Kaspersky Internet Security 2012

Kaspersky Internet Security 2012 

User Guide 

APPLICATION VERSION: 12.0

Dear User! 

Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers 

to most of your questions that may arise. 

Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to 

this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal 

reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability in 

accordance with applicable law. 

Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission 

of Kaspersky Lab. 

This document and related graphic images can be used exclusively for informational, non-commercial or personal use. 

This document may be amended without prior notification. The latest version of this document can be found on the 

Kaspersky Lab website at http://www.kaspersky.com/docs. 

Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in this 

document the rights to which are held by third parties, or for any potential damages associated with the use of such 

documents. 

This document uses registered trademarks and service marks which are the property of their respective owners. 

Document revision date: 4/19/2011 

© 1997-2011 Kaspersky Lab ZAO. All Rights Reserved. 

http://www.kaspersky.com 

http://support.kaspersky.com 

2

CONTENT 

ABOUT THIS GUIDE ..................................................................................................................................................... 9 

In this guide .............................................................................................................................................................. 9 

Document conventions ........................................................................................................................................... 11 

SOURCES OF INFORMATION ABOUT THE APPLICATION ..................................................................................... 12 

Sources of information for independent research ................................................................................................... 12 

Discussing Kaspersky Lab applications on the Forum ........................................................................................... 13 

Contacting the Sales Department ........................................................................................................................... 13 

Contacting the Documentation Development Team by email ................................................................................. 13 

KASPERSKY INTERNET SECURITY.......................................................................................................................... 14 

What's new ............................................................................................................................................................. 14 

Distribution kit ......................................................................................................................................................... 14 

Service for registered users .................................................................................................................................... 15 

Hardware and software requirements ..................................................................................................................... 15 

INSTALLING AND REMOVING THE APPLICATION .................................................................................................. 17 

Standard installation procedure .............................................................................................................................. 17 

Step 1. Searching for a newer version of the application .................................................................................. 18 

Step 2. Making sure the system meets the installation requirements ............................................................... 18 

Step 3. Selecting installation type ..................................................................................................................... 19 

Step 4. Reviewing the license agreement ......................................................................................................... 19 

Step 5. Kaspersky Security Network Data Collection Statement ...................................................................... 19 

Step 6. Searching for incompatible applications ............................................................................................... 19 

Step 7. Selecting the destination folder ............................................................................................................. 20 

Step 8. Preparing for installation ....................................................................................................................... 20 

Step 9. Installing ............................................................................................................................................... 21 

Step 10. Finishing the installation ..................................................................................................................... 21 

Step 11. Activating the application .................................................................................................................... 21 

Step 12. Registering a user............................................................................................................................... 21 

Step 13. Completing the activation ................................................................................................................... 22 

Updating the previous version of Kaspersky Internet Security................................................................................ 22 

Step 1. Searching for a newer version of the application .................................................................................. 23 

Step 2. Making sure the system meets the installation requirements ............................................................... 23 

Step 3. Selecting installation type ..................................................................................................................... 24 

Step 4. Reviewing the license agreement ......................................................................................................... 24 

Step 5. Kaspersky Security Network Data Collection Statement ...................................................................... 24 

Step 6. Searching for incompatible applications ............................................................................................... 24 

Step 7. Selecting the destination folder ............................................................................................................. 25 

Step 8. Preparing for installation ....................................................................................................................... 25 

Step 9. Installing ............................................................................................................................................... 26 

Step 10. Wizard completion .............................................................................................................................. 26 

Non-standard installation scenarios ........................................................................................................................ 26 

Getting started ........................................................................................................................................................ 27 

Removing the application ....................................................................................................................................... 27 

Step 1. Saving data for reuse............................................................................................................................ 27 

Step 2. Confirmation of application removal...................................................................................................... 28 

3

U S E R G U I D E 

Step 3. Removing the application. Completing removal .................................................................................... 28 

LICENSING THE APPLICATION ................................................................................................................................. 29 

About the End User License Agreement ................................................................................................................ 29 

About data provision ............................................................................................................................................... 29 

About the license .................................................................................................................................................... 29 

About the activation code ....................................................................................................................................... 30 

APPLICATION INTERFACE ........................................................................................................................................ 31 

The notification area icon........................................................................................................................................ 31 

The context menu ................................................................................................................................................... 32 

The Kaspersky Internet Security main window ....................................................................................................... 33 

Notification windows and pop-up messages ........................................................................................................... 34 

The application settings window ............................................................................................................................. 36 

The Kaspersky Gadget ........................................................................................................................................... 37 

News Agent ............................................................................................................................................................ 37 

STARTING AND STOPPING THE APPLICATION ...................................................................................................... 38 

Enabling and disabling automatic launch ............................................................................................................... 38 

Launching and closing the application manually ..................................................................................................... 38 

MANAGING THE COMPUTER PROTECTION ............................................................................................................ 39 

Diagnostics and elimination of problems in your computer protection .................................................................... 39 

Enabling and disabling the protection ..................................................................................................................... 40 

Pausing and resuming protection ........................................................................................................................... 41 

SOLVING TYPICAL TASKS ......................................................................................................................................... 43 

How to activate the application ............................................................................................................................... 43 

How to purchase or renew a license ....................................................................................................................... 44 

What to do when application notifications appear ................................................................................................... 45 

How to update application databases and modules .............................................................................................. 45 

How to scan critical areas of your computer for viruses ........................................................................................ 46 

How to scan a file, folder, disk, or another object for viruses .................................................................................. 46 

How to perform a full scan of your computer for viruses ........................................................................................ 48 

How to scan your computer for vulnerabilities ........................................................................................................ 48 

How to protect your personal data against theft ..................................................................................................... 48 

Protection against phishing ............................................................................................................................... 49 

Protection against data interception at the keyboard ........................................................................................ 50 

Protection of confidential data entered on websites .......................................................................................... 51 

What to do if you suspect an object is infected with a virus .................................................................................... 51 

How to run an unknown application without doing any harm to the system ........................................................... 52 

What to do with a large number of spam messages ............................................................................................... 52 

What to do if you suspect your computer is infected .............................................................................................. 53 

How to restore a file that has been deleted or disinfected by the application ........................................................ 54 

How to create and use a Rescue Disk .................................................................................................................... 54 

Creating a Rescue Disk .................................................................................................................................... 55 

Starting the computer from the Rescue Disk..................................................................................................... 57 

How to view the report on the application's operation ............................................................................................. 57 

How to restore default application settings ............................................................................................................. 58 

How to transfer settings to Kaspersky Internet Security installed on another computer ......................................... 59 

How to use the Kaspersky Gadget ......................................................................................................................... 59 

How to know the reputation of an application ......................................................................................................... 61 

4

C O N T E N T 

ADVANCED APPLICATION SETTINGS ...................................................................................................................... 62 

General protection settings ..................................................................................................................................... 63 

Restricting access to Kaspersky Internet Security ............................................................................................ 63 

Selecting a protection mode.............................................................................................................................. 64 

Scan ....................................................................................................................................................................... 64 

Virus scan ......................................................................................................................................................... 64 

Vulnerability Scan ............................................................................................................................................. 72 

Managing scan tasks. Task Manager ............................................................................................................... 72 

Update .................................................................................................................................................................... 72 

Selecting an update source............................................................................................................................... 73 

Creating the update startup schedule ............................................................................................................... 75 

Rolling back the last update .............................................................................................................................. 76 

Running updates under a different user account .............................................................................................. 76 

Using a proxy server ......................................................................................................................................... 77 

File Anti-Virus ......................................................................................................................................................... 77 

Enabling and disabling File Anti-Virus ............................................................................................................... 78 

Automatically pausing File Anti-Virus ................................................................................................................ 78 

Creating the protection scope of File Anti-Virus ................................................................................................ 79 

Changing and restoring the file security level.................................................................................................... 80 

Selecting file scan mode ................................................................................................................................... 80 

Using heuristic analysis when working with File Anti-Virus ............................................................................... 81 

Selecting file scan technology ........................................................................................................................... 81 

Changing the action to take on infected files..................................................................................................... 81 

Scan of compound files by File Anti-Virus ......................................................................................................... 82 

Optimizing file scan ........................................................................................................................................... 83 

Mail Anti-Virus ........................................................................................................................................................ 83 

Enabling and disabling Mail Anti-Virus .............................................................................................................. 84 

Creating the protection scope of Mail Anti-Virus ............................................................................................... 84 

Changing and restoring the email security level ................................................................................................ 85 

Using heuristic analysis when working with Mail Anti-Virus ............................................................................. 86 

Changing the action to take on infected email messages ................................................................................. 86 

Filtering attachments in email messages .......................................................................................................... 86 

Scan of compound files by Mail Anti-Virus ........................................................................................................ 87 

Email scanning in Microsoft Office Outlook ....................................................................................................... 87 

Email scanning in The Bat! ............................................................................................................................... 87 

Web Anti-Virus ........................................................................................................................................................ 88 

Enabling and disabling Web Anti-Virus ............................................................................................................. 89 

Changing and restoring the web traffic security level ........................................................................................ 90 

Changing the action to take on dangerous objects from web traffic ................................................................. 90 

Checking URLs on web pages .......................................................................................................................... 90 

Using heuristic analysis when working with Web Anti-Virus ............................................................................. 93 

Blocking dangerous scripts ............................................................................................................................... 93 

Scan optimization .............................................................................................................................................. 94 

Controlling access to regional domains ............................................................................................................ 94 

Controlling access to online banking services................................................................................................... 95 

Creating a list of trusted addresses ................................................................................................................... 95 

IM Anti-Virus ........................................................................................................................................................... 96 

Enabling and disabling IM Anti-Virus ................................................................................................................ 96 

5


Creating the protection scope of IM Anti-Virus .................................................................................................. 96 

Checking URLs in messages from IM clients .................................................................................................... 97 

Using heuristic analysis when working with IM Anti-Virus ................................................................................. 97 

Proactive Defense .................................................................................................................................................. 97 

Enabling and disabling Proactive Defense ........................................................................................................ 98 

Creating a group of trusted applications ........................................................................................................... 98 

Using the dangerous activity list ........................................................................................................................ 99 

Changing the action to be taken on applications' dangerous activity ................................................................ 99 

System Watcher ..................................................................................................................................................... 99 

Enabling and disabling System Watcher ......................................................................................................... 100 

Using patterns of dangerous activity (BSS)..................................................................................................... 100 

Rolling back a malicious program's actions .................................................................................................... 101 

Application Control ............................................................................................................................................... 101 

Enabling and disabling Application Control ..................................................................................................... 102 

Placing applications into groups ...................................................................................................................... 102 

Viewing application activity ............................................................................................................................. 103 

Modifying a group and restoring the default group .......................................................................................... 103 

Working with Application Control rules ............................................................................................................ 104 

Interpreting data on application usage by the participants of the Kaspersky Security Network ...................... 108 

Network protection ................................................................................................................................................ 109 

Firewall............................................................................................................................................................ 109 

Network Attack Blocker ................................................................................................................................... 113 

Encrypted connections scan ........................................................................................................................... 116 

Network Monitor .............................................................................................................................................. 118 

Configuring the proxy server ........................................................................................................................... 118 

Creating a list of monitored ports .................................................................................................................... 119 

Anti-Spam ............................................................................................................................................................. 120 

Enabling and disabling Anti-Spam .................................................................................................................. 121 

Changing and restoring the spam protection level .......................................................................................... 122 

Training Anti-Spam ......................................................................................................................................... 122 

Checking URLs in email messages ................................................................................................................ 125 

Detecting spam by phrases and addresses. Creating lists ............................................................................. 125 

Regulating threshold values of the spam rate ................................................................................................. 130 

Using additional features affecting the spam rate ........................................................................................... 131 

Selecting a spam recognition algorithm .......................................................................................................... 131 

Adding a label to the message subject ........................................................................................................... 132 

Scanning messages from Microsoft Exchange Server .................................................................................... 132 

Configuring spam processing by mail clients .................................................................................................. 132 

Anti-Banner ........................................................................................................................................................... 135 

Enabling and disabling Anti-Banner ................................................................................................................ 135 

Selecting a scan method ................................................................................................................................. 135 

Creating lists of blocked and allowed banner addresses ................................................................................ 136 

Exporting and importing lists of addresses ..................................................................................................... 136 

Safe Run for Applications and Safe Run for Websites ......................................................................................... 137 

About Safe Run ............................................................................................................................................... 138 

About Safe Run for Websites .......................................................................................................................... 141 

Using a shared folder ...................................................................................................................................... 143 

Parental Control .................................................................................................................................................... 143 

Configuring a user's Parental Control ............................................................................................................. 144 

6

C O N T E N T 

Viewing reports of a user's activity .................................................................................................................. 153 

Trusted zone ......................................................................................................................................................... 154 

Creating a list of trusted applications .............................................................................................................. 154 

Creating exclusion rules .................................................................................................................................. 155 

Performance and compatibility with other applications ......................................................................................... 155 

Selecting detectable threat categories ............................................................................................................ 156 

Battery saving ................................................................................................................................................. 156 

Advanced Disinfection .................................................................................................................................... 156 

Distributing computer resources when scanning for viruses ........................................................................... 157 

Running tasks in background mode ................................................................................................................ 157 

Full-screen mode. Gaming Profile ................................................................................................................... 158 

Kaspersky Internet Security self-defense ............................................................................................................. 159 

Enabling and disabling self-defense ............................................................................................................... 159 

Protection against external control .................................................................................................................. 159 

Quarantine and Backup ........................................................................................................................................ 160 

Storing files in Quarantine and Backup ........................................................................................................... 160 

Working with quarantined files ........................................................................................................................ 161 

Working with objects in Backup ...................................................................................................................... 162 

Scanning files in Quarantine after an update .................................................................................................. 163 

Additional tools for better protection of your computer ......................................................................................... 163 

Privacy Cleaner ............................................................................................................................................... 164 

Configuring a browser for safe work ............................................................................................................... 165 

Rolling back changes made by Wizards ......................................................................................................... 167 

Reports ................................................................................................................................................................. 167 

Creating a report for the selected protection component ................................................................................ 168 

Data filtering .................................................................................................................................................... 168 

Events search ................................................................................................................................................. 169 

Saving a report to file ...................................................................................................................................... 170 

Storing reports ................................................................................................................................................ 170 

Clearing application reports ............................................................................................................................ 170 

Recording non-critical events into the report ................................................................................................... 171 

Configuring the notification of report availability .............................................................................................. 171 

Application appearance. Managing active interface elements .............................................................................. 171 

Translucence of notification windows .............................................................................................................. 171 

Animation of the application icon in the notification area ................................................................................ 172 

Text on Microsoft Windows logon screen........................................................................................................ 172 

Notifications .......................................................................................................................................................... 172 

Enabling and disabling notifications ................................................................................................................ 172 

Configuring the notification method ................................................................................................................. 173 

Disabling news delivery .................................................................................................................................. 174 

Kaspersky Security Network ................................................................................................................................. 174 

Enabling and disabling participation in Kaspersky Security Network .............................................................. 175 

Verifying connection to Kaspersky Security Network ...................................................................................... 175 

TESTING THE APPLICATION'S OPERATION .......................................................................................................... 176 

About the test file EICAR ...................................................................................................................................... 176 

Testing the application's functioning using the test file EICAR ............................................................................. 176 

About the types of the test file EICAR .................................................................................................................. 177 

7


CONTACTING THE TECHNICAL SUPPORT SERVICE ........................................................................................... 179 

How to get technical support ................................................................................................................................ 179 

Using the trace file and the AVZ script ................................................................................................................. 179 

Creating a system state report ........................................................................................................................ 180 

Creating a trace file ......................................................................................................................................... 180 

Sending data files ........................................................................................................................................... 180 

AVZ script execution ....................................................................................................................................... 181 

Technical support by phone .................................................................................................................................. 182 

Obtaining technical support via My Kaspersky Account ....................................................................................... 182 

APPENDIX ................................................................................................................................................................. 184 

Working with the application from the command line ............................................................................................ 184 

Activating the application ................................................................................................................................ 185 

Starting the application ................................................................................................................................... 186 

Stopping the application .................................................................................................................................. 186 

Managing application components and tasks ................................................................................................. 186 

Virus scan ....................................................................................................................................................... 188 

Updating the application ................................................................................................................................. 190 

Rolling back the last update ............................................................................................................................ 191 

Exporting protection settings ........................................................................................................................... 191 

Importing protection settings ........................................................................................................................... 191 

Creating a trace file ......................................................................................................................................... 192 

Viewing Help ................................................................................................................................................... 192 

Return codes of the command line ................................................................................................................. 193 

Kaspersky Internet Security notifications list ......................................................................................................... 194 

Notifications in any protection mode ............................................................................................................... 194 

Notifications in interactive protection mode ..................................................................................................... 201 

GLOSSARY ............................................................................................................................................................... 212 

KASPERSKY LAB ZAO ............................................................................................................................................. 221 

INFORMATION ABOUT THIRD-PARTY CODE ........................................................................................................ 222 

INDEX ........................................................................................................................................................................ 223 

8

ABOUT THIS GUIDE 

Greetings from Kaspersky Lab specialists! 

This guide contains information about how to install, configure, and use Kaspersky Internet Security. We hope that 

information provided by this guide, will help you work with the application with the maximum of ease. 

This guide is intended to: 

help you install, activate, and use Kaspersky Internet Security; 

ensure a quick search of information on application-related issues; 

describe additional sources of information about the application and ways of cooperating with the Technical 

Support Service. 

For proper use of the application, you should have basic computer skills: be acquainted with the interface of the 

operating system that you use, handle the main techniques specific for that system, know how to work with email and the 

Internet. 

IN THIS SECTION: 

In this guide ....................................................................................................................................................................... 9 

Document conventions .................................................................................................................................................... 11 

IN THIS GUIDE 

This guide comprises the following sections. 

Sources of information about the application 

This section describes sources of information about the application and lists websites that you can use to discuss the 

application's operation. 

Kaspersky Internet Security 

This section describes the application's features and provides brief information about the application's functions and 

components. You will learn what items are included in the distribution kit, and what services are available for registered 

users of the application. This section provides information about software and hardware requirements that a computer 

should meet to allow a user to install the application on it. 

Installing and removing the application 

This section provides information about how to install the application on a computer and how to uninstall it. 

Licensing the application 

This section provides information about general terms related to the application activation. Read this section to learn 

more about the purpose of the license agreement, license types, ways of activating the application, and the license 

renewal. 

9


Application interface 

This section provides information about basic elements of the graphic interface of the application: application icon and 

application icon context menu, main window, settings window, and notification windows. 

Starting and stopping the application 

This section contains information on starting and shutting down the application. 

Managing the computer protection 

This section provides information about how to detect threats to the computer's security and how to configure the security 

level. Read this section to learn more about how to enable, disable, and pause the protection when using the application. 

Solving typical tasks 

This section provides information about how to resolve the most common issues related to protection of the computer 

using the application. 

Advanced application settings 

This section provides detailed information about how to configure each of the application components. 

Testing the application's operation 

This section provides information about how to ensure that the application detects viruses and their modifications and 

performs the correct actions on them. 

Contacting the Technical Support Service 

This section provides information about how to contact the Technical Support Service at Kaspersky Lab. 

Appendix 

This section provides information that complements the document text. 

Glossary 

This section contains a list of terms mentioned in the document and their respective definitions. 

Kaspersky Lab ZAO 

This section provides information about Kaspersky Lab. 

Information about third-party code 

This section provides information about the third-party code used in the application. 

Index 

This section allows you to quickly find required information within the document. 

10

A B O U T T H I S G U I D E 

DOCUMENT CONVENTIONS 

The text herein is accompanied by semantic elements that should be given particular attention – warnings, hints, 

examples. 

Document conventions are used to highlight semantic elements. Document conventions and examples of their use are 

shown in the table below. 

Table 1. 

Document conventions 

SAMPLE TEXT 

Note that... 

It is recommended to use... 

Example: 

DOCUMENT CONVENTIONS DESCRIPTION 

Warnings are highlighted with red color and boxed. 

Warnings provide information about probable unwanted actions that may lead to 

data losses or failures in the computer's operation. 

Notes are boxed. 

Notes may contain useful hints, recommendations, specific values, or important 

particular cases in the application's operation. 

Examples are set out on a yellow background under the heading "Example". 

... 

Update means... 

The Databases are out of date event 

occurs. 

Press ENTER. 

Press ALT+F4. 

Click the Enable button. 

To configure a task schedule: 

Enter help in the command line. 

The following message then appears: 

Specify the date in dd:mm:yy 

format. 

 

The following semantic elements are italicized in the text: 

new terms; 

names of application statuses and events. 

Names of keyboard keys appear in a bold typeface and are capitalized. 

Names of keys connected by a + (plus) sign indicate the use of a key 

combination. Those keys should be pressed simultaneously. 

Names of application interface elements, such as entry fields, menu items, and 

buttons, are set off in bold. 

Introductory phrases of instructions are italicized and accompanied by the arrow 

sign. 

The following types of text content are set off with a special font: 

text in the command line; 

text of messages displayed on the screen by the application; 

data that the user should enter. 

Variables are enclosed in angle brackets. Instead of a variable, the 

corresponding value should be inserted, with angle brackets omitted. 

11

SOURCES OF INFORMATION ABOUT THE 

APPLICATION 

This section describes sources of information about the application and lists websites that you can use to discuss the 


You can select the most suitable information source, depending on the issue's level of importance and urgency. 


Sources of information for independent research ............................................................................................................ 12 

Discussing Kaspersky Lab applications on the Forum .................................................................................................... 13 

Contacting the Sales Department ................................................................................................................................... 13 

Contacting the Documentation Development Team by email .......................................................................................... 13 

SOURCES OF INFORMATION FOR INDEPENDENT RESEARCH 

You can use the following sources to find information about the application: 

the application page on the Kaspersky Lab website; 

the application page on the Technical Support Service website (Knowledge Base); 

online help; 

documentation. 

If you cannot solve an issue on your own, we recommend that you contact the Technical Support Service at Kaspersky 

Lab (see section "Technical support by phone" on page 182). 

To use information sources on the Kaspersky Lab website, an Internet connection should be established. 

The application page on the Kaspersky Lab website 

The Kaspersky Lab website features an individual page for each application. 

On such a page (http://www.kaspersky.com/kaspersky_internet_security), you can view general information about an 

application, its functions and features. 

The page http://www.kaspersky.com features a URL to the eStore. There you can purchase or renew the application. 

The application page on the Technical Support Service website (Knowledge Base) 

Knowledge Base is a section of the Technical Support Service website that provides recommendations on how to work 

with Kaspersky Lab applications. Knowledge Base comprises reference articles grouped by topics. 

12

S O U R C E S O F I N F O R M A T I O N A B O U T T H E A P P L I C A T I O N 

On the page of the application in the Knowledge Base (http://support.kaspersky.com/kis2012), you can read articles that 

provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, 

and use the application. 

Articles may provide answers to questions that are out of scope of Kaspersky Internet Security, being related to other 

Kaspersky Lab applications. They also may contain news from the Technical Support Service. 

Online help 

The online help of the application comprises help files. 

The context help provides information about each window of the application, listing and describing the corresponding 

settings and a list of tasks. 

The full help provides detailed information about how to manage the computer's protection using the application. 

Documentation 

The application user guide provides information about how to install, activate, and configure the application, as well as 

application operation data. The document also describes the application interface and provides ways of solving typical 

user tasks while working with the application. 

DISCUSSING KASPERSKY LAB APPLICATIONS ON THE 

FORUM 

If your question does not require an urgent answer, you can discuss it with Kaspersky Lab specialists and other users on 

our Forum (http://forum.kaspersky.com). 

In this forum you can view existing topics, leave your comments, create new topics. 

CONTACTING THE SALES DEPARTMENT 

If you have any questions on how to select, purchase, or renew the application, you can contact our Sales Department 

specialists in one of the following ways: 

By calling our HQ office in Moscow by phone (http://www.kaspersky.com/contacts). 

By sending a message with your question to sales@kaspersky.com. 

The service is provided in Russian and English. 

CONTACTING THE DOCUMENTATION DEVELOPMENT 

TEAM BY EMAIL 

To contact the Documentation Development Team, send an email to docfeedback@kaspersky.com. Please use 

"Kaspersky Help Feedback: Kaspersky Internet Security" as the subject line in your message. 

13

KASPERSKY INTERNET SECURITY 

This section describes the application's features and provides brief information about the application's functions and 

components. You will learn what items are included in the distribution kit, and what services are available for registered 

users of the application. This section provides information about software and hardware requirements that a computer 

should meet to allow a user to install the application on it. 


What's new ...................................................................................................................................................................... 14 

Distribution kit .................................................................................................................................................................. 14 

Service for registered users ............................................................................................................................................ 15 

Hardware and software requirements ............................................................................................................................. 15 

WHAT'S NEW 

Kaspersky Internet Security provides the following new features: 

The improved interface of the main window of Kaspersky Internet Security ensures quick access to the 

application's functions. 

The logic of operations with Quarantine and Backup (see page 160) has been improved: now they are 

represented on two separate tabs, each of them with its respective unique scope. 

The Task Manager has been added for an easy task management in Kaspersky Internet Security (see section 

"Managing scan tasks. Task Manager" on page 72). 

Participation in the Kaspersky Security Network (see page 174) allows us to identify the reputation of 

applications and websites based on data received from users from all over the world. 

When Web Anti-Virus is enabled, you can separately enable the heuristic analysis to check web pages for 

phishing (see section "Using heuristic analysis when working with Web Anti-Virus" on page 93). When checking 

pages for phishing, the heuristic analysis will be applied regardless of whether it has been enabled for Web Anti- 

Virus. 

The appearance of Kaspersky Gadget has been redesigned (see page 37). 

DISTRIBUTION KIT 

You can purchase the application in one of the following ways: 

Boxed. Distributed via stores of our partners. 

At the online store. Distributed at online stores of Kaspersky Lab (for example, http://www.kaspersky.com, 

section eStore) or via partner companies. 

14

K A S P E R S K Y I N T E R N E T S E C U R I T Y 

If you purchase the boxed version of the application, the distribution kit contains the following items: 

sealed envelope with the setup CD that contains application files and documentation files; 

brief User Guide with an activation code; 

license agreement that stipulates the terms, on which you can use the application. 

The content of the distribution kit may differ depending on the region, in which the application is distributed. 

If you purchase Kaspersky Internet Security at an online store, you copy the application from the website of the store. 

Information required for the application activation, will be sent to you by email on payment. 

For more details on ways of purchasing and the distribution kit, contact the Sales Department. 

SERVICE FOR REGISTERED USERS 

On purchasing a user license for the application, you become a registered user of Kaspersky Lab applications and can 

benefit from the following services during the entire validity term of the license: 

updating databases and providing new versions of the application; 

consulting by phone and by email on issues related to installation, configuration, and use of the application; 

notifying you of releases of new applications by Kaspersky Lab and new viruses. To use this service, you should 

be subscribed to the news delivery from Kaspersky Lab on the Technical Support Service website. 

No consulting services are provided on issues related to the functioning of operating systems, third-party 

software and technologies. 

HARDWARE AND SOFTWARE REQUIREMENTS 

To ensure the proper functioning of Kaspersky Internet Security, your computer should meet the following requirements: 

General requirements: 

480 MB free disk space on the hard drive (including 380 MB on the system drive). 

CD / DVD-ROM (for installing Kaspersky Internet Security from a distribution CD). 

Internet access (for the application activation and for updating databases and software modules). 

Microsoft Internet Explorer 6.0 or higher. 

Microsoft Windows Installer 2.0. 

Requirements for Microsoft Windows XP Home Edition (Service Pack 2 or higher), Microsoft Windows XP Professional 

(Service Pack 2 or higher), and Microsoft Windows XP Professional x64 Edition (Service Pack 2 or higher): 

Intel Pentium 800 MHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent); 

512 MB free RAM. 

15


Requirements for Microsoft Windows Vista Home Basic, Microsoft Windows Vista Home Premium, Microsoft Windows 

Vista Business, Microsoft Windows Vista Enterprise, Microsoft Windows Vista Ultimate, Microsoft Windows 7 Starter, 

Microsoft Windows 7 Home Basic, Microsoft Windows 7 Home Premium, Microsoft Windows 7 Professional, and 

Microsoft Windows 7 Ultimate: 

Intel Pentium 1 GHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent). 

1 GB free RAM (for 32-bit operating systems); 2 GB free RAM (for 64-bit operating systems). 

You cannot enable Safe Run when working under a Microsoft Windows XP (64-bit) operating system. Use of Safe Run is 

restricted when working in Microsoft Windows Vista (64-bit) and Microsoft Windows 7 (64-bit) operating systems. 

Requirements for netbooks: 

Intel Atom 1.6 GHz processor or a compatible equivalent. 

Intel GMA950 video card with at least 64 MB of video RAM (or a compatible equivalent). 

Screen size no less than 10.1". 

16

INSTALLING AND REMOVING THE 

APPLICATION 

This section provides information about how to install the application on a computer and how to uninstall it. 


Standard installation procedure ....................................................................................................................................... 17 

Updating the previous version of Kaspersky Internet Security ........................................................................................ 22 

Non-standard installation scenarios ................................................................................................................................ 26 

Getting started ................................................................................................................................................................. 27 

Removing the application ................................................................................................................................................ 27 

STANDARD INSTALLATION PROCEDURE 

Kaspersky Internet Security will be installed on your computer in an interactive mode using the Setup Wizard. 

The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To 

close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the 

Cancel button. 

If the application protects more than one computer (the maximum number of computers depends on your license), it will 

be installed in the same manner on all computers. Note that in this case, according to the license agreement, the license 

term begins from the date of the first activation. When you activate the application on the second computers and so on, 

the license validity term decreases for the amount of time that has elapsed since the first activation. So, the license 

validity term will expire simultaneously for all installed copies of the application. 

To install Kaspersky Internet Security on your computer, 

run the setup file (the file with an EXE extension) from the CD with the product. 

Installation of Kaspersky Internet Security from a setup file downloaded online is identical to installation from the 

installation CD. 

17



Step 1. Searching for a newer version of the application ................................................................................................ 18 

Step 2. Making sure the system meets the installation requirements .............................................................................. 18 

Step 3. Selecting installation type ................................................................................................................................... 19 

Step 4. Reviewing the license agreement ....................................................................................................................... 19 

Step 5. Kaspersky Security Network Data Collection Statement ..................................................................................... 19 

Step 6. Searching for incompatible applications .............................................................................................................. 19 

Step 7. Selecting the destination folder ........................................................................................................................... 20 

Step 8. Preparing for installation ..................................................................................................................................... 20 

Step 9. Installing .............................................................................................................................................................. 21 

Step 10. Finishing the installation .................................................................................................................................... 21 

Step 11. Activating the application .................................................................................................................................. 21 

Step 12. Registering a user ............................................................................................................................................. 21 

Step 13. Completing the activation .................................................................................................................................. 22 

STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION 

Before setup, the Setup Wizard checks the Kaspersky Lab update servers for a newer version of Kaspersky Internet 

Security. 

If it does not find a newer product version on the Kaspersky Lab update servers, the Setup Wizard for the current version 

will be started. 

If the update servers offer a newer version of Kaspersky Internet Security, you will see a prompt to download and install it 

on the computer. It is recommended that you install the new version of the application, because newer versions include 

further enhancements that ensure you have the most reliable protection for your computer. If you cancel the new version 

download, the Setup Wizard for the current version will be started. If you decide to install the newer version, product 

distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started 

automatically. For a further description of the installation procedure for the newer version, please refer to the 

corresponding documentation. 

STEP 2. MAKING SURE THE SYSTEM MEETS THE INSTALLATION 

REQUIREMENTS 

Before installation of Kaspersky Internet Security on your computer, the installer checks the operating system and 

service packs to make sure they meet the software requirements for product installation (see section "Hardware and 

software requirements" on page 15). In addition, the installer checks for the presence of required software and the 

credentials necessary to install applications. If any of the above-listed requirements is not met, a notification to that effect 

will be displayed on the screen. 

If the computer meets all the requirements, the Wizard searches for Kaspersky Lab applications which, when run 

together with Kaspersky Internet Security, may result in conflicts. If such applications are found, you will be asked to 

remove them manually. 

18

I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N 

If an earlier version of Kaspersky Anti-Virus or Kaspersky Internet Security is found, all data that can be used by 

Kaspersky Internet Security 2012 (for example, activation information or application settings) will be saved and used 

when installing the new application, while the one installed earlier will be automatically removed. 

STEP 3. SELECTING INSTALLATION TYPE 

At this step, you can choose the most suitable type of Kaspersky Internet Security installation: 

Standard installation. If you choose this option (the Change installation settings box is unchecked), the 

application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab 

experts. 

Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify 

the destination folder into which the application should be installed (see section "Step 7. Selecting the 

destination folder" on page 20) and disable the installation process protection, if necessary (see section "Step 8. 

Preparing for installation" on page 20). 

To proceed with the installation, click the Next button. 

STEP 4. REVIEWING THE LICENSE AGREEMENT 

At this step, you should review the license agreement between you and Kaspersky Lab. 

Read the agreement carefully and, if you accept all its terms, click the I agree button. The installation will continue. 

If you cannot accept the license agreement, cancel the application installation by clicking the Cancel button. 

STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION 

STATEMENT 

At this stage, you will be invited to participate in the Kaspersky Security Network. Participation in the program involves 

sending information about new threats detected on your computer, running applications, and downloaded signed 

applications, as well as your system information, to Kaspersky Lab. We guarantee that none of your personal data will be 

sent. 

Review the Kaspersky Security Network Data Collection Statement. To read the complete version of the Statement, click 

the Full KSN Agreement button. If you agree with all terms of the Statement, check the I accept the terms of 

participation in Kaspersky Security Network box in the Wizard window. 

Click the Next button if you have selected the custom installation (see section "Step 3. Selecting installation type" on 

page 19). If performing the standard installation, click the Install button. The installation will continue. 

STEP 6. SEARCHING FOR INCOMPATIBLE APPLICATIONS 

At this step, the application checks whether any applications incompatible with Kaspersky Internet Security are installed 

on your computer. 

If no such applications are found, the Wizard automatically proceeds to the next step. 

If any incompatible applications are detected, they are displayed in a list on the screen, and you will be prompted to 

remove them. Applications that Kaspersky Internet Security cannot remove automatically should be removed manually. 

When removing incompatible applications, you will need to reboot your operating system, after which installation of 

Kaspersky Internet Security will continue automatically. 


19


STEP 7. SELECTING THE DESTINATION FOLDER 

This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting 

installation type" on page 19). When performing a standard installation, this step is skipped and the application is 

installed to the default folder. 

At this stage you are asked to choose the folder to which Kaspersky Internet Security will be installed. The following path 

is set by default: 

\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012 – for 32-bit systems; 

\Program Files (х86)\Kaspersky Lab\Kaspersky Internet Security 2012 – for 64-bit systems. 

To install Kaspersky Internet Security to a different folder, specify the path to the desired folder in the input field or click 

the Browse button and choose a folder in the window that opens. 

Keep in mind the following restrictions: 

The application cannot be installed on network or removable drives, or on virtual drives (those created using the 

SUBST command). 

We recommend that you avoid installing the application in a folder that already contains files or other folders, 

because that folder will then become inaccessible for editing. 

The path to the installation folder cannot be longer than 160 characters or contain the special characters 

/, ?, :, *, ", >, < or |. 

To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the 

window that opens you can view the disk space information. To close the window, click OK. 

To proceed with the installation, click the Next button in the Wizard window. 

STEP 8. PREPARING FOR INSTALLATION 


installation type" on page 19). For the standard installation, this step is skipped. 

Since your computer may be infected with malicious programs that may impact the installation of Kaspersky Internet 

Security, the installation process should be protected. 

By default, installation process protection is enabled – the Protect the installation process box is checked in the 

Wizard window. 

You are advised to uncheck this box if the application cannot be installed (for example, when performing remote 

installation using Windows Remote Desktop). Enabled protection may be the reason. 

In this case, you should interrupt installation, restart it, check the Change installation settings box at the Select 

installation type step (see section "Step 3. Selecting installation type" on page 19), and when you reach the Preparing for 

installation step, uncheck the Protect the installation process box. 

To proceed with the installation, click the Install button. 

When installing the application on a computer running under Microsoft Windows XP, active network connections are 

terminated. The majority of terminated connections are restored after a pause. 

20

I N S T A L L I NG A N D R E M O V I N G T H E A P P L I C A T I O N 

STEP 9. INSTALLING 

Installation of the application can take some time. Wait for it to finish. 

Once the installation is complete, the Wizard will automatically proceed to the next step. 

If an installation error occurs, which may be due to malicious programs that prevent anti-virus applications from being 

installed on your computer, the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool, a special 

utility for neutralizing infections. 

If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers, after which installation of 

the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by 

clicking the link provided. 

After you finish working with the utility, you should delete it and restart the installation of Kaspersky Internet Security. 

STEP 10. FINISHING THE INSTALLATION 

This window of the Wizard informs you of the successful completion of the application installation. To run Kaspersky 

Internet Security, make sure that the Run Kaspersky Internet Security 2012 box is checked and click the Finish 

button. 

In some cases, you may need to reboot your operating system. If the Run Kaspersky Internet Security 2012 box is 

checked, the application will be run automatically after you reboot your operating system. 

If you unchecked the box before closing the Wizard, you should run the application manually (see section "Launching 

and closing the application manually" on page 38). 

STEP 11. ACTIVATING THE APPLICATION 

Activation is the procedure of activating a license that allows you to use a fully functional version of the application until 

the license expires. 

You will need an Internet connection to activate the application. 

You will be offered the following options for Kaspersky Internet Security activation: 

Activate commercial version. Select this option and enter the activation code if you have purchased a 

commercial version of the application. 

If you specify an activation code for Kaspersky Anti-Virus in the entry field, the procedure of switching to 

Kaspersky Anti-Virus starts after the completion of activation. 

Activate trial version. Use this activation option if you want to install the trial version of the application before 

making the decision to purchase a commercial version. You will be able to use the fully-functional version of the 

application for the duration of a term limited by the license for the trial version of the application. When the 

license expires, it cannot be activated for a second time. 

STEP 12. REGISTERING A USER 

This step is only available when activating the commercial version of the application. When activating the trial version, 

this step is skipped. 

21


You need to register in order to be able to contact Kaspersky Lab Technical Support Service in the future. 

If you agree to register, specify your registration data in the corresponding fields and click the Next button. 

STEP 13. COMPLETING THE ACTIVATION 

The Wizard informs you that Kaspersky Internet Security has been successfully activated. In addition, information about 

the license is provided: license type (commercial or trial), date of expiry, and number of hosts for the license. 

If you have activated a subscription, information about the subscription status is displayed instead of the license expiry 

date. 

Click the Finish button to close the Wizard. 

UPDATING THE PREVIOUS VERSION OF KASPERSKY 

INTERNET SECURITY 

If Kaspersky Internet Security 2010 or 2011 is already installed on your computer, you should update the application to 

Kaspersky Internet Security 2012. If you have an active license for Kaspersky Internet Security 2010 or 2011, you will not 

have to activate the application: the Setup Wizard will automatically retrieve the information about your license for 

Kaspersky Internet Security 2010 or 2011 and use it during the installation process. 

Kaspersky Internet Security will be installed on your computer in an interactive mode using the Setup Wizard. 




If the application protects more than one computer (the maximum number of computers depends on your license), it will 

be installed in the same manner on all computers. Note that in this case, according to the license agreement, the license 

term begins from the date of the first activation. When you activate the application on the second computers and so on, 

the license validity term decreases for the amount of time that has elapsed since the first activation. So, the license 

validity term will expire simultaneously for all installed copies of the application. 

To install Kaspersky Internet Security on your computer, 

run the setup file (the file with an EXE extension) from the CD with the product. 

Installation of Kaspersky Internet Security from a setup file downloaded online is identical to installation from the 

installation CD. 

22



Step 1. Searching for a newer version of the application ................................................................................................ 23 

Step 2. Making sure the system meets the installation requirements .............................................................................. 23 

Step 3. Selecting installation type ................................................................................................................................... 24 

Step 4. Reviewing the license agreement ....................................................................................................................... 24 

Step 5. Kaspersky Security Network Data Collection Statement ..................................................................................... 24 

Step 6. Searching for incompatible applications .............................................................................................................. 24 

Step 7. Selecting the destination folder ........................................................................................................................... 25 

Step 8. Preparing for installation ..................................................................................................................................... 25 

Step 9. Installing .............................................................................................................................................................. 26 

Step 10. Wizard completion ............................................................................................................................................ 26 

STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION 

Before setup, the Setup Wizard checks the Kaspersky Lab update servers for a newer version of Kaspersky Internet 


If it does not find a newer product version on the Kaspersky Lab update servers, the Setup Wizard for the current version 

will be started. 

If the update servers offer a newer version of Kaspersky Internet Security, you will see a prompt to download and install it 

on the computer. It is recommended that you install the new version of the application, because newer versions include 

further enhancements that ensure you have the most reliable protection for your computer. If you cancel the new version 

download, the Setup Wizard for the current version will be started. If you decide to install the newer version, product 

distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started 

automatically. For a further description of the installation procedure for the newer version, please refer to the 

corresponding documentation. 

STEP 2. MAKING SURE THE SYSTEM MEETS THE INSTALLATION 

REQUIREMENTS 

Before installation of Kaspersky Internet Security on your computer, the installer checks the operating system and 

service packs to make sure they meet the software requirements for product installation (see section "Hardware and 

software requirements" on page 15). In addition, the installer checks for the presence of required software and the 

credentials necessary to install applications. If any of the above-listed requirements is not met, a notification to that effect 

will be displayed on the screen. 

If the computer meets all the requirements, the Wizard searches for Kaspersky Lab applications which, when run 

together with Kaspersky Internet Security, may result in conflicts. If such applications are found, you will be asked to 

remove them manually. 

If an earlier version of Kaspersky Anti-Virus or Kaspersky Internet Security is found, all data that can be used by 

Kaspersky Internet Security 2012 (for example, activation information or application settings) will be saved and used 

when installing the new application, while the one installed earlier will be automatically removed. 

23


STEP 3. SELECTING INSTALLATION TYPE 

At this step, you can choose the most suitable type of Kaspersky Internet Security installation: 

Standard installation. If you choose this option (the Change installation settings box is unchecked), the 

application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab 

experts. 

Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify 

the destination folder into which the application should be installed (see section "Step 7. Selecting the 

destination folder" on page 20) and disable the installation process protection, if necessary (see section "Step 8. 

Preparing for installation" on page 20). 


STEP 4. REVIEWING THE LICENSE AGREEMENT 

At this step, you should review the license agreement between you and Kaspersky Lab. 

Read the agreement carefully and, if you accept all its terms, click the I agree button. The installation will continue. 

If you cannot accept the license agreement, cancel the application installation by clicking the Cancel button. 

STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION 

STATEMENT 

At this stage, you will be invited to participate in the Kaspersky Security Network. Participation in the program involves 

sending information about new threats detected on your computer, running applications, and downloaded signed 

applications, as well as your system information, to Kaspersky Lab. We guarantee that none of your personal data will be 

sent. 

Review the Kaspersky Security Network Data Collection Statement. To read the complete version of the Statement, click 

the Full KSN agreement button. If you agree with all terms of the Statement, check the I accept the terms of 

participation in Kaspersky Security Network box in the Wizard window. 

Click the Next button if you have selected the custom installation (see section "Step 3. Selecting installation type" on 

page 19). If performing the standard installation, click the Install button. The installation will continue. 

STEP 6. SEARCHING FOR INCOMPATIBLE APPLICATIONS 

At this step, the application checks whether any applications incompatible with Kaspersky Internet Security are installed 

on your computer. 

If no such applications are found, the Wizard automatically proceeds to the next step. 

If any incompatible applications are detected, they are displayed in a list on the screen, and you will be prompted to 

remove them. Applications that Kaspersky Internet Security cannot remove automatically should be removed manually. 

When removing incompatible applications, you will need to reboot your operating system, after which installation of 

Kaspersky Internet Security will continue automatically. 


24


STEP 7. SELECTING THE DESTINATION FOLDER 


installation type" on page 19). When performing a standard installation, this step is skipped and the application is 

installed to the default folder. 

At this stage you are asked to choose the folder to which Kaspersky Internet Security will be installed. The following path 

is set by default: 

\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012 – for 32-bit systems; 

\Program Files (х86)\Kaspersky Lab\Kaspersky Internet Security 2012 – for 64-bit systems. 

To install Kaspersky Internet Security to a different folder, specify the path to the desired folder in the input field or click 

the Browse button and choose a folder in the window that opens. 

Keep in mind the following restrictions: 

The application cannot be installed on network or removable drives, or on virtual drives (those created using the 

SUBST command). 

We recommend that you avoid installing the application in a folder that already contains files or other folders, 

because that folder will then become inaccessible for editing. 

The path to the installation folder cannot be longer than 160 characters or contain the special characters 

/, ?, :, *, ", >, < or |. 

To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the 

window that opens you can view the disk space information. To close the window, click OK. 

To proceed with the installation, click the Next button in the Wizard window. 

STEP 8. PREPARING FOR INSTALLATION 


installation type" on page 19). For the standard installation, this step is skipped. 

Since your computer may be infected with malicious programs that may impact the installation of Kaspersky Internet 

Security, the installation process should be protected. 

By default, installation process protection is enabled – the Protect the installation process box is checked in the 

Wizard window. 

You are advised to uncheck this box if the application cannot be installed (for example, when performing remote 

installation using Windows Remote Desktop). Enabled protection may be the reason. 

In this case, you should interrupt installation, restart it, check the Change installation settings box at the Select 

installation type step (see section "Step 3. Selecting installation type" on page 19), and when you reach the Preparing for 

installation step, uncheck the Protect the installation process box. 

To proceed with the installation, click the Install button. 

When installing the application on a computer running under Microsoft Windows XP, active network connections are 

terminated. The majority of terminated connections are restored after a pause. 

25


STEP 9. INSTALLING 

Installation of the application can take some time. Wait for it to finish. 

Once the installation is complete, the Wizard will automatically proceed to the next step. 

If an installation error occurs, which may be due to malicious programs that prevent anti-virus applications from being 

installed on your computer, the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool, a special 

utility for neutralizing infections. 

If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers, after which installation of 

the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by 

clicking the link provided. 

After you finish working with the utility, you should delete it and restart the installation of Kaspersky Internet Security. 

STEP 10. WIZARD COMPLETION 

This window of the Wizard informs you of the successful completion of the application installation. To run Kaspersky 

Internet Security, make sure that the Run Kaspersky Internet Security 2012 box is checked and click the Finish 

button. 

In some cases, you may need to reboot your operating system. If the Run Kaspersky Internet Security 2012 box is 

checked, the application will be run automatically after you reboot your operating system. 

If you unchecked the box before closing the Wizard, you should run the application manually (see section "Launching 

and closing the application manually" on page 38). 

NON-STANDARD INSTALLATION SCENARIOS 

This section describes application installation scenarios which differ from those of standard installation or update from 

the previous version. 

Installing Kaspersky Internet Security and activating later using a Kaspersky Anti-Virus activation 

code 

If, when installing Kaspersky Internet Security, at the Activating the application step, you enter a Kaspersky Anti-Virus 

activation code, a switching procedure starts which results in Kaspersky Anti-Virus being installed on your computer. 

If, when installing Kaspersky Internet Security, at the Activating the application step, you select Activate later and then 

activate the installed application with a Kaspersky Anti-Virus activation code, the switching procedure also starts, which 

results in Kaspersky Anti-Virus being installed on your computer. 

Installing Kaspersky Internet Security 2012 over Kaspersky Anti-Virus 2010 or 2011 

If you run the installation of Kaspersky Internet Security 2012 on a computer, on which Kaspersky Anti-Virus 2010 or 

2011 with an active license is already installed, the Setup Wizard detects the information about the license and prompts 

you to select one of the following further actions: 

Use the current license of Kaspersky Anti-Virus 2010 or 2011. In this case, the switching procedure starts, 

which results in Kaspersky Anti-Virus 2012 being installed on your computer. You will be able to use Kaspersky 

Anti-Virus 2012 as long as the license for Kaspersky Anti-Virus 2010 or 2011 remains valid. 

Proceed with installation of Kaspersky Internet Security 2012. In this case, the installation procedure will 

continue according to the standard scenario, starting from the Activating the application step. 

26


GETTING STARTED 

The application is ready to be used after installation. To ensure proper protection of your computer, we recommend 

performing the following immediately after installation and configuration: 

Update application databases (see section "How to update application databases and modules" on page 45). 

Scan your computer for viruses (see section "How to perform a full scan of your computer for viruses" on 

page 48) and vulnerabilities (see section "How to scan your computer for vulnerabilities" on page 48). 

Check the protection status of your computer and eliminate problems in protection, if necessary. 

REMOVING THE APPLICATION 

After uninstalling Kaspersky Internet Security, your computer and personal data will be unprotected! 

Kaspersky Internet Security is uninstalled with the help of the Setup Wizard. 

To start the Wizard, 

in the Start menu, select Programs Kaspersky Internet Security 2012 Remove Kaspersky Internet 

Security 2012. 


Step 1. Saving data for reuse .......................................................................................................................................... 27 

Step 2. Confirmation of application removal .................................................................................................................... 28 

Step 3. Removing the application. Completing removal .................................................................................................. 28 

STEP 1. SAVING DATA FOR REUSE 

At this point you can specify which of the data used by the application you want to retain for reuse during the next 

installation of the application (e.g., a newer version of the application). 

By default, the application is completely removed from the computer. 

To save data for reuse: 

1. Choose the option Save application objects. 

2. Check the boxes for the data types you want to save: 

Activation data – data that eliminates the need to activate the application in the future by automatically 

using the current license as long as it has not expired by the time of the next installation. 

Backup and Quarantine files – files checked by the application and placed into backup storage or 

quarantine. 

Operational settings of the application – values of the application settings selected during configuration. 

iChecker data – files which contain information about the objects that have already been scanned for 

viruses. 

27


Anti-Spam databases – databases containing signatures of spam messages downloaded and saved by 

the application. 

Safe Run shared folder data – files saved by the application when working in a safe environment in a 

special folder that is also accessible in the normal environment. 

STEP 2. CONFIRMATION OF APPLICATION REMOVAL 

Since removing the application threatens the security of the computer and your personal data, you will be asked to 

confirm your intention to remove the application. To do this, click the Remove button. 

To stop removal of the application at any time, you can cancel this operation by clicking the Cancel button. 

STEP 3. REMOVING THE APPLICATION. COMPLETING REMOVAL 

At this step, the Wizard removes the application from your computer. Wait until removal is complete. 

When removing the application, you may need to reboot your operating system. If you cancel the immediate reboot, 

completion of the removal procedure will be postponed until the operating system is rebooted or the computer is turned 

off and then restarted. 

28

LICENSING THE APPLICATION 

This section provides information about general terms related to the application activation. Read this section to learn 

more about the purpose of the license agreement, license types, ways of activating the application, and the license 

renewal. 


About the End User License Agreement ......................................................................................................................... 29 

About data provision ....................................................................................................................................................... 29 

About the license ............................................................................................................................................................. 29 

About the activation code ................................................................................................................................................ 30 

ABOUT THE END USER LICENSE AGREEMENT 

License Agreement is a legal agreement concluded between you and Kaspersky Lab ZAO that stipulates the terms of 

use for the application. 

Read through the terms of the License Agreement carefully before you start using the application. 

You can read through the terms of the License Agreement when installing the Kaspersky Lab application. 

The terms of the License Agreement are regarded as accepted in the following cases: 

Upon unsealing the box with the setup CD (only if you have purchased the application in the boxed version or at 

a store of any of our partners). 

Upon confirming your acceptance of the text of the License Agreement when installing the application. 

If you do not accept the terms of the License Agreement, you have to interrupt the application installation. 

ABOUT DATA PROVISION 

In order to increase the level of real-time protection, accepting the terms of the License Agreement means that you agree 

to send information about checksums of processed objects (MD5), information required to determine the reputation of 

URLs, and statistical data for anti-spam protection, in automatic mode. Information retrieved does not contain any private 

data and other types of confidential information. Information retrieved is protected by Kaspersky Lab pursuant to the 

requirements stipulated by the existing legislation. You can obtain more details on the website: 

http://support.kaspersky.com. 

ABOUT THE LICENSE 

License is a time-limited right to use the application provided to you in accordance with the License Agreement. The 

license contains a unique code for the activation of your copy of Kaspersky Internet Security. 

29


The license grants you the right to benefit the following services: 

Using the application on one or several devices. 

Number of devices, on which you can use the application, is specified in the License Agreement. 

Contacting the Technical Support Service of Kaspersky Lab. 

Enjoying the complete set of services provided to you by Kaspersky Lab or its partners during the validity term 

of the license (see section "Service for registered users" on page 15). 

The scope of services provided and the validity term of the application depend on the type of license used to activate the 

application. 

The following license types are provided: 

Trial – a free license with a limited validity period, offered to allow you to become familiar with the application. 

If you copy the application from the website http://www.kaspersky.com, you automatically become the owner of 

the trial license. As soon as the license expires, all Kaspersky Internet Security features are disabled. To 

continue using the application, you should purchase the commercial license. 

Commercial – a paid license with a limited validity period, offered upon purchase of the application. 

After the expiration of the commercial license, the application keeps on running in limited functionality mode. 

You will still be able to scan your computer for viruses and use other application components but only with 

databases installed before the license has expired. To continue using Kaspersky Internet Security, you should 

renew the commercial license. 

We recommend that you renew the license on the day the current license expires at the latest in order to ensure 

the most comprehensible anti-virus protection of your computer. 

ABOUT THE ACTIVATION CODE 

Activation code is a code that you receive on purchasing the commercial license for Kaspersky Internet Security. This 

code is required for activation of the application. 

The activation code is an alphanumeric string of Latin characters in xxxxx-xxxxx-xxxxx-xxxxx format. 

The activation code is provided in one of the following forms, depending on the way you purchase the application: 

If you have purchased the boxed version of Kaspersky Internet Security, the activation code is specified in the 

documentation or on the box containing the setup CD. 

If you have purchased Kaspersky Internet Security at an online store, the activation code is sent to the email 

address that you have specified when ordering the product. 

The validity term of the license starts from the moment you have activated the application. If you have purchased a 

license intended for the use of Kaspersky Internet Security on several devices, the validity term of the license starts 

counting down from the moment you have entered the code on the first of those devices. 

If you have lost or accidentally deleted your activation code after the activation, you should send a request to the 

Technical Support Service at Kaspersky Lab from My Kaspersky Account (see section "Obtaining technical support via 

My Kaspersky Account" on page 182). 

On completion of the application activation with a code, you are assigned a client ID. Client ID is the personal ID for a 

user, that is needed for receiving technical support by phone or via My Kaspersky Account (see section "Obtaining 

technical support via My Kaspersky Account" on page 182). 

30

APPLICATION INTERFACE 

This section provides information about basic elements of the graphic interface of the application: application icon and 

application icon context menu, main window, settings window, and notification windows. 


The notification area icon ................................................................................................................................................ 31 

The context menu ........................................................................................................................................................... 32 

The Kaspersky Internet Security main window ................................................................................................................ 33 

Notification windows and pop-up messages ................................................................................................................... 34 

The application settings window ...................................................................................................................................... 36 

The Kaspersky Gadget.................................................................................................................................................... 37 

News Agent ..................................................................................................................................................................... 37 

THE NOTIFICATION AREA ICON 

Immediately after installation of the application, the application icon appears in the Microsoft Windows taskbar notification 

area. 

In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access 

the application more easily (see the operating system documentation). 

The icon has the following purposes: 

It is an indicator of the application's operation. 

It provides access to the context menu, the main application window and the news window. 

Indication of application operation 

This icon serves as an indicator of the application's operation. It also indicates the protection status and displays the 

basic functions currently being performed by the application: 

– scanning an email message; 

– scanning web traffic; 

– updating databases and application modules; 

– computer needs to be restarted to apply updates; 

– a failure occurred in the operation of an application component. 

31


The icon is animated by default: for example, during the email message scan, a tiny letter symbol blinks in front of the 

application icon; when the update is in progress, you see a revolving globe. Animation can be deactivated (see section 

"Translucence of notification windows" on page 171). 

When the animation is disabled, the icon may take the following forms: 

(colored symbol) – all or some protection components are activated; 

(black-and-white symbol) – all protection components are disabled. 

Access to the context menu and application windows 

Using the icon, you can open the context menu (on page 32) (by right-clicking) and the main application window (see 

section "The Kaspersky Internet Security main window" on page 33) (by left-clicking). 

If news from Kaspersky Lab is available, the icon appears in the Microsoft Windows taskbar notification area. Doubleclick 

this icon to open the News Agent (see section "News Agent" on page 37). 

THE CONTEXT MENU 

Using the context menu, you can quickly take various actions on the application. 

The Kaspersky Internet Security menu contains the following items: 

Task Manager – opens the Task Manager window. 

Update – runs the update of application databases and modules. 

Tools – opens a submenu containing the following items: 

Applications Activity – opens the Applications Activity window; 

Network Monitor – opens the Network Monitor window; 

Virtual Keyboard – displays the Virtual Keyboard. 

Safe Run for Applications – runs a safe desktop designed for handling applications that you suppose to be 

unsafe. If Safe Run for Applications is already active, the application switches to it. 

When working with Safe Run for Applications, this menu item is named Return to the main desktop, serving 

for switching to the main desktop. 

Kaspersky Internet Security – opens the main application window. 

Pause protection / Resume protection – temporarily disables / enables real-time protection components. This 

menu item does not affect the application's updates or the execution of virus scans. 

Enable Parental Control / Disable Parental Control – enables / disables Parental Control for the current 

account. 

Settings – opens the application settings window. 

About – opens a window containing information about the application. 

32

A P P L I C A T I O N I N T E R F A C E 

News – opens the News Agent window (see section "News Agent" on page 37). This menu item is displayed if 

there is unread news. 

Exit – closes Kaspersky Internet Security (when this item is selected, the application is unloaded from the 

computer’s RAM). 

Figure 1. The context menu 

If a virus scan or update task is running at the moment that you open the context menu, its name as well as its progress 

status (percentage complete) is displayed in the context menu. If you select a menu item with the name of a task, you 

can switch to the main window with a report of current task run results. 

To open the context menu, 

position the cursor over the application icon in the taskbar notification area and right-click it. 

In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access 

the application more easily (see the operating system documentation). 

THE KASPERSKY INTERNET SECURITY MAIN WINDOW 

The main application window contains interface elements that provide access to all the main features of the application. 

The main window can be divided into two parts: 

The top part of the window provides information about the protection status of your computer. 

Figure 2. Top part of the main window 

33


In the bottom part of the window, you can quickly switch to using the main features of the application (for 

example, running virus scan tasks, updating databases and software modules). 

Figure 3. Bottom part of the main window 

If you select any of the sections in the bottom part of the window, the window of the corresponding function opens. You 

can return to selecting functions by clicking the Back button in the top left corner of the window. 

You can also use the following buttons and links: 

Cloud protection – to switch to information about Kaspersky Security Network (on page 174). 

Settings – to open the application settings window (see section "The application settings window" on page 36). 

Reports – to switch to the application operation reports. 

News – to switch to viewing news in the News Agent window (see section "News Agent" on page 37). This link 

is displayed after the application receives a piece of news. 

Help – to view the Kaspersky Internet Security help system. 

My Kaspersky Account – to enter the user's personal account on the Technical Support Service website. 

Support – to open the window containing information about the system and links to Kaspersky Lab information 

resources (Technical Support Service website, forum). 

Manage License – to go to Kaspersky Internet Security activation and license renewal. 

You can open the main application window using one of the following methods: 

By left-clicking the application icon in the taskbar notification area. 

In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to 

access the application more easily (see the operating system documentation). 

By selecting Kaspersky Internet Security from the context menu (see section "Context menu" on page 32). 

By clicking the Kaspersky Internet Security icon located in the center of the Kaspersky Gadget (only for 

Microsoft Windows Vista and Microsoft Windows 7). 

NOTIFICATION WINDOWS AND POP-UP MESSAGES 

Kaspersky Internet Security notifies you of important events occurring during its operation using notification windows and 

pop-up messages that appear over the application icon in the taskbar notification area. 

34


Notification windows are displayed by Kaspersky Internet Security when various actions can be taken in connection with 

an event: for example, if a malicious object is detected, you can block access to it, delete it, or try to disinfect it. The 

application prompts you to select one of the available actions. A notification window only disappears from the screen if 

you select one of the actions. 

Figure 4. Notification window 

Pop-up messages are displayed by Kaspersky Internet Security in order to inform you of events that do not require you 

to select an action. Some pop-up messages contain links that you can use to take an action offered by the application: 

for example, run a database update or initiate activation of the application). Pop-up messages automatically disappear 

from the screen soon after they appear. 

Figure 5. Pop-up message 

Depending on the importance of an event for the viewpoint of the computer's security, notifications and pop-up 

messages are divided into three types: 

Critical notifications – inform you of events that have a critical importance for the computer's security, such as 

detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and popup 

messages are red-colored. 

Important notifications – inform you of events that are potentially important for the computer's security, such as 

detection of a potentially infected object or a suspicious activity in the system. Windows of important 

notifications and pop-up messages are yellow-colored. 

Information notifications – inform you of events that do not have critical importance for the computer's security. 

Windows of information notifications and pop-up messages are green-colored. 

35


THE APPLICATION SETTINGS WINDOW 

The Kaspersky Internet Security settings window (also referred to as "settings window") is designed for configuring the 

entire application and separate protection components, scanning and update tasks, and for running other advanced 

configuration tasks (see section "Advanced application settings" on page 62). 

Figure 6. The application settings window 

The application settings window consists of two parts: 

in the left part of the window you can choose the application component, task or another item that should be 

configured; 

the right part of the window contains the controls that you can use to configure the item selected in the left part 

of the window. 

The components, tasks and other items in the left part of the window are grouped in the following sections: 

– Protection Center; 

– Scan; 

– Update; 

– Advanced Settings. 

36


You can open the settings window using one of the following methods: 

by clicking the Settings link in the top part of the main application window (see section "The Kaspersky Internet 

Security main window" on page 33); 

by selecting Kaspersky Internet Security from the context menu (see section "Context menu" on page 32); 

by clicking the button with the Settings icon in the Kaspersky Gadget interface (only for Microsoft Windows 

Vista and Microsoft Windows 7 operating systems). The function of opening the settings window should be 

assigned to the button (see section "How to use the Kaspersky Gadget" on page 59). 

THE KASPERSKY GADGET 

When using Kaspersky Internet Security on a computer running under Microsoft Windows Vista or Microsoft Windows 7, 

you can also use the Kaspersky Gadget (hereinafter the gadget). The Kaspersky Gadget is designed for quick access to 

the main features of the application (for example, protection status indication, virus scanning of objects, application 

operation reports). 

After you install Kaspersky Internet Security on a computer running under Microsoft Windows 7, the gadget appears on 

your desktop automatically. After you install the application on a computer running under Microsoft Windows Vista, you 

should add the gadget to the Microsoft Windows Sidebar manually (see the operating system documentation). 

Figure 7. The Kaspersky Gadget 

NEWS AGENT 

Using News Agent, Kaspersky Lab informs you of all important events related to Kaspersky Internet Security and 

protection against computer threats. 

The application will notify you of news by displaying a special icon in the taskbar notification area (see below) and a popup 

message. Information about the number of unread news items is also displayed in the main application window. A 

news icon appears in the Kaspersky Internet Security gadget interface. 

You can read the news in one of the following ways: 

by clicking the 

icon in the taskbar notification area; 

by clicking the Read news link in the pop-up news message; 

by clicking the News link in the main application window; 

by clicking the icon which is displayed in the center of the Gadget when a piece of news appears (only for 

Microsoft Windows Vista and Microsoft Windows 7). 

The above-listed methods of opening the News Agent window are only operable if any unread news is available. 

If you do not want to receive any news, you can disable the news delivery. 

37

STARTING AND STOPPING THE 

APPLICATION 

This section contains information on starting and shutting down the application. 


Enabling and disabling automatic launch ........................................................................................................................ 38 

Launching and closing the application manually ............................................................................................................. 38 

ENABLING AND DISABLING AUTOMATIC LAUNCH 

Automatic launch of the application means that Kaspersky Internet Security launches after the operating system startup. 

This is the default start mode. 

To disable or enable automatic launch of the application: 

1. Open the application settings window. 

2. In the left part of the window, in the Protection Center section, select the General Settings subsection. 

3. To disable automatic launch of the application, uncheck the Launch Kaspersky Internet Security at computer 

startup box in the Autorun section in the right part of the window. Check this box to enable automatic launch of 

the application. 

LAUNCHING AND CLOSING THE APPLICATION MANUALLY 

Kaspersky Lab specialists do not recommend that you stop Kaspersky Internet Security, because the protection of your 

computer and personal data will then be at risk. It is recommended that you temporarily pause the computer's protection, 

without closing the application. 

Kaspersky Internet Security should be started manually if you have disabled automatic launch of the application (see 

section "Enabling and disabling automatic launch" on page 38). 

To launch the application manually, 

in the Start menu, select Programs Kaspersky Internet Security 2012 Kaspersky Internet Security 2012. 

To exit the application, 

right-click to open the context menu of the application icon in the taskbar notification area and select Exit. 

In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to 

access the application more easily (see the operating system documentation). 

38

MANAGING THE COMPUTER PROTECTION 

This section provides information about how to detect threats to the computer's security and how to configure the security 

level. Read this section to learn more about how to enable, disable, and pause the protection when using the application. 


Diagnostics and elimination of problems in your computer protection ............................................................................. 39 

Enabling and disabling the protection ............................................................................................................................. 40 

Pausing and resuming protection .................................................................................................................................... 41 

DIAGNOSTICS AND ELIMINATION OF PROBLEMS IN YOUR 

COMPUTER PROTECTION 

Problems with computer protection are indicated by the computer indicator located in the left part of the main application 

window (see section "The Kaspersky Internet Security main window" on page 33). The indicator is shaped as a monitor 

icon that changes color depending on the protection status of the computer: green means that the computer is protected, 

yellow indicates protection-related problems, red alerts of serious threats to the computer's security. 

Figure 8. Protection status indicator 

You are advised to fix the problems and security threats immediately. 

39


Clicking the indicator in the main application window opens the Security Problems window (see the figure below) 

containing detailed information about the status of computer protection and troubleshooting suggestions for the detected 

problems and threats. 

Figure 9. The Security Problems window 

Problems with the protection are grouped by categories. For each problem, actions are listed that you can use to solve 

the problem. 

ENABLING AND DISABLING THE PROTECTION 

By default, Kaspersky Internet Security is launched when the operating system loads and protects your computer until it 

is switched off. All protection components are running. 

You can fully or partially disable the protection provided by Kaspersky Internet Security. 

Kaspersky Lab specialists strongly recommend that you do not disable protection, since this may lead to an infection of 

your computer and data loss. It is recommended that you pause the protection for the required time interval (see section 

"Pausing and resuming protection" on page 41). 

The following signs indicate that the protection is paused or disabled: 

inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on 

page 31); 

a red security indicator in the upper part of the main application window. 

40

M A N A G I N G T H E C O M P U T E R P R O T E C T I O N 

In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components 

does not affect the performance of virus scan tasks and Kaspersky Internet Security updates. 

You can enable or disable the protection or individual application components from the application settings window (see 

section "The application settings window" on page 36). 

To completely enable or disable protection: 



3. Uncheck the Enable protection box if you need to disable protection. Check this box if you need to enable 

protection. 

To disable or enable a protection component: 


2. In the left part of the window, in the Protection Center section, select the component that should be enabled or 

disabled. 

3. In the right part of the window, uncheck the Enable box if you need to disable this 

component. Check this box if you need to enable the component. 

PAUSING AND RESUMING PROTECTION 

Pausing protection means temporarily disabling all protection components for a period of time. 

The following signs indicate that the protection is paused or disabled: 

inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on 

page 31); 

a red security indicator in the upper part of the main application window. 

In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components 

does not affect the performance of virus scan tasks and Kaspersky Internet Security updates. 

If network connections were established at the moment protection was paused, a notification about the termination of 

such connections is displayed. 

When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can pause protection 

using the Kaspersky Gadget. To do this, you should assign the protection pausing function to a button of the gadget (see 

section "How to use the Kaspersky Gadget" on page 59). 

To pause the protection of your computer: 

1. Open the Pause protection window using one of the following methods: 

select Pause protection from the context menu of the application icon (see section "The context menu" on 

page 32); 

click the button with the Pause protection icon in the Kaspersky Gadget interface (only for Microsoft 

Windows Vista and Microsoft Windows 7 operating systems). 

41


2. In the Pause protection window, select the time interval after which protection should be resumed: 

Pause for the specified time – protection will be enabled on expiration of the time interval selected from 

the dropdown list below. 

Pause until reboot – protection will be enabled after the application is restarted or the operating system is 

rebooted (provided that automatic application launch is enabled (see section "Enabling and disabling 

automatic launch" on page 38)). 

Pause – protection will be enabled when you decide to resume it (please see below). 

To resume computer protection, 

select Resume protection from the context menu of the application icon (see section "The context menu" on 

page 32). 

You can use this method to resume computer protection when the Pause option has been selected, or when you have 

selected Pause for the specified time or Pause until reboot. 

42

SOLVING TYPICAL TASKS 

This section provides information about how to resolve the most common issues related to protection of the computer 

using the application. 


How to activate the application ........................................................................................................................................ 43 

How to purchase or renew a license ............................................................................................................................... 44 

What to do when application notifications appear ........................................................................................................... 45 

How to update application databases and modules ........................................................................................................ 45 

How to scan critical areas of your computer for viruses .................................................................................................. 46 

How to scan a file, folder, disk, or another object for viruses .......................................................................................... 46 

How to perform a full scan of your computer for viruses ................................................................................................. 48 

How to scan your computer for vulnerabilities ................................................................................................................. 48 

How to protect your personal data against theft .............................................................................................................. 48 

What to do if you suspect an object is infected with a virus............................................................................................. 51 

How to run an unknown application without doing any harm to the system .................................................................... 52 

What to do with a large number of spam messages ....................................................................................................... 52 

What to do if you suspect your computer is infected ....................................................................................................... 53 

How to restore a file that has been deleted or disinfected by the application .................................................................. 54 

How to create and use a Rescue Disk ............................................................................................................................ 54 

How to view the report on the application's operation ..................................................................................................... 57 

How to restore default application settings ...................................................................................................................... 58 

How to transfer settings to Kaspersky Internet Security installed on another computer .................................................. 59 

How to use the Kaspersky Gadget .................................................................................................................................. 59 

How to know the reputation of an application .................................................................................................................. 61 

HOW TO ACTIVATE THE APPLICATION 

Activation is the procedure of activating a license that allows you to use a fully functional version of the application until 

the license expires. 

If you did not activate the application during installation, you can do so later. You will be reminded about the need to 

activate the application by Kaspersky Internet Security messages appearing in the taskbar notification area. 

43


To run the Kaspersky Internet Security activation wizard, perform one of the following: 

Click the Activate link in the Kaspersky Internet Security notice window that appears in the taskbar notification 

area. 

Click the Insert your activation code here link in the bottom part of the main application window. In the 

Manage License window that opens, click the Activate the application button. 

When working with the application activation wizard, you should specify values for a collection of settings. 

Step 1. Enter activation code 

Enter the activation code in the corresponding field and click the Next button. 

Step 2. Requesting activation 

If the activation request is sent successfully, the Wizard automatically proceeds to the next step. 

Step 3. Entry of registration data 

User registration is necessary for the user to be able to contact the Technical Support Service. Unregistered 

users receive only minimal support. 

Specify your registration data and click the Next button. 

Step 4. Activation 

If the application activation has been successful, the Wizard automatically proceeds to the next window. 

Step 5. Wizard completion 

This window displays information on the activation results: the type of license used and the license expiry date. 


HOW TO PURCHASE OR RENEW A LICENSE 

If you have installed Kaspersky Internet Security without a license, you can purchase one after installation. When 

purchasing a license, you receive an activation code that you should use to activate the application (see section "How to 

activate the application" on page 43). 

When your license expires, you can renew it. You can purchase a new license before the validity period of your current 

activation code expires. To do this, you should add the new code as a reserve activation code. When the validity term of 

the current license expires, Kaspersky Internet Security will be automatically activated using the reserve activation code. 

To purchase a license: 

1. Open the main application window. 

2. Click the Manage License link in the bottom part of the main window to open the Manage License window. 

3. In the window that opens, click the Buy activation code button. 

The eStore web page opens, where you can purchase a license. 

44

S O L V I N G T Y P I C A L T A S K S 

To add a reserve activation code: 


2. Click the Manage License link in the bottom part of the main window to open the Manage License window. 

The Manage License window opens. 

3. In the window that opens, in the New activation code section, click the Enter activation code button. 

The Application Activation Wizard opens. 

4. Enter the activation code in the corresponding fields and click the Next button. 

Kaspersky Internet Security then sends the data to the activation server for verification. If the verification is 

successful, the Wizard automatically proceeds to the next step. 

5. Select New code and click the Next button. 

6. When you have finished with the Wizard, click the Finish button. 

WHAT TO DO WHEN APPLICATION NOTIFICATIONS APPEAR 

Notifications that appear in the taskbar notification area inform you of events occurring in the application's operation 

which require your attention. Depending on how critical the event is, you may receive the following types of notification: 

Critical notifications – inform you of events that have a critical importance for the computer's security, such as 

detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and popup 

messages are red-colored. 

Important notifications – inform you of events that are potentially important for the computer's security, such as 

detection of a potentially infected object or a suspicious activity in the system. Windows of important 

notifications and pop-up messages are yellow-colored. 

Information notifications – inform you of events that do not have critical importance for the computer's security. 

Windows of information notifications and pop-up messages are green-colored. 

If such a notification is displayed on the screen, you should select one of the options suggested in it. The optimal option 

is the one recommended as the default by Kaspersky Lab experts. 

HOW TO UPDATE APPLICATION DATABASES 

AND MODULES 

By default, Kaspersky Internet Security automatically checks for updates on the Kaspersky Lab update servers. If the 

server stores a set of recent updates, Kaspersky Internet Security downloads and installs them in background mode. You 

can start updating Kaspersky Internet Security manually at any moment. 

To download updates from Kaspersky Lab servers, you should be connected to Internet. 

To start an update from the context menu, 

select Update from the context menu of the application icon. 

To start an update from the main application window: 

1. Open the main application window and select the Update section in the lower part of the window. 

2. In the Update window that opens, click the Run update button. 

45


HOW TO SCAN CRITICAL AREAS OF YOUR COMPUTER 

FOR VIRUSES 

Critical areas scan means scanning the following objects: 

objects loaded at the startup of the operating system; 

system memory; 

boot sectors of the disk; 

objects added by the user (see section "Creating a list of objects to scan" on page 67). 

You can start the scan of critical areas using one of the following methods: 

using a shortcut created earlier (see page 71). 

from the main application window (see section "The Kaspersky Internet Security main window" on page 33). 

To start the scan using a shortcut: 

1. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. 

2. Double-click the shortcut to start the scan. 

To start a scan from the main application window: 

1. Open the main application window and select the Scan section in the lower part of the window. 

2. In the Scan window that opens, in the Critical Areas Scan section, click the button. 

HOW TO SCAN A FILE, FOLDER, DISK, OR ANOTHER 

OBJECT FOR VIRUSES 

You can use the following methods to scan an object for viruses: 

using the context menu for the object; 

from the main application window (see section "The Kaspersky Internet Security main window" on page 33); 

using the Kaspersky Internet Security Gadget (only for Microsoft Windows Vista and Microsoft Windows 7 

operating systems). 

To start a virus scan task from the object context menu: 

1. Open Microsoft Windows Explorer and go to the folder which contains the object to be scanned. 

2. Right-click to open the context menu of the object (see the figure below) and select Scan for Viruses. 

46


The process and the outcome of the task will be displayed in the Task Manager window. 

Figure 10. The context menu of an object in Microsoft Windows 

To start scanning an object from the main application window: 


2. Specify the object to scan using one of the following methods: 

Click the specify link in the bottom right part of the window to open the Custom Scan window, and check 

the boxes next to folders and drives that you need to scan. 

If the window displays no object to be scanned: 

a. Click the Add button. 

b. In the Select object to scan window that opens, select an object to be scanned. 

Drag an object to scan into the dedicated area of the main window (see figure below). 

The progress of the task will be displayed in the Task Manager window. 

Figure 11. An area of the Scan window, into which you should drag an object to scan 

To scan an object for viruses using the gadget, 

drag the object to scan onto the gadget. 


47


HOW TO PERFORM A FULL SCAN OF YOUR COMPUTER 

FOR VIRUSES 

You can start a full scan for viruses using one of the following methods: 

using a shortcut created earlier (see page 71); 

from the main application window (see section "The Kaspersky Internet Security main window" on page 33). 

To start a full scan using a shortcut: 


2. Double-click the shortcut to start the scan. 

To start a full scan from the main application window: 


2. In the Scan window that opens, in the Full Scan section, click the button. 

HOW TO SCAN YOUR COMPUTER FOR VULNERABILITIES 

Vulnerabilities are unprotected portions of software code which intruders may deliberately use for their purposes, for 

example, to copy data used in unprotected applications. Scanning your computer for vulnerabilities helps you to reveal 

any such weak points in your computer. You are advised to remove the detected vulnerabilities. 

You can use the following methods to scan the system for vulnerabilities: 


using a shortcut created earlier (see page 71). 

To start the task using a shortcut: 


2. Double-click the shortcut to start scanning the system for vulnerabilities. 

To start the task from the main application window: 


2. In the Scan window that opens, in the Vulnerability Scan section, click the button. 

HOW TO PROTECT YOUR PERSONAL DATA AGAINST THEFT 

With Kaspersky Internet Security, you can protect your personal data against theft; this includes data such as: 

passwords, usernames, and other registration data; 

account numbers and bank card numbers. 

48


Kaspersky Internet Security comprises the following components and tools that help you protect your private data: 

Anti-Phishing. Protects against data thefts involving the phishing. 

Virtual Keyboard. Prevents interception of data entered at the keyboard. 

Parental Control (see page 143). Restricts sending of private data over the Internet. 


Protection against phishing ............................................................................................................................................. 49 

Protection against data interception at the keyboard ...................................................................................................... 50 

Protection of confidential data entered on websites ........................................................................................................ 51 

PROTECTION AGAINST PHISHING 

Protection against phishing is ensured by Anti-Phishing, implemented in the Web Anti-Virus, Anti-Spam, and IM Anti- 

Virus components. Kaspersky Lab recommends that you enable the checking for phishing for all protection components. 

To enable protection against phishing when Web Anti-Virus is running: 


2. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. 

3. Click the Settings button in the right part of the window. 

4. The Web Anti-Virus window opens. 

5. In the window that opens, on the General tab, in the Kaspersky URL Advisor section, check the Check web 

pages for phishing box. 

To enable protection against phishing when IM Anti-Virus is running: 


2. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component. 

3. In the right part of the window, in the Scan methods section, check the Check if URLs are listed in the 

database of phishing URLs box. 

To enable protection against phishing when Anti-Spam is running: 


2. In the left part of the window, in the Protection Center section, select the Anti-Spam component. 


The Anti-Spam window will be displayed. 

4. In the window that opens, on the Exact methods tab, in the Consider message as spam section, check the If 

it contains phishing elements box. 

49


PROTECTION AGAINST DATA INTERCEPTION AT THE KEYBOARD 

When working on the Internet, you frequently need to enter your personal data or your username and password. This 

happens, for example, during account registration on web sites, web shopping or Internet banking. 

There is a risk that this personal information can be intercepted using hardware keyboard interceptors or keyloggers, 

which are programs that register keystrokes. 

The Virtual Keyboard tool prevents the interception of data entered via the keyboard. 

The Virtual Keyboard cannot protect your personal data if the website requiring the entry of such data has been hacked, 

because in this case the information is obtained directly by the intruders. 

Many of the applications classified as spyware have the function of making screenshots which are then transmitted to an 

intruder for further analysis and extraction of the user's personal data. The Virtual Keyboard prevents the personal data 

being entered, from being intercepted through the use of screenshots. 

The Virtual Keyboard only prevents the interception of personal data when working with Microsoft Internet Explorer, 

Mozilla Firefox and Google Chrome browsers. 

The Virtual Keyboard has the following features: 

You can click the Virtual Keyboard buttons using the mouse. 

Unlike with real keyboards, there is no way to click several keys simultaneously on a Virtual Keyboard. 

Therefore, to use combinations of keys (e.g., ALT+F4), you have to click the first key (e.g., ALT), then the next 

key (e.g., F4), and then click the first key again. The second click of the key acts in the same way as the key 

release on a real keyboard. 

Input language for the Virtual Keyboard is toggled using the key combination CTRL+SHIFT (the SHIFT key 

should be clicked using the right mouse button) or CTRL+LEFT ALT (the LEFT ALT key should be clicked 

using the right mouse button), depending upon the specified settings. 

You can open the Virtual Keyboard in the following ways: 

from the context menu of the application icon; 

from the main application window; 

from the Microsoft Internet Explorer, Mozilla Firefox or Google Chrome browser windows; 

using keyboard shortcuts. 

To open the Virtual Keyboard from the context menu of the application icon, 

select Tools 

Virtual Keyboard from the context menu of the application icon. 

To open the Virtual Keyboard from the main application window, 

in the lower part of the main application window select Virtual Keyboard. 

To open the Virtual Keyboard from the browser window, 

click the 

Chrome. 

Virtual Keyboard button in the toolbar of Microsoft Internet Explorer, Mozilla Firefox, or Google 

To open the Virtual Keyboard using the computer keyboard, 

press the CTRL+ALT+SHIFT+P shortcut. 

50


PROTECTION OF CONFIDENTIAL DATA ENTERED ON WEBSITES 

To protect confidential data entered on websites (for example, bank card numbers, passwords to access online banking 

services), Kaspersky Internet Security prompts you to open such websites in Safe Run for Websites. 

You can enable access control for online banking services (see section "Controlling access to online banking services" 

on page 94) to determine banking websites automatically and also start Safe Run for Websites manually. 

Safe Run for Websites can be started in the following ways: 

from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" 

on page 33); 

using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141). 

To start Safe Run for Websites from the main Kaspersky Internet Security window: 


2. In the bottom part of the window, select the Safe Run for Websites section. 

3. In the window that opens, click the Start Safe Run for Websites button. 

WHAT TO DO IF YOU SUSPECT AN OBJECT IS INFECTED 

WITH A VIRUS 

If you suspect an object is infected, scan it using Kaspersky Internet Security (see section "How to scan a file, folder, 

disk, or another object for viruses" on page 46). 

If the application scans an object and then considers it as not infected although you suspect the contrary, you can 

perform any of the following actions: 

Move the object to Quarantine. Objects moved to Quarantine do not pose any threat to your computer. After the 

databases are updated, Kaspersky Internet Security may be able to clearly identify and remove the threat. 

Send the object to the Virus Lab. Virus Lab specialists scan the object. If it turns out to be infected with a virus, 

they add the description of the new virus into the databases that will be downloaded by the application with an 

update (see section "How to update application databases and modules" on page 45). 

You can move a file to Quarantine using one of two methods: 

by clicking the Move to Quarantine button in the Quarantine window; 

using the context menu for the file. 

To move a file to Quarantine from the Quarantine window: 


2. In the lower part of the window, select the Quarantine section. 

3. On the Quarantine tab click the Move to Quarantine button. 

4. In the window that opens, select the file that you want to move to Quarantine. 

51


To move a file to Quarantine using the context menu: 

1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to 

Quarantine. 

2. Right-click to open the context menu of the file and select Move to Quarantine. 

To send a file to the Virus Lab: 

1. Go to the Virus Lab request page (http://support.kaspersky.com/virlab/helpdesk.html). 

2. Follow the instructions on this page to send your request. 

HOW TO RUN AN UNKNOWN APPLICATION 

WITHOUT DOING ANY HARM TO THE SYSTEM 

When the safety of any application raises doubts, it can be executed in Safe Run. 

Safe Run is isolated from the main operating system of the computer. In Safe Run, real operating system files do not 

undergo changes. Thus, if you launch an infected application in Safe Run, its actions will not affect the operating system 

of the computer. 

You can start Safe Run as a separate desktop (see page 138) or run an application in Safe Run on the main desktop. 

Applications started in Safe Run are marked with a green frame around the application window and have a safe run 

indicator in the list of applications monitored by Application Control (see section "Application Control" on page 101). 

After the application is closed, all changes made by this application will be discarded automatically. 

To run an application in the safe environment from the Microsoft Windows context menu, 

right-click to open the context menu for the selected object (application shortcut or executable file) and select Safe 

Run. 

WHAT TO DO WITH A LARGE NUMBER OF SPAM MESSAGES 

If you receive large amounts of unwanted messages (spam), enable the Anti-Spam component and set the 

recommended security level for it. 

To enable Anti-Spam and set the recommended security level: 



3. In the right part of the window, check the Enable Anti-Spam box. 

4. Make sure that the Recommended security level is set in the Security level section. 

If the security level is set to Low or Custom, click the Default level button. The security level will automatically 

be set to Recommended. 

52


WHAT TO DO IF YOU SUSPECT YOUR COMPUTER IS 

INFECTED 

If you suspect your operating system of being corrupted due to malware activity or system failures, use Microsoft 

Windows Troubleshooting, which removes any traces of malicious objects from the system. Kaspersky Lab recommends 

that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by 

infections have been fixed. 

Microsoft Windows Troubleshooting checks the system for modifications and faults (such as modifications of file 

extensions, blockage of the network environment and control panel). Modifications and faults may be caused by malware 

activity, an improper system configuration, system failures, or incorrect operation of system optimization applications. 

After the review is complete, the Wizard analyzes the information to evaluate whether there is system damage which 

requires immediate attention. Based on the review, a list of actions necessary to eliminate the problems is generated. 

The Wizard groups these actions by category based on the severity of the problems detected. 

To start the System Restore Wizard: 

1. Open the main application window (see page 33). 

2. In the lower part of the window, select the Tools section. 

3. In the window that opens, in the Microsoft Windows Troubleshooting section, click the Start button. 

The Microsoft Windows Troubleshooting window opens. 




Step 1. Starting system restoration 

Make sure that the Wizard option to Search for problems caused by malware activity is selected and click 

the Next button. 

Step 2. Problems search 

The Wizard will search for problems and damage which should be fixed. Once the search is complete, the 

Wizard will proceed automatically to the next step. 

Step 3. Selecting troubleshooting actions 

All damage found during the previous step is grouped on the basis of the type of danger it poses. For each 

damage group, Kaspersky Lab recommends a sequence of actions to repair the damage. There are three 

groups of actions: 

Strongly recommended actions eliminate problems posing a serious security threat. You are advised to 

perform all actions in this group. 

Recommended actions eliminate problems presenting a potential threat. You are also advised to perform all 

actions in this group. 

Additional actions repair system damage which does not pose a current threat, but may pose a danger to 

the computer's security in the future. 

To view the actions within a group, click the + icon to the left of the group name. 

53


To make the Wizard perform a certain action, check the box to the left of the corresponding action description. 

By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to 

perform a certain action, uncheck the box next to it. 

It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your 

computer vulnerable to threats. 

Having defined the set of actions which the Wizard will perform, click the Next button. 

Step 4. Eliminating problems 

The Wizard will perform the actions selected during the previous step. The elimination of problems may take 

some time. Once the troubleshooting is complete, the Wizard will automatically proceed to the next step. 



HOW TO RESTORE A FILE THAT HAS BEEN DELETED 

OR DISINFECTED BY THE APPLICATION 

Kaspersky Lab recommends that you avoid restoring deleted and disinfected files, as they may pose a threat to your 

computer. 

If you want to restore a deleted or disinfected file, you can use a backup copy of it which was created by the application 

during the scan. 

To restore a file that has been deleted or disinfected by the application: 



3. On the Storage tab, select the required file from the list and click the Restore button. 

HOW TO CREATE AND USE A RESCUE DISK 

After you install Kaspersky Internet Security and perform the first scan of your computer, it is recommended that you 

create the Rescue Disk. 

The Rescue Disk is an application named Kaspersky Rescue Disk and recorded on a removable medium (CD or USB 

flash drive). 

You will then be able to use Kaspersky Rescue Disk for scanning and disinfecting infected computers that cannot be 

disinfected using other methods (e.g., with anti-virus applications). 


Creating a Rescue Disk................................................................................................................................................... 55 

Starting the computer from the Rescue Disk ................................................................................................................... 57 

54


CREATING A RESCUE DISK 

Creating a Rescue Disk consists in creating a disk image (ISO file) with the up-to-date version of Kaspersky Rescue 

Disk, and writing it on a removable medium. 

You can download the original disk image from the Kaspersky Lab server or copy it from a local source. 

The Rescue Disk is created using the Kaspersky Rescue Disk Creation Wizard. The rescuecd.iso file created by the 

Wizard is saved on your computer's hard drive: 

in Microsoft Windows XP – in the following folder: Documents and Settings\All Users\Application 

Data\Kaspersky Lab\AVP12\Data\Rdisk\; 

in Microsoft Windows Vista and Microsoft Windows 7 operating systems – in the following folder: 

ProgramData\Kaspersky Lab\AVP12\Data\Rdisk\. 

To create a Rescue Disk: 



3. In the window that opens, in the Kaspersky Rescue Disk section, click the Create button. 

The Kaspersky Rescue Disk Creation Wizard window opens. 




Let us review the steps of the Wizard in more detail. 

Step 1. Starting the Wizard. Searching for an existing disk image 

The first window of the Wizard contains information about Kaspersky Rescue Disk. 

If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder (see above), the Use existing ISO 

image box will be displayed in the first window of the Wizard. Check the box to use the detected file as the 

original ISO image and go directly to the Updating disk image step (see below). Uncheck this box if you do not 

want to use the disk image that was detected. The Wizard will proceed to the Select disk image source 

window. 

Step 2. Selecting a disk image source 

If you have checked the Use existing ISO image box in the first Wizard window, then this step will be skipped. 

At this step, you should select a disk image source from the options suggested: 

If you already have a recorded copy of the Rescue Disk or an ISO image saved on your computer or on a 

local network resource, select Copy ISO image from local or network drive. 

If you have no ISO image file created for the Rescue Disk, and you want to download one from the 

Kaspersky Lab server (file size is about 175 MB), select Download ISO image from Kaspersky Lab 

server. 

55


Step 3. Copying (downloading) the disk image 

If you have checked the Use existing ISO image box in the first Wizard window, then this step will be skipped. 

If you have selected Copy ISO image from local or network drive at the previous step, click the Browse 

button. After you have specified the path to the file, click the Next button. The progress of copying the disk 

image is displayed in the Wizard window. 

If you have selected Download ISO image from Kaspersky Lab server at the previous step, the progress of 

downloading the disk image is displayed immediately. 

When copying or downloading of the ISO image is complete, the Wizard automatically proceeds to the next 

step. 

Step 4. Updating the ISO image file 

The updating procedure for the ISO image file comprises the following operations: 

updating anti-virus databases; 

updating configuration files. 

Configuration files determine whether the computer can be booted from a removable medium (such as a 

CD / DVD or a USB flash drive with Kaspersky Rescue Disk) created by the Wizard. 

When updating anti-virus databases, those distributed at the last update of Kaspersky Internet Security are 

used. If databases are out of date, it is recommended that you run the update task and launch the Kaspersky 

Rescue Disk Creation Wizard again. 

To begin updating the ISO file, click the Next button. The update's progress will be displayed in the Wizard 

window. 

Step 5. Recording the disk image on a medium 

At this step, the Wizard informs you of a successful creation of a disk image and offers you to record it on a 

medium. 

Specify a data medium for recording Kaspersky Rescue Disk: 

To record the disk image on a CD / DVD, select Record to CD / DVD and specify a medium, on which you 

want to record the disk image. 

To record the disk image on a USB flash drive, select Record to USB flash drive and specify a device, on 

which you want to record the disk image. 

Kaspersky Lab recommends that you do not record the ISO image on devices which are not designed 

specifically for data storage, such as smartphones, cellphones, PDAs, and MP3 players. Recording ISO 

images on these devices may lead to their functioning incorrectly in the future. 

To record the disk image on the hard drive of your computer or on the hard drive of another one that you 

can access via a network, select Save the disk image to file on local or network drive and specify a 

folder, in which you want to record the disk image, and the name of the ISO file. 

56



To close the Wizard once it has completed its task, click the Finish button. You can use the newly created 

Rescue Disk to boot the computer (see page 57) if you cannot boot it and run Kaspersky Internet Security in 

normal mode due to an impact caused by viruses or malware. 

STARTING THE COMPUTER FROM THE RESCUE DISK 

If the operating system cannot be booted as a result of a virus attack, use the Rescue Disk. 

To boot the operating system, you should use a CD / DVD or a USB flash drive with Kaspersky Rescue Disk copied on it 

(see section "Creating a Rescue Disk" on page 55). 

Booting a computer from a removable media is not always possible. In particular, this mode is not supported by some 

obsolete computer models. Before shutting down your computer for subsequent booting from a removable media, make 

sure that this operation can be performed. 

To boot your computer from the Rescue Disk: 

1. In the BIOS settings, enable booting from a CD / DVD or a USB device (for detailed information, please refer to 

the documentation for your computer's motherboard). 

2. Insert a CD / DVD into the CD / DVD drive of an infected computer or connect a USB flash device with 

Kaspersky Rescue Disk copied on it. 

3. Restart your computer. 

For detailed information about the use of the Rescue Disk, please refer to the Kaspersky Rescue Disk User Guide. 

HOW TO VIEW THE REPORT ON THE APPLICATION'S 

OPERATION 

Kaspersky Internet Security creates operation reports for each component. Using a report, you can obtain statistical 

information about the application's operation (for example, learn how many malicious objects have been detected and 

neutralized for a specified time period, how many times the application has been updated for the same period, how many 

spam messages have been detected and much more). 

When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can open reports 

using the Kaspersky Gadget. To do this, the Kaspersky Gadget should be configured so that the option of opening the 

reports window is assigned to one of its buttons (see section "How to use the Kaspersky Gadget" on page 59). 

To view the application operation report: 

1. Open the Reports window using any of the following methods: 

click the Reports link in the top part of the main application window; 

click the button with the Reports icon in the Kaspersky Gadget interface (only for Microsoft Windows 

Vista and Microsoft Windows 7 operating systems). 

The Reports window displays reports on the application's operation represented as diagrams. 

2. If you want to view a detailed application operation report (for example, a report on the operation of each 

component), click the Detailed report button in the bottom part of the Report window. 

The Detailed report window will open, where data are represented in a table. For convenient viewing of reports, 

you can select various entry sorting options. 

57


HOW TO RESTORE DEFAULT APPLICATION SETTINGS 

You can restore the default application settings recommended by Kaspersky Lab for Kaspersky Internet Security, at any 

time. The settings can be restored using the Application Configuration Wizard. 

When the Wizard completes its operation, the Recommended security level is set for all protection components. When 

restoring the recommended security level, you can save the previously specified values for some of the settings of 

application components. 

To restore the default settings of the application: 


2. Run the Application Configuration Wizard using one of the following methods: 

click the Restore link in the bottom part of the window; 

in the left part of the window, select the Manage Settings subsection in the Advanced Settings section 

and click the Restore button in the Restore default settings section. 


Step 1. Starting the Wizard 

Click the Next button to proceed with the Wizard. 

Step 2. Restore settings 

This Wizard window shows which Kaspersky Internet Security protection components have settings that differ 

from the default value because they were either changed by the user or accumulated by Kaspersky Internet 

Security through training (Firewall or Anti-Spam). If special settings have been created for any of the 

components, they will also be shown in this window. 

Special settings include lists of allowed and blocked phrases and addresses used by Anti-Spam, lists of trusted 

web addresses and ISP phone numbers, protection exclusion rules created for application components, and 

filtering rules applied by Firewall to packets and applications. 

The special settings are created when working with Kaspersky Internet Security with regard for individual tasks 

and security requirements. Kaspersky Lab recommends that you save your special settings when restoring the 

default application settings. 

Check the boxes for the settings that you want to save and click the Next button. 

Step 3. System analysis 

At this stage, information about Microsoft Windows applications is collected. These applications are added to 

the list of trusted applications which have no restrictions imposed on the actions they perform in the system. 

Once the analysis is complete, the Wizard will automatically proceed to the next step. 

Step 4. Finishing restoration 

To close the Wizard once it has completed its task, click the Finish button. 

58


HOW TO TRANSFER SETTINGS TO KASPERSKY INTERNET 

SECURITY INSTALLED ON ANOTHER COMPUTER 

Once you have configured the product, you can apply its settings to Kaspersky Internet Security installed on another 

computer. Consequently, the application will be configured identically on both computers. This is a helpful feature when, 

for example, Kaspersky Internet Security is installed on your home computer and in your office. 

The application settings are stored in a special configuration file that you can transfer to another computer. 

The settings of Kaspersky Internet Security can be transferred to another computer in three steps: 

1. Saving the application settings in a configuration file. 

2. Transferring a configuration file to another computer (for example, by email or on a removable medium). 

3. Applying settings from a configuration file to the application installed on another computer. 

To export the current settings of Kaspersky Internet Security: 


2. In the left part of the window, in the Advanced Settings section, select the Manage Settings subsection. 

3. Click the Save button in the right part of the window. 

4. In the window that opens, enter the name of the configuration file and the path where it should be saved. 

5. Click the OK button. 

To import the application's settings from a saved configuration file: 


2. In the left part of the window, in the Advanced Settings section, select the Manage Settings subsection. 

3. Click the Load button in the right part of the window. 

4. In the window that opens, select the file from which you wish to import the Kaspersky Internet Security settings. 


HOW TO USE THE KASPERSKY GADGET 

When using Kaspersky Internet Security on a computer running under Microsoft Windows Vista or Microsoft Windows 7, 

you can also use the Kaspersky Gadget (hereinafter the gadget). After you install Kaspersky Internet Security on a 

computer running under Microsoft Windows 7, the gadget appears on your desktop automatically. After you install the 

application on a computer running under Microsoft Windows Vista, you should add the gadget to the Microsoft Windows 

Sidebar manually (see the operating system documentation). 

The Gadget color indicator displays your computer's protection status in the same manner as the indicator in the main 

application window (see section "Diagnostics and elimination of problems in your computer protection" on page 39). 

Green indicates that your computer is duly protected, while yellow indicates that there are protection problems, and red 

indicates that your computer's security is at serious risk. Gray indicates that the application is stopped. 

While updating the application databases and software modules, a revolving globe-shaped icon is displayed in the center 

part of the gadget. 

59


You can use the gadget to perform the following actions: 

resume the application if it has been paused earlier; 

open the main application window; 

scan specified objects for viruses; 

open the news window. 

Also, you can configure the buttons of the gadget so that they could initiate additional actions: 

run an update; 

edit the application settings; 

view application reports; 

switch to Safe Run (for 32-bit operating systems only); 

view Parental Control reports; 

view information about network activity (Network Monitor) and applications' activity; 

pause the protection; 

open the Virtual Keyboard; 

open the Task Manager window. 

To start the application using the gadget, 

click the 

Enable icon located in the center of the gadget. 

To open the main application window using the gadget, 

click the monitor icon in the center area of the gadget. 

To scan an object for viruses using the gadget, 

drag the object to scan onto the gadget. 


To open the news window using the gadget, 

click the icon 

, which is displayed in the center of the gadget when news is released. 

To configure the gadget: 

1. Open the gadget settings window by clicking the icon that appears in the upper right corner of the gadget 

block if you position the cursor over it. 

2. In the dropdown lists corresponding to gadget buttons, select actions that should be performed when you click 

those buttons. 


60


HOW TO KNOW THE REPUTATION OF AN APPLICATION 

Kaspersky Internet Security allows you to learn the reputation of applications from users all over the world. Reputation of 

an application comprises the following criteria: 

name of the vendor; 

information about the digital signature (available if a digital signature exists); 

information about the group, in which the application has been included by Application Control or a majority of 

users of Kaspersky Security Network; 

number of users of Kaspersky Security Network that use the application (available if the application has been 

included in the Trusted group in Kaspersky Security Network database); 

time, at which the application has become known in Kaspersky Security Network; 

countries, in which the application is the most widespread. 

To verify the reputation of an application, you should agree to participate in Kaspersky Security Network (see page 175) 

when installing Kaspersky Internet Security. 

To know the reputation of an application, 

open the context menu of the executable file of the application and select Check reputation in KSN. 

SEE ALSO: 

Kaspersky Security Network ......................................................................................................................................... 174 

61

ADVANCED APPLICATION SETTINGS 

This section provides detailed information about how to configure each of the application components. 


General protection settings ............................................................................................................................................. 63 

Scan ................................................................................................................................................................................ 64 

Update............................................................................................................................................................................. 72 

File Anti-Virus .................................................................................................................................................................. 77 

Mail Anti-Virus ................................................................................................................................................................. 83 

Web Anti-Virus ................................................................................................................................................................ 88 

IM Anti-Virus .................................................................................................................................................................... 95 

Proactive Defense ........................................................................................................................................................... 97 

System Watcher .............................................................................................................................................................. 99 

Application Control ........................................................................................................................................................ 101 

Network protection ........................................................................................................................................................ 109 

Anti-Spam ..................................................................................................................................................................... 120 

Anti-Banner ................................................................................................................................................................... 135 

Safe Run for Applications and Safe Run for Websites .................................................................................................. 137 

Parental Control ............................................................................................................................................................ 143 

Trusted zone ................................................................................................................................................................. 154 

Performance and compatibility with other applications .................................................................................................. 155 

Kaspersky Internet Security self-defense ...................................................................................................................... 159 

Quarantine and Backup................................................................................................................................................. 160 

Additional tools for better protection of your computer .................................................................................................. 163 

Reports.......................................................................................................................................................................... 167 

Application appearance. Managing active interface elements ....................................................................................... 171 

Notifications ................................................................................................................................................................... 172 

Kaspersky Security Network ......................................................................................................................................... 174 

62

A D V A N C E D A P P L I C A T I O N S E T T I N G S 

GENERAL PROTECTION SETTINGS 

In the application settings window, in the General Settings subsection of the Protection Center section, you can: 

disable all protection components (see section "Enabling and disabling protection" on page 40); 

select the interactive or automatic protection mode (see section "Selecting a protection mode" on page 64); 

restrict users' access to the application by setting a password (see section "Restricting access to Kaspersky 

Internet Security" on page 63); 

disable or enable automatic launching of the application at operating system startup (see section "Enabling and 

disabling automatic launch" on page 38); 

enable a custom key combination for displaying the virtual keyboard on the screen (see section "Protection 

against data interception at the keyboard" on page 50). 


Restricting access to Kaspersky Internet Security .......................................................................................................... 63 

Selecting a protection mode ............................................................................................................................................ 64 

RESTRICTING ACCESS TO KASPERSKY INTERNET SECURITY 

A computer may be used by several users with various levels of computer literacy. Unrestricted user access to 

Kaspersky Internet Security and its settings may lead to a reduced level of computer protection. 

To restrict access to the application, you can set a password and specify which actions should require the password to 

be entered: 

changing application settings; 

enabling and configuring Parental Control; 

closing the application; 

removing the application. 

Be careful when using a password to restrict access to application removal. If you forget the password, the application 

will be difficult to remove from your computer. 

To restrict access to Kaspersky Internet Security with a password: 



3. In the right part of the window, in the Password protection section, check the Enable password protection 

box and click the Settings button. 

4. In the Password protection window that opens, enter the password and specify the area to be covered by the 

access restriction. 

63


SELECTING A PROTECTION MODE 

By default, Kaspersky Internet Security runs in automatic protection mode. In this mode the application automatically 

applies actions recommended by Kaspersky Lab in response to dangerous events. If you wish Kaspersky Internet 

Security to notify you of all hazardous and suspicious events in the system and to allow you to decide which of the 

actions offered by the application should be applied, you can enable the interactive protection mode. 

To select a protection mode: 



3. In the Interactive protection section, check or uncheck the boxes depending on your choice of protection 

mode: 

to enable the interactive protection mode, uncheck the Select action automatically box; 

to enable automatic protection mode, check the Select action automatically box. 

If you do not want Kaspersky Internet Security to delete suspicious objects when running in automatic 

mode, check the Do not delete suspicious objects box. 

SCAN 

Scanning the computer for vulnerabilities, viruses and other riskware is one of the most important tasks when ensuring 

the computer's security. 

It is necessary to regularly scan your computer for viruses and other riskware in order to rule out the possibility of 

spreading malicious programs that have not been detected by protection components, for example, due to a low security 

level set, or for other reasons. 

The vulnerability scan performs diagnostics of operating system safety and detects software features that could be used 

by intruders to spread malicious objects and obtain access to personal information. 

This section contains information about scan task features and configuration, security levels, scan methods, and scan 

technologies. 


Virus scan ....................................................................................................................................................................... 64 

Vulnerability Scan ........................................................................................................................................................... 72 

Managing scan tasks. Task Manager .............................................................................................................................. 72 

VIRUS SCAN 

To detect viruses and other riskware, Kaspersky Internet Security comprises the following tasks: 

Full Scan. Scan of the entire system. By default, Kaspersky Internet Security scans the following objects: 


objects loaded on operating system startup; 

64


system backup; 

email databases; 

removable storage media, hard and network drives. 

Critical Areas Scan. By default, Kaspersky Internet Security scans objects loaded at the startup of the 

operating system. 

Custom Scan. Kaspersky Internet Security scans objects selected by the user. You can scan any object from 

the list below: 


objects loaded on operating system startup; 

system backup; 

email databases; 

removable storage media, hard and network drives; 

any file or folder that you have selected. 

The Full Scan and the Critical Areas Scan tasks have their peculiarities. For these tasks, it is not recommended that you 

edit the lists of objects to scan. 

Each scan task is performed in a specified area and can be started according to a previously created schedule. Each 

scan task is also characterized by a security level (a combination of settings that impact the depth of the scan). By 

default, the signature mode (the one using records from application databases to search for threats) is always enabled. 

You can also apply various scan methods and technologies. 

After the full scan task or the critical areas scan task is started, the scan run progress is displayed in the Scan window, in 

the section with the name of the task running, and in the Task Manager (see section "Managing scan tasks. Task 

Manager" on page 72). 

If a threat is detected, Kaspersky Internet Security assigns one of the following statuses to the found object: 

Malicious program (such as a virus or Trojan). 

Potentially infected (suspicious) status if the scan cannot determine whether the object is infected or not. The 

file may contain a sequence of code characteristic of viruses, or modified code from a known virus. 

The application displays a notification (see page 172) about the detected threat and performs the prescribed action. You 

can change the actions to be taken when a threat is detected. 

If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects 

are detected, Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists. 

For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects – Move to Quarantine. 

If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on 

page 64), the application displays a notification on the screen that you can use to select the required action the list of 

available ones. 

Before attempting to disinfect or delete an infected object, Kaspersky Internet Security creates a backup copy for 

subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable 

automatic scanning of quarantined objects after each update. 

Information on the scan results and events which have occurred during the execution of the task is logged in a 

Kaspersky Internet Security report (see page 167). 

65



Changing and restoring the security level ....................................................................................................................... 66 

Creating the scan startup schedule ................................................................................................................................. 67 

Creating a list of objects to scan ..................................................................................................................................... 67 

Selecting a scan method ................................................................................................................................................. 68 

Selecting scan technology ............................................................................................................................................... 68 

Changing the actions to be performed when a threat is detected ................................................................................... 69 

Running a scan under a different user account ............................................................................................................... 69 

Changing the type of objects to scan .............................................................................................................................. 69 

Scanning of compound files ............................................................................................................................................ 70 

Scan optimization ............................................................................................................................................................ 70 

Scanning removable drives on connection ...................................................................................................................... 71 

Creating a task shortcut .................................................................................................................................................. 71 

CHANGING AND RESTORING THE SECURITY LEVEL 

Depending on your current needs, you can select one of the preset security levels or modify the scan settings manually. 

When configuring scan task settings, you can always restore the recommended ones. These settings are considered 

optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. 

To change the established security level: 


2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or 

Custom Scan). 

3. In the Security level section, set the desired security level for the task selected, or click the Settings button to 

modify scan settings manually. 

If you modify the settings manually, the name of the security level will change to Custom. 

To restore the default scan settings: 



Custom Scan). 

3. In the Security level section, click the Default level button for the task selected. 

66

A D V A N C E D A P P L I C A T I O N S E T T I NGS 

CREATING THE SCAN STARTUP SCHEDULE 

You can create a schedule to automatically start virus scan tasks: specify task run frequency, start time (if necessary), 

and advanced settings. 

If it is not possible to start the task for any reason (for example, the computer was not on at that time), you can configure 

the skipped task to start automatically as soon as it becomes possible. You can automatically pause the scan when a 

screensaver is inactive or the computer is unlocked. This functionality postpones launching the task until the user has 

finished working on the computer. The scan will then not take up system resources during work. 

The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start 

automatic updates when your computer is idle. 

To modify the schedule for scan tasks: 



Vulnerability Scan). 

3. Click the Run mode button in the right part of the window. 

4. In the window that opens, on the Run mode tab, in the Schedule section, select By schedule and configure 

the scan run mode by specifying required values for the Frequency setting. 

To enable automatic launching of a skipped task: 


2. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan or 



4. In the window that opens, on the Run mode tab in the Schedule section, select By schedule and check the 

Run skipped tasks box. 

To launch scans only when the computer is not being used: 





4. In the window that opens, on the Run mode tab, in the Schedule section, select By schedule and check the 

Run scheduled scan when screensaver is active or computer is locked box. 

CREATING A LIST OF OBJECTS TO SCAN 

Each virus scan task has its own default list of objects. These objects may include items in the computer's file system, 

such as logical drives and email databases, or other types of objects, such as network drives. You can edit this list. 

If the scan scope is empty, or it contains no selected objects, a scan task cannot be started. 

67


To create a list of objects for a custom scan task: 


2. In the bottom part of the window, select the Scan section. 

3. In the bottom part of the window that opens, click the specify link to open a list of objects to be scanned. 

4. In the Custom Scan window that opens, click the Add button. 

5. In the Select object to scan window that opens, select the desired object and click the Add button. Click the 

OK button after you have added all the objects you need. To exclude any objects from the list of objects to be 

scanned, uncheck the boxes next to them. 

You can also drag files to be scanned directly into a marked area located in the Scan section. 

To create a list of objects for Full Scan, Critical Areas Scan or Vulnerability Scan tasks: 


2. In the left part of the window, in the Scan section, select the desired scan task (Full Scan, Critical Areas Scan, 

or Vulnerability Scan). 

3. In the right part of the window, click the Scan scope button. 

4. In the Scan scope window that opens, use the Add, Edit, and Delete buttons to create a list. To exclude any 

objects from the list of objects to be scanned, uncheck the boxes next to them. 

Objects which appear in the list by default cannot be edited or deleted. 

SELECTING A SCAN METHOD 

During a virus scan, signature analysis is always used: Kaspersky Internet Security compares the object found with the 

database records. 

You can use additional scan methods to increase scan efficiency: heuristic analysis (analysis of the actions an object 

performs within the system) and rootkit scan (a scan for tools that can hide malicious programs in your operating 

system). 

To select which scan method to use: 



Custom Scan). 

3. In the Security level section, click the Settings button for the task selected. 

4. In the window that opens, on the Additional tab in the Scan methods section, select the desired scan 

methods. 

SELECTING SCAN TECHNOLOGY 

In addition to the scan methods you can use special object scan technologies which allow you to increase virus scan 

speed by excluding the files that have not been modified since they were last scanned. 

68


To specify the object scan technologies: 



Custom Scan). 


4. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values. 

CHANGING THE ACTIONS TO BE PERFORMED WHEN A THREAT IS DETECTED 

If infected objects are detected, the application performs the selected action. 

To change the action that should be performed when a threat is detected: 



Custom Scan). 

3. In the right part of the window, select the desired option in the Action on threat detection section. 

RUNNING A SCAN UNDER A DIFFERENT USER ACCOUNT 

By default, the scan tasks are run under your system account. However, you may need to run a task under a different 

user account. You can specify an account to be used by the application when performing a scan task. 

To start a scan under a different user's account: 





4. In the window that opens, on the Run mode tab in the User account section, check the Run task as box. 

Specify the user name and password. 

CHANGING THE TYPE OF OBJECTS TO SCAN 

When specifying the type of objects to scan, you establish which file formats will be scanned for viruses when the 

selected scan task runs. 

When selecting file types, please remember the following: 

The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation is 

quite low. However, there are formats that contain or may contain an executable code (such as EXE, DLL, 

DOC). The risk of penetration and activation of malicious code in such files is quite high. 

An intruder can send a virus to your computer in an executable file renamed as a TXT file. If you have selected 

scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then, 

regardless of the extension, File Anti-Virus will analyze the file header and reveal that the file is an EXE file. 

Such a file would be thoroughly scanned for viruses. 

69


To change the type of objects to be scanned: 



Custom Scan). 


4. In the window that opens, on the Scope tab in the File types section, select the desired option. 

SCANNING OF COMPOUND FILES 

A common method of concealing viruses is to embed them into compound files: archives, installation packages, 

embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be 

unpacked, which can significantly decrease scanning speed. 

For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click 

the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed 

files only mode (see page 70), the links for choosing whether to scan all or only new files will not be available. 

You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will 

not be scanned. 

When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box 

is checked. 

To modify the list of compound files to be scanned: 



Custom Scan). 


4. In the window that opens, on the Scope tab in the Scan of compound files section, select the desired types of 

compound files to be scanned. 

To set the maximum size of compound files to be scanned: 



Custom Scan). 


4. In the window that opens, on the Scope tab in the Scan of compound files section, click the Additional 

button. 

5. In the Compound files window that opens, check the Do not unpack large compound files box and specify 

the maximum file size. 

SCAN OPTIMIZATION 

You can shorten the scan time and speed up Kaspersky Internet Security. This can be achieved by scanning only new 

files and those files that have altered since the last time they were scanned. This mode applies both to simple and 

compound files. 

70


You can also set a restriction on scan duration for any one object. When the specified time interval expires, the object will 

be excluded from the current scan (except for archives and files comprised of several objects). 

To scan only new and changed files: 



Custom Scan). 


4. In the window that opens, on the Scope tab in the Scan optimization section, check the Scan only new and 

changed files box. 

To set a restriction on scan duration: 



Custom Scan). 


4. In the window that opens, on the Scope tab in the Scan optimization section, check the Skip objects 

scanned longer than box and specify the scan duration for a single file. 

SCANNING REMOVABLE DRIVES ON CONNECTION 

Nowadays, malicious objects which use operating systems' vulnerabilities to replicate via networks and removable media 

have become increasingly widespread. Kaspersky Internet Security allows you to scan removable drives when 

connecting them to the computer. 

To configure scanning of removable media on connection: 


2. In the left part of the window, in the Scan section, select General Settings. 

3. In the Scan removable drives on connection section, select the action and define the maximum size of a 

drive to be scanned in the field below, if necessary. 

CREATING A TASK SHORTCUT 

The application provides the option of creating shortcuts for the full, quick, and vulnerability scan tasks. This allows you 

to start the required scan without opening the main application window or a context menu. 

To create a shortcut to start a scan: 


2. In the left part of the window, in the Scan section, select General Settings. 

3. In the right part of the window, in the Scan tasks quick run section, click the Create shortcut button next to 

the name of the desired task (Critical Areas Scan, Full Scan, or Vulnerability Scan). 

4. Specify the path for saving the shortcut and its name in the window that opens. By default, the shortcut is 

created with the name of the task in the My Computer folder of the current computer user. 

71


VULNERABILITY SCAN 

Vulnerabilities may appear in the operating system, for example, due to programming errors, insecure passwords, or 

actions of malicious programs. When performing the vulnerability scan, the application refers to various security 

procedures, for example, examining the system, analyzing the settings of the operating system and the browser, and 

searching for vulnerable services. 

The diagnostics may take some time. When it is complete, detected problems are analyzed from the standpoint of the 

danger they pose to the system. 

After the vulnerability scan task is started (see page 48), its run progress is displayed in the Scan window (in the 

Vulnerability Scan section) and in the Task Manager (see section "Managing scan tasks. Task Manager" on page 72). 

Information about results of the vulnerability scan task run is recorded in a report of Kaspersky Internet Security (see 

page 167). 

As with virus scan tasks, you can set a startup schedule for a vulnerability scan task, create a list of objects to scan (see 

page 67), specify an account (see section "Running a scan under a different user account" on page 69) and create a 

shortcut for quick start of the task. By default, the applications already installed on the computer are selected as scan 

objects. 

MANAGING SCAN TASKS. TASK MANAGER 

Task Manager displays information about last scan tasks that have been run or that are currently running (for example, 

virus scan, vulnerability scan, rootkit scan, or advanced disinfection). 

You can use Task Manager to view the progress and the result of a task run, or stop a task. For some tasks, additional 

actions are also available (for example, on completion of vulnerability scan, you can open the list of detected 

vulnerabilities and fix them). 

To open Task Manager: 


2. In the bottom part of the window, select the Scan section. 

3. In the Scan window that opens, click the Manage Tasks button in the top right corner of the window. 

UPDATE 

Updating the databases and program modules of Kaspersky Internet Security ensures up-to-date protection for your 

computer. New viruses, Trojans, and other types of malware appear worldwide on a daily basis. Information about 

threats and ways of neutralizing them is provided by Kaspersky Internet Security databases. For timely detection of new 

threats, you should update databases and application modules on a regular basis. 

Regular updates require an active license for application usage. If no license is installed, you can perform an update only 

once. 

When performing an update, the application downloads and installs the following objects on your computer: 

Kaspersky Internet Security databases. 

Protection of information is ensured by databases containing threat signatures, descriptions of network attacks, 

and information about how to resist them. Protection components use this information to search for and disinfect 

dangerous objects on your computer. The databases are supplemented every hour with records of new threats 

and ways to fight them. Therefore, you are strongly advised to update databases on a regular basis. 

72


In addition to the Kaspersky Internet Security databases, the network drivers that enable the application's 

components to intercept network traffic are updated. 

Application modules. 

In addition to the Kaspersky Internet Security databases, you can also update the program modules. The 

updates for the application modules fix Kaspersky Internet Security's vulnerabilities and supplement or improve 

the existing functionality. 

During an update, the application modules and databases on your computer are compared with the up-to-date version at 

the update source. If your current databases and application modules differ from those in the current version of the 

application, the missing portion of the updates will be installed on your computer. 

If the databases are outdated, the update package may be large, which may cause additional Internet traffic (up to 

several dozen MB). 

Prior to updating the databases, Kaspersky Internet Security creates backup copies of them in case you want to return to 

the previous version of the databases (see section "Rolling back the last update" on page 76). 

Information about the current condition of Kaspersky Internet Security databases is displayed in the Update section of 

the main application window. 

Information on the update results and events which occurred during the execution of the update task is logged in a 

Kaspersky Internet Security report (see page 167). 

You can select an update source (see section "Selecting an update source" on page 73) and configure the automatic 

update startup. 


Selecting an update source ............................................................................................................................................. 73 

Creating the update startup schedule ............................................................................................................................. 75 

Rolling back the last update ............................................................................................................................................ 76 

Running updates under a different user account ............................................................................................................. 76 

Using a proxy server ....................................................................................................................................................... 76 

SELECTING AN UPDATE SOURCE 

An update source is a resource containing updates for databases and application modules of Kaspersky Internet 


The main update sources are the Kaspersky Lab update servers, where database updates and application module 

updates for all Kaspersky Lab products are stored. 

Your computer should be connected to the Internet for successful downloading of updates from our servers. By default, 

the Internet connection settings are determined automatically. If you use a proxy server, you may need to adjust the 

connection settings (see section "Configuring the proxy server" on page 118). 

When updating Kaspersky Internet Security, you can copy database and program module updates received from 

Kaspersky Lab servers into a local folder (see section "Updating the application from a shared folder" on page 74) and 

then provide access to other networked computers. This saves Internet traffic. 

73


If you do not have access to Kaspersky Lab's update servers (for example, Internet access is restricted), you can call the 

Kaspersky Lab headquarters (http://www.kaspersky.com/contacts) to request the contact information of Kaspersky Lab 

partners who can provide you with updates on removable media. 

When ordering updates on removable media, please specify whether you also require updates for the application 

modules. 

ADDING AN UPDATE SOURCE 

By default, the list of update sources contains only Kaspersky Lab's update servers. You can add a local folder or a 

different server as update source. If several resources are selected as update sources, Kaspersky Internet Security tries 

to connect to them one after another, starting from the top of the list, and retrieves updates from the first available 

source. 

To add an update source: 


2. In the left part of the window, in the Update section, select the Update Settings component. 

3. Click the Update source button in the right part of the window. 

4. In the window that opens, on the Source tab, open the selection window by clicking the Add button. 

5. In the Select update source window that opens, select the folder that contains the updates, or enter an 

address in the Source field to specify the server from which the updates should be downloaded. 

SELECTING THE UPDATE SERVER REGION 

If you use Kaspersky Lab servers as the update source, you can select the optimal server location when downloading 

updates. Kaspersky Lab servers are located in several countries. 

Using the closest Kaspersky Lab update server allows you to reduce the time required for receiving updates and 

increase operation performance speed. By default, the application uses information about the current region from the 

operating system's registry. You can select the region manually. 

To select the server region: 




4. In the window that opens, on the Source tab in the Regional settings section, select the Select from the list 

option, and then select the country nearest to your current location from the dropdown list. 

UPDATING THE APPLICATION FROM A SHARED FOLDER 

To save Internet traffic, you can configure updates of Kaspersky Internet Security from a shared folder when updating the 

application on networked computers. If you do this, one of the networked computers receives an update package from 

Kaspersky Lab servers or from another web resource that contains the required set of updates. The updates received 

are copied into a shared folder. Other networked computers access this folder to receive updates for Kaspersky Internet 


When logged on under a guest account in Microsoft Windows 7, updates are not copied into the shared folder. It is 

recommended that you log on under a different account in order to allow copying updates. 

74


To enable update distribution mode: 



3. Check the Copy updates to folder box in the Additional section and specify the path to a public folder where 

all downloaded updates will be copied in the field below. You can also select a folder by clicking the Browse 

button. 

To download updates for your computer from a specified shared folder: 




4. In the window that opens, on the Source tab, open the selection window by clicking the Add button. 

5. In the Select update source window that opens, select a folder or enter the full path to it in the Source field. 

6. On the Source tab uncheck the Kaspersky Lab update servers box. 

CREATING THE UPDATE STARTUP SCHEDULE 

You can create a schedule to automatically start an update task: specify the frequency, start time (if necessary), and 

advanced settings. 

If it is not possible to start the task for any reason (for example, the computer was not on at that time), you can configure 

the skipped task to start automatically as soon as it becomes possible. 

You can also postpone automatic startup of the task after the application is started. Note that all scheduled tasks will be 

run only after a specified time interval elapses from the startup of Kaspersky Internet Security. 

The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start 

automatic updates when your computer is idle. 

To configure the update task startup schedule: 




4. In the window that opens, on the Run mode tab in the Schedule section, select the By schedule option and 

configure the update run mode. 

To enable automatic launching of a skipped task: 




4. In the window that opens, on the Run mode tab in the Schedule section, select By schedule and check the 

Run skipped tasks box. 

75


To postpone running a task after application startup: 




4. In the window that opens, on the Run mode tab in the Schedule section, select the By schedule option and fill 

in the Postpone running after application startup for field to specify how long the task run should be 

postponed. 

ROLLING BACK THE LAST UPDATE 

After the first update of Kaspersky Internet Security, the option of rolling back to the previous databases becomes 

available. 

The update rollback feature is useful in case a new database version contains an invalid signature that makes Kaspersky 

Internet Security block a safe application. 

In the event of damage done to Kaspersky Internet Security databases, it is recommended that you run the update task 

to download the up-to-date set of databases. 

To roll back to the previous database version: 


2. Select the Update section in the lower part of the window. 

3. In the Update window that opens, click the button and select Roll back to the previous databases from 

the menu that opens. 

RUNNING UPDATES UNDER A DIFFERENT USER ACCOUNT 

By default, the update procedure is run under your system account. However, Kaspersky Internet Security can update 

from a source for which you have no access rights (for example, from a network folder containing updates) or authorized 

proxy user credentials. You can run Kaspersky Internet Security updates on behalf of a user account that has such 

rights. 

To start the update under a different user's account: 




4. In the window that opens, on the Run mode tab in the User account section, check the Run task as box. 

Specify the user name and password. 

76


USING A PROXY SERVER 

If you use a proxy server for Internet connection, you should reconfigure it to allow proper updating of Kaspersky Internet 


To configure the proxy server: 




4. In the window that opens, on the Source tab, click the Proxy server button. 

5. Configure the proxy server settings in the Proxy server settings window that opens. 

FILE ANTI-VIRUS 

File Anti-Virus prevents infection of the computer's file system. The component launches at the startup of the operating 

system, remains in the RAM of the computer, and scans all files opened, saved, or run on your computer and on all 

connected drives for viruses and other riskware. 

You can create a protection scope and set a security level (a collection of settings that determine the scan's 

thoroughness). 

When the user or a program attempts to access a protected file, File Anti-Virus checks whether iChecker and iSwift 

databases contain information about this file, and makes a decision on whether the file should be scanned. 

By default, the signature analysis – a mode that uses records from application databases to search for threats – is 

always enabled. You can also enable heuristic analysis and various scan technologies. 

If a threat is detected in a file, Kaspersky Internet Security assigns one of the following statuses to the file: 

Status designating the type of the malicious program detected (for example, virus, Trojan). 

Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. The file 

may contain a code sequence typical of viruses and other malware, or the modified code of a known virus. 

After that, the application displays a notification (see page 172) of the detected threat on the screen and performs the 

action specified in the File Anti-Virus settings. You can change the action (see page 81) that the application should 

perform if a threat is detected. 










77



Enabling and disabling File Anti-Virus ............................................................................................................................. 78 

Automatically pausing File Anti-Virus .............................................................................................................................. 78 

Creating the protection scope of File Anti-Virus .............................................................................................................. 79 

Changing and restoring the file security level .................................................................................................................. 80 

Selecting file scan mode ................................................................................................................................................. 80 

Using heuristic analysis when working with File Anti-Virus ............................................................................................. 81 

Selecting file scan technology ......................................................................................................................................... 81 

Changing the action to take on infected files ................................................................................................................... 81 

Scan of compound files by File Anti-Virus ....................................................................................................................... 82 

Optimizing file scan ......................................................................................................................................................... 83 

ENABLING AND DISABLING FILE ANTI-VIRUS 

By default, File Anti-Virus is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable 

File Anti-Virus if necessary. 

To disable File Anti-Virus: 


2. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. 

3. In the right part of the window, uncheck the Enable File Anti-Virus box. 

AUTOMATICALLY PAUSING FILE ANTI-VIRUS 

When doing resource-intensive work, you can pause File Anti-Virus. To reduce workload and ensure quick access to 

objects, you can configure automatic pausing of the component at a specified time or when handling specified programs. 

Pausing File Anti-Virus in case of a conflict with some applications is an emergency measure. If any conflicts arise when 

working with the component, please contact Kaspersky Lab Technical Support Service (http://support.kaspersky.com). 

The support specialists will help you resolve the simultaneous operation of Kaspersky Internet Security with other 

applications on your computer. 

To pause the component at a specified time: 



3. In the Security level section in the right part of the window click the Settings button. 

78


4. In the window that opens, on the Additional tab in the Pause task section, check the By schedule box and 

click the Schedule button. 

5. In the Pause task window, specify the time (in 24-hour hh:mm format) for which protection will be paused (the 

Pause task at and Resume task at fields). 

To pause the component when running specified applications: 




4. In the window that opens, on the Additional tab in the Pause task section, check the At application startup 

box and click the Select button. 

5. In the Applications window, create a list of applications which pause the component when running. 

CREATING THE PROTECTION SCOPE OF FILE ANTI-VIRUS 

The protection scope implies the location and type of files being scanned. By default, Kaspersky Internet Security scans 

only potentially infectable files stored on any hard drive, network drive or removable media. 

To create the protection scope: 




4. In the window that opens, on the General tab, in the File types section, specify the type of files that you want to 

be scanned by File Anti-Virus: 

If you want to scan all files, select All files. 

If you want to scan files of formats that are the most vulnerable to infection, select Files scanned by 

format. 

If you want to scan files with extensions that are the most vulnerable to infection, select Files scanned by 

extension. 

When selecting type of files to be scanned, you should note that: 

The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation 

is quite low. However, there are formats that contain or may contain an executable code (such as EXE, 

DLL, DOC). The risk of penetration and activation of malicious code in such files is quite high. 

A hacker may send a virus or other riskware to your computer within an executable file renamed as one 

with the TXT extension. If you have selected scanning files by extension, such a file is skipped by the scan. 

If scanning of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the 

file header and reveal that the file is an EXE file. Such file is thoroughly scanned for viruses and other 

riskware. 

5. In the Protection scope list, perform one of the following actions: 

If you want to add a new object to the list of objects to be scanned, click the Add link. 

If you want to change an object's location, select one from the list and click the Edit link. 

79


The Select object to scan window opens. 

If you want to delete an object from the list of objects to be scanned, select one from the list and click the 

Delete link. 

The deletion confirmation window opens. 

6. Perform one of the following actions: 

If you want to add a new object to the list of objects to be scanned, select one in the Select object to scan 

window and click the OK button. 

If you want to change an object's location, edit the path to one in the Object field in the Select object to 

scan window and click the OK button. 

If you want to delete an object from the list of objects to be scanned, click the Yes button in the deletion 

confirmation window. 

7. If necessary, repeat steps 6 – 7 to add, relocate, or delete objects from the list of objects to be scanned. 

8. To exclude an object from the list of objects to be scanned, uncheck the box next to one in the Protection 

scope list. However, the object remains on the list of objects to be scanned, though it is excluded from the scan 

by File Anti-Virus. 

CHANGING AND RESTORING THE FILE SECURITY LEVEL 

Depending on your current needs, you can select one of the preset file/memory security levels or configure File Anti- 

Virus on your own. 

When configuring File Anti-Virus, you can always restore the recommended values. These settings are considered 


To change the file security level: 



3. In the right part of the window, in the Security level section, set the desired security level, or click the Settings 

button to modify the settings manually. 


To restore the default file security level: 



3. Click the Default level button in the Security level section in the right part of the window. 

SELECTING FILE SCAN MODE 

A scan mode means a condition, under which File Anti-Virus starts scanning files. By default, Kaspersky Internet Security 

runs in smart mode. When running in this file scan mode, File Anti-Virus makes decisions on file scan based on the 

analysis of actions that the user takes on files, and on the type of those files. For example, when working with a Microsoft 

Office document, Kaspersky Internet Security scans the file when it is first opened and last closed. Intermediate 

operations that overwrite the file do not cause it to be scanned. 

80


To change the files scan mode: 




4. In the window that opens, on the Additional tab in the Scan mode section, select the desired mode. 

When selecting scan mode, you should take account of the types of files, with which you have to work with the 

majority of time. 

USING HEURISTIC ANALYSIS WHEN WORKING WITH FILE ANTI-VIRUS 

During File Anti-Virus operation, signature analysis is always used: Kaspersky Internet Security compares the object 

found with the database records. 

To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the 

system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases. 

To enable heuristic analysis: 




4. In the window that opens, on the Performance tab in the Scan methods section, check the Heuristic Analysis 

box and specify the detail level for the scan. 

SELECTING FILE SCAN TECHNOLOGY 

In addition to the heuristic analysis, you can involve specific technologies that allow optimizing the file scan performance 

due to excluding files from scan if they have not been modified since the last scan. 

To specify the object scan technologies: 




4. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values. 

CHANGING THE ACTION TO TAKE ON INFECTED FILES 


To change the action that should be taken on infected objects: 




81


SCAN OF COMPOUND FILES BY FILE ANTI-VIRUS 




For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click 

the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed 

files only mode, the links for choosing whether to scan all or only new files will not be available. 

By default, Kaspersky Internet Security scans only embedded OLE objects. 

When large compound files are scanned, their preliminary unpacking may take a long time. This period can be reduced 

by enabling unpacking of compound files in background mode if they exceed the specified file size. If a malicious object 

is detected while working with such a file, the application will notify you about it. 

You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will 

not be scanned. 

When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box 

is checked. 

To modify the list of compound files to be scanned: 




4. In the window that opens, on the Performance tab in the Scan of compound files section, select the desired 

type of compound files to be scanned. 

To set the maximum size of compound files to be scanned: 




4. In the window that opens, on the Performance tab in the Scan of compound files section, click the Additional 

button. 

5. In the Compound files window, check the Do not unpack large compound files box and specify the 

maximum file size. 

To unpack large compound files in background mode: 




4. In the window that opens, on the Performance tab in the Scan of compound files section, click the Additional 

button. 

5. In the Compound files window, check the Extract compound files in the background box and specify the 

minimum file size. 

82


OPTIMIZING FILE SCAN 

You can shorten the scan time and speed up Kaspersky Internet Security. This can be achieved by scanning only new 

files and those files that have altered since the last time they were scanned. This mode applies both to simple and 

compound files. 

To scan only new and changed files: 




4. In the window that opens, on the Performance tab in the Scan optimization section, check the Scan only new 

and changed files box. 

MAIL ANTI-VIRUS 

Mail Anti-Virus scans incoming and outgoing messages for malicious objects. It starts when the operating system 

launches and runs continually, scanning all email messages sent or received via the POP3, SMTP, IMAP, MAPI and 

NNTP protocols, as well as over secure connections (SSL) via POP3 and IMAP (see section "Encrypted connections 

scan" on page 116). 

The indicator of the component's operation is the application icon in the taskbar notification area, which looks like 

whenever an email message is being scanned. 

Mail Anti-Virus intercepts and scans each email message received or sent by the user. If no threats are detected in an 

email message, it becomes available for the user. 

You can specify the types of messages which should be scanned and select the security level (see page 85) 

(configuration settings affecting the scan intensity). 

By default, the signature analysis – a mode that uses records from application databases to search for threats – is 

always enabled. In addition, you can enable heuristic analysis. Furthermore, you can enable filtering of attachments (see 

page 86), which allows automatic renaming or deletion of specified file types. 

If a threat is detected in a file, Kaspersky Internet Security assigns one of the following statuses to the file: 

Status designating the type of the malicious program detected (for example, virus, Trojan). 

Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. The file 

may contain a code sequence typical of viruses and other malware, or the modified code of a known virus. 

After that, the application blocks the email message, displays a notification (see page 172) of the detected threat on the 

screen, and performs the action specified in the settings of Mail Anti-Virus. You can change the actions to be taken when 

a threat is detected (see section "Changing the action to take on infected email messages" on page 86). 










83


If disinfection is successful, the email message becomes available. If the disinfection fails, the infected object is deleted 

from the email message. Mail Anti-Virus expands the subject of the email message by adding text that notifies the user 

that this email message has been processed by Kaspersky Internet Security. 

An integrated plug-in is provided for Microsoft Office Outlook that allows you to fine-tune the email client. 

If you use The Bat!, Kaspersky Internet Security can be used in conjunction with other anti-virus applications. At that, the 

email traffic processing rules are configured directly in The Bat! and have a higher priority than the mail protection 

settings of Kaspersky Internet Security. 

When working with other widespread mail clients, including Microsoft Outlook Express/Windows Mail, Mozilla 

Thunderbird, Eudora, and Incredimail, Mail Anti-Virus scans email on the SMTP, POP3, IMAP, and NNTP protocols. 

Note that when working with the Thunderbird mail client, email messages transferred via IMAP will not be scanned for 

viruses if any filters moving messages from the Inbox folder are used. 


Enabling and disabling Mail Anti-Virus ............................................................................................................................ 84 

Creating the protection scope of Mail Anti-Virus ............................................................................................................. 84 

Changing and restoring the email security level .............................................................................................................. 85 

Using heuristic analysis when working with Mail Anti-Virus............................................................................................. 86 

Changing the action to take on infected email messages ............................................................................................... 86 

Filtering attachments in email messages ........................................................................................................................ 86 

Scan of compound files by Mail Anti-Virus ...................................................................................................................... 87 

Email scanning in Microsoft Office Outlook ..................................................................................................................... 87 

Email scanning in The Bat! .............................................................................................................................................. 87 

ENABLING AND DISABLING MAIL ANTI-VIRUS 

By default, Mail Anti-Virus is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable 

Mail Anti-Virus if necessary. 

To disable Mail Anti-Virus: 


2. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. 

3. In the right part of the window, uncheck the Enable Mail Anti-Virus box. 

CREATING THE PROTECTION SCOPE OF MAIL ANTI-VIRUS 

Protection scope comprises a type of email messages to be scanned, protocols with traffic scanned by Kaspersky 

Internet Security, and settings for integration of Mail Anti-Virus into the system. 

By default, Kaspersky Internet Security is integrated into Microsoft Office Outlook and The Bat!, scans both incoming and 

outgoing email messages, and scans traffic of POP3, SMTP, NNTP and IMAP email protocols. 

84


To disable scanning of outgoing emails: 




4. Use the General tab in the Protection scope section of the displayed window to select the Incoming 

messages only option. 

If you have selected scanning incoming messages only, it is recommended that you scan outgoing mail when 

first running Kaspersky Internet Security, since your computer may be infected with email worms that use your 

email to breed and spread. Scanning outgoing mail allows you to avoid problems occurring due to uncontrolled 

sending of email messages from your computer. 

To select the protocols to scan and the settings for integrating Mail Anti-Virus into the system: 




4. In the window that opens, on the Additional tab in the Connectivity section, select the desired settings. 

CHANGING AND RESTORING THE EMAIL SECURITY LEVEL 

Depending on your current needs, you can select one of the preset email security levels or configure Mail Anti-Virus on 

your own. 

Kaspersky Lab advises you not to configure Mail Anti-Virus settings on your own. In most cases, it is sufficient to select a 

different security level. 

When configuring Mail Anti-Virus, you can always restore the recommended values. These settings are considered 


To change the current email security level: 






To restore the default mail protection settings: 




85


USING HEURISTIC ANALYSIS WHEN WORKING WITH MAIL 

ANTI-VIRUS 

During Mail Anti-Virus operation, signature analysis is always used: Kaspersky Internet Security compares the object 

found with the database records. 







4. In the window that opens, on the General tab in the Scan methods section, check the Heuristic Analysis box 

and specify the detail level for the scan. 

CHANGING THE ACTION TO TAKE ON INFECTED EMAIL MESSAGES 


To change the action that should be taken on infected email messages: 




FILTERING ATTACHMENTS IN EMAIL MESSAGES 

Malicious programs may spread via email as attachments in email messages. You can configure filtering by type of 

attachments in email messages, which allows the renaming or deleting files of specified types automatically. 

To configure filtering of attachments: 




4. Use the Attachment filter tab of the displayed window to select the filtering mode for attachments. When you 

select either of the last two modes, the list of file types (extensions) will be enabled; there you can select the 

desired types or add a new type mask. 

To add a mask of a new type to the list, click the Add link to open the Input file name mask window and enter 

the required information. 

86


SCAN OF COMPOUND FILES BY MAIL ANTI-VIRUS 




You can enable or disable scanning of compound files, and limit the maximum size of compound files to be scanned. 

If your computer is not protected by any local network software (you access the Internet directly without a proxy server or 

a firewall), it is not recommended that you disable the scanning of compound files. 

To configure the scanning of compound files: 




4. Use the General tab in the window that opens to define the necessary settings. 

EMAIL SCANNING IN MICROSOFT OFFICE OUTLOOK 

While installing Kaspersky Internet Security, a special plug-in is integrated into Microsoft Office Outlook. It allows you to 

quickly switch to configuration of Mail Anti-Virus from Microsoft Office Outlook, and determine when email messages 

should be scanned for viruses and other riskware, whether this should be done when receiving, opening, or sending a 

message. 

Configuration of Mail Anti-Virus from Microsoft Office Outlook is available if this option is selected in the protection scope 

settings of Mail Anti-Virus. 

To switch to the email scan settings in Microsoft Office Outlook: 

1. Open the main Microsoft Office Outlook window. 

2. Select Tools Options from the application menu. 

3. In the Settings window that opens, select the Email protection tab. 

EMAIL SCANNING IN THE BAT! 

Actions with regard to infected email objects in The Bat! are defined using the application's own tools. 

Mail Anti-Virus settings which determine whether incoming and outgoing messages should be scanned, which actions 

should be performed in regard to dangerous objects in email, and which exclusions should apply are ignored. The only 

thing that The Bat! takes into account is the scanning of attached archives. 

The email protection settings extend to all the anti-virus components installed on the computer that support working with 

the Bat!. 

Note that incoming email messages are first scanned by Mail Anti-Virus and only then by the plug-in for The Bat!. If a 

malicious object is detected, Kaspersky Internet Security immediately notifies you of this. If you select the Disinfect 

(Delete) action in the Mail Anti-Virus notification window, actions aimed at eliminating the threat are performed by Mail 

Anti-Virus. If you select the Ignore option in the notification window, the object will be disinfected by the plug-in for The 

Bat!. When sending email messages, they are first scanned by the plug-in and then by Mail Anti-Virus. 

87


The settings of Mail Anti-Virus are available from The Bat! if this option is selected in the protection scope settings of Mail 

Anti-Virus. 

To configure email scanning in The Bat! you must define the following criteria: 

which mail stream (incoming, outgoing) should be scanned; 

when mail objects should be scanned (when opening a message, before saving to disk); 

what actions are to be performed by the mail client if dangerous objects are detected in email messages. For 

example, you can select: 

Attempt to disinfect infected parts – if this option is selected, the attempt is made to disinfect the infected 

object; if it cannot be disinfected, the object remains in the message. 

Delete infected parts – if this option is selected, the dangerous object in the message is deleted 

regardless of whether it is infected or suspected to be infected. 

By default, The Bat! places all infected email objects in Quarantine without attempting to disinfect them. 

Email messages that contain dangerous objects are not marked with the special subject add-on when scanned by the 

plug-in for The Bat!. 

To switch to the email scan settings in The Bat!: 

1. Open the main window of the The Bat!. 

2. In the Properties menu, select Settings. 

3. Select the Virus protection object from the settings tree. 

WEB ANTI-VIRUS 

Each time you work on the Internet, you endanger information stored on your computer, by exposing it to a risk of being 

infected with viruses and other malware. They may penetrate your computer when you download free applications or 

view information on websites that had been attacked by hackers before you have visited them. Moreover, network worms 

may penetrate into your computer even before you open a web page or download a file, just at the moment your 

computer establishes an Internet connection. 

Web Anti-Virus protects information received by your computer and sent from it over HTTP, HTTPS and FTP protocols, 

and prevents hazardous scripts from being run on your computer. 

Web Anti-Virus only monitors web traffic transferred via ports specified on the list of monitored ports. A list of monitored 

ports that are most commonly used for data transfer, is included in the Kaspersky Internet Security distribution kit. If you 

use ports that are not included in the list of monitored ports, you should add them to the list of monitored ports (see 

section "Creating a list of monitored ports" on page 119) to ensure protection of web traffic transferred via them. 

Web Anti-Virus scans web traffic with regard for a specific collection of settings named security level. If Web Anti-Virus 

detects a threat, it will perform the prescribed action. Malicious objects are detected using both Kaspersky Internet 

Security databases and a heuristic algorithm. 

Kaspersky Lab advises you not to configure Web Anti-Virus settings on your own. In most cases, it is sufficient to select 

an appropriate security level. 

88


Web traffic scan algorithm 

Each web page or file that is accessed by the user or an application via the HTTP, HTTPS, or FTP protocols is 

intercepted and scanned for malicious code by Web Anti-Virus: 

If a web page or a file accessed by the user contains malicious code, access to it is blocked. A notification is 

displayed that the requested file or web page is infected. 

If the file or web page does not contain malicious code, the program immediately grants the user access to it. 

Script scan algorithm 

Each script run is intercepted by Web Anti-Virus and is analyzed for malicious code: 

If a script contains malicious code, Web Anti-Virus blocks it and displays a notification on the screen. 

If no malicious code is discovered in the script, it is run. 

Web Anti-Virus intercepts only scripts based on the Microsoft Windows Script Host functionality. 


Enabling and disabling Web Anti-Virus ........................................................................................................................... 89 

Changing and restoring the web traffic security level ...................................................................................................... 90 

Changing the action to take on dangerous objects from web traffic ................................................................................ 90 

Checking URLs on web pages ........................................................................................................................................ 90 

Using heuristic analysis when working with Web Anti-Virus ............................................................................................ 93 

Blocking dangerous scripts ............................................................................................................................................. 93 

Scan optimization ............................................................................................................................................................ 94 

Controlling access to regional domains ........................................................................................................................... 94 

Controlling access to online banking services ................................................................................................................. 94 

Creating a list of trusted addresses ................................................................................................................................. 95 

ENABLING AND DISABLING WEB ANTI-VIRUS 

By default, Web Anti-Virus is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable 

Web Anti-Virus, if necessary. 

To disable Web Anti-Virus: 



3. In the right part of the window, uncheck the Enable Web Anti-Virus box. 

89


CHANGING AND RESTORING THE WEB TRAFFIC SECURITY LEVEL 

Depending on your current needs, you can select one of the preset web traffic security levels or configure Web Anti-Virus 

on your own. 

When configuring Web Anti-Virus, you can always restore the recommended values. These settings are considered 


To change the web traffic security level: 






To restore the default web traffic security level: 




CHANGING THE ACTION TO TAKE ON DANGEROUS OBJECTS 

FROM WEB TRAFFIC 


Web Anti-Virus always blocks actions by dangerous scripts and displays messages that inform the user of the action 

taken. You cannot change the action to be taken on a dangerous script; all you can do is disable script scan (see section 

"Blocking dangerous scripts" on page 93). 

To change the action to be performed with regard to detected objects: 




CHECKING URLS ON WEB PAGES 

Scanning web pages for phishing allows you to prevent phishing attacks. Phishing attacks are, as a rule, email 

messages from alleged financial organizations that contain URLs to websites of such organizations. The email message 

convinces the reader to click the URL and enter private information in the window that opens, for example, the number of 

a banking card or the login and the password of an online banking account. A phishing attack can be disguised, for 

example, as a letter from your bank with a link to its official website. By clicking the link, you go to an exact copy of the 

bank's website and can even see the bank site's address in the browser, even though you are on a counterfeit site. From 

this point forward, all your actions on the site are tracked and can be used to steal your money. 

Since links to phishing web sites may be received not only in email, but also from other sources, such as ICQ messages, 

Web Anti-Virus monitors attempts to access a phishing web site on the level of web traffic and blocks access to such 

locations. 

90


In addition to Kaspersky Internet Security databases, heuristic analysis (see page 93) can also be used for scanning web 

pages for phishing. 


Enabling and disabling the checking of URLs ................................................................................................................. 91 

Using Kaspersky URL Advisor ........................................................................................................................................ 91 

Blocking access to dangerous websites .......................................................................................................................... 92 

ENABLING AND DISABLING THE CHECKING OF URLS 

To enable URL checks using the databases of suspicious web addresses and phishing addresses: 




The Web Anti-Virus window opens. 

4. On the General tab, in the Kaspersky URL Advisor section, check the Check if URLs are listed in the 

database of suspicious URLs and Check web pages for phishing boxes. 

USING KASPERSKY URL ADVISOR 

Kaspersky URL Advisor is integrated into Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome as a plug-in. 

Kaspersky URL Advisor checks all URLs on a web page to find out if they are included in the list of suspicious URLs. It 

also checks them for phishing, highlighting each one in the browser window. 

You can create a list of websites, on which all URLs should be checked, check URLs on all websites except those 

included in the list of exclusions, check URLs in search results only, or specify categories of websites with URLs that 

should be checked. 

Not only can you configure Kaspersky URL Advisor in the application settings window, but also in the Kaspersky URL 

Advisor settings window, which is available from your web browser. 

To specify websites, on which all URLs should be checked: 





5. On the Safe Surf tab, in the Kaspersky URL Advisor section, check the Check URLs box. 

6. Select the websites on which the links need to be scanned: 

a. If you want to create a list of websites, on which all URLs should be checked, select Only websites from 

the list and click the Specify button. In the Checked URLs window that opens, create a list of websites to 

be checked. 

b. If you want to check URLs on all websites except those specified, select All but the exclusions and click 

the Exclusions button. In the Exclusions window that opens, create a list of websites that do not need any 

check of URLs on them. 

91


To check URLs in search results only: 





5. On the Safe Surf tab, in the Kaspersky URL Advisor section, check the Check URLs box and click the 

Settings button. 

6. In the Kaspersky URL Advisor settings window that opens, in the Check mode section, select Only URLs in 

search results. 

To select categories of websites with URLs that should be checked: 





5. On the Safe Surf tab, in the Kaspersky URL Advisor section, check the Check URLs box and click the 

Settings button. 

6. In the Kaspersky URL Advisor settings window that opens, in the Websites categories section, check the 

Show information on the categories of websites content box. 

7. In the list of categories, check the boxes next to categories of websites with URLs that should be checked. 

To open the Kaspersky URL Advisor settings window from your web browser, 

click the button with the Kaspersky Internet Security icon in the browser toolbar. 

BLOCKING ACCESS TO DANGEROUS WEBSITES 

You can block access to websites which have been deemed suspicious or phishing sites by Kaspersky URL Advisor (see 

section "Using Kaspersky URL Advisor" on page 91). 

To block access to dangerous websites: 





4. On the Safe Surf tab, in the Blocking Dangerous Websites section, check the Block dangerous websites 

box. 

92


USING HEURISTIC ANALYSIS WHEN WORKING WITH WEB 

ANTI-VIRUS 



When Web Anti-Virus is running, you can separately enable the heuristic analysis for scanning web traffic and for 

checking web pages for phishing. 

To enable the heuristic analysis for scanning web traffic: 





4. On the General tab in the Heuristic Analysis section, check the Use Heuristic Analysis box and set a scan 

detail level. 

To enable the heuristic analysis for checking web pages for phishing: 





4. On the General tab, in the Kaspersky URL Advisor section, click the Additional button. 

5. In the Anti-Phishing settings window that opens, check the Use Heuristic Analysis to check web pages for 

phishing box and set a scan detail level. 

BLOCKING DANGEROUS SCRIPTS 

Web Anti-Virus scans all scripts processed in Microsoft Internet Explorer, as well as any other WSH scripts (for example, 

JavaScript, Visual Basic Script, etc.) launched when you are working on the computer. If a script presents a threat to 

your computer, it will be blocked. 

To disable blocking of dangerous scripts: 





4. On the General tab in the Additional section uncheck the Block dangerous scripts in Microsoft Internet 

Explorer box. 

93


SCAN OPTIMIZATION 

To improve efficiency of detection of malicious code, Web Anti-Virus uses the caching of fragments of objects coming 

from the Internet. Using the caching, Web Anti-Virus scans objects only after they are received on the computer in their 

entirety. 

The caching increases the amount of time required to process objects and pass it to the user for further operations. 

Caching can cause problems when downloading or processing large objects, as the connection with the HTTP client may 

time out. 

You can solve this problem using the option of limiting the caching of fragments of objects coming from the Internet. 

Upon expiration of a certain time interval, each fragment of an object is passed to the user unscanned. When copying is 

complete, the object will be scanned entirely. This allows us to reduce the amount of time required to pass objects to the 

user and solving the problem with connection losses. The Internet security level is not reduced. 

Lifting restrictions on the duration of web traffic caching leads to improved efficiency of virus scans, though it may slow 

down access to objects. 

To set or remove a time limit for fragment buffering: 





4. On the General tab, in the Additional section, check the Limit traffic caching time to 1 sec to optimize scan 

box. 

CONTROLLING ACCESS TO REGIONAL DOMAINS 

Depending on your choice, Web Anti-Virus in Geo Filter mode can block or allow access to websites on the grounds of 

their belonging to regional web domains. This allows you, for example, to block access to websites which belong to 

regional domains with a high risk of infection. 

To allow or block access to websites which belong to specified domains: 





4. On the Geo Filter tab, check the Enable filtering by regional domains box and specify in the list of controlled 

domains below which domains should be allowed or blocked, and for which ones the application should request 

permission for access using a notification (see section "Request for permission to access a website from a 

regional domain" on page 197). 

By default, access is allowed for regional domains that match your location. Requesting permission for access is 

set for other domains by default. 

94


CONTROLLING ACCESS TO ONLINE BANKING SERVICES 

When working with online banking, your computer needs an especially reliable protection, since leakages of confidential 

information may lead to financial losses. Web Anti-Virus can control access to online banking services, thus ensuring 

safe interaction with them (see section "About Safe Run for Websites" on page 141). Web Anti-Virus automatically 

determines which web resources are online banking services. For guaranteed identification of a web resource as online 

banking service, you can specify its URL in the list of banking websites. 

To configure control of access to online banking services: 





4. On the Online Banking tab, check the Enable control box. You will be prompted to start the Certificate 

Installation Wizard that you can use to install a Kaspersky Lab certificate for scanning encrypted connections. 

5. If necessary, create a list of resources that Kaspersky Internet Security should identify as online banking 

services. 

CREATING A LIST OF TRUSTED ADDRESSES 

Web Anti-Virus does not scan web traffic for dangerous objects if it comes from trusted URLs. 

To create a list of trusted web addresses: 





4. On the Trusted URLs tab, check the Do not scan web traffic from trusted URLs box. 

5. Create a list of websites / web pages with content that you trust. To do this: 

a. Click the Add button. 

The Address mask (URL) window will open. 

b. Enter the address of a website / web page or the address mask of a website / web page. 

c. Click the OK button. 

A new record appears on the list of trusted URLs. 

6. If necessary, repeat steps from a to c. 

95


IM ANTI-VIRUS 

IM Anti-Virus scans the traffic of instant messaging clients (so-called Internet pagers). 

IM messages may contain links to suspicious websites and to websites used by hackers to organize phishing attacks. 

Malicious programs use IM clients to send spam messages and links to programs (or the programs themselves) which 

steal users' ID numbers and passwords. 

Kaspersky Internet Security ensures safe operation of various instant messaging applications, including ICQ, MSN, AIM, 

Yahoo! Messenger, Jabber, Google Talk, Mail.Ru Agent and IRC. 

Some IM clients, such as Yahoo! Messenger and Google Talk, use encrypted connections. To scan the traffic generated 

by those programs, you have to enable encrypted connections scanning (see page 116). 

IM Anti-Virus intercepts messages and scans them for dangerous objects or URLs. You can select the types of 

messages to scan and various scanning methods. 

If threats are detected in a message, IM Anti-Virus replaces this message with a warning message for the user. 

Files transferred via IM clients are scanned by the File Anti-Virus component (on page 77) when attempts are made to 

save them. 


Enabling and disabling IM Anti-Virus ............................................................................................................................... 96 

Creating the protection scope of IM Anti-Virus ................................................................................................................ 96 

Checking URLs in messages from IM clients .................................................................................................................. 97 

Using heuristic analysis when working with IM Anti-Virus ............................................................................................... 97 

ENABLING AND DISABLING IM ANTI-VIRUS 

By default, IM Anti-Virus is enabled and functions in normal mode. You can disable IM Anti-Virus if necessary. 

To disable IM Anti-Virus: 



3. In the right part of the window, uncheck the Enable IM Anti-Virus box. 

CREATING THE PROTECTION SCOPE OF IM ANTI-VIRUS 

The protection scope is the type of messages to be scanned. By default, Kaspersky Internet Security scans both 

incoming and outgoing messages. If you are sure that messages you send cannot contain any dangerous objects, you 

may disable scanning of outgoing traffic. 

96


To disable scanning of outgoing messages: 



3. In the right part of the window, in the Protection scope section, select the Incoming messages only option. 

CHECKING URLS IN MESSAGES FROM IM CLIENTS 

To scan messages for suspicious and phishing URLs: 



3. In the right part of the window, in the Scan methods section, check the Check if URLs are listed in the 

database of suspicious URLs and Check if URLs are listed in the database of phishing URLs boxes. 

USING HEURISTIC ANALYSIS WHEN WORKING WITH IM ANTI-VIRUS 



When using heuristic analysis, any script included in an IM client's message is executed in a protected environment. If 

the script's activity is typical of malicious objects, the object is likely to be classed as malicious or suspicious. By default, 

heuristic analysis is enabled. 




3. In the right part of the window, in the Scan methods section, check the Heuristic Analysis box and set the 

necessary scanning intensity level. 

PROACTIVE DEFENSE 

Proactive Defense protects your computer against new threats which are not yet included in Kaspersky Internet Security 

databases. 

The functioning of Proactive Defense is based on proactive technologies. Proactive technologies allow you to neutralize 

a new threat before it does any harm to your computer. Unlike responsive technologies, which analyze code based on 

records in Kaspersky Internet Security databases, preventative technologies recognize a new threat on your computer by 

the sequence of actions executed by a program. If, as a result of activity analysis, the sequence of an application's 

actions arouses suspicion, Kaspersky Internet Security blocks the activity of this application. 

For example, when actions such as a program copying itself to network resources, the startup folder and the system 

registry are detected, it is highly likely that this program is a worm. 

Hazardous sequences of actions also include attempts to modify the HOSTS file, hidden installation of drivers, etc. You 

can turn off monitoring (see page 99) for any hazardous activity or edit its monitoring rules (see page 99). 

As opposed to the Application Control protection component (on page 101), Proactive Defense responds immediately to 

a defined sequence of an application's actions. Activity analysis is applied to all applications running on your computer, 

including those allocated in the Trusted group by the Application Control protection component. 

97


You can create a group of trusted applications (see page 98) for Proactive Defense. You will not be notified of the 

activities of these applications. 

If your computer runs under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, Microsoft 

Windows Vista x64, Microsoft Windows 7, or Microsoft Windows 7 x64, control will not apply to all events. This is due to 

specific features of these operating systems. For example, control will not apply fully to the sending of data through 

trusted applications and suspicious system activities. 


Enabling and disabling Proactive Defense ...................................................................................................................... 98 

Creating a group of trusted applications .......................................................................................................................... 98 

Using the dangerous activity list ...................................................................................................................................... 99 

Changing the action to be taken on applications' dangerous activity .............................................................................. 99 

ENABLING AND DISABLING PROACTIVE DEFENSE 

By default, Proactive Defense is enabled, running in a mode recommended by Kaspersky Lab specialists. You can 

disable Proactive Defense if necessary. 

To disable Proactive Defense: 


2. In the left part of the window, in the Protection Center section, select the Proactive Defense component. 

3. In the right part of the window, uncheck the Enable Proactive Defense box. 

CREATING A GROUP OF TRUSTED APPLICATIONS 

Programs recognized by the Application Control protection component as Trusted pose no threat for the system. 

However, their activities will also be monitored by Proactive Defense. 

You can create a group of trusted applications exerting activity that should not be controlled by Proactive Defense. By 

default, the list of trusted applications includes applications with verified digital signatures and applications that are 

trusted in the Kaspersky Security Network database. 

To change the settings of the trusted applications group: 



3. In the right part of the window, in the Trusted applications section, perform the following actions: 

If you want applications with verified digital signatures to be included in the group of trusted applications, 

check the Applications with digital signature box. 

If you want applications trusted by the Kaspersky Security Network database to be included in the group of 

trusted applications, check the Trusted in Kaspersky Security Network database box. 

98


USING THE DANGEROUS ACTIVITY LIST 

The list of actions typical of dangerous activity cannot be edited. However, you can refuse to control a selected case of 

dangerous activity. 

To turn off monitoring for one dangerous activity or another: 




4. In the Proactive Defense window that opens, uncheck the box next to the type of activity which you do not want 

to be monitored. 

CHANGING THE ACTION TO BE TAKEN ON APPLICATIONS' 

DANGEROUS ACTIVITY 

The list of actions typical of dangerous activity cannot be edited. However, you can change the action that Kaspersky 

Internet Security takes when applications' dangerous activity is detected. 

To change the action that Kaspersky Lab application takes on dangerous activity of another application: 




4. In the Proactive Defense window that opens, in the Event column, select the desired event for which you want 

to edit the rule. 

5. Configure the settings for the selected event using the links in the Rule description section. For example: 

a. Click the link with the preset action and select the desired action in the Select action window that opens. 

b. Click the On / Off link to indicate that a report on operation execution should be created. 

SYSTEM WATCHER 

System Watcher collects data about application actions on your computer and provides information to other components 

for improved protection. 

Based on information collected by System Watcher, Kaspersky Internet Security can roll back actions performed by 

malicious programs. 

Rolling back actions performed by malicious programs can be initiated by one of the following protection components: 

System Watcher - based on patterns of dangerous activity; 

Proactive Defense; 

File Anti-Virus; 

when performing a virus scan. 

99


If suspicious events are detected in the system, Kaspersky Internet Security protection components can request 

additional information from System Watcher. In interactive protection mode of Kaspersky Internet Security (see section 

"Selecting a protection mode" on page 64), you can view data collected by the System Watcher component and 

presented as a report on dangerous activity history. This data can help you make a decision when selecting an action in 

the notification window. When the component detects a malicious program, the link to the System Watcher's report is 

displayed in the top part of the notification window (see page 197), along with a prompt for action. 


Enabling and disabling System Watcher ....................................................................................................................... 100 

Using patterns of dangerous activity (BSS) ................................................................................................................... 100 

Rolling back a malicious program's actions ................................................................................................................... 101 

ENABLING AND DISABLING SYSTEM WATCHER 

By default, System Watcher is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable 

System Watcher if necessary. 

You are advised not to disable the component unless it is absolutely necessary, since this inevitably decreases the 

efficiency of Proactive Defense and other protection components that may request data collected by System Watcher in 

order to identify the potential threat detected. 

To disable System Watcher: 


2. In the left part of the window, in the Protection Center section, select the System Watcher component. 

3. In the right part of the window, uncheck the Enable System Watcher box. 

USING PATTERNS OF DANGEROUS ACTIVITY (BSS) 

Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of actions typical of applications 

classified as dangerous. If an application's activity matches a pattern of dangerous activity, Kaspersky Internet Security 

performs the prescribed action. 

To provide real-time effective protection, Kaspersky Internet Security adds patterns of dangerous activity, which are used 

by System Watcher, during the database updates. 

By default, when Kaspersky Internet Security is running in automatic mode, if an application's activity matches a pattern 

of dangerous activity, System Watcher moves this application to Quarantine. When running in interactive mode, System 

Watcher prompts for action. You can specify the action that the component should perform when an application's activity 

matches a pattern of dangerous activity. 

In addition to exact matches between applications' activities and patterns of dangerous activity, System Watcher also 

detects actions that partly match patterns of dangerous activity and are considered suspicious based on the heuristic 

analysis. If suspicious activity is detected, System Watcher prompts for action regardless of the operation mode. 

To select the action that the component should perform if an application's activity matches a pattern of dangerous 

activity: 



100


3. In the right part of the window, in the Heuristic Analysis section, check the Use updatable patterns of 

dangerous activity (BSS) box. 

4. Click Select action and then specify the desired action on the dropdown list. 

ROLLING BACK A MALICIOUS PROGRAM'S ACTIONS 

You can use the option of rolling back the actions performed by malware in the system. To enable a rollback, System 

Watcher logs the history of program activity. You can limit the volume of information that System Watcher stores for a 

rollback. 

By default, Kaspersky Internet Security rolls back relevant operations automatically when the protection components 

detect malicious activity. When running in interactive mode, System Watcher prompts for action. You can specify an 

action that should be taken if a rollback of actions performed by a malicious program is available. 

The procedure of rolling back malware operations affects a strictly defined set of data. It causes no negative 

consequences for the operating system or data integrity on your computer. 

To select an action that should be taken if a rollback of actions performed by a malicious program is available: 



3. In the right part of the window, in the Rollback of malware actions section, choose Select action, and then 

select the required action from the dropdown list. 

To limit the volume of information that System Watcher stores for a rollback: 



3. In the right part of the window, in the Rollback of malware actions section, check the Limit data to be stored 

for rollback box and specify the maximum data volume that System Watcher should store for a rollback. 

APPLICATION CONTROL 

Application Control prevents applications from performing actions that may be dangerous for the system and ensures 

control of access to operating system resources and your identity data. 

The component tracks actions performed in the system by applications installed on the computer and regulates them 

based on the Application Control rules. These rules regulate potentially dangerous activity, including applications' access 

to protected resources, such as files and folders, registry keys, and network addresses. 

Applications' network activity is controlled by the Firewall component (on page 109). 

At the first startup of an application on the computer, the Application Control component verifies its safety and includes it 

in one of the groups. The group defines the rules that Kaspersky Internet Security should apply for controlling the activity 

of this application. The Application Control rules are a set of access rights to computer resources and restrictions posed 

on various actions being performed by applications on the computer. 

You can configure the conditions for distribution of applications by groups (see page 102), move an application to 

another group (see page 103), or edit the rules of Kaspersky Internet Security (see page 104). 

101


We recommend that you participate in the Kaspersky Security Network in order to improve the performance of 

Application Control (see section "Kaspersky Security Network" on page 174). Data obtained using the Kaspersky 

Security Network allows you to group applications with more accuracy and apply optimal Application Control rules. 

When the application is restarted, Application Control checks its integrity. If the application has not been changed, the 

component applies the current rule to it. If the application has been modified, Application Control re-scans it as at the first 

startup. 

To control applications' access to various resources of your computer, you can use the preset list of protected resources 

or add user resources to the list (see page 107). 


Enabling and disabling Application Control ................................................................................................................... 102 

Placing applications into groups .................................................................................................................................... 102 

Viewing application activity ............................................................................................................................................ 103 

Modifying a group and restoring the default group ........................................................................................................ 103 

Working with Application Control rules .......................................................................................................................... 104 

Interpreting data on application usage by the participants of the Kaspersky Security Network ..................................... 108 

ENABLING AND DISABLING APPLICATION CONTROL 

By default, Application Control is enabled, running in a mode recommended by Kaspersky Lab specialists. You can 

disable Application Control, if necessary. 

To disable Application Control: 


2. In the left part of the window, in the Protection Center section, select the Application Control component. 

3. In the right part of the window, uncheck the Enable Application Control box. 

PLACING APPLICATIONS INTO GROUPS 

At the first startup of an application on the computer, the Application Control component verifies its safety and includes it 

in one of the groups. 

Applications that do not pose any threat to the system are placed in the Trusted group. By default, this group includes 

applications with a digital signature and applications whose parent objects have one. You can disable the automatic 

inclusion of applications with a digital signature in the Trusted group. 

The behavior of applications included in the Trusted group will, however, be controlled by the Proactive Defense 

component (on page 97). 

By default, Kaspersky Internet Security uses the heuristic analysis to group unknown applications (those not included in 

the Kaspersky Security Network database and functioning without a digital signature). The analysis helps determine the 

application's threat rating, based on which it is placed into a group. Instead of using heuristic analysis, you can specify a 

group into which Kaspersky Internet Security should automatically place all unknown applications. 

102


By default, Application Control analyzes an application for 30 seconds. If this time interval turns out to be insufficient for 

determining the threat rating, the application is placed into the Low Restricted group, while determination of the threat 

rating continues in background mode. After that, the application is placed into its final group. You can change the time 

allocated for application analysis. If you are sure that no applications started on your computer pose any threat to its 

security, you can decrease the time spent on analysis. If, on the contrary, you are installing software and are not sure 

that it is safe, you are advised to increase the time for analysis. 

If the application threat rating is high, Kaspersky Internet Security notifies you and prompts you to select a group into 

which to place the application. Notification (see page 195) contains statistics on the application's use by Kaspersky 

Security Network participants. Based on the statistics and taking into account the history of how this application 

appeared on your computer, you can make a more objective decision regarding the group into which the application 

should be placed (see section "Interpreting data on application usage by the participants of the Kaspersky Security 

Network" on page 108). 

To configure distribution of applications by groups: 



3. In the right part of the window, in the Applications restriction section, perform the following actions: 

a. If you want applications with digital signatures to be automatically included in the Trusted group, check the 

Trust applications with digital signature box. 

b. Select a method of allocating unknown applications by groups: 

If you want to use heuristic analysis to allocate unknown applications by groups, select Use the 

heuristic analysis to define group. 

If you want to place all unknown applications into a specified group, select Move to the following 

group automatically and specify the required group in the dropdown list. 

c. Specify a time interval for scanning an application being run, using the Maximum time to define the 

application group field. 

VIEWING APPLICATION ACTIVITY 

You can view information about applications used on your computer and about processes running. 

To view application activity: 


2. In the lower part of the window, select the Applications Activity section. 

3. In the Applications Activity window that opens, in the top left corner, select the desired category of 

applications from the dropdown list. 

MODIFYING A GROUP AND RESTORING THE DEFAULT GROUP 

At the first startup of an application, Kaspersky Internet Security automatically includes it into a group (see section 

"Placing applications into groups" on page 102). You can move the application to another group manually. At any 

moment, you can move the application back to the default group. 

Kaspersky Lab specialists recommend that you avoid moving applications from default groups. Instead, if needed, edit 

the rules for an individual application. 

103


To move an application to another group: 





4. Right-click to open the context menu for the desired application and select Move to group . 

To restore an application in the default group: 





4. Right-click to open the context menu for the desired application and select Move to group Restore default 

group. 

WORKING WITH APPLICATION CONTROL RULES 

The Application Control rules are a set of access rights to computer resources and restrictions posed on various actions 

being performed by applications on the computer. 

By default, an application is controlled according to the rules of the group into which Kaspersky Internet Security placed 

the application when it was run for the first time. The group rules have been developed by Kaspersky Lab specialists for 

optimum control of application activity. If necessary, you can edit these rules or adjust them for an individual application. 

The rules for an application have higher priority than the rules for a group. 


Editing group rules ........................................................................................................................................................ 104 

Editing application rules ................................................................................................................................................ 105 

Use of rules from Kaspersky Security Network by Application Control ......................................................................... 106 

Inheritance of restrictions of the parent process ............................................................................................................ 106 

Deleting rules for unused applications .......................................................................................................................... 107 

Protecting operating system resources and identity data .............................................................................................. 107 

EDITING GROUP RULES 

By default, different groups have different optimal sets of access rights to computer resources. You can edit the preset 

group rules. 

To change a group rule: 



104


3. In the right part of the window, in the Configure application rules, protect digital identity data and other 

resources section, click the Applications button. 

4. In the Applications window that opens, select the desired group from the list and click the Edit button. 

5. In the Group rules window that opens, select the tab that matches the desired resource category (Files and 

system registry or Rights). 

6. Right-click the column with the appropriate action for the desired resource to open the context menu and select 

the desired value (Allow, Block, or Prompt for action). 

EDITING APPLICATION RULES 

You can modify restrictions at the level of an individual application or exclude some actions from the rules for an 

application. Kaspersky Internet Security will not control actions that have been added to the exclusions from the rules for 

an application. 

All exclusions created in the rules for applications are available in the application settings window (see section "The 

application settings window" on page 36) in the Threats and Exclusions section. 

You can also disable the application of group rules to the control of access to selected categories of protected resources. 

Access to these resources is managed by the application rules. 

To change an application rule: 





4. In the Applications window that opens, select the desired application from the list and click the Edit button. 

5. In the Application rules window that opens, select the tab that matches the desired resource category (Files 

and system registry or Rights). 

6. Right-click the column with the appropriate action for the desired resource to open the context menu and select 

the desired value (Allow, Block, or Prompt for action). 

To disable applying group rules to access to resources: 





4. In the Applications window that opens, select the desired application from the list. 

5. Click the Edit button. 

6. In the Application rules window that opens, select the tab that matches the desired resource category (Files 

and system registry or Rights). 

7. Right-click the column with the appropriate action for the required resource to open the context menu and select 

the Inherit item with the box checked. 

105


To add an exclusion to the application rules: 





4. In the Applications window that opens, select the desired application from the list and click the Edit button. 

5. In the Application rules window that opens, select the Exclusions tab. 

6. Check the boxes for the actions that should not be controlled. 

USE OF RULES FROM KASPERSKY SECURITY NETWORK BY APPLICATION 

CONTROL 

By default, applications found in the Kaspersky Security Network database are processed according to the rules loaded 

from this database. 

If an application was not found in the Kaspersky Security Network database at the first run but information about it was 

added later, Kaspersky Internet Security will automatically update the rules for the control of this application by default. 

You can disable the usage of rules from the Kaspersky Security Network and / or the automatic update of the rules for 

previously unknown applications. 

To disable the usage of rules from the Kaspersky Security Network: 



3. In the right part of the window, in the Applications restriction section, uncheck the Load rules for 

applications from Kaspersky Security Network (KSN) box. 

To disable updates of Kaspersky Security Network rules for previously unknown applications: 



3. In the right part of the window, in the Applications restriction section, uncheck the Update rules for 

previously unknown applications from KSN box. 

INHERITANCE OF RESTRICTIONS OF THE PARENT PROCESS 

On your computer, you are not the only one that has rights to launch programs and processes. Other running programs 

(processes) also can do it; thus they become parent ones. If a parent process has a lower rights priority than a program 

that it launches, Application Control applies the same restrictions to the program being launched as to the parent 

process. Thus, the program being launched inherits all restrictions from its parent process. 

This mechanism prevents a non-trusted application or an application with restricted rights from using a trusted 

application to perform actions requiring certain privileges. 

If an application's activity is blocked because a parent process has insufficient rights, you can modify these rights or 

disable inheritance of restrictions from the parent process. 

You should modify the rights of a parent process only if you are absolutely certain that the process' activities do not 

threaten the security of the system! 

106


To disable inheritance of restrictions from the parent process, perform the following steps: 





4. In the Applications window that opens, select the desired application from the list. 

5. Click the Edit button. 

6. In the Application rules window that opens, select the Exclusions tab. 

7. Check the Do not inherit restrictions from the parent process (application) box. 

DELETING RULES FOR UNUSED APPLICATIONS 

By default, the rules for applications which have not been started for 60 days are deleted automatically. You can modify 

the storage time for rules for unused applications or disable automatic removal of rules. 

To change the storage time for application rules: 



3. In the right part of the window, check the Delete rules for applications remaining inactive for more than box 

in the Additional section and specify the desired number of days. 

To disable the automatic removal of the rules for unused applications: 



3. In the right part of the window, in the Additional section, uncheck the Delete rules for applications remaining 

inactive for more than box. 

PROTECTING OPERATING SYSTEM RESOURCES AND IDENTITY DATA 

Application Control manages the applications' rights to perform actions with various resource categories of the operating 

system and personal data. 

Kaspersky Lab specialists have created preset categories of protected resources. You cannot edit this list. However, you 

can expand this list by adding user categories and / or individual resources, or stop controlling the selected resources. 

In addition, you can add specified resources to the exclusions. Access to those resources will not be controlled. 

To add personal data to be protected: 



3. Click the Identity protection button in the right part of the window. 

4. In the window that opens, on the Identity data tab, select the required category of identity data from the 

dropdown list. 

107


5. Click the Add button and select the desired type of resource from the menu that opens. 

6. In the User resource window that opens, specify the desired settings based on the resource being added. 

To create a category of identity data items to be protected: 




4. In the window that opens, on the Identity data tab, click the Add category button. 

5. In the Identity data category window that opens, enter a name for the new resource category. 

To add operating system settings and resources to be protected: 




4. In the window that opens, on the Operating system tab, select the desired category of operating system 

objects from the Category dropdown list. 

5. Click the Add button and select the desired type of resource from the menu that opens. 


To add a resource to the exclusions list: 




4. In the window that opens, on the Exclusions tab, click the Add button and specify the desired resource from 

the menu that opens. 


INTERPRETING DATA ON APPLICATION USAGE BY THE PARTICIPANTS 

OF THE KASPERSKY SECURITY NETWORK 

Information about application usage by the participants of the Kaspersky Security Network (see page 175) will allow you 

to make an objective decision on which status should be assigned to an application running on your computer. To assess 

the maliciousness or safety of an application accurately based on KSN data, you should know the history of how this 

application appeared on your computer. 

Kaspersky Lab specialists distinguish the following possible sources of new applications: 

the user downloads a setup file from the Internet and then opens it; 

a setup file is automatically downloaded and opened when the user clicks a link on a web page; 

the user opens a setup file stored on a CD / DVD or copied to the hard disk from it; 

108


the user opens a setup file stored on a USB drive or copied to the hard disk from it; 

the user opens a setup file received in a message via email, IM client, or social network. 

Statistics of application usage by the participants of the Kaspersky Security Network include the frequency of application 

usage and how long ago it was used. Below are the main categories of application usage: 

very rarely (less than 100 participants of KSN use this application) and recently (the file appeared a few days 

ago); 

rarely (less than 1,000 participants of KSN) and relatively long ago (a few months ago); most users restrict the 

activity of this application; 

frequently (more than 100,000 participants of KSN) and long ago (more than six months ago); most users trust 

this application; 

frequently (more than 100,000 participants of KSN) and recently (a few weeks ago); most users trust or restrict 

this application; 

very frequently (more than 100,000 participants of KSN) and recently; most users trust this application. 

NETWORK PROTECTION 

The various protection components, tools, and settings of Kaspersky Internet Security together ensure security and 

control of your network activities. 

The sections below contain detailed information about the principles of operation and configuration of the Firewall, 

Network Attack Blocker, Network Monitor, scanning of secure connections, proxy server settings, and monitoring of 

network ports. 


Firewall .......................................................................................................................................................................... 109 

Network Attack Blocker ................................................................................................................................................. 113 

Encrypted connections scan ......................................................................................................................................... 116 

Network Monitor ............................................................................................................................................................ 118 

Configuring the proxy server ......................................................................................................................................... 118 

Creating a list of monitored ports .................................................................................................................................. 119 

FIREWALL 

The Firewall ensures the security of your work in local networks and on the Internet. 

This component filters the entire network activity according to the network rules of Application Control. A network rule is 

an action that the Firewall performs when it detects a connection attempt with a specified status. A status is assigned to 

each network connection and is defined by set parameters: data transfer direction and protocol, addresses and ports to 

which the connection is established. 

109


The Firewall analyzes the settings of the networks to which you connect your computer. If the application is running in 

the interactive mode, the Firewall, when first connected, asks you for the status of the connected network (see 

page 196). If interactive mode is disabled, the Firewall defines the status based on the network type, ranges of 

addresses and other specifications. If necessary, you can change the status (see page 110) of a network connection 

manually. 


Enabling and disabling the Firewall ............................................................................................................................... 110 

Changing the network status ......................................................................................................................................... 110 

Working with Firewall rules ............................................................................................................................................ 110 

Configuring notifications of changes in the network ...................................................................................................... 113 

Advanced Firewall settings ............................................................................................................................................ 113 

ENABLING AND DISABLING THE FIREWALL 

By default, the Firewall is enabled, running in a mode recommended by Kaspersky Lab specialists. If necessary, you can 

disable the Firewall. 

To disable the Firewall: 


2. In the left part of the window, in the Protection Center section, select the Firewall component. 

3. In the right part of the window, uncheck the Enable Firewall box. 

CHANGING THE NETWORK STATUS 

The network connection status affects the set of rules used to filter network activity for that connection. You can change 

the network status, if necessary. 

To change the network connection status: 



3. In the right part of the window, in the Networks list, select a network connection and click the Edit button to 

open the network settings window. 

4. In the window that opens, select the desired status from the drop-down list on the Properties tab. 

WORKING WITH FIREWALL RULES 

The Firewall operates on the basis of two types of rules: 

Packet rules. These are used for posing restrictions on packets, regardless of the application. Typically, such 

rules restrict incoming network activity on specified TCP and UDP ports and filter ICMP messages. 

Application rules. These are used to set limits on the network activity of a particular application. Such rules allow 

fine-tuning of activity filtering, for example, when a certain type of network connection is prohibited for some 

applications but allowed for others. 

110


Packet rules have higher priority than application rules. If both packet rules and application rules are applied to the same 

type of network activity, this network activity is processed using the packet rules. You can also set a priority for each rule 

(see page 112). 

C R E A T I N G A P A C K E T R U L E 

Packet rules consist of a set of conditions and operations performed with regard to packets when these conditions are 

met. 

When creating packet rules, remember that they have priority over the rules for applications. 

To create a packet rule: 




4. In the window that opens, on the Packet rules tab, click the Add button. 

5. In the Network rule window that opens, specify the desired settings and click the OK button. 

6. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list. 

E D I T I N G G R O U P R U L E S 

Similarly to the Application Control (on page 101) component, by default the Firewall filters an application's network 

activity using the rules of the group in which this application has been placed. 

The network rules of a group define which access rights to various networks can be granted to the applications that have 

been included in the group. You can add new network rules for a group or edit the preset ones. 

To add a network rule for a group: 




4. In the window that opens, on the Application rules tab, select the desired group from the list and click the Edit 

button. 

5. In the Group rules window that opens, select the Network rules tab and click the Add button. 



To change a network rule for a group: 




4. In the window that opens, on the Application rules tab, select the desired group from the list and click the Edit 

button. 

111


5. In the Group rules window that opens, select the Network rules tab. 

6. Right-click the Permission column to open the context menu for the desired rule and select a value: Allow, 

Block, or Prompt for action. 

E D I T I N G A P P L I C A T I O N R U L E S 

You can create network rules for individual applications. The network rules of an application have a higher priority than 

network rules of a group. 

To create a network rule of an application: 




4. In the window that opens, on the Application rules tab, select an application and click the Edit button to open 

the rules configuration window. 

5. In the Application rules window that opens, on the Network rules tab, open the window for creating a network 

rule for the application by clicking the Add button. 



C H A N G I N G A R U L E ' S P R I O R I T Y 

The priority of a rule is defined by its position in the list. The first rule on the list has the highest priority. 

Each packet rule created manually is added to the end of the list of packet rules. 

Rules for applications are grouped by application name, and the rule priority applies to an individual group only. Rules for 

applications created manually have higher priority than inherited group rules. 

To change the priority of a packet rule: 




4. In the window that opens, on the Packet rules tab, select the rule and move it to the required place in the list by 

clicking the Move up or Move down buttons. 

To change the priority of an application rule or a group rule: 




4. In the window that opens, on the Application rules tab, select an application or group and open the rules 

configuration window by clicking the Edit button. 

5. In the window that opens, on the Network rules tab, select a rule and move it to the desired position in the list 

clicking the Move up or Move down buttons. 

112


CONFIGURING NOTIFICATIONS OF CHANGES IN THE NETWORK 

Network connection settings can be changed during operation. You can receive notifications of modifications in the 

network connection settings. 

To configure notifications about changes to network connection settings: 



3. In the right part of the window, in the Networks section, select a network connection and open the network 

settings window by clicking the Edit button. 

4. In the window that opens, on the Additional tab, in the Notify section, check the boxes for events that you want 

to be notified of. 

ADVANCED FIREWALL SETTINGS 

You can adjust the following advanced settings of the Firewall: 

enable the active mode for FTP; 

block connections if they cannot be prompted for action (application interface is not loaded); 

keep running until the system is shut down. 

By default, all the settings are enabled. 

To adjust the advanced settings of the Firewall: 




4. In the window that opens, on the Packet rules tab, open the advanced settings window by clicking the 

Additional button. 

5. In the Additional window that opens, check / uncheck the boxes next to the desired settings. 

NETWORK ATTACK BLOCKER 

The Network Attack Blocker scans inbound traffic for activity typical of network attacks. Once an attempt to attack your 

computer is detected, Kaspersky Internet Security blocks any network activity of the attacking computer towards your 

computer. 

By default, the block lasts for one hour. A warning will appear on the screen stating that an attempted network attack has 

taken place, with specific information about the computer which attacked yours. Descriptions of currently known network 

attacks (see section "Types of detected network attacks" on page 114) and methods to fight them are provided in 

Kaspersky Internet Security databases. The list of attacks which the Network Attack Blocker can detect is updated when 

the application's databases are updated (see section "Update" on page 72). 

113



Types of detected network attacks ................................................................................................................................ 114 

Enabling and disabling Network Attack Blocker ............................................................................................................ 115 

Editing the blockage settings ......................................................................................................................................... 115 

TYPES OF DETECTED NETWORK ATTACKS 

Nowadays, a great number of network attacks exist. These attacks exploit the vulnerabilities of the operating system and 

other software, system-type or otherwise, installed on your computer. 

To ensure the security of your computer, you must know what kinds of network attacks you might encounter. Known 

network attacks can be divided into three major groups: 

Port scan – this type of threat is not itself an attack, but it usually precedes one, since it is one of the common 

ways of obtaining information about a remote computer. The UDP / TCP ports used by the network tools on the 

computer targeted by an intruder are scanned to determine their status (closed or open). 

Port scans can tell a hacker what types of attacks work on that system and what types do not. In addition, the 

information obtained through the scan (a model of the system) helps the malefactor to know what operating 

system the remote computer uses. This, in turn, further restricts the number of potential attacks, and, 

correspondingly, the time spent perpetrating them. It also aids a hacker in attempting to use vulnerabilities 

characteristic of the operating system. 

DoS attacks, or Denial of Service attacks, are attacks which cause unstable performance of a system or its 

crash. Attacks of this type may make it impossible to use the information resources under attack (for example, it 

may not be possible to access the Internet). 

There are two basic types of DoS attacks: 

sending the target computer specially created packets that the computer does not expect which cause the 

system either to restart or to stop; 

sending the target computer many packets within a short timeframe such that the computer cannot process 

them, which causes system resources to be exhausted. 

Prime examples of this group of attacks are the following: 

The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64 

KB. This attack can crash some operating systems. 

The Land attack consists of sending a request to an open port on the target computer to establish a 

connection with itself. This attack sends the computer into a cycle, which intensifies the load on the 

processor and can lead to the crashing of some operating systems. 

The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The 

computer attempts to reply to each inbound packet, which slows the processor to a crawl. 

The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a 

fake connection. The system reserves certain resources for each of those connections, which completely 

drains your system resources, and the computer stops reacting to other connection attempts. 

Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it 

is successful, the hacker takes total control of your system. 

Hackers use this type of attack to obtain confidential information from a remote computer (for example, credit 

card numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes 

later (e.g., to use the invaded system in a zombie network, or as a platform for new attacks). 

114


This group includes the largest number of attacks. They may be divided into three groups depending on the 

operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and a common 

group for network services available in both operating systems. 

The following types of attacks are the most common among those which use the network resources of operating 

systems: 

Buffer overflow attacks. Buffer overflow may be caused by the absence (or insufficiency) of control when 

working with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit. 

Format string attacks. Format string errors arise from insufficient control of input values for I/O functions, 

such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this 

vulnerability, the hacker is able to send specially created queries and can take total control of the system. 

The Intrusion Detection System automatically analyzes and prevents attempts to exploit these 

vulnerabilities in the most common network services (FTP, POP3, IMAP) if they are running on the user’s 

computer. 

Attacks aimed at computers with Microsoft Windows are based on the use of the vulnerabilities of the 

software installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, 

and system components available via the network – DCom, SMB, Wins, LSASS, IIS5). 

In addition, the use of various malicious scripts, including scripts processed by Microsoft Internet Explorer and 

Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type 

consists of sending a special type of UDP packet that can execute malicious code to a remote computer. 

ENABLING AND DISABLING NETWORK ATTACK BLOCKER 

By default, Network Attack Blocker is enabled, running in a mode recommended by Kaspersky Lab specialists. You can 

disable Network Attack Blocker if necessary. 

To disable Network Attack Blocker: 


2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component. 

3. In the right part of the window, uncheck the Enable Network Attack Blocker box. 

EDITING THE BLOCKAGE SETTINGS 

By default, Network Attack Blocker blocks the activity of an attacking computer for one hour. You can cancel blockage of 

the selected computer or change the blockage time. 

To modify the time for which an attacking computer will be blocked: 


2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component. 

3. In the right part of the window, check the Add the attacking computer to the list of blocked computers for 

box and specify the blockage time. 

To unblock an attacking computer: 


2. In the lower part of the window, select the Network Monitor section. 

3. In the Network Monitor window that opens, on the Blocked computers tab, select the blocked computer and 

click the Unblock button. 

115


ENCRYPTED CONNECTIONS SCAN 

Connecting using the SSL / TLS protocols protects the data exchange channel on the Internet. The SSL / TLS protocols 

allow you to identify the parties exchanging data using electronic certificates, encode the data being transferred, and 

ensure their integrity during the transfer. 

These features of the protocol are used by hackers to spread malicious programs, since most antivirus applications do 

not scan SSL / TLS traffic. 

Kaspersky Internet Security scans encrypted connections using a Kaspersky Lab certificate. 

If an invalid certificate is detected when connecting to the server (for example, if the certificate is replaced by an 

intruder), a notification will pop up containing a prompt to either accept or reject the certificate. 

If you are sure that connection with a website is always secure, in spite of an invalid certificate, you can add the website 

into the list of trusted URLs. Kaspersky Internet Security will no longer scan the encrypted connection with this website. 

You can use the Certificate Installation Wizard to install a certificate for scanning encrypted connections in semiinteractive 

mode in Microsoft Internet Explorer, Mozilla Firefox (if it is not launched) and Google Chrome, as well as to 

get instructions on installing Kaspersky Lab's certificate for Opera. 

To enable encrypted connections scanning and install Kaspersky Lab's certificate: 


2. In the left part of the window, in the Advanced Settings section, select the Network component. 

3. In the window that opens, check the Scan encrypted connections box. When you first enable this setting, the 

Certificate Installation Wizard starts automatically. 

4. If the wizard does not start, click the Install certificate button. This will start a Wizard with instructions to follow 

for successful installation of the Kaspersky Lab certificate. 


Scanning encrypted connections in Mozilla Firefox ....................................................................................................... 116 

Scanning encrypted connections in Opera .................................................................................................................... 117 

SCANNING ENCRYPTED CONNECTIONS IN MOZILLA FIREFOX 

The Mozilla Firefox browser does not use Microsoft Windows certificate storage. To scan SSL connections when using 

Firefox, you should install the Kaspersky Lab certificate manually. 

You can use the Certificate Installation Wizard, if the browser is not launched. 

To install Kaspersky Lab's certificate: 

1. In the browser menu, select Tools Settings. 

2. In the window that opens, select the Additional section. 

3. In the Certificates section, select the Security tab and click the View Certificates button. 

4. In the window that opens, select the Authorities tab and click the Restore button. 

116


5. In the window that opens, select the Kaspersky Lab certificate file. The path to Kaspersky Lab's certificate file is: 

%AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti- 

Virus personal root certificate.cer. 

6. In the window that opens, check the boxes to select the actions that should be scanned with the certificate 

installed. To view information about the certificate, click the View button. 

To install Kaspersky Lab's certificate for Mozilla Firefox version 3.x manually: 



3. On the Encryption tab, click the View Certificates button. 

4. In the window that opens, select the Authorities tab and click the Import button. 




6. In the window that opens, check the boxes to select the actions that should be scanned with the certificate 

installed. To view information about the certificate, click the View button. 

If your computer runs under Microsoft Windows Vista or Microsoft Windows 7, the path to Kaspersky Lab's certificate file 

is: %AllUsersProfile%\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer. 

SCANNING ENCRYPTED CONNECTIONS IN OPERA 

The Opera browser does not use Microsoft Windows certificate storage. To scan SSL connections when using Opera, 

you should install Kaspersky Lab's certificate manually. 

To install Kaspersky Lab's certificate: 



3. In the left part of the window, select the Security tab and click the Manage Certificates button. 

4. In the window that opens, select the Vendors tab and click the Import button. 




6. In the window that opens, click the Install button. Kaspersky Lab's certificate will be installed. To view 

information about the certificate and select the actions for which the certificate will be used, select the certificate 

in the list and click the View button. 

To install Kaspersky Lab's certificate for Opera version 9.x: 



3. In the left part of the window, select the Security tab and click the Manage Certificates button. 

4. In the window that opens, select the Authorities tab and click the Import button. 

117





6. In the window that opens, click the Install button. Kaspersky Lab's certificate will be installed. 

If your computer runs under Microsoft Windows Vista or Microsoft Windows 7, the path to Kaspersky Lab's certificate file 

is: %AllUsersProfile%\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer. 

NETWORK MONITOR 

Network Monitor is a tool used to view information about network activities in real time. 

To view information about network activity: 


2. In the lower part of the window, select the Network Monitor section. 

In the Network Monitor window that opens, the Network activity tab provides information about network 

activity. 

When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can open Network 

Monitor using the Kaspersky Gadget. To do this, Kaspersky Gadget should be configured so that the option of opening 

the Network Monitor window is assigned to one of its buttons (see section "How to use the Kaspersky Gadget" on 

page 59). 

To open Network Monitor using the gadget, 

click the button with the 

Network Monitor icon in the Kaspersky Gadget interface. 

In the Network Monitor window that opens, the Network activity tab provides information about network activity. 

CONFIGURING THE PROXY SERVER 

If the computer's Internet connection is established via a proxy server, you may need to configure its connection settings. 

Kaspersky Internet Security uses these settings for certain protection components, as well as for updating the databases 

and application modules. 

If your network includes a proxy server using a non-standard port, you should add the port number to the list of 

monitored ports (see section "Creating a list of monitored ports" on page 119). 

To configure connection with a proxy server: 


2. In the left part of the window, in the Advanced Settings section, select the Network component. 

3. In the Proxy server section, click the Proxy server settings button. 

4. In the Proxy server settings window that opens, specify the required settings for connection to a proxy server. 

118


CREATING A LIST OF MONITORED PORTS 

Such protection components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus (on page 88) monitor the data streams 

transferred via specific protocols and through certain open TCP ports on your computer. For example, Mail Anti-Virus 

scans information transferred via SMTP, while Web Anti-Virus scans information transferred via HTTP, HTTPS, and FTP. 

You can enable monitoring of all or just selected network ports. If you configure the product to monitor the selected ports, 

you can create a list of applications for which all ports will be monitored. We recommend that you expand this list by 

including applications that receive or transfer data via FTP. 

To add a port to the list of monitored ports: 


2. In the left part of the window, in the Advanced Settings section, select the Network subsection. 

3. In the Monitored ports section, select Monitor selected ports only and click the Select button. 

The Network ports window will open. 

4. Click the Add link located under the list of ports in the top part of the window to open the Network port window, 

and enter the number and description of a port. 

To exclude a port from the list of monitored ports: 





4. In the list of ports in the top part of the window, uncheck the box next to the description of the port that should 

be excluded. 

To create a list of applications for which you wish to monitor all ports: 





4. Check the Monitor all ports for specified applications box, and in the list of applications below, check the 

boxes for the names of the applications for which all ports should be monitored. 

5. If the desired application is not in the list, add it as follows: 

a. Click the Add link under the list of applications to open a menu, and select an item: 

To specify the location of the executable file of an application, select Browse and specify the file's 

location on the computer. 

To select an application from the list of applications currently running, select Applications. In the 

Select application window that opens, select the required application. 

b. In the Application window, enter a description for the application selected. 

119


ANTI-SPAM 

Anti-Spam detects unsolicited email (spam) and processes it according to the rules of your email client. 

Anti-Spam is built into the following mail clients as a plug-in: 

Microsoft Office Outlook (on page 133); 

Microsoft Outlook Express (Windows Mail) (on page 133); 

The Bat! (on page 134); 

Thunderbird (on page 134). 

The lists of blocked and allowed senders allow to specify the addresses from which messages will be deemed useful 

mail or spam. Messages addressed not to you may be classified as spam (see page 129). Furthermore, Anti-Spam can 

check a message for the presence of allowed and blocked phrases, as well as for phrases from a list of obscene 

expressions. 

To enable efficient recognition of spam and useful mail by Anti-Spam, the component needs training (see section 

"Training Anti-Spam" on page 122). 

Anti-Spam uses a self-training algorithm that allows the component to better distinguish spam from useful mail with time. 

The source of data for the algorithm is the contents of the message. 

Anti-Spam's operation consists of two stages: 

1. The application of strict filtering criteria to a message. These criteria quickly determine whether the message is 

spam. Anti-Spam assigns the message spam or not spam status, the scan is stopped, and the message is 

transferred to the mail client for processing (see algorithm steps 1 to 5 below). 

2. Analyzing email messages that have undergone filtering. Such messages cannot be unambiguously considered 

spam. Therefore, Anti-Spam calculates the probability of their being spam. 

The Anti-Spam algorithm consists of the following steps: 

1. The message sender's address is checked for presence in the lists of allowed or blocked senders. 

If a sender's address is in the list of allowed senders, the message receives Not Spam status. 

If a sender's address is in the list of blocked senders, the message receives Spam status. 

2. If a message was sent using Microsoft Exchange Server and scanning of such messages is disabled, the 

message is given Not Spam status. 

3. A message analysis is performed to check whether it contains strings from the list of allowed phrases. If at least 

one line from this list has been found, the message will be assigned Not Spam status. This step is skipped by 

default. 

4. Anti-Spam analyzes a message to check whether it contains strings from the list of blocked phrases or the list of 

obscene words. Whenever words from these lists are found in a message, their weighting coefficients are added 

together. If the sum of the coefficients exceeds 100, the message will receive Spam status. This step is skipped 

by default. 

5. If the message text contains an address included in the database of phishing or suspicious web addresses, the 

message receives Spam status. 

6. Email is analyzed using heuristic rules. If the analysis finds signs typical of spam in a message, the probability 

of it being spam increases. 

120


7. Email is analyzed using GSG technology. In this kind of analysis, Anti-Spam analyzes images attached to the 

email message. If the analysis finds signs typical of spam in them, the probability of the message being spam 

increases. 

8. The application analyzes email attachments in .rtf format. It scans attached documents for signs of spam. Once 

the analysis is complete, Anti-Spam calculates the increase in the probability of the message being spam. By 

default, the use of this technology is disabled. 

9. It checks for the presence of additional features typical of spam. Each feature detected increases the probability 

that the message being scanned is spam. 

10. If Anti-Spam has been trained, the message will be scanned using iBayes technology. The self-training iBayes 

algorithm calculates the probability of a message being spam based on the frequency of phrases typical of 

spam found in the message text. 

The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy 

of Kaspersky Internet Security. Availability of this function depends on the application localization language. 

Message analysis determines the probability of its being spam expressed as the spam rate value. Spam or Probable 

spam status will be assigned to a message depending upon the specified threshold values of the spam rate (see section 

"Regulating threshold values of the spam rate" on page 130). By default the product adds the label [!! SPAM] or 

[?? Probable Spam] to the Subject field of spam and probable spam messages (see section "Adding a label to the 

message subject" on page 132). Then each message will be processed in accordance with the rules you have defined 

for email clients (see section "Configuring spam processing by mail clients" on page 132). 


Enabling and disabling Anti-Spam ................................................................................................................................ 121 

Changing and restoring the spam protection level ........................................................................................................ 122 

Training Anti-Spam ....................................................................................................................................................... 122 

Checking URLs in email messages ............................................................................................................................... 125 

Detecting spam by phrases and addresses. Creating lists ............................................................................................ 125 

Regulating threshold values of the spam rate ............................................................................................................... 130 

Using additional features affecting the spam rate ......................................................................................................... 131 

Selecting a spam recognition algorithm......................................................................................................................... 131 

Adding a label to the message subject .......................................................................................................................... 132 

Scanning messages from Microsoft Exchange Server .................................................................................................. 132 

Configuring spam processing by mail clients ................................................................................................................ 132 

ENABLING AND DISABLING ANTI-SPAM 

By default, Anti-Spam is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Anti- 

Spam, if necessary. 

To disable Anti-Spam: 



3. In the right part of the window, uncheck the Enable Anti-Spam box. 

121


CHANGING AND RESTORING THE SPAM PROTECTION LEVEL 

Depending on how often you receive spam, you can select one of the preset spam protection levels or configure Anti- 

Spam on your own. The levels of anti-spam protection correspond to the following security levels configured by the 

experts at Kaspersky Lab: 

High. This security level should be used if you receive spam frequently, for example, when using free mail 

services. When you select this level, the frequency of false positives rises; that is, useful mail is more often 

recognized as spam. 

Recommended. This security level should be used in most cases. 

Low. This security level should be used if you rarely receive spam, for example, if you are working in a 

protected corporate email environment. When this level is selected, spam and potential spam messages are 

less frequently recognized. 

When configuring Anti-Spam, you can always restore the recommended values. These settings are considered optimal, 

recommended by Kaspersky Lab, and grouped in the Recommended security level. 

To change the spam protection level set: 



In the right part of the window, in the Security level section, set the desired security level, or click the Settings 



To restore the default Anti-Spam settings: 




TRAINING ANTI-SPAM 

One of the most powerful spam detection tools is the self-training iBayes algorithm. The application uses the algorithm to 

decide which status should be assigned to a message based on the phrases it contains. Prior to beginning work, sample 

strings of useful and spam mail should be submitted to the iBayes algorithm, i.e., it should be trained. 

The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy of 

Kaspersky Internet Security. Availability of this function depends on the application localization language. 

There are several approaches to training Anti-Spam: 

Training Anti-Spam using outgoing messages. 

Training is performed while working with messages in the mail client using special buttons and menu items. 

Training when working with Anti-Spam reports. 

122



Training on outgoing messages .................................................................................................................................... 123 

Training on the interface of a mail client ........................................................................................................................ 123 

Adding an address to the list of allowed senders .......................................................................................................... 124 

Training with reports ...................................................................................................................................................... 124 

TRAINING ON OUTGOING MESSAGES 

You can train Anti-Spam using a sample of 50 outgoing emails. Once training is enabled, Anti-Spam will analyze every 

message you send, using it as a sample of useful mail. Training will complete after you send the 50th message. 

To enable Anti-Spam training using outgoing emails: 





4. On the Additional tab in the Outgoing messages section, check the Train using outgoing email messages 

box. 

While training using outgoing mail is in progress, the addresses of mail recipients are automatically added to the list of 

allowed senders. You can disable this feature (see section "Adding an address to the list of allowed senders" on 

page 124). 

TRAINING ON THE INTERFACE OF A MAIL CLIENT 

You can train Anti-Spam while handling email, using buttons on the taskbar and the menu of your email client. 

The buttons and menu items for Anti-Spam training only appear in the interfaces of mail client software after installation 

of Kaspersky Internet Security. 

To train Anti-Spam using the email client interface: 

1. Start the email client. 

2. Select a message with which you wish to train Anti-Spam. 

3. Do the following depending upon your email client: 

click the Spam or Not Spam button in the Microsoft Office Outlook toolbar; 

click the Spam or Not Spam button in the Microsoft Outlook Express toolbar (Windows Mail); 

use the special Mark as Spam and Mark as Not Spam items in the Special menu of The Bat! email client; 

use the Spam / Not Spam button in the Mozilla Thunderbird toolbar. 

123


After selecting an action from the list above, Anti-Spam conducts training using the selected message. If you select 

several messages, all of them are used for training. 

If a message is marked as useful mail, the address of its sender will be added to the list of allowed senders 

automatically. You can disable this feature (see section "Adding an address to the list of allowed senders" on page 124). 

ADDING AN ADDRESS TO THE LIST OF ALLOWED SENDERS 

When Anti-Spam is trained, the addresses of useful mail senders are automatically added to the list of allowed senders 

(see section "Blocked and allowed senders" on page 128). The application also adds the addresses of outgoing mail 

recipients to that list if training with outgoing mail is used. 

You can disable that function to prevent the automatic addition of allowed senders to the list in the course of training. 

To disable adding the address to the list of allowed senders: 





4. On the Exact methods tab in the Consider message as not spam section, check the If it is from an allowed 

sender box and click the Select button. 

The Allowed senders window opens. 

5. Uncheck the Add allowed senders' addresses when training Anti-Spam box. 

TRAINING WITH REPORTS 

There is the option to train Anti-Spam using its reports displaying information about messages recognized as probable 

spam. Essentially, the training means assigning the Spam or Not Spam labels to messages, as well as adding senders 

of those messages to the lists of allowed or blocked senders (see section "Blocked and allowed senders" on page 128). 

Messages are not marked with the spam and not spam tags if the function of self-training text analysis algorithm iBayes 

is enabled in Kaspersky Internet Security. Availability of this function depends on the application localization language. 

To train Anti-Spam using a report: 


2. In the top part of the window, click the Reports button. 

3. In the Reports window that opens, click the Detailed report button. 

The Detailed report window opens. 

4. Select the Anti-Spam section in the left part of the window. 

5. Use the records in the Object column in the right part of the window to select the messages you wish to use for 

Anti-Spam training. For each such message, right-click to open the context menu and select one of the menu 

commands corresponding to the operation which should be performed on the message: 

Mark as Spam. 

Mark as Not Spam. 

124


Add to the list of allowed senders. 

Add to the list of blocked senders. 

CHECKING URLS IN EMAIL MESSAGES 

Anti-Spam can check the URLs in mail messages to identify the ones included in the lists of suspicious web addresses or 

phishing web addresses. These lists are included in the product package of Kaspersky Internet Security. If you 

participate in Kaspersky Security Network (on page 174), Kaspersky Internet Security also accesses Kaspersky Security 

Network when checking URLs. If a phishing or suspicious link is detected in a message, or if phishing elements are 

detected in the message body, this message is identified as spam. 

To check URLs in email messages, you can also use the heuristic analysis. 

To enable URL checks using the databases of suspicious and phishing addresses: 





4. On the Exact methods tab in the Consider message as spam section, check the If it contains URLs from 

the database of suspicious URLs and If it contains phishing elements boxes. 






4. On the Exact methods tab, in the Consider message as spam section, click the Additional button. 

5. In the Anti-Phishing settings window that opens, check the Use Heuristic Analysis to check mail for 

phishing box and set a scan detail level using the slider. 

DETECTING SPAM BY PHRASES AND ADDRESSES. CREATING LISTS 

You can create lists of allowed, blocked and obscene key phrases, as well as lists of allowed and blocked sender 

addresses and a list of your addresses. If these lists are used, Anti-Spam analyzes every message to check whether it 

contains the phrases added to the lists, and it checks whether the addresses of the mail sender and recipients match the 

records in the address lists. Once a sought phrase or address is found, Anti-Spam identifies the message as useful mail 

or spam, depending upon which list contains the phrase or address. 

The following mail will be recognized as spam: 

messages containing blocked or obscene phrases with total weighting coefficient exceeding 100; 

messages sent from a blocked address or not addressed to you directly. 

125


The following messages will be recognized as useful mail: 

messages containing allowed phrases; 

messages sent from an allowed address. 


Using masks for phrases and addresses ...................................................................................................................... 126 

Blocked and allowed phrases ........................................................................................................................................ 127 

Obscene words ............................................................................................................................................................. 127 

Blocked and allowed senders ........................................................................................................................................ 128 

Your addresses ............................................................................................................................................................. 129 

Exporting and importing lists of phrases and addresses ............................................................................................... 129 

USING MASKS FOR PHRASES AND ADDRESSES 

You can use phrase masks in the lists of allowed, blocked and obscene phrases. The lists of allowed and blocked 

addresses and the list of trusted addresses support address masks. 

A mask is a template string against which a phrase or an address is compared. Certain symbols in a mask are used to 

represent others: * replaces any sequence of characters, while ? replaces any single character. If a mask uses such 

wildcards, it can match several phrases or addresses (see examples). 

If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be preceded by the \ character to 

ensure that Anti-Spam recognizes it correctly. Thus, instead of the * character you should use the \* combination in 

masks; the ? character should be represented as \? (e.g., What's the time\?). 

Sample phrase masks: 

Welcome to our *! – this mask covers any message containing a phrase that starts with the words "Welcome to 

our", continues with any text, and ends with the ! character. 

We offer – this mask covers any message containing a phrase that starts with the words "We offer" and 

continues with any text. 

Examples of address masks: 

admin@test.com – this mask only matches the address admin@test.com. 

admin@* – the mask matches the sender address with the admin name, for example, admin@test.com, 

admin@example.org. 

*@test* – this mask matches the address of any message sender from a domain beginning with test, for 

example: admin@test.com, info@test.org. 

info.*@test.??? – this mask corresponds to the address of any sender whose name begins with info. and whose 

mail domain name begins with test. and ends with any three characters, for example: info.product@test.com, 

info.company@test.org, but not info.product@test.ru. 

126


BLOCKED AND ALLOWED PHRASES 

You can add expressions which you typically observe in spam to the list of blocked phrases and define the weighting 

coefficient for each phrase. The weighting coefficient allows you to specify how typical a certain phrase is of spam 

messages: the larger the value, the higher the probability that mail containing such a phrase is spam. The weighting 

coefficient of a phrase can range from 0 to 100. If the total of the weighting coefficients of all phrases found in a message 

exceeds 100, the message will be identified as spam. 

Key expressions typical of useful mail can be added to the list of allowed phrases. Once Anti-Spam finds such a phrase 

in a message, it will be identified as useful mail (not spam). 

You can add both entire phrases and their masks to the list of blocked and allowed expressions (see section "Using 

masks for phrases and addresses" on page 126). 

To create a list of blocked or allowed phrases: 





4. Use the Exact methods tab to perform the following steps: 

If you need to create a list of blocked phrases, in the Consider message as spam section, check the If it 

contains blocked phrases box and click the Select button to the right. 

The Blocked phrases window will open. 

If you need to create a list of allowed phrases, in the Consider message as not spam section, check the If 

it contains allowed phrases box and click the Select button to the right. 

The Allowed phrases window will open. 

5. Click the Add link to open the Blocked phrase window (or the Allowed phrase window). 

6. Enter the complete phrase or phrase mask, specify the weighting coefficient for a blocked phrase, and then click 

OK. 

You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient. 

OBSCENE WORDS 

Kaspersky Lab experts have compiled the list of obscene words included in the distribution package of Kaspersky 

Internet Security. The list contains obscene words that indicate with a high probability that the message is spam if 

present. You can supplement the list by adding complete phrases and their masks to it (see section "Using masks for 

phrases and addresses" on page 126). 

If Parental Control (see page 143) is enabled for the user and a password (see page 63) for editing the Parental Control 

settings is set, the user will have to enter the password to view the list of obscene phrases. 

To edit the list of obscene phrases: 




127



4. On the Exact methods tab, in the Consider message as spam section, check the If it contains blocked 

phrases box and click the Select button. 

The Blocked phrases window will open. 

5. Check the Also block obscene words box and click the obscene words link to open the Agreement dialog. 

6. Read the agreement and, if you agree to the terms and conditions described in the window, check the box in the 

bottom part of the window and click the OK button. 

The Explicit language window will open. 

7. Click the Add link to open the Blocked phrase window. 

8. Enter the complete phrase or its mask, specify the phrase weighting coefficient and click OK. 


BLOCKED AND ALLOWED SENDERS 

You can add addresses, mail from which Anti-Spam will identify as spam to the list of blocked senders. Sender 

addresses from which you expect no spam are stored in the list of allowed senders. This list is created automatically 

during Anti-Spam training (see section "Adding an address to the list of allowed senders" on page 124). You can also 

supplement the list manually. 

You can add complete addresses or address masks to the lists of allowed or blocked senders (see section "Using masks 

for phrases and addresses" on page 126). 

To create a list of blocked or allowed senders: 





4. Use the Exact methods tab to perform the following steps: 

If you need to create a list of blocked senders, in the Consider message as spam section, check the If it 

is from a blocked sender box and click the Select button to the right. 

The Blocked senders window will open. 

If you need to create a list of allowed senders, in the Consider message as not spam section, check the If 

it is from an allowed sender box and click the Select button to the right. 


5. Click the Add link to open the Email address mask window. 

6. Enter an address mask and click the OK button. 


128


YOUR ADDRESSES 

You can create a list of your mail addresses to make Anti-Spam label as spam any mail that is not addressed to you 

directly. 

To create the list of your email addresses: 





4. On the Exact methods tab, check the If it is not addressed to me box and click the My addresses button. 

The My addresses window opens. 

5. Click the Add link to open the Email address mask window. 

6. Enter an address mask and click the OK button. 


EXPORTING AND IMPORTING LISTS OF PHRASES AND ADDRESSES 

Once you have created the lists of phrases and addresses, you can reuse them, for example, transfer the addresses to a 

similar list on another computer running Kaspersky Internet Security. 

To do this: 

1. Perform the export procedure – copy records from the list into a file. 

2. Move the file you have saved to another computer (for example, send it by email or use a removable data 

medium). 

3. Perform the import procedure – add the records from the file to the list of the same type on another computer. 

When exporting the list, you can copy either a selected list element only, or the entire list. When importing the list, you 

can add the new elements to the existing list, or replace the existing list with the one being imported. 

Addresses in the list of allowed senders can be imported from Microsoft Office Outlook / Microsoft Outlook Express 

(Windows Mail) address books. 

To export records from a list: 





4. On the Exact methods tab, check the box in the line containing the name of the list from which the records 

should be exported and click the corresponding button to the right. 

5. In the displayed list window, check the records which should be included in the file. 

6. Click the Export link. 

129


This opens a window that prompts you to export the highlighted items only. In this window, take one of the 

following actions: 

click the Yes button if you need to include only selected records in the file; 

click the No button if you need to include the entire list in the file. 

7. Specify a type and name for the file in the displayed window and confirm saving. 

To import records from a file to a list: 





4. On the Exact methods tab, check the box in the line containing the name of the list to which the records should 

be imported and click the button to the right. 

5. Click the Import link in the list window. If you are importing a list of allowed senders, the application will display 

a menu in which you should select the Import from file item. For other list types, selection from the menu is not 

required. 

If the list is not empty, a window opens prompting you to add items to be imported. In this window, take one of 

the following actions: 

click the Yes button if you want to add records from the file to the list; 

click the No button if you want to replace the existing records with the list from the file. 

6. In the window that opens, select the file with the list of records that you want to import. 

To import a list of allowed senders from an address book: 





4. On the Exact methods tab in the Consider message as not spam section, check the If it is from an allowed 

sender box and click the Select button. 


5. Click the Import link, open the source selection menu, and select Import from the Address Book. 

6. Use the window that opens to select the desired address book. 

REGULATING THRESHOLD VALUES OF THE SPAM RATE 

Spam recognition is based on cutting-edge filtering methods, which allow you to train (see section "Training Anti-Spam" 

on page 122) Anti-Spam to distinguish spam, probable spam and useful email. In doing so, each individual element of 

good emails or spam is assigned a factor. 

130


When an email message comes in your inbox, Anti-Spam checks it for spam and useful mail. The component sums up 

the ratings of each spam (useful mail) item and calculates the resulting spam rate. The larger the spam rate, the higher 

the probability that such mail contains spam. A message is recognized by default as useful mail if its spam rate does not 

exceed 60. If the spam rate is higher than 60, such a message is considered to be potential spam. If the value exceeds 

90, the message is considered spam. You can modify the threshold values for the spam rate. 

To change the spam rate thresholds, perform the following steps: 





4. On the Expert methods tab, use the Spam rate section to configure the spam rate values using the 

corresponding sliders or entry fields. 

USING ADDITIONAL FEATURES AFFECTING THE SPAM RATE 

The result of spam rate calculation can be affected by additional message characteristics, for example, the absence of a 

recipient's address in the "To" field or a very long message subject (over 250 characters). When present in a message, 

such signs increase the probability of its being spam. Consequently, the spam rate will increase. You can select which 

additional characteristics will be taken into account during message analysis. 

To use additional characteristics which increase the spam rate: 





4. On the Expert methods tab, click the Additional button. 

5. In the Additional window which opens, check the boxes next to the characteristics which should be taken into 

account during message analysis and which increase the spam rate. 

SELECTING A SPAM RECOGNITION ALGORITHM 

Anti-Spam analyzes email messages using spam recognition algorithms. 

To enable the use of a spam recognition algorithm when analyzing email messages: 





4. On the Expert methods tab, in the Recognition algorithms section, check the appropriate boxes. 

131


ADDING A LABEL TO THE MESSAGE SUBJECT 

Anti-Spam can add appropriate labels to the Subject field of the message which has been deemed spam or potential 

spam after analysis: 

[!! SPAM] – for messages identified as spam; 

[?? Probable Spam] – for messages identified as potential spam. 

When present in message subject, such labels can help you distinguish spam and probable spam visually while viewing 

the mail lists. 

To configure adding of a label to messages' subjects: 





4. Use the Additional tab to select the checkboxes next to the labels which should be added to message subjects 

in the Actions section. If necessary, edit the label text. 

SCANNING MESSAGES FROM MICROSOFT EXCHANGE SERVER 

By default, the Anti-Spam component does not scan Microsoft Exchange Server messages. You can enable scan of 

email messages exchanged within an internal network (for example, corporate email). 

Messages are considered to be internal mail if Microsoft Office Outlook is used on all network computers, and if all user 

mailboxes are located on the same Exchange server or on linked servers. 

To enable scan of messages in Microsoft Exchange Server: 





4. On the Additional tab in the Exclusions section, uncheck the Do not check Microsoft Exchange Server 

native messages box. 

CONFIGURING SPAM PROCESSING BY MAIL CLIENTS 

If after scanning it is determined that an email is spam or probable spam, the further actions of Anti-Spam depend on the 

status of the message and the action selected. By default, email messages considered spam or probable spam are 

modified: in the Subject field of the message, the label [!! SPAM] or [?? Probable Spam], respectively, is added (see 

section "Adding a label to the message subject" on page 132). 

You can select additional actions to be taken with spam or probable spam. To do so, special plug-ins are provided in the 

Microsoft Office Outlook and Microsoft Outlook Express (Windows Mail) clients. You can configure mail filtering rules for 

The Bat! and Thunderbird email clients. 

132



Microsoft Office Outlook ................................................................................................................................................ 133 

Microsoft Outlook Express (Windows Mail) ................................................................................................................... 133 

Creating a rule for handling spam reports ..................................................................................................................... 133 

The Bat!......................................................................................................................................................................... 134 

Thunderbird ................................................................................................................................................................... 134 

MICROSOFT OFFICE OUTLOOK 

By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] 

or [?? Probable Spam] in the Subject field. If additional processing of mail after Anti-Spam scans it is required, you can 

configure Microsoft Office Outlook as necessary. The spam processing settings window automatically opens the first time 

you run Microsoft Outlook after installing Kaspersky Internet Security. The spam and probable spam processing settings 

for Microsoft Outlook are displayed on the special Anti-Spam tab of the Tools Options menu item. 

MICROSOFT OUTLOOK EXPRESS (WINDOWS MAIL) 


or [?? Probable Spam] in the Subject field. If additional processing of mail after Anti-Spam scans it is required, you can 

configure Microsoft Outlook Express (Windows Mail) as necessary. 

The spam processing settings window opens the first time you run your client after installing the application. You can 

also open it by clicking the Settings button in the email client toolbar next to the Spam and Not Spam buttons. 

CREATING A RULE FOR HANDLING SPAM REPORTS 

Below are the instructions for creating a rule for handling spam reports using Anti-Spam in Microsoft Office Outlook. You 

can use the guidelines to create custom rules. 

To create a spam processing rule: 

1. Run Microsoft Office Outlook and use the Tools Rules and Alerts command in the main application menu. 

The method used to access the wizard depends upon your version of Microsoft Office Outlook. This Help file 

describes how to create a rule using Microsoft Office Outlook 2003. 

2. In the Rules and Alerts window that opens, on the Email Rules tab, click the New Rule button. As a result, the 

Rules Wizard is launched. The Rules Wizard includes the following steps: 

a. You should decide whether you want to create a rule from scratch or use a template. Select the Start from 

a blank rule option and select the Check messages when they arrive scan condition. Click the Next 

button. 

b. In the message filtering condition configuration window click the Next button without checking any boxes. 

Confirm in the dialog box that you want to apply this rule to all emails received. 

c. In the window for selecting actions with regard to messages, check the perform a custom action box in 

the action list. In the lower part of the window, click the custom action link. Select Kaspersky Anti-Spam 

from the drop-down list in the window that opens and click the OK button. 

133


d. Click the Next button in the exceptions from the rules window without checking any boxes. 

e. In the final window, you can change the rule's name (the default name is Kaspersky Anti-Spam). Make sure 

that the Turn on this rule box is checked, and click the Finish button. 

3. The default position for the new rule is first on the rule list in the Rules and Alerts window. If you like, move this 

rule to the end of the list so it is applied to the email last. 

All incoming emails are processed using these rules. The order in which rules are applied depends upon the 

priority specified for each rule. Rules are applied starting at the beginning of the list; the priority of each 

following rule is lower than that of the preceding one. You can increase or decrease rule priority by moving a 

rule up or down in the list. If you do not want the Anti-Spam rule to further process emails after a rule is applied, 

you must check the Stop processing more rules box in the rule settings (see Step 3 of the rule creation 

window). 

THE BAT! 

Actions with regard to spam and probable spam in The Bat! are defined by the client's own tools. 

To modify spam processing rules in The Bat!: 

1. In the Properties menu of the mail client, select the Settings item. 

2. Select the Spam protection object from the settings tree. 

Displayed settings of anti-spam protection apply to all installed Anti-Spam modules that support integration with The Bat!. 

You need to define the rating level and specify how messages with a certain rating should be handled (in the case of 

Anti-Spam – the probability of a message being spam): 

delete messages with ratings that exceed the specified value; 

move email messages with a given rating to a special spam folder; 

move spam marked with special headers to the spam folder; 

leave spam in the Inbox folder. 

After processing an email, Kaspersky Internet Security assigns a spam or probable spam status to the message based 

on a rating with an adjustable value. The Bat! has its own email rating algorithm for spam, also based on a spam rate. To 

prevent discrepancies between spam rates in Kaspersky Internet Security and The Bat!, all messages checked in Anti- 

Spam are assigned the rating corresponding to the message status: Not Spam email – 0%, Probable spam – 50%, 

Spam – 100%. Thus, the email rating in The Bat! corresponds to the rating of the relevant status and not to the spam 

rate assigned in Anti-Spam. 

For more details on the spam rate and processing rules, see the documentation for The Bat! mail client. 

THUNDERBIRD 


or [?? Probable Spam] in the Subject field. If additional processing of mail is required after Anti-Spam scans it, you can 

configure Thunderbird by opening its configuration window from the Tools Message Filters menu (for more details 

about using the mail client, see Mozilla Thunderbird Help). 

Thunderbird's Anti-Spam plug-in module allows training based on messages received and sent using this email client 

application and checking your email correspondence for spam on the server. The plug-in module is integrated into 

Thunderbird and forwards messages to the Anti-Spam component for scanning when commands from the 

Tools Run Junk Mail Controls on Folder menu are executed. Thus, Kaspersky Internet Security checks 

messages instead of Thunderbird. This does not alter the functionality of Thunderbird. 

134


The Anti-Spam plug-in module status is displayed as an icon in the Thunderbird status line. A gray icon informs you that 

there is a problem in the plug-in's operation or that the Anti-Spam component is disabled. Double-click the icon to open 

the settings of Kaspersky Internet Security. To modify the Anti-Spam settings, click the Settings button in the Anti-Spam 

section. 

ANTI-BANNER 

Anti-Banner is designed to block banners on web pages you open and in the interface of specified applications. Adverts 

on banners may distract you from your activities, while banner downloads increase the amount of inbound traffic. 

Before a banner is displayed on a web page or in an application's window, it must be downloaded from the Internet. Anti- 

Banner scans the address from which the banner is downloaded. If the address matches a mask from the list included 

with the Kaspersky Internet Security package or from the list of blocked banners addresses you have compiled on your 

own, Anti-Banner blocks the banner. To block banners with address masks not found in the abovementioned lists, the 

heuristic analyzer is used. 

In addition, you can create a list of allowed addresses to determine which banners should be allowed for display. 


Enabling and disabling Anti-Banner .............................................................................................................................. 135 

Selecting a scan method ............................................................................................................................................... 135 

Creating lists of blocked and allowed banner addresses............................................................................................... 136 

Exporting and importing lists of addresses .................................................................................................................... 136 

ENABLING AND DISABLING ANTI-BANNER 

Immediately after Kaspersky Internet Security installation, the Anti-Banner component is disabled; it does not block 

banners. To activate banner blocking, you must enable Anti-Banner. 

To display all banners, disable Anti-Banner. To display some of banners, add their respective addresses to the list of 

allowed banner addresses (see section "Creating lists of blocked and allowed banner addresses" on page 136). 

To enable Anti-Banner: 


2. In the left part of the window, in the Protection Center section, select the Anti-Banner component. 

3. In the right part of the window, check the Enable Anti-Banner box. 

SELECTING A SCAN METHOD 

You can specify which methods should be used by Anti-Banner to scan addresses from which banners may be 

downloaded. In addition to these methods, Anti-Banner checks banner addresses for matches to the masks from the lists 

of allowed and blocked addresses, if those are in use. 

To select methods of address scanning for Anti-Banner: 



3. In the right part of the window, in the Scan methods group, check the boxes next to the names of the methods 

that should be used. 

135


CREATING LISTS OF BLOCKED AND ALLOWED BANNER ADDRESSES 

You can use lists of blocked and allowed banner addresses to specify, from which addresses banners are allowed to 

load and display, and from which ones they are not. Create a list of blocked address masks to let Anti-Banner block 

download and display of banners from the addresses that correspond to those masks. Create a list of allowed address 

masks to let Anti-Banner download and display banners from the addresses that correspond to those masks. 

If you use Microsoft Internet Explorer, Mozilla Firefox, or Google Chrome, you can add masks to the list of blocked 

addresses directly from the browser window. 

To add a mask to the list of blocked (allowed) addresses: 



3. In the right part of the window, in the Additional section, check the Use the list of blocked URLs box (or the 

Use the list of allowed URLs box) and click the Settings button located under the box. 

The Blocked URLs (or Allowed URLs) window opens. 

4. Click the Add button. 

The Address mask (URL) window will open. 

5. Enter a banner address mask and click the OK button. 

You do not have to delete a mask to stop using it; unchecking the box next to the mask will be sufficient. 

To add a mask to the list of blocked addresses from the browser window, 

right-click the image in the browser window to open a context menu, and select Add to Anti-Banner. 

EXPORTING AND IMPORTING LISTS OF ADDRESSES 

Lists of allowed and blocked banner addresses can be used repeatedly (for example, you can export banner addresses 

to a similar list on another computer with Kaspersky Internet Security installed on it). 

To do this: 

1. Perform the export procedure – copy records from the list into a file. 

2. Move the file you have saved to another computer (for example, send it by email or use a removable data 

medium). 

3. Perform the import procedure – add the records from the file to the list of the same type on another computer. 

When exporting the list, you can copy either a selected list element only, or the entire list. When importing the list, you 

can add the new elements to the existing list, or replace the existing list with the one being imported. 

To export banner addresses from the list of allowed or blocked URLs, perform the following steps: 



3. In the right part of the window, in the Additional section, click the Settings button located in the line with the 

name of the list from which you need to copy addresses into a file. 

136


4. In the Allowed URLs (or Blocked URLs) window that opens, check the boxes next to the addresses that you 

need to include in the file. 

5. Click the Export button. 

This opens a window that prompts you to export the highlighted items only. In this window, take one of the 

following actions: 

click the Yes button if you need to include only selected addresses in the file; 

click the No button if you need to include the entire list in the file. 

6. In the window that opens, enter a name for the file you want to save and confirm saving. 

To import banner addresses from a file to the list of allowed or blocked URLs: 



3. In the right part of the window, in the Additional section, click the Settings button located in the line with the 

name of the list to which you need to add addresses from a file. 

4. In the Allowed URLs window that opens (or the Blocked URLs window), click the Import button. 

If the list is not empty, a window opens prompting you to add items to be imported. In this window, take one of 

the following actions: 

click the Yes button if you want to add records from the file to the list; 

click the No button if you want to replace the existing records with the list from the file. 

5. In the window that opens, select the file with the list of records that you want to import. 

SAFE RUN FOR APPLICATIONS AND SAFE RUN FOR 

WEBSITES 

Kaspersky Internet Security can perform potentially dangerous actions in isolation from the main operating system. 

Kaspersky Internet Security provides the following features for this purpose: 

run separate application in Safe Run on the main desktop (see page 52); 

use Safe Run for Applications (see page 138); 

use Safe Run for Websites (see page 141). 

Isolation from the main operating system provides additional security for your computer because real operating system 

files are not modified. 

Suspicious files detected while you work in the safe environment are quarantined in the normal mode. When files are 

recovered from Quarantine, they are restored to the original folder. If the original folder cannot be found, Kaspersky 

Internet Security prompts you to specify a location to restore the object in the environment (normal or safe) in which the 

restoration procedure was started. 

Safe Run and Safe Run for Websites are not available on computers running under Microsoft Windows XP x64. 

The functionality of certain applications launched on computers running Microsoft Windows Vista x64 and Microsoft 

Windows 7 x64 is limited when operating in the safe environment. If such applications are started, a message to that 

137


effect is displayed on screen if you have enabled notifications (see page 172) of the Application functionality is limited 

in safe mode event. In addition, Safe Run for Applications is completely inaccessible. 


About Safe Run ............................................................................................................................................................. 138 

About Safe Run for Websites ........................................................................................................................................ 141 

Using a shared folder .................................................................................................................................................... 143 

ABOUT SAFE RUN 

Safe Run is a secure environment isolated from the main operating system and designed for running applications whose 

safety raises doubts. In Safe Run, real operating system files do not undergo changes. So even if you run an infected 

application in Safe Run, all of its actions will be limited to the virtual environment without affecting the operating system. 


Launching and closing applications in Safe Run ........................................................................................................... 138 

Automatic launch of applications in Safe Run ............................................................................................................... 139 

Switching between the main desktop and Safe Run for Applications ............................................................................ 139 

Using the pop-up toolbar in Safe Run ........................................................................................................................... 140 

Clearing Safe Run ......................................................................................................................................................... 140 

Creating a shortcut for Safe Run on the desktop .......................................................................................................... 141 

LAUNCHING AND CLOSING APPLICATIONS IN SAFE RUN 

You can activate Safe Run for Applications using one of the following methods: 


on page 33); 

from the Kaspersky Internet Security context menu (see section "Context menu" on page 32); 

using a button in the Kaspersky Gadget interface if the option of running Safe Run for Applications is assigned 

to a button (see section "How to use the Kaspersky Gadget" on page 59); 

using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141). 

You can close Safe Run for Applications using one of the following methods: 

using the operation system's Start menu; 

from the pop-up toolbar (see section "Using the pop-up toolbar" on page 140); 

using the key combination CTRL+ALT+SHIFT+K. 

138


To start Safe Run for Applications from the main Kaspersky Internet Security window: 


2. In the bottom part of the window, select the Safe Run for Applications section. 

3. In the window that opens, click the Go to Safe Run for Applications button. 

To activate Safe Run for Applications from the context menu of Kaspersky Internet Security, 

right-click to open the Kaspersky Internet Security context menu in the taskbar notification area and select Safe Run 

for Applications. 

To start Safe Run for Applications from the Kaspersky Gadget, 

click the button with the Safe Run icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and 

Microsoft Windows 7 operating systems). 

To close Safe Run from the Start menu, 

in the Start menu of the operating system, select Safe Run for Applications – shutdown. 

To close Safe Run from the pop-up toolbar: 

1. Roll over the top part of the screen with the mouse pointer. 

2. In the pop-up toolbar, click the button. 

3. In the action selection window that opens, select Disable. 

AUTOMATIC LAUNCH OF APPLICATIONS IN SAFE RUN 

You can create a list of applications that will run automatically when you start the Safe Run. 

An autorun list can only be created in Safe Run. 

To generate an autorun list for Safe Run: 

1. In the Start menu of the operating system, select Programs Autorun Safe Run for Applications. 

2. Right-click to open the context menu and select Open. 

3. Copy applications icons to be launched at startup of Safe Run for Applications into the opened folder. 

SWITCHING BETWEEN THE MAIN DESKTOP AND SAFE RUN FOR 

APPLICATIONS 

You can switch to the main desktop without closing Safe Run and then switch back. You can use the following methods 

to switch between the main desktop and Safe Run: 


on page 33); 

from the Kaspersky Internet Security context menu (see section "Context menu" on page 32); 

from the pop-up toolbar (see section "Using the pop-up toolbar in Safe Run" on page 140) (available in Safe 

Run only); 

using the gadget. 

139


To switch to the main desktop from the main window of Kaspersky Internet Security: 



3. In the window that opens, click the Main desktop button. 

To switch to the main desktop from the context menu of Kaspersky Internet Security, 

right-click to open the context menu for the Kaspersky Internet Security icon in the notification area and select 

Return to the main desktop. 

To switch to the main desktop from the pop-up toolbar: 



USING THE POP-UP TOOLBAR IN SAFE RUN 

You can use the pop-up toolbar in Safe Run to perform the following actions: 

close Safe Run (see section "Launching and closing applications in Safe Run" on page 138); 

switch to the main desktop (see section "Switching between the main desktop and Safe Run for Applications" on 

page 139). 

To display the pop-up toolbar in Safe Run, 

roll over the top part of the screen with the mouse pointer. 

To fix the pop-up toolbar: 



CLEARING SAFE RUN 

During the clearing process, Kaspersky Internet Security deletes data that was saved in Safe Run and restores settings 

that were modified. 

Clearing is carried out from the Kaspersky Internet Security main window on the main desktop and only if Safe Run has 

been closed. 

Prior to clearing, make sure that all data that may be needed for further work have been saved in the Safe Run shared 

folder. Otherwise, the data will be deleted irretrievably. 

To clear Safe Run data: 



3. In the window that opens, click the button. 

4. In the menu that opens, select the Clear Safe Run for Applications item. 

140


CREATING A SHORTCUT FOR SAFE RUN ON THE DESKTOP 

If you want to start Safe Run quickly, you can create a shortcut on the desktop. 

To create a desktop shortcut for Safe Run: 




4. In the window that opens, select the Create desktop shortcut item. 

ABOUT SAFE RUN FOR WEBSITES 

Safe Run for Websites is designed for accessing online banking systems and other websites processing confidential 

data. 

You can enable access control for online banking services (see section "Controlling access to online banking services" 

on page 94) to determine banking websites automatically, and also start Safe Run for Websites manually (see section 

"Protection of confidential data entered on websites" on page 51). 

In Safe Run for Websites, no input data or modifications (for example, saved cookies, website logs) are stored in the 

operating system, which means they cannot be exploited by hackers. 

A browser running in Safe Run for Websites mode is marked with a green frame around the application window. 


Selecting the browser for Safe Run for Websites .......................................................................................................... 141 

Clearing Safe Run for Websites .................................................................................................................................... 142 

Creating a desktop shortcut for Safe Run for Websites ................................................................................................ 142 

SELECTING THE BROWSER FOR SAFE RUN FOR WEBSITES 

The default browser is used for Safe Run for Websites. You can select a different browser installed on your computer. 

Kaspersky Internet Security allows the use of the following browsers: 

Microsoft Internet Explorer versions 6, 7, 8, 9; 

Mozilla Firefox versions 3.x, 4.x; 

Google Chrome versions 7.x, 8.x. 

To select the browser for Safe Run for Websites: 


2. In the lower part of the window, select the Safe Run for Websites section. 

141



4. In the menu that opens, select the Settings item. 

5. The Safe Run for Websites settings window opens. 

6. In the Select browser for Safe Run for Websites list in the window that opens, select the required browser. 

7. Click the Save button. 

CLEARING SAFE RUN FOR WEBSITES 

By default, in Safe Run for Websites Kaspersky Internet Security saves changes to browser settings and data entered on 

websites. To protect data, it is recommended that you clear Safe Run for Websites on a regular basis. 

During the clearing process, Kaspersky Internet Security deletes data that was saved in Safe Run for Websites and 

restores settings that were modified. 

Prior to clearing, make sure that all data that may be needed for further work has been saved in the Safe Run shared 

folder. Otherwise, the data will be deleted irretrievably. 

Instead of clearing Safe Run for Websites manually, you can enable automatic clearing. In this case, Kaspersky Internet 

Security performs clearing automatically when Safe Run for Websites is closed, and manual clearing is not available. 

To clear Safe Run for Websites data manually: 




4. In the menu that opens, select the Clear Safe Run for Websites item. 

To enable automatic clearing of Safe Run for Websites: 




4. In the menu that opens, select the Settings item. 

5. The Safe Run for Websites settings window opens. 

6. In the Additional settings section in the window that opens, select the option Enable the automatic clearing 

of data. 

7. Click the Save button. 

CREATING A DESKTOP SHORTCUT FOR SAFE RUN FOR WEBSITES 

If you want to start Safe Run for Websites quickly, you can create a shortcut on the desktop. 

142


To create a desktop shortcut for Safe Run for Websites: 




4. In the window that opens, select the Create desktop shortcut item. 

USING A SHARED FOLDER 

The shared folder is designed to share files between the main operating system, Safe Run for Applications and Safe Run 

for Websites. All files saved in this folder when working in Safe Run for Applications and Safe Run for Websites are 

available from the standard desktop. 

The shared folder is created when the application is being installed. The location of the shared folder may vary 

depending on the operating system: 

for Microsoft Windows XP – C:\Documents and Settings\All Users\Application Data\Kaspersky 

Lab\SandboxShared; 

for Microsoft Windows Vista and Microsoft Windows 7 – C:\ProgramData\Kaspersky Lab\SandboxShared. 

The location of the shared folder cannot be changed. 

The shared folder can be opened in two ways: 


using the shortcut marked with the icon. Depending on the application settings specified by developers, the 

shortcut may be located in the My Computer section or the My Documents section of Microsoft Windows 

Explorer. 

To open the shared folder from the Kaspersky Internet Security main window: 


2. In the lower part of the window, select the Safe Run for Applications or Safe Run for Websites section. 

3. In the window that opens, click the Open shared folder button. 

PARENTAL CONTROL 

Parental Control allows the monitoring of actions users take on the computer and online. This control provides the option 

of restricting access to Internet resources and applications, as well as viewing reports of users' activities. 

Nowadays, an ever-increasing number of children and teenagers are obtaining access to computers and web resources. 

This means problems for security, since activity and communication on the Internet may entail a whole range of threats. 

These are the most frequent ones: 

access to websites that could waste time (chat rooms, games) or money (e-stores, auctions); 

access to websites targeted at an adult audience, such as those displaying pornography, extremism, firearms, 

drug abuse, and explicit violence; 

143


downloading of files infected with malware; 

excessive time spent using the computer, which may result in deterioration of health; 

contact with unfamiliar people who may pretend to be peers to obtain personal information from the user, such 

as real name, physical address, time of day when nobody is home. 

Parental Control allows you to reduce risks posed by the computer and the Internet. To do this, the following module 

functions are used: 

limiting the time for computer and Internet use; 

creating lists of allowed and blocked applications, as well as temporarily limiting the number of startups for 

allowed applications; 

creating lists of allowed and blocked websites and selection of categories of websites with content not 

recommended for viewing; 

enabling a safe search mode through search engines (links to websites with dubious content are not displayed 

in the search results); 

restricting file downloads from the Internet; 

creating lists of contacts which are allowed or blocked for communication via IM clients and social networks; 

viewing message logs from IM clients and social networks; 

blocking sending of certain personal data; 

searching for specified key words in message logs. 

All these restrictions can be enabled independently from each other, which allows you to flexibly configure Parental 

Control for various users. For each account, you can view reports of events in the categories to be controlled that the 

component has logged over a specified period. 

To configure and view Parental Control reports, you must enter your username and password. If you have not yet 

created a password for Kaspersky Internet Security (see section "Restricting access to Kaspersky Internet Security" on 

page 63), you will be prompted to do so when Parental Control starts for the first time. 


Configuring a user's Parental Control ............................................................................................................................ 144 

Viewing reports of a user's activity ................................................................................................................................ 153 

CONFIGURING A USER'S PARENTAL CONTROL 

You can enable and configure Parental Control for each account on your computer separately by imposing different limits 

on different users, for instance, depending on age. You can also disable Parental Control for users whose activity needs 

no control. 

144



Enabling and disabling user control .............................................................................................................................. 145 

Exporting and importing Parental Control settings ........................................................................................................ 146 

Displaying an account in Kaspersky Internet Security ................................................................................................... 147 

Time for computer use .................................................................................................................................................. 148 

Time for Internet use ..................................................................................................................................................... 148 

Applications Usage ....................................................................................................................................................... 148 

Viewing websites ........................................................................................................................................................... 149 

Downloading files from the Internet ............................................................................................................................... 150 

Communicating via IM clients ........................................................................................................................................ 150 

Communicating via social networks .............................................................................................................................. 151 

Sending confidential information ................................................................................................................................... 152 

Searching for key words ................................................................................................................................................ 153 

ENABLING AND DISABLING USER CONTROL 

You can enable and disable Parental Control individually for each account. For example, there is no need to control the 

activity of an adult user with the administrator account; Parental Control for this user can be disabled. For other users 

whose activity should be controlled, the Parental Control should be enabled and configured, for example, by loading the 

standard configuration from a template. 

Parental Control can be enabled or disabled in the following ways: 

from the main application window (see page 33); 

from the Parental Control settings window; 

from the application settings window (see page 36); 

from the context menu of the application icon (see page 32). 

Parental Control can be enabled / disabled from the context menu only for the current user account. 

To enable Parental Control for an account from the main window: 


2. In the lower part of the window, select the Parental Control section. 

3. In the section containing the account in the window that opens, click the Enable button. 

To enable Parental Control for an account from the Parental Control window: 



145


3. In the section containing the account in the window that opens, click the Settings button. 

The Parental Control window will open. 

4. Open the Settings tab and select the User Account Settings section in the left part of the window. 

5. In the right part of the window, check the Enable control for the user box if you want to enable Parental 

Control for the account. 

6. Click the Apply button to save the changes you have made. 

To enable Parental Control for an account from the application settings window: 


2. In the left part of the window, in the Advanced Settings section, select the Parental Control component. 

3. In the right part of the window, select the user for whom you want to enable Parental Control. 

4. Above the list of users, click the Control button. 

To enable Parental Control for the current account from the context menu, 

select Enable Parental Control in the context menu of the application icon. 

EXPORTING AND IMPORTING PARENTAL CONTROL SETTINGS 

If you have configured Parental Control for a certain account, you can save the settings to a file (export). You can 

subsequently load the settings from that file to configure them quickly (import). Furthermore, you can apply the control 

settings defined for another account or a configuration template (predefined set of rules for different types of users 

depending upon their age, experience and other characteristics). 

After a certain configuration is applied to an account, you can modify the values of the settings. That will not affect the 

values in the source file from which these settings have been imported. 

To save the Parental Control settings to a file: 






5. In the right part of the window in the Manage Settings section, click the Save button and save the settings file. 

To load the control settings from a file: 






146


5. In the right part of the window in the Manage Settings section, click the Load button. 

6. Use the Load Parental Control settings window that opens to select the Configuration file option and specify 

the file location. 

To apply the settings of another account: 







6. Select the Another user option In the Load Parental Control settings window that opens and specify the 

account whose settings should be used. 

To use a configuration template: 







6. Select the Template option in the Load Parental Control settings window that opens and specify the template 

that contains the necessary settings. 

DISPLAYING AN ACCOUNT IN KASPERSKY INTERNET SECURITY 

You can select an alias and an image with which your account will be displayed in Kaspersky Internet Security. 

To specify an alias and an image for an account: 






5. In the right part of the window, specify the user's alias in the Alias field. 

6. Select an image for the user account in the Image section. 


147


TIME FOR COMPUTER USE 

You can set up a schedule for a user's access to the computer (specifying days of the week and time of day) and limit the 

total time for computer use per 24 hours. 

To restrict the amount of time spent on the computer: 





4. Open the Settings tab and select the Computer Usage section in the left part of the window. 

5. In the right part of the window, check the Enable control box. 

6. Impose time limits on computer use. 


TIME FOR INTERNET USE 

You can restrict the time a user spends on the Internet. To do this, you can set up a schedule for Internet use (specifying 

days of the week and time of day when access should be granted or denied) and limit the total time for Internet in a 24 

hour period. 

To restrict the amount of time spent on the Internet: 





4. Open the Settings tab and select the Internet Usage section in the left part of the window. 


6. Impose time limits on Internet use. 


APPLICATIONS USAGE 

You can allow or block the running of specified programs and impose time limits on startup. 

To restrict running of applications: 





148


4. Open the Settings tab and select the Applications Usage section in the left part of the window. 


6. Create lists of allowed and blocked applications and set a schedule for the use of allowed applications. 


VIEWING WEBSITES 

You can impose restrictions on access to specified websites depending on their content. To do this, you can select 

categories of websites to be blocked and create a list of exclusions, if necessary. 

You can also enable the safe search mode, which is applied when the user is working with search engines. Some search 

engines are designed to protect users against unsolicited content of web resources. To do this, when indexing websites, 

key words and phrases, resources' addresses and categories are analyzed. When the safe search mode is enabled, 

search results do not include websites belonging to unwanted categories, such as pornography, drug abuse, violence, 

and other materials not recommended for underage audiences. 

Parental Control allows enabling of the safe search mode simultaneously for the following search engines: 

Google; 

Bing. 

To place restrictions on visited websites: 





4. Open the Settings tab and select the Web Browsing section in the left part of the window. 


6. In the Block websites section, select the access mode for websites: 

If you want to block access to certain categories of websites, select the option Block websites from the 

following categories and check the boxes for all the categories of websites that you want to block access 

to. 

If you need to allow access to certain websites that come under a blocked category, click the Exclusions 

button, add the URLs to the list of exclusions, and assign them the Allowed status. 

If you want to generate a list of websites to which access is allowed and block access to all other websites, 

select the option Block access to all websites except websites allowed in the list of exclusions, click 

the Exclusions button, add the URLs to the list of exclusions, and assign them the Allowed status. 

If you want to block access to certain websites, click the Exclusions button, add the URLs to the list of 

exclusions, and assign them the Blocked status. 

7. Check the Enable safe search box to enable safe search mode. 


149


DOWNLOADING FILES FROM THE INTERNET 

You can specify the types of files that a user can download from the Internet. 

To restrict downloading of files from the Internet: 





4. Open the Settings tab and select the File Downloads section in the left part of the window. 


6. Select the file categories that should be allowed for downloading. 


COMMUNICATING VIA IM CLIENTS 

Controlling communication via instant messaging programs (IM clients) consists of controlling contacts allowed for 

communication, blocking banned contacts, and monitoring messaging logs. You can create lists of allowed and blocked 

contacts, specify key words that should be checked for in messages, and specify personal information whose 

transmission is to be blocked. 

If communication with a contact is blocked, all messages addressed to this contact or received from it will be filtered out. 

Information about blocked messages and key words encountered in them is displayed in a report. The report also 

includes messaging logs for each contact. 

The following restrictions are imposed on communication monitoring: 

If an IM client was launched before Parental Control was enabled, communication monitoring will not start until 

the IM client is restarted. 

When using an HTTP proxy, communication is not monitored. 

The current version of Parental Control monitors communication via the following IM clients: 

ICQ; 

QIP; 

Windows Live Messenger (MSN); 

Yahoo Messenger; 

GoogleTalk; 

mIRC; 

Mail.Ru Agent; 

Psi; 

Miranda; 

150


Digsby; 

Pidgin; 

Qnext; 

SIM; 

Trilian; 

Xchat; 

Instantbird; 

RnQ; 

MSN; 

Jabber. 

Some IM clients, such as Yahoo! Messenger and Google Talk, use encrypted connections. To scan the traffic generated 

by those programs, you have to enable encrypted connections scanning (see page 116). 

To restrict messaging via IM clients: 





4. Open the Settings tab and select the Instant Messaging section in the left part of the window. 


6. Create a list of allowed and blocked contacts: 

a. In the Contacts list, click the Add contact button. 

b. In the New contact window that opens, select a contact from the list or enter one manually. 

7. If you want to allow communication only with contacts in the list that have the Allowed status, click the Block 

messaging with contacts not from the list box. 


COMMUNICATING VIA SOCIAL NETWORKS 

Controlling communication via social networks consists of controlling contacts allowed for communication, blocking 

banned contacts, and monitoring messaging logs. You can create lists of allowed and blocked contacts, specify key 

words that should be checked for in messages, and specify personal information whose transmission is to be blocked. 

If communication with a contact is blocked, all messages addressed to this contact or received from it will be filtered out. 

Information about blocked messages and key words encountered in them is displayed in a report. The report also 

includes messaging logs for each contact. 

151


Some social networks, such as Twitter, use encrypted connections. To scan the traffic generated by those networks, you 

have to enable encrypted connections scanning (see page 116). 

To restrict messaging via social networks: 





4. Open the Settings tab and select the Social Networking section in the left part of the window. 


6. Create a list of allowed and blocked contacts: 

A list cannot be generated if Kaspersky Internet Security has not yet gathered sufficient data on social network 

usage. 

a. In the Contacts list, click the Add contact button. 

b. In the New contact window that opens, select a contact from the list or enter one manually. 

7. If you want to allow communication only with contacts in the list that have the Allowed status, click the Block 

messaging with contacts not from the list box. 


SENDING CONFIDENTIAL INFORMATION 

You can block sending of data that contains confidential information via IM clients, social networks, and when sending 

data to websites. To do this, you should create a list of records that contain confidential data, such as physical address 

and phone number. 

Attempts to send listed data are blocked, and information about blocked messages is displayed in a report. 

To ban the sending of confidential information: 





4. Open the Settings tab and select the Private Data section in the left part of the window. 


6. Create a list of private data that should not be sent: 

a. In the Private Data list, click the Add button. 

b. In the Private Data window that opens, enter the information that you want to prevent from being sent. 


152


SEARCHING FOR KEY WORDS 

You can check a user's messages for specified words and word combinations in communications via IM clients and 

social networks and when sending data to websites. 

If listed key words are detected in the messages, this is displayed in a report. 

If you have disabled control of messaging via IM clients, social networks, or control of websites being visited, key words 

are not searched for. 

To monitor specified key words in messages and data being sent: 





4. Open the Settings tab and select the Word Usage section in the left part of the window. 


6. Generate a list of key words to be monitored in messages and data that is sent: 

a. In the Key words list, click the Add button. 

b. In the Key word window that opens, enter the words or phrases that are to be monitored. 


VIEWING REPORTS OF A USER'S ACTIVITY 

You can access reports on the activity of each user account under Parental Control, reviewing individually each category 

of controlled events. 

To view a report on the activity of a controlled user account: 





4. Select the Reports tab. 

5. Use the left part of the window that opens to select the category of supervised operations or content, for 

example, Internet Usage or Private Data. 

A report of actions and content being supervised will be displayed in the right part of the window. 

153


TRUSTED ZONE 

The Trusted zone is a list of objects which should not be monitored by the application. In other words, it is a set of 

exclusions from the scope of Kaspersky Internet Security protection. 

The Trusted zone is created based on the list of trusted applications (see section "Creating a list of trusted applications" 

on page 154) and exclusion rules (see section "Creating exclusion rules" on page 155), depending on the features of the 

objects you work with and applications installed on the computer. Including objects in the trusted zone may be required if, 

for example, Kaspersky Internet Security blocks access to an object or application, even though you are certain that this 

object / application is absolutely harmless. 

For example, if you think objects used by Microsoft Windows Notepad are harmless and require no scanning, that is, you 

trust this application, add Notepad to the list of trusted applications to exclude scanning of objects used by this process. 

Some actions classified as dangerous may be safe in the framework of certain applications. For instance, applications 

that automatically toggle keyboard layouts, such as Punto Switcher, regularly intercept text being entered on your 

keyboard. To take into account the specifics of such applications and disable the monitoring of their activity, you are 

advised to add them to the list of trusted applications. 

When an application is added into the list of trusted ones, its file and network activities (including suspicious ones) 

become uncontrolled. So do its attempts to access the system registry. At the same time, the executable file and the 

trusted application's process are scanned for viruses as they were before. To completely exclude an application from a 

scan, you should use exclusion rules. 

Excluding trusted applications from scanning avoids problems related to the application's compatibility with other 

programs (e.g. the problems of double scanning of network traffic on a third-party computer by Kaspersky Internet 

Security and by another anti-virus application), and also increases the computer's performance rate, which is critical 

when using server applications. 

In its turn, exclusion rules for the trusted zone ensure the option of working with legal applications that may be exploited 

by intruders to do harm to the user's computer or data. These applications have no malicious features, but they may be 

used as auxiliary components of a malicious program. This category includes remote administration applications, IRC 

clients, FTP servers, various utility tools for halting or concealing processes, keyloggers, password hacking programs, 

dialers, and others. Such applications may be blocked by Kaspersky Internet Security. To avoid blockage, you can 

configure exclusion rules. 

An Exclusion rule is a set of conditions which determine that an object should not be scanned by Kaspersky Internet 

Security. In any other case, the object is scanned by all protection components according to their respective protection 

settings. 

Exclusion rules for the trusted zone may be used by several application components, such as File Anti-Virus (see section 

"File Anti-Virus" on page 77), Mail Anti-Virus (see section "Mail Anti-Virus" on page 83), Web Anti-Virus (see section 

"Web Anti-Virus" on page 88)), or when running virus scan tasks. 


Creating a list of trusted applications ............................................................................................................................ 154 

Creating exclusion rules ................................................................................................................................................ 155 

CREATING A LIST OF TRUSTED APPLICATIONS 

By default, Kaspersky Internet Security scans objects being opened, run, or saved by any program process and monitors 

the activity of all applications and the network traffic they create. When you add an application to the list of trusted ones, 

Kaspersky Internet Security excludes it from scanning. 

154


To add an application to the trusted list: 


2. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions 

subsection. 

3. In the Exclusions section, click the Settings button. 

4. In the window that opens, on the Trusted applications tab, open the application selection menu by clicking the 

Add button. 

5. In the menu that opens, select an application from the Applications list, or select Browse to specify the path to 

the executable files of the desired application. 

6. In the Exclusions for applications window that opens, check the boxes for the types of application activity that 

should be excluded from scanning. 

CREATING EXCLUSION RULES 

If you use applications recognized by Kaspersky Internet Security as legal ones that may be used by intruders to do 

harm to the user's computer or data, we recommend that you configure exclusion rules for them. 

To create an exclusion rule: 



subsection. 

3. In the Exclusions section, click the Settings button. 

4. In the window that opens, on the Exclusion rules tab, click the Add button. 

5. In the Exclusion rule window that opens, edit the exclusion rule settings. 

PERFORMANCE AND COMPATIBILITY WITH OTHER 

APPLICATIONS 

The performance of Kaspersky Internet Security is defined as the range of threats it can detect, as well as its 

consumption of energy and computer resources. 

Kaspersky Internet Security allows you to select various categories of threats (see section "Selecting detectable threat 

categories" on page 156) that the application should detect. 

Energy consumption is of great importance for portable computers. Scanning a computer for viruses and updating the 

Kaspersky Internet Security databases often require significant amounts of resources. The special laptop mode of 

Kaspersky Internet Security (see section "Battery saving" on page 156) allows you to automatically postpone scheduled 

scan and update tasks when using batteries, thus saving battery charge, while Idle Scan mode (see section "Running 

tasks in background mode" on page 157) allows you to run resource-intensive tasks when your computer is not in use. 

Consumption of the computer's resources by Kaspersky Internet Security may impact other applications' performance. 

To solve problems of simultaneous operations which increase the load on the CPU and disk subsystems, Kaspersky 

Internet Security may pause scan tasks and concede resources to other applications (see section "Distributing computer 

resources when scanning for viruses" on page 157) running on your computer. 

In the Gaming Profile (see page 158) mode, the application automatically disables displaying notifications of Kaspersky 

Internet Security's activity when starting other applications in full-screen mode. 

155


In case of an active infection in the system, the advanced disinfection procedure requires restarting your computer, which 

may also impact other applications' performance. If necessary, you can disable the advanced disinfection technology 

(see page 156) to avoid an unwanted restart of your computer. 


Selecting detectable threat categories .......................................................................................................................... 156 

Battery saving ............................................................................................................................................................... 156 

Advanced Disinfection ................................................................................................................................................... 156 

Distributing computer resources when scanning for viruses ......................................................................................... 157 

Running tasks in background mode .............................................................................................................................. 157 

Full-screen mode. Gaming Profile ................................................................................................................................. 158 

SELECTING DETECTABLE THREAT CATEGORIES 

Threats detected by Kaspersky Internet Security are divided into categories based on various attributes. The application 

always searches for viruses, Trojan programs, and malicious utility tools. These programs can do significant harm to your 

computer. To ensure a more reliable protection to your computer, you can extend the list of detected threats by enabling 

control of actions performed by legal applications that may be exploited by an intruder to do harm to the user's computer 

and data. 

To select detectable threat categories: 



subsection. 

3. In the right part of the window, click the Settings button located under the Detection of the following threat 

types is enabled list. 

4. In the Threats window that opens, check the boxes for the categories of threats that should be detected. 

BATTERY SAVING 

To save power on a portable computer, virus scanning and scheduled update tasks can be postponed. If necessary, you 

can update Kaspersky Internet Security or start a virus scan manually. 

To enable the power conservation mode when working from a battery: 


2. In the left part of the window, in the Advanced Settings section, select the Battery Saving subsection. 

3. In the right part of the window, check the Disable scheduled scans while running on battery power box. 

ADVANCED DISINFECTION 

Today's malicious programs can invade the lowest levels of an operating system, which makes them practically 

impossible to delete. If a malicious activity is detected within the system, Kaspersky Internet Security offers you to apply 

the Advanced Disinfection technology, which eliminates the threat and removes it from the computer. 

156


When the advanced disinfection procedure is complete, the application restarts the computer. After restarting your 

computer, you are advised to run the full virus scan (see section "How to perform a full scan of your computer for 

viruses" on page 48). 

To enable Kaspersky Internet Security to apply the Advanced Disinfection technology: 


2. In the left part of the window, in the Advanced Settings section, select the Compatibility subsection. 

3. Check the Enable Advanced Disinfection technology box. 

DISTRIBUTING COMPUTER RESOURCES WHEN SCANNING 

FOR VIRUSES 

Executing scan tasks increases the load on the CPU and disk subsystems, thus slowing down other applications. By 

default, if such a situation arises, Kaspersky Internet Security pauses virus scan tasks and releases system resources for 

the user's applications. 

However, there are a number of applications which start immediately when CPU resources become available and run in 

the background. For the scan not to depend on the performance of those applications, system resources should not be 

conceded to them. 

For Kaspersky Internet Security to postpone scan tasks when they slow down other applications: 


2. In the left part of the window, in the Advanced Settings section, select the Compatibility subsection. 

3. Check the Concede resources to other applications box. 

RUNNING TASKS IN BACKGROUND MODE 

To optimize the load on the computer's resources, Kaspersky Internet Security performs regular scanning for rootkits in 

background mode and running of resource-intensive tasks when the computer is idle. 

Regular scanning for rootkits is run while you work at the computer. The scan takes 5 minutes at the most and involves a 

minimal share of the computer resources. 

When the computer is idle, the following tasks can be run: 

automatic update of anti-virus databases and program modules; 

scanning of system memory, startup objects, and system partition. 

Idle Scan tasks are run if the computer has been blocked by the user or if the screensaver is displayed on the screen for 

at least 5 minutes. 

If your computer is battery-powered, no tasks are run when the computer is idle. 

After tasks are run in background mode, their progress is displayed in the Task Manager (see section "Managing scan 

tasks. Task Manager" on page 72). 

157



Searching for rootkits in background mode ................................................................................................................... 158 

Idle Scan ....................................................................................................................................................................... 158 

SEARCHING FOR ROOTKITS IN BACKGROUND MODE 

By default, Kaspersky Internet Security performs regular rootkit scan. If necessary, you can disable rootkit scan. 

To disable regular rootkit scan: 


2. In the left part of the window, in the Scan section, select the General Settings subsection. 

3. In the right part of the window, uncheck the Perform regular rootkit scan box. 

IDLE SCAN 

The first stage of Idle Scan is checking whether the databases and application modules are up-to-date. If an update is 

required after scanning, an automatic update task starts. At the second stage, the application verifies the date and status 

of the last run of Idle Scan. If Idle Scan has not been run at all, or was run more than 7 days ago, or was interrupted, 

then the application runs the scan task for the system memory, startup objects, and system registry. 

Idle Scan is performed using a deep level of heuristic analysis, which increases the probability of threat detection. 

When the user returns to his or her work, the Idle Scan task is automatically interrupted. Note that the application 

remembers the stage at which the task was interrupted to resume the scan from this stage later. 

If running Idle Scan tasks was interrupted while downloading an update package, the update will start from the beginning 

next time. 

To disable Idle Scan mode: 


2. In the left part of the window, in the Scan section, select the General Settings subsection. 

3. In the right part of the window, uncheck the Perform Idle Scan box. 

FULL-SCREEN MODE. GAMING PROFILE 

Certain programs (especially computer games) running in full-screen mode are only marginally compatible with some 

features of Kaspersky Internet Security: for example, pop-up notifications are undesirable in that mode. Quite often those 

applications require significant system resources, meaning that running certain Kaspersky Internet Security tasks may 

slow down their performance. 

To avoid manually disabling notifications and pausing tasks every time you launch full-screen applications, Kaspersky 

Internet Security provides the option of temporarily changing the settings using the gaming profile. When the gaming 

profile is active, switching to full-screen mode automatically changes the settings of all product components to ensure 

optimal system functioning in that mode. Upon exit from the full-screen mode, product settings return to the initial values 

used before entering the full-screen mode. 

158


To enable the gaming profile: 


2. In the left part of the window, in the Advanced Settings section, select the Gaming Profile subsection. 

3. Check the Use Gaming Profile box and specify the necessary gaming profile settings in the Profile options 

section below. 

KASPERSKY INTERNET SECURITY SELF-DEFENSE 

Because Kaspersky Internet Security ensures your computer's protection against malware, malicious programs 

penetrating your computer attempt to block Kaspersky Internet Security or delete the application from your computer. 

Stable performance of your computer defense is ensured by self-defense features and protection against external control 

implemented in Kaspersky Internet Security. 

Kaspersky Internet Security self-defense prevents the modification and deletion of its own files on the hard disk, 

processes in the memory, and entries in the system registry. Protection against external control allows you to block all 

attempts to remotely control application services. 

On computers running under 64-bit operating systems and Microsoft Windows Vista, Kaspersky Internet Security selfdefense 

is only available for preventing the application's own files on local drives and system registry records from being 

modified or deleted. 


Enabling and disabling self-defense .............................................................................................................................. 159 

Protection against external control ................................................................................................................................ 159 

ENABLING AND DISABLING SELF-DEFENSE 

By default, Kaspersky Internet Security self-defense is enabled. You can disable self-defense, if necessary. 

To disable Kaspersky Internet Security self-defense: 


2. In the left part of the window, in the Advanced Settings section, select the Self-Defense subsection. 

3. In the right part of the window, uncheck the Enable Self-Defense box. 

PROTECTION AGAINST EXTERNAL CONTROL 

By default, protection against external control is enabled. You can disable protection, if necessary. 

When using remote administration applications (such as RemoteAdmin) you will need to add such applications to the 

Trusted Applications list (see section "Trusted zone" on page 154) when External Service Control is enabled and enable 

the Do not monitor application activity setting for them. 

159


To disable protection against external control: 


2. In the left part of the window, in the Advanced Settings section, select the Self-Defense subsection. 

3. In the External control section, uncheck the Disable external service control box. 

QUARANTINE AND BACKUP 

Quarantine is a special area storing files probably infected with viruses and files that cannot be disinfected at the time 

when they are detected. 

A potentially infected file can be detected and quarantined in the course of a virus scan or by File Anti-Virus, Mail Anti- 

Virus or Proactive Defense. 

Files are quarantined in the following cases: 

File code resembles a known but partially modified threat or has a malware-like structure, but is not registered in 

the database. In this case, the file is moved to Quarantine after heuristic analysis performed by File Anti-Virus 

and Mail Anti-Virus, or during an anti-virus scan. Heuristic analysis rarely causes false alarms. 

The sequence of operations performed by an object looks suspicious. In this case, the file is moved to 

Quarantine after its behavior is analyzed by the Proactive Defense component. 

Files in Quarantine pose no threat. With the course of time, information about new threats and ways of neutralizing them 

appears, which may cause Kaspersky Internet Security to disinfect a file stored in Quarantine. 

Backup storage is designed for storing backup copies of files that have been deleted or modified during the disinfection 

process. 


Storing files in Quarantine and Backup ......................................................................................................................... 160 

Working with quarantined files ...................................................................................................................................... 161 

Working with objects in Backup ..................................................................................................................................... 162 

Scanning files in Quarantine after an update ................................................................................................................ 163 

STORING FILES IN QUARANTINE AND BACKUP 

The default maximum storage duration for objects is 30 days. After that the objects will be deleted. You can cancel the 

time restriction or change the maximum object storage duration. 

In addition, you can specify the maximum size of Quarantine and Backup. If the maximum size value is reached, the 

content of Quarantine and Backup is replaced with new objects. By default, the maximum size restriction is disabled. 

To modify the object maximum storage time: 


2. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. 

3. In the right part of the window, in the Storing Quarantine and Backup objects section, check the Store 

objects no longer than box and specify the maximum storage duration for quarantined objects. 

160


To configure the maximum Quarantine and Backup size: 



3. In the right part of the window, in the Storing Quarantine and Backup objects section, check the Maximum 

size box and specify the maximum Quarantine and Backup size. 

WORKING WITH QUARANTINED FILES 

The Kaspersky Internet Security quarantine lets you perform the following operations: 

quarantine files that you suspect are infected; 

scan files in Quarantine using the current version of Kaspersky Internet Security databases; 

restore files in original folders, from which they have been moved to Quarantine; 

delete selected files from Quarantine; 

send files from Quarantine to Kaspersky Lab for research. 

You can use the following methods to move a file to Quarantine: 

using the Move to Quarantine button in the Quarantine window; 

using the context menu for the file. 

To move a file to Quarantine from the Quarantine window: 



3. On the Quarantine tab click the Move to Quarantine button. 

4. In the window that opens, select the file that you want to move to Quarantine. 

To move a file to Quarantine using the context menu: 

1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to 

Quarantine. 

2. Right-click to open the context menu of the file and select Move to Quarantine. 

To scan a quarantined file: 



3. On the Quarantine tab, select a file that you need to scan. 

4. Click the Scan button. 

161


To restore a quarantined object: 



3. On the Quarantine tab, select a file that you need to restore. 

4. Click the Restore button. 

To delete a quarantined object: 



3. On the Quarantine tab, select a file that you need to delete. 

4. Right-click the file to open its context menu and select Delete. 

To send a quarantined object to Kaspersky Lab for analysis: 



3. On the Quarantine tab, select a file that you need to send for research. 

4. Right-click to open the context menu of the file and select the Send for analysis item. 

WORKING WITH OBJECTS IN BACKUP 

The Kaspersky Internet Security backup storage lets you perform the following operations: 

restore files in a specified folder or in original ones, in which a file had been stored before it was processed by 

Kaspersky Internet Security; 

delete selected files or all files from Backup. 

To restore an object from Backup: 



3. On the Storage tab, select a file that you need to restore. 

4. Click the Restore button. 

To delete a file from Backup: 



3. On the Storage tab, select a file that you need to delete. 

4. Right-click the file to open its context menu and select Delete. 

162


To delete all files from Backup: 



3. On the Storage tab, click the Clear storage button. 

SCANNING FILES IN QUARANTINE AFTER AN UPDATE 

If the application has scanned a file and has not been able to determine exactly what malicious programs have infected 

it, the file is quarantined. After the databases are updated, Kaspersky Internet Security may be able to clearly identify 

and remove the threat. You can enable automatic scanning of quarantined objects after each update. 

We recommend that you periodically view quarantined files. Scanning may change their status. Some files can then be 

restored to their previous locations, and you will be able to continue working with them. 

To enable scanning quarantined files after update: 



3. Check the Rescan Quarantine after update box in the Additional section. 

ADDITIONAL TOOLS FOR BETTER PROTECTION OF YOUR 

COMPUTER 

The following wizards and tools included with Kaspersky Internet Security are used to resolve specific issues concerning 

your computer's security: 

Kaspersky Rescue Disk Creation Wizard is designed for creating an ISO disk image and writing Kaspersky 

Rescue Disk on a removable medium, which allows you to recover the system's operability after a virus attack if 

you load the application from the removable medium. Kaspersky Rescue Disk should be used when the 

infection is at such a level that it is deemed impossible to disinfect the computer using anti-virus applications or 

malware removal utilities. 

The Privacy Cleaner Wizard is designed to search for and eliminate traces of a user's activities in the system, 

as well as operating system settings which allow the gathering of information about user activities. 

The System Restore Wizard is designed to eliminate system damage and traces of malware objects in the 

system. 

The Browser Configuration Wizard is designed to analyze and adjust the settings of Microsoft Internet Explorer 

in order to eliminate its potential vulnerabilities. 

All the problems found by the Wizards (except the Kaspersky Rescue Disk Creation Wizard) are grouped based on the 

type of danger they pose to the operating system. Kaspersky Lab offers a set of actions for each group of problems 

which help eliminate vulnerabilities and weak points in the system's settings. Three groups of problems and, accordingly, 

three groups of actions to be taken when they are detected are distinguished: 

Strongly recommended actions will help eliminate problems posing a serious security threat. You are advised to 

perform all the actions in this group without delay to eliminate the threat. 

Recommended actions help eliminate problems posing a potential threat. You are advised to perform all actions 

in this group as well to provide the optimal level of protection. 

163


Additional actions help repair system damages which do not pose a current threat but may threaten your 

computer's security in the future. Performing these actions ensures comprehensive protection of your computer. 

However, in some cases, they may lead to deletion of user settings (such as cookies). 


Privacy Cleaner ............................................................................................................................................................. 164 

Configuring a browser for safe work .............................................................................................................................. 165 

Rolling back changes made by Wizards ....................................................................................................................... 167 

PRIVACY CLEANER 

When working with the computer, a user's actions are registered in the system. Saved data includes the search queries 

entered by users and web sites visited, launched programs, opened and saved files, the Microsoft Windows system 

event log, temporary files, etc. 

All these sources of information about the user's activity may contain confidential data (including passwords) and may 

become available to intruders for analysis. Frequently, the user has insufficient knowledge to prevent information being 

stolen from these sources. 

Kaspersky Internet Security includes the Privacy Cleaner Wizard. This Wizard searches for traces of user activities in the 

system, as well as for operation system settings which contribute to the storing of information about user activity. 

Please keep in mind that data related to user activity in the system, is accumulated constantly. The launch of any file or 

the opening of any document is logged. The Microsoft Windows system log registers many events occurring in the 

system. For this reason, repeated running of the Privacy Cleaner Wizard may detect activity traces which were not 

cleaned up by the previous run of the Wizard. Some files, for example the Microsoft Windows log file, may be in use by 

the system while the Wizard is attempting to delete them. In order to delete these files, the Wizard will prompt you to 

restart the system. However, during the restart, these files may be recreated and detected again as activity traces. 




To remove traces of the user's activity in the system: 



3. In the window that opens, in the Privacy Cleaner section, click the Start button. 



Make sure the option Perform user's activity traces diagnostics is selected and click the Next button to start 

the Wizard. 

Step 2. Activity signs search 

This Wizard searches for traces of malware activities in your computer. The scan may take some time. Once the 

search is complete, the Wizard will proceed automatically to the next step. 

164


Step 3. Selecting Privacy Cleaner actions 

When the search is complete, the Wizard displays the detected activity traces and actions suggested to 

eliminate them. 








Step 4. Privacy Cleaner 

The Wizard will perform the actions selected during the previous step. The elimination of activity traces may 

take some time. To clean up certain activity traces, a reboot may be required; if so, the Wizard will notify you. 

Once the clean-up is complete, the Wizard will proceed automatically to the next step. 


If you wish to clean up the traces of user activity automatically whenever Kaspersky Internet Security completes 

its work, use the last screen of the Wizard to check the box Clean activity traces every time on Kaspersky 

Internet Security exit. If you plan to remove activity traces manually using the Wizard, do not check this box. 


CONFIGURING A BROWSER FOR SAFE WORK 

The Microsoft Internet Explorer browser requires special analysis and configuration in certain cases, since some setting 

values selected by the user or set by default may cause security problems. 

Here are some examples of the objects and parameters used in the browser and how they are associated with potential 

security threats: 

Microsoft Internet Explorer cache. The cache stores data downloaded from the Internet, so the user does not 

have to download them next time. This speeds up the download time of web pages and reduces Internet traffic. 

In addition to that, the cache contains confidential data and makes it possible to find out which sites the user 

has visited. Some malware objects also scan the cache while scanning the disk, and intruders can obtain, for 

example, the user's email addresses. You are advised to clear the cache every time you close your browser to 

improve protection. 

Display of known file types extensions. To edit file names conveniently, you can disable the display of their 

extensions. Nevertheless, it is sometimes useful to see the file extension. File names of many malicious objects 

contain combinations of symbols imitating an additional file extension before the real one (e.g., 

example.txt.com). If the real file extension is not displayed, users can see just the file name part with the 

imitated extension and so they may identify a malicious object as a harmless file. To improve protection, you are 

advised to enable the display of files of known formats. 

List of trusted websites. For some websites to run correctly, you should add them to the list of trusted sites. At 

the same time, malicious objects can add links to websites created by intruders to this list. 

The browser configuration for Safe Run may cause problems with the display of certain websites (for example, if they 

use ActiveX elements). This problem can be solved by adding these websites to the trusted zone. 

165


Browser analysis and configuration are performed in the Browser Configuration Wizard. The Wizard checks whether the 

latest browser updates are installed and makes sure that the current browser settings do not make the system vulnerable 

to malicious exploits. Once the Wizard is complete, a report is generated which can be sent to Kaspersky Lab for 

analysis. 




Close all Microsoft Internet Explorer windows before starting the diagnostics. 

To configure the browser for safe work: 



3. In the window that opens, in the Browser Configuration section, click the Start button. 



Make sure the option Perform diagnostics for Microsoft Internet Explorer is selected and click the Next 

button to start the Wizard. 

Step 2. Microsoft Internet Explorer settings analysis 

The Wizard analyzes the settings of Microsoft Internet Explorer. Searching the browser settings for problems 

may take some time. Once the search is complete, the Wizard will proceed automatically to the next step. 

Step 3. Selecting actions for browser configuration 

When the search is complete, the Wizard displays the detected problems and actions suggested to eliminate 

them. 








Step 4. Browser Configuration 

The Wizard will perform the actions selected during the previous step. Browser configuration may take some 

time. Once configuration is complete, the Wizard proceeds automatically to the next step. 



166


ROLLING BACK CHANGES MADE BY WIZARDS 

Some changes made when running the Privacy Cleaner Wizard (see section "Privacy Cleaner" on page 164), System 

Restore Wizard (see section "What to do if you suspect your computer is infected" on page 53), and Browser 

Configuration Wizard (see section "Configuring a browser for safe work" on page 165) can be rolled back. 

To roll back changes made by Wizards: 

1. Open the main application window and select the Tools section in the lower part of the window. 

2. In the right part of the window, click the Start button in the section with the name of a Wizard, for which you 

need to roll back changes made: 

Privacy Cleaner – to roll back changes made by the Privacy Cleaner Wizard; 

Microsoft Windows Troubleshooting – to roll back changes made by the Microsoft Windows 

Troubleshooting Wizard; 

Browser Configuration – to roll back changes made by the Browser Configuration Wizard. 

Let us take a closer look at Wizards' steps taken when rolling back changes. 


Select Roll back changes and click the Next button. 

Step 2. Search for changes 

The Wizard searches for the changes that it made earlier and that can be rolled back. Once the search is 

complete, the Wizard will proceed automatically to the next step. 

Step 3. Selecting changes to roll back 

When the search is completed, the Wizard informs you of changes found. 

To make the wizard roll back an action taken earlier, check the box located to the left of the action's name. 

After you have selected actions that you want to roll back, click the Next button. 

Step 4. Rolling back changes 

The Wizard rolls back the actions selected at the previous step. When the changes are rolled back, the Wizard 

automatically proceeds to the next step. 



REPORTS 

Events that occur during the operation of the protection components or when the Kaspersky Internet Security tasks are 

run are logged in reports. 

167



Creating a report for the selected protection component .............................................................................................. 168 

Data filtering .................................................................................................................................................................. 168 

Events search ............................................................................................................................................................... 169 

Saving a report to file .................................................................................................................................................... 170 

Storing reports ............................................................................................................................................................... 170 

Clearing application reports ........................................................................................................................................... 170 

Recording non-critical events into the report ................................................................................................................. 171 

Configuring the notification of report availability ............................................................................................................ 171 

CREATING A REPORT FOR THE SELECTED PROTECTION COMPONENT 

You can obtain a detailed report about events which occurred during the operation of each of the Kaspersky Internet 

Security protection components or during execution of its tasks. 

For added convenience when working with reports, you can change the data display on the screen: group events by 

various parameters, select the report period, sort events by column or by importance, and hide columns. 

To create a report on a certain protection component or a task: 


2. In the top part of the window, click the Reports link. 


4. In the left part of the Detailed report window that opens, select the component or task, for which a report 

should be created. When you select the Protection Center item, a report is created for all protection 

components. 

DATA FILTERING 

You can filter events in Kaspersky Internet Security reports by one or several values in the report columns, as well as 

define complex data filtering conditions. 

To filter events by values: 




4. In the right part of the Detailed report window that opens, move the mouse pointer to the upper left corner of 

the column header and click it to open the filter menu. 

5. Select the value which should be used to filter data in the filter menu. 

6. Repeat the procedure for another column, if necessary. 

168


To specify a complex filtering condition: 


2. Click the Reports link in the top part of the window to open the reports window. 

3. In the window that opens, on the Report tab, click the Detailed report button. 

4. In the right part of the Detailed report window that opens, right-click the appropriate report column to display 

the context menu for it and select Custom. 

5. In the Custom filter window that opens, set the filtration conditions: 

a. Define the query limits in the right part of the window. 

b. In the left part of the window, select the necessary query condition from the Condition dropdown list (e.g., 

is greater or less than, equals or does not equal the value specified as the query limit). 

c. If necessary, add a second condition using logical conjunction (logical AND) or disjunction (logical OR) 

operations. If you wish your data query to satisfy both specified conditions, select AND. If only one of the 

two conditions is required, select OR. 

EVENTS SEARCH 

You can search a report for the desired event using a key word in the search line or special search window. 

To find an event using the search line: 




4. Enter the key word in the search line in the right part of the Detailed report window that opens. 

To find an event using the search window: 




4. In the right part of the Detailed report window that opens, right-click the appropriate column header to display 

the context menu for it and select Search. 

5. Specify the search criteria in the Search window that opens: 

a. In the String field, enter a key word to be searched for. 

b. In the Column dropdown list, select the name of the column that should be searched for the specified key 

word. 

c. If necessary, check the boxes for additional search settings. 

6. Start the search using one of the following methods: 

If you want to find an event that meets the specified search criteria and comes next after the one that you 

have highlighted on the list, click the Find next button. 

If you want to find all events that meet the specified search criteria, click the Mark all button. 

169


SAVING A REPORT TO FILE 

The report obtained can be saved to a text file. 

To save the report to file: 




4. In the Detailed report window that opens, create a required report and click the Save link to select a location 

for the file that you want to save. 

5. In the window that opens, select a folder into which you wish to save the report file and enter the file name. 

STORING REPORTS 

The default maximum report storage duration is 30 days. After that the reports will be deleted. You can cancel the time 

restriction or change the maximum report storage duration. 

In addition, you can also define the maximum report file size. By default, the maximum size is 1024 MB. Once the 

maximum size has been reached, the content of the file is replaced with new records. You can cancel any limits imposed 

on the report's size, or enter another value. 

To modify the report maximum storage time: 



3. In the right part of the window, in the Storing reports section, check the Store reports no longer than box and 

specify the maximum storage period for reports. 

To configure the maximum report file size: 



3. In the Storing reports section in the right part of the window, check the Maximum file size box and specify the 

maximum size for a report file. 

CLEARING APPLICATION REPORTS 

You can clear the reports containing data that you no longer need. 

To clear application reports: 



3. In the right part of the window, in the Clear reports section, click the Clear button. 

4. In the Clearing reports window that opens, check the boxes for the reports you wish to clear. 

170


RECORDING NON-CRITICAL EVENTS INTO THE REPORT 

By default, the product does not add non-critical events or registry and file system events to its reports. You can add 

records of such events to the report. 

To add non-critical events to the report: 



3. In the right part of the window, check the Log non-critical events box. 

CONFIGURING THE NOTIFICATION OF REPORT AVAILABILITY 

You can create a schedule according to which Kaspersky Internet Security will remind you that a report is ready. 

To configure notification of a report's completion: 



3. In the Reports window that opens, click the button. 

4. In the Notifications window that opens, specify schedule settings. 

APPLICATION APPEARANCE. MANAGING ACTIVE 

INTERFACE ELEMENTS 

Kaspersky Internet Security allows you to adjust the settings for display of text on the logon screen in Microsoft Windows 

and active interface elements (the application icon in the notification area, notification windows, and pop-up messages). 


Translucence of notification windows ............................................................................................................................ 171 

Animation of the application icon in the notification area ............................................................................................... 172 

Text on Microsoft Windows logon screen ...................................................................................................................... 172 

TRANSLUCENCE OF NOTIFICATION WINDOWS 

To make notification windows translucent: 


2. In the left part of the window, in the Advanced Settings section, select the Appearance subsection. 

3. In the Icon in the taskbar notification area section, check the Enable semi-transparent windows box. 

171


ANIMATION OF THE APPLICATION ICON IN THE NOTIFICATION AREA 

Animation of the application icon is displayed in the notification area when running an update or a scan. 

By default, animation of the application icon in the notification area is enabled. 

To disable animation of the application icon: 



3. In the Icon in the taskbar notification area section, uncheck the Animate taskbar icon when executing 

tasks box. 

TEXT ON MICROSOFT WINDOWS LOGON SCREEN 

By default, if Kaspersky Internet Security is enabled and protects your computer, the text "Protected by Kaspersky Lab" 

is displayed on the logon screen while Microsoft Windows is loading. 

Text "Protected by Kaspersky Lab" is only displayed in Microsoft Windows XP. 

To enable display of this text during the loading of Microsoft Windows: 



3. In the Icon in the taskbar notification area section, uncheck the Show "Protected by Kaspersky Lab" on 

Microsoft Windows logon screen box. 

NOTIFICATIONS 

By default, if any events occur during operation, Kaspersky Internet Security notifies you of them. If you are required to 

select further actions, notification windows will be displayed on the screen (see section "Notification windows and pop-up 

messages" on page 34). The application notifies you of events which do not require selection of an action with audio 

signals, email messages, and pop-up messages in the taskbar notification area (see section "Notification windows and 

pop-up messages" on page 34). 

Kaspersky Internet Security comprises the News Agent (on page 37) that Kaspersky Lab uses to notify you of various 

news. If you do not want to receive any news, you can disable the news delivery. 


Enabling and disabling notifications .............................................................................................................................. 172 

Configuring the notification method ............................................................................................................................... 173 

Disabling news delivery ................................................................................................................................................. 174 

ENABLING AND DISABLING NOTIFICATIONS 

By default, Kaspersky Internet Security uses various methods to notify you of all important events related to application 

operation (see section "Configuring the notification method" on page 173). You can disable the delivery of notifications. 

172


Regardless of whether notification delivery is enabled or disabled, information about events that occur during the 

operation of Kaspersky Internet Security is logged in an application operation report (see page 167). 

When you disable the notifications delivery, it does not impact the display of notification windows. To minimize the 

number of notification windows displayed on the screen, use the automatic protection mode (see section "Selecting a 

protection mode" on page 64). 

To disable notification delivery: 


2. In the left part of the window, in the Advanced Settings section, select the Notifications subsection. 

3. In the right part of the window, uncheck the Enable events notifications box. 

CONFIGURING THE NOTIFICATION METHOD 

The application notifies you of events using the following methods: 

pop-up messages in the taskbar notification area; 

audio notifications; 

email messages. 

You can configure an individual set of notification delivery methods for each type of event. 

By default, critical notifications and notifications of application operation failures are accompanied by an audio signal. 

The Microsoft Windows sound scheme is used as the source of sound effects. You can modify the current scheme or 

disable sounds. 

To allow Kaspersky Internet Security to notify you of events by email, you should adjust the email settings of notification 

delivery. 

To select notifications delivery methods for various types of events: 



3. In the right part of the window, check the Enable events notifications box and click the Settings button 

located under the box. 

4. In the Notifications window that opens, check the boxes corresponding to how you want to be notified of 

various events: by email, with a pop-up message, or with an audio signal. 

To modify the email settings for notification delivery: 



3. In the right part of the window, check the Enable email notifications box and click the Settings button. 

4. In the Email notification settings window that opens, specify the settings for sending notifications by email. 

173


To configure the sound scheme used with notifications: 



3. In the right part of the window, uncheck the Enable audio notifications box. 

If you want to use the sound scheme of Microsoft Windows for notification of Kaspersky Internet Security 

events, check the Use Windows Default sound scheme box. If this box is unchecked, the sound scheme from 

previous Kaspersky Internet Security versions is used. 

DISABLING NEWS DELIVERY 

To disable news delivery from the application settings window: 



3. In the right part of the window, uncheck the Enable news notifications box. 

KASPERSKY SECURITY NETWORK 

To increase the efficiency of your computer's protection, Kaspersky Internet Security uses data received from users from 

all over the world. Kaspersky Security Network is designed for collecting this data. 

The Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online 

Knowledge Base of Kaspersky Lab, which contains information about the reputation of files, web resources, and 

software. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky Internet 

Security when encountering new types of threats, improves performance of some protection components, and reduces 

the risk of false positives. 

User participation in Kaspersky Security Network enables Kaspersky Lab to gather real-time information about the types 

and sources of new threats, develop methods to neutralize them, and reduce the number of false positives. 

Besides, participating in Kaspersky Security Network grants you access to information about reputation of various 

applications and websites. 

When you participate in the Kaspersky Security Network, certain statistics collected while Kaspersky Internet Security 

protects your computer are sent to Kaspersky Lab automatically. 

No private data is collected, processed, or stored. 

Participating in the Kaspersky Security Network is voluntary. You should decide whether to participate when installing 

Kaspersky Internet Security; however, you can change your decision later. 


Enabling and disabling participation in Kaspersky Security Network ............................................................................ 175 

Verifying connection to Kaspersky Security Network .................................................................................................... 175 

174


ENABLING AND DISABLING PARTICIPATION IN KASPERSKY 

SECURITY NETWORK 

To participate in Kaspersky Security Network: 


2. In the left part of the window, in the Advanced Settings section, select the Feedback subsection. 

3. In the right part of the window, check the I agree to participate in Kaspersky Security Network box. 

VERIFYING CONNECTION TO KASPERSKY SECURITY NETWORK 

Connection to Kaspersky Security Network may be lost for the following reasons: 

your computer is not connected to the Internet; 

you do not participate in Kaspersky Security Network; 

your license for Kaspersky Internet Security is limited. 

To test the connection to Kaspersky Security Network: 


2. In the top part of the window, click the Cloud protection button. 

3. In the left part of the window that opens, the status of connection to Kaspersky Security Network is displayed. 

175

TESTING THE APPLICATION'S OPERATION 

This section provides information about how to ensure that the application detects viruses and their modifications and 

performs the correct actions on them. 


About the test file EICAR............................................................................................................................................... 176 

Testing the application's functioning using the test file EICAR ...................................................................................... 176 

About the types of the test file EICAR ........................................................................................................................... 177 

ABOUT THE TEST FILE EICAR 

You can make sure that the application detects viruses and disinfects infected files by using a test file EICAR. The test 

file EICAR has been developed by the European Institute for Computer Antivirus Research (EICAR) in order to test the 

functionality of anti-virus applications. 

The test file EICAR is not a virus. The test file EICAR does not contain any program code that could damage your 

computer. However, a major part of anti-virus applications identify the test file EICAR as a virus. 

The test file EICAR is not intended for testing the functionality of the heuristic analyzer or searching for malware at the 

system level (rootkits). 

Do not use real viruses to test the functionality of anti-virus applications! This may damage your computer. 

Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the test file 

EICAR. 

TESTING THE APPLICATION'S FUNCTIONING USING THE 

TEST FILE EICAR 

You can use the test file EICAR to test the Internet traffic protection, anti-virus protection of files, and computer scan. 

Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the test file 

EICAR. 

To test the Internet traffic protection using the test file EICAR: 

1. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm. 

2. Try to save the EICAR test file in any folder on your computer. 

Kaspersky Internet Security informs you that a threat has been detected at the requested URL and blocks the 

attempt to save the object on the computer. 

3. If necessary, you can use various types of the test file EICAR (see section "About the types of the test file 

EICAR" on page 177). 

176

T E S T I N G T H E A P P L I C A T I O N ' S O P E R A T I O N 

To test the anti-virus protection of files using the test file EICAR or a modification of it: 

1. Pause anti-virus protection of Internet traffic and anti-virus protection of files on your computer. 

When protection is paused, it is not recommended that you connect the computer to local networks or use 

removable devices to prevent harm to your computer caused by malware. 


3. Save the EICAR test file in any folder on your computer. 

4. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR" 

on page 177). 

You can use any text or hypertext editor to do this, for example, Notepad. To open Notepad, select Start 

programs Accessories Notepad. 

All 

5. Save the resulting file under a name reflecting the modification of the file EICAR; for example, add the DELEprefix 

and save the file as eicar_dele.com. 

6. Resume anti-virus protection of Internet traffic and anti-virus protection of files on your computer. 

7. Try to run the file that you have saved. 

Kaspersky Internet Security informs you of a threat detected on the hard drive of your computer and performs 

the action specified in the settings of the anti-virus protection of files. 

To test the virus scan using the test file EICAR or a modification of it: 

1. Pause anti-virus protection of Internet traffic and anti-virus protection of files on your computer. 

When protection is paused, it is not recommended that you connect the computer to local networks or use 

removable devices to prevent harm to your computer caused by malware. 


3. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR" 

on page 177). 

You can use any text or hypertext editor to do this, for example, Notepad. To open Notepad, select Start 

programs Accessories Notepad. 

All 

4. Save the resulting file under a name reflecting the modification of the test file EICAR; for example, add the 

DELE- prefix and save the file as eicar_dele.com. 

5. Start the scan of the file that you have saved. 

Kaspersky Internet Security informs you of a threat detected on the hard drive of your computer and performs 

the action specified in the settings of the virus scan. 

6. Resume anti-virus protection of Internet traffic and anti-virus protection of files on your computer. 

ABOUT THE TYPES OF THE TEST FILE EICAR 

You can test the application's functioning by creating various modifications of the test file EICAR. The application detects 

the test file EICAR (or a modification of it) and assigns it a status depending on the results of the scan. The application 

takes specified actions on the test file EICAR if they had been selected in the settings of the component that has 

detected the test file EICAR. 

177


The first column of the table (see the table below) contains prefixes that you can use when creating modifications of the 

test file EICAR. The second column lists all possible statuses assigned to the file, based on the results of the scan by the 

application. The third column indicates how the application processes files with the specified status. 

Prefix File status File processing information 

No prefix, standard 

test virus. 

CURE- 

DELE- 

WARN- 

SUSP- 

Infected. 

File contains code of a 

known virus. File 

cannot be disinfected. 

Infected. 


known virus. File can 

be disinfected. 

Infected. 


known virus. File 


Potentially infected. 

File contains code of 

an unknown virus. File 


Potentially infected. 

File contains modified 

code of a known virus. 

File cannot be 

disinfected. 

Table 2. 

Modifications of the test file EICAR 

The application identifies this file as a file containing a virus that cannot 


The action set for infected files is applied to the file. By default, the 

application displays an on-screen notification that the file cannot be 

disinfected. 

The file contains a virus that can be disinfected or deleted. The 

application disinfects the file; the text of the virus body is replaced with 

the word CURE. 

The application displays an on-screen notification that a disinfected file 

has been detected. 

The application identifies the file as a virus that cannot be disinfected, 

and deletes it. 

The application displays an on-screen notification that the disinfected 

file has been deleted. 

File is potentially infected. 

The application applies the action set for potentially infected files on the 

file. By default, the application displays an on-screen notification that a 

potentially infected file has been detected. 

The application detected a partial correspondence of a section of file 

code with a section of code of a known virus. When a potentially 

infected file is detected, the application databases do not contain a 

description of the full code of the virus. 

The application applies the action set for potentially infected files on the 

file. By default, the application displays an on-screen notification that a 

potentially infected file has been detected. 

CORR- Corrupted. The application does not scan this type of file because its structure is 

damaged (for example, the file format is invalid). You can find the 

information that the file has been processed in the report on the 


ERRO- Scan error. An error occurred during the scan of a file. The application could not 

access the file, since the integrity of the file has been breached (for 

example, no end to a multivolume archive) or there is no connection to 

it (if the file is scanned on a network drive). You can find the 

information that the file has been processed in the report on the 


178

CONTACTING THE TECHNICAL SUPPORT 

SERVICE 

This section provides information about how to obtain technical support and what conditions should be met to receive 

help from the Technical Support Service. 


How to get technical support ......................................................................................................................................... 179 

Using the trace file and the AVZ script .......................................................................................................................... 179 

Technical support by phone .......................................................................................................................................... 182 

Obtaining technical support via My Kaspersky Account ................................................................................................ 182 

HOW TO GET TECHNICAL SUPPORT 

If you do not find a solution to your problem in the application documentation or in one of the sources of information 

about the application (see section "Sources of information about the application" on page 12), we recommend that you 

contact Kaspersky Lab's Technical Support Service. Technical Support Service specialists will answer any of your 

questions about installing and using the application. If the computer is infected, our specialists will help to fix any 

problems caused by malware. 

Before contacting the Technical Support Service, please read the support rules 

(http://support.kaspersky.com/support/rules). 

You can contact the Technical Support Service in one of the following ways: 

By telephone. This method allows you to consult with specialists from our Russian-language or international 

Technical Support Service. 

By sending a query from your Kaspersky Account on the Technical Support Service website. This method 

allows you to contact our specialists using the query form. 

To qualify for technical support, you must be a registered user of a commercial version of Kaspersky Internet Security. 

Technical support is not available to users of trial versions of the application. 

USING THE TRACE FILE AND THE AVZ SCRIPT 

After you notify Technical Support Service specialists of a problem encountered, they may ask you to create a report that 

should contain information about your operating system, and send it to the Technical Support Service. Also, Technical 

Support Service specialists may ask you to create a trace file. The trace file allows you to trace the process of executing 

the application's commands step-by-step and find out on which stage of the application's operation an error has 

occurred. 

After Technical Support Service specialists analyze the data that you have sent, they can create an AVZ script and send 

it to you. Running AVZ scripts allows you to analyze active processes for malicious code, scan the system for malicious 

code, disinfect / delete infected files, and create reports on results of system scans. 

179


CREATING A SYSTEM STATE REPORT 

To create a system state report: 


2. Click the Support link at the bottom of the main window to open the Support window, then follow the Support 

Tools link. 

3. In the Support Tools window that opens, click the Create system state report button. 

The system state report is created in HTML and XML formats and is saved in the archive sysinfo.zip. Once the 

information has been gathered, you can view the report. 

To view the report: 



Tools link. 

3. In the Support Tools window that opens, click the View button. 

4. Open the sysinfo.zip archive which contains the report files. 

CREATING A TRACE FILE 

To create a trace file: 



Tools link. 

3. In the Support Tools window that opens, specify the trace level from the drop-down list in Traces section. 

It is recommended that the required trace level be clarified by a Technical Support Service specialist. In the 

absence of guidance from the Technical Support Service, you are advised to set the trace level to 500. 

4. To start the trace process, click the Enable button. 

5. Reconstruct the situation in which the problem occurred. 

6. To stop the trace process, click the Disable button. 

You can switch to uploading tracing results (see section "Sending data files" on page 180) to Kaspersky Lab's server. 

SENDING DATA FILES 

After you have created the trace files and the system state report, you need to send them to Kaspersky Lab Technical 

Support Service experts. 

You will need a request number to upload data files to the Technical Support Service server. This number is available in 

your My Kaspersky Account on the Technical Support Service website if your request is active. 

180

C O N T A C T I N G T H E T E C H N I C A L S U P P O R T S E R V I C E 

To upload the data files to the Technical Support Service server: 



Tools link. 

3. In the Support Tools window that opens, in the Actions section, click the Upload information for Technical 

Support Service to the server button. 

The Uploading information for Technical Support Service to the server window will open. 

4. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the 

Send button. 

The Request number window will open. 

5. Specify the number assigned to your request by contacting the Technical Support Service through My 

Kaspersky Account and click the OK button. 

The selected data files are packed and sent to the Technical Support Service server. 

If for any reason it is not possible to contact the Technical Support Service, the data files can be stored on your computer 

and later sent from My Kaspersky Account. 

To save data files on a disk: 



Tools link. 

3. In the Support Tools window that opens, in the Actions section, click the Upload information for Technical 

Support Service to the server button. 

The Uploading information for Technical Support Service to the server window will open. 

4. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the 

Send button. 

The Request number window will open. 

5. Click the Cancel button and confirm saving the files on the disk by clicking the Yes button in the window that 

opens. 

The archive saving window will open. 

6. Specify the archive name and confirm saving. 

The created archive can be sent to the Technical Support Service from My Kaspersky Account. 

AVZ SCRIPT EXECUTION 

You are advised not to change the text of an AVZ script received from Kaspersky Lab experts. If problems occur during 

script execution, please contact the Technical Support Service (see section "How to get technical support" on page 179). 

181


To run the AVZ script: 



Tools link. 

3. In the Support Tools window that opens, click the Execute AVZ script button. 

If the script successfully executes, the Wizard closes. If an error occurs during script execution, the Wizard displays a 

message to that effect. 

TECHNICAL SUPPORT BY PHONE 

If an urgent issue arises, you can call specialists from the Russian-speaking or international Technical Support Service 

by phone (http://support.kaspersky.com/support/support_local). 

Before contacting the Technical Support Service, you should collect information 

(http://support.kaspersky.com/support/details) about your computer and anti-virus applications installed on it. This will 

allow our specialists to help you more quickly. 

OBTAINING TECHNICAL SUPPORT VIA MY KASPERSKY 

ACCOUNT 

My Kaspersky Account is your personal area (https://my.kaspersky.com) on the Technical Support Service website. 

To obtain access to My Kaspersky Account, you should go through the registration procedure on the registration page 

(https://my.kaspersky.com/registration). Enter your email address and a password to log in to My Kaspersky Account. 

In My Kaspersky Account, you can perform the following actions: 

contact the Technical Support Service and Virus Lab; 

contact the Technical Support Service without using email; 

track the status of your request in real time; 

view a detailed history of your requests to the Technical Support Service; 

receive a copy of the key file if it has been lost or removed. 

Technical Support by email 

You can send an online request to the Technical Support Service in Russian, English, German, French, or Spanish. 

You should specify the following data in the fields of the online request form: 

request type; 

application name and version number; 

request description; 

customer ID and password; 

email address. 

182

C O N T A C T I N G T H E T E C H N I C A L S U P P O R T S E R V I C E 

A specialist from the Technical Support Service sends an answer to your question to your My Kaspersky Account and to 

the email address that you have specified in your online request. 

Online request to the Virus Lab 

Some requests should be sent to the Virus Lab instead of the Technical Support Service. 

You can send requests of the following types to the Virus Lab: 

Unknown malicious program – you suspect that a file contains a virus but Kaspersky Internet Security has not 

identified it as infected. 

Virus Lab specialists analyze malicious code sent. If they detect a previously unknown virus, they add a 

corresponding description to the database, which becomes available when updating anti-virus applications. 

False alarm – Kaspersky Internet Security classifies the file as a virus, yet you are sure that the file is not a 

virus. 

Request for description of malicious program – you want to receive the description of a virus detected by 

Kaspersky Internet Security, using the name of the virus. 

You can also send requests to the Virus Lab from the page with the request form 

(http://support.kaspersky.com/virlab/helpdesk.html) without being registered in My Kaspersky Account. On this page, you 

do not have to specify the application activation code. 

183

APPENDIX 

This section provides information that complements the document text. 


Working with the application from the command line .................................................................................................... 184 

Kaspersky Internet Security notifications list ................................................................................................................. 194 

WORKING WITH THE APPLICATION FROM THE COMMAND 

LINE 

You can work with Kaspersky Internet Security from the command line. The capability is provided to perform the 

following operations: 

activating the application; 

starting and stopping the application; 

starting and stopping application components; 

starting and stopping tasks; 

obtaining information on the current status of components and tasks, as well as their statistics; 

starting and stopping virus scan tasks; 

scanning selected objects; 

updating databases and software modules, rolling back updates; 

exporting and importing security settings; 

opening help files using command line syntax in general and for individual commands. 

Command prompt syntax: 

avp.com [options] 

You should access the application from the command line from the application installation folder or by specifying the full 

path to avp.com. 

The list of commands used to control the application and its components is provided in the table below. 

START 

Starts a component or a task. 

STOP 

STATUS 

Stops a component or a task. The command can only be executed if the password assigned via the 

Kaspersky Internet Security interface is entered. 

Displays the current status of a component or task on the screen. 

184

A P P E N D I X 

STATISTICS 

HELP 

SCAN 

UPDATE 

ROLLBACK 

EXIT 

IMPORT 

Displays the statistics for a component or task on the screen. 

Displays the list of commands and command syntax information. 

Scans objects for viruses. 

Starts the application update. 

Rolls back to the last Kaspersky Internet Security update made. The command can only be executed if 

the password assigned via the Kaspersky Internet Security interface is entered. 

Closes the application. The command can only be run if the password assigned via the application 

interface is entered. 

Imports application protection settings. The command can only be executed if the password assigned 

via the Kaspersky Internet Security interface is entered. 

EXPORT 

Exports the application protection settings. 

Each command requires its own specific set of settings. 


Activating the application............................................................................................................................................... 185 

Starting the application .................................................................................................................................................. 186 

Stopping the application ................................................................................................................................................ 186 

Managing application components and tasks................................................................................................................ 186 

Virus scan ..................................................................................................................................................................... 188 

Updating the application ................................................................................................................................................ 190 

Rolling back the last update .......................................................................................................................................... 191 

Exporting protection settings ......................................................................................................................................... 191 

Importing protection settings ......................................................................................................................................... 191 

Creating a trace file ....................................................................................................................................................... 192 

Viewing Help ................................................................................................................................................................. 192 

Return codes of the command line ................................................................................................................................ 192 

ACTIVATING THE APPLICATION 

You can activate Kaspersky Internet Security using a key file. 

Command syntax: 

avp.com ADDKEY 

The table below describes the settings of command execution. 

 

Application key file name with the *.key extension. 

185


Example: 

avp.com ADDKEY 1AA111A1.key 

STARTING THE APPLICATION 


avp.com 

STOPPING THE APPLICATION 


avp.com EXIT /password= 

A description of parameters is provided in the table below. 

 

Application password specified in the interface. 

Note that this command is not accepted without a password. 

MANAGING APPLICATION COMPONENTS AND TASKS 


avp.com [/R[A]:] 

avp.com STOP /password= [/R[A]:] 

Descriptions of commands and settings are given in the table below. 

 

You can manage Kaspersky Internet Security components and tasks from the command 

prompt with the following commands: 

START – start a protection component or a task. 

STOP – stop a protection component or a task. 

STATUS – display the current status of a protection component or a task. 

STATISTICS – output statistics to the screen for a protection component or a task. 

Note that the STOP command will not be accepted without a password. 

 

You can specify any protection component of Kaspersky Internet Security, component 

module, on-demand scan or update task as the value for the setting (the 

standard values used by the application are shown in the table below). 

You can specify the name of any on-demand scan or update task as the value for the 

setting. 

 

/R[A]: 


/R: – log only important events in the report. 

/RA: – log all events in the report. 

You can use an absolute or relative path to the file. If the setting is not defined, scan 

results are displayed on the screen, and all events are shown. 

In the setting, you should specify one of the values given in the table below. 

186


RTP 

FW 

HIPS 

pdm 

FM 

EM 

WM 

All protection components. 

The avp.com START RTP command runs all the protection components if the 

protection has been completely disabled. 

If the component has been disabled using the STOP command from the command 

prompt, it is not launched by the avp.com START RTP command. In order to start 

it, you should execute the avp.com START command with the name of 

the specific protection component entered for , for example, avp.com 

START FM. 

Firewall. 

Application Control. 

Proactive Defense. 

File Anti-Virus. 

Mail Anti-Virus. 

Web Anti-Virus. 

Values for Web Anti-Virus subcomponents: 

httpscan (HTTP) – scan HTTP traffic; 

sc – scan scripts. 

IM 

AB 

AS 

PC 

AP 

ids 

Updater 

Rollback 

Scan_My_Computer 

Scan_Objects 

Scan_Quarantine 

Scan_Startup (STARTUP) 

Scan_Vulnerabilities (SECURITY) 

IM Anti-Virus. 

Anti-Banner. 

Anti-Spam. 

Parental Control. 

Anti-Phishing. 

Network Attack Blocker. 

Update. 

Rolling back the last update. 

Scan. 

Objects Scan. 

Quarantine scan. 

Startup Objects Scan. 

Vulnerability Scan. 

Components and tasks started from the command prompt are run with the settings configured in the application 

interface. 

Examples: 

To enable File Anti-Virus, enter the following command: 

187


avp.com START FM 

To stop a computer scan, enter the following command: 

avp.com STOP Scan_My_Computer /password= 

VIRUS SCAN 

Starting a scan of a certain area for viruses and processing malicious objects from the command prompt generally looks 

like this: 

avp.com SCAN [] [] [] [] 

[] [] [] 

To scan objects, you can also use the tasks created in the application by starting the one you need from the command 

line. The task will be run with the settings specified in the Kaspersky Internet Security interface. 


– this parameter gives the list of objects that are scanned for malicious code. 

The parameter may include several space-separated values from the list provided. 

 

List of paths to the files and folders to be scanned. 

You can enter an absolute or relative path to the file. Items on the list are separated by a 

space. 

Comments: 

if the object name contains a space, it must be placed in quotation marks; 

if reference is made to a specific folder, all files in this folder are scanned. 

/MEMORY 

/STARTUP 

/MAIL 

/REMDRIVES 

/FIXDRIVES 

/NETDRIVES 

/QUARANTINE 

/ALL 

/@: 

RAM objects. 

Startup objects. 

Mailboxes. 

All removable media drives. 

All internal drives. 

All network drives. 

Quarantined objects. 

Full computer scan. 

Path to a file containing a list of objects and catalogs to be scanned. You can enter an absolute 

or relative path to the file with the list. The path must be indicated without quotation marks even 

if it contains a space. 

The file with the list of objects should be in a text format. Each scan object should be listed on 

a separate line. 

You are advised to specify absolute paths to objects to be scanned. When specifying a relative 

path, you must specify the path relative to the executable file of an application, not relative to 

the file with the list of objects to be scanned. 

188


– this parameter determines what action will be taken with malicious objects detected during the scan. If this 

parameter has not been defined, the default action is the one with the value of /i8. 

If you are working in automatic mode, then Kaspersky Internet Security automatically applies the action recommended by 

Kaspersky Lab's specialists when dangerous objects are detected. An action which corresponds to the 

parameter value is ignored. 

/i0 Take no action with regard to the object; record information about it in the report. 

/i1 Disinfect infected objects; skip if disinfection fails. 

/i2 Disinfect infected objects; skip if disinfection fails; do not delete infected objects from 

compound objects; delete infected compound objects with executable headers (sfx archives). 

/i3 Disinfect infected objects; skip if disinfection fails; delete all compound objects completely if 

infected embedded files cannot be deleted. 

/i4 Delete infected objects. Delete all compound objects completely if the infected parts cannot be 

deleted. 

/i8 Prompt the user for action if an infected object is detected. 

/i9 Prompt the user for action at the end of the scan. 

– this parameter defines the file types that are subject to an anti-virus scan. By default, if this parameter is 

not defined, only infectable files by contents are scanned. 

/fe 

/fi 

/fa 

Scan only infectable files by extension. 

Scan only infectable files by contents. 

Scan all files. 

– this parameter defines objects that are excluded from the scan. 

The parameter may include several space-separated values from the list provided. 

-e:a 

-e:b 

-e:m 

-e: 

-e: 

-es: 

Do not scan archives. 

Do not scan email databases. 

Do not scan plain text emails. 

Do not scan objects which match the mask. 

Skip objects that are scanned for longer than the time specified in the parameter. 

Skip objects whose size (in MB) exceeds the value specified in the setting. 

This setting is only available for compound files (such as archives). 

– defines the path to the configuration file that contains the application settings for the scan. 

The configuration file is in text format and contains the set of command line parameters for the anti-virus scan. 

You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application 

interface are used. 

/C: 

Use the settings' values specified in the configuration file. 

189


– this parameter determines the format of the report on scan results. 

You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on the screen, 

and all events are shown. 

/R: 

Log important events in this file only. 

/RA: 

Log all events in this file. 

– settings that define the use of anti-virus scan technologies. 

/iChecker= 

/iSwift= 

Enable / disable the use of iChecker technology. 

Enable / disable the use of iSwift technology. 

Examples: 

Start a scan of memory, Startup programs, mailboxes, the directories My Documents and Program Files, and the file 

test.exe: 

avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My 

Documents" "C:\Program Files" "C:\Downloads\test.exe" 

Scan the objects listed in the file object2scan.txt, using the configuration file scan_setting.txt for the job. Use the 

scan_settings.txt configuration file. When the scan is complete, create a report to log all events: 

avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log 

A sample configuration file: 

/MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log 

UPDATING THE APPLICATION 

The syntax for updating the modules of Kaspersky Internet Security and application databases from the command line is 

as follows: 

avp.com UPDATE [] [/R[A]:] [/C:] 


 

/R[A]: 

HTTP or FTP server or network folder for downloading updates. The value for the 

parameter may be in the form of a full path to an update source or a URL. If a path is not 

selected, the update source will be taken from the application update settings. 



You can use an absolute or relative path to the file. If the setting is not defined, scan 

results are displayed on the screen, and all events are shown. 

/C: 

Path to the configuration file that contains the Kaspersky Internet Security update 

settings. 

A configuration file is a file in plain text format containing a list of command-line 

parameters for an application update. 

You can enter an absolute or relative path to the file. If this parameter is not defined, the 

values for the settings in the application interface are used. 

Examples: 

Update application databases and record all events in a report: 

avp.com UPDATE /RA:avbases_upd.txt 

190


Update the Kaspersky Internet Security modules using the settings of the updateapp.ini configuration file: 

avp.com UPDATE /C:updateapp.ini 

A sample configuration file: 

"ftp://my_server/kav updates" /RA:avbases_upd.txt 

ROLLING BACK THE LAST UPDATE 


avp.com ROLLBACK [/R[A]:][/password=] 


/R[A]: 

 



You can use an absolute or relative path to the file. If the setting is not defined, scan results 

are displayed on the screen, and all events are shown. 



Example: 

avp.com ROLLBACK /RA:rollback.txt /password= 

EXPORTING PROTECTION SETTINGS 


avp.com EXPORT 


 

 

Component or task for which the settings are being exported. 

For the setting, you can use any value listed in the "Managing application components and 

tasks" Help section. 

Path to the file to which the Kaspersky Internet Security settings are being exported. An absolute or 

a relative path may be specified. 

The configuration file is saved in binary format (DAT), if no other format is specified, or it is not 

specified at all; it can be used later to export application settings onto other computers. The 

configuration file can also be saved as a text file. To do so, type the .txt extension in the file name. 

Note that you cannot import protection settings from a text file. This file can only be used to specify 

the main settings for Kaspersky Internet Security operation. 

Example: 

avp.com EXPORT RTP c:\settings.dat 

IMPORTING PROTECTION SETTINGS 


avp.com IMPORT [/password=] 


191


 

Path to the file from which the Kaspersky Internet Security settings are imported. An absolute or a 

relative path may be specified. 

Kaspersky Internet Security password specified in the application interface. Security parameters can 

only be imported from a binary file. 


Example: 

avp.com IMPORT c:\settings.dat /password= 

CREATING A TRACE FILE 

Trace file creation may be required in case of problems in Kaspersky Internet Security operation. This will help Technical 

Support Service specialists to diagnose problems more accurately. 

We only recommend creating trace files for troubleshooting a specific problem. Regularly enabling traces may slow down 

your computer and fill up your hard drive. 


avp.com TRACE [file] [on|off] [] 


[on|off] 

[file] 

Enable / disable trace file creation. 

Output trace to file. 

This setting can be a value from 0 (minimum level, only critical messages) to 700 

(maximum level, all messages). 

Examples: 

To disable trace file creation: 

avp.com TRACE file off 

Technical Support will tell you what trace level you need when you contact Technical 

Support. If the level is not specified, we recommend setting the value to 500. 

To create a trace file to be sent to Technical Support with a maximum trace level of 500: 

avp.com TRACE file on 500 

VIEWING HELP 

The following command is used to view help about the command line syntax: 

avp.com [ /? | HELP ] 

You can use one of the following commands to view help information about the syntax of a specific command: 

avp.com /? 

avp.com HELP 

192


RETURN CODES OF THE COMMAND LINE 

This section describes the return codes of the command line (see table below). The general codes may be returned by 

any command from the command line. The return codes include general codes, as well as codes specific to a certain 

type of task. 

GENERAL RETURN CODES 

0 Operation completed successfully. 

1 Invalid setting value. 

2 Unknown error. 

3 Task completion error. 

4 Task cancelled. 

VIRUS SCAN TASK RETURN CODES 

101 All dangerous objects processed. 

102 Hazardous objects detected. 

193

KASPERSKY INTERNET SECURITY NOTIFICATIONS LIST 

This section provides information about notifications that Kaspersky Internet Security may display on the screen. 


Notifications in any protection mode ............................................................................................................................. 194 

Notifications in interactive protection mode ................................................................................................................... 201 

NOTIFICATIONS IN ANY PROTECTION MODE 

This section provides information about notifications that are displayed both in automatic and in interactive protection 

mode (see section "Selecting a protection mode" on page 64). 


Special treatment required ............................................................................................................................................ 194 

Hidden driver download................................................................................................................................................. 195 

An application without a digital signature is being run ................................................................................................... 195 

Removable drive connected .......................................................................................................................................... 196 

New network detected ................................................................................................................................................... 196 

Unreliable certificate detected ....................................................................................................................................... 197 

Request for permission to access a website from a regional domain ............................................................................ 197 

An application that may be exploited by an intruder in order to do harm to the user's computer or data, 

has been detected ......................................................................................................................................................... 197 

Quarantined file not infected ......................................................................................................................................... 198 

New product version released ....................................................................................................................................... 198 

Technical update released ............................................................................................................................................ 199 

Technical update downloaded ....................................................................................................................................... 199 

Downloaded technical update not installed ................................................................................................................... 200 

License expired ............................................................................................................................................................. 200 

We recommend that you update the databases before scan ........................................................................................ 200 

SPECIAL TREATMENT REQUIRED 

When you detect a threat that is currently active in the system (for example, a malicious process in the RAM or in startup 

objects), a notification is displayed on the screen requesting the confirmation of a special advanced disinfection 

procedure. 

194


The notification provides the following information: 

Description of the threat. 

Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. 

The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with 

information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus 

Encyclopedia website and obtain more detailed information about the threat posed by the object. 

File name of the malicious object, including the path to it. 

You can select one of the following actions: 

Yes, disinfect with reboot – perform the special disinfection procedure (recommended). 

When the disinfection is in progress, all applications are blocked except for trusted ones. When the disinfection 

is complete, the operating system will be restarted, so it is recommended that you save the changes that you 

have made and close all applications before starting the disinfection. After restarting your computer, you are 

advised to run a full virus scan. 

Do not run – the detected object or process will be processed according to the selected action. 

To apply the selected action automatically every time such situation reoccurs, check the Apply to all objects box. 

HIDDEN DRIVER DOWNLOAD 

Some malicious applications download drivers onto the computer without being noticed by the user, after which the 

malicious application's activity cannot be controlled by Kaspersky Internet Security. Useful applications seldom use such 

methods for downloading drivers. 

When Application Control detects an attempt to download a driver covertly, it displays a notification on the screen. 



Name of the driver file, including the path to it. 

The icon is displayed next to the name of the file. Clicking the icon opens a window with information about 

the driver. 


Allow now – allow downloading the driver and adding it into the list of exclusions. 

Block now – block driver download. 

Quarantine – block driver download and move the driver file to Quarantine. 

AN APPLICATION WITHOUT A DIGITAL SIGNATURE IS BEING RUN 

When Application Control detects an application without digital signature and with high threat rating according to the 

heuristic analysis that runs on your computer, it displays a notification on the screen. 

195




Name of the application being run. 

The icon is displayed next to the name of the application. Clicking the icon opens a window with information 

about the application. 

Information about the number of users that use the application and trust it. 


Yes, I trust – allow opening and running the application without any restrictions. 

Restrict the application – allow application startup, but block dangerous operations. 

Block – block the opening and running of the application currently and in the future. 

REMOVABLE DRIVE CONNECTED 

When a removable drive is connected to the computer, a notification appears on the screen. 


Quick Scan – scan only files stored on the removable drive that can pose a potential threat. 

Full Scan – scan all files stored on the removable drive. 

Do not scan – do not scan the removable drive. 

To apply the selected action to all removable drives that may be connected in the future, check the Always perform in 

such cases box. 

NEW NETWORK DETECTED 

Every time your computer connects to a new zone (i.e. network), a notification is displayed on the screen. 

The top part of the notification window provides information about the network: 

the network adapter used for network connection; 

network type (for example, "wireless"); 

name of the network. 

The lower part of the window prompts you to assign a status to the network and network activity is allowed on the basis 

of that status: 

Yes, it is a trusted network. It is only recommended to apply this status to safe networks, where your 

computer is not exposed to attacks and attempts of unauthorized access to your data. 

Local network. This status is recommended to apply to networks with a medium risk factor (for example, 

corporate LANs). 

No, it is a public network. A high-risk network in which your computer is in danger of any possible type of 

threat. This status is also recommended to apply to networks that are not protected with anti-virus applications, 

firewalls, or filters. When you select this status, the application ensures maximum security of your computer in 

this zone. 

196

A PPEND I X 

UNRELIABLE CERTIFICATE DETECTED 

Kaspersky Internet Security verifies security of the connection established via the SSL protocol using an installed 

certificate. If an invalid certificate is detected when the connection to the server is attempted (for example, if the 

certificate is replaced by an intruder), a notification is displayed on screen. 


description of the threat; 

a link for viewing the certificate; 

probable causes of the error; 

the URL of the web resource. 


Yes, accept the untrusted certificate – proceed with connecting to the web resource. 

Deny certificate – interrupt the connection with the website. 

REQUEST FOR PERMISSION TO ACCESS A WEBSITE FROM A REGIONAL 

DOMAIN 

If you attempt to access a website from a regional domain that is not recognized as neither blocked nor allowed, a 

notification is displayed on the screen. 


a description of the reason for blocking access to the website; 

the name of the region to which the website belongs; 

the domain and level of infectiousness of websites in this domain; 

the URL of the website; 

the name of the application that has attempted to access the website. 


Yes, allow request – load the website. 

No, block request – cancel website loading. 

To apply the selected action to all websites from this regional domain, check the Remember for this region box. 

AN APPLICATION THAT MAY BE EXPLOITED BY AN INTRUDER IN ORDER TO 

DO HARM TO THE USER'S COMPUTER OR DATA, HAS BEEN DETECTED 

When Activity Monitor detects an application that may be exploited by an intruder in order to do harm to the user's 

computer or data, a notification is displayed on the screen. 

197




Type and name of the application that may be exploited by an intruder in order to do harm to the user's 

computer or data. 



ID of the process and name of the application file, including the path to it. 

Link to the window with the application emergence log. 


Allow – allow the application to run. 

Quarantine – close the application, move the application file to Quarantine where it poses no threat to your 

computer's security. 

With further scans of Quarantine, the status of the object may change. For example, the object may be identified 

as infected and can be processed using an updated database. Otherwise, the object could be assigned the not 

infected status and then restored. 

The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than 

three days after it is moved to Quarantine. 

Terminate application – interrupt the execution of the application. 

Add to exclusions – always allow the application to perform such actions in the future. 

QUARANTINED FILE NOT INFECTED 

By default, Kaspersky Internet Security scans quarantined files after each update of the databases. If the scan of a 

quarantined file shows that it is not infected, a notification is displayed on the screen. 


a recommendation to restore the quarantined file; 

the name of the file, including the path to the folder in which it had been stored before it was moved to 

Quarantine. 


Restore – restore the file by removing it from Quarantine and moving it to the folder in which this file had been 

stored before it was moved to Quarantine. 

Cancel – leave the file in Quarantine. 

NEW PRODUCT VERSION RELEASED 

When a new version of Kaspersky Internet Security has been released and is available for downloading from Kaspersky 

Lab servers, a notification is displayed on the screen. 

198



a link to a window with detailed information about the newly released version of the application; 

the size of the installation package. 


Yes, download – download the installation package of the new application version into the selected folder. 

No – cancel the installation package download. 

If you do not want the notification of the new application version to be displayed on the screen in the future, check the Do 

not inform of this update box. 

TECHNICAL UPDATE RELEASED 

When a technical update of Kaspersky Internet Security has been released and is available for downloading from 

Kaspersky Lab servers, a notification is displayed on the screen. 


the number of the application version installed on your computer; 

the number of the application version after the expected technical update; 

a link to a window with detailed information about the technical update; 

the size of the update file. 


Yes, download – download the update file into the selected folder. 

No – cancel the update download. This option is available if the Do not inform of this update box is checked 

(see below). 

No, remind later – cancel the immediate download and receive a reminder to update later. This option is 

available if the Do not inform of this update box is unchecked (see below). 

If you do not want this notification to be displayed on the screen in the future, check the Do not inform of this update 

box. 

TECHNICAL UPDATE DOWNLOADED 

When downloading of the technical update of Kaspersky Internet Security from Kaspersky Lab servers is completed, a 



the number of the application version after the technical update; 

a link to the update file. 

199



Yes, install – install the update. 

After the update is installed, you need to reboot your operating system. 

Postpone installation – cancel installation to perform it later. 

DOWNLOADED TECHNICAL UPDATE NOT INSTALLED 

If a technical update of Kaspersky Internet Security has been downloaded but not installed on your computer, a 



the number of the application version after the technical update; 

a link to the update file. 


Yes, install – install the update. 

After the update is installed, you need to reboot your operating system. 

Postpone installation – cancel installation to perform it later. 

If you do not want notification of this update to be displayed on the screen in the future, check the Do not ask until new 

version is available box. 

LICENSE EXPIRED 

When the trial license expires, Kaspersky Internet Security displays a notification on the screen. 


the length of the trial period; 

information about the application operation outcome (may include a link to more details). 


Yes, purchase – selecting this option opens a browser window and loads the eStore web page where you can 

purchase the commercial license. 

Cancel – stop using the application. If you select this option, the application stops performing all of its main 

functions (virus scan, update, real-time protection, etc.). 

WE RECOMMEND THAT YOU UPDATE THE DATABASES BEFORE SCAN 

If you initiate scan tasks before or during the first update of the databases, a notification is displayed on the screen. 

The notification contains a recommendation to update the databases or wait until the update is completed before scan. 


200


Update databases before scan – start updating the databases, after which the scan task starts automatically. 

This action option is unavailable if you have started the scan task before the first update of the databases. 

Start scan after update – wait until the update of the databases is completed and start the scan task 

automatically. This action option is unavailable if you have started the scan task during the first update of the 

databases. 

Start scan now – start the scan task without waiting for the update of the databases is completed. 

NOTIFICATIONS IN INTERACTIVE PROTECTION MODE 

This section provides information about notifications that are displayed in interactive protection mode (see section 

"Selecting a protection mode" on page 64). 


Network activity of an application has been detected .................................................................................................... 202 

A suspicious / malicious object detected ....................................................................................................................... 202 

Vulnerability detected .................................................................................................................................................... 203 

Request for permission for an application's actions ...................................................................................................... 204 

Dangerous activity detected in the system .................................................................................................................... 204 

Rolling back changes made by the application that may be exploited by an intruder in order to do harm 

to the user's computer or data ....................................................................................................................................... 205 

Malicious application detected ...................................................................................................................................... 205 

An application that may be exploited by intruders, is detected ...................................................................................... 206 

Suspicious / malicious link detected .............................................................................................................................. 207 

Dangerous object detected in traffic .............................................................................................................................. 207 

Attempt to access a phishing website detected ............................................................................................................. 208 

Attempt to access the system registry detected ............................................................................................................ 208 

Object cannot be disinfected ......................................................................................................................................... 208 

Hidden process detected............................................................................................................................................... 209 

Blocked domain region / Access denied........................................................................................................................ 210 

Dangerous web resource .............................................................................................................................................. 210 

No information on whether the web resource is safe .................................................................................................... 210 

It is recommended that you switch to Safe Run for Websites ....................................................................................... 211 

It is recommended that you quit Safe Run for Websites ............................................................................................... 211 

201


NETWORK ACTIVITY OF AN APPLICATION HAS BEEN DETECTED 

If any network activity of an application is detected (by default, effective for applications included in the Low Restricted 

or High Restricted groups), a notification is displayed on the screen. 

The notification is displayed if Kaspersky Internet Security runs in interactive mode (see section "Selecting a protection 

mode" on page 64), and if no packet rule is created for the application, whose activity has been detected (see page 111). 

The notification contains the following information: 

the name of the application and a brief description of the connection that it initiates; 

information about the connection (connection type, local and remote port, address to which the connection is 

established); 

application run sequence. 


Allow now. 

Block now. 

Create a rule. If you select this option, the Firewall window opens, where you can create a rule to manage the 

network activity of the application (see section "Editing application rules" on page 112). 

You can allow or block the network activity of the application once or for a longer period by selecting one of the following 

actions: 

Allow now or Block now – once allow or block the network activity of the application. 

Allow now or Block now (when the Apply to current application session box is checked) – remember the 

selected action for the current session of the application that has shown network activity. 

If the Apply always box is checked in the window, you can click the always link to change its name to Apply to 

current application session. 

Allow now or Block now (when the Apply always box is checked) – remember the action selected for the 

application and always apply it subsequently. 

If the Apply to current application session box is checked in the window, you can click the to current 

application session link to change its name to Apply always. 

A SUSPICIOUS / MALICIOUS OBJECT DETECTED 

While File Anti-Virus, Mail Anti-Virus, or a virus scan is running, a notification is displayed on the screen if any of the 

following objects is detected: 

malicious object; 

object that contains the code of an unknown virus; 

object that contains the modified code of an unknown virus. 

202









You can select one of the following responses to the object: 

Disinfect – attempt to disinfect the malicious object. This option is suggested if the threat is known. 

Before disinfecting the object, a backup copy of it is created. 

Quarantine – move the object to Quarantine where it will pose no threat to your computer. This option is 

suggested if neither the threat nor any ways of disinfecting the object are known. 






Delete – delete the object. Before deleting the object, a backup copy of it is created. 

Ignore / Block – block access to the object, but perform no actions with regard to it; simply record information 

about it in a report. 

You can return to the processing of skipped objects in the report window. However, you cannot postpone the 

processing of objects detected in email messages. 

To apply the selected action to all threats of the same type detected in the current session of a protection component or 

task, check the Apply to all objects box. The current session is the time from when the component is started until it is 

disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete. 

If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to keep the 

program from making repeat false positives when you use the object. 

VULNERABILITY DETECTED 

A notification is displayed on the screen if a vulnerability is detected. 


Descriptions of the vulnerability. 

The name of the vulnerability as listed in the Kaspersky Lab Virus Encyclopedia. 

The icon is displayed next to the name. Clicking the icon opens a window with information about the 

vulnerability. Clicking www.securelist.com in the window takes you to the Virus Encyclopedia website, where 

you can obtain more detailed information about the vulnerability. 

File name of the vulnerable object, including the path to it. 

203



Yes, fix – eliminate the vulnerability. 

Ignore – take no actions on the vulnerable object. 

REQUEST FOR PERMISSION FOR AN APPLICATION'S ACTIONS 

If an application attempts to perform an action about whose security or necessity Kaspersky Internet Security is unaware, 

a notification is displayed on the screen. 


Name and icon 

of the application. Clicking the icon opens a window with information about the application. 

Description of the application's actions. 

Location of the application file. 

Application run sequence. 

You can block or allow the application run by selecting one of the following actions: 

Make trusted – move the application to the Trusted group (so that the application will always be allowed to run). 

Allow now – allow the application run once. 

Block now – block the application run once. 

Terminate application and make untrusted – move the application to the Untrusted group (so that the 

application will always be prohibited to run). 

DANGEROUS ACTIVITY DETECTED IN THE SYSTEM 

When Proactive Defense detects dangerous application activity on your system, a notification pops up. 















204






If you are sure that the program detected is not dangerous, we recommend adding it to the trusted zone to avoid 

Kaspersky Internet Security making repeat false positives when detecting it. 

ROLLING BACK CHANGES MADE BY THE APPLICATION THAT MAY BE 

EXPLOITED BY AN INTRUDER IN ORDER TO DO HARM TO THE USER'S 

COMPUTER OR DATA 

We recommend that you roll back (discard) changes made by the application that may be exploited by an intruder in 

order to do harm to the user's computer or data. When such an application ceases its activity, a notification is displayed 

on the screen, requesting a rollback of changes. 


Requesting a rollback of changes made by the application that may be exploited by an intruder in order to do 

harm to the user's computer or data. 

Type and name of the application. 





Skip – cancel changes rollback. 

Yes, roll back – roll back the changes made by the application. 

MALICIOUS APPLICATION DETECTED 

When System Watcher detects an application whose behavior completely matches the activities of malicious 

applications, a notification is displayed on the screen. 



Type and name of the malicious application. 




Link to the window with the application emergence log. 

205













AN APPLICATION THAT MAY BE EXPLOITED BY INTRUDERS, IS DETECTED 

If File Anti-Virus, Mail Anti-Virus, or the virus scan task detects an application that may be exploited by intruders, a 




Type of the threat and name of the object as listed in the Kaspersky Lab Virus Encyclopedia. 

The icon is displayed next to the name of the object. Clicking the icon opens a window with information about 

the object. Clicking the www.securelist.com link in the window allows you to go to the Virus Encyclopedia 

website and obtain more details. 

Name of the object file, including the path to it. 


Quarantine – move the object to Quarantine where it will pose no threat to your computer. This option is 

suggested if neither a threat nor any ways of disinfecting the object are known. 







Delete archive - delete password-protected archive. 





Add to exclusions – create an exclusion rule for this threat type. 

206





If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to keep the 

program from making repeat false positives when you use the object. 

SUSPICIOUS / MALICIOUS LINK DETECTED 

When Kaspersky Internet Security detects an attempt to go to a website with suspicious or malicious content, a 




the name of the application (browser) using which the website was loaded; 

the URL of the website or web page with suspicious or malicious content. 


Allow – continues the website download. 

Block – blocks the website download. 

To apply the selected action to all websites with threats of the same type detected in the current session of a protection 

component, check the Apply to all objects box. The current session is the time from the moment the component was 

started until the moment it was closed or Kaspersky Internet Security was restarted. 

DANGEROUS OBJECT DETECTED IN TRAFFIC 

When Web Anti-Virus detects a malicious object in traffic, a special notification is displayed on the screen. 


A description of the threat or the actions performed by the application. 

Name of the application which performs the action. 





Object location (URL). 


Allow – continue the object download. 

Block – block the object download from the web resource. 


task, check the Apply to all objects box. The current session is the time from the moment the component was started 

until the moment it was closed or Kaspersky Internet Security was restarted. 

207


ATTEMPT TO ACCESS A PHISHING WEBSITE DETECTED 

When Kaspersky Internet Security detects an attempt to access a website that is or may be a phishing site, a notification 

is displayed on the screen. 



the URL of the website. 


Allow – continues the website download. 

Block – blocks the website download. 

To apply the selected action to all websites with threats of the same type detected in the current session of Kaspersky 

Internet Security, check the Apply to all objects box. The current session is the time from the moment the component 

was started until the moment it was closed or Kaspersky Internet Security was restarted. 

ATTEMPT TO ACCESS THE SYSTEM REGISTRY DETECTED 

When Proactive Defense detects an attempt to access system registry keys, a notification pops up. 


the registry key being accessed; 

the file name of the process that initiated the attempt to access the registry keys, including the path to it. 


Allow – allows the execution of the dangerous action once; 

Block – blocks the dangerous action once. 

To apply the selected action to each attempt of obtaining access to registry keys, check the Create a rule box. 

If you are sure that no activity of the application that attempted to access system registry keys is dangerous, add the 

application to the trusted application list. 

OBJECT CANNOT BE DISINFECTED 

In some cases, an object cannot be disinfected: for example, if the file is so corrupted that the application is unable to 

remove malicious code from it and restore its integrity. Besides, the disinfection procedure cannot be applied to several 

types of malicious objects, such as Trojans. If an object cannot be disinfected, a notification is displayed on the screen. 








208








Add to exclusions – create an exclusion rule for this threat type. 




HIDDEN PROCESS DETECTED 

If Proactive Defense detects a hidden process in the system, a notification is displayed on the screen. 



Type and name of threat as listed in the Kaspersky Lab Virus Encyclopedia. 

The icon is displayed next to the name. Clicking the icon opens a window with information about the threat. 

Clicking www.securelist.com in the window takes you to the Virus Encyclopedia website, where you can obtain 

more detailed information about the threat. 

Name of the process file, including the path to it. 


Quarantine – close the process and move the process file to Quarantine, where it poses no threat to your 







Terminate – interrupt the process. 

Allow – allow the execution of the process. 

To apply the selected action to all threats of the same type detected in the current session of Proactive Defense, check 

the Apply to all such cases box. The current session is the time from the moment the component was started until the 

moment it was closed or Kaspersky Internet Security was restarted. 

If you are sure that the process detected is not dangerous, we recommend adding it to the trusted zone to avoid 

Kaspersky Internet Security making repeat false positives when detecting it. 

209


BLOCKED DOMAIN REGION / ACCESS DENIED 

Access to a website may be blocked by Web Anti-Virus on the grounds that the website belongs to a specified regional 

domain. A domain is considered as blocked in the following cases: 

access to the domain was blocked by the user when configuring Web Anti-Virus; 

a previous attempt to access a website from the same region was blocked by the user. 

When Geo Filter (a module of Web Anti-Virus) detects an attempt to go to a website that belongs to a blocked region, a 

special notification is displayed in the browser window. 



the name of the region to which the website belongs; 

the domain and level of infectiousness of websites in this domain; 



Back to the previous page – open the previous page. 

Open web resource – load the website which belongs to the blocked domain. 

Open Geo Filter settings – open the Web Anti-Virus settings window on the Geo Filter tab. 

DANGEROUS WEB RESOURCE 

When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a dangerous website, a notification is displayed 

in the browser window. 





Back to the previous page – open the previous page without loading the dangerous website. 

Open anyway – load the dangerous website. 

NO INFORMATION ON WHETHER THE WEB RESOURCE IS SAFE 

When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a website whose security is doubtful, a 

notification is displayed in the browser window. 


a description of the reason for pausing access to the website; 


210



Yes, open web resource – load the website. 

Open and add to the trusted addresses – load the website and add its URL to the list of trusted ones to 

prevent Safe Surf from pausing the loading of this website. 

Open in Safe Run for Websites – load the website in Safe Run for Websites (only for Microsoft Internet 

Explorer, Mozilla Firefox, and Google Chrome). When loading the website in Safe Run for Websites, malicious 

objects on web pages being loaded do not constitute any menace to your computer's security. 

No, return to the previous page – do not load the website, but open the previous page instead. 

IT IS RECOMMENDED THAT YOU SWITCH TO SAFE RUN FOR WEBSITES 

Kaspersky Lab recommends that you use Safe Run for Websites, which will ensure improved protection of your digital 

identity data when working with online banking. 

When attempting to go to an online banking website, Web Anti-Virus displays a notification in the browser window. 


recommendation of switching to Safe Run for Websites; 

the address of the online banking resource. 


Open in Safe Run for Websites – open the website using the safe browser (only for Microsoft Internet 

Explorer, Mozilla Firefox, and Google Chrome). 

Open web resource – open the website in standard mode. 

Back to the previous page – open the previous page in normal mode without opening the website. 

IT IS RECOMMENDED THAT YOU QUIT SAFE RUN FOR WEBSITES 

When working with online banking websites, Safe Run for Websites is used. When you go to a different website that 

does not have to do with online banking, it is recommended that you quit Safe Run for Websites. If you continue working 

with a common website in Safe Run for Websites, this may weaken the protection of your digital identity data. 

When working in Safe Run for Websites and attempting to go from an online banking website to another one, Web Anti- 

Virus displays a notification in the browser window. 


recommendation of quitting Safe Run for Websites; 

the address of the website to which you have gone from the online banking website. 


Open web resource in usual browser – quit Safe Run for Websites and open the website in normal mode. 

This is a bank's website, continue in Safe Run for Websites – open the website in Safe Run for Websites. 

Back to the previous page – open the previous page in Safe Run for Websites. 

211

GLOSSARY 

A 

A C T I V A T I N G T H E A P P L I C A T I O N 

Switching the application into full-function mode. The user needs a license to activate the application. 

A C T I V E L I C E N S E 

The license currently used for the operation of a Kaspersky Lab application. The license defines the expiration date for 

full functionality and the license policy for the application. The application cannot have more than one license with active 

status. 

A D D I T I O N A L L I C E N S E 

A license that has been added for the operation of Kaspersky Lab application but has not been activated. The additional 

license enters into effect when the active license expires. 

A D M I N I S T R A T I O N S E R V E R C E R T I F I C A T E 

A certificate which allows Administration Server authentication when connecting the Administration Console to it and 

when exchanging data with users' computers. The Administration Server certificate is created when Administration 

Server is installed and then stored in the folder %ALLUSERSPROFILE%\Application 

Data\KasperskyLab\adminkit\1093\cert. 

A L T E R N A T E N T F S S T R E A M S 

NTFS data streams (alternate data streams) designed to contain additional attributes or file information. 

Each file in an NTFS file system is a set of streams. One of them contains the file content that one is able to view after 

opening the file, other streams (called alternate) are designed to contain meta information and ensure, for example, 

NTFS compatibility with other systems, such as an older file system by Macintosh called the Hierarchical File System 

(HFS). Streams can be created, deleted, stored separately, renamed, and even run as a process. 

Alternate streams can be used by intruders to transfer data secretly, or to steal them from a computer. 

A P P L I C A T I O N M O D U L E S 

Files included in the Kaspersky Lab installation package that are responsible for performing its main tasks. A particular 

executable module corresponds to each type of task performed by the application (real-time protection, on-demand scan, 

updates). By running a full scan of your computer from the main window, you initiate the execution of this task's module. 

A P P L I C A T I O N S E T T I N G S 

Application settings which are common for all task types, regulating the application's operation as a whole, such as 

application performance settings, report settings, and backup storage settings. 

A R C H I V E 

File "containing" one or several other objects, which may also be archives. 

A V A I L A B L E U P D A T E S 

A set of updates for Kaspersky Lab application modules, including critical updates accumulated over a certain period of 

time and changes to the application's architecture. 

B 

B L A C K L I S T O F K E Y F I L ES 

A database containing information on blacklisted Kaspersky Lab key files. The content of the black list file is updated 

along with the product databases. 

212

G L O S S A R Y 

B L O C K I N G A N O B J E C T 

Denying access to an object from external applications. A blocked object cannot be read, executed, changed, or deleted. 

B O O T V I R U S 

A virus that infects the boot sectors of a computer's hard drive. The virus forces the system to load it into memory during 

reboot and to direct control to the virus code instead of the original boot loader code. 

C 

C O M P R E S S E D F I L E 

An archive file that contains a decompression program and instructions for the operating system for executing it. 

D 

D A N G E R O U S O B J E C T 

An object containing a virus. You are advised not to access these objects, because it may result in infection of your 

computer. Once an infected object is detected, we recommend that you disinfect it using one of Kaspersky Lab's 

applications, or delete it if disinfection is not possible. 

D A T A B A S E O F P H I S H I N G W E B A D D R E S S E S 

List of web addresses which are defined as phishing by Kaspersky Lab specialists. The database is regularly updated 

and is part of the Kaspersky Lab application. 

D A T A B A S E O F S U S P I C I O U S W E B A D D R E S S E S 

List of web addresses whose content can be considered to be potentially dangerous. The list was created by Kaspersky 

Lab specialists. It is regularly updated and is included in the Kaspersky Lab application package. 

D A T A B A S E U P D A T E 

One of the functions performed by a Kaspersky Lab application that enables it to keep protection current. In doing so, the 

databases are downloaded from the Kaspersky Lab update servers onto the computer and are automatically connected 

to the application. 

D A T A B A S E S 

Databases created by Kaspersky Lab's experts and containing a detailed description of all current threats to computer 

security, as well as methods used for their detection and disinfection. These databases are constantly updated by 

Kaspersky Lab as new threats appear. 

D E L E T I N G A N O B J E C T 

The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder, 

network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot 


D I S I N F E C T I N G O B J E C T S O N R E S T A R T 

A method of processing infected objects that are being used by other applications at the moment of disinfection. Consists 

of creating a copy of the infected object, disinfecting the copy created, and replacing the original infected object with the 

disinfected copy after the next system restart. 

D I S K B O O T S E C T O R 

A boot sector is a particular area on a computer's hard drive, floppy, or other data storage device. It contains information 

on the disk's file system and a boot loader program that is responsible for starting the operating system. 

There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The Kaspersky Lab 

application allows scanning of boot sectors for viruses and disinfecting them if an infection is found. 

213


D O M A I N N A M E S E R V I C E ( D N S ) 

A distributed system for converting the name of a host (a computer or other network device) to an IP address. DNS 

functions in TCP/IP networks. As a special case, DNS can also store and process reverse requests and determine the 

name of a host by its IP address (PTR record). Resolution of DNS names is usually carried out by network applications, 

not by users. 

D U A L - H O M E D G A T E W A Y 

Computer equipped with two network adapters (each of which is connected to a different network) which transfers data 

from one network to the other. 

E 

E M A I L D A T A B A S E S 

Databases containing emails in a special format and saved on your computer. Each incoming/outgoing email is placed in 

the mail database after it is received/sent. These databases are scanned during a full computer scan. 

Incoming and outgoing emails are analyzed for viruses in real time at the time that they are sent and received if real-time 

protection is enabled. 

E V E N T S E V E R I T Y L E V E L 

Description of an event logged during the operation of the Kaspersky Lab application. There are four severity levels: 

Critical event. 

Functional failure. 

Warning. 

Information message. 

Events of the same type may have different severity levels, depending on the situation when the event occurred. 

E X C L U S I O N 

An Exclusion is an object excluded from the scan by a Kaspersky Lab application. You can exclude files of certain 

formats, file masks, a certain area (for example, a folder or a program), application processes, or objects by threat type, 

according to the Virus Encyclopedia classification from the scan. Each task can be assigned a set of exclusions. 

F 

F A L S E A L A R M 

A situation when a Kaspersky Lab application considers a non-infected object to be infected because its code is similar 

to that of a virus. 

F I L E M A S K 

Representation of a file name and extension using wildcards. The two standard wildcards used in file masks are * and ?, 

where * represents any number of any characters and ? stands for any single character. Using these wildcards, you can 

represent any file. Note that the name and extension are always separated by a period. 

H 

H A R D W A R E P O R T 

Socket on a hardware component of a computer in which a cable or a plug can be connected (LPT port, serial port, USB 

port). 

214


H E A D E R 

The information in the beginning of a file or a message, which is comprised of low-level data on file (or message) status 

and processing. In particular, the email message header contains such data as information about the sender and 

recipient and the date. 

H E U R I S T I C A N A L Y Z E R 

A technology designed for detecting threats that cannot be identified using the Kaspersky Lab application databases. It 

allows detection of objects suspected of being infected with an unknown virus or a new modification of known viruses. 

The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to 

false positives. 

Files detected by the heuristic analyzer are considered suspicious. 

I 

I C H E C K E R T E C H N O L O G Y 

iChecker is a technology that increases the speed of anti-virus scans by excluding objects that have remained 

unchanged since their last scan, provided that the scan parameters (the anti-virus database and settings) have not 

changed. The information for each file is stored in a special database. This technology is used in both real-time 

protection and on-demand scan modes. 

For example, you have an archive file that was scanned by the Kaspersky Lab application and assigned not infected 

status. The next time the application will skip this archive unless it has been altered or the scan settings have been 

changed. If you altered the archive content by adding a new object to it, modified the scan settings, or updated the antivirus 

database, the archive is re-scanned. 

Limitations of iChecker technology: 

this technology does not work with large files, since it is faster to scan a file than check whether it was modified 

since it was last scanned; 

the technology supports a limited number of formats (EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, RAR). 

I N C O M P A T I B L E A P P L I C A T I O N 

An antivirus application from a third-party developer or a Kaspersky Lab application that does not support management 

through Kaspersky Internet Security. 

I N F E C T E D O B J E C T 

Object containing a malicious code. It is detected when a section of the object's code completely matches a section of 

the code of a known threat. Kaspersky Lab does not recommend using such objects since they may infect your 

computer. 

I N P U T / O U T P U T P O R T 

Used in processors (such as Intel) for exchanging data with hardware components. The input/output port is associated 

with a certain hardware component and allows applications to address it for data exchange. 

I N S T A L L A T I O N U S I N G A L O G O N S C R I P T 

A method of remote installation of Kaspersky Lab applications which allows the startup of the remote installation task to 

be assigned to an individual user account (or to several user accounts). Registering a user in a domain leads to an 

attempt to install the application on the client computer on which the user has been registered. This method is 

recommended for installing the applications on computers running under Microsoft Windows 98 / Me operating systems. 

I N T E R C E P T O R 

Subcomponent of the application responsible for scanning specific types of email. The set of interceptors specific to your 

installation depends on what role or what combination of roles the application is being deployed for. 

215


I N T E R N E T P R O T O C O L ( I P ) 

The basic protocol for the Internet, used without change since the time of its development in 1974. It performs basic 

operations for transmitting data from one computer to another and serves as the foundation for higher-level protocols like 

TCP and UDP. It manages connection and error processing. Technologies such as NAT and masking make it possible to 

hide a large number of private networks using a small number of IP addresses (or even one address), which makes it 

possible to meet the demands of the constantly growing Internet using the relatively restricted IPv4 address space. 

K 

K A S P E R S K Y L AB' S U P D A T E S E R V E R S 

A list of Kaspersky Lab's HTTP and FTP servers from which the application downloads databases and module updates 

to your computer. 

K A S P E R S K Y S E C U R I T Y N E T W O R K 

The Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online 

Knowledge Base of Kaspersky Lab, which contains information about the reputation of files, web resources, and 

software. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky Internet 

Security when encountering new types of threats, improves performance of some protection components, and reduces 

the risk of false positives. 

K E Y F I L E 

A file with the KEY extension, which is your personal "key" and is necessary for working with the Kaspersky Lab 

application. A key file is included with the product if you purchased it from Kaspersky Lab distributors, or is emailed to 

you if you purchased the product online. 

L 

L I C E N S E V A L I D I T Y P E R I OD 

The period of time during which you are able to use all features of your Kaspersky Lab application. The license validity 

period generally runs for one calendar year from the date of installation. After the license expires, the application has 

reduced functionality. You will not be able to update the application databases. 

L I S T O F A L L O W E D U R L S 

A list of masks and addresses of web resources to which access is not blocked by the Kaspersky Lab application. The 

list of addresses is created by the user during application settings configuration. 

L I S T O F A L L O W E D S E N D E R S 

(also "White" list of addresses) 

The list of email addresses from which messages should not be scanned by Kaspersky Lab application. 

L I S T O F B L O C K E D U R L S 

A list of masks and addresses of web resources, access to which is blocked by the Kaspersky Lab application. The list of 

addresses is created by the user during application settings configuration. 

L I S T O F B L O C K E D S E N D E RS 

(also "Black" list of addresses) 

The list of email addresses from which messages should be blocked by the Kaspersky Lab application, regardless of 

their content. 

L I S T O F T R U S T E D U R L S 

A list of masks and addresses of web resources whose content the user trusts. A Kaspersky Lab application does not 

scan web pages corresponding to a list item for the presence of malicious objects. 

216


L I S T O F W E B A D D R E S S E S T O B E C H E C K E D 

A list of masks and addresses of web resources which are mandatorily scanned for malicious objects by the Kaspersky 

Lab application. 

M 

M E M O R Y D U M P 

Content of the working memory of a process or the entire RAM of the system at a specified moment of time. 

M E S S A G E D E L E T I O N 

The method of processing an email message where the message is physically removed. We recommend that this 

method be applied to messages that definitely contain spam or malware. Before deleting a message, a copy of it is 

saved in backup (unless this option is disabled). 

M O N I T O R E D O B J E C T 

A file transferred via HTTP, FTP, or SMTP protocols across the firewall and sent to a Kaspersky Lab application to be 

scanned. 

M O V I N G O B J E C T S T O Q U A R A N T I N E 

A method of processing a potentially infected object by blocking access to the file and moving it from its original location 

to the Quarantine folder, where the object is saved in encrypted form, which rules out the threat of infection. 

N 

N E T W O R K P O R T 

A TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host 

over a network and makes it possible for various programs running on a single host to receive data independently of 

each other. Each program processes data received via a certain port (this is sometimes referred to as the program 

"listening" to that port). 

For some common network protocols, there are usually standard port numbers (for example, web servers usually receive 

HTTP requests on TCP port 80); however, generally, a program can use any protocol on any port. Possible values: 1 to 

65535. 

N O T I F I C A T I O N T E M P L A T E 

A template based on which a notification about infected objects detected by a scan is generated. A notification template 

includes a combination of settings regulating the mode of notification, the means of distribution, and the text of messages 

to be sent. 

O 

O L E O B J E C T 

An attached object or an object embedded into another file. The Kaspersky Lab application allows scanning of OLE 

objects for viruses. For example, if you insert a Microsoft Office Excel table into a Microsoft Office Word document, the 

table is scanned as an OLE object. 

O B J E C T D I S I N F E C T I O N 

A method used for processing infected objects that results in complete or partial recovery of data or the decision that the 

objects cannot be disinfected. Objects are disinfected using the database records. Part of the data may be lost during 

disinfection. 

O B S C E N E M E S S A G E 

Email message containing offensive language. 

217


P 

P H I S H I N G 

A kind of Internet fraud which consists of sending email messages with the purpose of stealing confidential information - 

as a rule, various financial data. 

P O T E N T I A L L Y I N F E C T A B L E O B J E C T 

An object which, due to its structure or format, can be used by intruders as a "container" to store and distribute a 

malicious object. As a rule, they are executable files, for example, files with the extensions COM, EXE, DLL, etc. The risk 

of penetration of malicious code into such files is fairly high. 

P O T E N T I A L L Y I N F E C T E D O B J E C T 

An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to 

Kaspersky Lab. Potentially infected files are detected using a heuristic analyzer. 

P R O T E C T I O N S T A T E 

The current status of protection, summarizing the degree of security of the computer. 

P R O T O C O L 

A clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known 

protocols and the services associated with them include HTTP (WWW), FTP, and NNTP (news). 

P R O X Y S E R V E R 

A computer network service which allows users to make indirect requests to other network services. First, a user 

connects to a proxy server and requests a resource (e.g., a file) located on another server. Then the proxy server either 

connects to the specified server and obtains the resource from it or returns the resource from its own cache (if the proxy 

has its own cache). In some cases, a user's request or a server's response can be modified by the proxy server for 

certain purposes. 

Q 

Q U A R A N T I N E 

A certain folder where all potentially infected objects which were detected during scans or by real-time protection are 

placed. 

R 

R E A L - T I M E P R O T E C T I O N 

The application's operating mode under which objects are scanned for the presence of malicious code in real time. 

The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats. 

Uninfected objects are passed on to the user; objects containing threats or suspected of containing them are processed 

pursuant to the task settings (they are disinfected, deleted or quarantined). 

R E C O M M E N D E D L E V E L 

The level of security based on application settings recommended by Kaspersky Lab experts and providing an optimal 

level of protection for your computer. This level is set to be used by default. 

R E S T O R A T I O N 

Moving an original object from Quarantine or Backup to the folder where it was originally found before being moved to 

Quarantine, disinfected, or deleted, or to a different folder specified by the user. 

218


R O O T K I T 

An application or a set of applications developed for masking traces of an intruder or malware in the system. 

In Windows-based systems, rootkit usually means a program that penetrates in the system and intercepts system 

functions (Windows API). First of all, intercepting and modifying low-level API functions allow such program to mask its 

presence in the system in a quite sophisticated manner. Besides, a rootkit may, as a rule, mask the presence of any 

processes, folders and files on the disk, and registry keys if they are described in the rootkit's configuration. Many rootkits 

install their own drivers and services in the system (they also are "invisible"). 

S 

S C R I P T 

A small computer program or an independent part of a program (function) which, as a rule, has been developed to 

execute a small specific task. It is most often used with programs embedded into hypertext. Scripts are run, for example, 

when you open a certain website. 

If real-time protection is enabled, the application tracks the launching of scripts, intercepts them, and scans them for 

viruses. Depending on the results of the scan, you may block or allow the execution of a script. 

S E C U R I T Y L E V E L 

The security level is defined as a pre-set component configuration. 

S O C K S 

Proxy server protocol that allows establishment of a point-to-point connection between computers in the internal and 

external networks. 

S P A M 

Unsolicited mass email mailings, most often including advertising messages. 

S T A R T U P O B J E C T S 

The set of programs needed to start and correctly operate the operating system and software installed on your computer. 

These objects are executed every time the operating system is started. There are viruses capable of infecting such 

objects specifically, which may lead, for example, to blocking of operating system startup. 

S U B N E T M A S K 

The subnet mask (also known as netmask) and network address determine the addresses of computers on a network. 

S U S P I C I O U S M E S S A G E 

A message that cannot be unambiguously considered spam, but seems suspicious when scanned (e.g., certain types of 

mailings and advertising messages). 

S U S P I C I O U S O B J E C T 

An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to 

Kaspersky Lab. Suspicious objects are detected using the heuristic analyzer. 

T 

T A S K 

Functions performed by Kaspersky Lab's application are implemented as tasks, such as: Real-time file protection, Full 

computer scan, Database update. 

T A S K S E T T I N G S 

Application settings which are specific for each task type. 

219


T H R E A T R A T I N G 

The rating of how dangerous an application is for the operating system. The rating is calculated using heuristic analysis 

based on two types of criteria: 

static (such as information about the executable file of an application: size, creation date, etc.); 

dynamic, which are used when simulating the application's operation in a virtual environment (analysis of the 

application's calls to system functions). 

The threat rating allows the detection of behavior typical of malware. The lower the threat rating is, the more actions the 

application will be allowed to perform in the system. 

T R A C E S 

Running the application in debugging mode; after each command is executed, the application is stopped, and the result 

of this step is displayed. 

T R A F F I C S C A N 

A real-time scan using information from the latest version of the databases for objects transmitted via all protocols (for 

example, HTTP, FTP, etc.). 

T R U S T E D P R O C E S S 

A program process, whose file operations are not monitored by Kaspersky Lab's application in real-time protection mode. 

In other words, no objects run, open, or saved by the trusted process are scanned. 

U 

U N K N O W N V I R U S 

A new virus about which there is no information in the databases. Generally, unknown viruses are detected by the 

application in objects using the heuristic analyzer, and those objects are classified as potentially infected. 

U P D A T E 

The procedure of replacing/adding new files (databases or application modules) retrieved from the Kaspersky Lab 

update servers. 

U P D A T E P A C K A G E 

File package for updating the software. It is downloaded from the Internet and installed on your computer. 

U R G E N T U P D A T E S 

Critical updates to Kaspersky Lab application modules. 

V 

V I R U S A C T I V I T Y T H R E S H O L D 

The maximum permissible level of a specific type of event over a limited time period that, when exceeded, is considered 

to be excessive virus activity and a threat of a virus outbreak. This feature is highly significant during virus outbreaks and 

enables an administrator to react in a timely fashion to threats of virus outbreaks that arise. 

V I R U S O U T B R E A K 

A series of deliberate attempts to infect a computer with a virus. 

V I R U S O U T B R E A K C O U N T E R 

A template based on which a notification of a virus outbreak threat is generated. A virus outbreak counter includes a 

combination of settings which determine the virus activity threshold, means of spreading, and the text in messages sent. 

220

KASPERSKY LAB ZAO 

Kaspersky Lab software is internationally renowned for its protection against viruses, malware, spam, network and 

hacker attacks, and other threats. 

In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security software solutions 

for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred developer of 

computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009". 

Kaspersky Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in 

Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the 

Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The 

company employs more than 2000 qualified specialists. 

Products. Kaspersky Lab’s products provide protection for all systems—from home computers to large corporate 

networks. 

The personal product range includes anti-virus applications for desktop, laptop, and pocket computers, and for 

smartphones and other mobile devices. 

Kaspersky Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and 

firewalls. Used in conjunction with Kaspersky Lab’s centralized management system, these solutions ensure effective 

automated protection for companies and organizations against computer threats. Kaspersky Lab's products are certified 

by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are 

optimized to run on many hardware platforms. 

Kaspersky Lab’s virus analysts work around the clock. Every day they uncover thousands of new computer threats, 

create tools to detect and disinfect them, and include them in the databases used by Kaspersky Lab applications. 

Kaspersky Lab's Anti-Virus database is updated hourly; and the Anti-Spam database every five minutes. 

Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by 

Kaspersky Lab. It is no coincidence that many other developers user the Kaspersky Anti-Virus kernel in their products, 

including: SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies 

(Israel), Clearswift (UK), CommuniGate Systems (USA), Critical Path (Ireland), D-Link (Taiwan), M86 Security (USA), 

GFI (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), NETASQ (France), NETGEAR 

(USA), Parallels (Russia), SonicWALL (USA), WatchGuard Technologies (USA), ZyXEL Communications (Taiwan). 

Many of the company’s innovative technologies are patented. 

Achievements. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer 

threats. For example, in 2010 Kaspersky Anti-Virus was given several top Advanced+ awards after a series of tests held 

by AV-Comparatives, a renowned Austrian anti-virus lab. But Kaspersky Lab's main achievement is the loyalty of its 

users worldwide. The company’s products and technologies protect more than 300 million users, and its corporate clients 

number more than 200,000. 

Kaspersky Lab official site: 

Virus Encyclopedia: 

Anti-Virus Lab: 

Kaspersky Lab web forum: 

http://www.kaspersky.com 

http://www.securelist.com 

newvirus@kaspersky.com (only for sending probably infected files 

in archive format) 

http://support.kaspersky.com/virlab/helpdesk.html (for queries 

addressed to virus analysts) 

http://forum.kaspersky.com 

221

INFORMATION ABOUT THIRD-PARTY CODE 

Information about third-party code is contained in a file named legal_notices.txt and stored in the application installation 

folder. 

222

INDEX 

A 

Anti-Banner 

list of blocked banner addresses .......................................................................................................................... 136 

Anti-Spam 

additional filtering features .................................................................................................................................... 131 

agressiveness level .............................................................................................................................................. 122 

database of phishing web addresses ................................................................................................................... 125 

list of allowed phrases .......................................................................................................................................... 127 

list of allowed senders .......................................................................................................................................... 128 

list of blocked phrases .......................................................................................................................................... 127 

list of blocked senders .......................................................................................................................................... 128 

Microsoft Exchange Server messages ................................................................................................................. 132 

plug-in for Microsoft Office Outlook ...................................................................................................................... 133 

plug-in for Microsoft Outlook Express ................................................................................................................... 133 

plug-in for The Bat! ............................................................................................................................................... 134 

plug-in for Thunderbird ......................................................................................................................................... 134 

restoring the default settings ................................................................................................................................. 122 

training .................................................................................................................................................................. 122 

Application Control 

application run sequence ...................................................................................................................................... 106 

editing an application rule ..................................................................................................................................... 105 

protection scope ................................................................................................................................................... 107 

Application rule 

Firewall ................................................................................................................................................................. 112 

Application run sequence 


Application self-defense ............................................................................................................................................. 159 

B 

Browser Configuration ................................................................................................................................................ 165 

C 

Computer performance .............................................................................................................................................. 157 

D 

Data clearing 

Safe Run............................................................................................................................................................... 140 

Database of phishing web addresses 

Anti-Spam ............................................................................................................................................................. 125 

IM Anti-Virus ........................................................................................................................................................... 97 

Web Anti-Virus ........................................................................................................................................................ 90 

Disabling / enabling real-time protection ...................................................................................................................... 40 

E 

Editing an application rule 


EICAR ........................................................................................................................................................................ 176 

Enable 

Parental Control .................................................................................................................................................... 145 

F 

File Anti-Virus 

heuristic analysis .................................................................................................................................................... 81 

pausing ................................................................................................................................................................... 78 

223


protection scope ..................................................................................................................................................... 79 

response to a threat ................................................................................................................................................ 81 

scan mode .............................................................................................................................................................. 80 

scan of compound files ........................................................................................................................................... 82 

scan optimization .................................................................................................................................................... 83 

scan technology ...................................................................................................................................................... 81 

security level ........................................................................................................................................................... 80 

Firewall 

application rule ..................................................................................................................................................... 112 

changing rule priority ............................................................................................................................................ 112 

changing the network status ................................................................................................................................. 110 

Firewall rule .......................................................................................................................................................... 110 

packet rule ............................................................................................................................................................ 111 

Firewall rule 

Firewall ................................................................................................................................................................. 110 

H 

Heuristic analysis 



Web Anti-Virus ........................................................................................................................................................ 93 

I 

IM Anti-Virus 

database of phishing web addresses ..................................................................................................................... 97 


Installation folder .......................................................................................................................................................... 20 

K 

Kaspersky URL Advisor 

Web Anti-Virus ........................................................................................................................................................ 91 

L 

License 

activating the application ........................................................................................................................................ 43 

End User License Agreement ................................................................................................................................. 29 

License renewal ........................................................................................................................................................... 44 

M 

Mail Anti-Virus 

attachment filtering ................................................................................................................................................. 86 




scanning of compound files .................................................................................................................................... 87 


N 

Network 

encrypted connections .......................................................................................................................................... 116 

monitored ports ..................................................................................................................................................... 119 

Network Attack Blocker 

blocking time ......................................................................................................................................................... 115 

types of detected network attacks ........................................................................................................................ 114 

unblocking a computer ......................................................................................................................................... 115 

Network Monitor ......................................................................................................................................................... 118 

Notifications .................................................................................................................................................................. 45 

delivery of notifications using email ...................................................................................................................... 173 

disabling ............................................................................................................................................................... 172 

disabling the audio signal ..................................................................................................................................... 173 

224

I N D E X 

notification types ................................................................................................................................................... 173 

P 

Packet rule 

Firewall ................................................................................................................................................................. 111 

Parental Control 

browsing websites ................................................................................................................................................ 149 

communicating via IM clients ................................................................................................................................ 150 

downloading files from the Internet ....................................................................................................................... 150 

enabling and disabling .......................................................................................................................................... 145 

exporting / importing settings ................................................................................................................................ 146 

limiting time for computer use ............................................................................................................................... 148 

limiting time for Internet use .................................................................................................................................. 148 

running applications .............................................................................................................................................. 148 

safe search mode ................................................................................................................................................. 149 

searching for key words ........................................................................................................................................ 153 

sending private data ............................................................................................................................................. 152 

Proactive Defense 

dangerous activity list ............................................................................................................................................. 99 

dangerous activity monitoring rule .......................................................................................................................... 99 

group of trusted applications ................................................................................................................................... 98 

Protection scope 



IM Anti-Virus ........................................................................................................................................................... 96 


Web Anti-Virus ........................................................................................................................................................ 95 

Q 

Quarantine and Backup.............................................................................................................................................. 160 

R 

Reports 

events search ....................................................................................................................................................... 169 

filtering .................................................................................................................................................................. 168 

saving to file .......................................................................................................................................................... 170 

selecting a component or a task ........................................................................................................................... 168 

view ........................................................................................................................................................................ 57 

Rescue Disk ................................................................................................................................................................. 54 

Response to a threat 



virus scan ............................................................................................................................................................... 69 

Web Anti-Virus ........................................................................................................................................................ 90 

Restoring the default settings ....................................................................................................................................... 58 

Anti-Spam ............................................................................................................................................................. 122 

Restricting access to the application ............................................................................................................................ 63 

S 

Safe Run 

data clearing ......................................................................................................................................................... 140 

shared folder ......................................................................................................................................................... 143 

Scan 

account ................................................................................................................................................................... 69 

action with regard to a detected object ................................................................................................................... 69 

automatic startup of a skipped task ........................................................................................................................ 67 


scan technologies ................................................................................................................................................... 68 

scanning of compound files .................................................................................................................................... 70 

schedule ................................................................................................................................................................. 67 


type of objects to scan ............................................................................................................................................ 69 

225


vulnerability scan .................................................................................................................................................... 72 

Schedule 

update..................................................................................................................................................................... 75 

virus scan ............................................................................................................................................................... 67 

Security level 



Web Anti-Virus ........................................................................................................................................................ 90 

Shared folder 

Safe Run............................................................................................................................................................... 143 

T 

The context menu ........................................................................................................................................................ 32 

The main application window ....................................................................................................................................... 33 

The taskbar notification area icon ................................................................................................................................ 31 

Traces 

creating a trace file ............................................................................................................................................... 180 

uploading tracing results ....................................................................................................................................... 180 

Training Anti-Spam 

using an email client ............................................................................................................................................. 123 

using outgoing messages ..................................................................................................................................... 123 

using reports ......................................................................................................................................................... 124 

Trusted zone 

exclusion rules ...................................................................................................................................................... 155 

trusted applications ............................................................................................................................................... 154 

U 

Uninstallation 

application .............................................................................................................................................................. 27 

Update 

proxy server ............................................................................................................................................................ 77 

regional settings ..................................................................................................................................................... 74 

rolling back the last update ..................................................................................................................................... 76 

Updating 

from a local folder ................................................................................................................................................... 74 

update source ......................................................................................................................................................... 73 

V 

Virtual Keyboard ........................................................................................................................................................... 50 

W 

Web Anti-Virus 

database of phishing web addresses ..................................................................................................................... 90 

Geo Filter ................................................................................................................................................................ 94 


Kaspersky URL Advisor .......................................................................................................................................... 91 





226

Kaspersky Internet Security 2012

Create successful ePaper yourself

Delete template?

Save as template?