for this threat type.<br />
To apply the selected action to all threats of the same type detected in the current session of a protection component or<br />
task, check the Apply to all objects box. The current session is the time from when the component is started until it is<br />
disabled or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> is restarted or the time from beginning a virus scan until it is complete.<br />
HIDDEN PROCESS DETECTED<br />
If Proactive Defense detects a hidden process in the system, a notification is displayed on the screen.<br />
The notification provides the following information:<br />
Description of the threat.<br />
Type and name of threat as listed in the <strong>Kaspersky</strong> Lab Virus Encyclopedia.<br />
The icon is displayed next to the name. Clicking the icon opens a window with information about the threat.<br />
Clicking www.securelist.com in the window takes you to the Virus Encyclopedia website, where you can obtain<br />
more detailed information about the threat.<br />
Name of the process file, including the path to it.<br />
You can select one of the following actions:<br />
Quarantine – close the process and move the process file to Quarantine, where it poses no threat to your<br />
computer's security.<br />
With further scans of Quarantine, the status of the object may change. For example, the object may be identified<br />
as infected and can be processed using an updated database. Otherwise, the object could be assigned the not<br />
infected status and then restored.<br />
The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than<br />
three days after it is moved to Quarantine.<br />
Terminate – interrupt the process.<br />
Allow – allow the execution of the process.<br />
To apply the selected action to all threats of the same type detected in the current session of Proactive Defense, check<br />
the Apply to all such cases box. The current session is the time from the moment the component was started until the<br />
moment it was closed or <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> was restarted.<br />
If you are sure that the process detected is not dangerous, we recommend adding it to the trusted zone to avoid<br />
<strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong> making repeat false positives when detecting it.<br />
209
U S E R G U I D E<br />
BLOCKED DOMAIN REGION / ACCESS DENIED<br />
Access to a website may be blocked by Web Anti-Virus on the grounds that the website belongs to a specified regional<br />
domain. A domain is considered as blocked in the following cases:<br />
access to the domain was blocked by the user when configuring Web Anti-Virus;<br />
a previous attempt to access a website from the same region was blocked by the user.<br />
When Geo Filter (a module of Web Anti-Virus) detects an attempt to go to a website that belongs to a blocked region, a<br />
special notification is displayed in the browser window.<br />
The notification provides the following information:<br />
a description of the reason for blocking access to the website;<br />
the name of the region to which the website belongs;<br />
the domain and level of infectiousness of websites in this domain;<br />
the URL of the website.<br />
You can select one of the following actions:<br />
Back to the previous page – open the previous page.<br />
Open web resource – load the website which belongs to the blocked domain.<br />
Open Geo Filter settings – open the Web Anti-Virus settings window on the Geo Filter tab.<br />
DANGEROUS WEB RESOURCE<br />
When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a dangerous website, a notification is displayed<br />
in the browser window.<br />
The notification provides the following information:<br />
a description of the reason for blocking access to the website;<br />
the URL of the website.<br />
You can select one of the following actions:<br />
Back to the previous page – open the previous page without loading the dangerous website.<br />
Open anyway – load the dangerous website.<br />
NO INFORMATION ON WHETHER THE WEB RESOURCE IS SAFE<br />
When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a website whose security is doubtful, a<br />
notification is displayed in the browser window.<br />
The notification provides the following information:<br />
a description of the reason for pausing access to the website;<br />
the URL of the website.<br />
210
A P P E N D I X<br />
You can select one of the following actions:<br />
Yes, open web resource – load the website.<br />
Open and add to the trusted addresses – load the website and add its URL to the list of trusted ones to<br />
prevent Safe Surf from pausing the loading of this website.<br />
Open in Safe Run for Websites – load the website in Safe Run for Websites (only for Microsoft <strong>Internet</strong><br />
Explorer, Mozilla Firefox, and Google Chrome). When loading the website in Safe Run for Websites, malicious<br />
objects on web pages being loaded do not constitute any menace to your computer's security.<br />
No, return to the previous page – do not load the website, but open the previous page instead.<br />
IT IS RECOMMENDED THAT YOU SWITCH TO SAFE RUN FOR WEBSITES<br />
<strong>Kaspersky</strong> Lab recommends that you use Safe Run for Websites, which will ensure improved protection of your digital<br />
identity data when working with online banking.<br />
When attempting to go to an online banking website, Web Anti-Virus displays a notification in the browser window.<br />
The notification provides the following information:<br />
recommendation of switching to Safe Run for Websites;<br />
the address of the online banking resource.<br />
You can select one of the following actions:<br />
Open in Safe Run for Websites – open the website using the safe browser (only for Microsoft <strong>Internet</strong><br />
Explorer, Mozilla Firefox, and Google Chrome).<br />
Open web resource – open the website in standard mode.<br />
Back to the previous page – open the previous page in normal mode without opening the website.<br />
IT IS RECOMMENDED THAT YOU QUIT SAFE RUN FOR WEBSITES<br />
When working with online banking websites, Safe Run for Websites is used. When you go to a different website that<br />
does not have to do with online banking, it is recommended that you quit Safe Run for Websites. If you continue working<br />
with a common website in Safe Run for Websites, this may weaken the protection of your digital identity data.<br />
When working in Safe Run for Websites and attempting to go from an online banking website to another one, Web Anti-<br />
Virus displays a notification in the browser window.<br />
The notification provides the following information:<br />
recommendation of quitting Safe Run for Websites;<br />
the address of the website to which you have gone from the online banking website.<br />
You can select one of the following actions:<br />
Open web resource in usual browser – quit Safe Run for Websites and open the website in normal mode.<br />
This is a bank's website, continue in Safe Run for Websites – open the website in Safe Run for Websites.<br />
Back to the previous page – open the previous page in Safe Run for Websites.<br />
211
GLOSSARY<br />
A<br />
A C T I V A T I N G T H E A P P L I C A T I O N<br />
Switching the application into full-function mode. The user needs a license to activate the application.<br />
A C T I V E L I C E N S E<br />
The license currently used for the operation of a <strong>Kaspersky</strong> Lab application. The license defines the expiration date for<br />
full functionality and the license policy for the application. The application cannot have more than one license with active<br />
status.<br />
A D D I T I O N A L L I C E N S E<br />
A license that has been added for the operation of <strong>Kaspersky</strong> Lab application but has not been activated. The additional<br />
license enters into effect when the active license expires.<br />
A D M I N I S T R A T I O N S E R V E R C E R T I F I C A T E<br />
A certificate which allows Administration Server authentication when connecting the Administration Console to it and<br />
when exchanging data with users' computers. The Administration Server certificate is created when Administration<br />
Server is installed and then stored in the folder %ALLUSERSPROFILE%\Application<br />
Data\<strong>Kaspersky</strong>Lab\adminkit\1093\cert.<br />
A L T E R N A T E N T F S S T R E A M S<br />
NTFS data streams (alternate data streams) designed to contain additional attributes or file information.<br />
Each file in an NTFS file system is a set of streams. One of them contains the file content that one is able to view after<br />
opening the file, other streams (called alternate) are designed to contain meta information and ensure, for example,<br />
NTFS compatibility with other systems, such as an older file system by Macintosh called the Hierarchical File System<br />
(HFS). Streams can be created, deleted, stored separately, renamed, and even run as a process.<br />
Alternate streams can be used by intruders to transfer data secretly, or to steal them from a computer.<br />
A P P L I C A T I O N M O D U L E S<br />
Files included in the <strong>Kaspersky</strong> Lab installation package that are responsible for performing its main tasks. A particular<br />
executable module corresponds to each type of task performed by the application (real-time protection, on-demand scan,<br />
updates). By running a full scan of your computer from the main window, you initiate the execution of this task's module.<br />
A P P L I C A T I O N S E T T I N G S<br />
Application settings which are common for all task types, regulating the application's operation as a whole, such as<br />
application performance settings, report settings, and backup storage settings.<br />
A R C H I V E<br />
File "containing" one or several other objects, which may also be archives.<br />
A V A I L A B L E U P D A T E S<br />
A set of updates for <strong>Kaspersky</strong> Lab application modules, including critical updates accumulated over a certain period of<br />
time and changes to the application's architecture.<br />
B<br />
B L A C K L I S T O F K E Y F I L ES<br />
A database containing information on blacklisted <strong>Kaspersky</strong> Lab key files. The content of the black list file is updated<br />
along with the product databases.<br />
212
G L O S S A R Y<br />
B L O C K I N G A N O B J E C T<br />
Denying access to an object from external applications. A blocked object cannot be read, executed, changed, or deleted.<br />
B O O T V I R U S<br />
A virus that infects the boot sectors of a computer's hard drive. The virus forces the system to load it into memory during<br />
reboot and to direct control to the virus code instead of the original boot loader code.<br />
C<br />
C O M P R E S S E D F I L E<br />
An archive file that contains a decompression program and instructions for the operating system for executing it.<br />
D<br />
D A N G E R O U S O B J E C T<br />
An object containing a virus. You are advised not to access these objects, because it may result in infection of your<br />
computer. Once an infected object is detected, we recommend that you disinfect it using one of <strong>Kaspersky</strong> Lab's<br />
applications, or delete it if disinfection is not possible.<br />
D A T A B A S E O F P H I S H I N G W E B A D D R E S S E S<br />
List of web addresses which are defined as phishing by <strong>Kaspersky</strong> Lab specialists. The database is regularly updated<br />
and is part of the <strong>Kaspersky</strong> Lab application.<br />
D A T A B A S E O F S U S P I C I O U S W E B A D D R E S S E S<br />
List of web addresses whose content can be considered to be potentially dangerous. The list was created by <strong>Kaspersky</strong><br />
Lab specialists. It is regularly updated and is included in the <strong>Kaspersky</strong> Lab application package.<br />
D A T A B A S E U P D A T E<br />
One of the functions performed by a <strong>Kaspersky</strong> Lab application that enables it to keep protection current. In doing so, the<br />
databases are downloaded from the <strong>Kaspersky</strong> Lab update servers onto the computer and are automatically connected<br />
to the application.<br />
D A T A B A S E S<br />
Databases created by <strong>Kaspersky</strong> Lab's experts and containing a detailed description of all current threats to computer<br />
security, as well as methods used for their detection and disinfection. These databases are constantly updated by<br />
<strong>Kaspersky</strong> Lab as new threats appear.<br />
D E L E T I N G A N O B J E C T<br />
The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder,<br />
network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot<br />
be disinfected.<br />
D I S I N F E C T I N G O B J E C T S O N R E S T A R T<br />
A method of processing infected objects that are being used by other applications at the moment of disinfection. Consists<br />
of creating a copy of the infected object, disinfecting the copy created, and replacing the original infected object with the<br />
disinfected copy after the next system restart.<br />
D I S K B O O T S E C T O R<br />
A boot sector is a particular area on a computer's hard drive, floppy, or other data storage device. It contains information<br />
on the disk's file system and a boot loader program that is responsible for starting the operating system.<br />
There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The <strong>Kaspersky</strong> Lab<br />
application allows scanning of boot sectors for viruses and disinfecting them if an infection is found.<br />
213
U S E R G U I D E<br />
D O M A I N N A M E S E R V I C E ( D N S )<br />
A distributed system for converting the name of a host (a computer or other network device) to an IP address. DNS<br />
functions in TCP/IP networks. As a special case, DNS can also store and process reverse requests and determine the<br />
name of a host by its IP address (PTR record). Resolution of DNS names is usually carried out by network applications,<br />
not by users.<br />
D U A L - H O M E D G A T E W A Y<br />
Computer equipped with two network adapters (each of which is connected to a different network) which transfers data<br />
from one network to the other.<br />
E<br />
E M A I L D A T A B A S E S<br />
Databases containing emails in a special format and saved on your computer. Each incoming/outgoing email is placed in<br />
the mail database after it is received/sent. These databases are scanned during a full computer scan.<br />
Incoming and outgoing emails are analyzed for viruses in real time at the time that they are sent and received if real-time<br />
protection is enabled.<br />
E V E N T S E V E R I T Y L E V E L<br />
Description of an event logged during the operation of the <strong>Kaspersky</strong> Lab application. There are four severity levels:<br />
Critical event.<br />
Functional failure.<br />
Warning.<br />
Information message.<br />
Events of the same type may have different severity levels, depending on the situation when the event occurred.<br />
E X C L U S I O N<br />
An Exclusion is an object excluded from the scan by a <strong>Kaspersky</strong> Lab application. You can exclude files of certain<br />
formats, file masks, a certain area (for example, a folder or a program), application processes, or objects by threat type,<br />
according to the Virus Encyclopedia classification from the scan. Each task can be assigned a set of exclusions.<br />
F<br />
F A L S E A L A R M<br />
A situation when a <strong>Kaspersky</strong> Lab application considers a non-infected object to be infected because its code is similar<br />
to that of a virus.<br />
F I L E M A S K<br />
Representation of a file name and extension using wildcards. The two standard wildcards used in file masks are * and ?,<br />
where * represents any number of any characters and ? stands for any single character. Using these wildcards, you can<br />
represent any file. Note that the name and extension are always separated by a period.<br />
H<br />
H A R D W A R E P O R T<br />
Socket on a hardware component of a computer in which a cable or a plug can be connected (LPT port, serial port, USB<br />
port).<br />
214
G L O S S A R Y<br />
H E A D E R<br />
The information in the beginning of a file or a message, which is comprised of low-level data on file (or message) status<br />
and processing. In particular, the email message header contains such data as information about the sender and<br />
recipient and the date.<br />
H E U R I S T I C A N A L Y Z E R<br />
A technology designed for detecting threats that cannot be identified using the <strong>Kaspersky</strong> Lab application databases. It<br />
allows detection of objects suspected of being infected with an unknown virus or a new modification of known viruses.<br />
The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to<br />
false positives.<br />
Files detected by the heuristic analyzer are considered suspicious.<br />
I<br />
I C H E C K E R T E C H N O L O G Y<br />
iChecker is a technology that increases the speed of anti-virus scans by excluding objects that have remained<br />
unchanged since their last scan, provided that the scan parameters (the anti-virus database and settings) have not<br />
changed. The information for each file is stored in a special database. This technology is used in both real-time<br />
protection and on-demand scan modes.<br />
For example, you have an archive file that was scanned by the <strong>Kaspersky</strong> Lab application and assigned not infected<br />
status. The next time the application will skip this archive unless it has been altered or the scan settings have been<br />
changed. If you altered the archive content by adding a new object to it, modified the scan settings, or updated the antivirus<br />
database, the archive is re-scanned.<br />
Limitations of iChecker technology:<br />
this technology does not work with large files, since it is faster to scan a file than check whether it was modified<br />
since it was last scanned;<br />
the technology supports a limited number of formats (EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, RAR).<br />
I N C O M P A T I B L E A P P L I C A T I O N<br />
An antivirus application from a third-party developer or a <strong>Kaspersky</strong> Lab application that does not support management<br />
through <strong>Kaspersky</strong> <strong>Internet</strong> <strong>Security</strong>.<br />
I N F E C T E D O B J E C T<br />
Object containing a malicious code. It is detected when a section of the object's code completely matches a section of<br />
the code of a known threat. <strong>Kaspersky</strong> Lab does not recommend using such objects since they may infect your<br />
computer.<br />
I N P U T / O U T P U T P O R T<br />
Used in processors (such as Intel) for exchanging data with hardware components. The input/output port is associated<br />
with a certain hardware component and allows applications to address it for data exchange.<br />
I N S T A L L A T I O N U S I N G A L O G O N S C R I P T<br />
A method of remote installation of <strong>Kaspersky</strong> Lab applications which allows the startup of the remote installation task to<br />
be assigned to an individual user account (or to several user accounts). Registering a user in a domain leads to an<br />
attempt to install the application on the client computer on which the user has been registered. This method is<br />
recommended for installing the applications on computers running under Microsoft Windows 98 / Me operating systems.<br />
I N T E R C E P T O R<br />
Subcomponent of the application responsible for scanning specific types of email. The set of interceptors specific to your<br />
installation depends on what role or what combination of roles the application is being deployed for.<br />
215
U S E R G U I D E<br />
I N T E R N E T P R O T O C O L ( I P )<br />
The basic protocol for the <strong>Internet</strong>, used without change since the time of its development in 1974. It performs basic<br />
operations for transmitting data from one computer to another and serves as the foundation for higher-level protocols like<br />
TCP and UDP. It manages connection and error processing. Technologies such as NAT and masking make it possible to<br />
hide a large number of private networks using a small number of IP addresses (or even one address), which makes it<br />
possible to meet the demands of the constantly growing <strong>Internet</strong> using the relatively restricted IPv4 address space.<br />
K<br />
K A S P E R S K Y L AB' S U P D A T E S E R V E R S<br />
A list of <strong>Kaspersky</strong> Lab's HTTP and FTP servers from which the application downloads databases and module updates<br />
to your computer.<br />
K A S P E R S K Y S E C U R I T Y N E T W O R K<br />
The <strong>Kaspersky</strong> <strong>Security</strong> Network (KSN) is an infrastructure of online services that provides access to the online<br />
Knowledge Base of <strong>Kaspersky</strong> Lab, which contains information about the reputation of files, web resources, and<br />
software. Using data from the <strong>Kaspersky</strong> <strong>Security</strong> Network ensures a faster response time for <strong>Kaspersky</strong> <strong>Internet</strong><br />
<strong>Security</strong> when encountering new types of threats, improves performance of some protection components, and reduces<br />
the risk of false positives.<br />
K E Y F I L E<br />
A file with the KEY extension, which is your personal "key" and is necessary for working with the <strong>Kaspersky</strong> Lab<br />
application. A key file is included with the product if you purchased it from <strong>Kaspersky</strong> Lab distributors, or is emailed to<br />
you if you purchased the product online.<br />
L<br />
L I C E N S E V A L I D I T Y P E R I OD<br />
The period of time during which you are able to use all features of your <strong>Kaspersky</strong> Lab application. The license validity<br />
period generally runs for one calendar year from the date of installation. After the license expires, the application has<br />
reduced functionality. You will not be able to update the application databases.<br />
L I S T O F A L L O W E D U R L S<br />
A list of masks and addresses of web resources to which access is not blocked by the <strong>Kaspersky</strong> Lab application. The<br />
list of addresses is created by the user during application settings configuration.<br />
L I S T O F A L L O W E D S E N D E R S<br />
(also "White" list of addresses)<br />
The list of email addresses from which messages should not be scanned by <strong>Kaspersky</strong> Lab application.<br />
L I S T O F B L O C K E D U R L S<br />
A list of masks and addresses of web resources, access to which is blocked by the <strong>Kaspersky</strong> Lab application. The list of<br />
addresses is created by the user during application settings configuration.<br />
L I S T O F B L O C K E D S E N D E RS<br />
(also "Black" list of addresses)<br />
The list of email addresses from which messages should be blocked by the <strong>Kaspersky</strong> Lab application, regardless of<br />
their content.<br />
L I S T O F T R U S T E D U R L S<br />
A list of masks and addresses of web resources whose content the user trusts. A <strong>Kaspersky</strong> Lab application does not<br />
scan web pages corresponding to a list item for the presence of malicious objects.<br />
216
G L O S S A R Y<br />
L I S T O F W E B A D D R E S S E S T O B E C H E C K E D<br />
A list of masks and addresses of web resources which are mandatorily scanned for malicious objects by the <strong>Kaspersky</strong><br />
Lab application.<br />
M<br />
M E M O R Y D U M P<br />
Content of the working memory of a process or the entire RAM of the system at a specified moment of time.<br />
M E S S A G E D E L E T I O N<br />
The method of processing an email message where the message is physically removed. We recommend that this<br />
method be applied to messages that definitely contain spam or malware. Before deleting a message, a copy of it is<br />
saved in backup (unless this option is disabled).<br />
M O N I T O R E D O B J E C T<br />
A file transferred via HTTP, FTP, or SMTP protocols across the firewall and sent to a <strong>Kaspersky</strong> Lab application to be<br />
scanned.<br />
M O V I N G O B J E C T S T O Q U A R A N T I N E<br />
A method of processing a potentially infected object by blocking access to the file and moving it from its original location<br />
to the Quarantine folder, where the object is saved in encrypted form, which rules out the threat of infection.<br />
N<br />
N E T W O R K P O R T<br />
A TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host<br />
over a network and makes it possible for various programs running on a single host to receive data independently of<br />
each other. Each program processes data received via a certain port (this is sometimes referred to as the program<br />
"listening" to that port).<br />
For some common network protocols, there are usually standard port numbers (for example, web servers usually receive<br />
HTTP requests on TCP port 80); however, generally, a program can use any protocol on any port. Possible values: 1 to<br />
65535.<br />
N O T I F I C A T I O N T E M P L A T E<br />
A template based on which a notification about infected objects detected by a scan is generated. A notification template<br />
includes a combination of settings regulating the mode of notification, the means of distribution, and the text of messages<br />
to be sent.<br />
O<br />
O L E O B J E C T<br />
An attached object or an object embedded into another file. The <strong>Kaspersky</strong> Lab application allows scanning of OLE<br />
objects for viruses. For example, if you insert a Microsoft Office Excel table into a Microsoft Office Word document, the<br />
table is scanned as an OLE object.<br />
O B J E C T D I S I N F E C T I O N<br />
A method used for processing infected objects that results in complete or partial recovery of data or the decision that the<br />
objects cannot be disinfected. Objects are disinfected using the database records. Part of the data may be lost during<br />
disinfection.<br />
O B S C E N E M E S S A G E<br />
Email message containing offensive language.<br />
217
U S E R G U I D E<br />
P<br />
P H I S H I N G<br />
A kind of <strong>Internet</strong> fraud which consists of sending email messages with the purpose of stealing confidential information -<br />
as a rule, various financial data.<br />
P O T E N T I A L L Y I N F E C T A B L E O B J E C T<br />
An object which, due to its structure or format, can be used by intruders as a "container" to store and distribute a<br />
malicious object. As a rule, they are executable files, for example, files with the extensions COM, EXE, DLL, etc. The risk<br />
of penetration of malicious code into such files is fairly high.<br />
P O T E N T I A L L Y I N F E C T E D O B J E C T<br />
An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to<br />
<strong>Kaspersky</strong> Lab. Potentially infected files are detected using a heuristic analyzer.<br />
P R O T E C T I O N S T A T E<br />
The current status of protection, summarizing the degree of security of the computer.<br />
P R O T O C O L<br />
A clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known<br />
protocols and the services associated with them include HTTP (WWW), FTP, and NNTP (news).<br />
P R O X Y S E R V E R<br />
A computer network service which allows users to make indirect requests to other network services. First, a user<br />
connects to a proxy server and requests a resource (e.g., a file) located on another server. Then the proxy server either<br />
connects to the specified server and obtains the resource from it or returns the resource from its own cache (if the proxy<br />
has its own cache). In some cases, a user's request or a server's response can be modified by the proxy server for<br />
certain purposes.<br />
Q<br />
Q U A R A N T I N E<br />
A certain folder where all potentially infected objects which were detected during scans or by real-time protection are<br />
placed.<br />
R<br />
R E A L - T I M E P R O T E C T I O N<br />
The application's operating mode under which objects are scanned for the presence of malicious code in real time.<br />
The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats.<br />
Uninfected objects are passed on to the user; objects containing threats or suspected of containing them are processed<br />
pursuant to the task settings (they are disinfected, deleted or quarantined).<br />
R E C O M M E N D E D L E V E L<br />
The level of security based on application settings recommended by <strong>Kaspersky</strong> Lab experts and providing an optimal<br />
level of protection for your computer. This level is set to be used by default.<br />
R E S T O R A T I O N<br />
Moving an original object from Quarantine or Backup to the folder where it was originally found before being moved to<br />
Quarantine, disinfected, or deleted, or to a different folder specified by the user.<br />
218
G L O S S A R Y<br />
R O O T K I T<br />
An application or a set of applications developed for masking traces of an intruder or malware in the system.<br />
In Windows-based systems, rootkit usually means a program that penetrates in the system and intercepts system<br />
functions (Windows API). First of all, intercepting and modifying low-level API functions allow such program to mask its<br />
presence in the system in a quite sophisticated manner. Besides, a rootkit may, as a rule, mask the presence of any<br />
processes, folders and files on the disk, and registry keys if they are described in the rootkit's configuration. Many rootkits<br />
install their own drivers and services in the system (they also are "invisible").<br />
S<br />
S C R I P T<br />
A small computer program or an independent part of a program (function) which, as a rule, has been developed to<br />
execute a small specific task. It is most often used with programs embedded into hypertext. Scripts are run, for example,<br />
when you open a certain website.<br />
If real-time protection is enabled, the application tracks the launching of scripts, intercepts them, and scans them for<br />
viruses. Depending on the results of the scan, you may block or allow the execution of a script.<br />
S E C U R I T Y L E V E L<br />
The security level is defined as a pre-set component configuration.<br />
S O C K S<br />
Proxy server protocol that allows establishment of a point-to-point connection between computers in the internal and<br />
external networks.<br />
S P A M<br />
Unsolicited mass email mailings, most often including advertising messages.<br />
S T A R T U P O B J E C T S<br />
The set of programs needed to start and correctly operate the operating system and software installed on your computer.<br />
These objects are executed every time the operating system is started. There are viruses capable of infecting such<br />
objects specifically, which may lead, for example, to blocking of operating system startup.<br />
S U B N E T M A S K<br />
The subnet mask (also known as netmask) and network address determine the addresses of computers on a network.<br />
S U S P I C I O U S M E S S A G E<br />
A message that cannot be unambiguously considered spam, but seems suspicious when scanned (e.g., certain types of<br />
mailings and advertising messages).<br />
S U S P I C I O U S O B J E C T<br />
An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to<br />
<strong>Kaspersky</strong> Lab. Suspicious objects are detected using the heuristic analyzer.<br />
T<br />
T A S K<br />
Functions performed by <strong>Kaspersky</strong> Lab's application are implemented as tasks, such as: Real-time file protection, Full<br />
computer scan, Database update.<br />
T A S K S E T T I N G S<br />
Application settings which are specific for each task type.<br />
219
U S E R G U I D E<br />
T H R E A T R A T I N G<br />
The rating of how dangerous an application is for the operating system. The rating is calculated using heuristic analysis<br />
based on two types of criteria:<br />
static (such as information about the executable file of an application: size, creation date, etc.);<br />
dynamic, which are used when simulating the application's operation in a virtual environment (analysis of the<br />
application's calls to system functions).<br />
The threat rating allows the detection of behavior typical of malware. The lower the threat rating is, the more actions the<br />
application will be allowed to perform in the system.<br />
T R A C E S<br />
Running the application in debugging mode; after each command is executed, the application is stopped, and the result<br />
of this step is displayed.<br />
T R A F F I C S C A N<br />
A real-time scan using information from the latest version of the databases for objects transmitted via all protocols (for<br />
example, HTTP, FTP, etc.).<br />
T R U S T E D P R O C E S S<br />
A program process, whose file operations are not monitored by <strong>Kaspersky</strong> Lab's application in real-time protection mode.<br />
In other words, no objects run, open, or saved by the trusted process are scanned.<br />
U<br />
U N K N O W N V I R U S<br />
A new virus about which there is no information in the databases. Generally, unknown viruses are detected by the<br />
application in objects using the heuristic analyzer, and those objects are classified as potentially infected.<br />
U P D A T E<br />
The procedure of replacing/adding new files (databases or application modules) retrieved from the <strong>Kaspersky</strong> Lab<br />
update servers.<br />
U P D A T E P A C K A G E<br />
File package for updating the software. It is downloaded from the <strong>Internet</strong> and installed on your computer.<br />
U R G E N T U P D A T E S<br />
Critical updates to <strong>Kaspersky</strong> Lab application modules.<br />
V<br />
V I R U S A C T I V I T Y T H R E S H O L D<br />
The maximum permissible level of a specific type of event over a limited time period that, when exceeded, is considered<br />
to be excessive virus activity and a threat of a virus outbreak. This feature is highly significant during virus outbreaks and<br />
enables an administrator to react in a timely fashion to threats of virus outbreaks that arise.<br />
V I R U S O U T B R E A K<br />
A series of deliberate attempts to infect a computer with a virus.<br />
V I R U S O U T B R E A K C O U N T E R<br />
A template based on which a notification of a virus outbreak threat is generated. A virus outbreak counter includes a<br />
combination of settings which determine the virus activity threshold, means of spreading, and the text in messages sent.<br />
220
KASPERSKY LAB ZAO<br />
<strong>Kaspersky</strong> Lab software is internationally renowned for its protection against viruses, malware, spam, network and<br />
hacker attacks, and other threats.<br />
In 2008, <strong>Kaspersky</strong> Lab was rated among the world’s top four leading vendors of information security software solutions<br />
for end users (IDC Worldwide Endpoint <strong>Security</strong> Revenue by Vendor). <strong>Kaspersky</strong> Lab is the preferred developer of<br />
computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009".<br />
<strong>Kaspersky</strong> Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in<br />
Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the<br />
Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The<br />
company employs more than 2000 qualified specialists.<br />
Products. <strong>Kaspersky</strong> Lab’s products provide protection for all systems—from home computers to large corporate<br />
networks.<br />
The personal product range includes anti-virus applications for desktop, laptop, and pocket computers, and for<br />
smartphones and other mobile devices.<br />
<strong>Kaspersky</strong> Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and<br />
firewalls. Used in conjunction with <strong>Kaspersky</strong> Lab’s centralized management system, these solutions ensure effective<br />
automated protection for companies and organizations against computer threats. <strong>Kaspersky</strong> Lab's products are certified<br />
by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are<br />
optimized to run on many hardware platforms.<br />
<strong>Kaspersky</strong> Lab’s virus analysts work around the clock. Every day they uncover thousands of new computer threats,<br />
create tools to detect and disinfect them, and include them in the databases used by <strong>Kaspersky</strong> Lab applications.<br />
<strong>Kaspersky</strong> Lab's Anti-Virus database is updated hourly; and the Anti-Spam database every five minutes.<br />
Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by<br />
<strong>Kaspersky</strong> Lab. It is no coincidence that many other developers user the <strong>Kaspersky</strong> Anti-Virus kernel in their products,<br />
including: SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies<br />
(Israel), Clearswift (UK), CommuniGate Systems (USA), Critical Path (Ireland), D-Link (Taiwan), M86 <strong>Security</strong> (USA),<br />
GFI (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), NETASQ (France), NETGEAR<br />
(USA), Parallels (Russia), SonicWALL (USA), WatchGuard Technologies (USA), ZyXEL Communications (Taiwan).<br />
Many of the company’s innovative technologies are patented.<br />
Achievements. Over the years, <strong>Kaspersky</strong> Lab has won hundreds of awards for its services in combating computer<br />
threats. For example, in 2010 <strong>Kaspersky</strong> Anti-Virus was given several top Advanced+ awards after a series of tests held<br />
by AV-Comparatives, a renowned Austrian anti-virus lab. But <strong>Kaspersky</strong> Lab's main achievement is the loyalty of its<br />
users worldwide. The company’s products and technologies protect more than 300 million users, and its corporate clients<br />
number more than 200,000.<br />
<strong>Kaspersky</strong> Lab official site:<br />
Virus Encyclopedia:<br />
Anti-Virus Lab:<br />
<strong>Kaspersky</strong> Lab web forum:<br />
http://www.kaspersky.com<br />
http://www.securelist.com<br />
newvirus@kaspersky.com (only for sending probably infected files<br />
in archive format)<br />
http://support.kaspersky.com/virlab/helpdesk.html (for queries<br />
addressed to virus analysts)<br />
http://forum.kaspersky.com<br />
221
INFORMATION ABOUT THIRD-PARTY CODE<br />
Information about third-party code is contained in a file named legal_notices.txt and stored in the application installation<br />
folder.<br />
222
INDEX<br />
A<br />
Anti-Banner<br />
list of blocked banner addresses .......................................................................................................................... 136<br />
Anti-Spam<br />
additional filtering features .................................................................................................................................... 131<br />
agressiveness level .............................................................................................................................................. 122<br />
database of phishing web addresses ................................................................................................................... 125<br />
list of allowed phrases .......................................................................................................................................... 127<br />
list of allowed senders .......................................................................................................................................... 128<br />
list of blocked phrases .......................................................................................................................................... 127<br />
list of blocked senders .......................................................................................................................................... 128<br />
Microsoft Exchange Server messages ................................................................................................................. 132<br />
plug-in for Microsoft Office Outlook ...................................................................................................................... 133<br />
plug-in for Microsoft Outlook Express ................................................................................................................... 133<br />
plug-in for The Bat! ............................................................................................................................................... 134<br />
plug-in for Thunderbird ......................................................................................................................................... 134<br />
restoring the default settings ................................................................................................................................. 122<br />
training .................................................................................................................................................................. 122<br />
Application Control<br />
application run sequence ...................................................................................................................................... 106<br />
editing an application rule ..................................................................................................................................... 105<br />
protection scope ................................................................................................................................................... 107<br />
Application rule<br />
Firewall ................................................................................................................................................................. 112<br />
Application run sequence<br />
Application Control ............................................................................................................................................... 106<br />
Application self-defense ............................................................................................................................................. 159<br />
B<br />
Browser Configuration ................................................................................................................................................ 165<br />
C<br />
Computer performance .............................................................................................................................................. 157<br />
D<br />
Data clearing<br />
Safe Run............................................................................................................................................................... 140<br />
Database of phishing web addresses<br />
Anti-Spam ............................................................................................................................................................. 125<br />
IM Anti-Virus ........................................................................................................................................................... 97<br />
Web Anti-Virus ........................................................................................................................................................ 90<br />
Disabling / enabling real-time protection ...................................................................................................................... 40<br />
E<br />
Editing an application rule<br />
Application Control ............................................................................................................................................... 105<br />
EICAR ........................................................................................................................................................................ 176<br />
Enable<br />
Parental Control .................................................................................................................................................... 145<br />
F<br />
File Anti-Virus<br />
heuristic analysis .................................................................................................................................................... 81<br />
pausing ................................................................................................................................................................... 78<br />
223
U S E R G U I D E<br />
protection scope ..................................................................................................................................................... 79<br />
response to a threat ................................................................................................................................................ 81<br />
scan mode .............................................................................................................................................................. 80<br />
scan of compound files ........................................................................................................................................... 82<br />
scan optimization .................................................................................................................................................... 83<br />
scan technology ...................................................................................................................................................... 81<br />
security level ........................................................................................................................................................... 80<br />
Firewall<br />
application rule ..................................................................................................................................................... 112<br />
changing rule priority ............................................................................................................................................ 112<br />
changing the network status ................................................................................................................................. 110<br />
Firewall rule .......................................................................................................................................................... 110<br />
packet rule ............................................................................................................................................................ 111<br />
Firewall rule<br />
Firewall ................................................................................................................................................................. 110<br />
H<br />
Heuristic analysis<br />
File Anti-Virus ......................................................................................................................................................... 81<br />
Mail Anti-Virus ........................................................................................................................................................ 86<br />
Web Anti-Virus ........................................................................................................................................................ 93<br />
I<br />
IM Anti-Virus<br />
database of phishing web addresses ..................................................................................................................... 97<br />
protection scope ..................................................................................................................................................... 96<br />
Installation folder .......................................................................................................................................................... 20<br />
K<br />
<strong>Kaspersky</strong> URL Advisor<br />
Web Anti-Virus ........................................................................................................................................................ 91<br />
L<br />
License<br />
activating the application ........................................................................................................................................ 43<br />
End User License Agreement ................................................................................................................................. 29<br />
License renewal ........................................................................................................................................................... 44<br />
M<br />
Mail Anti-Virus<br />
attachment filtering ................................................................................................................................................. 86<br />
heuristic analysis .................................................................................................................................................... 86<br />
protection scope ..................................................................................................................................................... 84<br />
response to a threat ................................................................................................................................................ 86<br />
scanning of compound files .................................................................................................................................... 87<br />
security level ........................................................................................................................................................... 90<br />
N<br />
Network<br />
encrypted connections .......................................................................................................................................... 116<br />
monitored ports ..................................................................................................................................................... 119<br />
Network Attack Blocker<br />
blocking time ......................................................................................................................................................... 115<br />
types of detected network attacks ........................................................................................................................ 114<br />
unblocking a computer ......................................................................................................................................... 115<br />
Network Monitor ......................................................................................................................................................... 118<br />
Notifications .................................................................................................................................................................. 45<br />
delivery of notifications using email ...................................................................................................................... 173<br />
disabling ............................................................................................................................................................... 172<br />
disabling the audio signal ..................................................................................................................................... 173<br />
224
I N D E X<br />
notification types ................................................................................................................................................... 173<br />
P<br />
Packet rule<br />
Firewall ................................................................................................................................................................. 111<br />
Parental Control<br />
browsing websites ................................................................................................................................................ 149<br />
communicating via IM clients ................................................................................................................................ 150<br />
downloading files from the <strong>Internet</strong> ....................................................................................................................... 150<br />
enabling and disabling .......................................................................................................................................... 145<br />
exporting / importing settings ................................................................................................................................ 146<br />
limiting time for computer use ............................................................................................................................... 148<br />
limiting time for <strong>Internet</strong> use .................................................................................................................................. 148<br />
running applications .............................................................................................................................................. 148<br />
safe search mode ................................................................................................................................................. 149<br />
searching for key words ........................................................................................................................................ 153<br />
sending private data ............................................................................................................................................. 152<br />
Proactive Defense<br />
dangerous activity list ............................................................................................................................................. 99<br />
dangerous activity monitoring rule .......................................................................................................................... 99<br />
group of trusted applications ................................................................................................................................... 98<br />
Protection scope<br />
Application Control ............................................................................................................................................... 107<br />
File Anti-Virus ......................................................................................................................................................... 79<br />
IM Anti-Virus ........................................................................................................................................................... 96<br />
Mail Anti-Virus ........................................................................................................................................................ 84<br />
Web Anti-Virus ........................................................................................................................................................ 95<br />
Q<br />
Quarantine and Backup.............................................................................................................................................. 160<br />
R<br />
Reports<br />
events search ....................................................................................................................................................... 169<br />
filtering .................................................................................................................................................................. 168<br />
saving to file .......................................................................................................................................................... 170<br />
selecting a component or a task ........................................................................................................................... 168<br />
view ........................................................................................................................................................................ 57<br />
Rescue Disk ................................................................................................................................................................. 54<br />
Response to a threat<br />
File Anti-Virus ......................................................................................................................................................... 81<br />
Mail Anti-Virus ........................................................................................................................................................ 86<br />
virus scan ............................................................................................................................................................... 69<br />
Web Anti-Virus ........................................................................................................................................................ 90<br />
Restoring the default settings ....................................................................................................................................... 58<br />
Anti-Spam ............................................................................................................................................................. 122<br />
Restricting access to the application ............................................................................................................................ 63<br />
S<br />
Safe Run<br />
data clearing ......................................................................................................................................................... 140<br />
shared folder ......................................................................................................................................................... 143<br />
Scan<br />
account ................................................................................................................................................................... 69<br />
action with regard to a detected object ................................................................................................................... 69<br />
automatic startup of a skipped task ........................................................................................................................ 67<br />
scan optimization .................................................................................................................................................... 70<br />
scan technologies ................................................................................................................................................... 68<br />
scanning of compound files .................................................................................................................................... 70<br />
schedule ................................................................................................................................................................. 67<br />
security level ........................................................................................................................................................... 66<br />
type of objects to scan ............................................................................................................................................ 69<br />
225
U S E R G U I D E<br />
vulnerability scan .................................................................................................................................................... 72<br />
Schedule<br />
update..................................................................................................................................................................... 75<br />
virus scan ............................................................................................................................................................... 67<br />
<strong>Security</strong> level<br />
File Anti-Virus ......................................................................................................................................................... 80<br />
Mail Anti-Virus ........................................................................................................................................................ 90<br />
Web Anti-Virus ........................................................................................................................................................ 90<br />
Shared folder<br />
Safe Run............................................................................................................................................................... 143<br />
T<br />
The context menu ........................................................................................................................................................ 32<br />
The main application window ....................................................................................................................................... 33<br />
The taskbar notification area icon ................................................................................................................................ 31<br />
Traces<br />
creating a trace file ............................................................................................................................................... 180<br />
uploading tracing results ....................................................................................................................................... 180<br />
Training Anti-Spam<br />
using an email client ............................................................................................................................................. 123<br />
using outgoing messages ..................................................................................................................................... 123<br />
using reports ......................................................................................................................................................... 124<br />
Trusted zone<br />
exclusion rules ...................................................................................................................................................... 155<br />
trusted applications ............................................................................................................................................... 154<br />
U<br />
Uninstallation<br />
application .............................................................................................................................................................. 27<br />
Update<br />
proxy server ............................................................................................................................................................ 77<br />
regional settings ..................................................................................................................................................... 74<br />
rolling back the last update ..................................................................................................................................... 76<br />
Updating<br />
from a local folder ................................................................................................................................................... 74<br />
update source ......................................................................................................................................................... 73<br />
V<br />
Virtual Keyboard ........................................................................................................................................................... 50<br />
W<br />
Web Anti-Virus<br />
database of phishing web addresses ..................................................................................................................... 90<br />
Geo Filter ................................................................................................................................................................ 94<br />
heuristic analysis .................................................................................................................................................... 93<br />
<strong>Kaspersky</strong> URL Advisor .......................................................................................................................................... 91<br />
protection scope ..................................................................................................................................................... 95<br />
response to a threat ................................................................................................................................................ 90<br />
scan optimization .................................................................................................................................................... 94<br />
security level ........................................................................................................................................................... 90<br />
226