User guide
68
PROACTIVE DEFENSE
Kaspersky Anti-Virus protects you both from known threats and from new ones about which there is no information in the
application databases. This feature is ensured by a specially developed component named Proactive Defense.
The preventative technologies provided by Proactive Defense neutralize new threats before they harm your computer. In
contrast with reactive technologies, which analyze code based on records in Kaspersky Anti-Virus databases,
preventative technologies recognize a new threat on your computer by the sequence of actions executed by a program.
If, as a result of activity analysis, the sequence of application's actions arouses any suspicion, Kaspersky Anti-Virus
blocks the activity of this application.
To edit Proactive Defense settings, please do the following:
1. Open the main application window and in the top part click the Settings link.
2. In the window that will open, in the Protection section select the Proactive Defense component.
3. Make the required changes in the settings for the component you have selected.
IN THIS SECTION:
Using the list of dangerous activity .................................................................................................................................. 68
Changing the dangerous activity monitoring rule ............................................................................................................. 69
Creating a group of trusted applications .......................................................................................................................... 70
System accounts control ................................................................................................................................................. 70
USING THE LIST OF DANGEROUS ACTIVITY
Note that configuring activity control in Kaspersky Anti-Virus running under Microsoft Windows XP Professional x64
Edition, Microsoft Windows Vista or Microsoft Windows Vista x64 differs from the same process under other operating
systems.
Specifics of configuring application activity control under Microsoft Windows XP
Kaspersky Anti-Virus monitors application activity on your computer. Proactive Defense reacts immediately to a defined
sequence of application actions. For example, when actions such as a program copying itself to network resources, the
startup folder or the system registry, and then sending copies of itself, are detected, it is highly likely that this program is a
worm. Other dangerous sequences of operations include:
actions, typical of Trojans;
keyboard interception attempts;
hidden driver installation;
attempts to modify the operating system kernel;
attempts to create hidden objects and processes with negative PID;
HOSTS file modification attempts;
attempts to implement in other processes;