Scribd Logo
Upload

Welcome to Scribd!

  • Kaspersky Internet Security 2012: User Guide

    Uploaded by

    lokmatgroup3660
    47 views226 pages
    User Guide

    Original Title

    User Guide

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    User Guide

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    47 views226 pages

    Kaspersky Internet Security 2012: User Guide

    Uploaded by

    lokmatgroup3660
    User Guide

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 226

    Kaspersky Internet Security 2012

    User Guide

    APPLICATION VERSION: 12.0

    Dear User! Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers to most of your questions that may arise. Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability in accordance with applicable law. Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission of Kaspersky Lab. This document and related graphic images can be used exclusively for informational, non-commercial or personal use. This document may be amended without prior notification. The latest version of this document can be found on the Kaspersky Lab website at http://www.kaspersky.com/docs. Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in this document the rights to which are held by third parties, or for any potential damages associated with the use of such documents. This document uses registered trademarks and service marks which are the property of their respective owners. Document revision date: 4/19/2011 1997-2011 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com http://support.kaspersky.com

    CONTENT
    ABOUT THIS GUIDE .....................................................................................................................................................9 In this guide ..............................................................................................................................................................9 Document conventions ........................................................................................................................................... 11 SOURCES OF INFORMATION ABOUT THE APPLICATION ..................................................................................... 12 Sources of information for independent research ................................................................................................... 12 Discussing Kaspersky Lab applications on the Forum ........................................................................................... 13 Contacting the Sales Department ........................................................................................................................... 13 Contacting the Documentation Development Team by email ................................................................................. 13 KASPERSKY INTERNET SECURITY.......................................................................................................................... 14 What's new ............................................................................................................................................................. 14 Distribution kit ......................................................................................................................................................... 14 Service for registered users .................................................................................................................................... 15 Hardware and software requirements ..................................................................................................................... 15 INSTALLING AND REMOVING THE APPLICATION .................................................................................................. 17 Standard installation procedure .............................................................................................................................. 17 Step 1. Searching for a newer version of the application .................................................................................. 18 Step 2. Making sure the system meets the installation requirements ............................................................... 18 Step 3. Selecting installation type ..................................................................................................................... 19 Step 4. Reviewing the license agreement ......................................................................................................... 19 Step 5. Kaspersky Security Network Data Collection Statement ...................................................................... 19 Step 6. Searching for incompatible applications ............................................................................................... 19 Step 7. Selecting the destination folder ............................................................................................................. 20 Step 8. Preparing for installation ....................................................................................................................... 20 Step 9. Installing ............................................................................................................................................... 21 Step 10. Finishing the installation ..................................................................................................................... 21 Step 11. Activating the application .................................................................................................................... 21 Step 12. Registering a user............................................................................................................................... 21 Step 13. Completing the activation ................................................................................................................... 22 Updating the previous version of Kaspersky Internet Security................................................................................ 22 Step 1. Searching for a newer version of the application .................................................................................. 23 Step 2. Making sure the system meets the installation requirements ............................................................... 23 Step 3. Selecting installation type ..................................................................................................................... 24 Step 4. Reviewing the license agreement ......................................................................................................... 24 Step 5. Kaspersky Security Network Data Collection Statement ...................................................................... 24 Step 6. Searching for incompatible applications ............................................................................................... 24 Step 7. Selecting the destination folder ............................................................................................................. 25 Step 8. Preparing for installation ....................................................................................................................... 25 Step 9. Installing ............................................................................................................................................... 26 Step 10. Wizard completion .............................................................................................................................. 26 Non-standard installation scenarios ........................................................................................................................ 26 Getting started ........................................................................................................................................................ 27 Removing the application ....................................................................................................................................... 27 Step 1. Saving data for reuse............................................................................................................................ 27 Step 2. Confirmation of application removal...................................................................................................... 28

    USER GUIDE

    Step 3. Removing the application. Completing removal .................................................................................... 28 LICENSING THE APPLICATION ................................................................................................................................. 29 About the End User License Agreement ................................................................................................................ 29 About data provision ............................................................................................................................................... 29 About the license .................................................................................................................................................... 29 About the activation code ....................................................................................................................................... 30 APPLICATION INTERFACE ........................................................................................................................................ 31 The notification area icon........................................................................................................................................ 31 The context menu ................................................................................................................................................... 32 The Kaspersky Internet Security main window ....................................................................................................... 33 Notification windows and pop-up messages ........................................................................................................... 34 The application settings window ............................................................................................................................. 36 The Kaspersky Gadget ........................................................................................................................................... 37 News Agent ............................................................................................................................................................ 37 STARTING AND STOPPING THE APPLICATION ...................................................................................................... 38 Enabling and disabling automatic launch ............................................................................................................... 38 Launching and closing the application manually..................................................................................................... 38 MANAGING THE COMPUTER PROTECTION ............................................................................................................ 39 Diagnostics and elimination of problems in your computer protection .................................................................... 39 Enabling and disabling the protection ..................................................................................................................... 40 Pausing and resuming protection ........................................................................................................................... 41 SOLVING TYPICAL TASKS......................................................................................................................................... 43 How to activate the application ............................................................................................................................... 43 How to purchase or renew a license ....................................................................................................................... 44 What to do when application notifications appear................................................................................................... 45 How to update application databases and modules .............................................................................................. 45 How to scan critical areas of your computer for viruses ........................................................................................ 46 How to scan a file, folder, disk, or another object for viruses .................................................................................. 46 How to perform a full scan of your computer for viruses ........................................................................................ 48 How to scan your computer for vulnerabilities ........................................................................................................ 48 How to protect your personal data against theft ..................................................................................................... 48 Protection against phishing ............................................................................................................................... 49 Protection against data interception at the keyboard ........................................................................................ 50 Protection of confidential data entered on websites .......................................................................................... 51 What to do if you suspect an object is infected with a virus .................................................................................... 51 How to run an unknown application without doing any harm to the system ........................................................... 52 What to do with a large number of spam messages ............................................................................................... 52 What to do if you suspect your computer is infected .............................................................................................. 53 How to restore a file that has been deleted or disinfected by the application ........................................................ 54 How to create and use a Rescue Disk .................................................................................................................... 54 Creating a Rescue Disk .................................................................................................................................... 55 Starting the computer from the Rescue Disk..................................................................................................... 57 How to view the report on the application's operation ............................................................................................. 57 How to restore default application settings ............................................................................................................. 58 How to transfer settings to Kaspersky Internet Security installed on another computer ......................................... 59 How to use the Kaspersky Gadget ......................................................................................................................... 59 How to know the reputation of an application ......................................................................................................... 61

    CONTENT

    ADVANCED APPLICATION SETTINGS ...................................................................................................................... 62 General protection settings ..................................................................................................................................... 63 Restricting access to Kaspersky Internet Security ............................................................................................ 63 Selecting a protection mode.............................................................................................................................. 64 Scan ....................................................................................................................................................................... 64 Virus scan ......................................................................................................................................................... 64 Vulnerability Scan ............................................................................................................................................. 72 Managing scan tasks. Task Manager ............................................................................................................... 72 Update .................................................................................................................................................................... 72 Selecting an update source............................................................................................................................... 73 Creating the update startup schedule ............................................................................................................... 75 Rolling back the last update .............................................................................................................................. 76 Running updates under a different user account .............................................................................................. 76 Using a proxy server ......................................................................................................................................... 77 File Anti-Virus ......................................................................................................................................................... 77 Enabling and disabling File Anti-Virus ............................................................................................................... 78 Automatically pausing File Anti-Virus ................................................................................................................ 78 Creating the protection scope of File Anti-Virus ................................................................................................ 79 Changing and restoring the file security level.................................................................................................... 80 Selecting file scan mode ................................................................................................................................... 80 Using heuristic analysis when working with File Anti-Virus ............................................................................... 81 Selecting file scan technology ........................................................................................................................... 81 Changing the action to take on infected files..................................................................................................... 81 Scan of compound files by File Anti-Virus ......................................................................................................... 82 Optimizing file scan ........................................................................................................................................... 83 Mail Anti-Virus ........................................................................................................................................................ 83 Enabling and disabling Mail Anti-Virus .............................................................................................................. 84 Creating the protection scope of Mail Anti-Virus ............................................................................................... 84 Changing and restoring the email security level................................................................................................ 85 Using heuristic analysis when working with Mail Anti-Virus ............................................................................. 86 Changing the action to take on infected email messages ................................................................................. 86 Filtering attachments in email messages .......................................................................................................... 86 Scan of compound files by Mail Anti-Virus ........................................................................................................ 87 Email scanning in Microsoft Office Outlook ....................................................................................................... 87 Email scanning in The Bat! ............................................................................................................................... 87 Web Anti-Virus........................................................................................................................................................ 88 Enabling and disabling Web Anti-Virus ............................................................................................................. 89 Changing and restoring the web traffic security level ........................................................................................ 90 Changing the action to take on dangerous objects from web traffic ................................................................. 90 Checking URLs on web pages .......................................................................................................................... 90 Using heuristic analysis when working with Web Anti-Virus ............................................................................. 93 Blocking dangerous scripts ............................................................................................................................... 93 Scan optimization.............................................................................................................................................. 94 Controlling access to regional domains ............................................................................................................ 94 Controlling access to online banking services................................................................................................... 95 Creating a list of trusted addresses................................................................................................................... 95 IM Anti-Virus ........................................................................................................................................................... 96 Enabling and disabling IM Anti-Virus ................................................................................................................ 96

    USER GUIDE

    Creating the protection scope of IM Anti-Virus .................................................................................................. 96 Checking URLs in messages from IM clients .................................................................................................... 97 Using heuristic analysis when working with IM Anti-Virus ................................................................................. 97 Proactive Defense .................................................................................................................................................. 97 Enabling and disabling Proactive Defense ........................................................................................................ 98 Creating a group of trusted applications ........................................................................................................... 98 Using the dangerous activity list ........................................................................................................................ 99 Changing the action to be taken on applications' dangerous activity ................................................................ 99 System Watcher ..................................................................................................................................................... 99 Enabling and disabling System Watcher ......................................................................................................... 100 Using patterns of dangerous activity (BSS)..................................................................................................... 100 Rolling back a malicious program's actions .................................................................................................... 101 Application Control ............................................................................................................................................... 101 Enabling and disabling Application Control ..................................................................................................... 102 Placing applications into groups ...................................................................................................................... 102 Viewing application activity ............................................................................................................................. 103 Modifying a group and restoring the default group .......................................................................................... 103 Working with Application Control rules ............................................................................................................ 104 Interpreting data on application usage by the participants of the Kaspersky Security Network ...................... 108 Network protection ................................................................................................................................................ 109 Firewall............................................................................................................................................................ 109 Network Attack Blocker ................................................................................................................................... 113 Encrypted connections scan ........................................................................................................................... 116 Network Monitor .............................................................................................................................................. 118 Configuring the proxy server ........................................................................................................................... 118 Creating a list of monitored ports .................................................................................................................... 119 Anti-Spam ............................................................................................................................................................. 120 Enabling and disabling Anti-Spam .................................................................................................................. 121 Changing and restoring the spam protection level .......................................................................................... 122 Training Anti-Spam ......................................................................................................................................... 122 Checking URLs in email messages ................................................................................................................ 125 Detecting spam by phrases and addresses. Creating lists ............................................................................. 125 Regulating threshold values of the spam rate ................................................................................................. 130 Using additional features affecting the spam rate ........................................................................................... 131 Selecting a spam recognition algorithm .......................................................................................................... 131 Adding a label to the message subject ........................................................................................................... 132 Scanning messages from Microsoft Exchange Server .................................................................................... 132 Configuring spam processing by mail clients .................................................................................................. 132 Anti-Banner........................................................................................................................................................... 135 Enabling and disabling Anti-Banner ................................................................................................................ 135 Selecting a scan method ................................................................................................................................. 135 Creating lists of blocked and allowed banner addresses ................................................................................ 136 Exporting and importing lists of addresses ..................................................................................................... 136 Safe Run for Applications and Safe Run for Websites ......................................................................................... 137 About Safe Run............................................................................................................................................... 138 About Safe Run for Websites .......................................................................................................................... 141 Using a shared folder ...................................................................................................................................... 143 Parental Control.................................................................................................................................................... 143 Configuring a user's Parental Control ............................................................................................................. 144

    CONTENT

    Viewing reports of a user's activity .................................................................................................................. 153 Trusted zone......................................................................................................................................................... 154 Creating a list of trusted applications .............................................................................................................. 154 Creating exclusion rules .................................................................................................................................. 155 Performance and compatibility with other applications ......................................................................................... 155 Selecting detectable threat categories ............................................................................................................ 156 Battery saving ................................................................................................................................................. 156 Advanced Disinfection .................................................................................................................................... 156 Distributing computer resources when scanning for viruses ........................................................................... 157 Running tasks in background mode ................................................................................................................ 157 Full-screen mode. Gaming Profile ................................................................................................................... 158 Kaspersky Internet Security self-defense ............................................................................................................. 159 Enabling and disabling self-defense ............................................................................................................... 159 Protection against external control .................................................................................................................. 159 Quarantine and Backup ........................................................................................................................................ 160 Storing files in Quarantine and Backup ........................................................................................................... 160 Working with quarantined files ........................................................................................................................ 161 Working with objects in Backup ...................................................................................................................... 162 Scanning files in Quarantine after an update .................................................................................................. 163 Additional tools for better protection of your computer ......................................................................................... 163 Privacy Cleaner............................................................................................................................................... 164 Configuring a browser for safe work ............................................................................................................... 165 Rolling back changes made by Wizards ......................................................................................................... 167 Reports ................................................................................................................................................................. 167 Creating a report for the selected protection component ................................................................................ 168 Data filtering .................................................................................................................................................... 168 Events search ................................................................................................................................................. 169 Saving a report to file ...................................................................................................................................... 170 Storing reports ................................................................................................................................................ 170 Clearing application reports ............................................................................................................................ 170 Recording non-critical events into the report ................................................................................................... 171 Configuring the notification of report availability .............................................................................................. 171 Application appearance. Managing active interface elements .............................................................................. 171 Translucence of notification windows .............................................................................................................. 171 Animation of the application icon in the notification area ................................................................................ 172 Text on Microsoft Windows logon screen........................................................................................................ 172 Notifications .......................................................................................................................................................... 172 Enabling and disabling notifications ................................................................................................................ 172 Configuring the notification method ................................................................................................................. 173 Disabling news delivery .................................................................................................................................. 174 Kaspersky Security Network ................................................................................................................................. 174 Enabling and disabling participation in Kaspersky Security Network .............................................................. 175 Verifying connection to Kaspersky Security Network ...................................................................................... 175 TESTING THE APPLICATION'S OPERATION .......................................................................................................... 176 About the test file EICAR ...................................................................................................................................... 176 Testing the application's functioning using the test file EICAR ............................................................................. 176 About the types of the test file EICAR .................................................................................................................. 177

    USER GUIDE

    CONTACTING THE TECHNICAL SUPPORT SERVICE ........................................................................................... 179 How to get technical support ................................................................................................................................ 179 Using the trace file and the AVZ script ................................................................................................................. 179 Creating a system state report ........................................................................................................................ 180 Creating a trace file ......................................................................................................................................... 180 Sending data files ........................................................................................................................................... 180 AVZ script execution ....................................................................................................................................... 181 Technical support by phone.................................................................................................................................. 182 Obtaining technical support via My Kaspersky Account ....................................................................................... 182 APPENDIX ................................................................................................................................................................. 184 Working with the application from the command line ............................................................................................ 184 Activating the application ................................................................................................................................ 185 Starting the application ................................................................................................................................... 186 Stopping the application .................................................................................................................................. 186 Managing application components and tasks ................................................................................................. 186 Virus scan ....................................................................................................................................................... 188 Updating the application ................................................................................................................................. 190 Rolling back the last update ............................................................................................................................ 191 Exporting protection settings ........................................................................................................................... 191 Importing protection settings ........................................................................................................................... 191 Creating a trace file ......................................................................................................................................... 192 Viewing Help ................................................................................................................................................... 192 Return codes of the command line ................................................................................................................. 193 Kaspersky Internet Security notifications list......................................................................................................... 194 Notifications in any protection mode ............................................................................................................... 194 Notifications in interactive protection mode ..................................................................................................... 201 GLOSSARY ............................................................................................................................................................... 212 KASPERSKY LAB ZAO ............................................................................................................................................. 221 INFORMATION ABOUT THIRD-PARTY CODE ........................................................................................................ 222 INDEX ........................................................................................................................................................................ 223

    ABOUT THIS GUIDE


    Greetings from Kaspersky Lab specialists! This guide contains information about how to install, configure, and use Kaspersky Internet Security. We hope that information provided by this guide, will help you work with the application with the maximum of ease. This guide is intended to: help you install, activate, and use Kaspersky Internet Security; ensure a quick search of information on application-related issues; describe additional sources of information about the application and ways of cooperating with the Technical Support Service. For proper use of the application, you should have basic computer skills: be acquainted with the interface of the operating system that you use, handle the main techniques specific for that system, know how to work with email and the Internet.

    IN THIS SECTION:
    In this guide ....................................................................................................................................................................... 9 Document conventions .................................................................................................................................................... 11

    IN THIS GUIDE
    This guide comprises the following sections.

    Sources of information about the application


    This section describes sources of information about the application and lists websites that you can use to discuss the application's operation.

    Kaspersky Internet Security


    This section describes the application's features and provides brief information about the application's functions and components. You will learn what items are included in the distribution kit, and what services are available for registered users of the application. This section provides information about software and hardware requirements that a computer should meet to allow a user to install the application on it.

    Installing and removing the application


    This section provides information about how to install the application on a computer and how to uninstall it.

    Licensing the application


    This section provides information about general terms related to the application activation. Read this section to learn more about the purpose of the license agreement, license types, ways of activating the application, and the license renewal.

    USER GUIDE

    Application interface
    This section provides information about basic elements of the graphic interface of the application: application icon and application icon context menu, main window, settings window, and notification windows.

    Starting and stopping the application


    This section contains information on starting and shutting down the application.

    Managing the computer protection


    This section provides information about how to detect threats to the computer's security and how to configure the security level. Read this section to learn more about how to enable, disable, and pause the protection when using the application.

    Solving typical tasks


    This section provides information about how to resolve the most common issues related to protection of the computer using the application.

    Advanced application settings


    This section provides detailed information about how to configure each of the application components.

    Testing the application's operation


    This section provides information about how to ensure that the application detects viruses and their modifications and performs the correct actions on them.

    Contacting the Technical Support Service


    This section provides information about how to contact the Technical Support Service at Kaspersky Lab.

    Appendix
    This section provides information that complements the document text.

    Glossary
    This section contains a list of terms mentioned in the document and their respective definitions.

    Kaspersky Lab ZAO


    This section provides information about Kaspersky Lab.

    Information about third-party code


    This section provides information about the third-party code used in the application.

    Index
    This section allows you to quickly find required information within the document.

    10

    ABOUT

    THIS

    GUIDE

    DOCUMENT CONVENTIONS
    The text herein is accompanied by semantic elements that should be given particular attention warnings, hints, examples. Document conventions are used to highlight semantic elements. Document conventions and examples of their use are shown in the table below.
    Table 1. Document conventions

    SAMPLE TEXT Note that...

    DOCUMENT CONVENTIONS DESCRIPTION Warnings are highlighted with red color and boxed. Warnings provide information about probable unwanted actions that may lead to data losses or failures in the computer's operation. Notes are boxed.

    It is recommended to use...

    Notes may contain useful hints, recommendations, specific values, or important particular cases in the application's operation. Examples are set out on a yellow background under the heading "Example".

    Example: ... Update means... The Databases are out of date event occurs. Press ENTER. Press ALT+F4. Click the Enable button. To configure a task schedule: Enter help in the command line. The following message then appears: Specify the date in dd:mm:yy format. <IP address of your computer>

    The following semantic elements are italicized in the text: new terms; names of application statuses and events. Names of keyboard keys appear in a bold typeface and are capitalized. Names of keys connected by a + (plus) sign indicate the use of a key combination. Those keys should be pressed simultaneously. Names of application interface elements, such as entry fields, menu items, and buttons, are set off in bold. Introductory phrases of instructions are italicized and accompanied by the arrow sign. The following types of text content are set off with a special font: text in the command line; text of messages displayed on the screen by the application; data that the user should enter. Variables are enclosed in angle brackets. Instead of a variable, the corresponding value should be inserted, with angle brackets omitted.

    11

    SOURCES OF INFORMATION ABOUT THE APPLICATION


    This section describes sources of information about the application and lists websites that you can use to discuss the application's operation. You can select the most suitable information source, depending on the issue's level of importance and urgency.

    IN THIS SECTION:
    Sources of information for independent research ............................................................................................................ 12 Discussing Kaspersky Lab applications on the Forum .................................................................................................... 13 Contacting the Sales Department ................................................................................................................................... 13 Contacting the Documentation Development Team by email.......................................................................................... 13

    SOURCES OF INFORMATION FOR INDEPENDENT RESEARCH


    You can use the following sources to find information about the application: the application page on the Kaspersky Lab website; the application page on the Technical Support Service website (Knowledge Base); online help; documentation. If you cannot solve an issue on your own, we recommend that you contact the Technical Support Service at Kaspersky Lab (see section "Technical support by phone" on page 182). To use information sources on the Kaspersky Lab website, an Internet connection should be established.

    The application page on the Kaspersky Lab website


    The Kaspersky Lab website features an individual page for each application. On such a page (http://www.kaspersky.com/kaspersky_internet_security), you can view general information about an application, its functions and features. The page http://www.kaspersky.com features a URL to the eStore. There you can purchase or renew the application.

    The application page on the Technical Support Service website (Knowledge Base)
    Knowledge Base is a section of the Technical Support Service website that provides recommendations on how to work with Kaspersky Lab applications. Knowledge Base comprises reference articles grouped by topics.

    12

    SOURCES

    OF INFORMATION ABOUT THE APPLICATION

    On the page of the application in the Knowledge Base (http://support.kaspersky.com/kis2012), you can read articles that provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, and use the application. Articles may provide answers to questions that are out of scope of Kaspersky Internet Security, being related to other Kaspersky Lab applications. They also may contain news from the Technical Support Service.

    Online help
    The online help of the application comprises help files. The context help provides information about each window of the application, listing and describing the corresponding settings and a list of tasks. The full help provides detailed information about how to manage the computer's protection using the application.

    Documentation
    The application user guide provides information about how to install, activate, and configure the application, as well as application operation data. The document also describes the application interface and provides ways of solving typical user tasks while working with the application.

    DISCUSSING KASPERSKY LAB APPLICATIONS ON THE FORUM


    If your question does not require an urgent answer, you can discuss it with Kaspersky Lab specialists and other users on our Forum (http://forum.kaspersky.com). In this forum you can view existing topics, leave your comments, create new topics.

    CONTACTING THE SALES DEPARTMENT


    If you have any questions on how to select, purchase, or renew the application, you can contact our Sales Department specialists in one of the following ways: By calling our HQ office in Moscow by phone (http://www.kaspersky.com/contacts). By sending a message with your question to sales@kaspersky.com. The service is provided in Russian and English.

    CONTACTING THE DOCUMENTATION DEVELOPMENT TEAM BY EMAIL


    To contact the Documentation Development Team, send an email to docfeedback@kaspersky.com. Please use "Kaspersky Help Feedback: Kaspersky Internet Security" as the subject line in your message.

    13

    KASPERSKY INTERNET SECURITY


    This section describes the application's features and provides brief information about the application's functions and components. You will learn what items are included in the distribution kit, and what services are available for registered users of the application. This section provides information about software and hardware requirements that a computer should meet to allow a user to install the application on it.

    IN THIS SECTION:
    What's new ...................................................................................................................................................................... 14 Distribution kit.................................................................................................................................................................. 14 Service for registered users ............................................................................................................................................ 15 Hardware and software requirements ............................................................................................................................. 15

    WHAT'S NEW
    Kaspersky Internet Security provides the following new features: The improved interface of the main window of Kaspersky Internet Security ensures quick access to the application's functions. The logic of operations with Quarantine and Backup (see page 160) has been improved: now they are represented on two separate tabs, each of them with its respective unique scope. The Task Manager has been added for an easy task management in Kaspersky Internet Security (see section "Managing scan tasks. Task Manager" on page 72). Participation in the Kaspersky Security Network (see page 174) allows us to identify the reputation of applications and websites based on data received from users from all over the world. When Web Anti-Virus is enabled, you can separately enable the heuristic analysis to check web pages for phishing (see section "Using heuristic analysis when working with Web Anti-Virus" on page 93). When checking pages for phishing, the heuristic analysis will be applied regardless of whether it has been enabled for Web AntiVirus. The appearance of Kaspersky Gadget has been redesigned (see page 37).

    DISTRIBUTION KIT
    You can purchase the application in one of the following ways: Boxed. Distributed via stores of our partners. At the online store. Distributed at online stores of Kaspersky Lab (for example, http://www.kaspersky.com, section eStore) or via partner companies.

    14

    KASPERSKY INTERNET SECURITY

    If you purchase the boxed version of the application, the distribution kit contains the following items: sealed envelope with the setup CD that contains application files and documentation files; brief User Guide with an activation code; license agreement that stipulates the terms, on which you can use the application. The content of the distribution kit may differ depending on the region, in which the application is distributed. If you purchase Kaspersky Internet Security at an online store, you copy the application from the website of the store. Information required for the application activation, will be sent to you by email on payment. For more details on ways of purchasing and the distribution kit, contact the Sales Department.

    SERVICE FOR REGISTERED USERS


    On purchasing a user license for the application, you become a registered user of Kaspersky Lab applications and can benefit from the following services during the entire validity term of the license: updating databases and providing new versions of the application; consulting by phone and by email on issues related to installation, configuration, and use of the application; notifying you of releases of new applications by Kaspersky Lab and new viruses. To use this service, you should be subscribed to the news delivery from Kaspersky Lab on the Technical Support Service website. No consulting services are provided on issues related to the functioning of operating systems, third-party software and technologies.

    HARDWARE AND SOFTWARE REQUIREMENTS


    To ensure the proper functioning of Kaspersky Internet Security, your computer should meet the following requirements: General requirements: 480 MB free disk space on the hard drive (including 380 MB on the system drive). CD / DVD-ROM (for installing Kaspersky Internet Security from a distribution CD). Internet access (for the application activation and for updating databases and software modules). Microsoft Internet Explorer 6.0 or higher. Microsoft Windows Installer 2.0. Requirements for Microsoft Windows XP Home Edition (Service Pack 2 or higher), Microsoft Windows XP Professional (Service Pack 2 or higher), and Microsoft Windows XP Professional x64 Edition (Service Pack 2 or higher): Intel Pentium 800 MHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent); 512 MB free RAM.

    15

    USER GUIDE

    Requirements for Microsoft Windows Vista Home Basic, Microsoft Windows Vista Home Premium, Microsoft Windows Vista Business, Microsoft Windows Vista Enterprise, Microsoft Windows Vista Ultimate, Microsoft Windows 7 Starter, Microsoft Windows 7 Home Basic, Microsoft Windows 7 Home Premium, Microsoft Windows 7 Professional, and Microsoft Windows 7 Ultimate: Intel Pentium 1 GHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent). 1 GB free RAM (for 32-bit operating systems); 2 GB free RAM (for 64-bit operating systems). You cannot enable Safe Run when working under a Microsoft Windows XP (64-bit) operating system. Use of Safe Run is restricted when working in Microsoft Windows Vista (64-bit) and Microsoft Windows 7 (64-bit) operating systems. Requirements for netbooks: Intel Atom 1.6 GHz processor or a compatible equivalent. Intel GMA950 video card with at least 64 MB of video RAM (or a compatible equivalent). Screen size no less than 10.1".

    16

    INSTALLING AND REMOVING THE APPLICATION


    This section provides information about how to install the application on a computer and how to uninstall it.

    IN THIS SECTION:
    Standard installation procedure ....................................................................................................................................... 17 Updating the previous version of Kaspersky Internet Security ........................................................................................ 22 Non-standard installation scenarios ................................................................................................................................ 26 Getting started................................................................................................................................................................. 27 Removing the application ................................................................................................................................................ 27

    STANDARD INSTALLATION PROCEDURE


    Kaspersky Internet Security will be installed on your computer in an interactive mode using the Setup Wizard. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button. If the application protects more than one computer (the maximum number of computers depends on your license), it will be installed in the same manner on all computers. Note that in this case, according to the license agreement, the license term begins from the date of the first activation. When you activate the application on the second computers and so on, the license validity term decreases for the amount of time that has elapsed since the first activation. So, the license validity term will expire simultaneously for all installed copies of the application. To install Kaspersky Internet Security on your computer, run the setup file (the file with an EXE extension) from the CD with the product. Installation of Kaspersky Internet Security from a setup file downloaded online is identical to installation from the installation CD.

    17

    USER GUIDE

    IN THIS SECTION:
    Step 1. Searching for a newer version of the application ................................................................................................ 18 Step 2. Making sure the system meets the installation requirements .............................................................................. 18 Step 3. Selecting installation type ................................................................................................................................... 19 Step 4. Reviewing the license agreement ....................................................................................................................... 19 Step 5. Kaspersky Security Network Data Collection Statement..................................................................................... 19 Step 6. Searching for incompatible applications .............................................................................................................. 19 Step 7. Selecting the destination folder ........................................................................................................................... 20 Step 8. Preparing for installation ..................................................................................................................................... 20 Step 9. Installing.............................................................................................................................................................. 21 Step 10. Finishing the installation .................................................................................................................................... 21 Step 11. Activating the application .................................................................................................................................. 21 Step 12. Registering a user ............................................................................................................................................. 21 Step 13. Completing the activation .................................................................................................................................. 22

    STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION


    Before setup, the Setup Wizard checks the Kaspersky Lab update servers for a newer version of Kaspersky Internet Security. If it does not find a newer product version on the Kaspersky Lab update servers, the Setup Wizard for the current version will be started. If the update servers offer a newer version of Kaspersky Internet Security, you will see a prompt to download and install it on the computer. It is recommended that you install the new version of the application, because newer versions include further enhancements that ensure you have the most reliable protection for your computer. If you cancel the new version download, the Setup Wizard for the current version will be started. If you decide to install the newer version, product distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started automatically. For a further description of the installation procedure for the newer version, please refer to the corresponding documentation.

    STEP 2. MAKING SURE THE SYSTEM MEETS THE INSTALLATION


    REQUIREMENTS
    Before installation of Kaspersky Internet Security on your computer, the installer checks the operating system and service packs to make sure they meet the software requirements for product installation (see section "Hardware and software requirements" on page 15). In addition, the installer checks for the presence of required software and the credentials necessary to install applications. If any of the above-listed requirements is not met, a notification to that effect will be displayed on the screen. If the computer meets all the requirements, the Wizard searches for Kaspersky Lab applications which, when run together with Kaspersky Internet Security, may result in conflicts. If such applications are found, you will be asked to remove them manually.

    18

    INSTALLING

    AND REMOVING THE APPLICATION

    If an earlier version of Kaspersky Anti-Virus or Kaspersky Internet Security is found, all data that can be used by Kaspersky Internet Security 2012 (for example, activation information or application settings) will be saved and used when installing the new application, while the one installed earlier will be automatically removed.

    STEP 3. SELECTING INSTALLATION TYPE


    At this step, you can choose the most suitable type of Kaspersky Internet Security installation: Standard installation. If you choose this option (the Change installation settings box is unchecked), the application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab experts. Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify the destination folder into which the application should be installed (see section "Step 7. Selecting the destination folder" on page 20) and disable the installation process protection, if necessary (see section "Step 8. Preparing for installation" on page 20). To proceed with the installation, click the Next button.

    STEP 4. REVIEWING THE LICENSE AGREEMENT


    At this step, you should review the license agreement between you and Kaspersky Lab. Read the agreement carefully and, if you accept all its terms, click the I agree button. The installation will continue. If you cannot accept the license agreement, cancel the application installation by clicking the Cancel button.

    STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT


    At this stage, you will be invited to participate in the Kaspersky Security Network. Participation in the program involves sending information about new threats detected on your computer, running applications, and downloaded signed applications, as well as your system information, to Kaspersky Lab. We guarantee that none of your personal data will be sent. Review the Kaspersky Security Network Data Collection Statement. To read the complete version of the Statement, click the Full KSN Agreement button. If you agree with all terms of the Statement, check the I accept the terms of participation in Kaspersky Security Network box in the Wizard window. Click the Next button if you have selected the custom installation (see section "Step 3. Selecting installation type" on page 19). If performing the standard installation, click the Install button. The installation will continue.

    STEP 6. SEARCHING FOR INCOMPATIBLE APPLICATIONS


    At this step, the application checks whether any applications incompatible with Kaspersky Internet Security are installed on your computer. If no such applications are found, the Wizard automatically proceeds to the next step. If any incompatible applications are detected, they are displayed in a list on the screen, and you will be prompted to remove them. Applications that Kaspersky Internet Security cannot remove automatically should be removed manually. When removing incompatible applications, you will need to reboot your operating system, after which installation of Kaspersky Internet Security will continue automatically. To proceed with the installation, click the Next button.

    19

    USER GUIDE

    STEP 7. SELECTING THE DESTINATION FOLDER


    This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting installation type" on page 19). When performing a standard installation, this step is skipped and the application is installed to the default folder. At this stage you are asked to choose the folder to which Kaspersky Internet Security will be installed. The following path is set by default: <disk>\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012 for 32-bit systems; <disk>\Program Files (86)\Kaspersky Lab\Kaspersky Internet Security 2012 for 64-bit systems. To install Kaspersky Internet Security to a different folder, specify the path to the desired folder in the input field or click the Browse button and choose a folder in the window that opens. Keep in mind the following restrictions: The application cannot be installed on network or removable drives, or on virtual drives (those created using the SUBST command). We recommend that you avoid installing the application in a folder that already contains files or other folders, because that folder will then become inaccessible for editing. The path to the installation folder cannot be longer than 160 characters or contain the special characters /, ?, :, *, ", >, < or |. To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the window that opens you can view the disk space information. To close the window, click OK. To proceed with the installation, click the Next button in the Wizard window.

    STEP 8. PREPARING FOR INSTALLATION


    This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting installation type" on page 19). For the standard installation, this step is skipped. Since your computer may be infected with malicious programs that may impact the installation of Kaspersky Internet Security, the installation process should be protected. By default, installation process protection is enabled the Protect the installation process box is checked in the Wizard window. You are advised to uncheck this box if the application cannot be installed (for example, when performing remote installation using Windows Remote Desktop). Enabled protection may be the reason. In this case, you should interrupt installation, restart it, check the Change installation settings box at the Select installation type step (see section "Step 3. Selecting installation type" on page 19), and when you reach the Preparing for installation step, uncheck the Protect the installation process box. To proceed with the installation, click the Install button. When installing the application on a computer running under Microsoft Windows XP, active network connections are terminated. The majority of terminated connections are restored after a pause.

    20

    INSTALLING

    AND REMOVING THE APPLICATION

    STEP 9. INSTALLING
    Installation of the application can take some time. Wait for it to finish. Once the installation is complete, the Wizard will automatically proceed to the next step. If an installation error occurs, which may be due to malicious programs that prevent anti-virus applications from being installed on your computer, the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool, a special utility for neutralizing infections. If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers, after which installation of the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by clicking the link provided. After you finish working with the utility, you should delete it and restart the installation of Kaspersky Internet Security.

    STEP 10. FINISHING THE INSTALLATION


    This window of the Wizard informs you of the successful completion of the application installation. To run Kaspersky Internet Security, make sure that the Run Kaspersky Internet Security 2012 box is checked and click the Finish button. In some cases, you may need to reboot your operating system. If the Run Kaspersky Internet Security 2012 box is checked, the application will be run automatically after you reboot your operating system. If you unchecked the box before closing the Wizard, you should run the application manually (see section "Launching and closing the application manually" on page 38).

    STEP 11. ACTIVATING THE APPLICATION


    Activation is the procedure of activating a license that allows you to use a fully functional version of the application until the license expires. You will need an Internet connection to activate the application. You will be offered the following options for Kaspersky Internet Security activation: Activate commercial version. Select this option and enter the activation code if you have purchased a commercial version of the application. If you specify an activation code for Kaspersky Anti-Virus in the entry field, the procedure of switching to Kaspersky Anti-Virus starts after the completion of activation. Activate trial version. Use this activation option if you want to install the trial version of the application before making the decision to purchase a commercial version. You will be able to use the fully-functional version of the application for the duration of a term limited by the license for the trial version of the application. When the license expires, it cannot be activated for a second time.

    STEP 12. REGISTERING A USER


    This step is only available when activating the commercial version of the application. When activating the trial version, this step is skipped.

    21

    USER GUIDE

    You need to register in order to be able to contact Kaspersky Lab Technical Support Service in the future. If you agree to register, specify your registration data in the corresponding fields and click the Next button.

    STEP 13. COMPLETING THE ACTIVATION


    The Wizard informs you that Kaspersky Internet Security has been successfully activated. In addition, information about the license is provided: license type (commercial or trial), date of expiry, and number of hosts for the license. If you have activated a subscription, information about the subscription status is displayed instead of the license expiry date. Click the Finish button to close the Wizard.

    UPDATING THE PREVIOUS VERSION OF KASPERSKY INTERNET SECURITY


    If Kaspersky Internet Security 2010 or 2011 is already installed on your computer, you should update the application to Kaspersky Internet Security 2012. If you have an active license for Kaspersky Internet Security 2010 or 2011, you will not have to activate the application: the Setup Wizard will automatically retrieve the information about your license for Kaspersky Internet Security 2010 or 2011 and use it during the installation process. Kaspersky Internet Security will be installed on your computer in an interactive mode using the Setup Wizard. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button. If the application protects more than one computer (the maximum number of computers depends on your license), it will be installed in the same manner on all computers. Note that in this case, according to the license agreement, the license term begins from the date of the first activation. When you activate the application on the second computers and so on, the license validity term decreases for the amount of time that has elapsed since the first activation. So, the license validity term will expire simultaneously for all installed copies of the application. To install Kaspersky Internet Security on your computer, run the setup file (the file with an EXE extension) from the CD with the product. Installation of Kaspersky Internet Security from a setup file downloaded online is identical to installation from the installation CD.

    22

    INSTALLING

    AND REMOVING THE APPLICATION

    IN THIS SECTION:
    Step 1. Searching for a newer version of the application ................................................................................................ 23 Step 2. Making sure the system meets the installation requirements .............................................................................. 23 Step 3. Selecting installation type ................................................................................................................................... 24 Step 4. Reviewing the license agreement ....................................................................................................................... 24 Step 5. Kaspersky Security Network Data Collection Statement ..................................................................................... 24 Step 6. Searching for incompatible applications.............................................................................................................. 24 Step 7. Selecting the destination folder ........................................................................................................................... 25 Step 8. Preparing for installation ..................................................................................................................................... 25 Step 9. Installing.............................................................................................................................................................. 26 Step 10. Wizard completion ............................................................................................................................................ 26

    STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION


    Before setup, the Setup Wizard checks the Kaspersky Lab update servers for a newer version of Kaspersky Internet Security. If it does not find a newer product version on the Kaspersky Lab update servers, the Setup Wizard for the current version will be started. If the update servers offer a newer version of Kaspersky Internet Security, you will see a prompt to download and install it on the computer. It is recommended that you install the new version of the application, because newer versions include further enhancements that ensure you have the most reliable protection for your computer. If you cancel the new version download, the Setup Wizard for the current version will be started. If you decide to install the newer version, product distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started automatically. For a further description of the installation procedure for the newer version, please refer to the corresponding documentation.

    STEP 2. MAKING SURE THE SYSTEM MEETS THE INSTALLATION


    REQUIREMENTS
    Before installation of Kaspersky Internet Security on your computer, the installer checks the operating system and service packs to make sure they meet the software requirements for product installation (see section "Hardware and software requirements" on page 15). In addition, the installer checks for the presence of required software and the credentials necessary to install applications. If any of the above-listed requirements is not met, a notification to that effect will be displayed on the screen. If the computer meets all the requirements, the Wizard searches for Kaspersky Lab applications which, when run together with Kaspersky Internet Security, may result in conflicts. If such applications are found, you will be asked to remove them manually. If an earlier version of Kaspersky Anti-Virus or Kaspersky Internet Security is found, all data that can be used by Kaspersky Internet Security 2012 (for example, activation information or application settings) will be saved and used when installing the new application, while the one installed earlier will be automatically removed.

    23

    USER GUIDE

    STEP 3. SELECTING INSTALLATION TYPE


    At this step, you can choose the most suitable type of Kaspersky Internet Security installation: Standard installation. If you choose this option (the Change installation settings box is unchecked), the application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab experts. Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify the destination folder into which the application should be installed (see section "Step 7. Selecting the destination folder" on page 20) and disable the installation process protection, if necessary (see section "Step 8. Preparing for installation" on page 20). To proceed with the installation, click the Next button.

    STEP 4. REVIEWING THE LICENSE AGREEMENT


    At this step, you should review the license agreement between you and Kaspersky Lab. Read the agreement carefully and, if you accept all its terms, click the I agree button. The installation will continue. If you cannot accept the license agreement, cancel the application installation by clicking the Cancel button.

    STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT


    At this stage, you will be invited to participate in the Kaspersky Security Network. Participation in the program involves sending information about new threats detected on your computer, running applications, and downloaded signed applications, as well as your system information, to Kaspersky Lab. We guarantee that none of your personal data will be sent. Review the Kaspersky Security Network Data Collection Statement. To read the complete version of the Statement, click the Full KSN agreement button. If you agree with all terms of the Statement, check the I accept the terms of participation in Kaspersky Security Network box in the Wizard window. Click the Next button if you have selected the custom installation (see section "Step 3. Selecting installation type" on page 19). If performing the standard installation, click the Install button. The installation will continue.

    STEP 6. SEARCHING FOR INCOMPATIBLE APPLICATIONS


    At this step, the application checks whether any applications incompatible with Kaspersky Internet Security are installed on your computer. If no such applications are found, the Wizard automatically proceeds to the next step. If any incompatible applications are detected, they are displayed in a list on the screen, and you will be prompted to remove them. Applications that Kaspersky Internet Security cannot remove automatically should be removed manually. When removing incompatible applications, you will need to reboot your operating system, after which installation of Kaspersky Internet Security will continue automatically. To proceed with the installation, click the Next button.

    24

    INSTALLING

    AND REMOVING THE APPLICATION

    STEP 7. SELECTING THE DESTINATION FOLDER


    This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting installation type" on page 19). When performing a standard installation, this step is skipped and the application is installed to the default folder. At this stage you are asked to choose the folder to which Kaspersky Internet Security will be installed. The following path is set by default: <disk>\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012 for 32-bit systems; <disk>\Program Files (86)\Kaspersky Lab\Kaspersky Internet Security 2012 for 64-bit systems. To install Kaspersky Internet Security to a different folder, specify the path to the desired folder in the input field or click the Browse button and choose a folder in the window that opens. Keep in mind the following restrictions: The application cannot be installed on network or removable drives, or on virtual drives (those created using the SUBST command). We recommend that you avoid installing the application in a folder that already contains files or other folders, because that folder will then become inaccessible for editing. The path to the installation folder cannot be longer than 160 characters or contain the special characters /, ?, :, *, ", >, < or |. To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the window that opens you can view the disk space information. To close the window, click OK. To proceed with the installation, click the Next button in the Wizard window.

    STEP 8. PREPARING FOR INSTALLATION


    This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting installation type" on page 19). For the standard installation, this step is skipped. Since your computer may be infected with malicious programs that may impact the installation of Kaspersky Internet Security, the installation process should be protected. By default, installation process protection is enabled the Protect the installation process box is checked in the Wizard window. You are advised to uncheck this box if the application cannot be installed (for example, when performing remote installation using Windows Remote Desktop). Enabled protection may be the reason. In this case, you should interrupt installation, restart it, check the Change installation settings box at the Select installation type step (see section "Step 3. Selecting installation type" on page 19), and when you reach the Preparing for installation step, uncheck the Protect the installation process box. To proceed with the installation, click the Install button. When installing the application on a computer running under Microsoft Windows XP, active network connections are terminated. The majority of terminated connections are restored after a pause.

    25

    USER GUIDE

    STEP 9. INSTALLING
    Installation of the application can take some time. Wait for it to finish. Once the installation is complete, the Wizard will automatically proceed to the next step. If an installation error occurs, which may be due to malicious programs that prevent anti-virus applications from being installed on your computer, the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool, a special utility for neutralizing infections. If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers, after which installation of the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by clicking the link provided. After you finish working with the utility, you should delete it and restart the installation of Kaspersky Internet Security.

    STEP 10. WIZARD COMPLETION


    This window of the Wizard informs you of the successful completion of the application installation. To run Kaspersky Internet Security, make sure that the Run Kaspersky Internet Security 2012 box is checked and click the Finish button. In some cases, you may need to reboot your operating system. If the Run Kaspersky Internet Security 2012 box is checked, the application will be run automatically after you reboot your operating system. If you unchecked the box before closing the Wizard, you should run the application manually (see section "Launching and closing the application manually" on page 38).

    NON-STANDARD INSTALLATION SCENARIOS


    This section describes application installation scenarios which differ from those of standard installation or update from the previous version.

    Installing Kaspersky Internet Security and activating later using a Kaspersky Anti-Virus activation code
    If, when installing Kaspersky Internet Security, at the Activating the application step, you enter a Kaspersky Anti-Virus activation code, a switching procedure starts which results in Kaspersky Anti-Virus being installed on your computer. If, when installing Kaspersky Internet Security, at the Activating the application step, you select Activate later and then activate the installed application with a Kaspersky Anti-Virus activation code, the switching procedure also starts, which results in Kaspersky Anti-Virus being installed on your computer.

    Installing Kaspersky Internet Security 2012 over Kaspersky Anti-Virus 2010 or 2011
    If you run the installation of Kaspersky Internet Security 2012 on a computer, on which Kaspersky Anti-Virus 2010 or 2011 with an active license is already installed, the Setup Wizard detects the information about the license and prompts you to select one of the following further actions: Use the current license of Kaspersky Anti-Virus 2010 or 2011. In this case, the switching procedure starts, which results in Kaspersky Anti-Virus 2012 being installed on your computer. You will be able to use Kaspersky Anti-Virus 2012 as long as the license for Kaspersky Anti-Virus 2010 or 2011 remains valid. Proceed with installation of Kaspersky Internet Security 2012. In this case, the installation procedure will continue according to the standard scenario, starting from the Activating the application step.

    26

    INSTALLING

    AND REMOVING THE APPLICATION

    GETTING STARTED
    The application is ready to be used after installation. To ensure proper protection of your computer, we recommend performing the following immediately after installation and configuration: Update application databases (see section "How to update application databases and modules" on page 45). Scan your computer for viruses (see section "How to perform a full scan of your computer for viruses" on page 48) and vulnerabilities (see section "How to scan your computer for vulnerabilities" on page 48). Check the protection status of your computer and eliminate problems in protection, if necessary.

    REMOVING THE APPLICATION


    After uninstalling Kaspersky Internet Security, your computer and personal data will be unprotected! Kaspersky Internet Security is uninstalled with the help of the Setup Wizard. To start the Wizard, in the Start menu, select Programs Security 2012. Kaspersky Internet Security 2012 Remove Kaspersky Internet

    IN THIS SECTION:
    Step 1. Saving data for reuse .......................................................................................................................................... 27 Step 2. Confirmation of application removal .................................................................................................................... 28 Step 3. Removing the application. Completing removal .................................................................................................. 28

    STEP 1. SAVING DATA FOR REUSE


    At this point you can specify which of the data used by the application you want to retain for reuse during the next installation of the application (e.g., a newer version of the application). By default, the application is completely removed from the computer. To save data for reuse: 1. 2. Choose the option Save application objects. Check the boxes for the data types you want to save: Activation data data that eliminates the need to activate the application in the future by automatically using the current license as long as it has not expired by the time of the next installation. Backup and Quarantine files files checked by the application and placed into backup storage or quarantine. Operational settings of the application values of the application settings selected during configuration. iChecker data files which contain information about the objects that have already been scanned for viruses.

    27

    USER GUIDE

    Anti-Spam databases databases containing signatures of spam messages downloaded and saved by the application. Safe Run shared folder data files saved by the application when working in a safe environment in a special folder that is also accessible in the normal environment.

    STEP 2. CONFIRMATION OF APPLICATION REMOVAL


    Since removing the application threatens the security of the computer and your personal data, you will be asked to confirm your intention to remove the application. To do this, click the Remove button. To stop removal of the application at any time, you can cancel this operation by clicking the Cancel button.

    STEP 3. REMOVING THE APPLICATION. COMPLETING REMOVAL


    At this step, the Wizard removes the application from your computer. Wait until removal is complete. When removing the application, you may need to reboot your operating system. If you cancel the immediate reboot, completion of the removal procedure will be postponed until the operating system is rebooted or the computer is turned off and then restarted.

    28

    LICENSING THE APPLICATION


    This section provides information about general terms related to the application activation. Read this section to learn more about the purpose of the license agreement, license types, ways of activating the application, and the license renewal.

    IN THIS SECTION:
    About the End User License Agreement ......................................................................................................................... 29 About data provision ....................................................................................................................................................... 29 About the license ............................................................................................................................................................. 29 About the activation code ................................................................................................................................................ 30

    ABOUT THE END USER LICENSE AGREEMENT


    License Agreement is a legal agreement concluded between you and Kaspersky Lab ZAO that stipulates the terms of use for the application. Read through the terms of the License Agreement carefully before you start using the application. You can read through the terms of the License Agreement when installing the Kaspersky Lab application. The terms of the License Agreement are regarded as accepted in the following cases: Upon unsealing the box with the setup CD (only if you have purchased the application in the boxed version or at a store of any of our partners). Upon confirming your acceptance of the text of the License Agreement when installing the application. If you do not accept the terms of the License Agreement, you have to interrupt the application installation.

    ABOUT DATA PROVISION


    In order to increase the level of real-time protection, accepting the terms of the License Agreement means that you agree to send information about checksums of processed objects (MD5), information required to determine the reputation of URLs, and statistical data for anti-spam protection, in automatic mode. Information retrieved does not contain any private data and other types of confidential information. Information retrieved is protected by Kaspersky Lab pursuant to the requirements stipulated by the existing legislation. You can obtain more details on the website: http://support.kaspersky.com.

    ABOUT THE LICENSE


    License is a time-limited right to use the application provided to you in accordance with the License Agreement. The license contains a unique code for the activation of your copy of Kaspersky Internet Security.

    29

    USER GUIDE

    The license grants you the right to benefit the following services: Using the application on one or several devices. Number of devices, on which you can use the application, is specified in the License Agreement. Contacting the Technical Support Service of Kaspersky Lab. Enjoying the complete set of services provided to you by Kaspersky Lab or its partners during the validity term of the license (see section "Service for registered users" on page 15). The scope of services provided and the validity term of the application depend on the type of license used to activate the application. The following license types are provided: Trial a free license with a limited validity period, offered to allow you to become familiar with the application. If you copy the application from the website http://www.kaspersky.com, you automatically become the owner of the trial license. As soon as the license expires, all Kaspersky Internet Security features are disabled. To continue using the application, you should purchase the commercial license. Commercial a paid license with a limited validity period, offered upon purchase of the application. After the expiration of the commercial license, the application keeps on running in limited functionality mode. You will still be able to scan your computer for viruses and use other application components but only with databases installed before the license has expired. To continue using Kaspersky Internet Security, you should renew the commercial license. We recommend that you renew the license on the day the current license expires at the latest in order to ensure the most comprehensible anti-virus protection of your computer.

    ABOUT THE ACTIVATION CODE


    Activation code is a code that you receive on purchasing the commercial license for Kaspersky Internet Security. This code is required for activation of the application. The activation code is an alphanumeric string of Latin characters in xxxxx-xxxxx-xxxxx-xxxxx format. The activation code is provided in one of the following forms, depending on the way you purchase the application: If you have purchased the boxed version of Kaspersky Internet Security, the activation code is specified in the documentation or on the box containing the setup CD. If you have purchased Kaspersky Internet Security at an online store, the activation code is sent to the email address that you have specified when ordering the product. The validity term of the license starts from the moment you have activated the application. If you have purchased a license intended for the use of Kaspersky Internet Security on several devices, the validity term of the license starts counting down from the moment you have entered the code on the first of those devices. If you have lost or accidentally deleted your activation code after the activation, you should send a request to the Technical Support Service at Kaspersky Lab from My Kaspersky Account (see section "Obtaining technical support via My Kaspersky Account" on page 182). On completion of the application activation with a code, you are assigned a client ID. Client ID is the personal ID for a user, that is needed for receiving technical support by phone or via My Kaspersky Account (see section "Obtaining technical support via My Kaspersky Account" on page 182).

    30

    APPLICATION INTERFACE
    This section provides information about basic elements of the graphic interface of the application: application icon and application icon context menu, main window, settings window, and notification windows.

    IN THIS SECTION:
    The notification area icon ................................................................................................................................................ 31 The context menu ........................................................................................................................................................... 32 The Kaspersky Internet Security main window................................................................................................................ 33 Notification windows and pop-up messages ................................................................................................................... 34 The application settings window ...................................................................................................................................... 36 The Kaspersky Gadget.................................................................................................................................................... 37 News Agent ..................................................................................................................................................................... 37

    THE NOTIFICATION AREA ICON


    Immediately after installation of the application, the application icon appears in the Microsoft Windows taskbar notification area. In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access the application more easily (see the operating system documentation). The icon has the following purposes: It is an indicator of the application's operation. It provides access to the context menu, the main application window and the news window.

    Indication of application operation


    This icon serves as an indicator of the application's operation. It also indicates the protection status and displays the basic functions currently being performed by the application: scanning an email message; scanning web traffic; updating databases and application modules; computer needs to be restarted to apply updates; a failure occurred in the operation of an application component.

    31

    USER GUIDE

    The icon is animated by default: for example, during the email message scan, a tiny letter symbol blinks in front of the application icon; when the update is in progress, you see a revolving globe. Animation can be deactivated (see section "Translucence of notification windows" on page 171). When the animation is disabled, the icon may take the following forms: (colored symbol) all or some protection components are activated; (black-and-white symbol) all protection components are disabled.

    Access to the context menu and application windows


    Using the icon, you can open the context menu (on page 32) (by right-clicking) and the main application window (see section "The Kaspersky Internet Security main window" on page 33) (by left-clicking). If news from Kaspersky Lab is available, the icon appears in the Microsoft Windows taskbar notification area. Doubleclick this icon to open the News Agent (see section "News Agent" on page 37).

    THE CONTEXT MENU


    Using the context menu, you can quickly take various actions on the application. The Kaspersky Internet Security menu contains the following items: Task Manager opens the Task Manager window. Update runs the update of application databases and modules. Tools opens a submenu containing the following items: Applications Activity opens the Applications Activity window; Network Monitor opens the Network Monitor window; Virtual Keyboard displays the Virtual Keyboard. Safe Run for Applications runs a safe desktop designed for handling applications that you suppose to be unsafe. If Safe Run for Applications is already active, the application switches to it. When working with Safe Run for Applications, this menu item is named Return to the main desktop, serving for switching to the main desktop. Kaspersky Internet Security opens the main application window. Pause protection / Resume protection temporarily disables / enables real-time protection components. This menu item does not affect the application's updates or the execution of virus scans. Enable Parental Control / Disable Parental Control enables / disables Parental Control for the current account. Settings opens the application settings window. About opens a window containing information about the application.

    32

    APPLICATION

    INTERFACE

    News opens the News Agent window (see section "News Agent" on page 37). This menu item is displayed if there is unread news. Exit closes Kaspersky Internet Security (when this item is selected, the application is unloaded from the computers RAM).

    Figure 1. The context menu

    If a virus scan or update task is running at the moment that you open the context menu, its name as well as its progress status (percentage complete) is displayed in the context menu. If you select a menu item with the name of a task, you can switch to the main window with a report of current task run results. To open the context menu, position the cursor over the application icon in the taskbar notification area and right-click it. In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access the application more easily (see the operating system documentation).

    THE KASPERSKY INTERNET SECURITY MAIN WINDOW


    The main application window contains interface elements that provide access to all the main features of the application. The main window can be divided into two parts: The top part of the window provides information about the protection status of your computer.

    Figure 2. Top part of the main window

    33

    USER GUIDE

    In the bottom part of the window, you can quickly switch to using the main features of the application (for example, running virus scan tasks, updating databases and software modules).

    Figure 3. Bottom part of the main window

    If you select any of the sections in the bottom part of the window, the window of the corresponding function opens. You can return to selecting functions by clicking the Back button in the top left corner of the window. You can also use the following buttons and links: Cloud protection to switch to information about Kaspersky Security Network (on page 174). Settings to open the application settings window (see section "The application settings window" on page 36). Reports to switch to the application operation reports. News to switch to viewing news in the News Agent window (see section "News Agent" on page 37). This link is displayed after the application receives a piece of news. Help to view the Kaspersky Internet Security help system. My Kaspersky Account to enter the user's personal account on the Technical Support Service website. Support to open the window containing information about the system and links to Kaspersky Lab information resources (Technical Support Service website, forum). Manage License to go to Kaspersky Internet Security activation and license renewal. You can open the main application window using one of the following methods: By left-clicking the application icon in the taskbar notification area. In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access the application more easily (see the operating system documentation). By selecting Kaspersky Internet Security from the context menu (see section "Context menu" on page 32). By clicking the Kaspersky Internet Security icon located in the center of the Kaspersky Gadget (only for Microsoft Windows Vista and Microsoft Windows 7).

    NOTIFICATION WINDOWS AND POP-UP MESSAGES


    Kaspersky Internet Security notifies you of important events occurring during its operation using notification windows and pop-up messages that appear over the application icon in the taskbar notification area.

    34

    APPLICATION

    INTERFACE

    Notification windows are displayed by Kaspersky Internet Security when various actions can be taken in connection with an event: for example, if a malicious object is detected, you can block access to it, delete it, or try to disinfect it. The application prompts you to select one of the available actions. A notification window only disappears from the screen if you select one of the actions.

    Figure 4. Notification window

    Pop-up messages are displayed by Kaspersky Internet Security in order to inform you of events that do not require you to select an action. Some pop-up messages contain links that you can use to take an action offered by the application: for example, run a database update or initiate activation of the application). Pop-up messages automatically disappear from the screen soon after they appear.

    Figure 5. Pop-up message

    Depending on the importance of an event for the viewpoint of the computer's security, notifications and pop-up messages are divided into three types: Critical notifications inform you of events that have a critical importance for the computer's security, such as detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and popup messages are red-colored. Important notifications inform you of events that are potentially important for the computer's security, such as detection of a potentially infected object or a suspicious activity in the system. Windows of important notifications and pop-up messages are yellow-colored. Information notifications inform you of events that do not have critical importance for the computer's security. Windows of information notifications and pop-up messages are green-colored.

    35

    USER GUIDE

    THE APPLICATION SETTINGS WINDOW


    The Kaspersky Internet Security settings window (also referred to as "settings window") is designed for configuring the entire application and separate protection components, scanning and update tasks, and for running other advanced configuration tasks (see section "Advanced application settings" on page 62).

    Figure 6. The application settings window

    The application settings window consists of two parts: in the left part of the window you can choose the application component, task or another item that should be configured; the right part of the window contains the controls that you can use to configure the item selected in the left part of the window. The components, tasks and other items in the left part of the window are grouped in the following sections: Protection Center; Scan; Update; Advanced Settings.

    36

    APPLICATION

    INTERFACE

    You can open the settings window using one of the following methods: by clicking the Settings link in the top part of the main application window (see section "The Kaspersky Internet Security main window" on page 33); by selecting Kaspersky Internet Security from the context menu (see section "Context menu" on page 32); by clicking the button with the Settings icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). The function of opening the settings window should be assigned to the button (see section "How to use the Kaspersky Gadget" on page 59).

    THE KASPERSKY GADGET


    When using Kaspersky Internet Security on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can also use the Kaspersky Gadget (hereinafter the gadget). The Kaspersky Gadget is designed for quick access to the main features of the application (for example, protection status indication, virus scanning of objects, application operation reports). After you install Kaspersky Internet Security on a computer running under Microsoft Windows 7, the gadget appears on your desktop automatically. After you install the application on a computer running under Microsoft Windows Vista, you should add the gadget to the Microsoft Windows Sidebar manually (see the operating system documentation).

    Figure 7. The Kaspersky Gadget

    NEWS AGENT
    Using News Agent, Kaspersky Lab informs you of all important events related to Kaspersky Internet Security and protection against computer threats. The application will notify you of news by displaying a special icon in the taskbar notification area (see below) and a popup message. Information about the number of unread news items is also displayed in the main application window. A news icon appears in the Kaspersky Internet Security gadget interface. You can read the news in one of the following ways: by clicking the icon in the taskbar notification area;

    by clicking the Read news link in the pop-up news message; by clicking the News link in the main application window; by clicking the icon which is displayed in the center of the Gadget when a piece of news appears (only for Microsoft Windows Vista and Microsoft Windows 7). The above-listed methods of opening the News Agent window are only operable if any unread news is available. If you do not want to receive any news, you can disable the news delivery.

    37

    STARTING AND STOPPING THE APPLICATION


    This section contains information on starting and shutting down the application.

    IN THIS SECTION:
    Enabling and disabling automatic launch ........................................................................................................................ 38 Launching and closing the application manually ............................................................................................................. 38

    ENABLING AND DISABLING AUTOMATIC LAUNCH


    Automatic launch of the application means that Kaspersky Internet Security launches after the operating system startup. This is the default start mode. To disable or enable automatic launch of the application: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the General Settings subsection. To disable automatic launch of the application, uncheck the Launch Kaspersky Internet Security at computer startup box in the Autorun section in the right part of the window. Check this box to enable automatic launch of the application.

    LAUNCHING AND CLOSING THE APPLICATION MANUALLY


    Kaspersky Lab specialists do not recommend that you stop Kaspersky Internet Security, because the protection of your computer and personal data will then be at risk. It is recommended that you temporarily pause the computer's protection, without closing the application. Kaspersky Internet Security should be started manually if you have disabled automatic launch of the application (see section "Enabling and disabling automatic launch" on page 38). To launch the application manually, in the Start menu, select Programs To exit the application, right-click to open the context menu of the application icon in the taskbar notification area and select Exit. In the Microsoft Windows 7 operating system the application icon is hidden by default, but you can display it to access the application more easily (see the operating system documentation). Kaspersky Internet Security 2012 Kaspersky Internet Security 2012.

    38

    MANAGING THE COMPUTER PROTECTION


    This section provides information about how to detect threats to the computer's security and how to configure the security level. Read this section to learn more about how to enable, disable, and pause the protection when using the application.

    IN THIS SECTION:
    Diagnostics and elimination of problems in your computer protection ............................................................................. 39 Enabling and disabling the protection ............................................................................................................................. 40 Pausing and resuming protection .................................................................................................................................... 41

    DIAGNOSTICS AND ELIMINATION OF PROBLEMS IN YOUR


    COMPUTER PROTECTION
    Problems with computer protection are indicated by the computer indicator located in the left part of the main application window (see section "The Kaspersky Internet Security main window" on page 33). The indicator is shaped as a monitor icon that changes color depending on the protection status of the computer: green means that the computer is protected, yellow indicates protection-related problems, red alerts of serious threats to the computer's security.

    Figure 8. Protection status indicator

    You are advised to fix the problems and security threats immediately.

    39

    USER GUIDE

    Clicking the indicator in the main application window opens the Security Problems window (see the figure below) containing detailed information about the status of computer protection and troubleshooting suggestions for the detected problems and threats.

    Figure 9. The Security Problems window

    Problems with the protection are grouped by categories. For each problem, actions are listed that you can use to solve the problem.

    ENABLING AND DISABLING THE PROTECTION


    By default, Kaspersky Internet Security is launched when the operating system loads and protects your computer until it is switched off. All protection components are running. You can fully or partially disable the protection provided by Kaspersky Internet Security. Kaspersky Lab specialists strongly recommend that you do not disable protection, since this may lead to an infection of your computer and data loss. It is recommended that you pause the protection for the required time interval (see section "Pausing and resuming protection" on page 41). The following signs indicate that the protection is paused or disabled: inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on page 31); a red security indicator in the upper part of the main application window.

    40

    MANAGING

    THE COMPUTER PROTECTION

    In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components does not affect the performance of virus scan tasks and Kaspersky Internet Security updates. You can enable or disable the protection or individual application components from the application settings window (see section "The application settings window" on page 36). To completely enable or disable protection: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the General Settings subsection. Uncheck the Enable protection box if you need to disable protection. Check this box if you need to enable protection.

    To disable or enable a protection component: 1. 2. Open the application settings window. In the left part of the window, in the Protection Center section, select the component that should be enabled or disabled. In the right part of the window, uncheck the Enable <component name> box if you need to disable this component. Check this box if you need to enable the component.

    3.

    PAUSING AND RESUMING PROTECTION


    Pausing protection means temporarily disabling all protection components for a period of time. The following signs indicate that the protection is paused or disabled: inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on page 31); a red security indicator in the upper part of the main application window. In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components does not affect the performance of virus scan tasks and Kaspersky Internet Security updates. If network connections were established at the moment protection was paused, a notification about the termination of such connections is displayed. When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can pause protection using the Kaspersky Gadget. To do this, you should assign the protection pausing function to a button of the gadget (see section "How to use the Kaspersky Gadget" on page 59). To pause the protection of your computer: 1. Open the Pause protection window using one of the following methods: select Pause protection from the context menu of the application icon (see section "The context menu" on page 32); click the button with the Pause protection icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems).

    41

    USER GUIDE

    2.

    In the Pause protection window, select the time interval after which protection should be resumed: Pause for the specified time protection will be enabled on expiration of the time interval selected from the dropdown list below. Pause until reboot protection will be enabled after the application is restarted or the operating system is rebooted (provided that automatic application launch is enabled (see section "Enabling and disabling automatic launch" on page 38)). Pause protection will be enabled when you decide to resume it (please see below).

    To resume computer protection, select Resume protection from the context menu of the application icon (see section "The context menu" on page 32). You can use this method to resume computer protection when the Pause option has been selected, or when you have selected Pause for the specified time or Pause until reboot.

    42

    SOLVING TYPICAL TASKS


    This section provides information about how to resolve the most common issues related to protection of the computer using the application.

    IN THIS SECTION:
    How to activate the application ........................................................................................................................................ 43 How to purchase or renew a license ............................................................................................................................... 44 What to do when application notifications appear ........................................................................................................... 45 How to update application databases and modules ........................................................................................................ 45 How to scan critical areas of your computer for viruses .................................................................................................. 46 How to scan a file, folder, disk, or another object for viruses .......................................................................................... 46 How to perform a full scan of your computer for viruses ................................................................................................. 48 How to scan your computer for vulnerabilities ................................................................................................................. 48 How to protect your personal data against theft .............................................................................................................. 48 What to do if you suspect an object is infected with a virus............................................................................................. 51 How to run an unknown application without doing any harm to the system .................................................................... 52 What to do with a large number of spam messages ....................................................................................................... 52 What to do if you suspect your computer is infected ....................................................................................................... 53 How to restore a file that has been deleted or disinfected by the application .................................................................. 54 How to create and use a Rescue Disk ............................................................................................................................ 54 How to view the report on the application's operation ..................................................................................................... 57 How to restore default application settings ...................................................................................................................... 58 How to transfer settings to Kaspersky Internet Security installed on another computer .................................................. 59 How to use the Kaspersky Gadget .................................................................................................................................. 59 How to know the reputation of an application .................................................................................................................. 61

    HOW TO ACTIVATE THE APPLICATION


    Activation is the procedure of activating a license that allows you to use a fully functional version of the application until the license expires. If you did not activate the application during installation, you can do so later. You will be reminded about the need to activate the application by Kaspersky Internet Security messages appearing in the taskbar notification area.

    43

    USER GUIDE

    To run the Kaspersky Internet Security activation wizard, perform one of the following: Click the Activate link in the Kaspersky Internet Security notice window that appears in the taskbar notification area. Click the Insert your activation code here link in the bottom part of the main application window. In the Manage License window that opens, click the Activate the application button. When working with the application activation wizard, you should specify values for a collection of settings.

    Step 1. Enter activation code


    Enter the activation code in the corresponding field and click the Next button.

    Step 2. Requesting activation


    If the activation request is sent successfully, the Wizard automatically proceeds to the next step.

    Step 3. Entry of registration data


    User registration is necessary for the user to be able to contact the Technical Support Service. Unregistered users receive only minimal support. Specify your registration data and click the Next button.

    Step 4. Activation
    If the application activation has been successful, the Wizard automatically proceeds to the next window.

    Step 5. Wizard completion


    This window displays information on the activation results: the type of license used and the license expiry date. Click the Finish button to close the Wizard.

    HOW TO PURCHASE OR RENEW A LICENSE


    If you have installed Kaspersky Internet Security without a license, you can purchase one after installation. When purchasing a license, you receive an activation code that you should use to activate the application (see section "How to activate the application" on page 43). When your license expires, you can renew it. You can purchase a new license before the validity period of your current activation code expires. To do this, you should add the new code as a reserve activation code. When the validity term of the current license expires, Kaspersky Internet Security will be automatically activated using the reserve activation code. To purchase a license: 1. 2. 3. Open the main application window. Click the Manage License link in the bottom part of the main window to open the Manage License window. In the window that opens, click the Buy activation code button. The eStore web page opens, where you can purchase a license.

    44

    SOLVING

    TYPICAL TASKS

    To add a reserve activation code: 1. 2. Open the main application window. Click the Manage License link in the bottom part of the main window to open the Manage License window. The Manage License window opens. 3. In the window that opens, in the New activation code section, click the Enter activation code button. The Application Activation Wizard opens. 4. Enter the activation code in the corresponding fields and click the Next button. Kaspersky Internet Security then sends the data to the activation server for verification. If the verification is successful, the Wizard automatically proceeds to the next step. 5. 6. Select New code and click the Next button. When you have finished with the Wizard, click the Finish button.

    WHAT TO DO WHEN APPLICATION NOTIFICATIONS APPEAR


    Notifications that appear in the taskbar notification area inform you of events occurring in the application's operation which require your attention. Depending on how critical the event is, you may receive the following types of notification: Critical notifications inform you of events that have a critical importance for the computer's security, such as detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and popup messages are red-colored. Important notifications inform you of events that are potentially important for the computer's security, such as detection of a potentially infected object or a suspicious activity in the system. Windows of important notifications and pop-up messages are yellow-colored. Information notifications inform you of events that do not have critical importance for the computer's security. Windows of information notifications and pop-up messages are green-colored. If such a notification is displayed on the screen, you should select one of the options suggested in it. The optimal option is the one recommended as the default by Kaspersky Lab experts.

    HOW TO UPDATE APPLICATION DATABASES


    AND MODULES
    By default, Kaspersky Internet Security automatically checks for updates on the Kaspersky Lab update servers. If the server stores a set of recent updates, Kaspersky Internet Security downloads and installs them in background mode. You can start updating Kaspersky Internet Security manually at any moment. To download updates from Kaspersky Lab servers, you should be connected to Internet. To start an update from the context menu, select Update from the context menu of the application icon. To start an update from the main application window: 1. 2. Open the main application window and select the Update section in the lower part of the window. In the Update window that opens, click the Run update button.

    45

    USER GUIDE

    HOW TO SCAN CRITICAL AREAS OF YOUR COMPUTER


    FOR VIRUSES
    Critical areas scan means scanning the following objects: objects loaded at the startup of the operating system; system memory; boot sectors of the disk; objects added by the user (see section "Creating a list of objects to scan" on page 67). You can start the scan of critical areas using one of the following methods: using a shortcut created earlier (see page 71). from the main application window (see section "The Kaspersky Internet Security main window" on page 33). To start the scan using a shortcut: 1. 2. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. Double-click the shortcut to start the scan.

    To start a scan from the main application window: 1. Open the main application window and select the Scan section in the lower part of the window.

    2.

    In the Scan window that opens, in the Critical Areas Scan section, click the

    button.

    HOW TO SCAN A FILE, FOLDER, DISK, OR ANOTHER


    OBJECT FOR VIRUSES
    You can use the following methods to scan an object for viruses: using the context menu for the object; from the main application window (see section "The Kaspersky Internet Security main window" on page 33); using the Kaspersky Internet Security Gadget (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). To start a virus scan task from the object context menu: 1. 2. Open Microsoft Windows Explorer and go to the folder which contains the object to be scanned. Right-click to open the context menu of the object (see the figure below) and select Scan for Viruses.

    46

    SOLVING

    TYPICAL TASKS

    The process and the outcome of the task will be displayed in the Task Manager window.

    Figure 10. The context menu of an object in Microsoft Windows

    To start scanning an object from the main application window: 1. 2. Open the main application window and select the Scan section in the lower part of the window. Specify the object to scan using one of the following methods: Click the specify link in the bottom right part of the window to open the Custom Scan window, and check the boxes next to folders and drives that you need to scan. If the window displays no object to be scanned: a. b. Click the Add button. In the Select object to scan window that opens, select an object to be scanned.

    Drag an object to scan into the dedicated area of the main window (see figure below). The progress of the task will be displayed in the Task Manager window.

    Figure 11. An area of the Scan window, into which you should drag an object to scan

    To scan an object for viruses using the gadget, drag the object to scan onto the gadget. The progress of the task will be displayed in the Task Manager window.

    47

    USER GUIDE

    HOW TO PERFORM A FULL SCAN OF YOUR COMPUTER


    FOR VIRUSES
    You can start a full scan for viruses using one of the following methods: using a shortcut created earlier (see page 71); from the main application window (see section "The Kaspersky Internet Security main window" on page 33). To start a full scan using a shortcut: 1. 2. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. Double-click the shortcut to start the scan.

    To start a full scan from the main application window: 1. Open the main application window and select the Scan section in the lower part of the window.

    2.

    In the Scan window that opens, in the Full Scan section, click the

    button.

    HOW TO SCAN YOUR COMPUTER FOR VULNERABILITIES


    Vulnerabilities are unprotected portions of software code which intruders may deliberately use for their purposes, for example, to copy data used in unprotected applications. Scanning your computer for vulnerabilities helps you to reveal any such weak points in your computer. You are advised to remove the detected vulnerabilities. You can use the following methods to scan the system for vulnerabilities: from the main application window (see section "The Kaspersky Internet Security main window" on page 33); using a shortcut created earlier (see page 71). To start the task using a shortcut: 1. 2. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. Double-click the shortcut to start scanning the system for vulnerabilities.

    To start the task from the main application window: 1. Open the main application window and select the Scan section in the lower part of the window.

    2.

    In the Scan window that opens, in the Vulnerability Scan section, click the

    button.

    HOW TO PROTECT YOUR PERSONAL DATA AGAINST THEFT


    With Kaspersky Internet Security, you can protect your personal data against theft; this includes data such as: passwords, usernames, and other registration data; account numbers and bank card numbers.

    48

    SOLVING

    TYPICAL TASKS

    Kaspersky Internet Security comprises the following components and tools that help you protect your private data: Anti-Phishing. Protects against data thefts involving the phishing. Virtual Keyboard. Prevents interception of data entered at the keyboard. Parental Control (see page 143). Restricts sending of private data over the Internet.

    IN THIS SECTION:
    Protection against phishing ............................................................................................................................................. 49 Protection against data interception at the keyboard ...................................................................................................... 50 Protection of confidential data entered on websites ........................................................................................................ 51

    PROTECTION AGAINST PHISHING


    Protection against phishing is ensured by Anti-Phishing, implemented in the Web Anti-Virus, Anti-Spam, and IM AntiVirus components. Kaspersky Lab recommends that you enable the checking for phishing for all protection components. To enable protection against phishing when Web Anti-Virus is running: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. In the window that opens, on the General tab, in the Kaspersky URL Advisor section, check the Check web pages for phishing box.

    To enable protection against phishing when IM Anti-Virus is running: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component. In the right part of the window, in the Scan methods section, check the Check if URLs are listed in the database of phishing URLs box.

    To enable protection against phishing when Anti-Spam is running: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. In the window that opens, on the Exact methods tab, in the Consider message as spam section, check the If it contains phishing elements box.

    49

    USER GUIDE

    PROTECTION AGAINST DATA INTERCEPTION AT THE KEYBOARD


    When working on the Internet, you frequently need to enter your personal data or your username and password. This happens, for example, during account registration on web sites, web shopping or Internet banking. There is a risk that this personal information can be intercepted using hardware keyboard interceptors or keyloggers, which are programs that register keystrokes. The Virtual Keyboard tool prevents the interception of data entered via the keyboard. The Virtual Keyboard cannot protect your personal data if the website requiring the entry of such data has been hacked, because in this case the information is obtained directly by the intruders. Many of the applications classified as spyware have the function of making screenshots which are then transmitted to an intruder for further analysis and extraction of the user's personal data. The Virtual Keyboard prevents the personal data being entered, from being intercepted through the use of screenshots. The Virtual Keyboard only prevents the interception of personal data when working with Microsoft Internet Explorer, Mozilla Firefox and Google Chrome browsers. The Virtual Keyboard has the following features: You can click the Virtual Keyboard buttons using the mouse. Unlike with real keyboards, there is no way to click several keys simultaneously on a Virtual Keyboard. Therefore, to use combinations of keys (e.g., ALT+F4), you have to click the first key (e.g., ALT), then the next key (e.g., F4), and then click the first key again. The second click of the key acts in the same way as the key release on a real keyboard. Input language for the Virtual Keyboard is toggled using the key combination CTRL+SHIFT (the SHIFT key should be clicked using the right mouse button) or CTRL+LEFT ALT (the LEFT ALT key should be clicked using the right mouse button), depending upon the specified settings. You can open the Virtual Keyboard in the following ways: from the context menu of the application icon; from the main application window; from the Microsoft Internet Explorer, Mozilla Firefox or Google Chrome browser windows; using keyboard shortcuts. To open the Virtual Keyboard from the context menu of the application icon, select Tools Virtual Keyboard from the context menu of the application icon.

    To open the Virtual Keyboard from the main application window, in the lower part of the main application window select Virtual Keyboard. To open the Virtual Keyboard from the browser window, click the Chrome. Virtual Keyboard button in the toolbar of Microsoft Internet Explorer, Mozilla Firefox, or Google

    To open the Virtual Keyboard using the computer keyboard, press the CTRL+ALT+SHIFT+P shortcut.

    50

    SOLVING

    TYPICAL TASKS

    PROTECTION OF CONFIDENTIAL DATA ENTERED ON WEBSITES


    To protect confidential data entered on websites (for example, bank card numbers, passwords to access online banking services), Kaspersky Internet Security prompts you to open such websites in Safe Run for Websites. You can enable access control for online banking services (see section "Controlling access to online banking services" on page 94) to determine banking websites automatically and also start Safe Run for Websites manually. Safe Run for Websites can be started in the following ways: from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" on page 33); using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141). To start Safe Run for Websites from the main Kaspersky Internet Security window: 1. 2. 3. Open the main application window. In the bottom part of the window, select the Safe Run for Websites section. In the window that opens, click the Start Safe Run for Websites button.

    WHAT TO DO IF YOU SUSPECT AN OBJECT IS INFECTED


    WITH A VIRUS
    If you suspect an object is infected, scan it using Kaspersky Internet Security (see section "How to scan a file, folder, disk, or another object for viruses" on page 46). If the application scans an object and then considers it as not infected although you suspect the contrary, you can perform any of the following actions: Move the object to Quarantine. Objects moved to Quarantine do not pose any threat to your computer. After the databases are updated, Kaspersky Internet Security may be able to clearly identify and remove the threat. Send the object to the Virus Lab. Virus Lab specialists scan the object. If it turns out to be infected with a virus, they add the description of the new virus into the databases that will be downloaded by the application with an update (see section "How to update application databases and modules" on page 45). You can move a file to Quarantine using one of two methods: by clicking the Move to Quarantine button in the Quarantine window; using the context menu for the file. To move a file to Quarantine from the Quarantine window: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Quarantine tab click the Move to Quarantine button. In the window that opens, select the file that you want to move to Quarantine.

    51

    USER GUIDE

    To move a file to Quarantine using the context menu: 1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to Quarantine. Right-click to open the context menu of the file and select Move to Quarantine.

    2.

    To send a file to the Virus Lab: 1. 2. Go to the Virus Lab request page (http://support.kaspersky.com/virlab/helpdesk.html). Follow the instructions on this page to send your request.

    HOW TO RUN AN UNKNOWN APPLICATION


    WITHOUT DOING ANY HARM TO THE SYSTEM
    When the safety of any application raises doubts, it can be executed in Safe Run. Safe Run is isolated from the main operating system of the computer. In Safe Run, real operating system files do not undergo changes. Thus, if you launch an infected application in Safe Run, its actions will not affect the operating system of the computer. You can start Safe Run as a separate desktop (see page 138) or run an application in Safe Run on the main desktop. Applications started in Safe Run are marked with a green frame around the application window and have a safe run indicator in the list of applications monitored by Application Control (see section "Application Control" on page 101). After the application is closed, all changes made by this application will be discarded automatically. To run an application in the safe environment from the Microsoft Windows context menu, right-click to open the context menu for the selected object (application shortcut or executable file) and select Safe Run.

    WHAT TO DO WITH A LARGE NUMBER OF SPAM MESSAGES


    If you receive large amounts of unwanted messages (spam), enable the Anti-Spam component and set the recommended security level for it. To enable Anti-Spam and set the recommended security level: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. In the right part of the window, check the Enable Anti-Spam box. Make sure that the Recommended security level is set in the Security level section. If the security level is set to Low or Custom, click the Default level button. The security level will automatically be set to Recommended.

    52

    SOLVING

    TYPICAL TASKS

    WHAT TO DO IF YOU SUSPECT YOUR COMPUTER IS


    INFECTED
    If you suspect your operating system of being corrupted due to malware activity or system failures, use Microsoft Windows Troubleshooting, which removes any traces of malicious objects from the system. Kaspersky Lab recommends that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by infections have been fixed. Microsoft Windows Troubleshooting checks the system for modifications and faults (such as modifications of file extensions, blockage of the network environment and control panel). Modifications and faults may be caused by malware activity, an improper system configuration, system failures, or incorrect operation of system optimization applications. After the review is complete, the Wizard analyzes the information to evaluate whether there is system damage which requires immediate attention. Based on the review, a list of actions necessary to eliminate the problems is generated. The Wizard groups these actions by category based on the severity of the problems detected. To start the System Restore Wizard: 1. 2. 3. Open the main application window (see page 33). In the lower part of the window, select the Tools section. In the window that opens, in the Microsoft Windows Troubleshooting section, click the Start button. The Microsoft Windows Troubleshooting window opens. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button.

    Step 1. Starting system restoration


    Make sure that the Wizard option to Search for problems caused by malware activity is selected and click the Next button.

    Step 2. Problems search


    The Wizard will search for problems and damage which should be fixed. Once the search is complete, the Wizard will proceed automatically to the next step.

    Step 3. Selecting troubleshooting actions


    All damage found during the previous step is grouped on the basis of the type of danger it poses. For each damage group, Kaspersky Lab recommends a sequence of actions to repair the damage. There are three groups of actions: Strongly recommended actions eliminate problems posing a serious security threat. You are advised to perform all actions in this group. Recommended actions eliminate problems presenting a potential threat. You are also advised to perform all actions in this group. Additional actions repair system damage which does not pose a current threat, but may pose a danger to the computer's security in the future. To view the actions within a group, click the + icon to the left of the group name.

    53

    USER GUIDE

    To make the Wizard perform a certain action, check the box to the left of the corresponding action description. By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to perform a certain action, uncheck the box next to it. It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your computer vulnerable to threats. Having defined the set of actions which the Wizard will perform, click the Next button.

    Step 4. Eliminating problems


    The Wizard will perform the actions selected during the previous step. The elimination of problems may take some time. Once the troubleshooting is complete, the Wizard will automatically proceed to the next step.

    Step 5. Wizard completion


    Click the Finish button to close the Wizard.

    HOW TO RESTORE A FILE THAT HAS BEEN DELETED


    OR DISINFECTED BY THE APPLICATION
    Kaspersky Lab recommends that you avoid restoring deleted and disinfected files, as they may pose a threat to your computer. If you want to restore a deleted or disinfected file, you can use a backup copy of it which was created by the application during the scan. To restore a file that has been deleted or disinfected by the application: 1. 2. 3. Open the main application window. In the lower part of the window, select the Quarantine section. On the Storage tab, select the required file from the list and click the Restore button.

    HOW TO CREATE AND USE A RESCUE DISK


    After you install Kaspersky Internet Security and perform the first scan of your computer, it is recommended that you create the Rescue Disk. The Rescue Disk is an application named Kaspersky Rescue Disk and recorded on a removable medium (CD or USB flash drive). You will then be able to use Kaspersky Rescue Disk for scanning and disinfecting infected computers that cannot be disinfected using other methods (e.g., with anti-virus applications).

    IN THIS SECTION:
    Creating a Rescue Disk................................................................................................................................................... 55 Starting the computer from the Rescue Disk ................................................................................................................... 57

    54

    SOLVING

    TYPICAL TASKS

    CREATING A RESCUE DISK


    Creating a Rescue Disk consists in creating a disk image (ISO file) with the up-to-date version of Kaspersky Rescue Disk, and writing it on a removable medium. You can download the original disk image from the Kaspersky Lab server or copy it from a local source. The Rescue Disk is created using the Kaspersky Rescue Disk Creation Wizard. The rescuecd.iso file created by the Wizard is saved on your computer's hard drive: in Microsoft Windows XP in the following folder: Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Data\Rdisk\; in Microsoft Windows Vista and Microsoft Windows 7 operating systems in the following folder: ProgramData\Kaspersky Lab\AVP12\Data\Rdisk\. To create a Rescue Disk: 1. 2. 3. Open the main application window. In the lower part of the window, select the Tools section. In the window that opens, in the Kaspersky Rescue Disk section, click the Create button. The Kaspersky Rescue Disk Creation Wizard window opens. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button. Let us review the steps of the Wizard in more detail.

    Step 1. Starting the Wizard. Searching for an existing disk image


    The first window of the Wizard contains information about Kaspersky Rescue Disk. If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder (see above), the Use existing ISO image box will be displayed in the first window of the Wizard. Check the box to use the detected file as the original ISO image and go directly to the Updating disk image step (see below). Uncheck this box if you do not want to use the disk image that was detected. The Wizard will proceed to the Select disk image source window.

    Step 2. Selecting a disk image source


    If you have checked the Use existing ISO image box in the first Wizard window, then this step will be skipped. At this step, you should select a disk image source from the options suggested: If you already have a recorded copy of the Rescue Disk or an ISO image saved on your computer or on a local network resource, select Copy ISO image from local or network drive. If you have no ISO image file created for the Rescue Disk, and you want to download one from the Kaspersky Lab server (file size is about 175 MB), select Download ISO image from Kaspersky Lab server.

    55

    USER GUIDE

    Step 3. Copying (downloading) the disk image


    If you have checked the Use existing ISO image box in the first Wizard window, then this step will be skipped. If you have selected Copy ISO image from local or network drive at the previous step, click the Browse button. After you have specified the path to the file, click the Next button. The progress of copying the disk image is displayed in the Wizard window. If you have selected Download ISO image from Kaspersky Lab server at the previous step, the progress of downloading the disk image is displayed immediately. When copying or downloading of the ISO image is complete, the Wizard automatically proceeds to the next step.

    Step 4. Updating the ISO image file


    The updating procedure for the ISO image file comprises the following operations: updating anti-virus databases; updating configuration files. Configuration files determine whether the computer can be booted from a removable medium (such as a CD / DVD or a USB flash drive with Kaspersky Rescue Disk) created by the Wizard. When updating anti-virus databases, those distributed at the last update of Kaspersky Internet Security are used. If databases are out of date, it is recommended that you run the update task and launch the Kaspersky Rescue Disk Creation Wizard again. To begin updating the ISO file, click the Next button. The update's progress will be displayed in the Wizard window.

    Step 5. Recording the disk image on a medium


    At this step, the Wizard informs you of a successful creation of a disk image and offers you to record it on a medium. Specify a data medium for recording Kaspersky Rescue Disk: To record the disk image on a CD / DVD, select Record to CD / DVD and specify a medium, on which you want to record the disk image. To record the disk image on a USB flash drive, select Record to USB flash drive and specify a device, on which you want to record the disk image. Kaspersky Lab recommends that you do not record the ISO image on devices which are not designed specifically for data storage, such as smartphones, cellphones, PDAs, and MP3 players. Recording ISO images on these devices may lead to their functioning incorrectly in the future. To record the disk image on the hard drive of your computer or on the hard drive of another one that you can access via a network, select Save the disk image to file on local or network drive and specify a folder, in which you want to record the disk image, and the name of the ISO file.

    56

    SOLVING

    TYPICAL TASKS

    Step 6. Wizard completion


    To close the Wizard once it has completed its task, click the Finish button. You can use the newly created Rescue Disk to boot the computer (see page 57) if you cannot boot it and run Kaspersky Internet Security in normal mode due to an impact caused by viruses or malware.

    STARTING THE COMPUTER FROM THE RESCUE DISK


    If the operating system cannot be booted as a result of a virus attack, use the Rescue Disk. To boot the operating system, you should use a CD / DVD or a USB flash drive with Kaspersky Rescue Disk copied on it (see section "Creating a Rescue Disk" on page 55). Booting a computer from a removable media is not always possible. In particular, this mode is not supported by some obsolete computer models. Before shutting down your computer for subsequent booting from a removable media, make sure that this operation can be performed. To boot your computer from the Rescue Disk: 1. In the BIOS settings, enable booting from a CD / DVD or a USB device (for detailed information, please refer to the documentation for your computer's motherboard). Insert a CD / DVD into the CD / DVD drive of an infected computer or connect a USB flash device with Kaspersky Rescue Disk copied on it. Restart your computer.

    2.

    3.

    For detailed information about the use of the Rescue Disk, please refer to the Kaspersky Rescue Disk User Guide.

    HOW TO VIEW THE REPORT ON THE APPLICATION'S


    OPERATION
    Kaspersky Internet Security creates operation reports for each component. Using a report, you can obtain statistical information about the application's operation (for example, learn how many malicious objects have been detected and neutralized for a specified time period, how many times the application has been updated for the same period, how many spam messages have been detected and much more). When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can open reports using the Kaspersky Gadget. To do this, the Kaspersky Gadget should be configured so that the option of opening the reports window is assigned to one of its buttons (see section "How to use the Kaspersky Gadget" on page 59). To view the application operation report: 1. Open the Reports window using any of the following methods: click the Reports link in the top part of the main application window; click the button with the Reports icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). The Reports window displays reports on the application's operation represented as diagrams. 2. If you want to view a detailed application operation report (for example, a report on the operation of each component), click the Detailed report button in the bottom part of the Report window. The Detailed report window will open, where data are represented in a table. For convenient viewing of reports, you can select various entry sorting options.

    57

    USER GUIDE

    HOW TO RESTORE DEFAULT APPLICATION SETTINGS


    You can restore the default application settings recommended by Kaspersky Lab for Kaspersky Internet Security, at any time. The settings can be restored using the Application Configuration Wizard. When the Wizard completes its operation, the Recommended security level is set for all protection components. When restoring the recommended security level, you can save the previously specified values for some of the settings of application components. To restore the default settings of the application: 1. 2. Open the application settings window. Run the Application Configuration Wizard using one of the following methods: click the Restore link in the bottom part of the window; in the left part of the window, select the Manage Settings subsection in the Advanced Settings section and click the Restore button in the Restore default settings section. Let us review the steps of the Wizard in more detail.

    Step 1. Starting the Wizard


    Click the Next button to proceed with the Wizard.

    Step 2. Restore settings


    This Wizard window shows which Kaspersky Internet Security protection components have settings that differ from the default value because they were either changed by the user or accumulated by Kaspersky Internet Security through training (Firewall or Anti-Spam). If special settings have been created for any of the components, they will also be shown in this window. Special settings include lists of allowed and blocked phrases and addresses used by Anti-Spam, lists of trusted web addresses and ISP phone numbers, protection exclusion rules created for application components, and filtering rules applied by Firewall to packets and applications. The special settings are created when working with Kaspersky Internet Security with regard for individual tasks and security requirements. Kaspersky Lab recommends that you save your special settings when restoring the default application settings. Check the boxes for the settings that you want to save and click the Next button.

    Step 3. System analysis


    At this stage, information about Microsoft Windows applications is collected. These applications are added to the list of trusted applications which have no restrictions imposed on the actions they perform in the system. Once the analysis is complete, the Wizard will automatically proceed to the next step.

    Step 4. Finishing restoration


    To close the Wizard once it has completed its task, click the Finish button.

    58

    SOLVING

    TYPICAL TASKS

    HOW TO TRANSFER SETTINGS TO KASPERSKY INTERNET SECURITY INSTALLED ON ANOTHER COMPUTER


    Once you have configured the product, you can apply its settings to Kaspersky Internet Security installed on another computer. Consequently, the application will be configured identically on both computers. This is a helpful feature when, for example, Kaspersky Internet Security is installed on your home computer and in your office. The application settings are stored in a special configuration file that you can transfer to another computer. The settings of Kaspersky Internet Security can be transferred to another computer in three steps: 1. 2. 3. Saving the application settings in a configuration file. Transferring a configuration file to another computer (for example, by email or on a removable medium). Applying settings from a configuration file to the application installed on another computer.

    To export the current settings of Kaspersky Internet Security: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Manage Settings subsection. Click the Save button in the right part of the window. In the window that opens, enter the name of the configuration file and the path where it should be saved. Click the OK button.

    To import the application's settings from a saved configuration file: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Manage Settings subsection. Click the Load button in the right part of the window. In the window that opens, select the file from which you wish to import the Kaspersky Internet Security settings. Click the OK button.

    HOW TO USE THE KASPERSKY GADGET


    When using Kaspersky Internet Security on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can also use the Kaspersky Gadget (hereinafter the gadget). After you install Kaspersky Internet Security on a computer running under Microsoft Windows 7, the gadget appears on your desktop automatically. After you install the application on a computer running under Microsoft Windows Vista, you should add the gadget to the Microsoft Windows Sidebar manually (see the operating system documentation). The Gadget color indicator displays your computer's protection status in the same manner as the indicator in the main application window (see section "Diagnostics and elimination of problems in your computer protection" on page 39). Green indicates that your computer is duly protected, while yellow indicates that there are protection problems, and red indicates that your computer's security is at serious risk. Gray indicates that the application is stopped. While updating the application databases and software modules, a revolving globe-shaped icon is displayed in the center part of the gadget.

    59

    USER GUIDE

    You can use the gadget to perform the following actions: resume the application if it has been paused earlier; open the main application window; scan specified objects for viruses; open the news window. Also, you can configure the buttons of the gadget so that they could initiate additional actions: run an update; edit the application settings; view application reports; switch to Safe Run (for 32-bit operating systems only); view Parental Control reports; view information about network activity (Network Monitor) and applications' activity; pause the protection; open the Virtual Keyboard; open the Task Manager window. To start the application using the gadget, click the Enable icon located in the center of the gadget.

    To open the main application window using the gadget, click the monitor icon in the center area of the gadget. To scan an object for viruses using the gadget, drag the object to scan onto the gadget. The progress of the task will be displayed in the Task Manager window. To open the news window using the gadget, click the icon , which is displayed in the center of the gadget when news is released.

    To configure the gadget: 1. Open the gadget settings window by clicking the block if you position the cursor over it. icon that appears in the upper right corner of the gadget

    2.

    In the dropdown lists corresponding to gadget buttons, select actions that should be performed when you click those buttons. Click the OK button.

    3.

    60

    SOLVING

    TYPICAL TASKS

    HOW TO KNOW THE REPUTATION OF AN APPLICATION


    Kaspersky Internet Security allows you to learn the reputation of applications from users all over the world. Reputation of an application comprises the following criteria: name of the vendor; information about the digital signature (available if a digital signature exists); information about the group, in which the application has been included by Application Control or a majority of users of Kaspersky Security Network; number of users of Kaspersky Security Network that use the application (available if the application has been included in the Trusted group in Kaspersky Security Network database); time, at which the application has become known in Kaspersky Security Network; countries, in which the application is the most widespread. To verify the reputation of an application, you should agree to participate in Kaspersky Security Network (see page 175) when installing Kaspersky Internet Security. To know the reputation of an application, open the context menu of the executable file of the application and select Check reputation in KSN.

    SEE ALSO:
    Kaspersky Security Network ......................................................................................................................................... 174

    61

    ADVANCED APPLICATION SETTINGS


    This section provides detailed information about how to configure each of the application components.

    IN THIS SECTION:
    General protection settings ............................................................................................................................................. 63 Scan ................................................................................................................................................................................ 64 Update............................................................................................................................................................................. 72 File Anti-Virus .................................................................................................................................................................. 77 Mail Anti-Virus ................................................................................................................................................................. 83 Web Anti-Virus ................................................................................................................................................................ 88 IM Anti-Virus.................................................................................................................................................................... 95 Proactive Defense ........................................................................................................................................................... 97 System Watcher .............................................................................................................................................................. 99 Application Control ........................................................................................................................................................ 101 Network protection ........................................................................................................................................................ 109 Anti-Spam ..................................................................................................................................................................... 120 Anti-Banner ................................................................................................................................................................... 135 Safe Run for Applications and Safe Run for Websites .................................................................................................. 137 Parental Control ............................................................................................................................................................ 143 Trusted zone ................................................................................................................................................................. 154 Performance and compatibility with other applications .................................................................................................. 155 Kaspersky Internet Security self-defense ...................................................................................................................... 159 Quarantine and Backup................................................................................................................................................. 160 Additional tools for better protection of your computer .................................................................................................. 163 Reports.......................................................................................................................................................................... 167 Application appearance. Managing active interface elements ....................................................................................... 171 Notifications................................................................................................................................................................... 172 Kaspersky Security Network ......................................................................................................................................... 174

    62

    ADVANCED

    APPLICATION SETTINGS

    GENERAL PROTECTION SETTINGS


    In the application settings window, in the General Settings subsection of the Protection Center section, you can: disable all protection components (see section "Enabling and disabling protection" on page 40); select the interactive or automatic protection mode (see section "Selecting a protection mode" on page 64); restrict users' access to the application by setting a password (see section "Restricting access to Kaspersky Internet Security" on page 63); disable or enable automatic launching of the application at operating system startup (see section "Enabling and disabling automatic launch" on page 38); enable a custom key combination for displaying the virtual keyboard on the screen (see section "Protection against data interception at the keyboard" on page 50).

    IN THIS SECTION:
    Restricting access to Kaspersky Internet Security .......................................................................................................... 63 Selecting a protection mode ............................................................................................................................................ 64

    RESTRICTING ACCESS TO KASPERSKY INTERNET SECURITY


    A computer may be used by several users with various levels of computer literacy. Unrestricted user access to Kaspersky Internet Security and its settings may lead to a reduced level of computer protection. To restrict access to the application, you can set a password and specify which actions should require the password to be entered: changing application settings; enabling and configuring Parental Control; closing the application; removing the application. Be careful when using a password to restrict access to application removal. If you forget the password, the application will be difficult to remove from your computer. To restrict access to Kaspersky Internet Security with a password: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the General Settings subsection. In the right part of the window, in the Password protection section, check the Enable password protection box and click the Settings button. In the Password protection window that opens, enter the password and specify the area to be covered by the access restriction.

    4.

    63

    USER GUIDE

    SELECTING A PROTECTION MODE


    By default, Kaspersky Internet Security runs in automatic protection mode. In this mode the application automatically applies actions recommended by Kaspersky Lab in response to dangerous events. If you wish Kaspersky Internet Security to notify you of all hazardous and suspicious events in the system and to allow you to decide which of the actions offered by the application should be applied, you can enable the interactive protection mode. To select a protection mode: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the General Settings subsection. In the Interactive protection section, check or uncheck the boxes depending on your choice of protection mode: to enable the interactive protection mode, uncheck the Select action automatically box; to enable automatic protection mode, check the Select action automatically box. If you do not want Kaspersky Internet Security to delete suspicious objects when running in automatic mode, check the Do not delete suspicious objects box.

    SCAN
    Scanning the computer for vulnerabilities, viruses and other riskware is one of the most important tasks when ensuring the computer's security. It is necessary to regularly scan your computer for viruses and other riskware in order to rule out the possibility of spreading malicious programs that have not been detected by protection components, for example, due to a low security level set, or for other reasons. The vulnerability scan performs diagnostics of operating system safety and detects software features that could be used by intruders to spread malicious objects and obtain access to personal information. This section contains information about scan task features and configuration, security levels, scan methods, and scan technologies.

    IN THIS SECTION:
    Virus scan ....................................................................................................................................................................... 64 Vulnerability Scan ........................................................................................................................................................... 72 Managing scan tasks. Task Manager .............................................................................................................................. 72

    VIRUS SCAN
    To detect viruses and other riskware, Kaspersky Internet Security comprises the following tasks: Full Scan. Scan of the entire system. By default, Kaspersky Internet Security scans the following objects: system memory; objects loaded on operating system startup;

    64

    ADVANCED

    APPLICATION SETTINGS

    system backup; email databases; removable storage media, hard and network drives. Critical Areas Scan. By default, Kaspersky Internet Security scans objects loaded at the startup of the operating system. Custom Scan. Kaspersky Internet Security scans objects selected by the user. You can scan any object from the list below: system memory; objects loaded on operating system startup; system backup; email databases; removable storage media, hard and network drives; any file or folder that you have selected. The Full Scan and the Critical Areas Scan tasks have their peculiarities. For these tasks, it is not recommended that you edit the lists of objects to scan. Each scan task is performed in a specified area and can be started according to a previously created schedule. Each scan task is also characterized by a security level (a combination of settings that impact the depth of the scan). By default, the signature mode (the one using records from application databases to search for threats) is always enabled. You can also apply various scan methods and technologies. After the full scan task or the critical areas scan task is started, the scan run progress is displayed in the Scan window, in the section with the name of the task running, and in the Task Manager (see section "Managing scan tasks. Task Manager" on page 72). If a threat is detected, Kaspersky Internet Security assigns one of the following statuses to the found object: Malicious program (such as a virus or Trojan). Potentially infected (suspicious) status if the scan cannot determine whether the object is infected or not. The file may contain a sequence of code characteristic of viruses, or modified code from a known virus. The application displays a notification (see page 172) about the detected threat and performs the prescribed action. You can change the actions to be taken when a threat is detected. If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects are detected, Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists. For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects Move to Quarantine. If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on page 64), the application displays a notification on the screen that you can use to select the required action the list of available ones. Before attempting to disinfect or delete an infected object, Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable automatic scanning of quarantined objects after each update. Information on the scan results and events which have occurred during the execution of the task is logged in a Kaspersky Internet Security report (see page 167).

    65

    USER GUIDE

    IN THIS SECTION:
    Changing and restoring the security level ....................................................................................................................... 66 Creating the scan startup schedule ................................................................................................................................. 67 Creating a list of objects to scan ..................................................................................................................................... 67 Selecting a scan method ................................................................................................................................................. 68 Selecting scan technology............................................................................................................................................... 68 Changing the actions to be performed when a threat is detected ................................................................................... 69 Running a scan under a different user account ............................................................................................................... 69 Changing the type of objects to scan .............................................................................................................................. 69 Scanning of compound files ............................................................................................................................................ 70 Scan optimization ............................................................................................................................................................ 70 Scanning removable drives on connection ...................................................................................................................... 71 Creating a task shortcut .................................................................................................................................................. 71

    CHANGING AND RESTORING THE SECURITY LEVEL


    Depending on your current needs, you can select one of the preset security levels or modify the scan settings manually. When configuring scan task settings, you can always restore the recommended ones. These settings are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To change the established security level: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, set the desired security level for the task selected, or click the Settings button to modify scan settings manually. If you modify the settings manually, the name of the security level will change to Custom. To restore the default scan settings: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Default level button for the task selected.

    3.

    3.

    66

    ADVANCED

    APPLICATION SETTINGS

    CREATING THE SCAN STARTUP SCHEDULE


    You can create a schedule to automatically start virus scan tasks: specify task run frequency, start time (if necessary), and advanced settings. If it is not possible to start the task for any reason (for example, the computer was not on at that time), you can configure the skipped task to start automatically as soon as it becomes possible. You can automatically pause the scan when a screensaver is inactive or the computer is unlocked. This functionality postpones launching the task until the user has finished working on the computer. The scan will then not take up system resources during work. The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start automatic updates when your computer is idle. To modify the schedule for scan tasks: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Vulnerability Scan). Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab, in the Schedule section, select By schedule and configure the scan run mode by specifying required values for the Frequency setting.

    3. 4.

    To enable automatic launching of a skipped task: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan or Vulnerability Scan). Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the Schedule section, select By schedule and check the Run skipped tasks box.

    3. 4.

    To launch scans only when the computer is not being used: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Vulnerability Scan). Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab, in the Schedule section, select By schedule and check the Run scheduled scan when screensaver is active or computer is locked box.

    3. 4.

    CREATING A LIST OF OBJECTS TO SCAN


    Each virus scan task has its own default list of objects. These objects may include items in the computer's file system, such as logical drives and email databases, or other types of objects, such as network drives. You can edit this list. If the scan scope is empty, or it contains no selected objects, a scan task cannot be started.

    67

    USER GUIDE

    To create a list of objects for a custom scan task: 1. 2. 3. 4. 5. Open the main application window. In the bottom part of the window, select the Scan section. In the bottom part of the window that opens, click the specify link to open a list of objects to be scanned. In the Custom Scan window that opens, click the Add button. In the Select object to scan window that opens, select the desired object and click the Add button. Click the OK button after you have added all the objects you need. To exclude any objects from the list of objects to be scanned, uncheck the boxes next to them. You can also drag files to be scanned directly into a marked area located in the Scan section. To create a list of objects for Full Scan, Critical Areas Scan or Vulnerability Scan tasks: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired scan task (Full Scan, Critical Areas Scan, or Vulnerability Scan). In the right part of the window, click the Scan scope button. In the Scan scope window that opens, use the Add, Edit, and Delete buttons to create a list. To exclude any objects from the list of objects to be scanned, uncheck the boxes next to them. Objects which appear in the list by default cannot be edited or deleted.

    3. 4.

    SELECTING A SCAN METHOD


    During a virus scan, signature analysis is always used: Kaspersky Internet Security compares the object found with the database records. You can use additional scan methods to increase scan efficiency: heuristic analysis (analysis of the actions an object performs within the system) and rootkit scan (a scan for tools that can hide malicious programs in your operating system). To select which scan method to use: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Additional tab in the Scan methods section, select the desired scan methods.

    3. 4.

    SELECTING SCAN TECHNOLOGY


    In addition to the scan methods you can use special object scan technologies which allow you to increase virus scan speed by excluding the files that have not been modified since they were last scanned.

    68

    ADVANCED

    APPLICATION SETTINGS

    To specify the object scan technologies: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values.

    3. 4.

    CHANGING THE ACTIONS TO BE PERFORMED WHEN A THREAT IS DETECTED


    If infected objects are detected, the application performs the selected action. To change the action that should be performed when a threat is detected: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the right part of the window, select the desired option in the Action on threat detection section.

    3.

    RUNNING A SCAN UNDER A DIFFERENT USER ACCOUNT


    By default, the scan tasks are run under your system account. However, you may need to run a task under a different user account. You can specify an account to be used by the application when performing a scan task. To start a scan under a different user's account: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Vulnerability Scan). Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the User account section, check the Run task as box. Specify the user name and password.

    3. 4.

    CHANGING THE TYPE OF OBJECTS TO SCAN


    When specifying the type of objects to scan, you establish which file formats will be scanned for viruses when the selected scan task runs. When selecting file types, please remember the following: The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation is quite low. However, there are formats that contain or may contain an executable code (such as EXE, DLL, DOC). The risk of penetration and activation of malicious code in such files is quite high. An intruder can send a virus to your computer in an executable file renamed as a TXT file. If you have selected scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the file header and reveal that the file is an EXE file. Such a file would be thoroughly scanned for viruses.

    69

    USER GUIDE

    To change the type of objects to be scanned: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the File types section, select the desired option.

    3. 4.

    SCANNING OF COMPOUND FILES


    A common method of concealing viruses is to embed them into compound files: archives, installation packages, embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be unpacked, which can significantly decrease scanning speed. For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed files only mode (see page 70), the links for choosing whether to scan all or only new files will not be available. You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will not be scanned. When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box is checked. To modify the list of compound files to be scanned: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan of compound files section, select the desired types of compound files to be scanned.

    3. 4.

    To set the maximum size of compound files to be scanned: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan of compound files section, click the Additional button. In the Compound files window that opens, check the Do not unpack large compound files box and specify the maximum file size.

    3. 4.

    5.

    SCAN OPTIMIZATION
    You can shorten the scan time and speed up Kaspersky Internet Security. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. This mode applies both to simple and compound files.

    70

    ADVANCED

    APPLICATION SETTINGS

    You can also set a restriction on scan duration for any one object. When the specified time interval expires, the object will be excluded from the current scan (except for archives and files comprised of several objects). To scan only new and changed files: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan optimization section, check the Scan only new and changed files box.

    3. 4.

    To set a restriction on scan duration: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan optimization section, check the Skip objects scanned longer than box and specify the scan duration for a single file.

    3. 4.

    SCANNING REMOVABLE DRIVES ON CONNECTION


    Nowadays, malicious objects which use operating systems' vulnerabilities to replicate via networks and removable media have become increasingly widespread. Kaspersky Internet Security allows you to scan removable drives when connecting them to the computer. To configure scanning of removable media on connection: 1. 2. 3. Open the application settings window. In the left part of the window, in the Scan section, select General Settings. In the Scan removable drives on connection section, select the action and define the maximum size of a drive to be scanned in the field below, if necessary.

    CREATING A TASK SHORTCUT


    The application provides the option of creating shortcuts for the full, quick, and vulnerability scan tasks. This allows you to start the required scan without opening the main application window or a context menu. To create a shortcut to start a scan: 1. 2. 3. Open the application settings window. In the left part of the window, in the Scan section, select General Settings. In the right part of the window, in the Scan tasks quick run section, click the Create shortcut button next to the name of the desired task (Critical Areas Scan, Full Scan, or Vulnerability Scan). Specify the path for saving the shortcut and its name in the window that opens. By default, the shortcut is created with the name of the task in the My Computer folder of the current computer user.

    4.

    71

    USER GUIDE

    VULNERABILITY SCAN
    Vulnerabilities may appear in the operating system, for example, due to programming errors, insecure passwords, or actions of malicious programs. When performing the vulnerability scan, the application refers to various security procedures, for example, examining the system, analyzing the settings of the operating system and the browser, and searching for vulnerable services. The diagnostics may take some time. When it is complete, detected problems are analyzed from the standpoint of the danger they pose to the system. After the vulnerability scan task is started (see page 48), its run progress is displayed in the Scan window (in the Vulnerability Scan section) and in the Task Manager (see section "Managing scan tasks. Task Manager" on page 72). Information about results of the vulnerability scan task run is recorded in a report of Kaspersky Internet Security (see page 167). As with virus scan tasks, you can set a startup schedule for a vulnerability scan task, create a list of objects to scan (see page 67), specify an account (see section "Running a scan under a different user account" on page 69) and create a shortcut for quick start of the task. By default, the applications already installed on the computer are selected as scan objects.

    MANAGING SCAN TASKS. TASK MANAGER


    Task Manager displays information about last scan tasks that have been run or that are currently running (for example, virus scan, vulnerability scan, rootkit scan, or advanced disinfection). You can use Task Manager to view the progress and the result of a task run, or stop a task. For some tasks, additional actions are also available (for example, on completion of vulnerability scan, you can open the list of detected vulnerabilities and fix them). To open Task Manager: 1. 2. 3. Open the main application window. In the bottom part of the window, select the Scan section. In the Scan window that opens, click the Manage Tasks button in the top right corner of the window.

    UPDATE
    Updating the databases and program modules of Kaspersky Internet Security ensures up-to-date protection for your computer. New viruses, Trojans, and other types of malware appear worldwide on a daily basis. Information about threats and ways of neutralizing them is provided by Kaspersky Internet Security databases. For timely detection of new threats, you should update databases and application modules on a regular basis. Regular updates require an active license for application usage. If no license is installed, you can perform an update only once. When performing an update, the application downloads and installs the following objects on your computer: Kaspersky Internet Security databases. Protection of information is ensured by databases containing threat signatures, descriptions of network attacks, and information about how to resist them. Protection components use this information to search for and disinfect dangerous objects on your computer. The databases are supplemented every hour with records of new threats and ways to fight them. Therefore, you are strongly advised to update databases on a regular basis.

    72

    ADVANCED

    APPLICATION SETTINGS

    In addition to the Kaspersky Internet Security databases, the network drivers that enable the application's components to intercept network traffic are updated. Application modules. In addition to the Kaspersky Internet Security databases, you can also update the program modules. The updates for the application modules fix Kaspersky Internet Security's vulnerabilities and supplement or improve the existing functionality. During an update, the application modules and databases on your computer are compared with the up-to-date version at the update source. If your current databases and application modules differ from those in the current version of the application, the missing portion of the updates will be installed on your computer. If the databases are outdated, the update package may be large, which may cause additional Internet traffic (up to several dozen MB). Prior to updating the databases, Kaspersky Internet Security creates backup copies of them in case you want to return to the previous version of the databases (see section "Rolling back the last update" on page 76). Information about the current condition of Kaspersky Internet Security databases is displayed in the Update section of the main application window. Information on the update results and events which occurred during the execution of the update task is logged in a Kaspersky Internet Security report (see page 167). You can select an update source (see section "Selecting an update source" on page 73) and configure the automatic update startup.

    IN THIS SECTION:
    Selecting an update source ............................................................................................................................................. 73 Creating the update startup schedule ............................................................................................................................. 75 Rolling back the last update ............................................................................................................................................ 76 Running updates under a different user account............................................................................................................. 76 Using a proxy server ....................................................................................................................................................... 76

    SELECTING AN UPDATE SOURCE


    An update source is a resource containing updates for databases and application modules of Kaspersky Internet Security. The main update sources are the Kaspersky Lab update servers, where database updates and application module updates for all Kaspersky Lab products are stored. Your computer should be connected to the Internet for successful downloading of updates from our servers. By default, the Internet connection settings are determined automatically. If you use a proxy server, you may need to adjust the connection settings (see section "Configuring the proxy server" on page 118). When updating Kaspersky Internet Security, you can copy database and program module updates received from Kaspersky Lab servers into a local folder (see section "Updating the application from a shared folder" on page 74) and then provide access to other networked computers. This saves Internet traffic.

    73

    USER GUIDE

    If you do not have access to Kaspersky Lab's update servers (for example, Internet access is restricted), you can call the Kaspersky Lab headquarters (http://www.kaspersky.com/contacts) to request the contact information of Kaspersky Lab partners who can provide you with updates on removable media. When ordering updates on removable media, please specify whether you also require updates for the application modules.

    ADDING AN UPDATE SOURCE


    By default, the list of update sources contains only Kaspersky Lab's update servers. You can add a local folder or a different server as update source. If several resources are selected as update sources, Kaspersky Internet Security tries to connect to them one after another, starting from the top of the list, and retrieves updates from the first available source. To add an update source: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Update source button in the right part of the window. In the window that opens, on the Source tab, open the selection window by clicking the Add button. In the Select update source window that opens, select the folder that contains the updates, or enter an address in the Source field to specify the server from which the updates should be downloaded.

    SELECTING THE UPDATE SERVER REGION


    If you use Kaspersky Lab servers as the update source, you can select the optimal server location when downloading updates. Kaspersky Lab servers are located in several countries. Using the closest Kaspersky Lab update server allows you to reduce the time required for receiving updates and increase operation performance speed. By default, the application uses information about the current region from the operating system's registry. You can select the region manually. To select the server region: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Update source button in the right part of the window. In the window that opens, on the Source tab in the Regional settings section, select the Select from the list option, and then select the country nearest to your current location from the dropdown list.

    UPDATING THE APPLICATION FROM A SHARED FOLDER


    To save Internet traffic, you can configure updates of Kaspersky Internet Security from a shared folder when updating the application on networked computers. If you do this, one of the networked computers receives an update package from Kaspersky Lab servers or from another web resource that contains the required set of updates. The updates received are copied into a shared folder. Other networked computers access this folder to receive updates for Kaspersky Internet Security. When logged on under a guest account in Microsoft Windows 7, updates are not copied into the shared folder. It is recommended that you log on under a different account in order to allow copying updates.

    74

    ADVANCED

    APPLICATION SETTINGS

    To enable update distribution mode: 1. 2. 3. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Check the Copy updates to folder box in the Additional section and specify the path to a public folder where all downloaded updates will be copied in the field below. You can also select a folder by clicking the Browse button.

    To download updates for your computer from a specified shared folder: 1. 2. 3. 4. 5. 6. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Update source button in the right part of the window. In the window that opens, on the Source tab, open the selection window by clicking the Add button. In the Select update source window that opens, select a folder or enter the full path to it in the Source field. On the Source tab uncheck the Kaspersky Lab update servers box.

    CREATING THE UPDATE STARTUP SCHEDULE


    You can create a schedule to automatically start an update task: specify the frequency, start time (if necessary), and advanced settings. If it is not possible to start the task for any reason (for example, the computer was not on at that time), you can configure the skipped task to start automatically as soon as it becomes possible. You can also postpone automatic startup of the task after the application is started. Note that all scheduled tasks will be run only after a specified time interval elapses from the startup of Kaspersky Internet Security. The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start automatic updates when your computer is idle. To configure the update task startup schedule: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the Schedule section, select the By schedule option and configure the update run mode.

    To enable automatic launching of a skipped task: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the Schedule section, select By schedule and check the Run skipped tasks box.

    75

    USER GUIDE

    To postpone running a task after application startup: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the Schedule section, select the By schedule option and fill in the Postpone running after application startup for field to specify how long the task run should be postponed.

    ROLLING BACK THE LAST UPDATE


    After the first update of Kaspersky Internet Security, the option of rolling back to the previous databases becomes available. The update rollback feature is useful in case a new database version contains an invalid signature that makes Kaspersky Internet Security block a safe application. In the event of damage done to Kaspersky Internet Security databases, it is recommended that you run the update task to download the up-to-date set of databases. To roll back to the previous database version: 1. 2. Open the main application window. Select the Update section in the lower part of the window.

    3.

    In the Update window that opens, click the the menu that opens.

    button and select Roll back to the previous databases from

    RUNNING UPDATES UNDER A DIFFERENT USER ACCOUNT


    By default, the update procedure is run under your system account. However, Kaspersky Internet Security can update from a source for which you have no access rights (for example, from a network folder containing updates) or authorized proxy user credentials. You can run Kaspersky Internet Security updates on behalf of a user account that has such rights. To start the update under a different user's account: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the User account section, check the Run task as box. Specify the user name and password.

    76

    ADVANCED

    APPLICATION SETTINGS

    USING A PROXY SERVER


    If you use a proxy server for Internet connection, you should reconfigure it to allow proper updating of Kaspersky Internet Security. To configure the proxy server: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Click the Update source button in the right part of the window. In the window that opens, on the Source tab, click the Proxy server button. Configure the proxy server settings in the Proxy server settings window that opens.

    FILE ANTI-VIRUS
    File Anti-Virus prevents infection of the computer's file system. The component launches at the startup of the operating system, remains in the RAM of the computer, and scans all files opened, saved, or run on your computer and on all connected drives for viruses and other riskware. You can create a protection scope and set a security level (a collection of settings that determine the scan's thoroughness). When the user or a program attempts to access a protected file, File Anti-Virus checks whether iChecker and iSwift databases contain information about this file, and makes a decision on whether the file should be scanned. By default, the signature analysis a mode that uses records from application databases to search for threats is always enabled. You can also enable heuristic analysis and various scan technologies. If a threat is detected in a file, Kaspersky Internet Security assigns one of the following statuses to the file: Status designating the type of the malicious program detected (for example, virus, Trojan). Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. The file may contain a code sequence typical of viruses and other malware, or the modified code of a known virus. After that, the application displays a notification (see page 172) of the detected threat on the screen and performs the action specified in the File Anti-Virus settings. You can change the action (see page 81) that the application should perform if a threat is detected. If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects are detected, Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists. For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects Move to Quarantine. If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on page 64), the application displays a notification on the screen that you can use to select the required action the list of available ones. Before attempting to disinfect or delete an infected object, Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable automatic scanning of quarantined objects after each update.

    77

    USER GUIDE

    IN THIS SECTION:
    Enabling and disabling File Anti-Virus ............................................................................................................................. 78 Automatically pausing File Anti-Virus .............................................................................................................................. 78 Creating the protection scope of File Anti-Virus .............................................................................................................. 79 Changing and restoring the file security level .................................................................................................................. 80 Selecting file scan mode ................................................................................................................................................. 80 Using heuristic analysis when working with File Anti-Virus ............................................................................................. 81 Selecting file scan technology ......................................................................................................................................... 81 Changing the action to take on infected files ................................................................................................................... 81 Scan of compound files by File Anti-Virus ....................................................................................................................... 82 Optimizing file scan ......................................................................................................................................................... 83

    ENABLING AND DISABLING FILE ANTI-VIRUS


    By default, File Anti-Virus is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable File Anti-Virus if necessary. To disable File Anti-Virus: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the right part of the window, uncheck the Enable File Anti-Virus box.

    AUTOMATICALLY PAUSING FILE ANTI-VIRUS


    When doing resource-intensive work, you can pause File Anti-Virus. To reduce workload and ensure quick access to objects, you can configure automatic pausing of the component at a specified time or when handling specified programs. Pausing File Anti-Virus in case of a conflict with some applications is an emergency measure. If any conflicts arise when working with the component, please contact Kaspersky Lab Technical Support Service (http://support.kaspersky.com). The support specialists will help you resolve the simultaneous operation of Kaspersky Internet Security with other applications on your computer. To pause the component at a specified time: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button.

    78

    ADVANCED

    APPLICATION SETTINGS

    4.

    In the window that opens, on the Additional tab in the Pause task section, check the By schedule box and click the Schedule button. In the Pause task window, specify the time (in 24-hour hh:mm format) for which protection will be paused (the Pause task at and Resume task at fields).

    5.

    To pause the component when running specified applications: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Additional tab in the Pause task section, check the At application startup box and click the Select button. In the Applications window, create a list of applications which pause the component when running.

    5.

    CREATING THE PROTECTION SCOPE OF FILE ANTI-VIRUS


    The protection scope implies the location and type of files being scanned. By default, Kaspersky Internet Security scans only potentially infectable files stored on any hard drive, network drive or removable media. To create the protection scope: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. Click the Settings button in the right part of the window. In the window that opens, on the General tab, in the File types section, specify the type of files that you want to be scanned by File Anti-Virus: If you want to scan all files, select All files. If you want to scan files of formats that are the most vulnerable to infection, select Files scanned by format. If you want to scan files with extensions that are the most vulnerable to infection, select Files scanned by extension. When selecting type of files to be scanned, you should note that: The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation is quite low. However, there are formats that contain or may contain an executable code (such as EXE, DLL, DOC). The risk of penetration and activation of malicious code in such files is quite high. A hacker may send a virus or other riskware to your computer within an executable file renamed as one with the TXT extension. If you have selected scanning files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the file header and reveal that the file is an EXE file. Such file is thoroughly scanned for viruses and other riskware. 5. In the Protection scope list, perform one of the following actions: If you want to add a new object to the list of objects to be scanned, click the Add link. If you want to change an object's location, select one from the list and click the Edit link.

    79

    USER GUIDE

    The Select object to scan window opens. If you want to delete an object from the list of objects to be scanned, select one from the list and click the Delete link. The deletion confirmation window opens. 6. Perform one of the following actions: If you want to add a new object to the list of objects to be scanned, select one in the Select object to scan window and click the OK button. If you want to change an object's location, edit the path to one in the Object field in the Select object to scan window and click the OK button. If you want to delete an object from the list of objects to be scanned, click the Yes button in the deletion confirmation window. 7. 8. If necessary, repeat steps 6 7 to add, relocate, or delete objects from the list of objects to be scanned. To exclude an object from the list of objects to be scanned, uncheck the box next to one in the Protection scope list. However, the object remains on the list of objects to be scanned, though it is excluded from the scan by File Anti-Virus.

    CHANGING AND RESTORING THE FILE SECURITY LEVEL


    Depending on your current needs, you can select one of the preset file/memory security levels or configure File AntiVirus on your own. When configuring File Anti-Virus, you can always restore the recommended values. These settings are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To change the file security level: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the right part of the window, in the Security level section, set the desired security level, or click the Settings button to modify the settings manually. If you modify the settings manually, the name of the security level will change to Custom. To restore the default file security level: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. Click the Default level button in the Security level section in the right part of the window.

    SELECTING FILE SCAN MODE


    A scan mode means a condition, under which File Anti-Virus starts scanning files. By default, Kaspersky Internet Security runs in smart mode. When running in this file scan mode, File Anti-Virus makes decisions on file scan based on the analysis of actions that the user takes on files, and on the type of those files. For example, when working with a Microsoft Office document, Kaspersky Internet Security scans the file when it is first opened and last closed. Intermediate operations that overwrite the file do not cause it to be scanned.

    80

    ADVANCED

    APPLICATION SETTINGS

    To change the files scan mode: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Additional tab in the Scan mode section, select the desired mode. When selecting scan mode, you should take account of the types of files, with which you have to work with the majority of time.

    USING HEURISTIC ANALYSIS WHEN WORKING WITH FILE ANTI-VIRUS


    During File Anti-Virus operation, signature analysis is always used: Kaspersky Internet Security compares the object found with the database records. To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases. To enable heuristic analysis: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Performance tab in the Scan methods section, check the Heuristic Analysis box and specify the detail level for the scan.

    SELECTING FILE SCAN TECHNOLOGY


    In addition to the heuristic analysis, you can involve specific technologies that allow optimizing the file scan performance due to excluding files from scan if they have not been modified since the last scan. To specify the object scan technologies: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values.

    CHANGING THE ACTION TO TAKE ON INFECTED FILES


    If infected objects are detected, the application performs the selected action. To change the action that should be taken on infected objects: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the right part of the window, select the desired option in the Action on threat detection section.

    81

    USER GUIDE

    SCAN OF COMPOUND FILES BY FILE ANTI-VIRUS


    A common method of concealing viruses is to embed them into compound files: archives, installation packages, embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be unpacked, which can significantly decrease scanning speed. For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed files only mode, the links for choosing whether to scan all or only new files will not be available. By default, Kaspersky Internet Security scans only embedded OLE objects. When large compound files are scanned, their preliminary unpacking may take a long time. This period can be reduced by enabling unpacking of compound files in background mode if they exceed the specified file size. If a malicious object is detected while working with such a file, the application will notify you about it. You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will not be scanned. When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box is checked. To modify the list of compound files to be scanned: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Performance tab in the Scan of compound files section, select the desired type of compound files to be scanned.

    To set the maximum size of compound files to be scanned: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Performance tab in the Scan of compound files section, click the Additional button. In the Compound files window, check the Do not unpack large compound files box and specify the maximum file size.

    5.

    To unpack large compound files in background mode: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the Performance tab in the Scan of compound files section, click the Additional button. In the Compound files window, check the Extract compound files in the background box and specify the minimum file size.

    5.

    82

    ADVANCED

    APPLICATION SETTINGS

    OPTIMIZING FILE SCAN


    You can shorten the scan time and speed up Kaspersky Internet Security. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. This mode applies both to simple and compound files. To scan only new and changed files: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the File Anti-Virus component. Click the Settings button in the right part of the window. In the window that opens, on the Performance tab in the Scan optimization section, check the Scan only new and changed files box.

    MAIL ANTI-VIRUS
    Mail Anti-Virus scans incoming and outgoing messages for malicious objects. It starts when the operating system launches and runs continually, scanning all email messages sent or received via the POP3, SMTP, IMAP, MAPI and NNTP protocols, as well as over secure connections (SSL) via POP3 and IMAP (see section "Encrypted connections scan" on page 116). The indicator of the component's operation is the application icon in the taskbar notification area, which looks like whenever an email message is being scanned. Mail Anti-Virus intercepts and scans each email message received or sent by the user. If no threats are detected in an email message, it becomes available for the user. You can specify the types of messages which should be scanned and select the security level (see page 85) (configuration settings affecting the scan intensity). By default, the signature analysis a mode that uses records from application databases to search for threats is always enabled. In addition, you can enable heuristic analysis. Furthermore, you can enable filtering of attachments (see page 86), which allows automatic renaming or deletion of specified file types. If a threat is detected in a file, Kaspersky Internet Security assigns one of the following statuses to the file: Status designating the type of the malicious program detected (for example, virus, Trojan). Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. The file may contain a code sequence typical of viruses and other malware, or the modified code of a known virus. After that, the application blocks the email message, displays a notification (see page 172) of the detected threat on the screen, and performs the action specified in the settings of Mail Anti-Virus. You can change the actions to be taken when a threat is detected (see section "Changing the action to take on infected email messages" on page 86). If you are working in automatic mode (see section "Selecting a protection mode" on page 64), when dangerous objects are detected, Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists. For malicious objects, this action is Disinfect. Delete if disinfection fails, for suspicious objects Move to Quarantine. If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on page 64), the application displays a notification on the screen that you can use to select the required action the list of available ones. Before attempting to disinfect or delete an infected object, Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable automatic scanning of quarantined objects after each update.

    83

    USER GUIDE

    If disinfection is successful, the email message becomes available. If the disinfection fails, the infected object is deleted from the email message. Mail Anti-Virus expands the subject of the email message by adding text that notifies the user that this email message has been processed by Kaspersky Internet Security. An integrated plug-in is provided for Microsoft Office Outlook that allows you to fine-tune the email client. If you use The Bat!, Kaspersky Internet Security can be used in conjunction with other anti-virus applications. At that, the email traffic processing rules are configured directly in The Bat! and have a higher priority than the mail protection settings of Kaspersky Internet Security. When working with other widespread mail clients, including Microsoft Outlook Express/Windows Mail, Mozilla Thunderbird, Eudora, and Incredimail, Mail Anti-Virus scans email on the SMTP, POP3, IMAP, and NNTP protocols. Note that when working with the Thunderbird mail client, email messages transferred via IMAP will not be scanned for viruses if any filters moving messages from the Inbox folder are used.

    IN THIS SECTION:
    Enabling and disabling Mail Anti-Virus ............................................................................................................................ 84 Creating the protection scope of Mail Anti-Virus ............................................................................................................. 84 Changing and restoring the email security level .............................................................................................................. 85 Using heuristic analysis when working with Mail Anti-Virus............................................................................................. 86 Changing the action to take on infected email messages ............................................................................................... 86 Filtering attachments in email messages ........................................................................................................................ 86 Scan of compound files by Mail Anti-Virus ...................................................................................................................... 87 Email scanning in Microsoft Office Outlook ..................................................................................................................... 87 Email scanning in The Bat!.............................................................................................................................................. 87

    ENABLING AND DISABLING MAIL ANTI-VIRUS


    By default, Mail Anti-Virus is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Mail Anti-Virus if necessary. To disable Mail Anti-Virus: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. In the right part of the window, uncheck the Enable Mail Anti-Virus box.

    CREATING THE PROTECTION SCOPE OF MAIL ANTI-VIRUS


    Protection scope comprises a type of email messages to be scanned, protocols with traffic scanned by Kaspersky Internet Security, and settings for integration of Mail Anti-Virus into the system. By default, Kaspersky Internet Security is integrated into Microsoft Office Outlook and The Bat!, scans both incoming and outgoing email messages, and scans traffic of POP3, SMTP, NNTP and IMAP email protocols.

    84

    ADVANCED

    APPLICATION SETTINGS

    To disable scanning of outgoing emails: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. Click the Settings button in the right part of the window. Use the General tab in the Protection scope section of the displayed window to select the Incoming messages only option. If you have selected scanning incoming messages only, it is recommended that you scan outgoing mail when first running Kaspersky Internet Security, since your computer may be infected with email worms that use your email to breed and spread. Scanning outgoing mail allows you to avoid problems occurring due to uncontrolled sending of email messages from your computer. To select the protocols to scan and the settings for integrating Mail Anti-Virus into the system: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. Click the Settings button in the right part of the window. In the window that opens, on the Additional tab in the Connectivity section, select the desired settings.

    CHANGING AND RESTORING THE EMAIL SECURITY LEVEL


    Depending on your current needs, you can select one of the preset email security levels or configure Mail Anti-Virus on your own. Kaspersky Lab advises you not to configure Mail Anti-Virus settings on your own. In most cases, it is sufficient to select a different security level. When configuring Mail Anti-Virus, you can always restore the recommended values. These settings are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To change the current email security level: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. In the right part of the window, in the Security level section, set the desired security level, or click the Settings button to modify the settings manually. If you modify the settings manually, the name of the security level will change to Custom. To restore the default mail protection settings: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. Click the Default level button in the Security level section in the right part of the window.

    85

    USER GUIDE

    USING HEURISTIC ANALYSIS WHEN WORKING WITH MAIL ANTI-VIRUS


    During Mail Anti-Virus operation, signature analysis is always used: Kaspersky Internet Security compares the object found with the database records. To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases. To enable heuristic analysis: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. In the Security level section in the right part of the window click the Settings button. In the window that opens, on the General tab in the Scan methods section, check the Heuristic Analysis box and specify the detail level for the scan.

    CHANGING THE ACTION TO TAKE ON INFECTED EMAIL MESSAGES


    If infected objects are detected, the application performs the selected action. To change the action that should be taken on infected email messages: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. In the right part of the window, select the desired option in the Action on threat detection section.

    FILTERING ATTACHMENTS IN EMAIL MESSAGES


    Malicious programs may spread via email as attachments in email messages. You can configure filtering by type of attachments in email messages, which allows the renaming or deleting files of specified types automatically. To configure filtering of attachments: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. Click the Settings button in the right part of the window. Use the Attachment filter tab of the displayed window to select the filtering mode for attachments. When you select either of the last two modes, the list of file types (extensions) will be enabled; there you can select the desired types or add a new type mask. To add a mask of a new type to the list, click the Add link to open the Input file name mask window and enter the required information.

    86

    ADVANCED

    APPLICATION SETTINGS

    SCAN OF COMPOUND FILES BY MAIL ANTI-VIRUS


    A common method of concealing viruses is to embed them into compound files: archives, installation packages, embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be unpacked, which can significantly decrease scanning speed. You can enable or disable scanning of compound files, and limit the maximum size of compound files to be scanned. If your computer is not protected by any local network software (you access the Internet directly without a proxy server or a firewall), it is not recommended that you disable the scanning of compound files. To configure the scanning of compound files: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Mail Anti-Virus component. Click the Settings button in the right part of the window. Use the General tab in the window that opens to define the necessary settings.

    EMAIL SCANNING IN MICROSOFT OFFICE OUTLOOK


    While installing Kaspersky Internet Security, a special plug-in is integrated into Microsoft Office Outlook. It allows you to quickly switch to configuration of Mail Anti-Virus from Microsoft Office Outlook, and determine when email messages should be scanned for viruses and other riskware, whether this should be done when receiving, opening, or sending a message. Configuration of Mail Anti-Virus from Microsoft Office Outlook is available if this option is selected in the protection scope settings of Mail Anti-Virus. To switch to the email scan settings in Microsoft Office Outlook: 1. 2. 3. Open the main Microsoft Office Outlook window. Select Tools Options from the application menu.

    In the Settings window that opens, select the Email protection tab.

    EMAIL SCANNING IN THE BAT!


    Actions with regard to infected email objects in The Bat! are defined using the application's own tools. Mail Anti-Virus settings which determine whether incoming and outgoing messages should be scanned, which actions should be performed in regard to dangerous objects in email, and which exclusions should apply are ignored. The only thing that The Bat! takes into account is the scanning of attached archives. The email protection settings extend to all the anti-virus components installed on the computer that support working with the Bat!. Note that incoming email messages are first scanned by Mail Anti-Virus and only then by the plug-in for The Bat!. If a malicious object is detected, Kaspersky Internet Security immediately notifies you of this. If you select the Disinfect (Delete) action in the Mail Anti-Virus notification window, actions aimed at eliminating the threat are performed by Mail Anti-Virus. If you select the Ignore option in the notification window, the object will be disinfected by the plug-in for The Bat!. When sending email messages, they are first scanned by the plug-in and then by Mail Anti-Virus.

    87

    USER GUIDE

    The settings of Mail Anti-Virus are available from The Bat! if this option is selected in the protection scope settings of Mail Anti-Virus. To configure email scanning in The Bat! you must define the following criteria: which mail stream (incoming, outgoing) should be scanned; when mail objects should be scanned (when opening a message, before saving to disk); what actions are to be performed by the mail client if dangerous objects are detected in email messages. For example, you can select: Attempt to disinfect infected parts if this option is selected, the attempt is made to disinfect the infected object; if it cannot be disinfected, the object remains in the message. Delete infected parts if this option is selected, the dangerous object in the message is deleted regardless of whether it is infected or suspected to be infected. By default, The Bat! places all infected email objects in Quarantine without attempting to disinfect them. Email messages that contain dangerous objects are not marked with the special subject add-on when scanned by the plug-in for The Bat!. To switch to the email scan settings in The Bat!: 1. 2. 3. Open the main window of the The Bat!. In the Properties menu, select Settings. Select the Virus protection object from the settings tree.

    WEB ANTI-VIRUS
    Each time you work on the Internet, you endanger information stored on your computer, by exposing it to a risk of being infected with viruses and other malware. They may penetrate your computer when you download free applications or view information on websites that had been attacked by hackers before you have visited them. Moreover, network worms may penetrate into your computer even before you open a web page or download a file, just at the moment your computer establishes an Internet connection. Web Anti-Virus protects information received by your computer and sent from it over HTTP, HTTPS and FTP protocols, and prevents hazardous scripts from being run on your computer. Web Anti-Virus only monitors web traffic transferred via ports specified on the list of monitored ports. A list of monitored ports that are most commonly used for data transfer, is included in the Kaspersky Internet Security distribution kit. If you use ports that are not included in the list of monitored ports, you should add them to the list of monitored ports (see section "Creating a list of monitored ports" on page 119) to ensure protection of web traffic transferred via them. Web Anti-Virus scans web traffic with regard for a specific collection of settings named security level. If Web Anti-Virus detects a threat, it will perform the prescribed action. Malicious objects are detected using both Kaspersky Internet Security databases and a heuristic algorithm. Kaspersky Lab advises you not to configure Web Anti-Virus settings on your own. In most cases, it is sufficient to select an appropriate security level.

    88

    ADVANCED

    APPLICATION SETTINGS

    Web traffic scan algorithm


    Each web page or file that is accessed by the user or an application via the HTTP, HTTPS, or FTP protocols is intercepted and scanned for malicious code by Web Anti-Virus: If a web page or a file accessed by the user contains malicious code, access to it is blocked. A notification is displayed that the requested file or web page is infected. If the file or web page does not contain malicious code, the program immediately grants the user access to it.

    Script scan algorithm


    Each script run is intercepted by Web Anti-Virus and is analyzed for malicious code: If a script contains malicious code, Web Anti-Virus blocks it and displays a notification on the screen. If no malicious code is discovered in the script, it is run. Web Anti-Virus intercepts only scripts based on the Microsoft Windows Script Host functionality.

    IN THIS SECTION:
    Enabling and disabling Web Anti-Virus ........................................................................................................................... 89 Changing and restoring the web traffic security level ...................................................................................................... 90 Changing the action to take on dangerous objects from web traffic ................................................................................ 90 Checking URLs on web pages ........................................................................................................................................ 90 Using heuristic analysis when working with Web Anti-Virus ............................................................................................ 93 Blocking dangerous scripts ............................................................................................................................................. 93 Scan optimization ............................................................................................................................................................ 94 Controlling access to regional domains ........................................................................................................................... 94 Controlling access to online banking services ................................................................................................................. 94 Creating a list of trusted addresses ................................................................................................................................. 95

    ENABLING AND DISABLING WEB ANTI-VIRUS


    By default, Web Anti-Virus is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Web Anti-Virus, if necessary. To disable Web Anti-Virus: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. In the right part of the window, uncheck the Enable Web Anti-Virus box.

    89

    USER GUIDE

    CHANGING AND RESTORING THE WEB TRAFFIC SECURITY LEVEL


    Depending on your current needs, you can select one of the preset web traffic security levels or configure Web Anti-Virus on your own. When configuring Web Anti-Virus, you can always restore the recommended values. These settings are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To change the web traffic security level: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. In the right part of the window, in the Security level section, set the desired security level, or click the Settings button to modify the settings manually. If you modify the settings manually, the name of the security level will change to Custom. To restore the default web traffic security level: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Default level button in the Security level section in the right part of the window.

    CHANGING THE ACTION TO TAKE ON DANGEROUS OBJECTS


    FROM WEB TRAFFIC
    If infected objects are detected, the application performs the selected action. Web Anti-Virus always blocks actions by dangerous scripts and displays messages that inform the user of the action taken. You cannot change the action to be taken on a dangerous script; all you can do is disable script scan (see section "Blocking dangerous scripts" on page 93). To change the action to be performed with regard to detected objects: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. In the right part of the window, select the desired option in the Action on threat detection section.

    CHECKING URLS ON WEB PAGES


    Scanning web pages for phishing allows you to prevent phishing attacks. Phishing attacks are, as a rule, email messages from alleged financial organizations that contain URLs to websites of such organizations. The email message convinces the reader to click the URL and enter private information in the window that opens, for example, the number of a banking card or the login and the password of an online banking account. A phishing attack can be disguised, for example, as a letter from your bank with a link to its official website. By clicking the link, you go to an exact copy of the bank's website and can even see the bank site's address in the browser, even though you are on a counterfeit site. From this point forward, all your actions on the site are tracked and can be used to steal your money. Since links to phishing web sites may be received not only in email, but also from other sources, such as ICQ messages, Web Anti-Virus monitors attempts to access a phishing web site on the level of web traffic and blocks access to such locations.

    90

    ADVANCED

    APPLICATION SETTINGS

    In addition to Kaspersky Internet Security databases, heuristic analysis (see page 93) can also be used for scanning web pages for phishing.

    IN THIS SECTION:
    Enabling and disabling the checking of URLs ................................................................................................................. 91 Using Kaspersky URL Advisor ........................................................................................................................................ 91 Blocking access to dangerous websites .......................................................................................................................... 92

    ENABLING AND DISABLING THE CHECKING OF URLS


    To enable URL checks using the databases of suspicious web addresses and phishing addresses: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the General tab, in the Kaspersky URL Advisor section, check the Check if URLs are listed in the database of suspicious URLs and Check web pages for phishing boxes.

    USING KASPERSKY URL ADVISOR


    Kaspersky URL Advisor is integrated into Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome as a plug-in. Kaspersky URL Advisor checks all URLs on a web page to find out if they are included in the list of suspicious URLs. It also checks them for phishing, highlighting each one in the browser window. You can create a list of websites, on which all URLs should be checked, check URLs on all websites except those included in the list of exclusions, check URLs in search results only, or specify categories of websites with URLs that should be checked. Not only can you configure Kaspersky URL Advisor in the application settings window, but also in the Kaspersky URL Advisor settings window, which is available from your web browser. To specify websites, on which all URLs should be checked: 1. 2. 3. 4. 5. 6. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. On the Safe Surf tab, in the Kaspersky URL Advisor section, check the Check URLs box. Select the websites on which the links need to be scanned: a. If you want to create a list of websites, on which all URLs should be checked, select Only websites from the list and click the Specify button. In the Checked URLs window that opens, create a list of websites to be checked. If you want to check URLs on all websites except those specified, select All but the exclusions and click the Exclusions button. In the Exclusions window that opens, create a list of websites that do not need any check of URLs on them.

    b.

    91

    USER GUIDE

    To check URLs in search results only: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. On the Safe Surf tab, in the Kaspersky URL Advisor section, check the Check URLs box and click the Settings button. In the Kaspersky URL Advisor settings window that opens, in the Check mode section, select Only URLs in search results.

    6.

    To select categories of websites with URLs that should be checked: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. On the Safe Surf tab, in the Kaspersky URL Advisor section, check the Check URLs box and click the Settings button. In the Kaspersky URL Advisor settings window that opens, in the Websites categories section, check the Show information on the categories of websites content box. In the list of categories, check the boxes next to categories of websites with URLs that should be checked.

    6.

    7.

    To open the Kaspersky URL Advisor settings window from your web browser, click the button with the Kaspersky Internet Security icon in the browser toolbar.

    BLOCKING ACCESS TO DANGEROUS WEBSITES


    You can block access to websites which have been deemed suspicious or phishing sites by Kaspersky URL Advisor (see section "Using Kaspersky URL Advisor" on page 91). To block access to dangerous websites: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the Safe Surf tab, in the Blocking Dangerous Websites section, check the Block dangerous websites box.

    92

    ADVANCED

    APPLICATION SETTINGS

    USING HEURISTIC ANALYSIS WHEN WORKING WITH WEB ANTI-VIRUS


    To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases. When Web Anti-Virus is running, you can separately enable the heuristic analysis for scanning web traffic and for checking web pages for phishing. To enable the heuristic analysis for scanning web traffic: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the General tab in the Heuristic Analysis section, check the Use Heuristic Analysis box and set a scan detail level.

    To enable the heuristic analysis for checking web pages for phishing: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. 5. On the General tab, in the Kaspersky URL Advisor section, click the Additional button. In the Anti-Phishing settings window that opens, check the Use Heuristic Analysis to check web pages for phishing box and set a scan detail level.

    BLOCKING DANGEROUS SCRIPTS


    Web Anti-Virus scans all scripts processed in Microsoft Internet Explorer, as well as any other WSH scripts (for example, JavaScript, Visual Basic Script, etc.) launched when you are working on the computer. If a script presents a threat to your computer, it will be blocked. To disable blocking of dangerous scripts: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the General tab in the Additional section uncheck the Block dangerous scripts in Microsoft Internet Explorer box.

    93

    USER GUIDE

    SCAN OPTIMIZATION
    To improve efficiency of detection of malicious code, Web Anti-Virus uses the caching of fragments of objects coming from the Internet. Using the caching, Web Anti-Virus scans objects only after they are received on the computer in their entirety. The caching increases the amount of time required to process objects and pass it to the user for further operations. Caching can cause problems when downloading or processing large objects, as the connection with the HTTP client may time out. You can solve this problem using the option of limiting the caching of fragments of objects coming from the Internet. Upon expiration of a certain time interval, each fragment of an object is passed to the user unscanned. When copying is complete, the object will be scanned entirely. This allows us to reduce the amount of time required to pass objects to the user and solving the problem with connection losses. The Internet security level is not reduced. Lifting restrictions on the duration of web traffic caching leads to improved efficiency of virus scans, though it may slow down access to objects. To set or remove a time limit for fragment buffering: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the General tab, in the Additional section, check the Limit traffic caching time to 1 sec to optimize scan box.

    CONTROLLING ACCESS TO REGIONAL DOMAINS


    Depending on your choice, Web Anti-Virus in Geo Filter mode can block or allow access to websites on the grounds of their belonging to regional web domains. This allows you, for example, to block access to websites which belong to regional domains with a high risk of infection. To allow or block access to websites which belong to specified domains: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the Geo Filter tab, check the Enable filtering by regional domains box and specify in the list of controlled domains below which domains should be allowed or blocked, and for which ones the application should request permission for access using a notification (see section "Request for permission to access a website from a regional domain" on page 197). By default, access is allowed for regional domains that match your location. Requesting permission for access is set for other domains by default.

    94

    ADVANCED

    APPLICATION SETTINGS

    CONTROLLING ACCESS TO ONLINE BANKING SERVICES


    When working with online banking, your computer needs an especially reliable protection, since leakages of confidential information may lead to financial losses. Web Anti-Virus can control access to online banking services, thus ensuring safe interaction with them (see section "About Safe Run for Websites" on page 141). Web Anti-Virus automatically determines which web resources are online banking services. For guaranteed identification of a web resource as online banking service, you can specify its URL in the list of banking websites. To configure control of access to online banking services: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. On the Online Banking tab, check the Enable control box. You will be prompted to start the Certificate Installation Wizard that you can use to install a Kaspersky Lab certificate for scanning encrypted connections. If necessary, create a list of resources that Kaspersky Internet Security should identify as online banking services.

    5.

    CREATING A LIST OF TRUSTED ADDRESSES


    Web Anti-Virus does not scan web traffic for dangerous objects if it comes from trusted URLs. To create a list of trusted web addresses: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Web Anti-Virus component. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. 4. 5. On the Trusted URLs tab, check the Do not scan web traffic from trusted URLs box. Create a list of websites / web pages with content that you trust. To do this: a. Click the Add button. The Address mask (URL) window will open. b. c. Enter the address of a website / web page or the address mask of a website / web page. Click the OK button. A new record appears on the list of trusted URLs. 6. If necessary, repeat steps from a to c.

    95

    USER GUIDE

    IM ANTI-VIRUS
    IM Anti-Virus scans the traffic of instant messaging clients (so-called Internet pagers). IM messages may contain links to suspicious websites and to websites used by hackers to organize phishing attacks. Malicious programs use IM clients to send spam messages and links to programs (or the programs themselves) which steal users' ID numbers and passwords. Kaspersky Internet Security ensures safe operation of various instant messaging applications, including ICQ, MSN, AIM, Yahoo! Messenger, Jabber, Google Talk, Mail.Ru Agent and IRC. Some IM clients, such as Yahoo! Messenger and Google Talk, use encrypted connections. To scan the traffic generated by those programs, you have to enable encrypted connections scanning (see page 116). IM Anti-Virus intercepts messages and scans them for dangerous objects or URLs. You can select the types of messages to scan and various scanning methods. If threats are detected in a message, IM Anti-Virus replaces this message with a warning message for the user. Files transferred via IM clients are scanned by the File Anti-Virus component (on page 77) when attempts are made to save them.

    IN THIS SECTION:
    Enabling and disabling IM Anti-Virus ............................................................................................................................... 96 Creating the protection scope of IM Anti-Virus ................................................................................................................ 96 Checking URLs in messages from IM clients .................................................................................................................. 97 Using heuristic analysis when working with IM Anti-Virus ............................................................................................... 97

    ENABLING AND DISABLING IM ANTI-VIRUS


    By default, IM Anti-Virus is enabled and functions in normal mode. You can disable IM Anti-Virus if necessary. To disable IM Anti-Virus: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component. In the right part of the window, uncheck the Enable IM Anti-Virus box.

    CREATING THE PROTECTION SCOPE OF IM ANTI-VIRUS


    The protection scope is the type of messages to be scanned. By default, Kaspersky Internet Security scans both incoming and outgoing messages. If you are sure that messages you send cannot contain any dangerous objects, you may disable scanning of outgoing traffic.

    96

    ADVANCED

    APPLICATION SETTINGS

    To disable scanning of outgoing messages: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component. In the right part of the window, in the Protection scope section, select the Incoming messages only option.

    CHECKING URLS IN MESSAGES FROM IM CLIENTS


    To scan messages for suspicious and phishing URLs: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component. In the right part of the window, in the Scan methods section, check the Check if URLs are listed in the database of suspicious URLs and Check if URLs are listed in the database of phishing URLs boxes.

    USING HEURISTIC ANALYSIS WHEN WORKING WITH IM ANTI-VIRUS


    To improve protection efficiency, you can use heuristic analysis (i.e., analysis of activity that an object performs in the system). This analysis makes it possible to detect new malicious objects which are not yet described in the databases. When using heuristic analysis, any script included in an IM client's message is executed in a protected environment. If the script's activity is typical of malicious objects, the object is likely to be classed as malicious or suspicious. By default, heuristic analysis is enabled. To enable heuristic analysis: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the IM Anti-Virus component. In the right part of the window, in the Scan methods section, check the Heuristic Analysis box and set the necessary scanning intensity level.

    PROACTIVE DEFENSE
    Proactive Defense protects your computer against new threats which are not yet included in Kaspersky Internet Security databases. The functioning of Proactive Defense is based on proactive technologies. Proactive technologies allow you to neutralize a new threat before it does any harm to your computer. Unlike responsive technologies, which analyze code based on records in Kaspersky Internet Security databases, preventative technologies recognize a new threat on your computer by the sequence of actions executed by a program. If, as a result of activity analysis, the sequence of an application's actions arouses suspicion, Kaspersky Internet Security blocks the activity of this application. For example, when actions such as a program copying itself to network resources, the startup folder and the system registry are detected, it is highly likely that this program is a worm. Hazardous sequences of actions also include attempts to modify the HOSTS file, hidden installation of drivers, etc. You can turn off monitoring (see page 99) for any hazardous activity or edit its monitoring rules (see page 99). As opposed to the Application Control protection component (on page 101), Proactive Defense responds immediately to a defined sequence of an application's actions. Activity analysis is applied to all applications running on your computer, including those allocated in the Trusted group by the Application Control protection component.

    97

    USER GUIDE

    You can create a group of trusted applications (see page 98) for Proactive Defense. You will not be notified of the activities of these applications. If your computer runs under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, Microsoft Windows Vista x64, Microsoft Windows 7, or Microsoft Windows 7 x64, control will not apply to all events. This is due to specific features of these operating systems. For example, control will not apply fully to the sending of data through trusted applications and suspicious system activities.

    IN THIS SECTION:
    Enabling and disabling Proactive Defense ...................................................................................................................... 98 Creating a group of trusted applications .......................................................................................................................... 98 Using the dangerous activity list ...................................................................................................................................... 99 Changing the action to be taken on applications' dangerous activity .............................................................................. 99

    ENABLING AND DISABLING PROACTIVE DEFENSE


    By default, Proactive Defense is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Proactive Defense if necessary. To disable Proactive Defense: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Proactive Defense component. In the right part of the window, uncheck the Enable Proactive Defense box.

    CREATING A GROUP OF TRUSTED APPLICATIONS


    Programs recognized by the Application Control protection component as Trusted pose no threat for the system. However, their activities will also be monitored by Proactive Defense. You can create a group of trusted applications exerting activity that should not be controlled by Proactive Defense. By default, the list of trusted applications includes applications with verified digital signatures and applications that are trusted in the Kaspersky Security Network database. To change the settings of the trusted applications group: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Proactive Defense component. In the right part of the window, in the Trusted applications section, perform the following actions: If you want applications with verified digital signatures to be included in the group of trusted applications, check the Applications with digital signature box. If you want applications trusted by the Kaspersky Security Network database to be included in the group of trusted applications, check the Trusted in Kaspersky Security Network database box.

    98

    ADVANCED

    APPLICATION SETTINGS

    USING THE DANGEROUS ACTIVITY LIST


    The list of actions typical of dangerous activity cannot be edited. However, you can refuse to control a selected case of dangerous activity. To turn off monitoring for one dangerous activity or another: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Proactive Defense component. Click the Settings button in the right part of the window. In the Proactive Defense window that opens, uncheck the box next to the type of activity which you do not want to be monitored.

    CHANGING THE ACTION TO BE TAKEN ON APPLICATIONS'


    DANGEROUS ACTIVITY
    The list of actions typical of dangerous activity cannot be edited. However, you can change the action that Kaspersky Internet Security takes when applications' dangerous activity is detected. To change the action that Kaspersky Lab application takes on dangerous activity of another application: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Proactive Defense component. Click the Settings button in the right part of the window. In the Proactive Defense window that opens, in the Event column, select the desired event for which you want to edit the rule. Configure the settings for the selected event using the links in the Rule description section. For example: a. b. Click the link with the preset action and select the desired action in the Select action window that opens. Click the On / Off link to indicate that a report on operation execution should be created.

    5.

    SYSTEM WATCHER
    System Watcher collects data about application actions on your computer and provides information to other components for improved protection. Based on information collected by System Watcher, Kaspersky Internet Security can roll back actions performed by malicious programs. Rolling back actions performed by malicious programs can be initiated by one of the following protection components: System Watcher - based on patterns of dangerous activity; Proactive Defense; File Anti-Virus; when performing a virus scan.

    99

    USER GUIDE

    If suspicious events are detected in the system, Kaspersky Internet Security protection components can request additional information from System Watcher. In interactive protection mode of Kaspersky Internet Security (see section "Selecting a protection mode" on page 64), you can view data collected by the System Watcher component and presented as a report on dangerous activity history. This data can help you make a decision when selecting an action in the notification window. When the component detects a malicious program, the link to the System Watcher's report is displayed in the top part of the notification window (see page 197), along with a prompt for action.

    IN THIS SECTION:
    Enabling and disabling System Watcher ....................................................................................................................... 100 Using patterns of dangerous activity (BSS) ................................................................................................................... 100 Rolling back a malicious program's actions ................................................................................................................... 101

    ENABLING AND DISABLING SYSTEM WATCHER


    By default, System Watcher is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable System Watcher if necessary. You are advised not to disable the component unless it is absolutely necessary, since this inevitably decreases the efficiency of Proactive Defense and other protection components that may request data collected by System Watcher in order to identify the potential threat detected. To disable System Watcher: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the System Watcher component. In the right part of the window, uncheck the Enable System Watcher box.

    USING PATTERNS OF DANGEROUS ACTIVITY (BSS)


    Patterns of dangerous activity (BSS Behavior Stream Signatures) contain sequences of actions typical of applications classified as dangerous. If an application's activity matches a pattern of dangerous activity, Kaspersky Internet Security performs the prescribed action. To provide real-time effective protection, Kaspersky Internet Security adds patterns of dangerous activity, which are used by System Watcher, during the database updates. By default, when Kaspersky Internet Security is running in automatic mode, if an application's activity matches a pattern of dangerous activity, System Watcher moves this application to Quarantine. When running in interactive mode, System Watcher prompts for action. You can specify the action that the component should perform when an application's activity matches a pattern of dangerous activity. In addition to exact matches between applications' activities and patterns of dangerous activity, System Watcher also detects actions that partly match patterns of dangerous activity and are considered suspicious based on the heuristic analysis. If suspicious activity is detected, System Watcher prompts for action regardless of the operation mode. To select the action that the component should perform if an application's activity matches a pattern of dangerous activity: 1. 2. Open the application settings window. In the left part of the window, in the Protection Center section, select the System Watcher component.

    100

    ADVANCED

    APPLICATION SETTINGS

    3.

    In the right part of the window, in the Heuristic Analysis section, check the Use updatable patterns of dangerous activity (BSS) box. Click Select action and then specify the desired action on the dropdown list.

    4.

    ROLLING BACK A MALICIOUS PROGRAM'S ACTIONS


    You can use the option of rolling back the actions performed by malware in the system. To enable a rollback, System Watcher logs the history of program activity. You can limit the volume of information that System Watcher stores for a rollback. By default, Kaspersky Internet Security rolls back relevant operations automatically when the protection components detect malicious activity. When running in interactive mode, System Watcher prompts for action. You can specify an action that should be taken if a rollback of actions performed by a malicious program is available. The procedure of rolling back malware operations affects a strictly defined set of data. It causes no negative consequences for the operating system or data integrity on your computer. To select an action that should be taken if a rollback of actions performed by a malicious program is available: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the System Watcher component. In the right part of the window, in the Rollback of malware actions section, choose Select action, and then select the required action from the dropdown list.

    To limit the volume of information that System Watcher stores for a rollback: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the System Watcher component. In the right part of the window, in the Rollback of malware actions section, check the Limit data to be stored for rollback box and specify the maximum data volume that System Watcher should store for a rollback.

    APPLICATION CONTROL
    Application Control prevents applications from performing actions that may be dangerous for the system and ensures control of access to operating system resources and your identity data. The component tracks actions performed in the system by applications installed on the computer and regulates them based on the Application Control rules. These rules regulate potentially dangerous activity, including applications' access to protected resources, such as files and folders, registry keys, and network addresses. Applications' network activity is controlled by the Firewall component (on page 109). At the first startup of an application on the computer, the Application Control component verifies its safety and includes it in one of the groups. The group defines the rules that Kaspersky Internet Security should apply for controlling the activity of this application. The Application Control rules are a set of access rights to computer resources and restrictions posed on various actions being performed by applications on the computer. You can configure the conditions for distribution of applications by groups (see page 102), move an application to another group (see page 103), or edit the rules of Kaspersky Internet Security (see page 104).

    101

    USER GUIDE

    We recommend that you participate in the Kaspersky Security Network in order to improve the performance of Application Control (see section "Kaspersky Security Network" on page 174). Data obtained using the Kaspersky Security Network allows you to group applications with more accuracy and apply optimal Application Control rules. When the application is restarted, Application Control checks its integrity. If the application has not been changed, the component applies the current rule to it. If the application has been modified, Application Control re-scans it as at the first startup. To control applications' access to various resources of your computer, you can use the preset list of protected resources or add user resources to the list (see page 107).

    IN THIS SECTION:
    Enabling and disabling Application Control ................................................................................................................... 102 Placing applications into groups .................................................................................................................................... 102 Viewing application activity............................................................................................................................................ 103 Modifying a group and restoring the default group ........................................................................................................ 103 Working with Application Control rules .......................................................................................................................... 104 Interpreting data on application usage by the participants of the Kaspersky Security Network ..................................... 108

    ENABLING AND DISABLING APPLICATION CONTROL


    By default, Application Control is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Application Control, if necessary. To disable Application Control: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, uncheck the Enable Application Control box.

    PLACING APPLICATIONS INTO GROUPS


    At the first startup of an application on the computer, the Application Control component verifies its safety and includes it in one of the groups. Applications that do not pose any threat to the system are placed in the Trusted group. By default, this group includes applications with a digital signature and applications whose parent objects have one. You can disable the automatic inclusion of applications with a digital signature in the Trusted group. The behavior of applications included in the Trusted group will, however, be controlled by the Proactive Defense component (on page 97). By default, Kaspersky Internet Security uses the heuristic analysis to group unknown applications (those not included in the Kaspersky Security Network database and functioning without a digital signature). The analysis helps determine the application's threat rating, based on which it is placed into a group. Instead of using heuristic analysis, you can specify a group into which Kaspersky Internet Security should automatically place all unknown applications.

    102

    ADVANCED

    APPLICATION SETTINGS

    By default, Application Control analyzes an application for 30 seconds. If this time interval turns out to be insufficient for determining the threat rating, the application is placed into the Low Restricted group, while determination of the threat rating continues in background mode. After that, the application is placed into its final group. You can change the time allocated for application analysis. If you are sure that no applications started on your computer pose any threat to its security, you can decrease the time spent on analysis. If, on the contrary, you are installing software and are not sure that it is safe, you are advised to increase the time for analysis. If the application threat rating is high, Kaspersky Internet Security notifies you and prompts you to select a group into which to place the application. Notification (see page 195) contains statistics on the application's use by Kaspersky Security Network participants. Based on the statistics and taking into account the history of how this application appeared on your computer, you can make a more objective decision regarding the group into which the application should be placed (see section "Interpreting data on application usage by the participants of the Kaspersky Security Network" on page 108). To configure distribution of applications by groups: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Applications restriction section, perform the following actions: a. If you want applications with digital signatures to be automatically included in the Trusted group, check the Trust applications with digital signature box. Select a method of allocating unknown applications by groups: If you want to use heuristic analysis to allocate unknown applications by groups, select Use the heuristic analysis to define group. If you want to place all unknown applications into a specified group, select Move to the following group automatically and specify the required group in the dropdown list. c. Specify a time interval for scanning an application being run, using the Maximum time to define the application group field.

    b.

    VIEWING APPLICATION ACTIVITY


    You can view information about applications used on your computer and about processes running. To view application activity: 1. 2. 3. Open the main application window (see page 33). In the lower part of the window, select the Applications Activity section. In the Applications Activity window that opens, in the top left corner, select the desired category of applications from the dropdown list.

    MODIFYING A GROUP AND RESTORING THE DEFAULT GROUP


    At the first startup of an application, Kaspersky Internet Security automatically includes it into a group (see section "Placing applications into groups" on page 102). You can move the application to another group manually. At any moment, you can move the application back to the default group. Kaspersky Lab specialists recommend that you avoid moving applications from default groups. Instead, if needed, edit the rules for an individual application.

    103

    USER GUIDE

    To move an application to another group: 1. 2. 3. Open the main application window (see page 33). In the lower part of the window, select the Applications Activity section. In the Applications Activity window that opens, in the top left corner, select the desired category of applications from the dropdown list. Right-click to open the context menu for the desired application and select Move to group <group name>.

    4.

    To restore an application in the default group: 1. 2. 3. Open the main application window (see page 33). In the lower part of the window, select the Applications Activity section. In the Applications Activity window that opens, in the top left corner, select the desired category of applications from the dropdown list. Right-click to open the context menu for the desired application and select Move to group group. Restore default

    4.

    WORKING WITH APPLICATION CONTROL RULES


    The Application Control rules are a set of access rights to computer resources and restrictions posed on various actions being performed by applications on the computer. By default, an application is controlled according to the rules of the group into which Kaspersky Internet Security placed the application when it was run for the first time. The group rules have been developed by Kaspersky Lab specialists for optimum control of application activity. If necessary, you can edit these rules or adjust them for an individual application. The rules for an application have higher priority than the rules for a group.

    IN THIS SECTION:
    Editing group rules ........................................................................................................................................................ 104 Editing application rules ................................................................................................................................................ 105 Use of rules from Kaspersky Security Network by Application Control ......................................................................... 106 Inheritance of restrictions of the parent process ............................................................................................................ 106 Deleting rules for unused applications .......................................................................................................................... 107 Protecting operating system resources and identity data .............................................................................................. 107

    EDITING GROUP RULES


    By default, different groups have different optimal sets of access rights to computer resources. You can edit the preset group rules. To change a group rule: 1. 2. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component.

    104

    ADVANCED

    APPLICATION SETTINGS

    3.

    In the right part of the window, in the Configure application rules, protect digital identity data and other resources section, click the Applications button. In the Applications window that opens, select the desired group from the list and click the Edit button. In the Group rules window that opens, select the tab that matches the desired resource category ( Files and system registry or Rights). Right-click the column with the appropriate action for the desired resource to open the context menu and select the desired value (Allow, Block, or Prompt for action).

    4. 5.

    6.

    EDITING APPLICATION RULES


    You can modify restrictions at the level of an individual application or exclude some actions from the rules for an application. Kaspersky Internet Security will not control actions that have been added to the exclusions from the rules for an application. All exclusions created in the rules for applications are available in the application settings window (see section "The application settings window" on page 36) in the Threats and Exclusions section. You can also disable the application of group rules to the control of access to selected categories of protected resources. Access to these resources is managed by the application rules. To change an application rule: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Configure application rules, protect digital identity data and other resources section, click the Applications button. In the Applications window that opens, select the desired application from the list and click the Edit button. In the Application rules window that opens, select the tab that matches the desired resource category ( Files and system registry or Rights). Right-click the column with the appropriate action for the desired resource to open the context menu and select the desired value (Allow, Block, or Prompt for action).

    4. 5.

    6.

    To disable applying group rules to access to resources: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Configure application rules, protect digital identity data and other resources section, click the Applications button. In the Applications window that opens, select the desired application from the list. Click the Edit button. In the Application rules window that opens, select the tab that matches the desired resource category ( Files and system registry or Rights). Right-click the column with the appropriate action for the required resource to open the context menu and select the Inherit item with the box checked.

    4. 5. 6.

    7.

    105

    USER GUIDE

    To add an exclusion to the application rules: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Configure application rules, protect digital identity data and other resources section, click the Applications button. In the Applications window that opens, select the desired application from the list and click the Edit button. In the Application rules window that opens, select the Exclusions tab. Check the boxes for the actions that should not be controlled.

    4. 5. 6.

    USE OF RULES FROM KASPERSKY SECURITY NETWORK BY APPLICATION CONTROL


    By default, applications found in the Kaspersky Security Network database are processed according to the rules loaded from this database. If an application was not found in the Kaspersky Security Network database at the first run but information about it was added later, Kaspersky Internet Security will automatically update the rules for the control of this application by default. You can disable the usage of rules from the Kaspersky Security Network and / or the automatic update of the rules for previously unknown applications. To disable the usage of rules from the Kaspersky Security Network: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Applications restriction section, uncheck the Load rules for applications from Kaspersky Security Network (KSN) box.

    To disable updates of Kaspersky Security Network rules for previously unknown applications: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Applications restriction section, uncheck the Update rules for previously unknown applications from KSN box.

    INHERITANCE OF RESTRICTIONS OF THE PARENT PROCESS


    On your computer, you are not the only one that has rights to launch programs and processes. Other running programs (processes) also can do it; thus they become parent ones. If a parent process has a lower rights priority than a program that it launches, Application Control applies the same restrictions to the program being launched as to the parent process. Thus, the program being launched inherits all restrictions from its parent process. This mechanism prevents a non-trusted application or an application with restricted rights from using a trusted application to perform actions requiring certain privileges. If an application's activity is blocked because a parent process has insufficient rights, you can modify these rights or disable inheritance of restrictions from the parent process. You should modify the rights of a parent process only if you are absolutely certain that the process' activities do not threaten the security of the system!

    106

    ADVANCED

    APPLICATION SETTINGS

    To disable inheritance of restrictions from the parent process, perform the following steps: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Configure application rules, protect digital identity data and other resources section, click the Applications button. In the Applications window that opens, select the desired application from the list. Click the Edit button. In the Application rules window that opens, select the Exclusions tab. Check the Do not inherit restrictions from the parent process (application) box.

    4. 5. 6. 7.

    DELETING RULES FOR UNUSED APPLICATIONS


    By default, the rules for applications which have not been started for 60 days are deleted automatically. You can modify the storage time for rules for unused applications or disable automatic removal of rules. To change the storage time for application rules: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, check the Delete rules for applications remaining inactive for more than box in the Additional section and specify the desired number of days.

    To disable the automatic removal of the rules for unused applications: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. In the right part of the window, in the Additional section, uncheck the Delete rules for applications remaining inactive for more than box.

    PROTECTING OPERATING SYSTEM RESOURCES AND IDENTITY DATA


    Application Control manages the applications' rights to perform actions with various resource categories of the operating system and personal data. Kaspersky Lab specialists have created preset categories of protected resources. You cannot edit this list. However, you can expand this list by adding user categories and / or individual resources, or stop controlling the selected resources. In addition, you can add specified resources to the exclusions. Access to those resources will not be controlled. To add personal data to be protected: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. Click the Identity protection button in the right part of the window. In the window that opens, on the Identity data tab, select the required category of identity data from the dropdown list.

    107

    USER GUIDE

    5. 6.

    Click the Add button and select the desired type of resource from the menu that opens. In the User resource window that opens, specify the desired settings based on the resource being added.

    To create a category of identity data items to be protected: 1. 2. 3. 4. 5. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. Click the Identity protection button in the right part of the window. In the window that opens, on the Identity data tab, click the Add category button. In the Identity data category window that opens, enter a name for the new resource category.

    To add operating system settings and resources to be protected: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. Click the Identity protection button in the right part of the window. In the window that opens, on the Operating system tab, select the desired category of operating system objects from the Category dropdown list. Click the Add button and select the desired type of resource from the menu that opens. In the User resource window that opens, specify the desired settings based on the resource being added.

    5. 6.

    To add a resource to the exclusions list: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Application Control component. Click the Identity protection button in the right part of the window. In the window that opens, on the Exclusions tab, click the Add button and specify the desired resource from the menu that opens. In the User resource window that opens, specify the desired settings based on the resource being added.

    5.

    INTERPRETING DATA ON APPLICATION USAGE BY THE PARTICIPANTS OF THE KASPERSKY SECURITY NETWORK
    Information about application usage by the participants of the Kaspersky Security Network (see page 175) will allow you to make an objective decision on which status should be assigned to an application running on your computer. To assess the maliciousness or safety of an application accurately based on KSN data, you should know the history of how this application appeared on your computer. Kaspersky Lab specialists distinguish the following possible sources of new applications: the user downloads a setup file from the Internet and then opens it; a setup file is automatically downloaded and opened when the user clicks a link on a web page; the user opens a setup file stored on a CD / DVD or copied to the hard disk from it;

    108

    ADVANCED

    APPLICATION SETTINGS

    the user opens a setup file stored on a USB drive or copied to the hard disk from it; the user opens a setup file received in a message via email, IM client, or social network. Statistics of application usage by the participants of the Kaspersky Security Network include the frequency of application usage and how long ago it was used. Below are the main categories of application usage: very rarely (less than 100 participants of KSN use this application) and recently (the file appeared a few days ago); rarely (less than 1,000 participants of KSN) and relatively long ago (a few months ago); most users restrict the activity of this application; frequently (more than 100,000 participants of KSN) and long ago (more than six months ago); most users trust this application; frequently (more than 100,000 participants of KSN) and recently (a few weeks ago); most users trust or restrict this application; very frequently (more than 100,000 participants of KSN) and recently; most users trust this application.

    NETWORK PROTECTION
    The various protection components, tools, and settings of Kaspersky Internet Security together ensure security and control of your network activities. The sections below contain detailed information about the principles of operation and configuration of the Firewall, Network Attack Blocker, Network Monitor, scanning of secure connections, proxy server settings, and monitoring of network ports.

    IN THIS SECTION:
    Firewall .......................................................................................................................................................................... 109 Network Attack Blocker ................................................................................................................................................. 113 Encrypted connections scan ......................................................................................................................................... 116 Network Monitor ............................................................................................................................................................ 118 Configuring the proxy server ......................................................................................................................................... 118 Creating a list of monitored ports .................................................................................................................................. 119

    FIREWALL
    The Firewall ensures the security of your work in local networks and on the Internet. This component filters the entire network activity according to the network rules of Application Control. A network rule is an action that the Firewall performs when it detects a connection attempt with a specified status. A status is assigned to each network connection and is defined by set parameters: data transfer direction and protocol, addresses and ports to which the connection is established.

    109

    USER GUIDE

    The Firewall analyzes the settings of the networks to which you connect your computer. If the application is running in the interactive mode, the Firewall, when first connected, asks you for the status of the connected network (see page 196). If interactive mode is disabled, the Firewall defines the status based on the network type, ranges of addresses and other specifications. If necessary, you can change the status (see page 110) of a network connection manually.

    IN THIS SECTION:
    Enabling and disabling the Firewall ............................................................................................................................... 110 Changing the network status ......................................................................................................................................... 110 Working with Firewall rules............................................................................................................................................ 110 Configuring notifications of changes in the network ...................................................................................................... 113 Advanced Firewall settings............................................................................................................................................ 113

    ENABLING AND DISABLING THE FIREWALL


    By default, the Firewall is enabled, running in a mode recommended by Kaspersky Lab specialists. If necessary, you can disable the Firewall. To disable the Firewall: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. In the right part of the window, uncheck the Enable Firewall box.

    CHANGING THE NETWORK STATUS


    The network connection status affects the set of rules used to filter network activity for that connection. You can change the network status, if necessary. To change the network connection status: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. In the right part of the window, in the Networks list, select a network connection and click the Edit button to open the network settings window. In the window that opens, select the desired status from the drop-down list on the Properties tab.

    4.

    WORKING WITH FIREWALL RULES


    The Firewall operates on the basis of two types of rules: Packet rules. These are used for posing restrictions on packets, regardless of the application. Typically, such rules restrict incoming network activity on specified TCP and UDP ports and filter ICMP messages. Application rules. These are used to set limits on the network activity of a particular application. Such rules allow fine-tuning of activity filtering, for example, when a certain type of network connection is prohibited for some applications but allowed for others.

    110

    ADVANCED

    APPLICATION SETTINGS

    Packet rules have higher priority than application rules. If both packet rules and application rules are applied to the same type of network activity, this network activity is processed using the packet rules. You can also set a priority for each rule (see page 112).

    CREATING A PACKET RULE


    Packet rules consist of a set of conditions and operations performed with regard to packets when these conditions are met. When creating packet rules, remember that they have priority over the rules for applications. To create a packet rule: 1. 2. 3. 4. 5. 6. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Packet rules tab, click the Add button. In the Network rule window that opens, specify the desired settings and click the OK button. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list.

    EDITING GROUP RULES


    Similarly to the Application Control (on page 101) component, by default the Firewall filters an application's network activity using the rules of the group in which this application has been placed. The network rules of a group define which access rights to various networks can be granted to the applications that have been included in the group. You can add new network rules for a group or edit the preset ones. To add a network rule for a group: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Application rules tab, select the desired group from the list and click the Edit button. In the Group rules window that opens, select the Network rules tab and click the Add button. In the Network rule window that opens, specify the desired settings and click the OK button. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list.

    5. 6. 7.

    To change a network rule for a group: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Application rules tab, select the desired group from the list and click the Edit button.

    111

    USER GUIDE

    5. 6.

    In the Group rules window that opens, select the Network rules tab. Right-click the Permission column to open the context menu for the desired rule and select a value: Allow, Block, or Prompt for action.

    EDITING APPLICATION RULES


    You can create network rules for individual applications. The network rules of an application have a higher priority than network rules of a group. To create a network rule of an application: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Application rules tab, select an application and click the Edit button to open the rules configuration window. In the Application rules window that opens, on the Network rules tab, open the window for creating a network rule for the application by clicking the Add button. In the Network rule window that opens, specify the desired settings and click the OK button. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list.

    5.

    6. 7.

    CHANGING A RULE'S PRIORITY


    The priority of a rule is defined by its position in the list. The first rule on the list has the highest priority. Each packet rule created manually is added to the end of the list of packet rules. Rules for applications are grouped by application name, and the rule priority applies to an individual group only. Rules for applications created manually have higher priority than inherited group rules. To change the priority of a packet rule: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Packet rules tab, select the rule and move it to the required place in the list by clicking the Move up or Move down buttons.

    To change the priority of an application rule or a group rule: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Application rules tab, select an application or group and open the rules configuration window by clicking the Edit button. In the window that opens, on the Network rules tab, select a rule and move it to the desired position in the list clicking the Move up or Move down buttons.

    5.

    112

    ADVANCED

    APPLICATION SETTINGS

    CONFIGURING NOTIFICATIONS OF CHANGES IN THE NETWORK


    Network connection settings can be changed during operation. You can receive notifications of modifications in the network connection settings. To configure notifications about changes to network connection settings: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. In the right part of the window, in the Networks section, select a network connection and open the network settings window by clicking the Edit button. In the window that opens, on the Additional tab, in the Notify section, check the boxes for events that you want to be notified of.

    4.

    ADVANCED FIREWALL SETTINGS


    You can adjust the following advanced settings of the Firewall: enable the active mode for FTP; block connections if they cannot be prompted for action (application interface is not loaded); keep running until the system is shut down. By default, all the settings are enabled. To adjust the advanced settings of the Firewall: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Protection Center section, select the Firewall component. Click the Settings button in the right part of the window. In the window that opens, on the Packet rules tab, open the advanced settings window by clicking the Additional button. In the Additional window that opens, check / uncheck the boxes next to the desired settings.

    5.

    NETWORK ATTACK BLOCKER


    The Network Attack Blocker scans inbound traffic for activity typical of network attacks. Once an attempt to attack your computer is detected, Kaspersky Internet Security blocks any network activity of the attacking computer towards your computer. By default, the block lasts for one hour. A warning will appear on the screen stating that an attempted network attack has taken place, with specific information about the computer which attacked yours. Descriptions of currently known network attacks (see section "Types of detected network attacks" on page 114) and methods to fight them are provided in Kaspersky Internet Security databases. The list of attacks which the Network Attack Blocker can detect is updated when the application's databases are updated (see section "Update" on page 72).

    113

    USER GUIDE

    IN THIS SECTION:
    Types of detected network attacks ................................................................................................................................ 114 Enabling and disabling Network Attack Blocker ............................................................................................................ 115 Editing the blockage settings......................................................................................................................................... 115

    TYPES OF DETECTED NETWORK ATTACKS


    Nowadays, a great number of network attacks exist. These attacks exploit the vulnerabilities of the operating system and other software, system-type or otherwise, installed on your computer. To ensure the security of your computer, you must know what kinds of network attacks you might encounter. Known network attacks can be divided into three major groups: Port scan this type of threat is not itself an attack, but it usually precedes one, since it is one of the common ways of obtaining information about a remote computer. The UDP / TCP ports used by the network tools on the computer targeted by an intruder are scanned to determine their status (closed or open). Port scans can tell a hacker what types of attacks work on that system and what types do not. In addition, the information obtained through the scan (a model of the system) helps the malefactor to know what operating system the remote computer uses. This, in turn, further restricts the number of potential attacks, and, correspondingly, the time spent perpetrating them. It also aids a hacker in attempting to use vulnerabilities characteristic of the operating system. DoS attacks, or Denial of Service attacks, are attacks which cause unstable performance of a system or its crash. Attacks of this type may make it impossible to use the information resources under attack (for example, it may not be possible to access the Internet). There are two basic types of DoS attacks: sending the target computer specially created packets that the computer does not expect which cause the system either to restart or to stop; sending the target computer many packets within a short timeframe such that the computer cannot process them, which causes system resources to be exhausted. Prime examples of this group of attacks are the following: The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64 KB. This attack can crash some operating systems. The Land attack consists of sending a request to an open port on the target computer to establish a connection with itself. This attack sends the computer into a cycle, which intensifies the load on the processor and can lead to the crashing of some operating systems. The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The computer attempts to reply to each inbound packet, which slows the processor to a crawl. The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a fake connection. The system reserves certain resources for each of those connections, which completely drains your system resources, and the computer stops reacting to other connection attempts. Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it is successful, the hacker takes total control of your system. Hackers use this type of attack to obtain confidential information from a remote computer (for example, credit card numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes later (e.g., to use the invaded system in a zombie network, or as a platform for new attacks).

    114

    ADVANCED

    APPLICATION SETTINGS

    This group includes the largest number of attacks. They may be divided into three groups depending on the operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and a common group for network services available in both operating systems. The following types of attacks are the most common among those which use the network resources of operating systems: Buffer overflow attacks. Buffer overflow may be caused by the absence (or insufficiency) of control when working with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit. Format string attacks. Format string errors arise from insufficient control of input values for I/O functions, such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this vulnerability, the hacker is able to send specially created queries and can take total control of the system. The Intrusion Detection System automatically analyzes and prevents attempts to exploit these vulnerabilities in the most common network services (FTP, POP3, IMAP) if they are running on the users computer. Attacks aimed at computers with Microsoft Windows are based on the use of the vulnerabilities of the software installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, and system components available via the network DCom, SMB, Wins, LSASS, IIS5). In addition, the use of various malicious scripts, including scripts processed by Microsoft Internet Explorer and Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type consists of sending a special type of UDP packet that can execute malicious code to a remote computer.

    ENABLING AND DISABLING NETWORK ATTACK BLOCKER


    By default, Network Attack Blocker is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Network Attack Blocker if necessary. To disable Network Attack Blocker: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component. In the right part of the window, uncheck the Enable Network Attack Blocker box.

    EDITING THE BLOCKAGE SETTINGS


    By default, Network Attack Blocker blocks the activity of an attacking computer for one hour. You can cancel blockage of the selected computer or change the blockage time. To modify the time for which an attacking computer will be blocked: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component. In the right part of the window, check the Add the attacking computer to the list of blocked computers for box and specify the blockage time.

    To unblock an attacking computer: 1. 2. 3. Open the main application window (see page 33). In the lower part of the window, select the Network Monitor section. In the Network Monitor window that opens, on the Blocked computers tab, select the blocked computer and click the Unblock button.

    115

    USER GUIDE

    ENCRYPTED CONNECTIONS SCAN


    Connecting using the SSL / TLS protocols protects the data exchange channel on the Internet. The SSL / TLS protocols allow you to identify the parties exchanging data using electronic certificates, encode the data being transferred, and ensure their integrity during the transfer. These features of the protocol are used by hackers to spread malicious programs, since most antivirus applications do not scan SSL / TLS traffic. Kaspersky Internet Security scans encrypted connections using a Kaspersky Lab certificate. If an invalid certificate is detected when connecting to the server (for example, if the certificate is replaced by an intruder), a notification will pop up containing a prompt to either accept or reject the certificate. If you are sure that connection with a website is always secure, in spite of an invalid certificate, you can add the website into the list of trusted URLs. Kaspersky Internet Security will no longer scan the encrypted connection with this website. You can use the Certificate Installation Wizard to install a certificate for scanning encrypted connections in semiinteractive mode in Microsoft Internet Explorer, Mozilla Firefox (if it is not launched) and Google Chrome, as well as to get instructions on installing Kaspersky Lab's certificate for Opera. To enable encrypted connections scanning and install Kaspersky Lab's certificate: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Network component. In the window that opens, check the Scan encrypted connections box. When you first enable this setting, the Certificate Installation Wizard starts automatically. If the wizard does not start, click the Install certificate button. This will start a Wizard with instructions to follow for successful installation of the Kaspersky Lab certificate.

    4.

    IN THIS SECTION:
    Scanning encrypted connections in Mozilla Firefox ....................................................................................................... 116 Scanning encrypted connections in Opera .................................................................................................................... 117

    SCANNING ENCRYPTED CONNECTIONS IN MOZILLA FIREFOX


    The Mozilla Firefox browser does not use Microsoft Windows certificate storage. To scan SSL connections when using Firefox, you should install the Kaspersky Lab certificate manually. You can use the Certificate Installation Wizard, if the browser is not launched. To install Kaspersky Lab's certificate: 1. 2. 3. 4. In the browser menu, select Tools Settings.

    In the window that opens, select the Additional section. In the Certificates section, select the Security tab and click the View Certificates button. In the window that opens, select the Authorities tab and click the Restore button.

    116

    ADVANCED

    APPLICATION SETTINGS

    5.

    In the window that opens, select the Kaspersky Lab certificate file. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate.cer. In the window that opens, check the boxes to select the actions that should be scanned with the certificate installed. To view information about the certificate, click the View button.

    6.

    To install Kaspersky Lab's certificate for Mozilla Firefox version 3.x manually: 1. 2. 3. 4. 5. In the browser menu, select Tools Settings.

    In the window that opens, select the Additional section. On the Encryption tab, click the View Certificates button. In the window that opens, select the Authorities tab and click the Import button. In the window that opens, select the Kaspersky Lab certificate file. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate.cer. In the window that opens, check the boxes to select the actions that should be scanned with the certificate installed. To view information about the certificate, click the View button.

    6.

    If your computer runs under Microsoft Windows Vista or Microsoft Windows 7, the path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer.

    SCANNING ENCRYPTED CONNECTIONS IN OPERA


    The Opera browser does not use Microsoft Windows certificate storage. To scan SSL connections when using Opera, you should install Kaspersky Lab's certificate manually. To install Kaspersky Lab's certificate: 1. 2. 3. 4. 5. In the browser menu, select Tools Settings.

    In the window that opens, select the Additional section. In the left part of the window, select the Security tab and click the Manage Certificates button. In the window that opens, select the Vendors tab and click the Import button. In the window that opens, select the Kaspersky Lab certificate file. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate.cer. In the window that opens, click the Install button. Kaspersky Lab's certificate will be installed. To view information about the certificate and select the actions for which the certificate will be used, select the certificate in the list and click the View button.

    6.

    To install Kaspersky Lab's certificate for Opera version 9.x: 1. 2. 3. 4. In the browser menu, select Tools Settings.

    In the window that opens, select the Additional section. In the left part of the window, select the Security tab and click the Manage Certificates button. In the window that opens, select the Authorities tab and click the Import button.

    117

    USER GUIDE

    5.

    In the window that opens, select the Kaspersky Lab certificate file. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate.cer. In the window that opens, click the Install button. Kaspersky Lab's certificate will be installed.

    6.

    If your computer runs under Microsoft Windows Vista or Microsoft Windows 7, the path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate.cer.

    NETWORK MONITOR
    Network Monitor is a tool used to view information about network activities in real time. To view information about network activity: 1. 2. Open the main application window (see page 33). In the lower part of the window, select the Network Monitor section. In the Network Monitor window that opens, the Network activity tab provides information about network activity. When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7, you can open Network Monitor using the Kaspersky Gadget. To do this, Kaspersky Gadget should be configured so that the option of opening the Network Monitor window is assigned to one of its buttons (see section "How to use the Kaspersky Gadget" on page 59). To open Network Monitor using the gadget, click the button with the Network Monitor icon in the Kaspersky Gadget interface.

    In the Network Monitor window that opens, the Network activity tab provides information about network activity.

    CONFIGURING THE PROXY SERVER


    If the computer's Internet connection is established via a proxy server, you may need to configure its connection settings. Kaspersky Internet Security uses these settings for certain protection components, as well as for updating the databases and application modules. If your network includes a proxy server using a non-standard port, you should add the port number to the list of monitored ports (see section "Creating a list of monitored ports" on page 119). To configure connection with a proxy server: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Network component. In the Proxy server section, click the Proxy server settings button. In the Proxy server settings window that opens, specify the required settings for connection to a proxy server.

    118

    ADVANCED

    APPLICATION SETTINGS

    CREATING A LIST OF MONITORED PORTS


    Such protection components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus (on page 88) monitor the data streams transferred via specific protocols and through certain open TCP ports on your computer. For example, Mail Anti-Virus scans information transferred via SMTP, while Web Anti-Virus scans information transferred via HTTP, HTTPS, and FTP. You can enable monitoring of all or just selected network ports. If you configure the product to monitor the selected ports, you can create a list of applications for which all ports will be monitored. We recommend that you expand this list by including applications that receive or transfer data via FTP. To add a port to the list of monitored ports: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Network subsection. In the Monitored ports section, select Monitor selected ports only and click the Select button. The Network ports window will open. 4. Click the Add link located under the list of ports in the top part of the window to open the Network port window, and enter the number and description of a port.

    To exclude a port from the list of monitored ports: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Network subsection. In the Monitored ports section, select Monitor selected ports only and click the Select button. The Network ports window will open. 4. In the list of ports in the top part of the window, uncheck the box next to the description of the port that should be excluded.

    To create a list of applications for which you wish to monitor all ports: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Network subsection. In the Monitored ports section, select Monitor selected ports only and click the Select button. The Network ports window will open. 4. Check the Monitor all ports for specified applications box, and in the list of applications below, check the boxes for the names of the applications for which all ports should be monitored. If the desired application is not in the list, add it as follows: a. Click the Add link under the list of applications to open a menu, and select an item: To specify the location of the executable file of an application, select Browse and specify the file's location on the computer. To select an application from the list of applications currently running, select Applications. In the Select application window that opens, select the required application. b. In the Application window, enter a description for the application selected.

    5.

    119

    USER GUIDE

    ANTI-SPAM
    Anti-Spam detects unsolicited email (spam) and processes it according to the rules of your email client. Anti-Spam is built into the following mail clients as a plug-in: Microsoft Office Outlook (on page 133); Microsoft Outlook Express (Windows Mail) (on page 133); The Bat! (on page 134); Thunderbird (on page 134). The lists of blocked and allowed senders allow to specify the addresses from which messages will be deemed useful mail or spam. Messages addressed not to you may be classified as spam (see page 129). Furthermore, Anti-Spam can check a message for the presence of allowed and blocked phrases, as well as for phrases from a list of obscene expressions. To enable efficient recognition of spam and useful mail by Anti-Spam, the component needs training (see section "Training Anti-Spam" on page 122). Anti-Spam uses a self-training algorithm that allows the component to better distinguish spam from useful mail with time. The source of data for the algorithm is the contents of the message. Anti-Spam's operation consists of two stages: 1. The application of strict filtering criteria to a message. These criteria quickly determine whether the message is spam. Anti-Spam assigns the message spam or not spam status, the scan is stopped, and the message is transferred to the mail client for processing (see algorithm steps 1 to 5 below). Analyzing email messages that have undergone filtering. Such messages cannot be unambiguously considered spam. Therefore, Anti-Spam calculates the probability of their being spam.

    2.

    The Anti-Spam algorithm consists of the following steps: 1. The message sender's address is checked for presence in the lists of allowed or blocked senders. If a sender's address is in the list of allowed senders, the message receives Not Spam status. If a sender's address is in the list of blocked senders, the message receives Spam status. 2. If a message was sent using Microsoft Exchange Server and scanning of such messages is disabled, the message is given Not Spam status. A message analysis is performed to check whether it contains strings from the list of allowed phrases. If at least one line from this list has been found, the message will be assigned Not Spam status. This step is skipped by default. Anti-Spam analyzes a message to check whether it contains strings from the list of blocked phrases or the list of obscene words. Whenever words from these lists are found in a message, their weighting coefficients are added together. If the sum of the coefficients exceeds 100, the message will receive Spam status. This step is skipped by default. If the message text contains an address included in the database of phishing or suspicious web addresses, the message receives Spam status. Email is analyzed using heuristic rules. If the analysis finds signs typical of spam in a message, the probability of it being spam increases.

    3.

    4.

    5.

    6.

    120

    ADVANCED

    APPLICATION SETTINGS

    7.

    Email is analyzed using GSG technology. In this kind of analysis, Anti-Spam analyzes images attached to the email message. If the analysis finds signs typical of spam in them, the probability of the message being spam increases. The application analyzes email attachments in .rtf format. It scans attached documents for signs of spam. Once the analysis is complete, Anti-Spam calculates the increase in the probability of the message being spam. By default, the use of this technology is disabled. It checks for the presence of additional features typical of spam. Each feature detected increases the probability that the message being scanned is spam.

    8.

    9.

    10. If Anti-Spam has been trained, the message will be scanned using iBayes technology. The self-training iBayes algorithm calculates the probability of a message being spam based on the frequency of phrases typical of spam found in the message text. The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy of Kaspersky Internet Security. Availability of this function depends on the application localization language. Message analysis determines the probability of its being spam expressed as the spam rate value. Spam or Probable spam status will be assigned to a message depending upon the specified threshold values of the spam rate (see section "Regulating threshold values of the spam rate" on page 130). By default the product adds the label [!! SPAM] or [?? Probable Spam] to the Subject field of spam and probable spam messages (see section "Adding a label to the message subject" on page 132). Then each message will be processed in accordance with the rules you have defined for email clients (see section "Configuring spam processing by mail clients" on page 132).

    IN THIS SECTION:
    Enabling and disabling Anti-Spam ................................................................................................................................ 121 Changing and restoring the spam protection level ........................................................................................................ 122 Training Anti-Spam ....................................................................................................................................................... 122 Checking URLs in email messages ............................................................................................................................... 125 Detecting spam by phrases and addresses. Creating lists ............................................................................................ 125 Regulating threshold values of the spam rate ............................................................................................................... 130 Using additional features affecting the spam rate ......................................................................................................... 131 Selecting a spam recognition algorithm......................................................................................................................... 131 Adding a label to the message subject .......................................................................................................................... 132 Scanning messages from Microsoft Exchange Server .................................................................................................. 132 Configuring spam processing by mail clients ................................................................................................................ 132

    ENABLING AND DISABLING ANTI-SPAM


    By default, Anti-Spam is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable AntiSpam, if necessary. To disable Anti-Spam: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. In the right part of the window, uncheck the Enable Anti-Spam box.

    121

    USER GUIDE

    CHANGING AND RESTORING THE SPAM PROTECTION LEVEL


    Depending on how often you receive spam, you can select one of the preset spam protection levels or configure AntiSpam on your own. The levels of anti-spam protection correspond to the following security levels configured by the experts at Kaspersky Lab: High. This security level should be used if you receive spam frequently, for example, when using free mail services. When you select this level, the frequency of false positives rises; that is, useful mail is more often recognized as spam. Recommended. This security level should be used in most cases. Low. This security level should be used if you rarely receive spam, for example, if you are working in a protected corporate email environment. When this level is selected, spam and potential spam messages are less frequently recognized. When configuring Anti-Spam, you can always restore the recommended values. These settings are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To change the spam protection level set: 1. 2. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. In the right part of the window, in the Security level section, set the desired security level, or click the Settings button to modify the settings manually. If you modify the settings manually, the name of the security level will change to Custom. To restore the default Anti-Spam settings: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Default level button in the Security level section in the right part of the window.

    TRAINING ANTI-SPAM
    One of the most powerful spam detection tools is the self-training iBayes algorithm. The application uses the algorithm to decide which status should be assigned to a message based on the phrases it contains. Prior to beginning work, sample strings of useful and spam mail should be submitted to the iBayes algorithm, i.e., it should be trained. The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy of Kaspersky Internet Security. Availability of this function depends on the application localization language. There are several approaches to training Anti-Spam: Training Anti-Spam using outgoing messages. Training is performed while working with messages in the mail client using special buttons and menu items. Training when working with Anti-Spam reports.

    122

    ADVANCED

    APPLICATION SETTINGS

    IN THIS SECTION:
    Training on outgoing messages .................................................................................................................................... 123 Training on the interface of a mail client ........................................................................................................................ 123 Adding an address to the list of allowed senders .......................................................................................................... 124 Training with reports ...................................................................................................................................................... 124

    TRAINING ON OUTGOING MESSAGES


    You can train Anti-Spam using a sample of 50 outgoing emails. Once training is enabled, Anti-Spam will analyze every message you send, using it as a sample of useful mail. Training will complete after you send the 50th message. To enable Anti-Spam training using outgoing emails: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Additional tab in the Outgoing messages section, check the Train using outgoing email messages box.

    While training using outgoing mail is in progress, the addresses of mail recipients are automatically added to the list of allowed senders. You can disable this feature (see section "Adding an address to the list of allowed senders" on page 124).

    TRAINING ON THE INTERFACE OF A MAIL CLIENT


    You can train Anti-Spam while handling email, using buttons on the taskbar and the menu of your email client. The buttons and menu items for Anti-Spam training only appear in the interfaces of mail client software after installation of Kaspersky Internet Security. To train Anti-Spam using the email client interface: 1. 2. 3. Start the email client. Select a message with which you wish to train Anti-Spam. Do the following depending upon your email client: click the Spam or Not Spam button in the Microsoft Office Outlook toolbar; click the Spam or Not Spam button in the Microsoft Outlook Express toolbar (Windows Mail); use the special Mark as Spam and Mark as Not Spam items in the Special menu of The Bat! email client; use the Spam / Not Spam button in the Mozilla Thunderbird toolbar.

    123

    USER GUIDE

    After selecting an action from the list above, Anti-Spam conducts training using the selected message. If you select several messages, all of them are used for training. If a message is marked as useful mail, the address of its sender will be added to the list of allowed senders automatically. You can disable this feature (see section "Adding an address to the list of allowed senders" on page 124).

    ADDING AN ADDRESS TO THE LIST OF ALLOWED SENDERS


    When Anti-Spam is trained, the addresses of useful mail senders are automatically added to the list of allowed senders (see section "Blocked and allowed senders" on page 128). The application also adds the addresses of outgoing mail recipients to that list if training with outgoing mail is used. You can disable that function to prevent the automatic addition of allowed senders to the list in the course of training. To disable adding the address to the list of allowed senders: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Exact methods tab in the Consider message as not spam section, check the If it is from an allowed sender box and click the Select button. The Allowed senders window opens. 5. Uncheck the Add allowed senders' addresses when training Anti-Spam box.

    TRAINING WITH REPORTS


    There is the option to train Anti-Spam using its reports displaying information about messages recognized as probable spam. Essentially, the training means assigning the Spam or Not Spam labels to messages, as well as adding senders of those messages to the lists of allowed or blocked senders (see section "Blocked and allowed senders" on page 128). Messages are not marked with the spam and not spam tags if the function of self-training text analysis algorithm iBayes is enabled in Kaspersky Internet Security. Availability of this function depends on the application localization language. To train Anti-Spam using a report: 1. 2. 3. Open the main application window. In the top part of the window, click the Reports button. In the Reports window that opens, click the Detailed report button. The Detailed report window opens. 4. 5. Select the Anti-Spam section in the left part of the window. Use the records in the Object column in the right part of the window to select the messages you wish to use for Anti-Spam training. For each such message, right-click to open the context menu and select one of the menu commands corresponding to the operation which should be performed on the message: Mark as Spam. Mark as Not Spam.

    124

    ADVANCED

    APPLICATION SETTINGS

    Add to the list of allowed senders. Add to the list of blocked senders.

    CHECKING URLS IN EMAIL MESSAGES


    Anti-Spam can check the URLs in mail messages to identify the ones included in the lists of suspicious web addresses or phishing web addresses. These lists are included in the product package of Kaspersky Internet Security. If you participate in Kaspersky Security Network (on page 174), Kaspersky Internet Security also accesses Kaspersky Security Network when checking URLs. If a phishing or suspicious link is detected in a message, or if phishing elements are detected in the message body, this message is identified as spam. To check URLs in email messages, you can also use the heuristic analysis. To enable URL checks using the databases of suspicious and phishing addresses: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Exact methods tab in the Consider message as spam section, check the If it contains URLs from the database of suspicious URLs and If it contains phishing elements boxes.

    To enable heuristic analysis: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. 5. On the Exact methods tab, in the Consider message as spam section, click the Additional button. In the Anti-Phishing settings window that opens, check the Use Heuristic Analysis to check mail for phishing box and set a scan detail level using the slider.

    DETECTING SPAM BY PHRASES AND ADDRESSES. CREATING LISTS


    You can create lists of allowed, blocked and obscene key phrases, as well as lists of allowed and blocked sender addresses and a list of your addresses. If these lists are used, Anti-Spam analyzes every message to check whether it contains the phrases added to the lists, and it checks whether the addresses of the mail sender and recipients match the records in the address lists. Once a sought phrase or address is found, Anti-Spam identifies the message as useful mail or spam, depending upon which list contains the phrase or address. The following mail will be recognized as spam: messages containing blocked or obscene phrases with total weighting coefficient exceeding 100; messages sent from a blocked address or not addressed to you directly.

    125

    USER GUIDE

    The following messages will be recognized as useful mail: messages containing allowed phrases; messages sent from an allowed address.

    IN THIS SECTION:
    Using masks for phrases and addresses ...................................................................................................................... 126 Blocked and allowed phrases........................................................................................................................................ 127 Obscene words ............................................................................................................................................................. 127 Blocked and allowed senders........................................................................................................................................ 128 Your addresses ............................................................................................................................................................. 129 Exporting and importing lists of phrases and addresses ............................................................................................... 129

    USING MASKS FOR PHRASES AND ADDRESSES


    You can use phrase masks in the lists of allowed, blocked and obscene phrases. The lists of allowed and blocked addresses and the list of trusted addresses support address masks. A mask is a template string against which a phrase or an address is compared. Certain symbols in a mask are used to represent others: * replaces any sequence of characters, while ? replaces any single character. If a mask uses such wildcards, it can match several phrases or addresses (see examples). If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be preceded by the \ character to ensure that Anti-Spam recognizes it correctly. Thus, instead of the * character you should use the \* combination in masks; the ? character should be represented as \? (e.g., What's the time\?). Sample phrase masks: Welcome to our *! this mask covers any message containing a phrase that starts with the words "Welcome to our", continues with any text, and ends with the ! character. We offer this mask covers any message containing a phrase that starts with the words "We offer" and continues with any text. Examples of address masks: admin@test.com this mask only matches the address admin@test.com. admin@* the mask matches the sender address with the admin name, for example, admin@test.com, admin@example.org. *@test* this mask matches the address of any message sender from a domain beginning with test, for example: admin@test.com, info@test.org. info.*@test.??? this mask corresponds to the address of any sender whose name begins with info. and whose mail domain name begins with test. and ends with any three characters, for example: info.product@test.com, info.company@test.org, but not info.product@test.ru.

    126

    ADVANCED

    APPLICATION SETTINGS

    BLOCKED AND ALLOWED PHRASES


    You can add expressions which you typically observe in spam to the list of blocked phrases and define the weighting coefficient for each phrase. The weighting coefficient allows you to specify how typical a certain phrase is of spam messages: the larger the value, the higher the probability that mail containing such a phrase is spam. The weighting coefficient of a phrase can range from 0 to 100. If the total of the weighting coefficients of all phrases found in a message exceeds 100, the message will be identified as spam. Key expressions typical of useful mail can be added to the list of allowed phrases. Once Anti-Spam finds such a phrase in a message, it will be identified as useful mail (not spam). You can add both entire phrases and their masks to the list of blocked and allowed expressions (see section "Using masks for phrases and addresses" on page 126). To create a list of blocked or allowed phrases: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. Use the Exact methods tab to perform the following steps: If you need to create a list of blocked phrases, in the Consider message as spam section, check the If it contains blocked phrases box and click the Select button to the right. The Blocked phrases window will open. If you need to create a list of allowed phrases, in the Consider message as not spam section, check the If it contains allowed phrases box and click the Select button to the right. The Allowed phrases window will open. 5. 6. Click the Add link to open the Blocked phrase window (or the Allowed phrase window). Enter the complete phrase or phrase mask, specify the weighting coefficient for a blocked phrase, and then click OK.

    You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.

    OBSCENE WORDS
    Kaspersky Lab experts have compiled the list of obscene words included in the distribution package of Kaspersky Internet Security. The list contains obscene words that indicate with a high probability that the message is spam if present. You can supplement the list by adding complete phrases and their masks to it (see section "Using masks for phrases and addresses" on page 126). If Parental Control (see page 143) is enabled for the user and a password (see page 63) for editing the Parental Control settings is set, the user will have to enter the password to view the list of obscene phrases. To edit the list of obscene phrases: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window.

    127

    USER GUIDE

    The Anti-Spam window will be displayed. 4. On the Exact methods tab, in the Consider message as spam section, check the If it contains blocked phrases box and click the Select button. The Blocked phrases window will open. 5. 6. Check the Also block obscene words box and click the obscene words link to open the Agreement dialog. Read the agreement and, if you agree to the terms and conditions described in the window, check the box in the bottom part of the window and click the OK button. The Explicit language window will open. 7. 8. Click the Add link to open the Blocked phrase window. Enter the complete phrase or its mask, specify the phrase weighting coefficient and click OK.

    You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.

    BLOCKED AND ALLOWED SENDERS


    You can add addresses, mail from which Anti-Spam will identify as spam to the list of blocked senders. Sender addresses from which you expect no spam are stored in the list of allowed senders. This list is created automatically during Anti-Spam training (see section "Adding an address to the list of allowed senders" on page 124). You can also supplement the list manually. You can add complete addresses or address masks to the lists of allowed or blocked senders (see section "Using masks for phrases and addresses" on page 126). To create a list of blocked or allowed senders: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. Use the Exact methods tab to perform the following steps: If you need to create a list of blocked senders, in the Consider message as spam section, check the If it is from a blocked sender box and click the Select button to the right. The Blocked senders window will open. If you need to create a list of allowed senders, in the Consider message as not spam section, check the If it is from an allowed sender box and click the Select button to the right. The Allowed senders window opens. 5. 6. Click the Add link to open the Email address mask window. Enter an address mask and click the OK button.

    You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.

    128

    ADVANCED

    APPLICATION SETTINGS

    YOUR ADDRESSES
    You can create a list of your mail addresses to make Anti-Spam label as spam any mail that is not addressed to you directly. To create the list of your email addresses: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Exact methods tab, check the If it is not addressed to me box and click the My addresses button. The My addresses window opens. 5. 6. Click the Add link to open the Email address mask window. Enter an address mask and click the OK button.

    You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.

    EXPORTING AND IMPORTING LISTS OF PHRASES AND ADDRESSES


    Once you have created the lists of phrases and addresses, you can reuse them, for example, transfer the addresses to a similar list on another computer running Kaspersky Internet Security. To do this: 1. 2. Perform the export procedure copy records from the list into a file. Move the file you have saved to another computer (for example, send it by email or use a removable data medium). Perform the import procedure add the records from the file to the list of the same type on another computer.

    3.

    When exporting the list, you can copy either a selected list element only, or the entire list. When importing the list, you can add the new elements to the existing list, or replace the existing list with the one being imported. Addresses in the list of allowed senders can be imported from Microsoft Office Outlook / Microsoft Outlook Express (Windows Mail) address books. To export records from a list: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Exact methods tab, check the box in the line containing the name of the list from which the records should be exported and click the corresponding button to the right. In the displayed list window, check the records which should be included in the file. Click the Export link.

    5. 6.

    129

    USER GUIDE

    This opens a window that prompts you to export the highlighted items only. In this window, take one of the following actions: click the Yes button if you need to include only selected records in the file; click the No button if you need to include the entire list in the file. 7. Specify a type and name for the file in the displayed window and confirm saving.

    To import records from a file to a list: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Exact methods tab, check the box in the line containing the name of the list to which the records should be imported and click the button to the right. Click the Import link in the list window. If you are importing a list of allowed senders, the application will display a menu in which you should select the Import from file item. For other list types, selection from the menu is not required. If the list is not empty, a window opens prompting you to add items to be imported. In this window, take one of the following actions: click the Yes button if you want to add records from the file to the list; click the No button if you want to replace the existing records with the list from the file. 6. In the window that opens, select the file with the list of records that you want to import.

    5.

    To import a list of allowed senders from an address book: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Exact methods tab in the Consider message as not spam section, check the If it is from an allowed sender box and click the Select button. The Allowed senders window opens. 5. 6. Click the Import link, open the source selection menu, and select Import from the Address Book. Use the window that opens to select the desired address book.

    REGULATING THRESHOLD VALUES OF THE SPAM RATE


    Spam recognition is based on cutting-edge filtering methods, which allow you to train (see section "Training Anti-Spam" on page 122) Anti-Spam to distinguish spam, probable spam and useful email. In doing so, each individual element of good emails or spam is assigned a factor.

    130

    ADVANCED

    APPLICATION SETTINGS

    When an email message comes in your inbox, Anti-Spam checks it for spam and useful mail. The component sums up the ratings of each spam (useful mail) item and calculates the resulting spam rate. The larger the spam rate, the higher the probability that such mail contains spam. A message is recognized by default as useful mail if its spam rate does not exceed 60. If the spam rate is higher than 60, such a message is considered to be potential spam. If the value exceeds 90, the message is considered spam. You can modify the threshold values for the spam rate. To change the spam rate thresholds, perform the following steps: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Expert methods tab, use the Spam rate section to configure the spam rate values using the corresponding sliders or entry fields.

    USING ADDITIONAL FEATURES AFFECTING THE SPAM RATE


    The result of spam rate calculation can be affected by additional message characteristics, for example, the absence of a recipient's address in the "To" field or a very long message subject (over 250 characters). When present in a message, such signs increase the probability of its being spam. Consequently, the spam rate will increase. You can select which additional characteristics will be taken into account during message analysis. To use additional characteristics which increase the spam rate: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. 5. On the Expert methods tab, click the Additional button. In the Additional window which opens, check the boxes next to the characteristics which should be taken into account during message analysis and which increase the spam rate.

    SELECTING A SPAM RECOGNITION ALGORITHM


    Anti-Spam analyzes email messages using spam recognition algorithms. To enable the use of a spam recognition algorithm when analyzing email messages: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Expert methods tab, in the Recognition algorithms section, check the appropriate boxes.

    131

    USER GUIDE

    ADDING A LABEL TO THE MESSAGE SUBJECT


    Anti-Spam can add appropriate labels to the Subject field of the message which has been deemed spam or potential spam after analysis: [!! SPAM] for messages identified as spam; [?? Probable Spam] for messages identified as potential spam. When present in message subject, such labels can help you distinguish spam and probable spam visually while viewing the mail lists. To configure adding of a label to messages' subjects: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. Use the Additional tab to select the checkboxes next to the labels which should be added to message subjects in the Actions section. If necessary, edit the label text.

    SCANNING MESSAGES FROM MICROSOFT EXCHANGE SERVER


    By default, the Anti-Spam component does not scan Microsoft Exchange Server messages. You can enable scan of email messages exchanged within an internal network (for example, corporate email). Messages are considered to be internal mail if Microsoft Office Outlook is used on all network computers, and if all user mailboxes are located on the same Exchange server or on linked servers. To enable scan of messages in Microsoft Exchange Server: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Spam component. Click the Settings button in the right part of the window. The Anti-Spam window will be displayed. 4. On the Additional tab in the Exclusions section, uncheck the Do not check Microsoft Exchange Server native messages box.

    CONFIGURING SPAM PROCESSING BY MAIL CLIENTS


    If after scanning it is determined that an email is spam or probable spam, the further actions of Anti-Spam depend on the status of the message and the action selected. By default, email messages considered spam or probable spam are modified: in the Subject field of the message, the label [!! SPAM] or [?? Probable Spam], respectively, is added (see section "Adding a label to the message subject" on page 132). You can select additional actions to be taken with spam or probable spam. To do so, special plug-ins are provided in the Microsoft Office Outlook and Microsoft Outlook Express (Windows Mail) clients. You can configure mail filtering rules for The Bat! and Thunderbird email clients.

    132

    ADVANCED

    APPLICATION SETTINGS

    IN THIS SECTION:
    Microsoft Office Outlook ................................................................................................................................................ 133 Microsoft Outlook Express (Windows Mail) ................................................................................................................... 133 Creating a rule for handling spam reports ..................................................................................................................... 133 The Bat!......................................................................................................................................................................... 134 Thunderbird ................................................................................................................................................................... 134

    MICROSOFT OFFICE OUTLOOK


    By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] or [?? Probable Spam] in the Subject field. If additional processing of mail after Anti-Spam scans it is required, you can configure Microsoft Office Outlook as necessary. The spam processing settings window automatically opens the first time you run Microsoft Outlook after installing Kaspersky Internet Security. The spam and probable spam processing settings for Microsoft Outlook are displayed on the special Anti-Spam tab of the Tools Options menu item.

    MICROSOFT OUTLOOK EXPRESS (WINDOWS MAIL)


    By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] or [?? Probable Spam] in the Subject field. If additional processing of mail after Anti-Spam scans it is required, you can configure Microsoft Outlook Express (Windows Mail) as necessary. The spam processing settings window opens the first time you run your client after installing the application. You can also open it by clicking the Settings button in the email client toolbar next to the Spam and Not Spam buttons.

    CREATING A RULE FOR HANDLING SPAM REPORTS


    Below are the instructions for creating a rule for handling spam reports using Anti-Spam in Microsoft Office Outlook. You can use the guidelines to create custom rules. To create a spam processing rule: 1. Run Microsoft Office Outlook and use the Tools Rules and Alerts command in the main application menu. The method used to access the wizard depends upon your version of Microsoft Office Outlook. This Help file describes how to create a rule using Microsoft Office Outlook 2003. In the Rules and Alerts window that opens, on the Email Rules tab, click the New Rule button. As a result, the Rules Wizard is launched. The Rules Wizard includes the following steps: a. You should decide whether you want to create a rule from scratch or use a template. Select the Start from a blank rule option and select the Check messages when they arrive scan condition. Click the Next button. In the message filtering condition configuration window click the Next button without checking any boxes. Confirm in the dialog box that you want to apply this rule to all emails received. In the window for selecting actions with regard to messages, check the perform a custom action box in the action list. In the lower part of the window, click the custom action link. Select Kaspersky Anti-Spam from the drop-down list in the window that opens and click the OK button.

    2.

    b.

    c.

    133

    USER GUIDE

    d. e.

    Click the Next button in the exceptions from the rules window without checking any boxes. In the final window, you can change the rule's name (the default name is Kaspersky Anti-Spam). Make sure that the Turn on this rule box is checked, and click the Finish button.

    3.

    The default position for the new rule is first on the rule list in the Rules and Alerts window. If you like, move this rule to the end of the list so it is applied to the email last. All incoming emails are processed using these rules. The order in which rules are applied depends upon the priority specified for each rule. Rules are applied starting at the beginning of the list; the priority of each following rule is lower than that of the preceding one. You can increase or decrease rule priority by moving a rule up or down in the list. If you do not want the Anti-Spam rule to further process emails after a rule is applied, you must check the Stop processing more rules box in the rule settings (see Step 3 of the rule creation window).

    THE BAT!
    Actions with regard to spam and probable spam in The Bat! are defined by the client's own tools. To modify spam processing rules in The Bat!: 1. 2. In the Properties menu of the mail client, select the Settings item. Select the Spam protection object from the settings tree.

    Displayed settings of anti-spam protection apply to all installed Anti-Spam modules that support integration with The Bat!. You need to define the rating level and specify how messages with a certain rating should be handled (in the case of Anti-Spam the probability of a message being spam): delete messages with ratings that exceed the specified value; move email messages with a given rating to a special spam folder; move spam marked with special headers to the spam folder; leave spam in the Inbox folder. After processing an email, Kaspersky Internet Security assigns a spam or probable spam status to the message based on a rating with an adjustable value. The Bat! has its own email rating algorithm for spam, also based on a spam rate. To prevent discrepancies between spam rates in Kaspersky Internet Security and The Bat!, all messages checked in AntiSpam are assigned the rating corresponding to the message status: Not Spam email 0%, Probable spam 50%, Spam 100%. Thus, the email rating in The Bat! corresponds to the rating of the relevant status and not to the spam rate assigned in Anti-Spam. For more details on the spam rate and processing rules, see the documentation for The Bat! mail client.

    THUNDERBIRD
    By default, email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] or [?? Probable Spam] in the Subject field. If additional processing of mail is required after Anti-Spam scans it, you can configure Thunderbird by opening its configuration window from the Tools Message Filters menu (for more details about using the mail client, see Mozilla Thunderbird Help). Thunderbird's Anti-Spam plug-in module allows training based on messages received and sent using this email client application and checking your email correspondence for spam on the server. The plug-in module is integrated into Thunderbird and forwards messages to the Anti-Spam component for scanning when commands from the Tools Run Junk Mail Controls on Folder menu are executed. Thus, Kaspersky Internet Security checks messages instead of Thunderbird. This does not alter the functionality of Thunderbird.

    134

    ADVANCED

    APPLICATION SETTINGS

    The Anti-Spam plug-in module status is displayed as an icon in the Thunderbird status line. A gray icon informs you that there is a problem in the plug-in's operation or that the Anti-Spam component is disabled. Double-click the icon to open the settings of Kaspersky Internet Security. To modify the Anti-Spam settings, click the Settings button in the Anti-Spam section.

    ANTI-BANNER
    Anti-Banner is designed to block banners on web pages you open and in the interface of specified applications. Adverts on banners may distract you from your activities, while banner downloads increase the amount of inbound traffic. Before a banner is displayed on a web page or in an application's window, it must be downloaded from the Internet. AntiBanner scans the address from which the banner is downloaded. If the address matches a mask from the list included with the Kaspersky Internet Security package or from the list of blocked banners addresses you have compiled on your own, Anti-Banner blocks the banner. To block banners with address masks not found in the abovementioned lists, the heuristic analyzer is used. In addition, you can create a list of allowed addresses to determine which banners should be allowed for display.

    IN THIS SECTION:
    Enabling and disabling Anti-Banner .............................................................................................................................. 135 Selecting a scan method ............................................................................................................................................... 135 Creating lists of blocked and allowed banner addresses............................................................................................... 136 Exporting and importing lists of addresses .................................................................................................................... 136

    ENABLING AND DISABLING ANTI-BANNER


    Immediately after Kaspersky Internet Security installation, the Anti-Banner component is disabled; it does not block banners. To activate banner blocking, you must enable Anti-Banner. To display all banners, disable Anti-Banner. To display some of banners, add their respective addresses to the list of allowed banner addresses (see section "Creating lists of blocked and allowed banner addresses" on page 136). To enable Anti-Banner: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Banner component. In the right part of the window, check the Enable Anti-Banner box.

    SELECTING A SCAN METHOD


    You can specify which methods should be used by Anti-Banner to scan addresses from which banners may be downloaded. In addition to these methods, Anti-Banner checks banner addresses for matches to the masks from the lists of allowed and blocked addresses, if those are in use. To select methods of address scanning for Anti-Banner: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Banner component. In the right part of the window, in the Scan methods group, check the boxes next to the names of the methods that should be used.

    135

    USER GUIDE

    CREATING LISTS OF BLOCKED AND ALLOWED BANNER ADDRESSES


    You can use lists of blocked and allowed banner addresses to specify, from which addresses banners are allowed to load and display, and from which ones they are not. Create a list of blocked address masks to let Anti-Banner block download and display of banners from the addresses that correspond to those masks. Create a list of allowed address masks to let Anti-Banner download and display banners from the addresses that correspond to those masks. If you use Microsoft Internet Explorer, Mozilla Firefox, or Google Chrome, you can add masks to the list of blocked addresses directly from the browser window. To add a mask to the list of blocked (allowed) addresses: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Banner component. In the right part of the window, in the Additional section, check the Use the list of blocked URLs box (or the Use the list of allowed URLs box) and click the Settings button located under the box. The Blocked URLs (or Allowed URLs) window opens. 4. Click the Add button. The Address mask (URL) window will open. 5. Enter a banner address mask and click the OK button.

    You do not have to delete a mask to stop using it; unchecking the box next to the mask will be sufficient. To add a mask to the list of blocked addresses from the browser window, right-click the image in the browser window to open a context menu, and select Add to Anti-Banner.

    EXPORTING AND IMPORTING LISTS OF ADDRESSES


    Lists of allowed and blocked banner addresses can be used repeatedly (for example, you can export banner addresses to a similar list on another computer with Kaspersky Internet Security installed on it). To do this: 1. 2. Perform the export procedure copy records from the list into a file. Move the file you have saved to another computer (for example, send it by email or use a removable data medium). Perform the import procedure add the records from the file to the list of the same type on another computer.

    3.

    When exporting the list, you can copy either a selected list element only, or the entire list. When importing the list, you can add the new elements to the existing list, or replace the existing list with the one being imported. To export banner addresses from the list of allowed or blocked URLs, perform the following steps: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Banner component. In the right part of the window, in the Additional section, click the Settings button located in the line with the name of the list from which you need to copy addresses into a file.

    136

    ADVANCED

    APPLICATION SETTINGS

    4.

    In the Allowed URLs (or Blocked URLs) window that opens, check the boxes next to the addresses that you need to include in the file. Click the Export button. This opens a window that prompts you to export the highlighted items only. In this window, take one of the following actions: click the Yes button if you need to include only selected addresses in the file; click the No button if you need to include the entire list in the file.

    5.

    6.

    In the window that opens, enter a name for the file you want to save and confirm saving.

    To import banner addresses from a file to the list of allowed or blocked URLs: 1. 2. 3. Open the application settings window. In the left part of the window, in the Protection Center section, select the Anti-Banner component. In the right part of the window, in the Additional section, click the Settings button located in the line with the name of the list to which you need to add addresses from a file. In the Allowed URLs window that opens (or the Blocked URLs window), click the Import button. If the list is not empty, a window opens prompting you to add items to be imported. In this window, take one of the following actions: click the Yes button if you want to add records from the file to the list; click the No button if you want to replace the existing records with the list from the file. 5. In the window that opens, select the file with the list of records that you want to import.

    4.

    SAFE RUN FOR APPLICATIONS AND SAFE RUN FOR WEBSITES


    Kaspersky Internet Security can perform potentially dangerous actions in isolation from the main operating system. Kaspersky Internet Security provides the following features for this purpose: run separate application in Safe Run on the main desktop (see page 52); use Safe Run for Applications (see page 138); use Safe Run for Websites (see page 141). Isolation from the main operating system provides additional security for your computer because real operating system files are not modified. Suspicious files detected while you work in the safe environment are quarantined in the normal mode. When files are recovered from Quarantine, they are restored to the original folder. If the original folder cannot be found, Kaspersky Internet Security prompts you to specify a location to restore the object in the environment (normal or safe) in which the restoration procedure was started. Safe Run and Safe Run for Websites are not available on computers running under Microsoft Windows XP x64. The functionality of certain applications launched on computers running Microsoft Windows Vista x64 and Microsoft Windows 7 x64 is limited when operating in the safe environment. If such applications are started, a message to that

    137

    USER GUIDE

    effect is displayed on screen if you have enabled notifications (see page 172) of the Application functionality is limited in safe mode event. In addition, Safe Run for Applications is completely inaccessible.

    IN THIS SECTION:
    About Safe Run ............................................................................................................................................................. 138 About Safe Run for Websites ........................................................................................................................................ 141 Using a shared folder .................................................................................................................................................... 143

    ABOUT SAFE RUN


    Safe Run is a secure environment isolated from the main operating system and designed for running applications whose safety raises doubts. In Safe Run, real operating system files do not undergo changes. So even if you run an infected application in Safe Run, all of its actions will be limited to the virtual environment without affecting the operating system.

    IN THIS SECTION:
    Launching and closing applications in Safe Run ........................................................................................................... 138 Automatic launch of applications in Safe Run ............................................................................................................... 139 Switching between the main desktop and Safe Run for Applications ............................................................................ 139 Using the pop-up toolbar in Safe Run ........................................................................................................................... 140 Clearing Safe Run ......................................................................................................................................................... 140 Creating a shortcut for Safe Run on the desktop .......................................................................................................... 141

    LAUNCHING AND CLOSING APPLICATIONS IN SAFE RUN


    You can activate Safe Run for Applications using one of the following methods: from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" on page 33); from the Kaspersky Internet Security context menu (see section "Context menu" on page 32); using a button in the Kaspersky Gadget interface if the option of running Safe Run for Applications is assigned to a button (see section "How to use the Kaspersky Gadget" on page 59); using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141). You can close Safe Run for Applications using one of the following methods: using the operation system's Start menu; from the pop-up toolbar (see section "Using the pop-up toolbar" on page 140); using the key combination CTRL+ALT+SHIFT+K.

    138

    ADVANCED

    APPLICATION SETTINGS

    To start Safe Run for Applications from the main Kaspersky Internet Security window: 1. 2. 3. Open the main application window. In the bottom part of the window, select the Safe Run for Applications section. In the window that opens, click the Go to Safe Run for Applications button.

    To activate Safe Run for Applications from the context menu of Kaspersky Internet Security, right-click to open the Kaspersky Internet Security context menu in the taskbar notification area and select Safe Run for Applications. To start Safe Run for Applications from the Kaspersky Gadget, click the button with the Safe Run icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). To close Safe Run from the Start menu, in the Start menu of the operating system, select Safe Run for Applications shutdown. To close Safe Run from the pop-up toolbar: 1. 2. 3. Roll over the top part of the screen with the mouse pointer. In the pop-up toolbar, click the button.

    In the action selection window that opens, select Disable.

    AUTOMATIC LAUNCH OF APPLICATIONS IN SAFE RUN


    You can create a list of applications that will run automatically when you start the Safe Run. An autorun list can only be created in Safe Run. To generate an autorun list for Safe Run: 1. 2. 3. In the Start menu of the operating system, select Programs Right-click to open the context menu and select Open. Copy applications icons to be launched at startup of Safe Run for Applications into the opened folder. Autorun Safe Run for Applications.

    SWITCHING BETWEEN THE MAIN DESKTOP AND SAFE RUN FOR APPLICATIONS
    You can switch to the main desktop without closing Safe Run and then switch back. You can use the following methods to switch between the main desktop and Safe Run: from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" on page 33); from the Kaspersky Internet Security context menu (see section "Context menu" on page 32); from the pop-up toolbar (see section "Using the pop-up toolbar in Safe Run" on page 140) (available in Safe Run only); using the gadget.

    139

    USER GUIDE

    To switch to the main desktop from the main window of Kaspersky Internet Security: 1. 2. 3. Open the main application window. In the bottom part of the window, select the Safe Run for Applications section. In the window that opens, click the Main desktop button.

    To switch to the main desktop from the context menu of Kaspersky Internet Security, right-click to open the context menu for the Kaspersky Internet Security icon in the notification area and select Return to the main desktop. To switch to the main desktop from the pop-up toolbar: 1. 2. Roll over the top part of the screen with the mouse pointer. In the pop-up toolbar, click the button.

    USING THE POP-UP TOOLBAR IN SAFE RUN


    You can use the pop-up toolbar in Safe Run to perform the following actions: close Safe Run (see section "Launching and closing applications in Safe Run" on page 138); switch to the main desktop (see section "Switching between the main desktop and Safe Run for Applications" on page 139). To display the pop-up toolbar in Safe Run, roll over the top part of the screen with the mouse pointer. To fix the pop-up toolbar: 1. 2. Roll over the top part of the screen with the mouse pointer. In the pop-up toolbar, click the button.

    CLEARING SAFE RUN


    During the clearing process, Kaspersky Internet Security deletes data that was saved in Safe Run and restores settings that were modified. Clearing is carried out from the Kaspersky Internet Security main window on the main desktop and only if Safe Run has been closed. Prior to clearing, make sure that all data that may be needed for further work have been saved in the Safe Run shared folder. Otherwise, the data will be deleted irretrievably. To clear Safe Run data: 1. 2. Open the main application window. In the bottom part of the window, select the Safe Run for Applications section.

    3. 4.

    In the window that opens, click the

    button.

    In the menu that opens, select the Clear Safe Run for Applications item.

    140

    ADVANCED

    APPLICATION SETTINGS

    CREATING A SHORTCUT FOR SAFE RUN ON THE DESKTOP


    If you want to start Safe Run quickly, you can create a shortcut on the desktop. To create a desktop shortcut for Safe Run: 1. 2. Open the main application window. In the bottom part of the window, select the Safe Run for Applications section.

    3. 4.

    In the window that opens, click the

    button.

    In the window that opens, select the Create desktop shortcut item.

    ABOUT SAFE RUN FOR WEBSITES


    Safe Run for Websites is designed for accessing online banking systems and other websites processing confidential data. You can enable access control for online banking services (see section "Controlling access to online banking services" on page 94) to determine banking websites automatically, and also start Safe Run for Websites manually (see section "Protection of confidential data entered on websites" on page 51). In Safe Run for Websites, no input data or modifications (for example, saved cookies, website logs) are stored in the operating system, which means they cannot be exploited by hackers. A browser running in Safe Run for Websites mode is marked with a green frame around the application window.

    IN THIS SECTION:
    Selecting the browser for Safe Run for Websites .......................................................................................................... 141 Clearing Safe Run for Websites .................................................................................................................................... 142 Creating a desktop shortcut for Safe Run for Websites ................................................................................................ 142

    SELECTING THE BROWSER FOR SAFE RUN FOR WEBSITES


    The default browser is used for Safe Run for Websites. You can select a different browser installed on your computer. Kaspersky Internet Security allows the use of the following browsers: Microsoft Internet Explorer versions 6, 7, 8, 9; Mozilla Firefox versions 3.x, 4.x; Google Chrome versions 7.x, 8.x. To select the browser for Safe Run for Websites: 1. 2. Open the main application window. In the lower part of the window, select the Safe Run for Websites section.

    141

    USER GUIDE

    3. 4. 5. 6. 7.

    In the window that opens, click the

    button.

    In the menu that opens, select the Settings item. The Safe Run for Websites settings window opens. In the Select browser for Safe Run for Websites list in the window that opens, select the required browser. Click the Save button.

    CLEARING SAFE RUN FOR WEBSITES


    By default, in Safe Run for Websites Kaspersky Internet Security saves changes to browser settings and data entered on websites. To protect data, it is recommended that you clear Safe Run for Websites on a regular basis. During the clearing process, Kaspersky Internet Security deletes data that was saved in Safe Run for Websites and restores settings that were modified. Prior to clearing, make sure that all data that may be needed for further work has been saved in the Safe Run shared folder. Otherwise, the data will be deleted irretrievably. Instead of clearing Safe Run for Websites manually, you can enable automatic clearing. In this case, Kaspersky Internet Security performs clearing automatically when Safe Run for Websites is closed, and manual clearing is not available. To clear Safe Run for Websites data manually: 1. 2. Open the main application window. In the lower part of the window, select the Safe Run for Websites section.

    3. 4.

    In the window that opens, click the

    button.

    In the menu that opens, select the Clear Safe Run for Websites item.

    To enable automatic clearing of Safe Run for Websites: 1. 2. Open the main application window. In the lower part of the window, select the Safe Run for Websites section.

    3. 4. 5. 6.

    In the window that opens, click the

    button.

    In the menu that opens, select the Settings item. The Safe Run for Websites settings window opens. In the Additional settings section in the window that opens, select the option Enable the automatic clearing of data. Click the Save button.

    7.

    CREATING A DESKTOP SHORTCUT FOR SAFE RUN FOR WEBSITES


    If you want to start Safe Run for Websites quickly, you can create a shortcut on the desktop.

    142

    ADVANCED

    APPLICATION SETTINGS

    To create a desktop shortcut for Safe Run for Websites: 1. 2. Open the main application window. In the lower part of the window, select the Safe Run for Websites section.

    3. 4.

    In the window that opens, click the

    button.

    In the window that opens, select the Create desktop shortcut item.

    USING A SHARED FOLDER


    The shared folder is designed to share files between the main operating system, Safe Run for Applications and Safe Run for Websites. All files saved in this folder when working in Safe Run for Applications and Safe Run for Websites are available from the standard desktop. The shared folder is created when the application is being installed. The location of the shared folder may vary depending on the operating system: for Microsoft Windows XP C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SandboxShared; for Microsoft Windows Vista and Microsoft Windows 7 C:\ProgramData\Kaspersky Lab\SandboxShared. The location of the shared folder cannot be changed. The shared folder can be opened in two ways: from the main application window (see section "The Kaspersky Internet Security main window" on page 33); using the shortcut marked with the icon. Depending on the application settings specified by developers, the shortcut may be located in the My Computer section or the My Documents section of Microsoft Windows Explorer. To open the shared folder from the Kaspersky Internet Security main window: 1. 2. 3. Open the main application window. In the lower part of the window, select the Safe Run for Applications or Safe Run for Websites section. In the window that opens, click the Open shared folder button.

    PARENTAL CONTROL
    Parental Control allows the monitoring of actions users take on the computer and online. This control provides the option of restricting access to Internet resources and applications, as well as viewing reports of users' activities. Nowadays, an ever-increasing number of children and teenagers are obtaining access to computers and web resources. This means problems for security, since activity and communication on the Internet may entail a whole range of threats. These are the most frequent ones: access to websites that could waste time (chat rooms, games) or money (e-stores, auctions); access to websites targeted at an adult audience, such as those displaying pornography, extremism, firearms, drug abuse, and explicit violence;

    143

    USER GUIDE

    downloading of files infected with malware; excessive time spent using the computer, which may result in deterioration of health; contact with unfamiliar people who may pretend to be peers to obtain personal information from the user, such as real name, physical address, time of day when nobody is home. Parental Control allows you to reduce risks posed by the computer and the Internet. To do this, the following module functions are used: limiting the time for computer and Internet use; creating lists of allowed and blocked applications, as well as temporarily limiting the number of startups for allowed applications; creating lists of allowed and blocked websites and selection of categories of websites with content not recommended for viewing; enabling a safe search mode through search engines (links to websites with dubious content are not displayed in the search results); restricting file downloads from the Internet; creating lists of contacts which are allowed or blocked for communication via IM clients and social networks; viewing message logs from IM clients and social networks; blocking sending of certain personal data; searching for specified key words in message logs. All these restrictions can be enabled independently from each other, which allows you to flexibly configure Parental Control for various users. For each account, you can view reports of events in the categories to be controlled that the component has logged over a specified period. To configure and view Parental Control reports, you must enter your username and password. If you have not yet created a password for Kaspersky Internet Security (see section "Restricting access to Kaspersky Internet Security" on page 63), you will be prompted to do so when Parental Control starts for the first time.

    IN THIS SECTION:
    Configuring a user's Parental Control............................................................................................................................ 144 Viewing reports of a user's activity ................................................................................................................................ 153

    CONFIGURING A USER'S PARENTAL CONTROL


    You can enable and configure Parental Control for each account on your computer separately by imposing different limits on different users, for instance, depending on age. You can also disable Parental Control for users whose activity needs no control.

    144

    ADVANCED

    APPLICATION SETTINGS

    IN THIS SECTION:
    Enabling and disabling user control .............................................................................................................................. 145 Exporting and importing Parental Control settings ........................................................................................................ 146 Displaying an account in Kaspersky Internet Security ................................................................................................... 147 Time for computer use .................................................................................................................................................. 148 Time for Internet use ..................................................................................................................................................... 148 Applications Usage ....................................................................................................................................................... 148 Viewing websites ........................................................................................................................................................... 149 Downloading files from the Internet ............................................................................................................................... 150 Communicating via IM clients ........................................................................................................................................ 150 Communicating via social networks .............................................................................................................................. 151 Sending confidential information ................................................................................................................................... 152 Searching for key words ................................................................................................................................................ 153

    ENABLING AND DISABLING USER CONTROL


    You can enable and disable Parental Control individually for each account. For example, there is no need to control the activity of an adult user with the administrator account; Parental Control for this user can be disabled. For other users whose activity should be controlled, the Parental Control should be enabled and configured, for example, by loading the standard configuration from a template. Parental Control can be enabled or disabled in the following ways: from the main application window (see page 33); from the Parental Control settings window; from the application settings window (see page 36); from the context menu of the application icon (see page 32). Parental Control can be enabled / disabled from the context menu only for the current user account. To enable Parental Control for an account from the main window: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Enable button.

    To enable Parental Control for an account from the Parental Control window: 1. 2. Open the main application window. In the lower part of the window, select the Parental Control section.

    145

    USER GUIDE

    3.

    In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open.

    4. 5.

    Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window, check the Enable control for the user box if you want to enable Parental Control for the account. Click the Apply button to save the changes you have made.

    6.

    To enable Parental Control for an account from the application settings window: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Parental Control component. In the right part of the window, select the user for whom you want to enable Parental Control. Above the list of users, click the Control button.

    To enable Parental Control for the current account from the context menu, select Enable Parental Control in the context menu of the application icon.

    EXPORTING AND IMPORTING PARENTAL CONTROL SETTINGS


    If you have configured Parental Control for a certain account, you can save the settings to a file ( export). You can subsequently load the settings from that file to configure them quickly ( import). Furthermore, you can apply the control settings defined for another account or a configuration template (predefined set of rules for different types of users depending upon their age, experience and other characteristics). After a certain configuration is applied to an account, you can modify the values of the settings. That will not affect the values in the source file from which these settings have been imported. To save the Parental Control settings to a file: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window in the Manage Settings section, click the Save button and save the settings file.

    To load the control settings from a file: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Enable button. The Parental Control window will open. 4. Open the Settings tab and select the User Account Settings section in the left part of the window.

    146

    ADVANCED

    APPLICATION SETTINGS

    5. 6.

    In the right part of the window in the Manage Settings section, click the Load button. Use the Load Parental Control settings window that opens to select the Configuration file option and specify the file location.

    To apply the settings of another account: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Enable button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window in the Manage Settings section, click the Load button. Select the Another user option In the Load Parental Control settings window that opens and specify the account whose settings should be used.

    To use a configuration template: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Enable button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window in the Manage Settings section, click the Load button. Select the Template option in the Load Parental Control settings window that opens and specify the template that contains the necessary settings.

    DISPLAYING AN ACCOUNT IN KASPERSKY INTERNET SECURITY


    You can select an alias and an image with which your account will be displayed in Kaspersky Internet Security. To specify an alias and an image for an account: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. 7. Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window, specify the user's alias in the Alias field. Select an image for the user account in the Image section. Click the Apply button to save the changes you have made.

    147

    USER GUIDE

    TIME FOR COMPUTER USE


    You can set up a schedule for a user's access to the computer (specifying days of the week and time of day) and limit the total time for computer use per 24 hours. To restrict the amount of time spent on the computer: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. 7. Open the Settings tab and select the Computer Usage section in the left part of the window. In the right part of the window, check the Enable control box. Impose time limits on computer use. Click the Apply button to save the changes you have made.

    TIME FOR INTERNET USE


    You can restrict the time a user spends on the Internet. To do this, you can set up a schedule for Internet use (specifying days of the week and time of day when access should be granted or denied) and limit the total time for Internet in a 24 hour period. To restrict the amount of time spent on the Internet: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. 7. Open the Settings tab and select the Internet Usage section in the left part of the window. In the right part of the window, check the Enable control box. Impose time limits on Internet use. Click the Apply button to save the changes you have made.

    APPLICATIONS USAGE
    You can allow or block the running of specified programs and impose time limits on startup. To restrict running of applications: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open.

    148

    ADVANCED

    APPLICATION SETTINGS

    4. 5. 6. 7.

    Open the Settings tab and select the Applications Usage section in the left part of the window. In the right part of the window, check the Enable control box. Create lists of allowed and blocked applications and set a schedule for the use of allowed applications. Click the Apply button to save the changes you have made.

    VIEWING WEBSITES
    You can impose restrictions on access to specified websites depending on their content. To do this, you can select categories of websites to be blocked and create a list of exclusions, if necessary. You can also enable the safe search mode, which is applied when the user is working with search engines. Some search engines are designed to protect users against unsolicited content of web resources. To do this, when indexing websites, key words and phrases, resources' addresses and categories are analyzed. When the safe search mode is enabled, search results do not include websites belonging to unwanted categories, such as pornography, drug abuse, violence, and other materials not recommended for underage audiences. Parental Control allows enabling of the safe search mode simultaneously for the following search engines: Google; Bing. To place restrictions on visited websites: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the Web Browsing section in the left part of the window. In the right part of the window, check the Enable control box. In the Block websites section, select the access mode for websites: If you want to block access to certain categories of websites, select the option Block websites from the following categories and check the boxes for all the categories of websites that you want to block access to. If you need to allow access to certain websites that come under a blocked category, click the Exclusions button, add the URLs to the list of exclusions, and assign them the Allowed status. If you want to generate a list of websites to which access is allowed and block access to all other websites, select the option Block access to all websites except websites allowed in the list of exclusions , click the Exclusions button, add the URLs to the list of exclusions, and assign them the Allowed status. If you want to block access to certain websites, click the Exclusions button, add the URLs to the list of exclusions, and assign them the Blocked status. 7. 8. Check the Enable safe search box to enable safe search mode. Click the Apply button to save the changes you have made.

    149

    USER GUIDE

    DOWNLOADING FILES FROM THE INTERNET


    You can specify the types of files that a user can download from the Internet. To restrict downloading of files from the Internet: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. 7. Open the Settings tab and select the File Downloads section in the left part of the window. In the right part of the window, check the Enable control box. Select the file categories that should be allowed for downloading. Click the Apply button to save the changes you have made.

    COMMUNICATING VIA IM CLIENTS


    Controlling communication via instant messaging programs (IM clients) consists of controlling contacts allowed for communication, blocking banned contacts, and monitoring messaging logs. You can create lists of allowed and blocked contacts, specify key words that should be checked for in messages, and specify personal information whose transmission is to be blocked. If communication with a contact is blocked, all messages addressed to this contact or received from it will be filtered out. Information about blocked messages and key words encountered in them is displayed in a report. The report also includes messaging logs for each contact. The following restrictions are imposed on communication monitoring: If an IM client was launched before Parental Control was enabled, communication monitoring will not start until the IM client is restarted. When using an HTTP proxy, communication is not monitored. The current version of Parental Control monitors communication via the following IM clients: ICQ; QIP; Windows Live Messenger (MSN); Yahoo Messenger; GoogleTalk; mIRC; Mail.Ru Agent; Psi; Miranda;

    150

    ADVANCED

    APPLICATION SETTINGS

    Digsby; Pidgin; Qnext; SIM; Trilian; Xchat; Instantbird; RnQ; MSN; Jabber. Some IM clients, such as Yahoo! Messenger and Google Talk, use encrypted connections. To scan the traffic generated by those programs, you have to enable encrypted connections scanning (see page 116). To restrict messaging via IM clients: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the Instant Messaging section in the left part of the window. In the right part of the window, check the Enable control box. Create a list of allowed and blocked contacts: a. b. 7. In the Contacts list, click the Add contact button. In the New contact window that opens, select a contact from the list or enter one manually.

    If you want to allow communication only with contacts in the list that have the Allowed status, click the Block messaging with contacts not from the list box. Click the Apply button to save the changes you have made.

    8.

    COMMUNICATING VIA SOCIAL NETWORKS


    Controlling communication via social networks consists of controlling contacts allowed for communication, blocking banned contacts, and monitoring messaging logs. You can create lists of allowed and blocked contacts, specify key words that should be checked for in messages, and specify personal information whose transmission is to be blocked. If communication with a contact is blocked, all messages addressed to this contact or received from it will be filtered out. Information about blocked messages and key words encountered in them is displayed in a report. The report also includes messaging logs for each contact.

    151

    USER GUIDE

    Some social networks, such as Twitter, use encrypted connections. To scan the traffic generated by those networks, you have to enable encrypted connections scanning (see page 116). To restrict messaging via social networks: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the Social Networking section in the left part of the window. In the right part of the window, check the Enable control box. Create a list of allowed and blocked contacts: A list cannot be generated if Kaspersky Internet Security has not yet gathered sufficient data on social network usage. a. b. 7. In the Contacts list, click the Add contact button. In the New contact window that opens, select a contact from the list or enter one manually.

    If you want to allow communication only with contacts in the list that have the Allowed status, click the Block messaging with contacts not from the list box. Click the Apply button to save the changes you have made.

    8.

    SENDING CONFIDENTIAL INFORMATION


    You can block sending of data that contains confidential information via IM clients, social networks, and when sending data to websites. To do this, you should create a list of records that contain confidential data, such as physical address and phone number. Attempts to send listed data are blocked, and information about blocked messages is displayed in a report. To ban the sending of confidential information: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the Private Data section in the left part of the window. In the right part of the window, check the Enable control box. Create a list of private data that should not be sent: a. b. 7. In the Private Data list, click the Add button. In the Private Data window that opens, enter the information that you want to prevent from being sent.

    Click the Apply button to save the changes you have made.

    152

    ADVANCED

    APPLICATION SETTINGS

    SEARCHING FOR KEY WORDS


    You can check a user's messages for specified words and word combinations in communications via IM clients and social networks and when sending data to websites. If listed key words are detected in the messages, this is displayed in a report. If you have disabled control of messaging via IM clients, social networks, or control of websites being visited, key words are not searched for. To monitor specified key words in messages and data being sent: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. 6. Open the Settings tab and select the Word Usage section in the left part of the window. In the right part of the window, check the Enable control box. Generate a list of key words to be monitored in messages and data that is sent: a. b. 7. In the Key words list, click the Add button. In the Key word window that opens, enter the words or phrases that are to be monitored.

    Click the Apply button to save the changes you have made.

    VIEWING REPORTS OF A USER'S ACTIVITY


    You can access reports on the activity of each user account under Parental Control, reviewing individually each category of controlled events. To view a report on the activity of a controlled user account: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. Select the Reports tab. Use the left part of the window that opens to select the category of supervised operations or content, for example, Internet Usage or Private Data. A report of actions and content being supervised will be displayed in the right part of the window.

    153

    USER GUIDE

    TRUSTED ZONE
    The Trusted zone is a list of objects which should not be monitored by the application. In other words, it is a set of exclusions from the scope of Kaspersky Internet Security protection. The Trusted zone is created based on the list of trusted applications (see section "Creating a list of trusted applications" on page 154) and exclusion rules (see section "Creating exclusion rules" on page 155), depending on the features of the objects you work with and applications installed on the computer. Including objects in the trusted zone may be required if, for example, Kaspersky Internet Security blocks access to an object or application, even though you are certain that this object / application is absolutely harmless. For example, if you think objects used by Microsoft Windows Notepad are harmless and require no scanning, that is, you trust this application, add Notepad to the list of trusted applications to exclude scanning of objects used by this process. Some actions classified as dangerous may be safe in the framework of certain applications. For instance, applications that automatically toggle keyboard layouts, such as Punto Switcher, regularly intercept text being entered on your keyboard. To take into account the specifics of such applications and disable the monitoring of their activity, you are advised to add them to the list of trusted applications. When an application is added into the list of trusted ones, its file and network activities (including suspicious ones) become uncontrolled. So do its attempts to access the system registry. At the same time, the executable file and the trusted application's process are scanned for viruses as they were before. To completely exclude an application from a scan, you should use exclusion rules. Excluding trusted applications from scanning avoids problems related to the application's compatibility with other programs (e.g. the problems of double scanning of network traffic on a third-party computer by Kaspersky Internet Security and by another anti-virus application), and also increases the computer's performance rate, which is critical when using server applications. In its turn, exclusion rules for the trusted zone ensure the option of working with legal applications that may be exploited by intruders to do harm to the user's computer or data. These applications have no malicious features, but they may be used as auxiliary components of a malicious program. This category includes remote administration applications, IRC clients, FTP servers, various utility tools for halting or concealing processes, keyloggers, password hacking programs, dialers, and others. Such applications may be blocked by Kaspersky Internet Security. To avoid blockage, you can configure exclusion rules. An Exclusion rule is a set of conditions which determine that an object should not be scanned by Kaspersky Internet Security. In any other case, the object is scanned by all protection components according to their respective protection settings. Exclusion rules for the trusted zone may be used by several application components, such as File Anti-Virus (see section "File Anti-Virus" on page 77), Mail Anti-Virus (see section "Mail Anti-Virus" on page 83), Web Anti-Virus (see section "Web Anti-Virus" on page 88)), or when running virus scan tasks.

    IN THIS SECTION:
    Creating a list of trusted applications ............................................................................................................................ 154 Creating exclusion rules ................................................................................................................................................ 155

    CREATING A LIST OF TRUSTED APPLICATIONS


    By default, Kaspersky Internet Security scans objects being opened, run, or saved by any program process and monitors the activity of all applications and the network traffic they create. When you add an application to the list of trusted ones, Kaspersky Internet Security excludes it from scanning.

    154

    ADVANCED

    APPLICATION SETTINGS

    To add an application to the trusted list: 1. 2. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions subsection. In the Exclusions section, click the Settings button. In the window that opens, on the Trusted applications tab, open the application selection menu by clicking the Add button. In the menu that opens, select an application from the Applications list, or select Browse to specify the path to the executable files of the desired application. In the Exclusions for applications window that opens, check the boxes for the types of application activity that should be excluded from scanning.

    3. 4.

    5.

    6.

    CREATING EXCLUSION RULES


    If you use applications recognized by Kaspersky Internet Security as legal ones that may be used by intruders to do harm to the user's computer or data, we recommend that you configure exclusion rules for them. To create an exclusion rule: 1. 2. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions subsection. In the Exclusions section, click the Settings button. In the window that opens, on the Exclusion rules tab, click the Add button. In the Exclusion rule window that opens, edit the exclusion rule settings.

    3. 4. 5.

    PERFORMANCE AND COMPATIBILITY WITH OTHER


    APPLICATIONS
    The performance of Kaspersky Internet Security is defined as the range of threats it can detect, as well as its consumption of energy and computer resources. Kaspersky Internet Security allows you to select various categories of threats (see section "Selecting detectable threat categories" on page 156) that the application should detect. Energy consumption is of great importance for portable computers. Scanning a computer for viruses and updating the Kaspersky Internet Security databases often require significant amounts of resources. The special laptop mode of Kaspersky Internet Security (see section "Battery saving" on page 156) allows you to automatically postpone scheduled scan and update tasks when using batteries, thus saving battery charge, while Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to run resource-intensive tasks when your computer is not in use. Consumption of the computer's resources by Kaspersky Internet Security may impact other applications' performance. To solve problems of simultaneous operations which increase the load on the CPU and disk subsystems, Kaspersky Internet Security may pause scan tasks and concede resources to other applications (see section "Distributing computer resources when scanning for viruses" on page 157) running on your computer. In the Gaming Profile (see page 158) mode, the application automatically disables displaying notifications of Kaspersky Internet Security's activity when starting other applications in full-screen mode.

    155

    USER GUIDE

    In case of an active infection in the system, the advanced disinfection procedure requires restarting your computer, which may also impact other applications' performance. If necessary, you can disable the advanced disinfection technology (see page 156) to avoid an unwanted restart of your computer.

    IN THIS SECTION:
    Selecting detectable threat categories .......................................................................................................................... 156 Battery saving ............................................................................................................................................................... 156 Advanced Disinfection ................................................................................................................................................... 156 Distributing computer resources when scanning for viruses ......................................................................................... 157 Running tasks in background mode .............................................................................................................................. 157 Full-screen mode. Gaming Profile ................................................................................................................................. 158

    SELECTING DETECTABLE THREAT CATEGORIES


    Threats detected by Kaspersky Internet Security are divided into categories based on various attributes. The application always searches for viruses, Trojan programs, and malicious utility tools. These programs can do significant harm to your computer. To ensure a more reliable protection to your computer, you can extend the list of detected threats by enabling control of actions performed by legal applications that may be exploited by an intruder to do harm to the user's computer and data. To select detectable threat categories: 1. 2. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Threats and Exclusions subsection. In the right part of the window, click the Settings button located under the Detection of the following threat types is enabled list. In the Threats window that opens, check the boxes for the categories of threats that should be detected.

    3.

    4.

    BATTERY SAVING
    To save power on a portable computer, virus scanning and scheduled update tasks can be postponed. If necessary, you can update Kaspersky Internet Security or start a virus scan manually. To enable the power conservation mode when working from a battery: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Battery Saving subsection. In the right part of the window, check the Disable scheduled scans while running on battery power box.

    ADVANCED DISINFECTION
    Today's malicious programs can invade the lowest levels of an operating system, which makes them practically impossible to delete. If a malicious activity is detected within the system, Kaspersky Internet Security offers you to apply the Advanced Disinfection technology, which eliminates the threat and removes it from the computer.

    156

    ADVANCED

    APPLICATION SETTINGS

    When the advanced disinfection procedure is complete, the application restarts the computer. After restarting your computer, you are advised to run the full virus scan (see section "How to perform a full scan of your computer for viruses" on page 48). To enable Kaspersky Internet Security to apply the Advanced Disinfection technology: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Compatibility subsection. Check the Enable Advanced Disinfection technology box.

    DISTRIBUTING COMPUTER RESOURCES WHEN SCANNING


    FOR VIRUSES
    Executing scan tasks increases the load on the CPU and disk subsystems, thus slowing down other applications. By default, if such a situation arises, Kaspersky Internet Security pauses virus scan tasks and releases system resources for the user's applications. However, there are a number of applications which start immediately when CPU resources become available and run in the background. For the scan not to depend on the performance of those applications, system resources should not be conceded to them. For Kaspersky Internet Security to postpone scan tasks when they slow down other applications: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Compatibility subsection. Check the Concede resources to other applications box.

    RUNNING TASKS IN BACKGROUND MODE


    To optimize the load on the computer's resources, Kaspersky Internet Security performs regular scanning for rootkits in background mode and running of resource-intensive tasks when the computer is idle. Regular scanning for rootkits is run while you work at the computer. The scan takes 5 minutes at the most and involves a minimal share of the computer resources. When the computer is idle, the following tasks can be run: automatic update of anti-virus databases and program modules; scanning of system memory, startup objects, and system partition. Idle Scan tasks are run if the computer has been blocked by the user or if the screensaver is displayed on the screen for at least 5 minutes. If your computer is battery-powered, no tasks are run when the computer is idle. After tasks are run in background mode, their progress is displayed in the Task Manager (see section "Managing scan tasks. Task Manager" on page 72).

    157

    USER GUIDE

    IN THIS SECTION:
    Searching for rootkits in background mode ................................................................................................................... 158 Idle Scan ....................................................................................................................................................................... 158

    SEARCHING FOR ROOTKITS IN BACKGROUND MODE


    By default, Kaspersky Internet Security performs regular rootkit scan. If necessary, you can disable rootkit scan. To disable regular rootkit scan: 1. 2. 3. Open the application settings window. In the left part of the window, in the Scan section, select the General Settings subsection. In the right part of the window, uncheck the Perform regular rootkit scan box.

    IDLE SCAN
    The first stage of Idle Scan is checking whether the databases and application modules are up-to-date. If an update is required after scanning, an automatic update task starts. At the second stage, the application verifies the date and status of the last run of Idle Scan. If Idle Scan has not been run at all, or was run more than 7 days ago, or was interrupted, then the application runs the scan task for the system memory, startup objects, and system registry. Idle Scan is performed using a deep level of heuristic analysis, which increases the probability of threat detection. When the user returns to his or her work, the Idle Scan task is automatically interrupted. Note that the application remembers the stage at which the task was interrupted to resume the scan from this stage later. If running Idle Scan tasks was interrupted while downloading an update package, the update will start from the beginning next time. To disable Idle Scan mode: 1. 2. 3. Open the application settings window. In the left part of the window, in the Scan section, select the General Settings subsection. In the right part of the window, uncheck the Perform Idle Scan box.

    FULL-SCREEN MODE. GAMING PROFILE


    Certain programs (especially computer games) running in full-screen mode are only marginally compatible with some features of Kaspersky Internet Security: for example, pop-up notifications are undesirable in that mode. Quite often those applications require significant system resources, meaning that running certain Kaspersky Internet Security tasks may slow down their performance. To avoid manually disabling notifications and pausing tasks every time you launch full-screen applications, Kaspersky Internet Security provides the option of temporarily changing the settings using the gaming profile. When the gaming profile is active, switching to full-screen mode automatically changes the settings of all product components to ensure optimal system functioning in that mode. Upon exit from the full-screen mode, product settings return to the initial values used before entering the full-screen mode.

    158

    ADVANCED

    APPLICATION SETTINGS

    To enable the gaming profile: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Gaming Profile subsection. Check the Use Gaming Profile box and specify the necessary gaming profile settings in the Profile options section below.

    KASPERSKY INTERNET SECURITY SELF-DEFENSE


    Because Kaspersky Internet Security ensures your computer's protection against malware, malicious programs penetrating your computer attempt to block Kaspersky Internet Security or delete the application from your computer. Stable performance of your computer defense is ensured by self-defense features and protection against external control implemented in Kaspersky Internet Security. Kaspersky Internet Security self-defense prevents the modification and deletion of its own files on the hard disk, processes in the memory, and entries in the system registry. Protection against external control allows you to block all attempts to remotely control application services. On computers running under 64-bit operating systems and Microsoft Windows Vista, Kaspersky Internet Security selfdefense is only available for preventing the application's own files on local drives and system registry records from being modified or deleted.

    IN THIS SECTION:
    Enabling and disabling self-defense.............................................................................................................................. 159 Protection against external control ................................................................................................................................ 159

    ENABLING AND DISABLING SELF-DEFENSE


    By default, Kaspersky Internet Security self-defense is enabled. You can disable self-defense, if necessary. To disable Kaspersky Internet Security self-defense: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Self-Defense subsection. In the right part of the window, uncheck the Enable Self-Defense box.

    PROTECTION AGAINST EXTERNAL CONTROL


    By default, protection against external control is enabled. You can disable protection, if necessary. When using remote administration applications (such as RemoteAdmin) you will need to add such applications to the Trusted Applications list (see section "Trusted zone" on page 154) when External Service Control is enabled and enable the Do not monitor application activity setting for them.

    159

    USER GUIDE

    To disable protection against external control: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Self-Defense subsection. In the External control section, uncheck the Disable external service control box.

    QUARANTINE AND BACKUP


    Quarantine is a special area storing files probably infected with viruses and files that cannot be disinfected at the time when they are detected. A potentially infected file can be detected and quarantined in the course of a virus scan or by File Anti-Virus, Mail AntiVirus or Proactive Defense. Files are quarantined in the following cases: File code resembles a known but partially modified threat or has a malware-like structure, but is not registered in the database. In this case, the file is moved to Quarantine after heuristic analysis performed by File Anti-Virus and Mail Anti-Virus, or during an anti-virus scan. Heuristic analysis rarely causes false alarms. The sequence of operations performed by an object looks suspicious. In this case, the file is moved to Quarantine after its behavior is analyzed by the Proactive Defense component. Files in Quarantine pose no threat. With the course of time, information about new threats and ways of neutralizing them appears, which may cause Kaspersky Internet Security to disinfect a file stored in Quarantine. Backup storage is designed for storing backup copies of files that have been deleted or modified during the disinfection process.

    IN THIS SECTION:
    Storing files in Quarantine and Backup ......................................................................................................................... 160 Working with quarantined files ...................................................................................................................................... 161 Working with objects in Backup ..................................................................................................................................... 162 Scanning files in Quarantine after an update ................................................................................................................ 163

    STORING FILES IN QUARANTINE AND BACKUP


    The default maximum storage duration for objects is 30 days. After that the objects will be deleted. You can cancel the time restriction or change the maximum object storage duration. In addition, you can specify the maximum size of Quarantine and Backup. If the maximum size value is reached, the content of Quarantine and Backup is replaced with new objects. By default, the maximum size restriction is disabled. To modify the object maximum storage time: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. In the right part of the window, in the Storing Quarantine and Backup objects section, check the Store objects no longer than box and specify the maximum storage duration for quarantined objects.

    160

    ADVANCED

    APPLICATION SETTINGS

    To configure the maximum Quarantine and Backup size: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. In the right part of the window, in the Storing Quarantine and Backup objects section, check the Maximum size box and specify the maximum Quarantine and Backup size.

    WORKING WITH QUARANTINED FILES


    The Kaspersky Internet Security quarantine lets you perform the following operations: quarantine files that you suspect are infected; scan files in Quarantine using the current version of Kaspersky Internet Security databases; restore files in original folders, from which they have been moved to Quarantine; delete selected files from Quarantine; send files from Quarantine to Kaspersky Lab for research. You can use the following methods to move a file to Quarantine: using the Move to Quarantine button in the Quarantine window; using the context menu for the file. To move a file to Quarantine from the Quarantine window: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Quarantine tab click the Move to Quarantine button. In the window that opens, select the file that you want to move to Quarantine.

    To move a file to Quarantine using the context menu: 1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to Quarantine. Right-click to open the context menu of the file and select Move to Quarantine.

    2.

    To scan a quarantined file: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Quarantine tab, select a file that you need to scan. Click the Scan button.

    161

    USER GUIDE

    To restore a quarantined object: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Quarantine tab, select a file that you need to restore. Click the Restore button.

    To delete a quarantined object: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Quarantine tab, select a file that you need to delete. Right-click the file to open its context menu and select Delete.

    To send a quarantined object to Kaspersky Lab for analysis: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Quarantine tab, select a file that you need to send for research. Right-click to open the context menu of the file and select the Send for analysis item.

    WORKING WITH OBJECTS IN BACKUP


    The Kaspersky Internet Security backup storage lets you perform the following operations: restore files in a specified folder or in original ones, in which a file had been stored before it was processed by Kaspersky Internet Security; delete selected files or all files from Backup. To restore an object from Backup: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Storage tab, select a file that you need to restore. Click the Restore button.

    To delete a file from Backup: 1. 2. 3. 4. Open the main application window. In the lower part of the window, select the Quarantine section. On the Storage tab, select a file that you need to delete. Right-click the file to open its context menu and select Delete.

    162

    ADVANCED

    APPLICATION SETTINGS

    To delete all files from Backup: 1. 2. 3. Open the main application window. In the lower part of the window, select the Quarantine section. On the Storage tab, click the Clear storage button.

    SCANNING FILES IN QUARANTINE AFTER AN UPDATE


    If the application has scanned a file and has not been able to determine exactly what malicious programs have infected it, the file is quarantined. After the databases are updated, Kaspersky Internet Security may be able to clearly identify and remove the threat. You can enable automatic scanning of quarantined objects after each update. We recommend that you periodically view quarantined files. Scanning may change their status. Some files can then be restored to their previous locations, and you will be able to continue working with them. To enable scanning quarantined files after update: 1. 2. 3. Open the application settings window. In the left part of the window, in the Update section, select the Update Settings component. Check the Rescan Quarantine after update box in the Additional section.

    ADDITIONAL TOOLS FOR BETTER PROTECTION OF YOUR


    COMPUTER
    The following wizards and tools included with Kaspersky Internet Security are used to resolve specific issues concerning your computer's security: Kaspersky Rescue Disk Creation Wizard is designed for creating an ISO disk image and writing Kaspersky Rescue Disk on a removable medium, which allows you to recover the system's operability after a virus attack if you load the application from the removable medium. Kaspersky Rescue Disk should be used when the infection is at such a level that it is deemed impossible to disinfect the computer using anti-virus applications or malware removal utilities. The Privacy Cleaner Wizard is designed to search for and eliminate traces of a user's activities in the system, as well as operating system settings which allow the gathering of information about user activities. The System Restore Wizard is designed to eliminate system damage and traces of malware objects in the system. The Browser Configuration Wizard is designed to analyze and adjust the settings of Microsoft Internet Explorer in order to eliminate its potential vulnerabilities. All the problems found by the Wizards (except the Kaspersky Rescue Disk Creation Wizard) are grouped based on the type of danger they pose to the operating system. Kaspersky Lab offers a set of actions for each group of problems which help eliminate vulnerabilities and weak points in the system's settings. Three groups of problems and, accordingly, three groups of actions to be taken when they are detected are distinguished: Strongly recommended actions will help eliminate problems posing a serious security threat. You are advised to perform all the actions in this group without delay to eliminate the threat. Recommended actions help eliminate problems posing a potential threat. You are advised to perform all actions in this group as well to provide the optimal level of protection.

    163

    USER GUIDE

    Additional actions help repair system damages which do not pose a current threat but may threaten your computer's security in the future. Performing these actions ensures comprehensive protection of your computer. However, in some cases, they may lead to deletion of user settings (such as cookies).

    IN THIS SECTION:
    Privacy Cleaner ............................................................................................................................................................. 164 Configuring a browser for safe work .............................................................................................................................. 165 Rolling back changes made by Wizards ....................................................................................................................... 167

    PRIVACY CLEANER
    When working with the computer, a user's actions are registered in the system. Saved data includes the search queries entered by users and web sites visited, launched programs, opened and saved files, the Microsoft Windows system event log, temporary files, etc. All these sources of information about the user's activity may contain confidential data (including passwords) and may become available to intruders for analysis. Frequently, the user has insufficient knowledge to prevent information being stolen from these sources. Kaspersky Internet Security includes the Privacy Cleaner Wizard. This Wizard searches for traces of user activities in the system, as well as for operation system settings which contribute to the storing of information about user activity. Please keep in mind that data related to user activity in the system, is accumulated constantly. The launch of any file or the opening of any document is logged. The Microsoft Windows system log registers many events occurring in the system. For this reason, repeated running of the Privacy Cleaner Wizard may detect activity traces which were not cleaned up by the previous run of the Wizard. Some files, for example the Microsoft Windows log file, may be in use by the system while the Wizard is attempting to delete them. In order to delete these files, the Wizard will prompt you to restart the system. However, during the restart, these files may be recreated and detected again as activity traces. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button. To remove traces of the user's activity in the system: 1. 2. 3. Open the main application window. In the lower part of the window, select the Tools section. In the window that opens, in the Privacy Cleaner section, click the Start button.

    Let us review the steps of the Wizard in more detail.

    Step 1. Starting the Wizard


    Make sure the option Perform user's activity traces diagnostics is selected and click the Next button to start the Wizard.

    Step 2. Activity signs search


    This Wizard searches for traces of malware activities in your computer. The scan may take some time. Once the search is complete, the Wizard will proceed automatically to the next step.

    164

    ADVANCED

    APPLICATION SETTINGS

    Step 3. Selecting Privacy Cleaner actions


    When the search is complete, the Wizard displays the detected activity traces and actions suggested to eliminate them. To view the actions within a group, click the + icon to the left of the group name. To make the Wizard perform a certain action, check the box to the left of the corresponding action description. By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to perform a certain action, uncheck the box next to it. It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your computer vulnerable to threats. Having defined the set of actions which the Wizard will perform, click the Next button.

    Step 4. Privacy Cleaner


    The Wizard will perform the actions selected during the previous step. The elimination of activity traces may take some time. To clean up certain activity traces, a reboot may be required; if so, the Wizard will notify you. Once the clean-up is complete, the Wizard will proceed automatically to the next step.

    Step 5. Wizard completion


    If you wish to clean up the traces of user activity automatically whenever Kaspersky Internet Security completes its work, use the last screen of the Wizard to check the box Clean activity traces every time on Kaspersky Internet Security exit. If you plan to remove activity traces manually using the Wizard, do not check this box. Click the Finish button to close the Wizard.

    CONFIGURING A BROWSER FOR SAFE WORK


    The Microsoft Internet Explorer browser requires special analysis and configuration in certain cases, since some setting values selected by the user or set by default may cause security problems. Here are some examples of the objects and parameters used in the browser and how they are associated with potential security threats: Microsoft Internet Explorer cache. The cache stores data downloaded from the Internet, so the user does not have to download them next time. This speeds up the download time of web pages and reduces Internet traffic. In addition to that, the cache contains confidential data and makes it possible to find out which sites the user has visited. Some malware objects also scan the cache while scanning the disk, and intruders can obtain, for example, the user's email addresses. You are advised to clear the cache every time you close your browser to improve protection. Display of known file types extensions. To edit file names conveniently, you can disable the display of their extensions. Nevertheless, it is sometimes useful to see the file extension. File names of many malicious objects contain combinations of symbols imitating an additional file extension before the real one (e.g., example.txt.com). If the real file extension is not displayed, users can see just the file name part with the imitated extension and so they may identify a malicious object as a harmless file. To improve protection, you are advised to enable the display of files of known formats. List of trusted websites. For some websites to run correctly, you should add them to the list of trusted sites. At the same time, malicious objects can add links to websites created by intruders to this list. The browser configuration for Safe Run may cause problems with the display of certain websites (for example, if they use ActiveX elements). This problem can be solved by adding these websites to the trusted zone.

    165

    USER GUIDE

    Browser analysis and configuration are performed in the Browser Configuration Wizard. The Wizard checks whether the latest browser updates are installed and makes sure that the current browser settings do not make the system vulnerable to malicious exploits. Once the Wizard is complete, a report is generated which can be sent to Kaspersky Lab for analysis. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button. Close all Microsoft Internet Explorer windows before starting the diagnostics. To configure the browser for safe work: 1. 2. 3. Open the main application window. In the lower part of the window, select the Tools section. In the window that opens, in the Browser Configuration section, click the Start button.

    Let us review the steps of the Wizard in more detail.

    Step 1. Starting the Wizard


    Make sure the option Perform diagnostics for Microsoft Internet Explorer is selected and click the Next button to start the Wizard.

    Step 2. Microsoft Internet Explorer settings analysis


    The Wizard analyzes the settings of Microsoft Internet Explorer. Searching the browser settings for problems may take some time. Once the search is complete, the Wizard will proceed automatically to the next step.

    Step 3. Selecting actions for browser configuration


    When the search is complete, the Wizard displays the detected problems and actions suggested to eliminate them. To view the actions within a group, click the + icon to the left of the group name. To make the Wizard perform a certain action, check the box to the left of the corresponding action description. By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to perform a certain action, uncheck the box next to it. It is strongly recommended that you not uncheck the boxes selected by default, as doing so will leave your computer vulnerable to threats. Having defined the set of actions which the Wizard will perform, click the Next button.

    Step 4. Browser Configuration


    The Wizard will perform the actions selected during the previous step. Browser configuration may take some time. Once configuration is complete, the Wizard proceeds automatically to the next step.

    Step 5. Wizard completion


    Click the Finish button to close the Wizard.

    166

    ADVANCED

    APPLICATION SETTINGS

    ROLLING BACK CHANGES MADE BY WIZARDS


    Some changes made when running the Privacy Cleaner Wizard (see section "Privacy Cleaner" on page 164), System Restore Wizard (see section "What to do if you suspect your computer is infected" on page 53), and Browser Configuration Wizard (see section "Configuring a browser for safe work" on page 165) can be rolled back. To roll back changes made by Wizards: 1. 2. Open the main application window and select the Tools section in the lower part of the window. In the right part of the window, click the Start button in the section with the name of a Wizard, for which you need to roll back changes made: Privacy Cleaner to roll back changes made by the Privacy Cleaner Wizard; Microsoft Windows Troubleshooting to roll back changes made by the Microsoft Windows Troubleshooting Wizard; Browser Configuration to roll back changes made by the Browser Configuration Wizard. Let us take a closer look at Wizards' steps taken when rolling back changes.

    Step 1. Starting the Wizard


    Select Roll back changes and click the Next button.

    Step 2. Search for changes


    The Wizard searches for the changes that it made earlier and that can be rolled back. Once the search is complete, the Wizard will proceed automatically to the next step.

    Step 3. Selecting changes to roll back


    When the search is completed, the Wizard informs you of changes found. To make the wizard roll back an action taken earlier, check the box located to the left of the action's name. After you have selected actions that you want to roll back, click the Next button.

    Step 4. Rolling back changes


    The Wizard rolls back the actions selected at the previous step. When the changes are rolled back, the Wizard automatically proceeds to the next step.

    Step 5. Wizard completion


    Click the Finish button to close the Wizard.

    REPORTS
    Events that occur during the operation of the protection components or when the Kaspersky Internet Security tasks are run are logged in reports.

    167

    USER GUIDE

    IN THIS SECTION:
    Creating a report for the selected protection component .............................................................................................. 168 Data filtering .................................................................................................................................................................. 168 Events search ............................................................................................................................................................... 169 Saving a report to file .................................................................................................................................................... 170 Storing reports............................................................................................................................................................... 170 Clearing application reports........................................................................................................................................... 170 Recording non-critical events into the report ................................................................................................................. 171 Configuring the notification of report availability ............................................................................................................ 171

    CREATING A REPORT FOR THE SELECTED PROTECTION COMPONENT


    You can obtain a detailed report about events which occurred during the operation of each of the Kaspersky Internet Security protection components or during execution of its tasks. For added convenience when working with reports, you can change the data display on the screen: group events by various parameters, select the report period, sort events by column or by importance, and hide columns. To create a report on a certain protection component or a task: 1. 2. 3. 4. Open the main application window. In the top part of the window, click the Reports link. In the Reports window that opens, click the Detailed report button. In the left part of the Detailed report window that opens, select the component or task, for which a report should be created. When you select the Protection Center item, a report is created for all protection components.

    DATA FILTERING
    You can filter events in Kaspersky Internet Security reports by one or several values in the report columns, as well as define complex data filtering conditions. To filter events by values: 1. 2. 3. 4. Open the main application window. In the top part of the window, click the Reports link. In the Reports window that opens, click the Detailed report button. In the right part of the Detailed report window that opens, move the mouse pointer to the upper left corner of the column header and click it to open the filter menu. Select the value which should be used to filter data in the filter menu. Repeat the procedure for another column, if necessary.

    5. 6.

    168

    ADVANCED

    APPLICATION SETTINGS

    To specify a complex filtering condition: 1. 2. 3. 4. Open the main application window. Click the Reports link in the top part of the window to open the reports window. In the window that opens, on the Report tab, click the Detailed report button. In the right part of the Detailed report window that opens, right-click the appropriate report column to display the context menu for it and select Custom. In the Custom filter window that opens, set the filtration conditions: a. b. Define the query limits in the right part of the window. In the left part of the window, select the necessary query condition from the Condition dropdown list (e.g., is greater or less than, equals or does not equal the value specified as the query limit). If necessary, add a second condition using logical conjunction (logical AND) or disjunction (logical OR) operations. If you wish your data query to satisfy both specified conditions, select AND. If only one of the two conditions is required, select OR.

    5.

    c.

    EVENTS SEARCH
    You can search a report for the desired event using a key word in the search line or special search window. To find an event using the search line: 1. 2. 3. 4. Open the main application window. In the top part of the window, click the Reports link. In the Reports window that opens, click the Detailed report button. Enter the key word in the search line in the right part of the Detailed report window that opens.

    To find an event using the search window: 1. 2. 3. 4. Open the main application window. In the top part of the window, click the Reports link. In the Reports window that opens, click the Detailed report button. In the right part of the Detailed report window that opens, right-click the appropriate column header to display the context menu for it and select Search. Specify the search criteria in the Search window that opens: a. b. In the String field, enter a key word to be searched for. In the Column dropdown list, select the name of the column that should be searched for the specified key word. If necessary, check the boxes for additional search settings.

    5.

    c. 6.

    Start the search using one of the following methods: If you want to find an event that meets the specified search criteria and comes next after the one that you have highlighted on the list, click the Find next button. If you want to find all events that meet the specified search criteria, click the Mark all button.

    169

    USER GUIDE

    SAVING A REPORT TO FILE


    The report obtained can be saved to a text file. To save the report to file: 1. 2. 3. 4. Open the main application window. In the top part of the window, click the Reports link. In the Reports window that opens, click the Detailed report button. In the Detailed report window that opens, create a required report and click the Save link to select a location for the file that you want to save. In the window that opens, select a folder into which you wish to save the report file and enter the file name.

    5.

    STORING REPORTS
    The default maximum report storage duration is 30 days. After that the reports will be deleted. You can cancel the time restriction or change the maximum report storage duration. In addition, you can also define the maximum report file size. By default, the maximum size is 1024 MB. Once the maximum size has been reached, the content of the file is replaced with new records. You can cancel any limits imposed on the report's size, or enter another value. To modify the report maximum storage time: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. In the right part of the window, in the Storing reports section, check the Store reports no longer than box and specify the maximum storage period for reports.

    To configure the maximum report file size: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. In the Storing reports section in the right part of the window, check the Maximum file size box and specify the maximum size for a report file.

    CLEARING APPLICATION REPORTS


    You can clear the reports containing data that you no longer need. To clear application reports: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. In the right part of the window, in the Clear reports section, click the Clear button. In the Clearing reports window that opens, check the boxes for the reports you wish to clear.

    170

    ADVANCED

    APPLICATION SETTINGS

    RECORDING NON-CRITICAL EVENTS INTO THE REPORT


    By default, the product does not add non-critical events or registry and file system events to its reports. You can add records of such events to the report. To add non-critical events to the report: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Reports and Storages subsection. In the right part of the window, check the Log non-critical events box.

    CONFIGURING THE NOTIFICATION OF REPORT AVAILABILITY


    You can create a schedule according to which Kaspersky Internet Security will remind you that a report is ready. To configure notification of a report's completion: 1. 2. Open the main application window. In the top part of the window, click the Reports link.

    3. 4.

    In the Reports window that opens, click the

    button.

    In the Notifications window that opens, specify schedule settings.

    APPLICATION APPEARANCE. MANAGING ACTIVE


    INTERFACE ELEMENTS
    Kaspersky Internet Security allows you to adjust the settings for display of text on the logon screen in Microsoft Windows and active interface elements (the application icon in the notification area, notification windows, and pop-up messages).

    IN THIS SECTION:
    Translucence of notification windows ............................................................................................................................ 171 Animation of the application icon in the notification area ............................................................................................... 172 Text on Microsoft Windows logon screen ...................................................................................................................... 172

    TRANSLUCENCE OF NOTIFICATION WINDOWS


    To make notification windows translucent: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Appearance subsection. In the Icon in the taskbar notification area section, check the Enable semi-transparent windows box.

    171

    USER GUIDE

    ANIMATION OF THE APPLICATION ICON IN THE NOTIFICATION AREA


    Animation of the application icon is displayed in the notification area when running an update or a scan. By default, animation of the application icon in the notification area is enabled. To disable animation of the application icon: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Appearance subsection. In the Icon in the taskbar notification area section, uncheck the Animate taskbar icon when executing tasks box.

    TEXT ON MICROSOFT WINDOWS LOGON SCREEN


    By default, if Kaspersky Internet Security is enabled and protects your computer, the text "Protected by Kaspersky Lab" is displayed on the logon screen while Microsoft Windows is loading. Text "Protected by Kaspersky Lab" is only displayed in Microsoft Windows XP. To enable display of this text during the loading of Microsoft Windows: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Appearance subsection. In the Icon in the taskbar notification area section, uncheck the Show "Protected by Kaspersky Lab" on Microsoft Windows logon screen box.

    NOTIFICATIONS
    By default, if any events occur during operation, Kaspersky Internet Security notifies you of them. If you are required to select further actions, notification windows will be displayed on the screen (see section "Notification windows and pop-up messages" on page 34). The application notifies you of events which do not require selection of an action with audio signals, email messages, and pop-up messages in the taskbar notification area (see section "Notification windows and pop-up messages" on page 34). Kaspersky Internet Security comprises the News Agent (on page 37) that Kaspersky Lab uses to notify you of various news. If you do not want to receive any news, you can disable the news delivery.

    IN THIS SECTION:
    Enabling and disabling notifications .............................................................................................................................. 172 Configuring the notification method ............................................................................................................................... 173 Disabling news delivery ................................................................................................................................................. 174

    ENABLING AND DISABLING NOTIFICATIONS


    By default, Kaspersky Internet Security uses various methods to notify you of all important events related to application operation (see section "Configuring the notification method" on page 173). You can disable the delivery of notifications.

    172

    ADVANCED

    APPLICATION SETTINGS

    Regardless of whether notification delivery is enabled or disabled, information about events that occur during the operation of Kaspersky Internet Security is logged in an application operation report (see page 167). When you disable the notifications delivery, it does not impact the display of notification windows. To minimize the number of notification windows displayed on the screen, use the automatic protection mode (see section "Selecting a protection mode" on page 64). To disable notification delivery: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Notifications subsection. In the right part of the window, uncheck the Enable events notifications box.

    CONFIGURING THE NOTIFICATION METHOD


    The application notifies you of events using the following methods: pop-up messages in the taskbar notification area; audio notifications; email messages. You can configure an individual set of notification delivery methods for each type of event. By default, critical notifications and notifications of application operation failures are accompanied by an audio signal. The Microsoft Windows sound scheme is used as the source of sound effects. You can modify the current scheme or disable sounds. To allow Kaspersky Internet Security to notify you of events by email, you should adjust the email settings of notification delivery. To select notifications delivery methods for various types of events: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Notifications subsection. In the right part of the window, check the Enable events notifications box and click the Settings button located under the box. In the Notifications window that opens, check the boxes corresponding to how you want to be notified of various events: by email, with a pop-up message, or with an audio signal.

    4.

    To modify the email settings for notification delivery: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Notifications subsection. In the right part of the window, check the Enable email notifications box and click the Settings button. In the Email notification settings window that opens, specify the settings for sending notifications by email.

    173

    USER GUIDE

    To configure the sound scheme used with notifications: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Notifications subsection. In the right part of the window, uncheck the Enable audio notifications box. If you want to use the sound scheme of Microsoft Windows for notification of Kaspersky Internet Security events, check the Use Windows Default sound scheme box. If this box is unchecked, the sound scheme from previous Kaspersky Internet Security versions is used.

    DISABLING NEWS DELIVERY


    To disable news delivery from the application settings window: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Appearance subsection. In the right part of the window, uncheck the Enable news notifications box.

    KASPERSKY SECURITY NETWORK


    To increase the efficiency of your computer's protection, Kaspersky Internet Security uses data received from users from all over the world. Kaspersky Security Network is designed for collecting this data. The Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab, which contains information about the reputation of files, web resources, and software. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky Internet Security when encountering new types of threats, improves performance of some protection components, and reduces the risk of false positives. User participation in Kaspersky Security Network enables Kaspersky Lab to gather real-time information about the types and sources of new threats, develop methods to neutralize them, and reduce the number of false positives. Besides, participating in Kaspersky Security Network grants you access to information about reputation of various applications and websites. When you participate in the Kaspersky Security Network, certain statistics collected while Kaspersky Internet Security protects your computer are sent to Kaspersky Lab automatically. No private data is collected, processed, or stored. Participating in the Kaspersky Security Network is voluntary. You should decide whether to participate when installing Kaspersky Internet Security; however, you can change your decision later.

    IN THIS SECTION:
    Enabling and disabling participation in Kaspersky Security Network ............................................................................ 175 Verifying connection to Kaspersky Security Network .................................................................................................... 175

    174

    ADVANCED

    APPLICATION SETTINGS

    ENABLING AND DISABLING PARTICIPATION IN KASPERSKY SECURITY NETWORK


    To participate in Kaspersky Security Network: 1. 2. 3. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Feedback subsection. In the right part of the window, check the I agree to participate in Kaspersky Security Network box.

    VERIFYING CONNECTION TO KASPERSKY SECURITY NETWORK


    Connection to Kaspersky Security Network may be lost for the following reasons: your computer is not connected to the Internet; you do not participate in Kaspersky Security Network; your license for Kaspersky Internet Security is limited. To test the connection to Kaspersky Security Network: 1. 2. 3. Open the main application window. In the top part of the window, click the Cloud protection button. In the left part of the window that opens, the status of connection to Kaspersky Security Network is displayed.

    175

    TESTING THE APPLICATION'S OPERATION


    This section provides information about how to ensure that the application detects viruses and their modifications and performs the correct actions on them.

    IN THIS SECTION:
    About the test file EICAR............................................................................................................................................... 176 Testing the application's functioning using the test file EICAR ...................................................................................... 176 About the types of the test file EICAR ........................................................................................................................... 177

    ABOUT THE TEST FILE EICAR


    You can make sure that the application detects viruses and disinfects infected files by using a test file EICAR. The test file EICAR has been developed by the European Institute for Computer Antivirus Research (EICAR) in order to test the functionality of anti-virus applications. The test file EICAR is not a virus. The test file EICAR does not contain any program code that could damage your computer. However, a major part of anti-virus applications identify the test file EICAR as a virus. The test file EICAR is not intended for testing the functionality of the heuristic analyzer or searching for malware at the system level (rootkits). Do not use real viruses to test the functionality of anti-virus applications! This may damage your computer.

    Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the test file EICAR.

    TESTING THE APPLICATION'S FUNCTIONING USING THE TEST FILE EICAR


    You can use the test file EICAR to test the Internet traffic protection, anti-virus protection of files, and computer scan. Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the test file EICAR. To test the Internet traffic protection using the test file EICAR: 1. 2. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm. Try to save the EICAR test file in any folder on your computer. Kaspersky Internet Security informs you that a threat has been detected at the requested URL and blocks the attempt to save the object on the computer. 3. If necessary, you can use various types of the test file EICAR (see section "About the types of the test file EICAR" on page 177).

    176

    TESTING

    THE APPLICATION'S OPERATION

    To test the anti-virus protection of files using the test file EICAR or a modification of it: 1. Pause anti-virus protection of Internet traffic and anti-virus protection of files on your computer. When protection is paused, it is not recommended that you connect the computer to local networks or use removable devices to prevent harm to your computer caused by malware. 2. 3. 4. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm. Save the EICAR test file in any folder on your computer. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR" on page 177). You can use any text or hypertext editor to do this, for example, Notepad. To open Notepad, select Start programs Accessories Notepad. 5. All

    Save the resulting file under a name reflecting the modification of the file EICAR; for example, add the DELEprefix and save the file as eicar_dele.com. Resume anti-virus protection of Internet traffic and anti-virus protection of files on your computer. Try to run the file that you have saved. Kaspersky Internet Security informs you of a threat detected on the hard drive of your computer and performs the action specified in the settings of the anti-virus protection of files.

    6. 7.

    To test the virus scan using the test file EICAR or a modification of it : 1. Pause anti-virus protection of Internet traffic and anti-virus protection of files on your computer. When protection is paused, it is not recommended that you connect the computer to local networks or use removable devices to prevent harm to your computer caused by malware. 2. 3. You can download this test file from EICAR's official website at http://www.eicar.org/anti_virus_test_file.htm. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR" on page 177). You can use any text or hypertext editor to do this, for example, Notepad. To open Notepad, select Start programs Accessories Notepad. 4. Save the resulting file under a name reflecting the modification of the test file EICAR; for example, add the DELE- prefix and save the file as eicar_dele.com. Start the scan of the file that you have saved. Kaspersky Internet Security informs you of a threat detected on the hard drive of your computer and performs the action specified in the settings of the virus scan. 6. Resume anti-virus protection of Internet traffic and anti-virus protection of files on your computer. All

    5.

    ABOUT THE TYPES OF THE TEST FILE EICAR


    You can test the application's functioning by creating various modifications of the test file EICAR. The application detects the test file EICAR (or a modification of it) and assigns it a status depending on the results of the scan. The application takes specified actions on the test file EICAR if they had been selected in the settings of the component that has detected the test file EICAR.

    177

    USER GUIDE

    The first column of the table (see the table below) contains prefixes that you can use when creating modifications of the test file EICAR. The second column lists all possible statuses assigned to the file, based on the results of the scan by the application. The third column indicates how the application processes files with the specified status.
    Table 2. Modifications of the test file EICAR

    Prefix No prefix, standard test virus.

    File status Infected.

    File processing information The application identifies this file as a file containing a virus that cannot be disinfected.

    File contains code of a known virus. File The action set for infected files is applied to the file. By default, the cannot be disinfected. application displays an on-screen notification that the file cannot be disinfected. Infected.

    CURE-

    The file contains a virus that can be disinfected or deleted. The application disinfects the file; the text of the virus body is replaced with File contains code of a the word CURE. known virus. File can be disinfected. The application displays an on-screen notification that a disinfected file has been detected. Infected. The application identifies the file as a virus that cannot be disinfected, and deletes it.

    DELE-

    File contains code of a known virus. File The application displays an on-screen notification that the disinfected cannot be disinfected. file has been deleted. WARNPotentially infected. File contains code of an unknown virus. File cannot be disinfected. SUSPPotentially infected. File contains modified code of a known virus. File cannot be disinfected. File is potentially infected.

    The application applies the action set for potentially infected files on the file. By default, the application displays an on-screen notification that a potentially infected file has been detected. The application detected a partial correspondence of a section of file code with a section of code of a known virus. When a potentially infected file is detected, the application databases do not contain a description of the full code of the virus. The application applies the action set for potentially infected files on the file. By default, the application displays an on-screen notification that a potentially infected file has been detected. The application does not scan this type of file because its structure is damaged (for example, the file format is invalid). You can find the information that the file has been processed in the report on the application's operation. An error occurred during the scan of a file. The application could not access the file, since the integrity of the file has been breached (for example, no end to a multivolume archive) or there is no connection to it (if the file is scanned on a network drive). You can find the information that the file has been processed in the report on the application's operation.

    CORR-

    Corrupted.

    ERRO-

    Scan error.

    178

    CONTACTING THE TECHNICAL SUPPORT SERVICE


    This section provides information about how to obtain technical support and what conditions should be met to receive help from the Technical Support Service.

    IN THIS SECTION:
    How to get technical support ......................................................................................................................................... 179 Using the trace file and the AVZ script .......................................................................................................................... 179 Technical support by phone .......................................................................................................................................... 182 Obtaining technical support via My Kaspersky Account ................................................................................................ 182

    HOW TO GET TECHNICAL SUPPORT


    If you do not find a solution to your problem in the application documentation or in one of the sources of information about the application (see section "Sources of information about the application" on page 12), we recommend that you contact Kaspersky Lab's Technical Support Service. Technical Support Service specialists will answer any of your questions about installing and using the application. If the computer is infected, our specialists will help to fix any problems caused by malware. Before contacting the Technical Support Service, please read the support rules (http://support.kaspersky.com/support/rules). You can contact the Technical Support Service in one of the following ways: By telephone. This method allows you to consult with specialists from our Russian-language or international Technical Support Service. By sending a query from your Kaspersky Account on the Technical Support Service website. This method allows you to contact our specialists using the query form. To qualify for technical support, you must be a registered user of a commercial version of Kaspersky Internet Security. Technical support is not available to users of trial versions of the application.

    USING THE TRACE FILE AND THE AVZ SCRIPT


    After you notify Technical Support Service specialists of a problem encountered, they may ask you to create a report that should contain information about your operating system, and send it to the Technical Support Service. Also, Technical Support Service specialists may ask you to create a trace file. The trace file allows you to trace the process of executing the application's commands step-by-step and find out on which stage of the application's operation an error has occurred. After Technical Support Service specialists analyze the data that you have sent, they can create an AVZ script and send it to you. Running AVZ scripts allows you to analyze active processes for malicious code, scan the system for malicious code, disinfect / delete infected files, and create reports on results of system scans.

    179

    USER GUIDE

    CREATING A SYSTEM STATE REPORT


    To create a system state report: 1. 2. Open the main application window. Click the Support link at the bottom of the main window to open the Support window, then follow the Support Tools link. In the Support Tools window that opens, click the Create system state report button.

    3.

    The system state report is created in HTML and XML formats and is saved in the archive sysinfo.zip. Once the information has been gathered, you can view the report. To view the report: 1. 2. Open the main application window. Click the Support link at the bottom of the main window to open the Support window, then follow the Support Tools link. In the Support Tools window that opens, click the View button. Open the sysinfo.zip archive which contains the report files.

    3. 4.

    CREATING A TRACE FILE


    To create a trace file: 1. 2. Open the main application window. Click the Support link at the bottom of the main window to open the Support window, then follow the Support Tools link. In the Support Tools window that opens, specify the trace level from the drop-down list in Traces section. It is recommended that the required trace level be clarified by a Technical Support Service specialist. In the absence of guidance from the Technical Support Service, you are advised to set the trace level to 500. 4. 5. 6. To start the trace process, click the Enable button. Reconstruct the situation in which the problem occurred. To stop the trace process, click the Disable button.

    3.

    You can switch to uploading tracing results (see section "Sending data files" on page 180) to Kaspersky Lab's server.

    SENDING DATA FILES


    After you have created the trace files and the system state report, you need to send them to Kaspersky Lab Technical Support Service experts. You will need a request number to upload data files to the Technical Support Service server. This number is available in your My Kaspersky Account on the Technical Support Service website if your request is active.

    180

    CONTACTING

    THE

    TECHNICAL SUPPORT SERVICE

    To upload the data files to the Technical Support Service server: 1. 2. Open the main application window. Click the Support link at the bottom of the main window to open the Support window, then follow the Support Tools link. In the Support Tools window that opens, in the Actions section, click the Upload information for Technical Support Service to the server button. The Uploading information for Technical Support Service to the server window will open. 4. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the Send button. The Request number window will open. 5. Specify the number assigned to your request by contacting the Technical Support Service through My Kaspersky Account and click the OK button.

    3.

    The selected data files are packed and sent to the Technical Support Service server. If for any reason it is not possible to contact the Technical Support Service, the data files can be stored on your computer and later sent from My Kaspersky Account. To save data files on a disk: 1. 2. Open the main application window. Click the Support link at the bottom of the main window to open the Support window, then follow the Support Tools link. In the Support Tools window that opens, in the Actions section, click the Upload information for Technical Support Service to the server button. The Uploading information for Technical Support Service to the server window will open. 4. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the Send button. The Request number window will open. 5. Click the Cancel button and confirm saving the files on the disk by clicking the Yes button in the window that opens. The archive saving window will open. 6. Specify the archive name and confirm saving.

    3.

    The created archive can be sent to the Technical Support Service from My Kaspersky Account.

    AVZ SCRIPT EXECUTION


    You are advised not to change the text of an AVZ script received from Kaspersky Lab experts. If problems occur during script execution, please contact the Technical Support Service (see section "How to get technical support" on page 179).

    181

    USER GUIDE

    To run the AVZ script: 1. 2. Open the main application window. Click the Support link at the bottom of the main window to open the Support window, then follow the Support Tools link. In the Support Tools window that opens, click the Execute AVZ script button.

    3.

    If the script successfully executes, the Wizard closes. If an error occurs during script execution, the Wizard displays a message to that effect.

    TECHNICAL SUPPORT BY PHONE


    If an urgent issue arises, you can call specialists from the Russian-speaking or international Technical Support Service by phone (http://support.kaspersky.com/support/support_local). Before contacting the Technical Support Service, you should collect information (http://support.kaspersky.com/support/details) about your computer and anti-virus applications installed on it. This will allow our specialists to help you more quickly.

    OBTAINING TECHNICAL SUPPORT VIA MY KASPERSKY ACCOUNT


    My Kaspersky Account is your personal area (https://my.kaspersky.com) on the Technical Support Service website. To obtain access to My Kaspersky Account, you should go through the registration procedure on the registration page (https://my.kaspersky.com/registration). Enter your email address and a password to log in to My Kaspersky Account. In My Kaspersky Account, you can perform the following actions: contact the Technical Support Service and Virus Lab; contact the Technical Support Service without using email; track the status of your request in real time; view a detailed history of your requests to the Technical Support Service; receive a copy of the key file if it has been lost or removed.

    Technical Support by email


    You can send an online request to the Technical Support Service in Russian, English, German, French, or Spanish. You should specify the following data in the fields of the online request form: request type; application name and version number; request description; customer ID and password; email address.

    182

    CONTACTING

    THE

    TECHNICAL SUPPORT SERVICE

    A specialist from the Technical Support Service sends an answer to your question to your My Kaspersky Account and to the email address that you have specified in your online request.

    Online request to the Virus Lab


    Some requests should be sent to the Virus Lab instead of the Technical Support Service. You can send requests of the following types to the Virus Lab: Unknown malicious program you suspect that a file contains a virus but Kaspersky Internet Security has not identified it as infected. Virus Lab specialists analyze malicious code sent. If they detect a previously unknown virus, they add a corresponding description to the database, which becomes available when updating anti-virus applications. False alarm Kaspersky Internet Security classifies the file as a virus, yet you are sure that the file is not a virus. Request for description of malicious program you want to receive the description of a virus detected by Kaspersky Internet Security, using the name of the virus. You can also send requests to the Virus Lab from the page with the request form (http://support.kaspersky.com/virlab/helpdesk.html) without being registered in My Kaspersky Account. On this page, you do not have to specify the application activation code.

    183

    APPENDIX
    This section provides information that complements the document text.

    IN THIS SECTION:
    Working with the application from the command line .................................................................................................... 184 Kaspersky Internet Security notifications list ................................................................................................................. 194

    WORKING WITH THE APPLICATION FROM THE COMMAND


    LINE
    You can work with Kaspersky Internet Security from the command line. The capability is provided to perform the following operations: activating the application; starting and stopping the application; starting and stopping application components; starting and stopping tasks; obtaining information on the current status of components and tasks, as well as their statistics; starting and stopping virus scan tasks; scanning selected objects; updating databases and software modules, rolling back updates; exporting and importing security settings; opening help files using command line syntax in general and for individual commands. Command prompt syntax: avp.com <command> [options] You should access the application from the command line from the application installation folder or by specifying the full path to avp.com. The list of commands used to control the application and its components is provided in the table below. START STOP Starts a component or a task. Stops a component or a task. The command can only be executed if the password assigned via the Kaspersky Internet Security interface is entered. Displays the current status of a component or task on the screen.

    STATUS

    184

    APPENDIX

    STATISTICS HELP SCAN UPDATE ROLLBACK

    Displays the statistics for a component or task on the screen. Displays the list of commands and command syntax information. Scans objects for viruses. Starts the application update. Rolls back to the last Kaspersky Internet Security update made. The command can only be executed if the password assigned via the Kaspersky Internet Security interface is entered. Closes the application. The command can only be run if the password assigned via the application interface is entered. Imports application protection settings. The command can only be executed if the password assigned via the Kaspersky Internet Security interface is entered. Exports the application protection settings.

    EXIT IMPORT

    EXPORT

    Each command requires its own specific set of settings.

    IN THIS SECTION:
    Activating the application............................................................................................................................................... 185 Starting the application .................................................................................................................................................. 186 Stopping the application ................................................................................................................................................ 186 Managing application components and tasks................................................................................................................ 186 Virus scan ..................................................................................................................................................................... 188 Updating the application ................................................................................................................................................ 190 Rolling back the last update .......................................................................................................................................... 191 Exporting protection settings ......................................................................................................................................... 191 Importing protection settings ......................................................................................................................................... 191 Creating a trace file ....................................................................................................................................................... 192 Viewing Help ................................................................................................................................................................. 192 Return codes of the command line ................................................................................................................................ 192

    ACTIVATING THE APPLICATION


    You can activate Kaspersky Internet Security using a key file. Command syntax: avp.com ADDKEY <filename> The table below describes the settings of command execution. <filename> Application key file name with the *.key extension.

    185

    USER GUIDE

    Example: avp.com ADDKEY 1AA111A1.key

    STARTING THE APPLICATION


    Command syntax: avp.com

    STOPPING THE APPLICATION


    Command syntax: avp.com EXIT /password=<your_password> A description of parameters is provided in the table below. <your_password> Application password specified in the interface.

    Note that this command is not accepted without a password.

    MANAGING APPLICATION COMPONENTS AND TASKS


    Command syntax: avp.com <command> <profile|task_name> [/R[A]:<report_file>] avp.com STOP <profile|task_name> /password=<your_password> [/R[A]:<report_file>] Descriptions of commands and settings are given in the table below. <command> You can manage Kaspersky Internet Security components and tasks from the command prompt with the following commands: START start a protection component or a task. STOP stop a protection component or a task. STATUS display the current status of a protection component or a task. STATISTICS output statistics to the screen for a protection component or a task. Note that the STOP command will not be accepted without a password.

    <profile|task_name>

    You can specify any protection component of Kaspersky Internet Security, component module, on-demand scan or update task as the value for the <profile> setting (the standard values used by the application are shown in the table below). You can specify the name of any on-demand scan or update task as the value for the <task_name> setting.

    <your_password> /R[A]:<report_file>

    Application password specified in the interface. /R:<report_file> log only important events in the report. /RA:<report_file> log all events in the report. You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on the screen, and all events are shown.

    In the <profile> setting, you should specify one of the values given in the table below.

    186

    APPENDIX

    RTP

    All protection components. The avp.com START RTP command runs all the protection components if the protection has been completely disabled. If the component has been disabled using the STOP command from the command prompt, it is not launched by the avp.com START RTP command. In order to start it, you should execute the avp.com START <profile> command with the name of the specific protection component entered for <profile>, for example, avp.com START FM.

    FW HIPS pdm FM EM WM

    Firewall. Application Control. Proactive Defense. File Anti-Virus. Mail Anti-Virus. Web Anti-Virus. Values for Web Anti-Virus subcomponents: httpscan (HTTP) scan HTTP traffic; sc scan scripts.

    IM AB AS PC AP ids Updater Rollback Scan_My_Computer Scan_Objects Scan_Quarantine Scan_Startup (STARTUP) Scan_Vulnerabilities (SECURITY)

    IM Anti-Virus. Anti-Banner. Anti-Spam. Parental Control. Anti-Phishing. Network Attack Blocker. Update. Rolling back the last update. Scan. Objects Scan. Quarantine scan. Startup Objects Scan. Vulnerability Scan.

    Components and tasks started from the command prompt are run with the settings configured in the application interface. Examples: To enable File Anti-Virus, enter the following command:

    187

    USER GUIDE

    avp.com START FM To stop a computer scan, enter the following command: avp.com STOP Scan_My_Computer /password=<your_password>

    VIRUS SCAN
    Starting a scan of a certain area for viruses and processing malicious objects from the command prompt generally looks like this: avp.com SCAN [<object scanned>] [<action>] [<file types>] [<exclusions>] [<configuration file>] [<report settings>] [<advanced settings>] To scan objects, you can also use the tasks created in the application by starting the one you need from the command line. The task will be run with the settings specified in the Kaspersky Internet Security interface. A description of parameters is provided in the table below. <object to scan> this parameter gives the list of objects that are scanned for malicious code. The parameter may include several space-separated values from the list provided. <files> List of paths to the files and folders to be scanned. You can enter an absolute or relative path to the file. Items on the list are separated by a space. Comments: if the object name contains a space, it must be placed in quotation marks; if reference is made to a specific folder, all files in this folder are scanned. /MEMORY /STARTUP /MAIL /REMDRIVES /FIXDRIVES /NETDRIVES /QUARANTINE /ALL /@:<filelist.lst> RAM objects. Startup objects. Mailboxes. All removable media drives. All internal drives. All network drives. Quarantined objects. Full computer scan. Path to a file containing a list of objects and catalogs to be scanned. You can enter an absolute or relative path to the file with the list. The path must be indicated without quotation marks even if it contains a space. The file with the list of objects should be in a text format. Each scan object should be listed on a separate line. You are advised to specify absolute paths to objects to be scanned. When specifying a relative path, you must specify the path relative to the executable file of an application, not relative to the file with the list of objects to be scanned.

    188

    APPENDIX

    <action> this parameter determines what action will be taken with malicious objects detected during the scan. If this parameter has not been defined, the default action is the one with the value of /i8. If you are working in automatic mode, then Kaspersky Internet Security automatically applies the action recommended by Kaspersky Lab's specialists when dangerous objects are detected. An action which corresponds to the <action> parameter value is ignored. /i0 /i1 /i2 Take no action with regard to the object; record information about it in the report. Disinfect infected objects; skip if disinfection fails. Disinfect infected objects; skip if disinfection fails; do not delete infected objects from compound objects; delete infected compound objects with executable headers (sfx archives). Disinfect infected objects; skip if disinfection fails; delete all compound objects completely if infected embedded files cannot be deleted. Delete infected objects. Delete all compound objects completely if the infected parts cannot be deleted. Prompt the user for action if an infected object is detected. Prompt the user for action at the end of the scan.

    /i3

    /i4 /i8 /i9

    <file types> this parameter defines the file types that are subject to an anti-virus scan. By default, if this parameter is not defined, only infectable files by contents are scanned. /fe /fi /fa Scan only infectable files by extension. Scan only infectable files by contents. Scan all files.

    <exclusions> this parameter defines objects that are excluded from the scan. The parameter may include several space-separated values from the list provided. -e:a -e:b -e:m -e:<filemask> -e:<seconds> -es:<size> Do not scan archives. Do not scan email databases. Do not scan plain text emails. Do not scan objects which match the mask. Skip objects that are scanned for longer than the time specified in the <seconds> parameter. Skip objects whose size (in MB) exceeds the value specified in the <size> setting. This setting is only available for compound files (such as archives). <configuration file> defines the path to the configuration file that contains the application settings for the scan. The configuration file is in text format and contains the set of command line parameters for the anti-virus scan. You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used. /C:<file_name> Use the settings' values specified in the <file_name> configuration file.

    189

    USER GUIDE

    <report settings> this parameter determines the format of the report on scan results. You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on the screen, and all events are shown. /R:<report_file> /RA:<report_file> Log important events in this file only. Log all events in this file.

    <advanced settings> settings that define the use of anti-virus scan technologies. /iChecker=<on|off> /iSwift=<on|off> Examples: Start a scan of memory, Startup programs, mailboxes, the directories My Documents and Program Files, and the file test.exe: avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" "C:\Downloads\test.exe" Scan the objects listed in the file object2scan.txt, using the configuration file scan_setting.txt for the job. Use the scan_settings.txt configuration file. When the scan is complete, create a report to log all events: avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log A sample configuration file: /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log Enable / disable the use of iChecker technology. Enable / disable the use of iSwift technology.

    UPDATING THE APPLICATION


    The syntax for updating the modules of Kaspersky Internet Security and application databases from the command line is as follows: avp.com UPDATE [<update_source>] [/R[A]:<report_file>] [/C:<file_name>] A description of parameters is provided in the table below. <update_source> HTTP or FTP server or network folder for downloading updates. The value for the parameter may be in the form of a full path to an update source or a URL. If a path is not selected, the update source will be taken from the application update settings. /R:<report_file> log only important events in the report. /RA:<report_file> log all events in the report. You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on the screen, and all events are shown. /C:<file_name> Path to the configuration file that contains the Kaspersky Internet Security update settings. A configuration file is a file in plain text format containing a list of command-line parameters for an application update. You can enter an absolute or relative path to the file. If this parameter is not defined, the values for the settings in the application interface are used. Examples: Update application databases and record all events in a report: avp.com UPDATE /RA:avbases_upd.txt

    /R[A]:<report_file>

    190

    APPENDIX

    Update the Kaspersky Internet Security modules using the settings of the updateapp.ini configuration file: avp.com UPDATE /C:updateapp.ini A sample configuration file: "ftp://my_server/kav updates" /RA:avbases_upd.txt

    ROLLING BACK THE LAST UPDATE


    Command syntax: avp.com ROLLBACK [/R[A]:<report_file>][/password=<your_password>] A description of parameters is provided in the table below. /R[A]:<report_file> /R:<report_file> log only important events in the report. /RA:<report_file> log all events in the report. You can use an absolute or relative path to the file. If the setting is not defined, scan results are displayed on the screen, and all events are shown. <your_password> Application password specified in the interface.

    Note that this command is not accepted without a password. Example: avp.com ROLLBACK /RA:rollback.txt /password=<your_password>

    EXPORTING PROTECTION SETTINGS


    Command syntax: avp.com EXPORT <profile> <filename> The table below describes the settings of command execution. <profile> Component or task for which the settings are being exported. For the <profile> setting, you can use any value listed in the "Managing application components and tasks" Help section. <filename> Path to the file to which the Kaspersky Internet Security settings are being exported. An absolute or a relative path may be specified. The configuration file is saved in binary format (DAT), if no other format is specified, or it is not specified at all; it can be used later to export application settings onto other computers. The configuration file can also be saved as a text file. To do so, type the .txt extension in the file name. Note that you cannot import protection settings from a text file. This file can only be used to specify the main settings for Kaspersky Internet Security operation. Example: avp.com EXPORT RTP c:\settings.dat

    IMPORTING PROTECTION SETTINGS


    Command syntax: avp.com IMPORT <filename>[/password=<your_password>] The table below describes the settings of command execution.

    191

    USER GUIDE

    <filename>

    Path to the file from which the Kaspersky Internet Security settings are imported. An absolute or a relative path may be specified.

    <your_password> Kaspersky Internet Security password specified in the application interface. Security parameters can only be imported from a binary file. Note that this command is not accepted without a password. Example: avp.com IMPORT c:\settings.dat /password=<your_password>

    CREATING A TRACE FILE


    Trace file creation may be required in case of problems in Kaspersky Internet Security operation. This will help Technical Support Service specialists to diagnose problems more accurately. We only recommend creating trace files for troubleshooting a specific problem. Regularly enabling traces may slow down your computer and fill up your hard drive. Command syntax: avp.com TRACE [file] [on|off] [<trace_level>] A description of parameters is provided in the table below. [on|off] [file] <trace_level> Enable / disable trace file creation. Output trace to file. This setting can be a value from 0 (minimum level, only critical messages) to 700 (maximum level, all messages). Technical Support will tell you what trace level you need when you contact Technical Support. If the level is not specified, we recommend setting the value to 500. Examples: To disable trace file creation: avp.com TRACE file off To create a trace file to be sent to Technical Support with a maximum trace level of 500: avp.com TRACE file on 500

    VIEWING HELP
    The following command is used to view help about the command line syntax: avp.com [ /? | HELP ] You can use one of the following commands to view help information about the syntax of a specific command: avp.com <command> /? avp.com HELP <command>

    192

    APPENDIX

    RETURN CODES OF THE COMMAND LINE


    This section describes the return codes of the command line (see table below). The general codes may be returned by any command from the command line. The return codes include general codes, as well as codes specific to a certain type of task. GENERAL RETURN CODES 0 1 2 3 4 Operation completed successfully. Invalid setting value. Unknown error. Task completion error. Task cancelled.

    VIRUS SCAN TASK RETURN CODES 101 102 All dangerous objects processed. Hazardous objects detected.

    193

    KASPERSKY INTERNET SECURITY NOTIFICATIONS LIST


    This section provides information about notifications that Kaspersky Internet Security may display on the screen.

    IN THIS SECTION:
    Notifications in any protection mode ............................................................................................................................. 194 Notifications in interactive protection mode ................................................................................................................... 201

    NOTIFICATIONS IN ANY PROTECTION MODE


    This section provides information about notifications that are displayed both in automatic and in interactive protection mode (see section "Selecting a protection mode" on page 64).

    IN THIS SECTION:
    Special treatment required ............................................................................................................................................ 194 Hidden driver download................................................................................................................................................. 195 An application without a digital signature is being run ................................................................................................... 195 Removable drive connected .......................................................................................................................................... 196 New network detected ................................................................................................................................................... 196 Unreliable certificate detected ....................................................................................................................................... 197 Request for permission to access a website from a regional domain ............................................................................ 197 An application that may be exploited by an intruder in order to do harm to the user's computer or data, has been detected ......................................................................................................................................................... 197 Quarantined file not infected ......................................................................................................................................... 198 New product version released ....................................................................................................................................... 198 Technical update released ............................................................................................................................................ 199 Technical update downloaded....................................................................................................................................... 199 Downloaded technical update not installed ................................................................................................................... 200 License expired ............................................................................................................................................................. 200 We recommend that you update the databases before scan ........................................................................................ 200

    SPECIAL TREATMENT REQUIRED


    When you detect a threat that is currently active in the system (for example, a malicious process in the RAM or in startup objects), a notification is displayed on the screen requesting the confirmation of a special advanced disinfection procedure.

    194

    APPENDIX

    The notification provides the following information: Description of the threat. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. File name of the malicious object, including the path to it. You can select one of the following actions: Yes, disinfect with reboot perform the special disinfection procedure (recommended). When the disinfection is in progress, all applications are blocked except for trusted ones. When the disinfection is complete, the operating system will be restarted, so it is recommended that you save the changes that you have made and close all applications before starting the disinfection. After restarting your computer, you are advised to run a full virus scan. Do not run the detected object or process will be processed according to the selected action. To apply the selected action automatically every time such situation reoccurs, check the Apply to all objects box.

    HIDDEN DRIVER DOWNLOAD


    Some malicious applications download drivers onto the computer without being noticed by the user, after which the malicious application's activity cannot be controlled by Kaspersky Internet Security. Useful applications seldom use such methods for downloading drivers. When Application Control detects an attempt to download a driver covertly, it displays a notification on the screen. The notification provides the following information: Description of the threat. Name of the driver file, including the path to it. The icon is displayed next to the name of the file. Clicking the icon opens a window with information about the driver. You can select one of the following actions: Allow now allow downloading the driver and adding it into the list of exclusions. Block now block driver download. Quarantine block driver download and move the driver file to Quarantine.

    AN APPLICATION WITHOUT A DIGITAL SIGNATURE IS BEING RUN


    When Application Control detects an application without digital signature and with high threat rating according to the heuristic analysis that runs on your computer, it displays a notification on the screen.

    195

    USER GUIDE

    The notification provides the following information: Description of the threat. Name of the application being run. The icon is displayed next to the name of the application. Clicking the icon opens a window with information about the application. Information about the number of users that use the application and trust it. You can select one of the following actions: Yes, I trust allow opening and running the application without any restrictions. Restrict the application allow application startup, but block dangerous operations. Block block the opening and running of the application currently and in the future.

    REMOVABLE DRIVE CONNECTED


    When a removable drive is connected to the computer, a notification appears on the screen. You can select one of the following actions: Quick Scan scan only files stored on the removable drive that can pose a potential threat. Full Scan scan all files stored on the removable drive. Do not scan do not scan the removable drive. To apply the selected action to all removable drives that may be connected in the future, check the Always perform in such cases box.

    NEW NETWORK DETECTED


    Every time your computer connects to a new zone (i.e. network), a notification is displayed on the screen. The top part of the notification window provides information about the network: the network adapter used for network connection; network type (for example, "wireless"); name of the network. The lower part of the window prompts you to assign a status to the network and network activity is allowed on the basis of that status: Yes, it is a trusted network. It is only recommended to apply this status to safe networks, where your computer is not exposed to attacks and attempts of unauthorized access to your data. Local network. This status is recommended to apply to networks with a medium risk factor (for example, corporate LANs). No, it is a public network. A high-risk network in which your computer is in danger of any possible type of threat. This status is also recommended to apply to networks that are not protected with anti-virus applications, firewalls, or filters. When you select this status, the application ensures maximum security of your computer in this zone.

    196

    APPENDIX

    UNRELIABLE CERTIFICATE DETECTED


    Kaspersky Internet Security verifies security of the connection established via the SSL protocol using an installed certificate. If an invalid certificate is detected when the connection to the server is attempted (for example, if the certificate is replaced by an intruder), a notification is displayed on screen. The notification provides the following information: description of the threat; a link for viewing the certificate; probable causes of the error; the URL of the web resource. You can select one of the following actions: Yes, accept the untrusted certificate proceed with connecting to the web resource. Deny certificate interrupt the connection with the website.

    REQUEST FOR PERMISSION TO ACCESS A WEBSITE FROM A REGIONAL


    DOMAIN
    If you attempt to access a website from a regional domain that is not recognized as neither blocked nor allowed, a notification is displayed on the screen. The notification provides the following information: a description of the reason for blocking access to the website; the name of the region to which the website belongs; the domain and level of infectiousness of websites in this domain; the URL of the website; the name of the application that has attempted to access the website. You can select one of the following actions: Yes, allow request load the website. No, block request cancel website loading. To apply the selected action to all websites from this regional domain, check the Remember for this region box.

    AN APPLICATION THAT MAY BE EXPLOITED BY AN INTRUDER IN ORDER TO DO HARM TO THE USER'S COMPUTER OR DATA, HAS BEEN DETECTED
    When Activity Monitor detects an application that may be exploited by an intruder in order to do harm to the user's computer or data, a notification is displayed on the screen.

    197

    USER GUIDE

    The notification provides the following information: Description of the threat. Type and name of the application that may be exploited by an intruder in order to do harm to the user's computer or data. The icon is displayed next to the name of the application. Clicking the icon opens a window with information about the application. ID of the process and name of the application file, including the path to it. Link to the window with the application emergence log. You can select one of the following actions: Allow allow the application to run. Quarantine close the application, move the application file to Quarantine where it poses no threat to your computer's security. With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status and then restored. The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than three days after it is moved to Quarantine. Terminate application interrupt the execution of the application. Add to exclusions always allow the application to perform such actions in the future.

    QUARANTINED FILE NOT INFECTED


    By default, Kaspersky Internet Security scans quarantined files after each update of the databases. If the scan of a quarantined file shows that it is not infected, a notification is displayed on the screen. The notification provides the following information: a recommendation to restore the quarantined file; the name of the file, including the path to the folder in which it had been stored before it was moved to Quarantine. You can select one of the following actions: Restore restore the file by removing it from Quarantine and moving it to the folder in which this file had been stored before it was moved to Quarantine. Cancel leave the file in Quarantine.

    NEW PRODUCT VERSION RELEASED


    When a new version of Kaspersky Internet Security has been released and is available for downloading from Kaspersky Lab servers, a notification is displayed on the screen.

    198

    APPENDIX

    The notification provides the following information: a link to a window with detailed information about the newly released version of the application; the size of the installation package. You can select one of the following actions: Yes, download download the installation package of the new application version into the selected folder. No cancel the installation package download. If you do not want the notification of the new application version to be displayed on the screen in the future, check the Do not inform of this update box.

    TECHNICAL UPDATE RELEASED


    When a technical update of Kaspersky Internet Security has been released and is available for downloading from Kaspersky Lab servers, a notification is displayed on the screen. The notification provides the following information: the number of the application version installed on your computer; the number of the application version after the expected technical update; a link to a window with detailed information about the technical update; the size of the update file. You can select one of the following actions: Yes, download download the update file into the selected folder. No cancel the update download. This option is available if the Do not inform of this update box is checked (see below). No, remind later cancel the immediate download and receive a reminder to update later. This option is available if the Do not inform of this update box is unchecked (see below). If you do not want this notification to be displayed on the screen in the future, check the Do not inform of this update box.

    TECHNICAL UPDATE DOWNLOADED


    When downloading of the technical update of Kaspersky Internet Security from Kaspersky Lab servers is completed, a notification is displayed on the screen. The notification provides the following information: the number of the application version after the technical update; a link to the update file.

    199

    USER GUIDE

    You can select one of the following actions: Yes, install install the update. After the update is installed, you need to reboot your operating system. Postpone installation cancel installation to perform it later.

    DOWNLOADED TECHNICAL UPDATE NOT INSTALLED


    If a technical update of Kaspersky Internet Security has been downloaded but not installed on your computer, a notification is displayed on the screen. The notification provides the following information: the number of the application version after the technical update; a link to the update file. You can select one of the following actions: Yes, install install the update. After the update is installed, you need to reboot your operating system. Postpone installation cancel installation to perform it later. If you do not want notification of this update to be displayed on the screen in the future, check the Do not ask until new version is available box.

    LICENSE EXPIRED
    When the trial license expires, Kaspersky Internet Security displays a notification on the screen. The notification provides the following information: the length of the trial period; information about the application operation outcome (may include a link to more details). You can select one of the following actions: Yes, purchase selecting this option opens a browser window and loads the eStore web page where you can purchase the commercial license. Cancel stop using the application. If you select this option, the application stops performing all of its main functions (virus scan, update, real-time protection, etc.).

    WE RECOMMEND THAT YOU UPDATE THE DATABASES BEFORE SCAN


    If you initiate scan tasks before or during the first update of the databases, a notification is displayed on the screen. The notification contains a recommendation to update the databases or wait until the update is completed before scan. You can select one of the following actions:

    200

    APPENDIX

    Update databases before scan start updating the databases, after which the scan task starts automatically. This action option is unavailable if you have started the scan task before the first update of the databases. Start scan after update wait until the update of the databases is completed and start the scan task automatically. This action option is unavailable if you have started the scan task during the first update of the databases. Start scan now start the scan task without waiting for the update of the databases is completed.

    NOTIFICATIONS IN INTERACTIVE PROTECTION MODE


    This section provides information about notifications that are displayed in interactive protection mode (see section "Selecting a protection mode" on page 64).

    IN THIS SECTION:
    Network activity of an application has been detected .................................................................................................... 202 A suspicious / malicious object detected ....................................................................................................................... 202 Vulnerability detected .................................................................................................................................................... 203 Request for permission for an application's actions ...................................................................................................... 204 Dangerous activity detected in the system .................................................................................................................... 204 Rolling back changes made by the application that may be exploited by an intruder in order to do harm to the user's computer or data ....................................................................................................................................... 205 Malicious application detected ...................................................................................................................................... 205 An application that may be exploited by intruders, is detected ...................................................................................... 206 Suspicious / malicious link detected .............................................................................................................................. 207 Dangerous object detected in traffic .............................................................................................................................. 207 Attempt to access a phishing website detected ............................................................................................................. 208 Attempt to access the system registry detected ............................................................................................................ 208 Object cannot be disinfected ......................................................................................................................................... 208 Hidden process detected............................................................................................................................................... 209 Blocked domain region / Access denied........................................................................................................................ 210 Dangerous web resource .............................................................................................................................................. 210 No information on whether the web resource is safe .................................................................................................... 210 It is recommended that you switch to Safe Run for Websites ....................................................................................... 211 It is recommended that you quit Safe Run for Websites ............................................................................................... 211

    201

    USER GUIDE

    NETWORK ACTIVITY OF AN APPLICATION HAS BEEN DETECTED


    If any network activity of an application is detected (by default, effective for applications included in the Low Restricted or High Restricted groups), a notification is displayed on the screen. The notification is displayed if Kaspersky Internet Security runs in interactive mode (see section "Selecting a protection mode" on page 64), and if no packet rule is created for the application, whose activity has been detected (see page 111). The notification contains the following information: the name of the application and a brief description of the connection that it initiates; information about the connection (connection type, local and remote port, address to which the connection is established); application run sequence. You can select one of the following actions: Allow now. Block now. Create a rule. If you select this option, the Firewall window opens, where you can create a rule to manage the network activity of the application (see section "Editing application rules" on page 112). You can allow or block the network activity of the application once or for a longer period by selecting one of the following actions: Allow now or Block now once allow or block the network activity of the application. Allow now or Block now (when the Apply to current application session box is checked) remember the selected action for the current session of the application that has shown network activity. If the Apply always box is checked in the window, you can click the always link to change its name to Apply to current application session. Allow now or Block now (when the Apply always box is checked) remember the action selected for the application and always apply it subsequently. If the Apply to current application session box is checked in the window, you can click the to current application session link to change its name to Apply always.

    A SUSPICIOUS / MALICIOUS OBJECT DETECTED


    While File Anti-Virus, Mail Anti-Virus, or a virus scan is running, a notification is displayed on the screen if any of the following objects is detected: malicious object; object that contains the code of an unknown virus; object that contains the modified code of an unknown virus.

    202

    APPENDIX

    The notification provides the following information: Description of the threat. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. File name of the malicious object, including the path to it. You can select one of the following responses to the object: Disinfect attempt to disinfect the malicious object. This option is suggested if the threat is known. Before disinfecting the object, a backup copy of it is created. Quarantine move the object to Quarantine where it will pose no threat to your computer. This option is suggested if neither the threat nor any ways of disinfecting the object are known. With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status and then restored. The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than three days after it is moved to Quarantine. Delete delete the object. Before deleting the object, a backup copy of it is created. Ignore / Block block access to the object, but perform no actions with regard to it; simply record information about it in a report. You can return to the processing of skipped objects in the report window. However, you cannot postpone the processing of objects detected in email messages. To apply the selected action to all threats of the same type detected in the current session of a protection component or task, check the Apply to all objects box. The current session is the time from when the component is started until it is disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete. If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to keep the program from making repeat false positives when you use the object.

    VULNERABILITY DETECTED
    A notification is displayed on the screen if a vulnerability is detected. The notification contains the following information: Descriptions of the vulnerability. The name of the vulnerability as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name. Clicking the icon opens a window with information about the vulnerability. Clicking www.securelist.com in the window takes you to the Virus Encyclopedia website, where you can obtain more detailed information about the vulnerability. File name of the vulnerable object, including the path to it.

    203

    USER GUIDE

    You can select one of the following responses to the object: Yes, fix eliminate the vulnerability. Ignore take no actions on the vulnerable object.

    REQUEST FOR PERMISSION FOR AN APPLICATION'S ACTIONS


    If an application attempts to perform an action about whose security or necessity Kaspersky Internet Security is unaware, a notification is displayed on the screen. The notification provides the following information: Name and icon of the application. Clicking the icon opens a window with information about the application.

    Description of the application's actions. Location of the application file. Application run sequence. You can block or allow the application run by selecting one of the following actions: Make trusted move the application to the Trusted group (so that the application will always be allowed to run). Allow now allow the application run once. Block now block the application run once. Terminate application and make untrusted move the application to the Untrusted group (so that the application will always be prohibited to run).

    DANGEROUS ACTIVITY DETECTED IN THE SYSTEM


    When Proactive Defense detects dangerous application activity on your system, a notification pops up. The notification contains the following information: Description of the threat. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. ID of the process and name of the application file, including the path to it. You can select one of the following actions: Allow allow the application to run. Quarantine close the application, move the application file to Quarantine where it poses no threat to your computer's security. With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status and then restored.

    204

    APPENDIX

    The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than three days after it is moved to Quarantine. Terminate application interrupt the execution of the application. Add to exclusions always allow the application to perform such actions in the future. If you are sure that the program detected is not dangerous, we recommend adding it to the trusted zone to avoid Kaspersky Internet Security making repeat false positives when detecting it.

    ROLLING BACK CHANGES MADE BY THE APPLICATION THAT MAY BE EXPLOITED BY AN INTRUDER IN ORDER TO DO HARM TO THE USER'S
    COMPUTER OR DATA
    We recommend that you roll back (discard) changes made by the application that may be exploited by an intruder in order to do harm to the user's computer or data. When such an application ceases its activity, a notification is displayed on the screen, requesting a rollback of changes. The notification provides the following information: Requesting a rollback of changes made by the application that may be exploited by an intruder in order to do harm to the user's computer or data. Type and name of the application. The icon is displayed next to the name of the application. Clicking the icon opens a window with information about the application. ID of the process and name of the application file, including the path to it. You can select one of the following actions: Skip cancel changes rollback. Yes, roll back roll back the changes made by the application.

    MALICIOUS APPLICATION DETECTED


    When System Watcher detects an application whose behavior completely matches the activities of malicious applications, a notification is displayed on the screen. The notification provides the following information: Description of the threat. Type and name of the malicious application. The icon is displayed next to the name of the application. Clicking the icon opens a window with information about the application. ID of the process and name of the application file, including the path to it. Link to the window with the application emergence log.

    205

    USER GUIDE

    You can select one of the following actions: Allow allow the application to run. Quarantine close the application, move the application file to Quarantine where it poses no threat to your computer's security. With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status and then restored. The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than three days after it is moved to Quarantine. Terminate application interrupt the execution of the application. Add to exclusions always allow the application to perform such actions in the future.

    AN APPLICATION THAT MAY BE EXPLOITED BY INTRUDERS, IS DETECTED


    If File Anti-Virus, Mail Anti-Virus, or the virus scan task detects an application that may be exploited by intruders, a notification is displayed on the screen. The notification provides the following information: Description of the threat. Type of the threat and name of the object as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name of the object. Clicking the icon opens a window with information about the object. Clicking the www.securelist.com link in the window allows you to go to the Virus Encyclopedia website and obtain more details. Name of the object file, including the path to it. You can select one of the following responses to the object: Quarantine move the object to Quarantine where it will pose no threat to your computer. This option is suggested if neither a threat nor any ways of disinfecting the object are known. With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status and then restored. The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than three days after it is moved to Quarantine. Delete delete the object. Before deleting the object, a backup copy of it is created. Delete archive - delete password-protected archive. Ignore / Block block access to the object, but perform no actions with regard to it; simply record information about it in a report. You can return to the processing of skipped objects in the report window. However, you cannot postpone the processing of objects detected in email messages. Add to exclusions create an exclusion rule for this threat type.

    206

    APPENDIX

    To apply the selected action to all threats of the same type detected in the current session of a protection component or task, check the Apply to all objects box. The current session is the time from when the component is started until it is disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete. If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to keep the program from making repeat false positives when you use the object.

    SUSPICIOUS / MALICIOUS LINK DETECTED


    When Kaspersky Internet Security detects an attempt to go to a website with suspicious or malicious content, a notification is displayed on the screen. The notification provides the following information: description of the threat; the name of the application (browser) using which the website was loaded; the URL of the website or web page with suspicious or malicious content. You can select one of the following actions: Allow continues the website download. Block blocks the website download. To apply the selected action to all websites with threats of the same type detected in the current session of a protection component, check the Apply to all objects box. The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted.

    DANGEROUS OBJECT DETECTED IN TRAFFIC


    When Web Anti-Virus detects a malicious object in traffic, a special notification is displayed on the screen. The notification contains the following information: A description of the threat or the actions performed by the application. Name of the application which performs the action. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. Object location (URL). You can select one of the following actions: Allow continue the object download. Block block the object download from the web resource. To apply the selected action to all threats of the same type detected in the current session of a protection component or task, check the Apply to all objects box. The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted.

    207

    USER GUIDE

    ATTEMPT TO ACCESS A PHISHING WEBSITE DETECTED


    When Kaspersky Internet Security detects an attempt to access a website that is or may be a phishing site, a notification is displayed on the screen. The notification provides the following information: description of the threat; the URL of the website. You can select one of the following actions: Allow continues the website download. Block blocks the website download. To apply the selected action to all websites with threats of the same type detected in the current session of Kaspersky Internet Security, check the Apply to all objects box. The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted.

    ATTEMPT TO ACCESS THE SYSTEM REGISTRY DETECTED


    When Proactive Defense detects an attempt to access system registry keys, a notification pops up. The notification provides the following information: the registry key being accessed; the file name of the process that initiated the attempt to access the registry keys, including the path to it. You can select one of the following actions: Allow allows the execution of the dangerous action once; Block blocks the dangerous action once. To apply the selected action to each attempt of obtaining access to registry keys, check the Create a rule box. If you are sure that no activity of the application that attempted to access system registry keys is dangerous, add the application to the trusted application list.

    OBJECT CANNOT BE DISINFECTED


    In some cases, an object cannot be disinfected: for example, if the file is so corrupted that the application is unable to remove malicious code from it and restore its integrity. Besides, the disinfection procedure cannot be applied to several types of malicious objects, such as Trojans. If an object cannot be disinfected, a notification is displayed on the screen. The notification provides the following information: Description of the threat. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name of the malicious object. Clicking the icon opens a window with information about the object. Clicking the www.securelist.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. File name of the malicious object, including the path to it.

    208

    APPENDIX

    You can select one of the following actions: Delete delete the object. Before deleting the object, a backup copy of it is created. Ignore / Block block access to the object, but perform no actions with regard to it; simply record information about it in a report. You can return to the processing of skipped objects in the report window. However, you cannot postpone the processing of objects detected in email messages. Add to exclusions create an exclusion rule for this threat type. To apply the selected action to all threats of the same type detected in the current session of a protection component or task, check the Apply to all objects box. The current session is the time from when the component is started until it is disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete.

    HIDDEN PROCESS DETECTED


    If Proactive Defense detects a hidden process in the system, a notification is displayed on the screen. The notification provides the following information: Description of the threat. Type and name of threat as listed in the Kaspersky Lab Virus Encyclopedia. The icon is displayed next to the name. Clicking the icon opens a window with information about the threat. Clicking www.securelist.com in the window takes you to the Virus Encyclopedia website, where you can obtain more detailed information about the threat. Name of the process file, including the path to it. You can select one of the following actions: Quarantine close the process and move the process file to Quarantine, where it poses no threat to your computer's security. With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status and then restored. The status of a file moved to Quarantine can be changed to not infected at a next scan, but not earlier than three days after it is moved to Quarantine. Terminate interrupt the process. Allow allow the execution of the process. To apply the selected action to all threats of the same type detected in the current session of Proactive Defense, check the Apply to all such cases box. The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted. If you are sure that the process detected is not dangerous, we recommend adding it to the trusted zone to avoid Kaspersky Internet Security making repeat false positives when detecting it.

    209

    USER GUIDE

    BLOCKED DOMAIN REGION / ACCESS DENIED


    Access to a website may be blocked by Web Anti-Virus on the grounds that the website belongs to a specified regional domain. A domain is considered as blocked in the following cases: access to the domain was blocked by the user when configuring Web Anti-Virus; a previous attempt to access a website from the same region was blocked by the user. When Geo Filter (a module of Web Anti-Virus) detects an attempt to go to a website that belongs to a blocked region, a special notification is displayed in the browser window. The notification provides the following information: a description of the reason for blocking access to the website; the name of the region to which the website belongs; the domain and level of infectiousness of websites in this domain; the URL of the website. You can select one of the following actions: Back to the previous page open the previous page. Open web resource load the website which belongs to the blocked domain. Open Geo Filter settings open the Web Anti-Virus settings window on the Geo Filter tab.

    DANGEROUS WEB RESOURCE


    When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a dangerous website, a notification is displayed in the browser window. The notification provides the following information: a description of the reason for blocking access to the website; the URL of the website. You can select one of the following actions: Back to the previous page open the previous page without loading the dangerous website. Open anyway load the dangerous website.

    NO INFORMATION ON WHETHER THE WEB RESOURCE IS SAFE


    When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a website whose security is doubtful, a notification is displayed in the browser window. The notification provides the following information: a description of the reason for pausing access to the website; the URL of the website.

    210

    APPENDIX

    You can select one of the following actions: Yes, open web resource load the website. Open and add to the trusted addresses load the website and add its URL to the list of trusted ones to prevent Safe Surf from pausing the loading of this website. Open in Safe Run for Websites load the website in Safe Run for Websites (only for Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome). When loading the website in Safe Run for Websites, malicious objects on web pages being loaded do not constitute any menace to your computer's security. No, return to the previous page do not load the website, but open the previous page instead.

    IT IS RECOMMENDED THAT YOU SWITCH TO SAFE RUN FOR WEBSITES


    Kaspersky Lab recommends that you use Safe Run for Websites, which will ensure improved protection of your digital identity data when working with online banking. When attempting to go to an online banking website, Web Anti-Virus displays a notification in the browser window. The notification provides the following information: recommendation of switching to Safe Run for Websites; the address of the online banking resource. You can select one of the following actions: Open in Safe Run for Websites open the website using the safe browser (only for Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome). Open web resource open the website in standard mode. Back to the previous page open the previous page in normal mode without opening the website.

    IT IS RECOMMENDED THAT YOU QUIT SAFE RUN FOR WEBSITES


    When working with online banking websites, Safe Run for Websites is used. When you go to a different website that does not have to do with online banking, it is recommended that you quit Safe Run for Websites. If you continue working with a common website in Safe Run for Websites, this may weaken the protection of your digital identity data. When working in Safe Run for Websites and attempting to go from an online banking website to another one, Web AntiVirus displays a notification in the browser window. The notification provides the following information: recommendation of quitting Safe Run for Websites; the address of the website to which you have gone from the online banking website. You can select one of the following actions: Open web resource in usual browser quit Safe Run for Websites and open the website in normal mode. This is a bank's website, continue in Safe Run for Websites open the website in Safe Run for Websites. Back to the previous page open the previous page in Safe Run for Websites.

    211

    GLOSSARY
    A
    ACTIVATING THE APPLICATION
    Switching the application into full-function mode. The user needs a license to activate the application.

    ACTIVE LICENSE
    The license currently used for the operation of a Kaspersky Lab application. The license defines the expiration date for full functionality and the license policy for the application. The application cannot have more than one license with active status.

    ADDITIONAL LICENSE
    A license that has been added for the operation of Kaspersky Lab application but has not been activated. The additional license enters into effect when the active license expires.

    ADMINISTRATION SERVER CERTIFICATE


    A certificate which allows Administration Server authentication when connecting the Administration Console to it and when exchanging data with users' computers. The Administration Server certificate is created when Administration Server is installed and then stored in the folder %ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert.

    ALTERNATE NTFS STREAMS


    NTFS data streams (alternate data streams) designed to contain additional attributes or file information. Each file in an NTFS file system is a set of streams. One of them contains the file content that one is able to view after opening the file, other streams (called alternate) are designed to contain meta information and ensure, for example, NTFS compatibility with other systems, such as an older file system by Macintosh called the Hierarchical File System (HFS). Streams can be created, deleted, stored separately, renamed, and even run as a process. Alternate streams can be used by intruders to transfer data secretly, or to steal them from a computer.

    APPLICATION MODULES
    Files included in the Kaspersky Lab installation package that are responsible for performing its main tasks. A particular executable module corresponds to each type of task performed by the application (real-time protection, on-demand scan, updates). By running a full scan of your computer from the main window, you initiate the execution of this task's module.

    APPLICATION SETTINGS
    Application settings which are common for all task types, regulating the application's operation as a whole, such as application performance settings, report settings, and backup storage settings.

    ARCHIVE
    File "containing" one or several other objects, which may also be archives.

    AVAILABLE UPDATES
    A set of updates for Kaspersky Lab application modules, including critical updates accumulated over a certain period of time and changes to the application's architecture.

    B
    BLACK LIST OF KEY FILES
    A database containing information on blacklisted Kaspersky Lab key files. The content of the black list file is updated along with the product databases.

    212

    GLOSSARY

    BLOCKING AN OBJECT
    Denying access to an object from external applications. A blocked object cannot be read, executed, changed, or deleted.

    BOOT VIRUS
    A virus that infects the boot sectors of a computer's hard drive. The virus forces the system to load it into memory during reboot and to direct control to the virus code instead of the original boot loader code.

    C
    COMPRESSED FILE
    An archive file that contains a decompression program and instructions for the operating system for executing it.

    D
    DANGEROUS OBJECT
    An object containing a virus. You are advised not to access these objects, because it may result in infection of your computer. Once an infected object is detected, we recommend that you disinfect it using one of Kaspersky Lab's applications, or delete it if disinfection is not possible.

    DATABASE OF PHISHING WEB ADDRESSES


    List of web addresses which are defined as phishing by Kaspersky Lab specialists. The database is regularly updated and is part of the Kaspersky Lab application.

    DATABASE OF SUSPICIOUS WEB ADDRESSES


    List of web addresses whose content can be considered to be potentially dangerous. The list was created by Kaspersky Lab specialists. It is regularly updated and is included in the Kaspersky Lab application package.

    DATABASE UPDATE
    One of the functions performed by a Kaspersky Lab application that enables it to keep protection current. In doing so, the databases are downloaded from the Kaspersky Lab update servers onto the computer and are automatically connected to the application.

    DATABASES
    Databases created by Kaspersky Lab's experts and containing a detailed description of all current threats to computer security, as well as methods used for their detection and disinfection. These databases are constantly updated by Kaspersky Lab as new threats appear.

    DELETING AN OBJECT
    The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder, network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot be disinfected.

    DISINFECTING OBJECTS ON RESTART


    A method of processing infected objects that are being used by other applications at the moment of disinfection. Consists of creating a copy of the infected object, disinfecting the copy created, and replacing the original infected object with the disinfected copy after the next system restart.

    DISK BOOT SECTOR


    A boot sector is a particular area on a computer's hard drive, floppy, or other data storage device. It contains information on the disk's file system and a boot loader program that is responsible for starting the operating system. There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The Kaspersky Lab application allows scanning of boot sectors for viruses and disinfecting them if an infection is found.

    213

    USER GUIDE

    DOMAIN NAME SERVICE (DNS)


    A distributed system for converting the name of a host (a computer or other network device) to an IP address. DNS functions in TCP/IP networks. As a special case, DNS can also store and process reverse requests and determine the name of a host by its IP address (PTR record). Resolution of DNS names is usually carried out by network applications, not by users.

    DUAL-HOMED GATEWAY
    Computer equipped with two network adapters (each of which is connected to a different network) which transfers data from one network to the other.

    E
    EMAIL DATABASES
    Databases containing emails in a special format and saved on your computer. Each incoming/outgoing email is placed in the mail database after it is received/sent. These databases are scanned during a full computer scan. Incoming and outgoing emails are analyzed for viruses in real time at the time that they are sent and received if real-time protection is enabled.

    EVENT SEVERITY LEVEL


    Description of an event logged during the operation of the Kaspersky Lab application. There are four severity levels: Critical event. Functional failure. Warning. Information message. Events of the same type may have different severity levels, depending on the situation when the event occurred.

    EXCLUSION
    An Exclusion is an object excluded from the scan by a Kaspersky Lab application. You can exclude files of certain formats, file masks, a certain area (for example, a folder or a program), application processes, or objects by threat type, according to the Virus Encyclopedia classification from the scan. Each task can be assigned a set of exclusions.

    F
    FALSE ALARM
    A situation when a Kaspersky Lab application considers a non-infected object to be infected because its code is similar to that of a virus.

    FILE MASK
    Representation of a file name and extension using wildcards. The two standard wildcards used in file masks are * and ?, where * represents any number of any characters and ? stands for any single character. Using these wildcards, you can represent any file. Note that the name and extension are always separated by a period.

    H
    HARDWARE PORT
    Socket on a hardware component of a computer in which a cable or a plug can be connected (LPT port, serial port, USB port).

    214

    GLOSSARY

    HEADER
    The information in the beginning of a file or a message, which is comprised of low-level data on file (or message) status and processing. In particular, the email message header contains such data as information about the sender and recipient and the date.

    HEURISTIC ANALYZER
    A technology designed for detecting threats that cannot be identified using the Kaspersky Lab application databases. It allows detection of objects suspected of being infected with an unknown virus or a new modification of known viruses. The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to false positives. Files detected by the heuristic analyzer are considered suspicious.

    I
    ICHECKER

    TECHNOLOGY

    iChecker is a technology that increases the speed of anti-virus scans by excluding objects that have remained unchanged since their last scan, provided that the scan parameters (the anti-virus database and settings) have not changed. The information for each file is stored in a special database. This technology is used in both real-time protection and on-demand scan modes. For example, you have an archive file that was scanned by the Kaspersky Lab application and assigned not infected status. The next time the application will skip this archive unless it has been altered or the scan settings have been changed. If you altered the archive content by adding a new object to it, modified the scan settings, or updated the antivirus database, the archive is re-scanned. Limitations of iChecker technology: this technology does not work with large files, since it is faster to scan a file than check whether it was modified since it was last scanned; the technology supports a limited number of formats ( EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, RAR).

    INCOMPATIBLE APPLICATION
    An antivirus application from a third-party developer or a Kaspersky Lab application that does not support management through Kaspersky Internet Security.

    INFECTED OBJECT
    Object containing a malicious code. It is detected when a section of the object's code completely matches a section of the code of a known threat. Kaspersky Lab does not recommend using such objects since they may infect your computer.

    INPUT/OUTPUT PORT
    Used in processors (such as Intel) for exchanging data with hardware components. The input/output port is associated with a certain hardware component and allows applications to address it for data exchange.

    INSTALLATION USING A LOGON SCRIPT


    A method of remote installation of Kaspersky Lab applications which allows the startup of the remote installation task to be assigned to an individual user account (or to several user accounts). Registering a user in a domain leads to an attempt to install the application on the client computer on which the user has been registered. This method is recommended for installing the applications on computers running under Microsoft Windows 98 / Me operating systems.

    INTERCEPTOR
    Subcomponent of the application responsible for scanning specific types of email. The set of interceptors specific to your installation depends on what role or what combination of roles the application is being deployed for.

    215

    USER GUIDE

    INTERNET PROTOCOL (IP)


    The basic protocol for the Internet, used without change since the time of its development in 1974. It performs basic operations for transmitting data from one computer to another and serves as the foundation for higher-level protocols like TCP and UDP. It manages connection and error processing. Technologies such as NAT and masking make it possible to hide a large number of private networks using a small number of IP addresses (or even one address), which makes it possible to meet the demands of the constantly growing Internet using the relatively restricted IPv4 address space.

    K
    KASPERSKY LAB'S UPDATE SERVERS
    A list of Kaspersky Lab's HTTP and FTP servers from which the application downloads databases and module updates to your computer.

    KASPERSKY SECURITY NETWORK


    The Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab, which contains information about the reputation of files, web resources, and software. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky Internet Security when encountering new types of threats, improves performance of some protection components, and reduces the risk of false positives.

    KEY FILE
    A file with the KEY extension, which is your personal "key" and is necessary for working with the Kaspersky Lab application. A key file is included with the product if you purchased it from Kaspersky Lab distributors, or is emailed to you if you purchased the product online.

    L
    LICENSE VALIDITY PERIOD
    The period of time during which you are able to use all features of your Kaspersky Lab application. The license validity period generally runs for one calendar year from the date of installation. After the license expires, the application has reduced functionality. You will not be able to update the application databases.

    LIST OF ALLOWED URLS


    A list of masks and addresses of web resources to which access is not blocked by the Kaspersky Lab application. The list of addresses is created by the user during application settings configuration.

    LIST OF ALLOWED SENDERS


    (also "White" list of addresses) The list of email addresses from which messages should not be scanned by Kaspersky Lab application.

    LIST OF BLOCKED URLS


    A list of masks and addresses of web resources, access to which is blocked by the Kaspersky Lab application. The list of addresses is created by the user during application settings configuration.

    LIST OF BLOCKED SENDERS


    (also "Black" list of addresses) The list of email addresses from which messages should be blocked by the Kaspersky Lab application, regardless of their content.

    LIST OF TRUSTED URLS


    A list of masks and addresses of web resources whose content the user trusts. A Kaspersky Lab application does not scan web pages corresponding to a list item for the presence of malicious objects.

    216

    GLOSSARY

    LIST OF WEB ADDRESSES TO BE CHECKED


    A list of masks and addresses of web resources which are mandatorily scanned for malicious objects by the Kaspersky Lab application.

    M
    MEMORY DUMP
    Content of the working memory of a process or the entire RAM of the system at a specified moment of time.

    MESSAGE DELETION
    The method of processing an email message where the message is physically removed. We recommend that this method be applied to messages that definitely contain spam or malware. Before deleting a message, a copy of it is saved in backup (unless this option is disabled).

    MONITORED OBJECT
    A file transferred via HTTP, FTP, or SMTP protocols across the firewall and sent to a Kaspersky Lab application to be scanned.

    MOVING OBJECTS TO QUARANTINE


    A method of processing a potentially infected object by blocking access to the file and moving it from its original location to the Quarantine folder, where the object is saved in encrypted form, which rules out the threat of infection.

    N
    NETWORK PORT
    A TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host over a network and makes it possible for various programs running on a single host to receive data independently of each other. Each program processes data received via a certain port (this is sometimes referred to as the program "listening" to that port). For some common network protocols, there are usually standard port numbers (for example, web servers usually receive HTTP requests on TCP port 80); however, generally, a program can use any protocol on any port. Possible values: 1 to 65535.

    NOTIFICATION TEMPLATE
    A template based on which a notification about infected objects detected by a scan is generated. A notification template includes a combination of settings regulating the mode of notification, the means of distribution, and the text of messages to be sent.

    O
    OLE OBJECT
    An attached object or an object embedded into another file. The Kaspersky Lab application allows scanning of OLE objects for viruses. For example, if you insert a Microsoft Office Excel table into a Microsoft Office Word document, the table is scanned as an OLE object.

    OBJECT DISINFECTION
    A method used for processing infected objects that results in complete or partial recovery of data or the decision that the objects cannot be disinfected. Objects are disinfected using the database records. Part of the data may be lost during disinfection.

    OBSCENE MESSAGE
    Email message containing offensive language.

    217

    USER GUIDE

    P
    PHISHING
    A kind of Internet fraud which consists of sending email messages with the purpose of stealing confidential information as a rule, various financial data.

    POTENTIALLY INFECTABLE OBJECT


    An object which, due to its structure or format, can be used by intruders as a "container" to store and distribute a malicious object. As a rule, they are executable files, for example, files with the extensions COM, EXE, DLL, etc. The risk of penetration of malicious code into such files is fairly high.

    POTENTIALLY INFECTED OBJECT


    An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Potentially infected files are detected using a heuristic analyzer.

    PROTECTION STATE
    The current status of protection, summarizing the degree of security of the computer.

    PROTOCOL
    A clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known protocols and the services associated with them include HTTP (WWW), FTP, and NNTP (news).

    PROXY SERVER
    A computer network service which allows users to make indirect requests to other network services. First, a user connects to a proxy server and requests a resource (e.g., a file) located on another server. Then the proxy server either connects to the specified server and obtains the resource from it or returns the resource from its own cache (if the proxy has its own cache). In some cases, a user's request or a server's response can be modified by the proxy server for certain purposes.

    Q
    QUARANTINE
    A certain folder where all potentially infected objects which were detected during scans or by real-time protection are placed.

    R
    REAL-TIME PROTECTION
    The application's operating mode under which objects are scanned for the presence of malicious code in real time. The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats. Uninfected objects are passed on to the user; objects containing threats or suspected of containing them are processed pursuant to the task settings (they are disinfected, deleted or quarantined).

    RECOMMENDED LEVEL
    The level of security based on application settings recommended by Kaspersky Lab experts and providing an optimal level of protection for your computer. This level is set to be used by default.

    RESTORATION
    Moving an original object from Quarantine or Backup to the folder where it was originally found before being moved to Quarantine, disinfected, or deleted, or to a different folder specified by the user.

    218

    GLOSSARY

    ROOTKIT
    An application or a set of applications developed for masking traces of an intruder or malware in the system. In Windows-based systems, rootkit usually means a program that penetrates in the system and intercepts system functions (Windows API). First of all, intercepting and modifying low-level API functions allow such program to mask its presence in the system in a quite sophisticated manner. Besides, a rootkit may, as a rule, mask the presence of any processes, folders and files on the disk, and registry keys if they are described in the rootkit's configuration. Many rootkits install their own drivers and services in the system (they also are "invisible").

    S
    SCRIPT
    A small computer program or an independent part of a program (function) which, as a rule, has been developed to execute a small specific task. It is most often used with programs embedded into hypertext. Scripts are run, for example, when you open a certain website. If real-time protection is enabled, the application tracks the launching of scripts, intercepts them, and scans them for viruses. Depending on the results of the scan, you may block or allow the execution of a script.

    SECURITY LEVEL
    The security level is defined as a pre-set component configuration.

    SOCKS
    Proxy server protocol that allows establishment of a point-to-point connection between computers in the internal and external networks.

    SPAM
    Unsolicited mass email mailings, most often including advertising messages.

    STARTUP OBJECTS
    The set of programs needed to start and correctly operate the operating system and software installed on your computer. These objects are executed every time the operating system is started. There are viruses capable of infecting such objects specifically, which may lead, for example, to blocking of operating system startup.

    SUBNET MASK
    The subnet mask (also known as netmask) and network address determine the addresses of computers on a network.

    SUSPICIOUS MESSAGE
    A message that cannot be unambiguously considered spam, but seems suspicious when scanned (e.g., certain types of mailings and advertising messages).

    SUSPICIOUS OBJECT
    An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Suspicious objects are detected using the heuristic analyzer.

    T
    TASK
    Functions performed by Kaspersky Lab's application are implemented as tasks, such as: Real-time file protection, Full computer scan, Database update.

    TASK SETTINGS
    Application settings which are specific for each task type.

    219

    USER GUIDE

    THREAT RATING
    The rating of how dangerous an application is for the operating system. The rating is calculated using heuristic analysis based on two types of criteria: static (such as information about the executable file of an application: size, creation date, etc.); dynamic, which are used when simulating the application's operation in a virtual environment (analysis of the application's calls to system functions). The threat rating allows the detection of behavior typical of malware. The lower the threat rating is, the more actions the application will be allowed to perform in the system.

    TRACES
    Running the application in debugging mode; after each command is executed, the application is stopped, and the result of this step is displayed.

    TRAFFIC SCAN
    A real-time scan using information from the latest version of the databases for objects transmitted via all protocols (for example, HTTP, FTP, etc.).

    TRUSTED PROCESS
    A program process, whose file operations are not monitored by Kaspersky Lab's application in real-time protection mode. In other words, no objects run, open, or saved by the trusted process are scanned.

    U
    UNKNOWN VIRUS
    A new virus about which there is no information in the databases. Generally, unknown viruses are detected by the application in objects using the heuristic analyzer, and those objects are classified as potentially infected.

    UPDATE
    The procedure of replacing/adding new files (databases or application modules) retrieved from the Kaspersky Lab update servers.

    UPDATE PACKAGE
    File package for updating the software. It is downloaded from the Internet and installed on your computer.

    URGENT UPDATES
    Critical updates to Kaspersky Lab application modules.

    V
    VIRUS ACTIVITY THRESHOLD
    The maximum permissible level of a specific type of event over a limited time period that, when exceeded, is considered to be excessive virus activity and a threat of a virus outbreak. This feature is highly significant during virus outbreaks and enables an administrator to react in a timely fashion to threats of virus outbreaks that arise.

    VIRUS OUTBREAK
    A series of deliberate attempts to infect a computer with a virus.

    VIRUS OUTBREAK COUNTER


    A template based on which a notification of a virus outbreak threat is generated. A virus outbreak counter includes a combination of settings which determine the virus activity threshold, means of spreading, and the text in messages sent.

    220

    KASPERSKY LAB ZAO


    Kaspersky Lab software is internationally renowned for its protection against viruses, malware, spam, network and hacker attacks, and other threats. In 2008, Kaspersky Lab was rated among the worlds top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred developer of computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009". Kaspersky Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The company employs more than 2000 qualified specialists. Products. Kaspersky Labs products provide protection for all systemsfrom home computers to large corporate networks. The personal product range includes anti-virus applications for desktop, laptop, and pocket computers, and for smartphones and other mobile devices. Kaspersky Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and firewalls. Used in conjunction with Kaspersky Labs centralized management system, these solutions ensure effective automated protection for companies and organizations against computer threats. Kaspersky Lab's products are certified by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are optimized to run on many hardware platforms. Kaspersky Labs virus analysts work around the clock. Every day they uncover thousands of new computer threats, create tools to detect and disinfect them, and include them in the databases used by Kaspersky Lab applications. Kaspersky Lab's Anti-Virus database is updated hourly; and the Anti-Spam database every five minutes. Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by Kaspersky Lab. It is no coincidence that many other developers user the Kaspersky Anti-Virus kernel in their products, including: SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies (Israel), Clearswift (UK), CommuniGate Systems (USA), Critical Path (Ireland), D-Link (Taiwan), M86 Security (USA), GFI (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), NETASQ (France), NETGEAR (USA), Parallels (Russia), SonicWALL (USA), WatchGuard Technologies (USA), ZyXEL Communications (Taiwan). Many of the companys innovative technologies are pa tented. Achievements. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer threats. For example, in 2010 Kaspersky Anti-Virus was given several top Advanced+ awards after a series of tests held by AV-Comparatives, a renowned Austrian anti-virus lab. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The companys products and technologies protect more than 300 million users, and its corporate clients number more than 200,000. Kaspersky Lab official site: Virus Encyclopedia: Anti-Virus Lab: http://www.kaspersky.com http://www.securelist.com newvirus@kaspersky.com (only for sending probably infected files in archive format) http://support.kaspersky.com/virlab/helpdesk.html (for queries addressed to virus analysts) Kaspersky Lab web forum: http://forum.kaspersky.com

    221

    INFORMATION ABOUT THIRD-PARTY CODE


    Information about third-party code is contained in a file named legal_notices.txt and stored in the application installation folder.

    222

    INDEX
    A
    Anti-Banner list of blocked banner addresses .......................................................................................................................... 136 Anti-Spam additional filtering features .................................................................................................................................... 131 agressiveness level .............................................................................................................................................. 122 database of phishing web addresses ................................................................................................................... 125 list of allowed phrases .......................................................................................................................................... 127 list of allowed senders .......................................................................................................................................... 128 list of blocked phrases .......................................................................................................................................... 127 list of blocked senders .......................................................................................................................................... 128 Microsoft Exchange Server messages ................................................................................................................. 132 plug-in for Microsoft Office Outlook ...................................................................................................................... 133 plug-in for Microsoft Outlook Express ................................................................................................................... 133 plug-in for The Bat! ............................................................................................................................................... 134 plug-in for Thunderbird ......................................................................................................................................... 134 restoring the default settings................................................................................................................................. 122 training .................................................................................................................................................................. 122 Application Control application run sequence ...................................................................................................................................... 106 editing an application rule ..................................................................................................................................... 105 protection scope ................................................................................................................................................... 107 Application rule Firewall ................................................................................................................................................................. 112 Application run sequence Application Control ............................................................................................................................................... 106 Application self-defense ............................................................................................................................................. 159

    B
    Browser Configuration ................................................................................................................................................ 165

    C
    Computer performance .............................................................................................................................................. 157

    D
    Data clearing Safe Run............................................................................................................................................................... 140 Database of phishing web addresses Anti-Spam ............................................................................................................................................................. 125 IM Anti-Virus ........................................................................................................................................................... 97 Web Anti-Virus........................................................................................................................................................ 90 Disabling / enabling real-time protection ...................................................................................................................... 40

    E
    Editing an application rule Application Control ............................................................................................................................................... 105 EICAR ........................................................................................................................................................................ 176 Enable Parental Control.................................................................................................................................................... 145

    F
    File Anti-Virus heuristic analysis .................................................................................................................................................... 81 pausing ................................................................................................................................................................... 78

    223

    USER GUIDE

    protection scope ..................................................................................................................................................... 79 response to a threat ................................................................................................................................................ 81 scan mode .............................................................................................................................................................. 80 scan of compound files ........................................................................................................................................... 82 scan optimization .................................................................................................................................................... 83 scan technology...................................................................................................................................................... 81 security level ........................................................................................................................................................... 80 Firewall application rule ..................................................................................................................................................... 112 changing rule priority ............................................................................................................................................ 112 changing the network status ................................................................................................................................. 110 Firewall rule .......................................................................................................................................................... 110 packet rule ............................................................................................................................................................ 111 Firewall rule Firewall ................................................................................................................................................................. 110

    H
    Heuristic analysis File Anti-Virus ......................................................................................................................................................... 81 Mail Anti-Virus ........................................................................................................................................................ 86 Web Anti-Virus........................................................................................................................................................ 93

    I
    IM Anti-Virus database of phishing web addresses ..................................................................................................................... 97 protection scope ..................................................................................................................................................... 96 Installation folder .......................................................................................................................................................... 20

    K
    Kaspersky URL Advisor Web Anti-Virus........................................................................................................................................................ 91

    L
    License activating the application ........................................................................................................................................ 43 End User License Agreement ................................................................................................................................. 29 License renewal ........................................................................................................................................................... 44

    M
    Mail Anti-Virus attachment filtering ................................................................................................................................................. 86 heuristic analysis .................................................................................................................................................... 86 protection scope ..................................................................................................................................................... 84 response to a threat ................................................................................................................................................ 86 scanning of compound files .................................................................................................................................... 87 security level ........................................................................................................................................................... 90

    N
    Network encrypted connections .......................................................................................................................................... 116 monitored ports..................................................................................................................................................... 119 Network Attack Blocker blocking time......................................................................................................................................................... 115 types of detected network attacks ........................................................................................................................ 114 unblocking a computer ......................................................................................................................................... 115 Network Monitor ......................................................................................................................................................... 118 Notifications.................................................................................................................................................................. 45 delivery of notifications using email ...................................................................................................................... 173 disabling ............................................................................................................................................................... 172 disabling the audio signal ..................................................................................................................................... 173

    224

    INDEX

    notification types ................................................................................................................................................... 173

    P
    Packet rule Firewall ................................................................................................................................................................. 111 Parental Control browsing websites ................................................................................................................................................ 149 communicating via IM clients ................................................................................................................................ 150 downloading files from the Internet ....................................................................................................................... 150 enabling and disabling .......................................................................................................................................... 145 exporting / importing settings ................................................................................................................................ 146 limiting time for computer use ............................................................................................................................... 148 limiting time for Internet use.................................................................................................................................. 148 running applications .............................................................................................................................................. 148 safe search mode ................................................................................................................................................. 149 searching for key words ........................................................................................................................................ 153 sending private data ............................................................................................................................................. 152 Proactive Defense dangerous activity list ............................................................................................................................................. 99 dangerous activity monitoring rule .......................................................................................................................... 99 group of trusted applications................................................................................................................................... 98 Protection scope Application Control ............................................................................................................................................... 107 File Anti-Virus ......................................................................................................................................................... 79 IM Anti-Virus ........................................................................................................................................................... 96 Mail Anti-Virus ........................................................................................................................................................ 84 Web Anti-Virus........................................................................................................................................................ 95

    Q
    Quarantine and Backup.............................................................................................................................................. 160

    R
    Reports events search ....................................................................................................................................................... 169 filtering .................................................................................................................................................................. 168 saving to file.......................................................................................................................................................... 170 selecting a component or a task ........................................................................................................................... 168 view ........................................................................................................................................................................ 57 Rescue Disk ................................................................................................................................................................. 54 Response to a threat File Anti-Virus ......................................................................................................................................................... 81 Mail Anti-Virus ........................................................................................................................................................ 86 virus scan ............................................................................................................................................................... 69 Web Anti-Virus........................................................................................................................................................ 90 Restoring the default settings ....................................................................................................................................... 58 Anti-Spam ............................................................................................................................................................. 122 Restricting access to the application ............................................................................................................................ 63

    S
    Safe Run data clearing ......................................................................................................................................................... 140 shared folder......................................................................................................................................................... 143 Scan account ................................................................................................................................................................... 69 action with regard to a detected object ................................................................................................................... 69 automatic startup of a skipped task ........................................................................................................................ 67 scan optimization .................................................................................................................................................... 70 scan technologies ................................................................................................................................................... 68 scanning of compound files .................................................................................................................................... 70 schedule ................................................................................................................................................................. 67 security level ........................................................................................................................................................... 66 type of objects to scan ............................................................................................................................................ 69

    225

    USER GUIDE

    vulnerability scan .................................................................................................................................................... 72 Schedule update..................................................................................................................................................................... 75 virus scan ............................................................................................................................................................... 67 Security level File Anti-Virus ......................................................................................................................................................... 80 Mail Anti-Virus ........................................................................................................................................................ 90 Web Anti-Virus........................................................................................................................................................ 90 Shared folder Safe Run............................................................................................................................................................... 143

    T
    The context menu ........................................................................................................................................................ 32 The main application window ....................................................................................................................................... 33 The taskbar notification area icon ................................................................................................................................ 31 Traces creating a trace file ............................................................................................................................................... 180 uploading tracing results ....................................................................................................................................... 180 Training Anti-Spam using an email client ............................................................................................................................................. 123 using outgoing messages ..................................................................................................................................... 123 using reports ......................................................................................................................................................... 124 Trusted zone exclusion rules ...................................................................................................................................................... 155 trusted applications ............................................................................................................................................... 154

    U
    Uninstallation application .............................................................................................................................................................. 27 Update proxy server ............................................................................................................................................................ 77 regional settings ..................................................................................................................................................... 74 rolling back the last update ..................................................................................................................................... 76 Updating from a local folder ................................................................................................................................................... 74 update source ......................................................................................................................................................... 73

    V
    Virtual Keyboard........................................................................................................................................................... 50

    W
    Web Anti-Virus database of phishing web addresses ..................................................................................................................... 90 Geo Filter ................................................................................................................................................................ 94 heuristic analysis .................................................................................................................................................... 93 Kaspersky URL Advisor .......................................................................................................................................... 91 protection scope ..................................................................................................................................................... 95 response to a threat ................................................................................................................................................ 90 scan optimization .................................................................................................................................................... 94 security level ........................................................................................................................................................... 90

    226

    You might also like