Kaspersky Internet Security 2012

User Guide

APPLICATION VERSION: 12.0

Dear User! Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers to most of your questions that may arise. Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability in accordance with applicable law. Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission of Kaspersky Lab. This document and related graphic images can be used exclusively for informational, non-commercial or personal use. This document may be amended without prior notification. The latest version of this document can be found on the Kaspersky Lab website at http://www.kaspersky.com/docs. Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in this document the rights to which are held by third parties, or for any potential damages associated with the use of such documents. This document uses registered trademarks and service marks which are the property of their respective owners. Document revision date: 4/19/2011 © 1997-2011 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com http://support.kaspersky.com

2

CONTENT
ABOUT THIS GUIDE .....................................................................................................................................................9 In this guide ..............................................................................................................................................................9 Document conventions ........................................................................................................................................... 11 SOURCES OF INFORMATION ABOUT THE APPLICATION ..................................................................................... 12 Sources of information for independent research ................................................................................................... 12 Discussing Kaspersky Lab applications on the Forum ........................................................................................... 13 Contacting the Sales Department ........................................................................................................................... 13 Contacting the Documentation Development Team by email ................................................................................. 13 KASPERSKY INTERNET SECURITY.......................................................................................................................... 14 What's new ............................................................................................................................................................. 14 Distribution kit ......................................................................................................................................................... 14 Service for registered users .................................................................................................................................... 15 Hardware and software requirements ..................................................................................................................... 15 INSTALLING AND REMOVING THE APPLICATION .................................................................................................. 17 Standard installation procedure .............................................................................................................................. 17 Step 1. Searching for a newer version of the application .................................................................................. 18 Step 2. Making sure the system meets the installation requirements ............................................................... 18 Step 3. Selecting installation type ..................................................................................................................... 19 Step 4. Reviewing the license agreement ......................................................................................................... 19 Step 5. Kaspersky Security Network Data Collection Statement ...................................................................... 19 Step 6. Searching for incompatible applications ............................................................................................... 19 Step 7. Selecting the destination folder ............................................................................................................. 20 Step 8. Preparing for installation ....................................................................................................................... 20 Step 9. Installing ............................................................................................................................................... 21 Step 10. Finishing the installation ..................................................................................................................... 21 Step 11. Activating the application .................................................................................................................... 21 Step 12. Registering a user............................................................................................................................... 21 Step 13. Completing the activation ................................................................................................................... 22 Updating the previous version of Kaspersky Internet Security................................................................................ 22 Step 1. Searching for a newer version of the application .................................................................................. 23 Step 2. Making sure the system meets the installation requirements ............................................................... 23 Step 3. Selecting installation type ..................................................................................................................... 24 Step 4. Reviewing the license agreement ......................................................................................................... 24 Step 5. Kaspersky Security Network Data Collection Statement ...................................................................... 24 Step 6. Searching for incompatible applications ............................................................................................... 24 Step 7. Selecting the destination folder ............................................................................................................. 25 Step 8. Preparing for installation ....................................................................................................................... 25 Step 9. Installing ............................................................................................................................................... 26 Step 10. Wizard completion .............................................................................................................................. 26 Non-standard installation scenarios ........................................................................................................................ 26 Getting started ........................................................................................................................................................ 27 Removing the application ....................................................................................................................................... 27 Step 1. Saving data for reuse............................................................................................................................ 27 Step 2. Confirmation of application removal...................................................................................................... 28

3

USER GUIDE

Step 3. Removing the application. Completing removal .................................................................................... 28 LICENSING THE APPLICATION ................................................................................................................................. 29 About the End User License Agreement ................................................................................................................ 29 About data provision ............................................................................................................................................... 29 About the license .................................................................................................................................................... 29 About the activation code ....................................................................................................................................... 30 APPLICATION INTERFACE ........................................................................................................................................ 31 The notification area icon........................................................................................................................................ 31 The context menu ................................................................................................................................................... 32 The Kaspersky Internet Security main window ....................................................................................................... 33 Notification windows and pop-up messages ........................................................................................................... 34 The application settings window ............................................................................................................................. 36 The Kaspersky Gadget ........................................................................................................................................... 37 News Agent ............................................................................................................................................................ 37 STARTING AND STOPPING THE APPLICATION ...................................................................................................... 38 Enabling and disabling automatic launch ............................................................................................................... 38 Launching and closing the application manually..................................................................................................... 38 MANAGING THE COMPUTER PROTECTION ............................................................................................................ 39 Diagnostics and elimination of problems in your computer protection .................................................................... 39 Enabling and disabling the protection ..................................................................................................................... 40 Pausing and resuming protection ........................................................................................................................... 41 SOLVING TYPICAL TASKS......................................................................................................................................... 43 How to activate the application ............................................................................................................................... 43 How to purchase or renew a license ....................................................................................................................... 44 What to do when application notifications appear................................................................................................... 45 How to update application databases and modules .............................................................................................. 45 How to scan critical areas of your computer for viruses ........................................................................................ 46 How to scan a file, folder, disk, or another object for viruses .................................................................................. 46 How to perform a full scan of your computer for viruses ........................................................................................ 48 How to scan your computer for vulnerabilities ........................................................................................................ 48 How to protect your personal data against theft ..................................................................................................... 48 Protection against phishing ............................................................................................................................... 49 Protection against data interception at the keyboard ........................................................................................ 50 Protection of confidential data entered on websites .......................................................................................... 51 What to do if you suspect an object is infected with a virus .................................................................................... 51 How to run an unknown application without doing any harm to the system ........................................................... 52 What to do with a large number of spam messages ............................................................................................... 52 What to do if you suspect your computer is infected .............................................................................................. 53 How to restore a file that has been deleted or disinfected by the application ........................................................ 54 How to create and use a Rescue Disk .................................................................................................................... 54 Creating a Rescue Disk .................................................................................................................................... 55 Starting the computer from the Rescue Disk..................................................................................................... 57 How to view the report on the application's operation ............................................................................................. 57 How to restore default application settings ............................................................................................................. 58 How to transfer settings to Kaspersky Internet Security installed on another computer ......................................... 59 How to use the Kaspersky Gadget ......................................................................................................................... 59 How to know the reputation of an application ......................................................................................................... 61

4

................................................................... 75 Rolling back the last update .................. 86 Changing the action to take on infected email messages ................ 78 Automatically pausing File Anti-Virus .............................................................................. 87 Email scanning in The Bat! ....................... 93 Blocking dangerous scripts .................................................................................................................................... 77 File Anti-Virus ................................................................................................................................................................CONTENT ADVANCED APPLICATION SETTINGS ................................................................................... 90 Checking URLs on web pages .......................................... 96 Enabling and disabling IM Anti-Virus ........................... 80 Selecting file scan mode ...................................................................................................................................................................................................................................................................................................................................................................................................................... 72 Update ................................................................................................................................................. 95 Creating a list of trusted addresses...................................................... 86 Scan of compound files by Mail Anti-Virus ........................................... 64 Virus scan ...................... 63 Restricting access to Kaspersky Internet Security ............... 83 Mail Anti-Virus .............................. 72 Managing scan tasks.......................................................................................................................................................................................................................................................................................................... 93 Scan optimization.......................... 87 Email scanning in Microsoft Office Outlook ........................................ 72 Selecting an update source......... 85 Using heuristic analysis when working with Mail Anti-Virus ................... 77 Enabling and disabling File Anti-Virus ......................................................................................................................................... 84 Creating the protection scope of Mail Anti-Virus ................................................................................................................................................. 96 5 ........................................................................................................................................................................................................................................................ 81 Changing the action to take on infected files.......................... 76 Using a proxy server .................................................................................................................. 79 Changing and restoring the file security level................................................................................................................................................................................................................................................................................................... 64 Vulnerability Scan ....................... 62 General protection settings ................................................................................................................................. 90 Changing the action to take on dangerous objects from web traffic ............................................................................................................................................................................................................. 82 Optimizing file scan .................................................................................................... 89 Changing and restoring the web traffic security level ................................... 80 Using heuristic analysis when working with File Anti-Virus ................................................................................................................................................................................................... 78 Creating the protection scope of File Anti-Virus ............................................................................. 84 Changing and restoring the email security level................................................................................... 87 Web Anti-Virus........................................................................................ 64 Scan .............................................................................................. 83 Enabling and disabling Mail Anti-Virus ............................................................................................................................................................................................................................................................................................... 90 Using heuristic analysis when working with Web Anti-Virus ...................................................................................................................................... 95 IM Anti-Virus .............................................................................................................................................................. 94 Controlling access to online banking services........................................................................................................................................................................................................................................................................................................................................ Task Manager .............................................................................................................................................................................................................. 94 Controlling access to regional domains ......................................................... 63 Selecting a protection mode............................................................................................................................................... 86 Filtering attachments in email messages .......................................................................................... 81 Scan of compound files by File Anti-Virus ...................... 88 Enabling and disabling Web Anti-Virus ................................................................................................... 73 Creating the update startup schedule ..................................................................................................................................................................................................... 81 Selecting file scan technology ......................................................................... 76 Running updates under a different user account .....................................

................................................................................................................................................................................................................................................................................................................................................................................................... 98 Using the dangerous activity list ............................................................................... 143 Configuring a user's Parental Control .......................... 125 Regulating threshold values of the spam rate .......................................................................................................................................................................................................................... 125 Detecting spam by phrases and addresses.............................................................................................................................................................................................................................................................................................................. 109 Network Attack Blocker ............... 136 Exporting and importing lists of addresses ................................................................................................................................................................................................................ 98 Creating a group of trusted applications ......................................................................................................................................................... 101 Enabling and disabling Application Control ......................... 121 Changing and restoring the spam protection level ...................................................................................... 103 Working with Application Control rules .......................................... 138 About Safe Run for Websites ............................... 116 Network Monitor ..... 132 Scanning messages from Microsoft Exchange Server ............................................................................................................................................................................. 113 Encrypted connections scan ................................................................................................................... 102 Viewing application activity ......................................................................................................................................................................... 102 Placing applications into groups ......................................................................................... 135 Creating lists of blocked and allowed banner addresses ............................ 109 Firewall................................................................................................................................................................................................. 103 Modifying a group and restoring the default group ........................................................................................................... 119 Anti-Spam ............................................... 100 Using patterns of dangerous activity (BSS).............................. 99 Enabling and disabling System Watcher .............................................................................................. 99 Changing the action to be taken on applications' dangerous activity ...................................... 122 Training Anti-Spam ............... 135 Selecting a scan method ..................................................................................................................................................... 120 Enabling and disabling Anti-Spam ................................................................................................ 131 Selecting a spam recognition algorithm .......... 97 Proactive Defense .............................................................................................................................................................................................................................. Creating lists .......................... 101 Application Control ........................................................ 97 Using heuristic analysis when working with IM Anti-Virus .............................................................................................................................. 122 Checking URLs in email messages ........................................................................................................................................................................................................................ 118 Creating a list of monitored ports .................................................................................................................................................. 132 Configuring spam processing by mail clients ......................................................................................................................................................................................................................... 144 6 ........................ 137 About Safe Run................................ 104 Interpreting data on application usage by the participants of the Kaspersky Security Network .................................................................................... 99 System Watcher ............................ 97 Enabling and disabling Proactive Defense ....................................................................................................................................................................... 108 Network protection ................................. 96 Checking URLs in messages from IM clients .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 141 Using a shared folder ........................................................................................................................................................................................................................... 100 Rolling back a malicious program's actions ............................ 132 Anti-Banner................................................................... 136 Safe Run for Applications and Safe Run for Websites ........................................................USER GUIDE Creating the protection scope of IM Anti-Virus ................................... 135 Enabling and disabling Anti-Banner ........................................... 130 Using additional features affecting the spam rate .............................................................................................................................. 143 Parental Control.................................................................................................................. 131 Adding a label to the message subject .. 118 Configuring the proxy server ....................................

................................................................. 159 Protection against external control ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 172 Notifications ........... 176 Testing the application's functioning using the test file EICAR .................................................................. 157 Full-screen mode........................................ Gaming Profile ......................................................................................................................................................................................................................................................... 170 Recording non-critical events into the report ........................................................... 159 Enabling and disabling self-defense ........ 160 Storing files in Quarantine and Backup .................................................................................................................................................................. 160 Working with quarantined files .................... 172 Text on Microsoft Windows logon screen........................................................................................................................................................................................................................................................................................... 162 Scanning files in Quarantine after an update ........................................CONTENT Viewing reports of a user's activity ................................................... 155 Performance and compatibility with other applications .................................................................................................. 164 Configuring a browser for safe work .. 154 Creating exclusion rules ............................................................. 167 Creating a report for the selected protection component .......................................... 163 Privacy Cleaner.............................................................................................................. 156 Battery saving ......................................................................... 155 Selecting detectable threat categories ................................................. 170 Storing reports ........................................................................ 158 Kaspersky Internet Security self-defense ................. 156 Distributing computer resources when scanning for viruses .............................. 176 About the types of the test file EICAR ................................................................................... 177 7 ......................................... 174 Enabling and disabling participation in Kaspersky Security Network ............... 156 Advanced Disinfection ................................................................................................................................................................ 172 Enabling and disabling notifications .......................................................................................... 165 Rolling back changes made by Wizards .................................................................... 153 Trusted zone............................ 170 Clearing application reports ................................................................................................................. 154 Creating a list of trusted applications ............................... 168 Events search ...................................................................................................................................................................................... 167 Reports ....................................................................... 171 Application appearance.................................................................................................................. 163 Additional tools for better protection of your computer ............................................................................................................................................................................................................................................................ 168 Data filtering ........................................................................ 169 Saving a report to file ............................................................................................................................................................................ Managing active interface elements ............................................................................................................................................................ 161 Working with objects in Backup ............. 157 Running tasks in background mode .................................................................................................................................... 176 About the test file EICAR .................................. 172 Configuring the notification method ............................................................................................................................................................................. 175 Verifying connection to Kaspersky Security Network ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 159 Quarantine and Backup ................................................................................................................................................................ 171 Translucence of notification windows .............................................................................................................................................................................................................. 174 Kaspersky Security Network ............................. 175 TESTING THE APPLICATION'S OPERATION .................................................................................................. 173 Disabling news delivery ....................................... 171 Animation of the application icon in the notification area ............................................. 171 Configuring the notification of report availability .........

..................................................................................... 186 Managing application components and tasks ..................................................................................................................... 194 Notifications in interactive protection mode ................................. 190 Rolling back the last update .. 184 Activating the application ........................................... 188 Updating the application ....................... 201 GLOSSARY ........................ 180 Creating a trace file ............. 192 Viewing Help .................................. 180 Sending data files ............................................................ 223 8 ................................................................ 185 Starting the application .............................................................................................................................. 182 Obtaining technical support via My Kaspersky Account .............................................................................................................. 186 Virus scan ................................................................................................................................................................................................................................................................................................................................................................................................................................. 222 INDEX ........................................................... 179 Creating a system state report ......................................USER GUIDE CONTACTING THE TECHNICAL SUPPORT SERVICE ...................................................... 212 KASPERSKY LAB ZAO ......................... 181 Technical support by phone................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 184 Working with the application from the command line ................................................................................................................................................................................................................................................................................. 182 APPENDIX ........... 191 Importing protection settings .................................................................................................................................................................................................................................................................... 179 Using the trace file and the AVZ script ............................................ 186 Stopping the application ........................................................................................................................................................................................................................................................ 221 INFORMATION ABOUT THIRD-PARTY CODE ........................................................ 179 How to get technical support ................................................................................................................................................................................................................................................................................................................................................................... 180 AVZ script execution .................................................................................................................................................................... 191 Creating a trace file .................................. 194 Notifications in any protection mode ........................ 193 Kaspersky Internet Security notifications list............ 192 Return codes of the command line ......................................................................................................................................................................................................................................................... 191 Exporting protection settings ........................................................................................................................................................

.. You will learn what items are included in the distribution kit............. 9 ........ Installing and removing the application This section provides information about how to install the application on a computer and how to uninstall it. Licensing the application This section provides information about general terms related to the application activation............... and use Kaspersky Internet Security............ For proper use of the application........... will help you work with the application with the maximum of ease...... activate....... 9 Document conventions ........... This section provides information about software and hardware requirements that a computer should meet to allow a user to install the application on it.. Read this section to learn more about the purpose of the license agreement................... and use Kaspersky Internet Security........ license types............. 11 IN THIS GUIDE This guide comprises the following sections....................................................... and what services are available for registered users of the application................ This guide is intended to: help you install.......................... ensure a quick search of information on application-related issues.. Kaspersky Internet Security This section describes the application's features and provides brief information about the application's functions and components......ABOUT THIS GUIDE Greetings from Kaspersky Lab specialists! This guide contains information about how to install...................... IN THIS SECTION: In this guide ................ you should have basic computer skills: be acquainted with the interface of the operating system that you use................ know how to work with email and the Internet.... handle the main techniques specific for that system............ ways of activating the application.......... Sources of information about the application This section describes sources of information about the application and lists websites that you can use to discuss the application's operation.. configure.. We hope that information provided by this guide.. and the license renewal....... describe additional sources of information about the application and ways of cooperating with the Technical Support Service................

Testing the application's operation This section provides information about how to ensure that the application detects viruses and their modifications and performs the correct actions on them. Solving typical tasks This section provides information about how to resolve the most common issues related to protection of the computer using the application. Appendix This section provides information that complements the document text. Managing the computer protection This section provides information about how to detect threats to the computer's security and how to configure the security level. Glossary This section contains a list of terms mentioned in the document and their respective definitions.USER GUIDE Application interface This section provides information about basic elements of the graphic interface of the application: application icon and application icon context menu. Index This section allows you to quickly find required information within the document. Starting and stopping the application This section contains information on starting and shutting down the application. Contacting the Technical Support Service This section provides information about how to contact the Technical Support Service at Kaspersky Lab. and notification windows. and pause the protection when using the application. settings window. Kaspersky Lab ZAO This section provides information about Kaspersky Lab. Read this section to learn more about how to enable. main window. Information about third-party code This section provides information about the third-party code used in the application. Advanced application settings This section provides detailed information about how to configure each of the application components. 10 . disable.

11 . data that the user should enter. such as entry fields. Example: . <IP address of your computer> The following semantic elements are italicized in the text: new terms. Press ENTER. are set off in bold. The Databases are out of date event occurs. examples. The following types of text content are set off with a special font: text in the command line. Press ALT+F4. Those keys should be pressed simultaneously.. The following message then appears: Specify the date in dd:mm:yy format.ABOUT THIS GUIDE DOCUMENT CONVENTIONS The text herein is accompanied by semantic elements that should be given particular attention – warnings. Document conventions and examples of their use are shown in the table below. names of application statuses and events. or important particular cases in the application's operation. Document conventions SAMPLE TEXT Note that.. specific values.. Warnings provide information about probable unwanted actions that may lead to data losses or failures in the computer's operation.. To configure a task schedule: Enter help in the command line. and buttons. Introductory phrases of instructions are italicized and accompanied by the arrow sign. Names of keyboard keys appear in a bold typeface and are capitalized. Document conventions are used to highlight semantic elements. with angle brackets omitted. Notes are boxed. hints. Update means. DOCUMENT CONVENTIONS DESCRIPTION Warnings are highlighted with red color and boxed. Examples are set out on a yellow background under the heading "Example". Variables are enclosed in angle brackets. Names of application interface elements. menu items. Click the Enable button.. the corresponding value should be inserted. recommendations.. Table 1. text of messages displayed on the screen by the application.. It is recommended to use. Notes may contain useful hints. Names of keys connected by a + (plus) sign indicate the use of a key combination.. Instead of a variable.

..................... If you cannot solve an issue on your own.................. 12 .....kaspersky.......... There you can purchase or renew the application... The application page on the Technical Support Service website (Knowledge Base) Knowledge Base is a section of the Technical Support Service website that provides recommendations on how to work with Kaspersky Lab applications..... IN THIS SECTION: Sources of information for independent research ........ The page http://www.... You can select the most suitable information source.......................................... To use information sources on the Kaspersky Lab website..............................kaspersky................ we recommend that you contact the Technical Support Service at Kaspersky Lab (see section "Technical support by phone" on page 182)........... 13 SOURCES OF INFORMATION FOR INDEPENDENT RESEARCH You can use the following sources to find information about the application: the application page on the Kaspersky Lab website.......... Knowledge Base comprises reference articles grouped by topics....SOURCES OF INFORMATION ABOUT THE APPLICATION This section describes sources of information about the application and lists websites that you can use to discuss the application's operation.................................... 13 Contacting the Documentation Development Team by email........... The application page on the Kaspersky Lab website The Kaspersky Lab website features an individual page for each application.. an Internet connection should be established............................ the application page on the Technical Support Service website (Knowledge Base)............... depending on the issue's level of importance and urgency.................................com/kaspersky_internet_security).................................. its functions and features........................ 12 Discussing Kaspersky Lab applications on the Forum .................com features a URL to the eStore.............. On such a page (http://www.......... online help. 13 Contacting the Sales Department ..................... documentation........... you can view general information about an application.........

kaspersky. leave your comments. and use the application. install. The context help provides information about each window of the application. or renew the application. you can discuss it with Kaspersky Lab specialists and other users on our Forum (http://forum. The service is provided in Russian and English. listing and describing the corresponding settings and a list of tasks. as well as application operation data.com/contacts). being related to other Kaspersky Lab applications. you can read articles that provide useful information. send an email to docfeedback@kaspersky. and answers to frequently asked questions on how to purchase. Online help The online help of the application comprises help files.com/kis2012).com. By sending a message with your question to sales@kaspersky. purchase. CONTACTING THE DOCUMENTATION DEVELOPMENT TEAM BY EMAIL To contact the Documentation Development Team. create new topics.kaspersky. The full help provides detailed information about how to manage the computer's protection using the application. you can contact our Sales Department specialists in one of the following ways: By calling our HQ office in Moscow by phone (http://www.SOURCES OF INFORMATION ABOUT THE APPLICATION On the page of the application in the Knowledge Base (http://support. CONTACTING THE SALES DEPARTMENT If you have any questions on how to select. The document also describes the application interface and provides ways of solving typical user tasks while working with the application. In this forum you can view existing topics.kaspersky. 13 . Please use "Kaspersky Help Feedback: Kaspersky Internet Security" as the subject line in your message. DISCUSSING KASPERSKY LAB APPLICATIONS ON THE FORUM If your question does not require an urgent answer. and configure the application. Articles may provide answers to questions that are out of scope of Kaspersky Internet Security. They also may contain news from the Technical Support Service.com). recommendations. activate. Documentation The application user guide provides information about how to install.com.

14 Service for registered users ....... Participation in the Kaspersky Security Network (see page 174) allows us to identify the reputation of applications and websites based on data received from users from all over the world............. The logic of operations with Quarantine and Backup (see page 160) has been improved: now they are represented on two separate tabs.................................. the heuristic analysis will be applied regardless of whether it has been enabled for Web AntiVirus. you can separately enable the heuristic analysis to check web pages for phishing (see section "Using heuristic analysis when working with Web Anti-Virus" on page 93). each of them with its respective unique scope.... You will learn what items are included in the distribution kit............... When Web Anti-Virus is enabled............... DISTRIBUTION KIT You can purchase the application in one of the following ways: Boxed........kaspersky............................................ 15 WHAT'S NEW Kaspersky Internet Security provides the following new features: The improved interface of the main window of Kaspersky Internet Security ensures quick access to the application's functions.. Task Manager" on page 72)........... Distributed at online stores of Kaspersky Lab (for example.............. The appearance of Kaspersky Gadget has been redesigned (see page 37)..................... Distributed via stores of our partners........ This section provides information about software and hardware requirements that a computer should meet to allow a user to install the application on it....................... IN THIS SECTION: What's new ................................................................................ 15 Hardware and software requirements .......................... and what services are available for registered users of the application............................................. The Task Manager has been added for an easy task management in Kaspersky Internet Security (see section "Managing scan tasks...... section eStore) or via partner companies.................................... http://www....................................................................com................. 14 ............................................................... At the online store............ 14 Distribution kit.KASPERSKY INTERNET SECURITY This section describes the application's features and provides brief information about the application's functions and components...................... When checking pages for phishing....................

you should be subscribed to the news delivery from Kaspersky Lab on the Technical Support Service website. 512 MB free RAM. and use of the application. Requirements for Microsoft Windows XP Home Edition (Service Pack 2 or higher). No consulting services are provided on issues related to the functioning of operating systems. CD / DVD-ROM (for installing Kaspersky Internet Security from a distribution CD). Microsoft Windows XP Professional (Service Pack 2 or higher). on which you can use the application. Information required for the application activation. Microsoft Windows Installer 2. Microsoft Internet Explorer 6. 15 . in which the application is distributed. brief User Guide with an activation code. consulting by phone and by email on issues related to installation. Internet access (for the application activation and for updating databases and software modules). If you purchase Kaspersky Internet Security at an online store. notifying you of releases of new applications by Kaspersky Lab and new viruses. To use this service. The content of the distribution kit may differ depending on the region. and Microsoft Windows XP Professional x64 Edition (Service Pack 2 or higher): Intel Pentium 800 MHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent). license agreement that stipulates the terms. contact the Sales Department. HARDWARE AND SOFTWARE REQUIREMENTS To ensure the proper functioning of Kaspersky Internet Security.0 or higher. you become a registered user of Kaspersky Lab applications and can benefit from the following services during the entire validity term of the license: updating databases and providing new versions of the application. you copy the application from the website of the store. configuration. your computer should meet the following requirements: General requirements: 480 MB free disk space on the hard drive (including 380 MB on the system drive). will be sent to you by email on payment. SERVICE FOR REGISTERED USERS On purchasing a user license for the application. For more details on ways of purchasing and the distribution kit.0.KASPERSKY INTERNET SECURITY If you purchase the boxed version of the application. the distribution kit contains the following items: sealed envelope with the setup CD that contains application files and documentation files. third-party software and technologies.

Microsoft Windows Vista Business. Screen size no less than 10. 2 GB free RAM (for 64-bit operating systems). 1 GB free RAM (for 32-bit operating systems). Use of Safe Run is restricted when working in Microsoft Windows Vista (64-bit) and Microsoft Windows 7 (64-bit) operating systems. Microsoft Windows 7 Professional.6 GHz processor or a compatible equivalent. 16 .USER GUIDE Requirements for Microsoft Windows Vista Home Basic. Microsoft Windows Vista Enterprise. Microsoft Windows Vista Ultimate. Requirements for netbooks: Intel Atom 1. Microsoft Windows Vista Home Premium. Microsoft Windows 7 Starter.1". Microsoft Windows 7 Home Premium. and Microsoft Windows 7 Ultimate: Intel Pentium 1 GHz 32-bit (x86) / 64-bit (x64) processor or higher (or a compatible equivalent). Microsoft Windows 7 Home Basic. Intel GMA950 video card with at least 64 MB of video RAM (or a compatible equivalent). You cannot enable Safe Run when working under a Microsoft Windows XP (64-bit) operating system.

....... 26 Getting started. 27 STANDARD INSTALLATION PROCEDURE Kaspersky Internet Security will be installed on your computer in an interactive mode using the Setup Wizard........ Installation of Kaspersky Internet Security from a setup file downloaded online is identical to installation from the installation CD............... The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons... 27 Removing the application .................. Note that in this case........................... When you activate the application on the second computers and so on..................................... IN THIS SECTION: Standard installation procedure ..................................... If the application protects more than one computer (the maximum number of computers depends on your license)............................................................................... 17 ..................... the license validity term will expire simultaneously for all installed copies of the application..................................... the license term begins from the date of the first activation.............................. To install Kaspersky Internet Security on your computer........................ click the Finish button........... according to the license agreement....................................................................................... it will be installed in the same manner on all computers...................... click the Cancel button............. To close the Wizard once it has completed its task........................... the license validity term decreases for the amount of time that has elapsed since the first activation......... So.................................................... 22 Non-standard installation scenarios ..............INSTALLING AND REMOVING THE APPLICATION This section provides information about how to install the application on a computer and how to uninstall it. run the setup file (the file with an EXE extension) from the CD with the product.................................................. To stop the Wizard at any stage..................... 17 Updating the previous version of Kaspersky Internet Security .........................

....................... It is recommended that you install the new version of the application.................................................................... MAKING SURE THE SYSTEM MEETS THE INSTALLATION REQUIREMENTS Before installation of Kaspersky Internet Security on your computer.......... Searching for incompatible applications ....................... 19 Step 4................................................................ If it does not find a newer product version on the Kaspersky Lab update servers. you will be asked to remove them manually................ 21 Step 12................... 20 Step 9......... product distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started automatically................ the Setup Wizard checks the Kaspersky Lab update servers for a newer version of Kaspersky Internet Security................................ If the computer meets all the requirements...... Completing the activation ............... Registering a user ................................................ 22 STEP 1................. the Wizard searches for Kaspersky Lab applications which..... the installer checks the operating system and service packs to make sure they meet the software requirements for product installation (see section "Hardware and software requirements" on page 15).............................. Kaspersky Security Network Data Collection Statement........................................... STEP 2........... For a further description of the installation procedure for the newer version...................................................................................................... when run together with Kaspersky Internet Security...... a notification to that effect will be displayed on the screen........ Finishing the installation ........................... Reviewing the license agreement .................................................................................... 18 Step 3.................................... If you cancel the new version download...................................... If any of the above-listed requirements is not met... 18 ...................................... 18 Step 2...... you will see a prompt to download and install it on the computer........... Installing............................................... 21 Step 13...... may result in conflicts........................ Making sure the system meets the installation requirements ....... 19 Step 7........ In addition......................... because newer versions include further enhancements that ensure you have the most reliable protection for your computer........... 19 Step 5.. please refer to the corresponding documentation............................... 21 Step 11........................... 21 Step 10.............................. If such applications are found....................................................................................... the Setup Wizard for the current version will be started....... the Setup Wizard for the current version will be started.................. Selecting the destination folder ................. the installer checks for the presence of required software and the credentials necessary to install applications................................................................................................................. If the update servers offer a newer version of Kaspersky Internet Security............................... If you decide to install the newer version........................USER GUIDE IN THIS SECTION: Step 1............................................................ SEARCHING FOR A NEWER VERSION OF THE APPLICATION Before setup............................... Activating the application ................................................................... Selecting installation type ................ 19 Step 6.......... Preparing for installation ........................ Searching for a newer version of the application ........................ 20 Step 8..............................................

The installation will continue. the application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab experts. Selecting the destination folder" on page 20) and disable the installation process protection. If you cannot accept the license agreement. Preparing for installation" on page 20). you should review the license agreement between you and Kaspersky Lab. click the Next button. KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT At this stage. if necessary (see section "Step 8. The installation will continue. Applications that Kaspersky Internet Security cannot remove automatically should be removed manually. you will need to reboot your operating system. click the Next button. To proceed with the installation. the Wizard automatically proceeds to the next step. and downloaded signed applications. you will be asked to specify the destination folder into which the application should be installed (see section "Step 7. Read the agreement carefully and. if you accept all its terms. you will be invited to participate in the Kaspersky Security Network. Custom installation. If you choose this option (the Change installation settings box is unchecked). To proceed with the installation. to Kaspersky Lab. as well as your system information. Click the Next button if you have selected the custom installation (see section "Step 3. STEP 4. while the one installed earlier will be automatically removed. If any incompatible applications are detected. In this case (the Change installation settings box is checked). STEP 5. STEP 6. activation information or application settings) will be saved and used when installing the new application. check the I accept the terms of participation in Kaspersky Security Network box in the Wizard window. REVIEWING THE LICENSE AGREEMENT At this step. and you will be prompted to remove them. running applications.INSTALLING AND REMOVING THE APPLICATION If an earlier version of Kaspersky Anti-Virus or Kaspersky Internet Security is found. click the Install button. all data that can be used by Kaspersky Internet Security 2012 (for example. If no such applications are found. Review the Kaspersky Security Network Data Collection Statement. 19 . To read the complete version of the Statement. Selecting installation type" on page 19). STEP 3. click the I agree button. they are displayed in a list on the screen. click the Full KSN Agreement button. When removing incompatible applications. If performing the standard installation. SEARCHING FOR INCOMPATIBLE APPLICATIONS At this step. after which installation of Kaspersky Internet Security will continue automatically. We guarantee that none of your personal data will be sent. If you agree with all terms of the Statement. SELECTING INSTALLATION TYPE At this step. the application checks whether any applications incompatible with Kaspersky Internet Security are installed on your computer. cancel the application installation by clicking the Cancel button. Participation in the program involves sending information about new threats detected on your computer. you can choose the most suitable type of Kaspersky Internet Security installation: Standard installation.

To install Kaspersky Internet Security to a different folder.USER GUIDE STEP 7. The following path is set by default: <disk>\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012 – for 32-bit systems. ". Selecting installation type" on page 19). We recommend that you avoid installing the application in a folder that already contains files or other folders. You are advised to uncheck this box if the application cannot be installed (for example. this step is skipped and the application is installed to the default folder. By default. click the Disk Usage button. Keep in mind the following restrictions: The application cannot be installed on network or removable drives. restart it. the installation process should be protected. and when you reach the Preparing for installation step. The majority of terminated connections are restored after a pause. active network connections are terminated. >. To proceed with the installation. To find out if there is enough disk space on your computer to install the application. click the Install button. uncheck the Protect the installation process box. ?. when performing remote installation using Windows Remote Desktop). specify the path to the desired folder in the input field or click the Browse button and choose a folder in the window that opens. STEP 8. Selecting installation type" on page 19). To proceed with the installation. The path to the installation folder cannot be longer than 160 characters or contain the special characters /. installation process protection is enabled – the Protect the installation process box is checked in the Wizard window. Selecting installation type" on page 19). click the Next button in the Wizard window. click OK. In the window that opens you can view the disk space information. *. When installing the application on a computer running under Microsoft Windows XP. :. you should interrupt installation. < or |. 20 . At this stage you are asked to choose the folder to which Kaspersky Internet Security will be installed. <disk>\Program Files (х86)\Kaspersky Lab\Kaspersky Internet Security 2012 – for 64-bit systems. To close the window. When performing a standard installation. For the standard installation. or on virtual drives (those created using the SUBST command). SELECTING THE DESTINATION FOLDER This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. In this case. PREPARING FOR INSTALLATION This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Enabled protection may be the reason. Since your computer may be infected with malicious programs that may impact the installation of Kaspersky Internet Security. check the Change installation settings box at the Select installation type step (see section "Step 3. because that folder will then become inaccessible for editing. this step is skipped.

Use this activation option if you want to install the trial version of the application before making the decision to purchase a commercial version. after which installation of the utility starts automatically. If you unchecked the box before closing the Wizard. it cannot be activated for a second time. make sure that the Run Kaspersky Internet Security 2012 box is checked and click the Finish button. the Wizard will automatically proceed to the next step. After you finish working with the utility. When activating the trial version. you should run the application manually (see section "Launching and closing the application manually" on page 38). If the Wizard cannot download the utility. Once the installation is complete. the Setup Wizard downloads it from the Kaspersky Lab servers. REGISTERING A USER This step is only available when activating the commercial version of the application. a special utility for neutralizing infections. If you agree to install the utility. Activate trial version. You will be offered the following options for Kaspersky Internet Security activation: Activate commercial version. If the Run Kaspersky Internet Security 2012 box is checked. the procedure of switching to Kaspersky Anti-Virus starts after the completion of activation. Select this option and enter the activation code if you have purchased a commercial version of the application. ACTIVATING THE APPLICATION Activation is the procedure of activating a license that allows you to use a fully functional version of the application until the license expires. When the license expires. 21 . the application will be run automatically after you reboot your operating system. which may be due to malicious programs that prevent anti-virus applications from being installed on your computer. You will need an Internet connection to activate the application. If you specify an activation code for Kaspersky Anti-Virus in the entry field. STEP 11. STEP 12. this step is skipped. In some cases. you should delete it and restart the installation of Kaspersky Internet Security. you will be asked to download it on your own by clicking the link provided. If an installation error occurs. you may need to reboot your operating system. FINISHING THE INSTALLATION This window of the Wizard informs you of the successful completion of the application installation. INSTALLING Installation of the application can take some time. To run Kaspersky Internet Security. Wait for it to finish.INSTALLING AND REMOVING THE APPLICATION STEP 9. STEP 10. You will be able to use the fully-functional version of the application for the duration of a term limited by the license for the trial version of the application. the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool.

the license validity term will expire simultaneously for all installed copies of the application. 22 . you will not have to activate the application: the Setup Wizard will automatically retrieve the information about your license for Kaspersky Internet Security 2010 or 2011 and use it during the installation process. If the application protects more than one computer (the maximum number of computers depends on your license). If you have an active license for Kaspersky Internet Security 2010 or 2011. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. specify your registration data in the corresponding fields and click the Next button. STEP 13. COMPLETING THE ACTIVATION The Wizard informs you that Kaspersky Internet Security has been successfully activated. To install Kaspersky Internet Security on your computer. In addition. according to the license agreement. information about the subscription status is displayed instead of the license expiry date. To close the Wizard once it has completed its task. Kaspersky Internet Security will be installed on your computer in an interactive mode using the Setup Wizard. When you activate the application on the second computers and so on. the license term begins from the date of the first activation. it will be installed in the same manner on all computers. information about the license is provided: license type (commercial or trial). Click the Finish button to close the Wizard. So. you should update the application to Kaspersky Internet Security 2012. Note that in this case. To stop the Wizard at any stage. date of expiry. UPDATING THE PREVIOUS VERSION OF KASPERSKY INTERNET SECURITY If Kaspersky Internet Security 2010 or 2011 is already installed on your computer.USER GUIDE You need to register in order to be able to contact Kaspersky Lab Technical Support Service in the future. click the Finish button. If you have activated a subscription. If you agree to register. and number of hosts for the license. Installation of Kaspersky Internet Security from a setup file downloaded online is identical to installation from the installation CD. the license validity term decreases for the amount of time that has elapsed since the first activation. run the setup file (the file with an EXE extension) from the CD with the product. click the Cancel button.

.............. If it does not find a newer product version on the Kaspersky Lab update servers...... 24 Step 6.... Selecting installation type ....................... all data that can be used by Kaspersky Internet Security 2012 (for example........................ STEP 2................. 25 Step 8. the Setup Wizard checks the Kaspersky Lab update servers for a newer version of Kaspersky Internet Security................................. If you cancel the new version download...... please refer to the corresponding documentation........... Kaspersky Security Network Data Collection Statement ................... a notification to that effect will be displayed on the screen. If the update servers offer a newer version of Kaspersky Internet Security............. Searching for incompatible applications............................................ If you decide to install the newer version............... Preparing for installation ................................. may result in conflicts...... the installer checks the operating system and service packs to make sure they meet the software requirements for product installation (see section "Hardware and software requirements" on page 15).... the Setup Wizard for the current version will be started.................................. 23 Step 3................ MAKING SURE THE SYSTEM MEETS THE INSTALLATION REQUIREMENTS Before installation of Kaspersky Internet Security on your computer................ If the computer meets all the requirements............... the Wizard searches for Kaspersky Lab applications which.................. If any of the above-listed requirements is not met.... SEARCHING FOR A NEWER VERSION OF THE APPLICATION Before setup.......... you will be asked to remove them manually........ you will see a prompt to download and install it on the computer................................... 23 .. In addition...... while the one installed earlier will be automatically removed...... 26 Step 10..................................................................................... Searching for a newer version of the application ............ product distribution files will be downloaded to your computer and the Setup Wizard for that new version will be started automatically................. It is recommended that you install the new version of the application........ the Setup Wizard for the current version will be started......................... 24 Step 5....................... Reviewing the license agreement ................................................. If an earlier version of Kaspersky Anti-Virus or Kaspersky Internet Security is found.... activation information or application settings) will be saved and used when installing the new application............... 24 Step 4................ when run together with Kaspersky Internet Security....... Making sure the system meets the installation requirements ................................................. Selecting the destination folder .................................................................................................. 26 STEP 1......... Wizard completion ........ 23 Step 2......... because newer versions include further enhancements that ensure you have the most reliable protection for your computer.......................................................................................................INSTALLING AND REMOVING THE APPLICATION IN THIS SECTION: Step 1......... the installer checks for the presence of required software and the credentials necessary to install applications............................................................................................. 24 Step 7......... If such applications are found............................... 25 Step 9............... Installing.......................................................... For a further description of the installation procedure for the newer version....................

The installation will continue. We guarantee that none of your personal data will be sent. Review the Kaspersky Security Network Data Collection Statement. If any incompatible applications are detected. To proceed with the installation. The installation will continue. check the I accept the terms of participation in Kaspersky Security Network box in the Wizard window. if necessary (see section "Step 8.USER GUIDE STEP 3. STEP 4. the application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab experts. 24 . Selecting installation type" on page 19). If no such applications are found. you can choose the most suitable type of Kaspersky Internet Security installation: Standard installation. Preparing for installation" on page 20). if you accept all its terms. To read the complete version of the Statement. click the I agree button. you will be invited to participate in the Kaspersky Security Network. Custom installation. KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT At this stage. SELECTING INSTALLATION TYPE At this step. SEARCHING FOR INCOMPATIBLE APPLICATIONS At this step. to Kaspersky Lab. If you choose this option (the Change installation settings box is unchecked). To proceed with the installation. after which installation of Kaspersky Internet Security will continue automatically. running applications. you should review the license agreement between you and Kaspersky Lab. click the Next button. If you agree with all terms of the Statement. and you will be prompted to remove them. you will need to reboot your operating system. cancel the application installation by clicking the Cancel button. REVIEWING THE LICENSE AGREEMENT At this step. STEP 5. Read the agreement carefully and. Click the Next button if you have selected the custom installation (see section "Step 3. the application checks whether any applications incompatible with Kaspersky Internet Security are installed on your computer. When removing incompatible applications. the Wizard automatically proceeds to the next step. as well as your system information. and downloaded signed applications. Applications that Kaspersky Internet Security cannot remove automatically should be removed manually. If performing the standard installation. you will be asked to specify the destination folder into which the application should be installed (see section "Step 7. If you cannot accept the license agreement. click the Full KSN agreement button. STEP 6. they are displayed in a list on the screen. In this case (the Change installation settings box is checked). click the Next button. Selecting the destination folder" on page 20) and disable the installation process protection. click the Install button. Participation in the program involves sending information about new threats detected on your computer.

INSTALLING AND REMOVING THE APPLICATION STEP 7. The path to the installation folder cannot be longer than 160 characters or contain the special characters /. Selecting installation type" on page 19). Selecting installation type" on page 19). when performing remote installation using Windows Remote Desktop). At this stage you are asked to choose the folder to which Kaspersky Internet Security will be installed. To install Kaspersky Internet Security to a different folder. click the Disk Usage button. >. To proceed with the installation. By default. or on virtual drives (those created using the SUBST command). For the standard installation. ?. 25 . Keep in mind the following restrictions: The application cannot be installed on network or removable drives. STEP 8. *. restart it. specify the path to the desired folder in the input field or click the Browse button and choose a folder in the window that opens. SELECTING THE DESTINATION FOLDER This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. Selecting installation type" on page 19). < or |. check the Change installation settings box at the Select installation type step (see section "Step 3. uncheck the Protect the installation process box. Since your computer may be infected with malicious programs that may impact the installation of Kaspersky Internet Security. you should interrupt installation. this step is skipped. the installation process should be protected. <disk>\Program Files (х86)\Kaspersky Lab\Kaspersky Internet Security 2012 – for 64-bit systems. The following path is set by default: <disk>\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012 – for 32-bit systems. ". In this case. click OK. The majority of terminated connections are restored after a pause. PREPARING FOR INSTALLATION This step of the Setup Wizard is only available if the custom installation is selected (see section "Step 3. To proceed with the installation. because that folder will then become inaccessible for editing. You are advised to uncheck this box if the application cannot be installed (for example. To find out if there is enough disk space on your computer to install the application. When installing the application on a computer running under Microsoft Windows XP. To close the window. Enabled protection may be the reason. this step is skipped and the application is installed to the default folder. click the Install button. In the window that opens you can view the disk space information. When performing a standard installation. installation process protection is enabled – the Protect the installation process box is checked in the Wizard window. click the Next button in the Wizard window. active network connections are terminated. :. and when you reach the Preparing for installation step. We recommend that you avoid installing the application in a folder that already contains files or other folders.

which results in Kaspersky Anti-Virus being installed on your computer. the switching procedure also starts. If the Wizard cannot download the utility. If you unchecked the box before closing the Wizard. at the Activating the application step. starting from the Activating the application step. you select Activate later and then activate the installed application with a Kaspersky Anti-Virus activation code. you should run the application manually (see section "Launching and closing the application manually" on page 38). You will be able to use Kaspersky Anti-Virus 2012 as long as the license for Kaspersky Anti-Virus 2010 or 2011 remains valid. when installing Kaspersky Internet Security. the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool. In this case. the installation procedure will continue according to the standard scenario. Once the installation is complete. at the Activating the application step. the Setup Wizard detects the information about the license and prompts you to select one of the following further actions: Use the current license of Kaspersky Anti-Virus 2010 or 2011. INSTALLING Installation of the application can take some time. which results in Kaspersky Anti-Virus 2012 being installed on your computer. when installing Kaspersky Internet Security.USER GUIDE STEP 9. If an installation error occurs. you will be asked to download it on your own by clicking the link provided. the switching procedure starts. you may need to reboot your operating system. In some cases. make sure that the Run Kaspersky Internet Security 2012 box is checked and click the Finish button. To run Kaspersky Internet Security. a special utility for neutralizing infections. NON-STANDARD INSTALLATION SCENARIOS This section describes application installation scenarios which differ from those of standard installation or update from the previous version. you enter a Kaspersky Anti-Virus activation code. which may be due to malicious programs that prevent anti-virus applications from being installed on your computer. If. 26 . If the Run Kaspersky Internet Security 2012 box is checked. on which Kaspersky Anti-Virus 2010 or 2011 with an active license is already installed. After you finish working with the utility. the Wizard will automatically proceed to the next step. Wait for it to finish. you should delete it and restart the installation of Kaspersky Internet Security. WIZARD COMPLETION This window of the Wizard informs you of the successful completion of the application installation. the application will be run automatically after you reboot your operating system. the Setup Wizard downloads it from the Kaspersky Lab servers. a switching procedure starts which results in Kaspersky Anti-Virus being installed on your computer. Installing Kaspersky Internet Security and activating later using a Kaspersky Anti-Virus activation code If. In this case. after which installation of the utility starts automatically. STEP 10. Proceed with installation of Kaspersky Internet Security 2012. Installing Kaspersky Internet Security 2012 over Kaspersky Anti-Virus 2010 or 2011 If you run the installation of Kaspersky Internet Security 2012 on a computer. If you agree to install the utility.

. your computer and personal data will be unprotected! Kaspersky Internet Security is uninstalled with the help of the Setup Wizard........ a newer version of the application)............................. 27 Step 2.... SAVING DATA FOR REUSE At this point you can specify which of the data used by the application you want to retain for reuse during the next installation of the application (e..... Backup and Quarantine files – files checked by the application and placed into backup storage or quarantine.. Check the boxes for the data types you want to save: Activation data – data that eliminates the need to activate the application in the future by automatically using the current license as long as it has not expired by the time of the next installation........ Removing the application.......... To save data for reuse: 1................................................ Kaspersky Internet Security 2012 Remove Kaspersky Internet IN THIS SECTION: Step 1..............g... Completing removal ... 28 STEP 1................................. 28 Step 3........ select Programs Security 2012. if necessary.............. the application is completely removed from the computer. Confirmation of application removal .... in the Start menu.. Saving data for reuse ......... Operational settings of the application – values of the application settings selected during configuration....... Scan your computer for viruses (see section "How to perform a full scan of your computer for viruses" on page 48) and vulnerabilities (see section "How to scan your computer for vulnerabilities" on page 48)........... iChecker data – files which contain information about the objects that have already been scanned for viruses............. By default. we recommend performing the following immediately after installation and configuration: Update application databases (see section "How to update application databases and modules" on page 45)..INSTALLING AND REMOVING THE APPLICATION GETTING STARTED The application is ready to be used after installation. To ensure proper protection of your computer............................. 2................................... Choose the option Save application objects.................... To start the Wizard... 27 ...... REMOVING THE APPLICATION After uninstalling Kaspersky Internet Security......................... Check the protection status of your computer and eliminate problems in protection......................

Safe Run shared folder data – files saved by the application when working in a safe environment in a special folder that is also accessible in the normal environment. If you cancel the immediate reboot. CONFIRMATION OF APPLICATION REMOVAL Since removing the application threatens the security of the computer and your personal data. you will be asked to confirm your intention to remove the application. you can cancel this operation by clicking the Cancel button. REMOVING THE APPLICATION. COMPLETING REMOVAL At this step. you may need to reboot your operating system. the Wizard removes the application from your computer.USER GUIDE Anti-Spam databases – databases containing signatures of spam messages downloaded and saved by the application. click the Remove button. STEP 3. completion of the removal procedure will be postponed until the operating system is rebooted or the computer is turned off and then restarted. To do this. Wait until removal is complete. STEP 2. 28 . To stop removal of the application at any time. When removing the application.

........................................................................ IN THIS SECTION: About the End User License Agreement .......LICENSING THE APPLICATION This section provides information about general terms related to the application activation............ ways of activating the application.... ABOUT DATA PROVISION In order to increase the level of real-time protection...... If you do not accept the terms of the License Agreement.................... in automatic mode................ 29 About data provision ............ you have to interrupt the application installation............... 29 ....... 30 ABOUT THE END USER LICENSE AGREEMENT License Agreement is a legal agreement concluded between you and Kaspersky Lab ZAO that stipulates the terms of use for the application.................. Information retrieved is protected by Kaspersky Lab pursuant to the requirements stipulated by the existing legislation. Information retrieved does not contain any private data and other types of confidential information.................... and statistical data for anti-spam protection.......................com....... The license contains a unique code for the activation of your copy of Kaspersky Internet Security......... and the license renewal.......................... information required to determine the reputation of URLs...................................................................... Read this section to learn more about the purpose of the license agreement........................ license types................................ You can obtain more details on the website: http://support............................................. You can read through the terms of the License Agreement when installing the Kaspersky Lab application................ ABOUT THE LICENSE License is a time-limited right to use the application provided to you in accordance with the License Agreement...............................kaspersky........................... 29 About the activation code ........... accepting the terms of the License Agreement means that you agree to send information about checksums of processed objects (MD5)...... Upon confirming your acceptance of the text of the License Agreement when installing the application................. Read through the terms of the License Agreement carefully before you start using the application......................... The terms of the License Agreement are regarded as accepted in the following cases: Upon unsealing the box with the setup CD (only if you have purchased the application in the boxed version or at a store of any of our partners)........... 29 About the license ........

you should renew the commercial license. offered to allow you to become familiar with the application. After the expiration of the commercial license. you should purchase the commercial license. If you have lost or accidentally deleted your activation code after the activation. depending on the way you purchase the application: If you have purchased the boxed version of Kaspersky Internet Security. is specified in the License Agreement. You will still be able to scan your computer for viruses and use other application components but only with databases installed before the license has expired. the application keeps on running in limited functionality mode. ABOUT THE ACTIVATION CODE Activation code is a code that you receive on purchasing the commercial license for Kaspersky Internet Security. Contacting the Technical Support Service of Kaspersky Lab.USER GUIDE The license grants you the right to benefit the following services: Using the application on one or several devices. offered upon purchase of the application. If you copy the application from the website http://www. We recommend that you renew the license on the day the current license expires at the latest in order to ensure the most comprehensible anti-virus protection of your computer. The scope of services provided and the validity term of the application depend on the type of license used to activate the application. If you have purchased Kaspersky Internet Security at an online store. As soon as the license expires.kaspersky. This code is required for activation of the application.com. The validity term of the license starts from the moment you have activated the application. If you have purchased a license intended for the use of Kaspersky Internet Security on several devices. On completion of the application activation with a code. Number of devices. The following license types are provided: Trial – a free license with a limited validity period. Commercial – a paid license with a limited validity period. Enjoying the complete set of services provided to you by Kaspersky Lab or its partners during the validity term of the license (see section "Service for registered users" on page 15). you automatically become the owner of the trial license. you should send a request to the Technical Support Service at Kaspersky Lab from My Kaspersky Account (see section "Obtaining technical support via My Kaspersky Account" on page 182). To continue using the application. 30 . all Kaspersky Internet Security features are disabled. the validity term of the license starts counting down from the moment you have entered the code on the first of those devices. The activation code is provided in one of the following forms. that is needed for receiving technical support by phone or via My Kaspersky Account (see section "Obtaining technical support via My Kaspersky Account" on page 182). on which you can use the application. the activation code is specified in the documentation or on the box containing the setup CD. you are assigned a client ID. The activation code is an alphanumeric string of Latin characters in xxxxx-xxxxx-xxxxx-xxxxx format. To continue using Kaspersky Internet Security. the activation code is sent to the email address that you have specified when ordering the product. Client ID is the personal ID for a user.

........ 37 THE NOTIFICATION AREA ICON Immediately after installation of the application...... – scanning web traffic............. settings window................................. 34 The application settings window ......... – computer needs to be restarted to apply updates........................... 33 Notification windows and pop-up messages ........................................................................................... and notification windows...................................................................... 32 The Kaspersky Internet Security main window...............................................................................................................................APPLICATION INTERFACE This section provides information about basic elements of the graphic interface of the application: application icon and application icon context menu............................................. 36 The Kaspersky Gadget................ – updating databases and application modules................................ 37 News Agent .......................................... 31 ................... but you can display it to access the application more easily (see the operating system documentation).. the application icon appears in the Microsoft Windows taskbar notification area.................................. – a failure occurred in the operation of an application component..... It provides access to the context menu......................... It also indicates the protection status and displays the basic functions currently being performed by the application: – scanning an email message.. 31 The context menu ..... The icon has the following purposes: It is an indicator of the application's operation...................................................................................... In the Microsoft Windows 7 operating system the application icon is hidden by default.................................................................................................................................................................................................................................................. the main application window and the news window......................... Indication of application operation This icon serves as an indicator of the application's operation............... IN THIS SECTION: The notification area icon ..... main window.......

If Safe Run for Applications is already active. Safe Run for Applications – runs a safe desktop designed for handling applications that you suppose to be unsafe. Enable Parental Control / Disable Parental Control – enables / disables Parental Control for the current account. If news from Kaspersky Lab is available. Update – runs the update of application databases and modules. Tools – opens a submenu containing the following items: Applications Activity – opens the Applications Activity window. This menu item does not affect the application's updates or the execution of virus scans. Virtual Keyboard – displays the Virtual Keyboard. When the animation is disabled. The Kaspersky Internet Security menu contains the following items: Task Manager – opens the Task Manager window. (black-and-white symbol) – all protection components are disabled. Pause protection / Resume protection – temporarily disables / enables real-time protection components. during the email message scan. Kaspersky Internet Security – opens the main application window. 32 . Access to the context menu and application windows Using the icon. you can open the context menu (on page 32) (by right-clicking) and the main application window (see section "The Kaspersky Internet Security main window" on page 33) (by left-clicking). THE CONTEXT MENU Using the context menu. About – opens a window containing information about the application. the application switches to it. Doubleclick this icon to open the News Agent (see section "News Agent" on page 37). Settings – opens the application settings window.USER GUIDE The icon is animated by default: for example. you can quickly take various actions on the application. Animation can be deactivated (see section "Translucence of notification windows" on page 171). you see a revolving globe. the icon may take the following forms: (colored symbol) – all or some protection components are activated. Network Monitor – opens the Network Monitor window. serving for switching to the main desktop. this menu item is named Return to the main desktop. when the update is in progress. a tiny letter symbol blinks in front of the application icon. When working with Safe Run for Applications. the icon appears in the Microsoft Windows taskbar notification area.

its name as well as its progress status (percentage complete) is displayed in the context menu. but you can display it to access the application more easily (see the operating system documentation). To open the context menu. This menu item is displayed if there is unread news. The main window can be divided into two parts: The top part of the window provides information about the protection status of your computer. If you select a menu item with the name of a task. Figure 2. position the cursor over the application icon in the taskbar notification area and right-click it. THE KASPERSKY INTERNET SECURITY MAIN WINDOW The main application window contains interface elements that provide access to all the main features of the application. Exit – closes Kaspersky Internet Security (when this item is selected. you can switch to the main window with a report of current task run results. Figure 1. the application is unloaded from the computer’s RAM). Top part of the main window 33 .APPLICATION INTERFACE News – opens the News Agent window (see section "News Agent" on page 37). The context menu If a virus scan or update task is running at the moment that you open the context menu. In the Microsoft Windows 7 operating system the application icon is hidden by default.

Support – to open the window containing information about the system and links to Kaspersky Lab information resources (Technical Support Service website. forum). In the Microsoft Windows 7 operating system the application icon is hidden by default. This link is displayed after the application receives a piece of news. News – to switch to viewing news in the News Agent window (see section "News Agent" on page 37). Manage License – to go to Kaspersky Internet Security activation and license renewal. By selecting Kaspersky Internet Security from the context menu (see section "Context menu" on page 32). running virus scan tasks. but you can display it to access the application more easily (see the operating system documentation). Reports – to switch to the application operation reports. 34 . Help – to view the Kaspersky Internet Security help system. the window of the corresponding function opens. Figure 3. You can open the main application window using one of the following methods: By left-clicking the application icon in the taskbar notification area. By clicking the Kaspersky Internet Security icon located in the center of the Kaspersky Gadget (only for Microsoft Windows Vista and Microsoft Windows 7). You can return to selecting functions by clicking the Back button in the top left corner of the window. you can quickly switch to using the main features of the application (for example. Settings – to open the application settings window (see section "The application settings window" on page 36). updating databases and software modules). You can also use the following buttons and links: Cloud protection – to switch to information about Kaspersky Security Network (on page 174). NOTIFICATION WINDOWS AND POP-UP MESSAGES Kaspersky Internet Security notifies you of important events occurring during its operation using notification windows and pop-up messages that appear over the application icon in the taskbar notification area. Bottom part of the main window If you select any of the sections in the bottom part of the window.USER GUIDE In the bottom part of the window. My Kaspersky Account – to enter the user's personal account on the Technical Support Service website.

Windows of information notifications and pop-up messages are green-colored. Windows of important notifications and pop-up messages are yellow-colored.APPLICATION INTERFACE Notification windows are displayed by Kaspersky Internet Security when various actions can be taken in connection with an event: for example. A notification window only disappears from the screen if you select one of the actions. Important notifications – inform you of events that are potentially important for the computer's security. Figure 4. Information notifications – inform you of events that do not have critical importance for the computer's security. or try to disinfect it. Figure 5. Some pop-up messages contain links that you can use to take an action offered by the application: for example. Pop-up messages automatically disappear from the screen soon after they appear. run a database update or initiate activation of the application). if a malicious object is detected. Pop-up message Depending on the importance of an event for the viewpoint of the computer's security. you can block access to it. notifications and pop-up messages are divided into three types: Critical notifications – inform you of events that have a critical importance for the computer's security. such as detection of a potentially infected object or a suspicious activity in the system. such as detection of a malicious object or a dangerous activity in the system. delete it. 35 . Notification window Pop-up messages are displayed by Kaspersky Internet Security in order to inform you of events that do not require you to select an action. The application prompts you to select one of the available actions. Windows of critical notifications and popup messages are red-colored.

task or another item that should be configured. the right part of the window contains the controls that you can use to configure the item selected in the left part of the window. The application settings window The application settings window consists of two parts: in the left part of the window you can choose the application component. tasks and other items in the left part of the window are grouped in the following sections: – Protection Center. and for running other advanced configuration tasks (see section "Advanced application settings" on page 62). Figure 6. – Advanced Settings. The components. 36 . scanning and update tasks.USER GUIDE THE APPLICATION SETTINGS WINDOW The Kaspersky Internet Security settings window (also referred to as "settings window") is designed for configuring the entire application and separate protection components. – Update. – Scan.

you can disable the news delivery. The Kaspersky Gadget NEWS AGENT Using News Agent. After you install the application on a computer running under Microsoft Windows Vista. Figure 7. If you do not want to receive any news. The function of opening the settings window should be assigned to the button (see section "How to use the Kaspersky Gadget" on page 59). by clicking the icon which is displayed in the center of the Gadget when a piece of news appears (only for Microsoft Windows Vista and Microsoft Windows 7). 37 . THE KASPERSKY GADGET When using Kaspersky Internet Security on a computer running under Microsoft Windows Vista or Microsoft Windows 7. by clicking the Read news link in the pop-up news message. The above-listed methods of opening the News Agent window are only operable if any unread news is available. You can read the news in one of the following ways: by clicking the icon in the taskbar notification area. virus scanning of objects. you can also use the Kaspersky Gadget (hereinafter the gadget). by clicking the News link in the main application window. Information about the number of unread news items is also displayed in the main application window. protection status indication. the gadget appears on your desktop automatically. by clicking the button with the Settings icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). The application will notify you of news by displaying a special icon in the taskbar notification area (see below) and a popup message.APPLICATION INTERFACE You can open the settings window using one of the following methods: by clicking the Settings link in the top part of the main application window (see section "The Kaspersky Internet Security main window" on page 33). A news icon appears in the Kaspersky Internet Security gadget interface. The Kaspersky Gadget is designed for quick access to the main features of the application (for example. After you install Kaspersky Internet Security on a computer running under Microsoft Windows 7. by selecting Kaspersky Internet Security from the context menu (see section "Context menu" on page 32). application operation reports). Kaspersky Lab informs you of all important events related to Kaspersky Internet Security and protection against computer threats. you should add the gadget to the Microsoft Windows Sidebar manually (see the operating system documentation).

....... Open the application settings window......STARTING AND STOPPING THE APPLICATION This section contains information on starting and shutting down the application.............. This is the default start mode..... To disable automatic launch of the application...................... in the Start menu..... 38 ENABLING AND DISABLING AUTOMATIC LAUNCH Automatic launch of the application means that Kaspersky Internet Security launches after the operating system startup..... right-click to open the context menu of the application icon in the taskbar notification area and select Exit......... 38 Launching and closing the application manually .......................... uncheck the Launch Kaspersky Internet Security at computer startup box in the Autorun section in the right part of the window............... because the protection of your computer and personal data will then be at risk.... To disable or enable automatic launch of the application: 1......................... Check this box to enable automatic launch of the application... LAUNCHING AND CLOSING THE APPLICATION MANUALLY Kaspersky Lab specialists do not recommend that you stop Kaspersky Internet Security.. To launch the application manually.. Kaspersky Internet Security 2012 Kaspersky Internet Security 2012. 3........ but you can display it to access the application more easily (see the operating system documentation).. 2...... In the left part of the window................ It is recommended that you temporarily pause the computer's protection........ IN THIS SECTION: Enabling and disabling automatic launch .. in the Protection Center section. without closing the application.... In the Microsoft Windows 7 operating system the application icon is hidden by default........... select the General Settings subsection............... select Programs To exit the application.. 38 ......................... Kaspersky Internet Security should be started manually if you have disabled automatic launch of the application (see section "Enabling and disabling automatic launch" on page 38)....

................ red alerts of serious threats to the computer's security......................................................... yellow indicates protection-related problems....... 39 Enabling and disabling the protection ............................................................................... Protection status indicator You are advised to fix the problems and security threats immediately............................. IN THIS SECTION: Diagnostics and elimination of problems in your computer protection .................... 40 Pausing and resuming protection .. disable......... Figure 8......................... 41 DIAGNOSTICS AND ELIMINATION OF PROBLEMS IN YOUR COMPUTER PROTECTION Problems with computer protection are indicated by the computer indicator located in the left part of the main application window (see section "The Kaspersky Internet Security main window" on page 33)............ Read this section to learn more about how to enable................. The indicator is shaped as a monitor icon that changes color depending on the protection status of the computer: green means that the computer is protected.. 39 ........ and pause the protection when using the application.......................................................MANAGING THE COMPUTER PROTECTION This section provides information about how to detect threats to the computer's security and how to configure the security level.......

actions are listed that you can use to solve the problem. All protection components are running. ENABLING AND DISABLING THE PROTECTION By default. Figure 9.USER GUIDE Clicking the indicator in the main application window opens the Security Problems window (see the figure below) containing detailed information about the status of computer protection and troubleshooting suggestions for the detected problems and threats. The following signs indicate that the protection is paused or disabled: inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on page 31). You can fully or partially disable the protection provided by Kaspersky Internet Security. Kaspersky Internet Security is launched when the operating system loads and protects your computer until it is switched off. Kaspersky Lab specialists strongly recommend that you do not disable protection. 40 . since this may lead to an infection of your computer and data loss. The Security Problems window Problems with the protection are grouped by categories. a red security indicator in the upper part of the main application window. For each problem. It is recommended that you pause the protection for the required time interval (see section "Pausing and resuming protection" on page 41).

you can pause protection using the Kaspersky Gadget. the protection is regarded as the set of protection components. In the left part of the window. When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7. Uncheck the Enable protection box if you need to disable protection. 3. In the left part of the window. click the button with the Pause protection icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). If network connections were established at the moment protection was paused. Check this box if you need to enable the component. in the Protection Center section. 2. 3. To disable or enable a protection component: 1. uncheck the Enable <component name> box if you need to disable this component. To completely enable or disable protection: 1. in the Protection Center section. In this case. Open the application settings window. the protection is regarded as the set of protection components. In the right part of the window. To pause the protection of your computer: 1. The following signs indicate that the protection is paused or disabled: inactive (gray) application icon in the taskbar notification area (see section "The notification area icon" on page 31). Open the application settings window. 41 . Disabling or pausing protection components does not affect the performance of virus scan tasks and Kaspersky Internet Security updates. a red security indicator in the upper part of the main application window. you should assign the protection pausing function to a button of the gadget (see section "How to use the Kaspersky Gadget" on page 59). You can enable or disable the protection or individual application components from the application settings window (see section "The application settings window" on page 36).MANAGING THE COMPUTER PROTECTION In this case. 2. Check this box if you need to enable protection. select the component that should be enabled or disabled. Open the Pause protection window using one of the following methods: select Pause protection from the context menu of the application icon (see section "The context menu" on page 32). a notification about the termination of such connections is displayed. PAUSING AND RESUMING PROTECTION Pausing protection means temporarily disabling all protection components for a period of time. Disabling or pausing protection components does not affect the performance of virus scan tasks and Kaspersky Internet Security updates. To do this. select the General Settings subsection.

42 . select the time interval after which protection should be resumed: Pause for the specified time – protection will be enabled on expiration of the time interval selected from the dropdown list below. In the Pause protection window.USER GUIDE 2. Pause – protection will be enabled when you decide to resume it (please see below). You can use this method to resume computer protection when the Pause option has been selected. Pause until reboot – protection will be enabled after the application is restarted or the operating system is rebooted (provided that automatic application launch is enabled (see section "Enabling and disabling automatic launch" on page 38)). select Resume protection from the context menu of the application icon (see section "The context menu" on page 32). or when you have selected Pause for the specified time or Pause until reboot. To resume computer protection.

........................................ 53 How to restore a file that has been deleted or disinfected by the application ............................................................................................................. IN THIS SECTION: How to activate the application ..................................................................................................................... You will be reminded about the need to activate the application by Kaspersky Internet Security messages appearing in the taskbar notification area...................... 43 How to purchase or renew a license ..................... 61 HOW TO ACTIVATE THE APPLICATION Activation is the procedure of activating a license that allows you to use a fully functional version of the application until the license expires............................................................................................................................................................................................................................................. 46 How to scan a file..................................................................................................................................................................................... 45 How to update application databases and modules ......... 52 What to do with a large number of spam messages . disk.................................................................................................. 58 How to transfer settings to Kaspersky Internet Security installed on another computer ............................................................ 46 How to perform a full scan of your computer for viruses ..................................................... 59 How to know the reputation of an application ...................................................................................................................................................................................................................................................................................... 59 How to use the Kaspersky Gadget ............................................................................. you can do so later.................... 51 How to run an unknown application without doing any harm to the system ............................................................................................................. 57 How to restore default application settings ............................................ or another object for viruses . 43 .........................SOLVING TYPICAL TASKS This section provides information about how to resolve the most common issues related to protection of the computer using the application.................................................. 45 How to scan critical areas of your computer for viruses ................................................... 48 What to do if you suspect an object is infected with a virus... 54 How to create and use a Rescue Disk .................................. If you did not activate the application during installation....... 52 What to do if you suspect your computer is infected ........................................................ 44 What to do when application notifications appear ................................................................................... 48 How to scan your computer for vulnerabilities .................................................................................................. 54 How to view the report on the application's operation ...................................................... 48 How to protect your personal data against theft ....................................................................................................................... folder....

When the validity term of the current license expires. Step 1. Specify your registration data and click the Next button. To do this. Step 5. To purchase a license: 1. In the Manage License window that opens. Step 4. the Wizard automatically proceeds to the next step. When working with the application activation wizard. Open the main application window. Step 2. Entry of registration data User registration is necessary for the user to be able to contact the Technical Support Service. Wizard completion This window displays information on the activation results: the type of license used and the license expiry date. you can purchase one after installation. The eStore web page opens. Click the Manage License link in the bottom part of the main window to open the Manage License window. 44 . Step 3. you receive an activation code that you should use to activate the application (see section "How to activate the application" on page 43). When purchasing a license. HOW TO PURCHASE OR RENEW A LICENSE If you have installed Kaspersky Internet Security without a license. you can renew it. 3. perform one of the following: Click the Activate link in the Kaspersky Internet Security notice window that appears in the taskbar notification area. Enter activation code Enter the activation code in the corresponding field and click the Next button. When your license expires. you should add the new code as a reserve activation code. where you can purchase a license. 2. Click the Finish button to close the Wizard. You can purchase a new license before the validity period of your current activation code expires. click the Activate the application button. Unregistered users receive only minimal support. Requesting activation If the activation request is sent successfully. click the Buy activation code button. the Wizard automatically proceeds to the next window. you should specify values for a collection of settings. In the window that opens.USER GUIDE To run the Kaspersky Internet Security activation wizard. Activation If the application activation has been successful. Kaspersky Internet Security will be automatically activated using the reserve activation code. Click the Insert your activation code here link in the bottom part of the main application window.

such as detection of a potentially infected object or a suspicious activity in the system. 45 . Windows of critical notifications and popup messages are red-colored. In the window that opens. If the verification is successful. such as detection of a malicious object or a dangerous activity in the system. To start an update from the context menu. the Wizard automatically proceeds to the next step. in the New activation code section. you should select one of the options suggested in it. HOW TO UPDATE APPLICATION DATABASES AND MODULES By default. Depending on how critical the event is. you may receive the following types of notification: Critical notifications – inform you of events that have a critical importance for the computer's security. 2. 4. If the server stores a set of recent updates. click the Finish button. Enter the activation code in the corresponding fields and click the Next button. Kaspersky Internet Security automatically checks for updates on the Kaspersky Lab update servers.SOLVING TYPICAL TASKS To add a reserve activation code: 1. The Application Activation Wizard opens. 5. select Update from the context menu of the application icon. 2. click the Run update button. Open the main application window and select the Update section in the lower part of the window. In the Update window that opens. 6. Select New code and click the Next button. The Manage License window opens. Kaspersky Internet Security downloads and installs them in background mode. WHAT TO DO WHEN APPLICATION NOTIFICATIONS APPEAR Notifications that appear in the taskbar notification area inform you of events occurring in the application's operation which require your attention. Important notifications – inform you of events that are potentially important for the computer's security. click the Enter activation code button. Kaspersky Internet Security then sends the data to the activation server for verification. 3. To start an update from the main application window: 1. You can start updating Kaspersky Internet Security manually at any moment. To download updates from Kaspersky Lab servers. Information notifications – inform you of events that do not have critical importance for the computer's security. When you have finished with the Wizard. If such a notification is displayed on the screen. you should be connected to Internet. The optimal option is the one recommended as the default by Kaspersky Lab experts. Windows of information notifications and pop-up messages are green-colored. Click the Manage License link in the bottom part of the main window to open the Manage License window. Windows of important notifications and pop-up messages are yellow-colored. Open the main application window.

from the main application window (see section "The Kaspersky Internet Security main window" on page 33). Open Microsoft Windows Explorer and go to the folder which contains the object to be scanned. Double-click the shortcut to start the scan. system memory. 2. OR ANOTHER OBJECT FOR VIRUSES You can use the following methods to scan an object for viruses: using the context menu for the object. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. in the Critical Areas Scan section. FOLDER. objects added by the user (see section "Creating a list of objects to scan" on page 67). You can start the scan of critical areas using one of the following methods: using a shortcut created earlier (see page 71). Right-click to open the context menu of the object (see the figure below) and select Scan for Viruses. In the Scan window that opens. Open the main application window and select the Scan section in the lower part of the window. using the Kaspersky Internet Security Gadget (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). To start a virus scan task from the object context menu: 1. To start a scan from the main application window: 1. HOW TO SCAN A FILE. 2.USER GUIDE HOW TO SCAN CRITICAL AREAS OF YOUR COMPUTER FOR VIRUSES Critical areas scan means scanning the following objects: objects loaded at the startup of the operating system. To start the scan using a shortcut: 1. boot sectors of the disk. 2. DISK. click the button. from the main application window (see section "The Kaspersky Internet Security main window" on page 33). 46 .

2. Figure 10. An area of the Scan window. In the Select object to scan window that opens. Figure 11. Click the Add button. select an object to be scanned. b.SOLVING TYPICAL TASKS The process and the outcome of the task will be displayed in the Task Manager window. The progress of the task will be displayed in the Task Manager window. Drag an object to scan into the dedicated area of the main window (see figure below). Specify the object to scan using one of the following methods: Click the specify link in the bottom right part of the window to open the Custom Scan window. and check the boxes next to folders and drives that you need to scan. drag the object to scan onto the gadget. Open the main application window and select the Scan section in the lower part of the window. 47 . The context menu of an object in Microsoft Windows To start scanning an object from the main application window: 1. The progress of the task will be displayed in the Task Manager window. If the window displays no object to be scanned: a. into which you should drag an object to scan To scan an object for viruses using the gadget.

To start a full scan from the main application window: 1. In the Scan window that opens. usernames. to copy data used in unprotected applications. Scanning your computer for vulnerabilities helps you to reveal any such weak points in your computer. 2. Double-click the shortcut to start scanning the system for vulnerabilities. in the Vulnerability Scan section. In the Scan window that opens. and other registration data. 2. You can use the following methods to scan the system for vulnerabilities: from the main application window (see section "The Kaspersky Internet Security main window" on page 33). from the main application window (see section "The Kaspersky Internet Security main window" on page 33). 2. To start the task using a shortcut: 1.USER GUIDE HOW TO PERFORM A FULL SCAN OF YOUR COMPUTER FOR VIRUSES You can start a full scan for viruses using one of the following methods: using a shortcut created earlier (see page 71). for example. To start the task from the main application window: 1. you can protect your personal data against theft. 2. HOW TO SCAN YOUR COMPUTER FOR VULNERABILITIES Vulnerabilities are unprotected portions of software code which intruders may deliberately use for their purposes. click the button. HOW TO PROTECT YOUR PERSONAL DATA AGAINST THEFT With Kaspersky Internet Security. Open the main application window and select the Scan section in the lower part of the window. using a shortcut created earlier (see page 71). You are advised to remove the detected vulnerabilities. account numbers and bank card numbers. in the Full Scan section. 48 . Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. Open the Microsoft Windows Explorer window and go to the folder where you created the shortcut. this includes data such as: passwords. click the button. To start a full scan using a shortcut: 1. Open the main application window and select the Scan section in the lower part of the window. Double-click the shortcut to start the scan.

.......... 2................... In the right part of the window.. check the Check if URLs are listed in the database of phishing URLs box........ on the Exact methods tab... in the Consider message as spam section. Open the application settings window... The Anti-Spam window will be displayed... select the Anti-Spam component.... Protects against data thefts involving the phishing... in the Protection Center section... 50 Protection of confidential data entered on websites ......SOLVING TYPICAL TASKS Kaspersky Internet Security comprises the following components and tools that help you protect your private data: Anti-Phishing........... 3............... Open the application settings window................ 3.... In the window that opens... Kaspersky Lab recommends that you enable the checking for phishing for all protection components............. To enable protection against phishing when IM Anti-Virus is running: 1.... Prevents interception of data entered at the keyboard... IN THIS SECTION: Protection against phishing . In the left part of the window. and IM AntiVirus components.... select the IM Anti-Virus component............. Click the Settings button in the right part of the window. 49 ............... 2........... 3................ 2...... 49 Protection against data interception at the keyboard ......... 5............ Anti-Spam........... Restricts sending of private data over the Internet........... In the left part of the window................... In the left part of the window................... on the General tab. 4................... check the If it contains phishing elements box......... Parental Control (see page 143). 51 PROTECTION AGAINST PHISHING Protection against phishing is ensured by Anti-Phishing..... Click the Settings button in the right part of the window. The Web Anti-Virus window opens........... in the Protection Center section... select the Web Anti-Virus component................... in the Protection Center section........ in the Kaspersky URL Advisor section........ To enable protection against phishing when Anti-Spam is running: 1. check the Check web pages for phishing box. implemented in the Web Anti-Virus... 4. in the Scan methods section. To enable protection against phishing when Web Anti-Virus is running: 1.. In the window that opens........ Virtual Keyboard..... Open the application settings window........

ALT).. The Virtual Keyboard cannot protect your personal data if the website requiring the entry of such data has been hacked. select Tools Virtual Keyboard from the context menu of the application icon. To open the Virtual Keyboard from the main application window. web shopping or Internet banking.g. press the CTRL+ALT+SHIFT+P shortcut. The Virtual Keyboard prevents the personal data being entered. This happens. from being intercepted through the use of screenshots. you have to click the first key (e. Mozilla Firefox. Unlike with real keyboards. Mozilla Firefox and Google Chrome browsers. for example. because in this case the information is obtained directly by the intruders. Mozilla Firefox or Google Chrome browser windows. Many of the applications classified as spyware have the function of making screenshots which are then transmitted to an intruder for further analysis and extraction of the user's personal data. which are programs that register keystrokes. depending upon the specified settings. You can open the Virtual Keyboard in the following ways: from the context menu of the application icon. there is no way to click several keys simultaneously on a Virtual Keyboard. from the Microsoft Internet Explorer. you frequently need to enter your personal data or your username and password. Virtual Keyboard button in the toolbar of Microsoft Internet Explorer. to use combinations of keys (e. or Google To open the Virtual Keyboard using the computer keyboard.. The Virtual Keyboard tool prevents the interception of data entered via the keyboard. To open the Virtual Keyboard from the browser window. and then click the first key again..USER GUIDE PROTECTION AGAINST DATA INTERCEPTION AT THE KEYBOARD When working on the Internet. in the lower part of the main application window select Virtual Keyboard. during account registration on web sites. F4).g. Therefore. using keyboard shortcuts. from the main application window.g. The Virtual Keyboard has the following features: You can click the Virtual Keyboard buttons using the mouse. 50 . click the Chrome. There is a risk that this personal information can be intercepted using hardware keyboard interceptors or keyloggers. then the next key (e. The second click of the key acts in the same way as the key release on a real keyboard. The Virtual Keyboard only prevents the interception of personal data when working with Microsoft Internet Explorer. Input language for the Virtual Keyboard is toggled using the key combination CTRL+SHIFT (the SHIFT key should be clicked using the right mouse button) or CTRL+LEFT ALT (the LEFT ALT key should be clicked using the right mouse button). ALT+F4). To open the Virtual Keyboard from the context menu of the application icon.

they add the description of the new virus into the databases that will be downloaded by the application with an update (see section "How to update application databases and modules" on page 45). In the window that opens. In the lower part of the window. Send the object to the Virus Lab. 51 . passwords to access online banking services). Kaspersky Internet Security may be able to clearly identify and remove the threat. select the Quarantine section. WHAT TO DO IF YOU SUSPECT AN OBJECT IS INFECTED WITH A VIRUS If you suspect an object is infected. On the Quarantine tab click the Move to Quarantine button. select the file that you want to move to Quarantine. Open the main application window.SOLVING TYPICAL TASKS PROTECTION OF CONFIDENTIAL DATA ENTERED ON WEBSITES To protect confidential data entered on websites (for example. Objects moved to Quarantine do not pose any threat to your computer. 4. you can perform any of the following actions: Move the object to Quarantine. bank card numbers. You can move a file to Quarantine using one of two methods: by clicking the Move to Quarantine button in the Quarantine window. In the bottom part of the window. 2. disk. 3. Safe Run for Websites can be started in the following ways: from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" on page 33). folder. click the Start Safe Run for Websites button. To move a file to Quarantine from the Quarantine window: 1. select the Safe Run for Websites section. or another object for viruses" on page 46). using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141). You can enable access control for online banking services (see section "Controlling access to online banking services" on page 94) to determine banking websites automatically and also start Safe Run for Websites manually. Kaspersky Internet Security prompts you to open such websites in Safe Run for Websites. 3. In the window that opens. scan it using Kaspersky Internet Security (see section "How to scan a file. using the context menu for the file. If it turns out to be infected with a virus. If the application scans an object and then considers it as not infected although you suspect the contrary. To start Safe Run for Websites from the main Kaspersky Internet Security window: 1. Virus Lab specialists scan the object. After the databases are updated. 2. Open the main application window.

all changes made by this application will be discarded automatically. To send a file to the Virus Lab: 1. Right-click to open the context menu of the file and select Move to Quarantine. if you launch an infected application in Safe Run. 3. right-click to open the context menu for the selected object (application shortcut or executable file) and select Safe Run. 2. WHAT TO DO WITH A LARGE NUMBER OF SPAM MESSAGES If you receive large amounts of unwanted messages (spam). click the Default level button. in the Protection Center section. In the right part of the window. You can start Safe Run as a separate desktop (see page 138) or run an application in Safe Run on the main desktop.com/virlab/helpdesk. If the security level is set to Low or Custom. 2. check the Enable Anti-Spam box. HOW TO RUN AN UNKNOWN APPLICATION WITHOUT DOING ANY HARM TO THE SYSTEM When the safety of any application raises doubts. 52 . Go to the Virus Lab request page (http://support. 4. enable the Anti-Spam component and set the recommended security level for it. Make sure that the Recommended security level is set in the Security level section. 2.USER GUIDE To move a file to Quarantine using the context menu: 1. Thus.kaspersky. In Safe Run. Open the application settings window. To run an application in the safe environment from the Microsoft Windows context menu. Safe Run is isolated from the main operating system of the computer. The security level will automatically be set to Recommended. it can be executed in Safe Run. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to Quarantine. Follow the instructions on this page to send your request. Applications started in Safe Run are marked with a green frame around the application window and have a safe run indicator in the list of applications monitored by Application Control (see section "Application Control" on page 101). real operating system files do not undergo changes. its actions will not affect the operating system of the computer.html). To enable Anti-Spam and set the recommended security level: 1. In the left part of the window. After the application is closed. select the Anti-Spam component.

Selecting troubleshooting actions All damage found during the previous step is grouped on the basis of the type of danger it poses. To stop the Wizard at any stage. click the Finish button. Based on the review. a list of actions necessary to eliminate the problems is generated. Recommended actions eliminate problems presenting a potential threat. which removes any traces of malicious objects from the system. After the review is complete. Starting system restoration Make sure that the Wizard option to Search for problems caused by malware activity is selected and click the Next button. Open the main application window (see page 33). click the Cancel button. 53 . 3. Step 2. in the Microsoft Windows Troubleshooting section. For each damage group. select the Tools section. Step 3. the Wizard will proceed automatically to the next step. You are advised to perform all actions in this group. In the window that opens. To view the actions within a group. system failures. Additional actions repair system damage which does not pose a current threat. Kaspersky Lab recommends that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by infections have been fixed. or incorrect operation of system optimization applications. but may pose a danger to the computer's security in the future. use Microsoft Windows Troubleshooting. You are also advised to perform all actions in this group. The Wizard groups these actions by category based on the severity of the problems detected. click the + icon to the left of the group name. blockage of the network environment and control panel). Microsoft Windows Troubleshooting checks the system for modifications and faults (such as modifications of file extensions. The Microsoft Windows Troubleshooting window opens.SOLVING TYPICAL TASKS WHAT TO DO IF YOU SUSPECT YOUR COMPUTER IS INFECTED If you suspect your operating system of being corrupted due to malware activity or system failures. 2. Step 1. Problems search The Wizard will search for problems and damage which should be fixed. Kaspersky Lab recommends a sequence of actions to repair the damage. an improper system configuration. Once the search is complete. Modifications and faults may be caused by malware activity. the Wizard analyzes the information to evaluate whether there is system damage which requires immediate attention. There are three groups of actions: Strongly recommended actions eliminate problems posing a serious security threat. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. click the Start button. To close the Wizard once it has completed its task. In the lower part of the window. To start the System Restore Wizard: 1.

. HOW TO CREATE AND USE A RESCUE DISK After you install Kaspersky Internet Security and perform the first scan of your computer.. Eliminating problems The Wizard will perform the actions selected during the previous step.................. select the required file from the list and click the Restore button.......... Having defined the set of actions which the Wizard will perform... it is recommended that you create the Rescue Disk...... You will then be able to use Kaspersky Rescue Disk for scanning and disinfecting infected computers that cannot be disinfected using other methods (e... On the Storage tab................ Once the troubleshooting is complete.... Wizard completion Click the Finish button to close the Wizard................. It is strongly recommended that you not uncheck the boxes selected by default.......... If you want to restore a deleted or disinfected file.. IN THIS SECTION: Creating a Rescue Disk.. 55 Starting the computer from the Rescue Disk ......USER GUIDE To make the Wizard perform a certain action. as doing so will leave your computer vulnerable to threats............................. By default.... the Wizard will automatically proceed to the next step............... as they may pose a threat to your computer...... To restore a file that has been deleted or disinfected by the application: 1. The elimination of problems may take some time......... with anti-virus applications)..... Open the main application window.. click the Next button......... The Rescue Disk is an application named Kaspersky Rescue Disk and recorded on a removable medium (CD or USB flash drive).............. 2.. you can use a backup copy of it which was created by the application during the scan...... Step 4....... the Wizard performs all recommended and strongly recommended actions................ HOW TO RESTORE A FILE THAT HAS BEEN DELETED OR DISINFECTED BY THE APPLICATION Kaspersky Lab recommends that you avoid restoring deleted and disinfected files......... In the lower part of the window........ Step 5. 3.....g............ If you do not wish to perform a certain action. select the Quarantine section................... uncheck the box next to it..... check the box to the left of the corresponding action description.......... 57 54 ...

The Wizard will proceed to the Select disk image source window. You can download the original disk image from the Kaspersky Lab server or copy it from a local source. Selecting a disk image source If you have checked the Use existing ISO image box in the first Wizard window. Let us review the steps of the Wizard in more detail. Searching for an existing disk image The first window of the Wizard contains information about Kaspersky Rescue Disk. Uncheck this box if you do not want to use the disk image that was detected. click the Cancel button. The Rescue Disk is created using the Kaspersky Rescue Disk Creation Wizard. and you want to download one from the Kaspersky Lab server (file size is about 175 MB). click the Create button. 3. then this step will be skipped. Starting the Wizard. The Kaspersky Rescue Disk Creation Wizard window opens. in the Kaspersky Rescue Disk section. At this step. click the Finish button. 55 . you should select a disk image source from the options suggested: If you already have a recorded copy of the Rescue Disk or an ISO image saved on your computer or on a local network resource. 2. In the window that opens. To stop the Wizard at any stage. In the lower part of the window. select Copy ISO image from local or network drive. If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder (see above). select Download ISO image from Kaspersky Lab server. select the Tools section. To create a Rescue Disk: 1. Step 1. the Use existing ISO image box will be displayed in the first window of the Wizard. If you have no ISO image file created for the Rescue Disk. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. Open the main application window.iso file created by the Wizard is saved on your computer's hard drive: in Microsoft Windows XP – in the following folder: Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Data\Rdisk\. To close the Wizard once it has completed its task.SOLVING TYPICAL TASKS CREATING A RESCUE DISK Creating a Rescue Disk consists in creating a disk image (ISO file) with the up-to-date version of Kaspersky Rescue Disk. Check the box to use the detected file as the original ISO image and go directly to the Updating disk image step (see below). The rescuecd. in Microsoft Windows Vista and Microsoft Windows 7 operating systems – in the following folder: ProgramData\Kaspersky Lab\AVP12\Data\Rdisk\. Step 2. and writing it on a removable medium.

To begin updating the ISO file. then this step will be skipped. To record the disk image on the hard drive of your computer or on the hard drive of another one that you can access via a network. PDAs. When copying or downloading of the ISO image is complete. click the Browse button. Step 5. the Wizard automatically proceeds to the next step. updating configuration files. After you have specified the path to the file. The update's progress will be displayed in the Wizard window. and the name of the ISO file.USER GUIDE Step 3. it is recommended that you run the update task and launch the Kaspersky Rescue Disk Creation Wizard again. those distributed at the last update of Kaspersky Internet Security are used. The progress of copying the disk image is displayed in the Wizard window. and MP3 players. 56 . select Record to USB flash drive and specify a device. Copying (downloading) the disk image If you have checked the Use existing ISO image box in the first Wizard window. click the Next button. in which you want to record the disk image. If you have selected Download ISO image from Kaspersky Lab server at the previous step. cellphones. When updating anti-virus databases. Specify a data medium for recording Kaspersky Rescue Disk: To record the disk image on a CD / DVD. the Wizard informs you of a successful creation of a disk image and offers you to record it on a medium. select Save the disk image to file on local or network drive and specify a folder. Configuration files determine whether the computer can be booted from a removable medium (such as a CD / DVD or a USB flash drive with Kaspersky Rescue Disk) created by the Wizard. Updating the ISO image file The updating procedure for the ISO image file comprises the following operations: updating anti-virus databases. Kaspersky Lab recommends that you do not record the ISO image on devices which are not designed specifically for data storage. on which you want to record the disk image. To record the disk image on a USB flash drive. the progress of downloading the disk image is displayed immediately. If databases are out of date. on which you want to record the disk image. Recording ISO images on these devices may lead to their functioning incorrectly in the future. click the Next button. such as smartphones. If you have selected Copy ISO image from local or network drive at the previous step. Step 4. Recording the disk image on a medium At this step. select Record to CD / DVD and specify a medium.

you can obtain statistical information about the application's operation (for example. Wizard completion To close the Wizard once it has completed its task. learn how many malicious objects have been detected and neutralized for a specified time period. how many times the application has been updated for the same period. For detailed information about the use of the Rescue Disk. Open the Reports window using any of the following methods: click the Reports link in the top part of the main application window. The Reports window displays reports on the application's operation represented as diagrams. make sure that this operation can be performed. the Kaspersky Gadget should be configured so that the option of opening the reports window is assigned to one of its buttons (see section "How to use the Kaspersky Gadget" on page 59). Before shutting down your computer for subsequent booting from a removable media. To view the application operation report: 1. Booting a computer from a removable media is not always possible. You can use the newly created Rescue Disk to boot the computer (see page 57) if you cannot boot it and run Kaspersky Internet Security in normal mode due to an impact caused by viruses or malware. how many spam messages have been detected and much more). STARTING THE COMPUTER FROM THE RESCUE DISK If the operating system cannot be booted as a result of a virus attack. click the Detailed report button in the bottom part of the Report window. please refer to the documentation for your computer's motherboard). To boot your computer from the Rescue Disk: 1. use the Rescue Disk. Restart your computer. To boot the operating system. click the Finish button. Using a report. 2.SOLVING TYPICAL TASKS Step 6. For convenient viewing of reports. a report on the operation of each component). where data are represented in a table. Insert a CD / DVD into the CD / DVD drive of an infected computer or connect a USB flash device with Kaspersky Rescue Disk copied on it. 3. In particular. HOW TO VIEW THE REPORT ON THE APPLICATION'S OPERATION Kaspersky Internet Security creates operation reports for each component. you should use a CD / DVD or a USB flash drive with Kaspersky Rescue Disk copied on it (see section "Creating a Rescue Disk" on page 55). To do this. you can select various entry sorting options. click the button with the Reports icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). 57 . this mode is not supported by some obsolete computer models. you can open reports using the Kaspersky Gadget. If you want to view a detailed application operation report (for example. please refer to the Kaspersky Rescue Disk User Guide. The Detailed report window will open. 2. enable booting from a CD / DVD or a USB device (for detailed information. In the BIOS settings. When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7.

These applications are added to the list of trusted applications which have no restrictions imposed on the actions they perform in the system. Step 2. When restoring the recommended security level. System analysis At this stage. Kaspersky Lab recommends that you save your special settings when restoring the default application settings. the Wizard will automatically proceed to the next step. Restore settings This Wizard window shows which Kaspersky Internet Security protection components have settings that differ from the default value because they were either changed by the user or accumulated by Kaspersky Internet Security through training (Firewall or Anti-Spam). Finishing restoration To close the Wizard once it has completed its task. protection exclusion rules created for application components.USER GUIDE HOW TO RESTORE DEFAULT APPLICATION SETTINGS You can restore the default application settings recommended by Kaspersky Lab for Kaspersky Internet Security. Starting the Wizard Click the Next button to proceed with the Wizard. Special settings include lists of allowed and blocked phrases and addresses used by Anti-Spam. 2. The special settings are created when working with Kaspersky Internet Security with regard for individual tasks and security requirements. The settings can be restored using the Application Configuration Wizard. at any time. you can save the previously specified values for some of the settings of application components. Run the Application Configuration Wizard using one of the following methods: click the Restore link in the bottom part of the window. Check the boxes for the settings that you want to save and click the Next button. When the Wizard completes its operation. they will also be shown in this window. lists of trusted web addresses and ISP phone numbers. information about Microsoft Windows applications is collected. Once the analysis is complete. and filtering rules applied by Firewall to packets and applications. select the Manage Settings subsection in the Advanced Settings section and click the Restore button in the Restore default settings section. Step 3. Open the application settings window. the Recommended security level is set for all protection components. Let us review the steps of the Wizard in more detail. 58 . in the left part of the window. click the Finish button. To restore the default settings of the application: 1. Step 1. Step 4. If special settings have been created for any of the components.

SOLVING TYPICAL TASKS HOW TO TRANSFER SETTINGS TO KASPERSKY INTERNET SECURITY INSTALLED ON ANOTHER COMPUTER Once you have configured the product. in the Advanced Settings section. Click the OK button. in the Advanced Settings section. a revolving globe-shaped icon is displayed in the center part of the gadget. Saving the application settings in a configuration file. Gray indicates that the application is stopped. 2. In the left part of the window. 3. After you install the application on a computer running under Microsoft Windows Vista. by email or on a removable medium). 4. Transferring a configuration file to another computer (for example. In the left part of the window. 5. After you install Kaspersky Internet Security on a computer running under Microsoft Windows 7. Open the application settings window. The settings of Kaspersky Internet Security can be transferred to another computer in three steps: 1. 4. select the Manage Settings subsection. you should add the gadget to the Microsoft Windows Sidebar manually (see the operating system documentation). Click the Load button in the right part of the window. Consequently. To export the current settings of Kaspersky Internet Security: 1. select the Manage Settings subsection. This is a helpful feature when. Green indicates that your computer is duly protected. 2. while yellow indicates that there are protection problems. Click the OK button. The Gadget color indicator displays your computer's protection status in the same manner as the indicator in the main application window (see section "Diagnostics and elimination of problems in your computer protection" on page 39). Applying settings from a configuration file to the application installed on another computer. Click the Save button in the right part of the window. The application settings are stored in a special configuration file that you can transfer to another computer. 5. the application will be configured identically on both computers. Open the application settings window. 3. While updating the application databases and software modules. for example. 59 . Kaspersky Internet Security is installed on your home computer and in your office. you can apply its settings to Kaspersky Internet Security installed on another computer. and red indicates that your computer's security is at serious risk. In the window that opens. HOW TO USE THE KASPERSKY GADGET When using Kaspersky Internet Security on a computer running under Microsoft Windows Vista or Microsoft Windows 7. enter the name of the configuration file and the path where it should be saved. you can also use the Kaspersky Gadget (hereinafter the gadget). To import the application's settings from a saved configuration file: 1. select the file from which you wish to import the Kaspersky Internet Security settings. 2. 3. In the window that opens. the gadget appears on your desktop automatically.

USER GUIDE You can use the gadget to perform the following actions: resume the application if it has been paused earlier. click the Enable icon located in the center of the gadget. To start the application using the gadget. Open the gadget settings window by clicking the block if you position the cursor over it. select actions that should be performed when you click those buttons. open the news window. click the icon . you can configure the buttons of the gadget so that they could initiate additional actions: run an update. To configure the gadget: 1. switch to Safe Run (for 32-bit operating systems only). In the dropdown lists corresponding to gadget buttons. drag the object to scan onto the gadget. Click the OK button. Also. open the Virtual Keyboard. open the main application window. open the Task Manager window. view information about network activity (Network Monitor) and applications' activity. 60 . To open the main application window using the gadget. edit the application settings. icon that appears in the upper right corner of the gadget 2. click the monitor icon in the center area of the gadget. To open the news window using the gadget. scan specified objects for viruses. pause the protection. view application reports. 3. view Parental Control reports. which is displayed in the center of the gadget when news is released. To scan an object for viruses using the gadget. The progress of the task will be displayed in the Task Manager window.

174 61 . time...... in which the application is the most widespread.. at which the application has become known in Kaspersky Security Network................................... number of users of Kaspersky Security Network that use the application (available if the application has been included in the Trusted group in Kaspersky Security Network database)... open the context menu of the executable file of the application and select Check reputation in KSN... To verify the reputation of an application... countries........SOLVING TYPICAL TASKS HOW TO KNOW THE REPUTATION OF AN APPLICATION Kaspersky Internet Security allows you to learn the reputation of applications from users all over the world....................... you should agree to participate in Kaspersky Security Network (see page 175) when installing Kaspersky Internet Security. SEE ALSO: Kaspersky Security Network ................ To know the reputation of an application........... information about the group................. in which the application has been included by Application Control or a majority of users of Kaspersky Security Network....... information about the digital signature (available if a digital signature exists)............... Reputation of an application comprises the following criteria: name of the vendor.

................................................................................................................................................................................................................................... 64 Update............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 163 Reports.................... 154 Performance and compatibility with other applications ........ 72 File Anti-Virus ..................................................................................................................................... 155 Kaspersky Internet Security self-defense ........................................................................................................... 174 62 .................................................................................................................................................................... 95 Proactive Defense ........................................ Managing active interface elements ..................................................................................................................................................... IN THIS SECTION: General protection settings .................................................................................... 97 System Watcher ................................................ 99 Application Control ..................................... 101 Network protection ...................................................................................................... 63 Scan ...................................... 83 Web Anti-Virus .................................. 135 Safe Run for Applications and Safe Run for Websites ....................................................................... 88 IM Anti-Virus............................................................................................... 109 Anti-Spam ............................................................................................................................................ 77 Mail Anti-Virus ................................................................................................................................................................................................. 159 Quarantine and Backup. 172 Kaspersky Security Network .................................................................................................................................................................................................................. 167 Application appearance...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ADVANCED APPLICATION SETTINGS This section provides detailed information about how to configure each of the application components..................................................................................................... 143 Trusted zone .................................................................................................................................................................................. 160 Additional tools for better protection of your computer ....................................... 171 Notifications.................................................. 120 Anti-Banner ................................................................................................................................................................................ 137 Parental Control .............................................

......... enabling and configuring Parental Control.......... 63 Selecting a protection mode ...................................... In the right part of the window.. Be careful when using a password to restrict access to application removal........ In the Password protection window that opens................. To restrict access to Kaspersky Internet Security with a password: 1................. check the Enable password protection box and click the Settings button......... In the left part of the window... disable or enable automatic launching of the application at operating system startup (see section "Enabling and disabling automatic launch" on page 38).......... 4. enter the password and specify the area to be covered by the access restriction..... in the General Settings subsection of the Protection Center section......... the application will be difficult to remove from your computer.... 2.. Unrestricted user access to Kaspersky Internet Security and its settings may lead to a reduced level of computer protection.... IN THIS SECTION: Restricting access to Kaspersky Internet Security .... select the interactive or automatic protection mode (see section "Selecting a protection mode" on page 64)........... closing the application............ To restrict access to the application. in the Password protection section................ 63 .. select the General Settings subsection.. Open the application settings window........................... If you forget the password. 3....... in the Protection Center section..... restrict users' access to the application by setting a password (see section "Restricting access to Kaspersky Internet Security" on page 63)................. you can: disable all protection components (see section "Enabling and disabling protection" on page 40)......ADVANCED APPLICATION SETTINGS GENERAL PROTECTION SETTINGS In the application settings window. removing the application. 64 RESTRICTING ACCESS TO KASPERSKY INTERNET SECURITY A computer may be used by several users with various levels of computer literacy........ you can set a password and specify which actions should require the password to be entered: changing application settings.. enable a custom key combination for displaying the virtual keyboard on the screen (see section "Protection against data interception at the keyboard" on page 50)......

. 2.................... If you wish Kaspersky Internet Security to notify you of all hazardous and suspicious events in the system and to allow you to decide which of the actions offered by the application should be applied..................... In the left part of the window.. for example.... check the Do not delete suspicious objects box... you can enable the interactive protection mode.............. in the Protection Center section.............. 72 Managing scan tasks.............. scan methods. to enable automatic protection mode.............USER GUIDE SELECTING A PROTECTION MODE By default...... If you do not want Kaspersky Internet Security to delete suspicious objects when running in automatic mode........................ uncheck the Select action automatically box........................ select the General Settings subsection.................. viruses and other riskware is one of the most important tasks when ensuring the computer's security.. check or uncheck the boxes depending on your choice of protection mode: to enable the interactive protection mode........... and scan technologies.................... Kaspersky Internet Security scans the following objects: system memory. 64 Vulnerability Scan .. check the Select action automatically box.. security levels.... In the Interactive protection section........... SCAN Scanning the computer for vulnerabilities..................... Kaspersky Internet Security runs in automatic protection mode................. Open the application settings window................. Scan of the entire system......... In this mode the application automatically applies actions recommended by Kaspersky Lab in response to dangerous events...... To select a protection mode: 1............ 64 . The vulnerability scan performs diagnostics of operating system safety and detects software features that could be used by intruders to spread malicious objects and obtain access to personal information........ It is necessary to regularly scan your computer for viruses and other riskware in order to rule out the possibility of spreading malicious programs that have not been detected by protection components................ This section contains information about scan task features and configuration......... 72 VIRUS SCAN To detect viruses and other riskware.. due to a low security level set.. or for other reasons........................ 3. objects loaded on operating system startup.............. Kaspersky Internet Security comprises the following tasks: Full Scan..... Task Manager .................................. IN THIS SECTION: Virus scan .......................... By default..............................

The application displays a notification (see page 172) about the detected threat and performs the prescribed action. this action is Disinfect. Kaspersky Internet Security scans objects loaded at the startup of the operating system. Kaspersky Internet Security scans objects selected by the user. for suspicious objects – Move to Quarantine. If a threat is detected. removable storage media. Information on the scan results and events which have occurred during the execution of the task is logged in a Kaspersky Internet Security report (see page 167). the signature mode (the one using records from application databases to search for threats) is always enabled. in the section with the name of the task running. You can enable automatic scanning of quarantined objects after each update. Each scan task is performed in a specified area and can be started according to a previously created schedule. Task Manager" on page 72). After the full scan task or the critical areas scan task is started. By default. You can scan any object from the list below: system memory. removable storage media. If you are working in automatic mode (see section "Selecting a protection mode" on page 64).ADVANCED APPLICATION SETTINGS system backup. any file or folder that you have selected. Suspicious (potentially infected) objects are quarantined. and in the Task Manager (see section "Managing scan tasks. The Full Scan and the Critical Areas Scan tasks have their peculiarities. For malicious objects. email databases. By default. If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on page 64). Potentially infected (suspicious) status if the scan cannot determine whether the object is infected or not. Before attempting to disinfect or delete an infected object. You can also apply various scan methods and technologies. 65 . You can change the actions to be taken when a threat is detected. For these tasks. hard and network drives. Custom Scan. it is not recommended that you edit the lists of objects to scan. Delete if disinfection fails. hard and network drives. Kaspersky Internet Security assigns one of the following statuses to the found object: Malicious program (such as a virus or Trojan). the scan run progress is displayed in the Scan window. Critical Areas Scan. the application displays a notification on the screen that you can use to select the required action the list of available ones. Each scan task is also characterized by a security level (a combination of settings that impact the depth of the scan). when dangerous objects are detected. email databases. The file may contain a sequence of code characteristic of viruses. system backup. Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. objects loaded on operating system startup. or modified code from a known virus. Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists.

.. 67 Creating a list of objects to scan .................. 3.......... select the desired task (Full Scan............. 71 CHANGING AND RESTORING THE SECURITY LEVEL Depending on your current needs................................................................. When configuring scan task settings.............. 68 Selecting scan technology.................... 66 ......................... in the Scan section...... 69 Running a scan under a different user account .......................................................................................... you can always restore the recommended ones....................................................... click the Default level button for the task selected................................ recommended by Kaspersky Lab.............. In the left part of the window.... 70 Scanning removable drives on connection .................................................... In the left part of the window................................... the name of the security level will change to Custom................................. 68 Changing the actions to be performed when a threat is detected ... set the desired security level for the task selected............ in the Scan section........................................................................................................................................................................................................................................................ 69 Scanning of compound files ....................................................................................... select the desired task (Full Scan.............. you can select one of the preset security levels or modify the scan settings manually........ 69 Changing the type of objects to scan .......................................................................... 2........ In the Security level section.... In the Security level section............................................................... 3. Open the application settings window..... or Custom Scan).............. If you modify the settings manually.......... 71 Creating a task shortcut ........................................................................ Critical Areas Scan......... To change the established security level: 1.. 66 Creating the scan startup schedule .................... and grouped in the Recommended security level..................... 70 Scan optimization ....... These settings are considered optimal................................................................USER GUIDE IN THIS SECTION: Changing and restoring the security level ................ or click the Settings button to modify scan settings manually................. 67 Selecting a scan method ........................... Open the application settings window.................................. 2................................................................ or Custom Scan)...................................................................................... To restore the default scan settings: 1................ Critical Areas Scan........................................................................................

Critical Areas Scan. on the Run mode tab in the Schedule section. The scan will then not take up system resources during work. If it is not possible to start the task for any reason (for example. or other types of objects. in the Schedule section. You can edit this list. start time (if necessary). Open the application settings window. in the Schedule section. the computer was not on at that time). or it contains no selected objects. in the Scan section. on the Run mode tab. Click the Run mode button in the right part of the window. Open the application settings window. or Vulnerability Scan). or Vulnerability Scan). In the left part of the window. select the desired task (Full Scan. 4. 2. You can automatically pause the scan when a screensaver is inactive or the computer is unlocked. This functionality postpones launching the task until the user has finished working on the computer. a scan task cannot be started. select the desired task (Full Scan. such as logical drives and email databases. 2. Critical Areas Scan. CREATING A LIST OF OBJECTS TO SCAN Each virus scan task has its own default list of objects. 3. 3. Open the application settings window. In the window that opens. select the desired task (Full Scan. Click the Run mode button in the right part of the window. on the Run mode tab. in the Scan section. and advanced settings. Click the Run mode button in the right part of the window. select By schedule and configure the scan run mode by specifying required values for the Frequency setting. In the window that opens. 67 . such as network drives.ADVANCED APPLICATION SETTINGS CREATING THE SCAN STARTUP SCHEDULE You can create a schedule to automatically start virus scan tasks: specify task run frequency. To launch scans only when the computer is not being used: 1. These objects may include items in the computer's file system. you can configure the skipped task to start automatically as soon as it becomes possible. In the left part of the window. Critical Areas Scan or Vulnerability Scan). To modify the schedule for scan tasks: 1. In the left part of the window. The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start automatic updates when your computer is idle. To enable automatic launching of a skipped task: 1. in the Scan section. 4. In the window that opens. 3. 4. 2. If the scan scope is empty. select By schedule and check the Run skipped tasks box. select By schedule and check the Run scheduled scan when screensaver is active or computer is locked box.

In the window that opens. In the right part of the window. In the bottom part of the window that opens. Open the main application window. use the Add. 4. Critical Areas Scan. click the Scan scope button. Edit. Click the OK button after you have added all the objects you need. To create a list of objects for Full Scan. SELECTING SCAN TECHNOLOGY In addition to the scan methods you can use special object scan technologies which allow you to increase virus scan speed by excluding the files that have not been modified since they were last scanned. click the specify link to open a list of objects to be scanned. uncheck the boxes next to them. In the bottom part of the window. You can use additional scan methods to increase scan efficiency: heuristic analysis (analysis of the actions an object performs within the system) and rootkit scan (a scan for tools that can hide malicious programs in your operating system). In the left part of the window. To select which scan method to use: 1. Open the application settings window. 3. In the Custom Scan window that opens. 2. or Custom Scan). Open the application settings window. click the Settings button for the task selected. Critical Areas Scan or Vulnerability Scan tasks: 1. In the Security level section. 4. To exclude any objects from the list of objects to be scanned. and Delete buttons to create a list. To exclude any objects from the list of objects to be scanned. select the desired object and click the Add button.USER GUIDE To create a list of objects for a custom scan task: 1. select the desired task (Full Scan. 4. 68 . or Vulnerability Scan). select the desired scan methods. SELECTING A SCAN METHOD During a virus scan. Critical Areas Scan. In the Scan scope window that opens. 2. on the Additional tab in the Scan methods section. Objects which appear in the list by default cannot be edited or deleted. 2. select the Scan section. In the Select object to scan window that opens. 5. in the Scan section. select the desired scan task (Full Scan. in the Scan section. signature analysis is always used: Kaspersky Internet Security compares the object found with the database records. In the left part of the window. uncheck the boxes next to them. You can also drag files to be scanned directly into a marked area located in the Scan section. 3. 3. click the Add button.

ADVANCED

APPLICATION SETTINGS

To specify the object scan technologies: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Additional tab in the Scan technologies section, select the desired values.

3. 4.

CHANGING THE ACTIONS TO BE PERFORMED WHEN A THREAT IS DETECTED
If infected objects are detected, the application performs the selected action. To change the action that should be performed when a threat is detected: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the right part of the window, select the desired option in the Action on threat detection section.

3.

RUNNING A SCAN UNDER A DIFFERENT USER ACCOUNT
By default, the scan tasks are run under your system account. However, you may need to run a task under a different user account. You can specify an account to be used by the application when performing a scan task. To start a scan under a different user's account: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Vulnerability Scan). Click the Run mode button in the right part of the window. In the window that opens, on the Run mode tab in the User account section, check the Run task as box. Specify the user name and password.

3. 4.

CHANGING THE TYPE OF OBJECTS TO SCAN
When specifying the type of objects to scan, you establish which file formats will be scanned for viruses when the selected scan task runs. When selecting file types, please remember the following: The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation is quite low. However, there are formats that contain or may contain an executable code (such as EXE, DLL, DOC). The risk of penetration and activation of malicious code in such files is quite high. An intruder can send a virus to your computer in an executable file renamed as a TXT file. If you have selected scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the file header and reveal that the file is an EXE file. Such a file would be thoroughly scanned for viruses.

69

USER GUIDE

To change the type of objects to be scanned: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the File types section, select the desired option.

3. 4.

SCANNING OF COMPOUND FILES
A common method of concealing viruses is to embed them into compound files: archives, installation packages, embedded OLE objects, and mail file formats. To detect viruses that are hidden in this way, a compound file should be unpacked, which can significantly decrease scanning speed. For each type of compound file, you can choose to scan either all files or only new ones. To make your selection, click the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed files only mode (see page 70), the links for choosing whether to scan all or only new files will not be available. You can restrict the maximum size of a compound file to be scanned. Compound files larger than the specified value will not be scanned. When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box is checked. To modify the list of compound files to be scanned: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan of compound files section, select the desired types of compound files to be scanned.

3. 4.

To set the maximum size of compound files to be scanned: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan of compound files section, click the Additional button. In the Compound files window that opens, check the Do not unpack large compound files box and specify the maximum file size.

3. 4.

5.

SCAN OPTIMIZATION
You can shorten the scan time and speed up Kaspersky Internet Security. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. This mode applies both to simple and compound files.

70

ADVANCED

APPLICATION SETTINGS

You can also set a restriction on scan duration for any one object. When the specified time interval expires, the object will be excluded from the current scan (except for archives and files comprised of several objects). To scan only new and changed files: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan optimization section, check the Scan only new and changed files box.

3. 4.

To set a restriction on scan duration: 1. 2. Open the application settings window. In the left part of the window, in the Scan section, select the desired task (Full Scan, Critical Areas Scan, or Custom Scan). In the Security level section, click the Settings button for the task selected. In the window that opens, on the Scope tab in the Scan optimization section, check the Skip objects scanned longer than box and specify the scan duration for a single file.

3. 4.

SCANNING REMOVABLE DRIVES ON CONNECTION
Nowadays, malicious objects which use operating systems' vulnerabilities to replicate via networks and removable media have become increasingly widespread. Kaspersky Internet Security allows you to scan removable drives when connecting them to the computer. To configure scanning of removable media on connection: 1. 2. 3. Open the application settings window. In the left part of the window, in the Scan section, select General Settings. In the Scan removable drives on connection section, select the action and define the maximum size of a drive to be scanned in the field below, if necessary.

CREATING A TASK SHORTCUT
The application provides the option of creating shortcuts for the full, quick, and vulnerability scan tasks. This allows you to start the required scan without opening the main application window or a context menu. To create a shortcut to start a scan: 1. 2. 3. Open the application settings window. In the left part of the window, in the Scan section, select General Settings. In the right part of the window, in the Scan tasks quick run section, click the Create shortcut button next to the name of the desired task (Critical Areas Scan, Full Scan, or Vulnerability Scan). Specify the path for saving the shortcut and its name in the window that opens. By default, the shortcut is created with the name of the task in the My Computer folder of the current computer user.

4.

71

USER GUIDE

VULNERABILITY SCAN
Vulnerabilities may appear in the operating system, for example, due to programming errors, insecure passwords, or actions of malicious programs. When performing the vulnerability scan, the application refers to various security procedures, for example, examining the system, analyzing the settings of the operating system and the browser, and searching for vulnerable services. The diagnostics may take some time. When it is complete, detected problems are analyzed from the standpoint of the danger they pose to the system. After the vulnerability scan task is started (see page 48), its run progress is displayed in the Scan window (in the Vulnerability Scan section) and in the Task Manager (see section "Managing scan tasks. Task Manager" on page 72). Information about results of the vulnerability scan task run is recorded in a report of Kaspersky Internet Security (see page 167). As with virus scan tasks, you can set a startup schedule for a vulnerability scan task, create a list of objects to scan (see page 67), specify an account (see section "Running a scan under a different user account" on page 69) and create a shortcut for quick start of the task. By default, the applications already installed on the computer are selected as scan objects.

MANAGING SCAN TASKS. TASK MANAGER
Task Manager displays information about last scan tasks that have been run or that are currently running (for example, virus scan, vulnerability scan, rootkit scan, or advanced disinfection). You can use Task Manager to view the progress and the result of a task run, or stop a task. For some tasks, additional actions are also available (for example, on completion of vulnerability scan, you can open the list of detected vulnerabilities and fix them). To open Task Manager: 1. 2. 3. Open the main application window. In the bottom part of the window, select the Scan section. In the Scan window that opens, click the Manage Tasks button in the top right corner of the window.

UPDATE
Updating the databases and program modules of Kaspersky Internet Security ensures up-to-date protection for your computer. New viruses, Trojans, and other types of malware appear worldwide on a daily basis. Information about threats and ways of neutralizing them is provided by Kaspersky Internet Security databases. For timely detection of new threats, you should update databases and application modules on a regular basis. Regular updates require an active license for application usage. If no license is installed, you can perform an update only once. When performing an update, the application downloads and installs the following objects on your computer: Kaspersky Internet Security databases. Protection of information is ensured by databases containing threat signatures, descriptions of network attacks, and information about how to resist them. Protection components use this information to search for and disinfect dangerous objects on your computer. The databases are supplemented every hour with records of new threats and ways to fight them. Therefore, you are strongly advised to update databases on a regular basis.

72

...................... you may need to adjust the connection settings (see section "Configuring the proxy server" on page 118).......... If the databases are outdated. The main update sources are the Kaspersky Lab update servers.................... Your computer should be connected to the Internet for successful downloading of updates from our servers. the network drivers that enable the application's components to intercept network traffic are updated.. 73 ..... 75 Rolling back the last update ....... the missing portion of the updates will be installed on your computer.................................. By default. During an update..................................................... When updating Kaspersky Internet Security.. This saves Internet traffic................................ IN THIS SECTION: Selecting an update source ................................................ If your current databases and application modules differ from those in the current version of the application............ADVANCED APPLICATION SETTINGS In addition to the Kaspersky Internet Security databases.................................. If you use a proxy server........................................ Information on the update results and events which occurred during the execution of the update task is logged in a Kaspersky Internet Security report (see page 167)............................................. Prior to updating the databases.... 76 SELECTING AN UPDATE SOURCE An update source is a resource containing updates for databases and application modules of Kaspersky Internet Security............. 76 Running updates under a different user account.......... The updates for the application modules fix Kaspersky Internet Security's vulnerabilities and supplement or improve the existing functionality. 76 Using a proxy server ........ Kaspersky Internet Security creates backup copies of them in case you want to return to the previous version of the databases (see section "Rolling back the last update" on page 76)....................................... which may cause additional Internet traffic (up to several dozen MB)............... where database updates and application module updates for all Kaspersky Lab products are stored. Information about the current condition of Kaspersky Internet Security databases is displayed in the Update section of the main application window..... In addition to the Kaspersky Internet Security databases...................................... Application modules.............................................. you can copy database and program module updates received from Kaspersky Lab servers into a local folder (see section "Updating the application from a shared folder" on page 74) and then provide access to other networked computers................................... the application modules and databases on your computer are compared with the up-to-date version at the update source....... you can also update the program modules... the Internet connection settings are determined automatically........ 73 Creating the update startup schedule ...................... You can select an update source (see section "Selecting an update source" on page 73) and configure the automatic update startup............................................. the update package may be large...........................

Open the application settings window. the list of update sources contains only Kaspersky Lab's update servers. select the folder that contains the updates. 74 .kaspersky. 2. Kaspersky Internet Security tries to connect to them one after another. In the window that opens. Click the Update source button in the right part of the window. If several resources are selected as update sources. In the window that opens. please specify whether you also require updates for the application modules. To select the server region: 1. You can select the region manually. It is recommended that you log on under a different account in order to allow copying updates. 2. you can select the optimal server location when downloading updates. in the Update section. in the Update section. In the Select update source window that opens. on the Source tab. Click the Update source button in the right part of the window. 3. on the Source tab in the Regional settings section. In the left part of the window. By default. starting from the top of the list. or enter an address in the Source field to specify the server from which the updates should be downloaded. updates are not copied into the shared folder. The updates received are copied into a shared folder. You can add a local folder or a different server as update source. 3. When logged on under a guest account in Microsoft Windows 7. Open the application settings window. and then select the country nearest to your current location from the dropdown list. Internet access is restricted). one of the networked computers receives an update package from Kaspersky Lab servers or from another web resource that contains the required set of updates. When ordering updates on removable media. Using the closest Kaspersky Lab update server allows you to reduce the time required for receiving updates and increase operation performance speed. 4. select the Update Settings component. ADDING AN UPDATE SOURCE By default. UPDATING THE APPLICATION FROM A SHARED FOLDER To save Internet traffic. and retrieves updates from the first available source. To add an update source: 1. Other networked computers access this folder to receive updates for Kaspersky Internet Security. select the Update Settings component. 5. If you do this. open the selection window by clicking the Add button. Kaspersky Lab servers are located in several countries. SELECTING THE UPDATE SERVER REGION If you use Kaspersky Lab servers as the update source.com/contacts) to request the contact information of Kaspersky Lab partners who can provide you with updates on removable media.USER GUIDE If you do not have access to Kaspersky Lab's update servers (for example. the application uses information about the current region from the operating system's registry. In the left part of the window. select the Select from the list option. 4. you can call the Kaspersky Lab headquarters (http://www. you can configure updates of Kaspersky Internet Security from a shared folder when updating the application on networked computers.

2. In the window that opens. Check the Copy updates to folder box in the Additional section and specify the path to a public folder where all downloaded updates will be copied in the field below. You can also postpone automatic startup of the task after the application is started. select the Update Settings component. 4. select By schedule and check the Run skipped tasks box. 2. Open the application settings window. Open the application settings window.ADVANCED APPLICATION SETTINGS To enable update distribution mode: 1. on the Run mode tab in the Schedule section. 4. Click the Run mode button in the right part of the window. In the window that opens. In the left part of the window. in the Update section. in the Update section. In the left part of the window. Click the Update source button in the right part of the window. start time (if necessary). To configure the update task startup schedule: 1. To download updates for your computer from a specified shared folder: 1. The special Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to start automatic updates when your computer is idle. 3. In the window that opens. On the Source tab uncheck the Kaspersky Lab update servers box. open the selection window by clicking the Add button. In the left part of the window. Click the Run mode button in the right part of the window. 4. 75 . Note that all scheduled tasks will be run only after a specified time interval elapses from the startup of Kaspersky Internet Security. on the Source tab. Open the application settings window. in the Update section. 2. the computer was not on at that time). CREATING THE UPDATE STARTUP SCHEDULE You can create a schedule to automatically start an update task: specify the frequency. 5. select the Update Settings component. select the Update Settings component. and advanced settings. To enable automatic launching of a skipped task: 1. In the Select update source window that opens. Open the application settings window. in the Update section. you can configure the skipped task to start automatically as soon as it becomes possible. 3. In the left part of the window. 6. select a folder or enter the full path to it in the Source field. on the Run mode tab in the Schedule section. You can also select a folder by clicking the Browse button. 2. select the By schedule option and configure the update run mode. select the Update Settings component. If it is not possible to start the task for any reason (for example. 3. 3.

76 . Select the Update section in the lower part of the window. select the Update Settings component. button and select Roll back to the previous databases from RUNNING UPDATES UNDER A DIFFERENT USER ACCOUNT By default. In the event of damage done to Kaspersky Internet Security databases. on the Run mode tab in the Schedule section. Click the Run mode button in the right part of the window. on the Run mode tab in the User account section. select the Update Settings component. Open the application settings window. check the Run task as box. click the the menu that opens. Open the application settings window. from a network folder containing updates) or authorized proxy user credentials. 3. In the left part of the window. 3.USER GUIDE To postpone running a task after application startup: 1. Open the main application window. the option of rolling back to the previous databases becomes available. 2. 2. In the window that opens. You can run Kaspersky Internet Security updates on behalf of a user account that has such rights. The update rollback feature is useful in case a new database version contains an invalid signature that makes Kaspersky Internet Security block a safe application. Click the Run mode button in the right part of the window. In the window that opens. However. In the Update window that opens. Kaspersky Internet Security can update from a source for which you have no access rights (for example. 4. 3. ROLLING BACK THE LAST UPDATE After the first update of Kaspersky Internet Security. it is recommended that you run the update task to download the up-to-date set of databases. select the By schedule option and fill in the Postpone running after application startup for field to specify how long the task run should be postponed. In the left part of the window. in the Update section. 2. To roll back to the previous database version: 1. in the Update section. Specify the user name and password. the update procedure is run under your system account. To start the update under a different user's account: 1. 4.

select the Update Settings component. 4. virus. By default. FILE ANTI-VIRUS File Anti-Virus prevents infection of the computer's file system. Delete if disinfection fails. Suspicious (potentially infected) objects are quarantined. saved. Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. or run on your computer and on all connected drives for viruses and other riskware. in the Update section. and makes a decision on whether the file should be scanned. Open the application settings window. the application displays a notification (see page 172) of the detected threat on the screen and performs the action specified in the File Anti-Virus settings. The file may contain a code sequence typical of viruses and other malware. 2. for suspicious objects – Move to Quarantine.ADVANCED APPLICATION SETTINGS USING A PROXY SERVER If you use a proxy server for Internet connection. you should reconfigure it to allow proper updating of Kaspersky Internet Security. You can also enable heuristic analysis and various scan technologies. the signature analysis – a mode that uses records from application databases to search for threats – is always enabled. File Anti-Virus checks whether iChecker and iSwift databases contain information about this file. You can create a protection scope and set a security level (a collection of settings that determine the scan's thoroughness). After that. The component launches at the startup of the operating system. Click the Update source button in the right part of the window. 3. Trojan). You can change the action (see page 81) that the application should perform if a threat is detected. Configure the proxy server settings in the Proxy server settings window that opens. Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists. To configure the proxy server: 1. You can enable automatic scanning of quarantined objects after each update. Before attempting to disinfect or delete an infected object. In the window that opens. Kaspersky Internet Security assigns one of the following statuses to the file: Status designating the type of the malicious program detected (for example. If you are working in automatic mode (see section "Selecting a protection mode" on page 64). this action is Disinfect. or the modified code of a known virus. 77 . remains in the RAM of the computer. click the Proxy server button. and scans all files opened. If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on page 64). when dangerous objects are detected. 5. on the Source tab. For malicious objects. In the left part of the window. the application displays a notification on the screen that you can use to select the required action the list of available ones. If a threat is detected in a file. When the user or a program attempts to access a protected file.

...................... 3........................ running in a mode recommended by Kaspersky Lab specialists.. select the File Anti-Virus component..........................................................kaspersky...... 81 Selecting file scan technology .......... AUTOMATICALLY PAUSING FILE ANTI-VIRUS When doing resource-intensive work............ To reduce workload and ensure quick access to objects.............................................................................. 83 ENABLING AND DISABLING FILE ANTI-VIRUS By default.............................................................USER GUIDE IN THIS SECTION: Enabling and disabling File Anti-Virus ...................... Open the application settings window................................com)........................................... please contact Kaspersky Lab Technical Support Service (http://support............................. in the Protection Center section.............. 2.......................... 2.... In the left part of the window... 82 Optimizing file scan ............................................ 81 Scan of compound files by File Anti-Virus ....................................... 79 Changing and restoring the file security level ......... 78 Automatically pausing File Anti-Virus . 78 ........................................... To pause the component at a specified time: 1..................... 81 Changing the action to take on infected files ...... Pausing File Anti-Virus in case of a conflict with some applications is an emergency measure.................... The support specialists will help you resolve the simultaneous operation of Kaspersky Internet Security with other applications on your computer.................................................. To disable File Anti-Virus: 1....................... Open the application settings window...................................................................................................................................................................... 3......................................... In the left part of the window.................. select the File Anti-Virus component................. You can disable File Anti-Virus if necessary........................................................................................ you can pause File Anti-Virus.................................................... In the Security level section in the right part of the window click the Settings button.. File Anti-Virus is enabled.......... In the right part of the window.... 78 Creating the protection scope of File Anti-Virus .......................................... 80 Using heuristic analysis when working with File Anti-Virus ................. If any conflicts arise when working with the component........... 80 Selecting file scan mode ................................................ you can configure automatic pausing of the component at a specified time or when handling specified programs......... in the Protection Center section.............. uncheck the Enable File Anti-Virus box............................

In the left part of the window. 3. File Anti-Virus will analyze the file header and reveal that the file is an EXE file. 5. In the window that opens. create a list of applications which pause the component when running. DLL. When selecting type of files to be scanned. DOC). The risk of penetration and activation of malicious code in such files is quite high. click the Add link. In the Applications window. perform one of the following actions: If you want to add a new object to the list of objects to be scanned. In the Security level section in the right part of the window click the Settings button. If you have selected scanning files by extension. If you want to scan files with extensions that are the most vulnerable to infection. you should note that: The probability of malicious code penetrating some file formats (such as TXT) and its subsequent activation is quite low. In the left part of the window. To create the protection scope: 1. on the General tab. By default. check the At application startup box and click the Select button. 4. 5. A hacker may send a virus or other riskware to your computer within an executable file renamed as one with the TXT extension. on the Additional tab in the Pause task section. 4. such a file is skipped by the scan. check the By schedule box and click the Schedule button. regardless of the extension. in the Protection Center section. select the File Anti-Virus component. select one from the list and click the Edit link. In the Protection scope list. 2. select the File Anti-Virus component. Open the application settings window. then. select Files scanned by extension. CREATING THE PROTECTION SCOPE OF FILE ANTI-VIRUS The protection scope implies the location and type of files being scanned. in the Protection Center section. In the window that opens. In the window that opens. 5. Open the application settings window. Kaspersky Internet Security scans only potentially infectable files stored on any hard drive.ADVANCED APPLICATION SETTINGS 4. 79 . 2. Click the Settings button in the right part of the window. select Files scanned by format. specify the type of files that you want to be scanned by File Anti-Virus: If you want to scan all files. select All files. However. In the Pause task window. Such file is thoroughly scanned for viruses and other riskware. If you want to change an object's location. If you want to scan files of formats that are the most vulnerable to infection. To pause the component when running specified applications: 1. in the File types section. network drive or removable media. 3. specify the time (in 24-hour hh:mm format) for which protection will be paused (the Pause task at and Resume task at fields). on the Additional tab in the Pause task section. there are formats that contain or may contain an executable code (such as EXE. If scanning of files by format is selected.

when working with a Microsoft Office document. select the File Anti-Virus component. 2. in the Security level section. edit the path to one in the Object field in the Select object to scan window and click the OK button. In the left part of the window. To restore the default file security level: 1. 8. in the Protection Center section. repeat steps 6 – 7 to add. though it is excluded from the scan by File Anti-Virus. To exclude an object from the list of objects to be scanned. Intermediate operations that overwrite the file do not cause it to be scanned. SELECTING FILE SCAN MODE A scan mode means a condition. CHANGING AND RESTORING THE FILE SECURITY LEVEL Depending on your current needs. set the desired security level. Kaspersky Internet Security scans the file when it is first opened and last closed. If you want to delete an object from the list of objects to be scanned. and grouped in the Recommended security level. under which File Anti-Virus starts scanning files. or click the Settings button to modify the settings manually. or delete objects from the list of objects to be scanned. the object remains on the list of objects to be scanned.USER GUIDE The Select object to scan window opens. When configuring File Anti-Virus. you can always restore the recommended values. By default. uncheck the box next to one in the Protection scope list. select the File Anti-Virus component. However. 3. 6. If you modify the settings manually. 7. In the right part of the window. Click the Default level button in the Security level section in the right part of the window. In the left part of the window. Open the application settings window. and on the type of those files. These settings are considered optimal. 2. If you want to change an object's location. in the Protection Center section. Kaspersky Internet Security runs in smart mode. For example. click the Yes button in the deletion confirmation window. select one in the Select object to scan window and click the OK button. Open the application settings window. To change the file security level: 1. If you want to delete an object from the list of objects to be scanned. relocate. 3. When running in this file scan mode. File Anti-Virus makes decisions on file scan based on the analysis of actions that the user takes on files. Perform one of the following actions: If you want to add a new object to the list of objects to be scanned. If necessary. recommended by Kaspersky Lab. The deletion confirmation window opens. you can select one of the preset file/memory security levels or configure File AntiVirus on your own. 80 . select one from the list and click the Delete link. the name of the security level will change to Custom.

2. you can use heuristic analysis (i. on the Additional tab in the Scan technologies section. with which you have to work with the majority of time. When selecting scan mode. select the File Anti-Virus component. select the desired option in the Action on threat detection section. select the File Anti-Virus component. 3.e. 3. In the right part of the window. In the window that opens. signature analysis is always used: Kaspersky Internet Security compares the object found with the database records. 3. 2. in the Protection Center section. the application performs the selected action. analysis of activity that an object performs in the system). In the left part of the window. in the Protection Center section. 4. 81 . In the window that opens. In the window that opens. on the Additional tab in the Scan mode section. This analysis makes it possible to detect new malicious objects which are not yet described in the databases.. in the Protection Center section. select the desired values. In the Security level section in the right part of the window click the Settings button. In the left part of the window. USING HEURISTIC ANALYSIS WHEN WORKING WITH FILE ANTI-VIRUS During File Anti-Virus operation. 2.ADVANCED APPLICATION SETTINGS To change the files scan mode: 1. you can involve specific technologies that allow optimizing the file scan performance due to excluding files from scan if they have not been modified since the last scan. on the Performance tab in the Scan methods section. 3. 2. CHANGING THE ACTION TO TAKE ON INFECTED FILES If infected objects are detected. In the Security level section in the right part of the window click the Settings button. To specify the object scan technologies: 1. In the left part of the window. select the desired mode. To change the action that should be taken on infected objects: 1. In the Security level section in the right part of the window click the Settings button. To improve protection efficiency. in the Protection Center section. In the left part of the window. select the File Anti-Virus component. you should take account of the types of files. Open the application settings window. select the File Anti-Virus component. Open the application settings window. To enable heuristic analysis: 1. 4. check the Heuristic Analysis box and specify the detail level for the scan. Open the application settings window. SELECTING FILE SCAN TECHNOLOGY In addition to the heuristic analysis. Open the application settings window. 4.

click the Additional button. a compound file should be unpacked. In the left part of the window. click the Additional button. 5. they will be scanned even if the Do not unpack large compound files box is checked. To set the maximum size of compound files to be scanned: 1. select the File Anti-Virus component. the links for choosing whether to scan all or only new files will not be available.USER GUIDE SCAN OF COMPOUND FILES BY FILE ANTI-VIRUS A common method of concealing viruses is to embed them into compound files: archives. In the Compound files window. Open the application settings window. 5. By default. embedded OLE objects. and mail file formats. the application will notify you about it. which can significantly decrease scanning speed. In the left part of the window. you can choose to scan either all files or only new ones. on the Performance tab in the Scan of compound files section. If you select the scan new and changed files only mode. in the Protection Center section. their preliminary unpacking may take a long time. 3. In the window that opens. This period can be reduced by enabling unpacking of compound files in background mode if they exceed the specified file size. check the Extract compound files in the background box and specify the minimum file size. click the link next to the name of the object. In the Security level section in the right part of the window click the Settings button. on the Performance tab in the Scan of compound files section. Open the application settings window. 4. You can restrict the maximum size of a compound file to be scanned. When large files are extracted from archives. in the Protection Center section. To make your selection. To detect viruses that are hidden in this way. In the Security level section in the right part of the window click the Settings button. In the window that opens. It changes its value when you left-click it. If a malicious object is detected while working with such a file. 2. In the Security level section in the right part of the window click the Settings button. select the File Anti-Virus component. In the left part of the window. 4. on the Performance tab in the Scan of compound files section. 3. 2. check the Do not unpack large compound files box and specify the maximum file size. When large compound files are scanned. For each type of compound file. Open the application settings window. In the window that opens. installation packages. Kaspersky Internet Security scans only embedded OLE objects. 4. select the File Anti-Virus component. 3. To unpack large compound files in background mode: 1. in the Protection Center section. Compound files larger than the specified value will not be scanned. In the Compound files window. To modify the list of compound files to be scanned: 1. 82 . 2. select the desired type of compound files to be scanned.

which looks like whenever an email message is being scanned. You can enable automatic scanning of quarantined objects after each update. If no threats are detected in an email message. The indicator of the component's operation is the application icon in the taskbar notification area. as well as over secure connections (SSL) via POP3 and IMAP (see section "Encrypted connections scan" on page 116). If dangerous objects are detected when working in interactive mode (see section "Selecting a protection mode" on page 64). displays a notification (see page 172) of the detected threat on the screen. You can specify the types of messages which should be scanned and select the security level (see page 85) (configuration settings affecting the scan intensity). By default. The file may contain a code sequence typical of viruses and other malware. Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. this action is Disinfect. Furthermore. In addition. 83 . Mail Anti-Virus intercepts and scans each email message received or sent by the user. After that. check the Scan only new and changed files box. Potentially infected (suspicious) status if the scan cannot determine whether the file is infected or not. If you are working in automatic mode (see section "Selecting a protection mode" on page 64). 2. and performs the action specified in the settings of Mail Anti-Virus. For malicious objects. which allows automatic renaming or deletion of specified file types. You can change the actions to be taken when a threat is detected (see section "Changing the action to take on infected email messages" on page 86). This mode applies both to simple and compound files. for suspicious objects – Move to Quarantine. 3. the signature analysis – a mode that uses records from application databases to search for threats – is always enabled. Kaspersky Internet Security assigns one of the following statuses to the file: Status designating the type of the malicious program detected (for example. in the Protection Center section. Suspicious (potentially infected) objects are quarantined. 4. you can enable heuristic analysis. the application blocks the email message. select the File Anti-Virus component. Kaspersky Internet Security automatically applies the actions recommended by Kaspersky Lab specialists.ADVANCED APPLICATION SETTINGS OPTIMIZING FILE SCAN You can shorten the scan time and speed up Kaspersky Internet Security. Trojan). In the left part of the window. it becomes available for the user. MAIL ANTI-VIRUS Mail Anti-Virus scans incoming and outgoing messages for malicious objects. on the Performance tab in the Scan optimization section. In the window that opens. MAPI and NNTP protocols. Click the Settings button in the right part of the window. you can enable filtering of attachments (see page 86). It starts when the operating system launches and runs continually. virus. when dangerous objects are detected. IMAP. Before attempting to disinfect or delete an infected object. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. Delete if disinfection fails. To scan only new and changed files: 1. scanning all email messages sent or received via the POP3. SMTP. or the modified code of a known virus. If a threat is detected in a file. Open the application settings window. the application displays a notification on the screen that you can use to select the required action the list of available ones.

....... and Incredimail......USER GUIDE If disinfection is successful....................... 86 Scan of compound files by Mail Anti-Virus ... If you use The Bat!...... and scans traffic of POP3.................... 84 ..... 86 Filtering attachments in email messages ... 87 Email scanning in The Bat!................ In the left part of the window... Kaspersky Internet Security is integrated into Microsoft Office Outlook and The Bat!..................................... running in a mode recommended by Kaspersky Lab specialists... Mail Anti-Virus is enabled............. By default................ CREATING THE PROTECTION SCOPE OF MAIL ANTI-VIRUS Protection scope comprises a type of email messages to be scanned...................... When working with other widespread mail clients........ 3....................................................... At that........................... in the Protection Center section.. Note that when working with the Thunderbird mail client.. 2............ Mail Anti-Virus expands the subject of the email message by adding text that notifies the user that this email message has been processed by Kaspersky Internet Security.......... SMTP........... If the disinfection fails... 85 Using heuristic analysis when working with Mail Anti-Virus.... protocols with traffic scanned by Kaspersky Internet Security............................... email messages transferred via IMAP will not be scanned for viruses if any filters moving messages from the Inbox folder are used....................................... You can disable Mail Anti-Virus if necessary...... the email message becomes available....... select the Mail Anti-Virus component.............. including Microsoft Outlook Express/Windows Mail......................................... To disable Mail Anti-Virus: 1.............................. 87 ENABLING AND DISABLING MAIL ANTI-VIRUS By default. and settings for integration of Mail Anti-Virus into the system.................. the infected object is deleted from the email message.................. In the right part of the window................................................. and NNTP protocols........................................................ 87 Email scanning in Microsoft Office Outlook ... IN THIS SECTION: Enabling and disabling Mail Anti-Virus .......... Eudora............................................. IMAP................................ scans both incoming and outgoing email messages.............................................. the email traffic processing rules are configured directly in The Bat! and have a higher priority than the mail protection settings of Kaspersky Internet Security............................. 86 Changing the action to take on infected email messages ........... Mail Anti-Virus scans email on the SMTP.... uncheck the Enable Mail Anti-Virus box..................... 84 Creating the protection scope of Mail Anti-Virus ................................ An integrated plug-in is provided for Microsoft Office Outlook that allows you to fine-tune the email client........... POP3.................................................................... Mozilla Thunderbird..... NNTP and IMAP email protocols............................................................................... Open the application settings window.................................... 84 Changing and restoring the email security level .... Kaspersky Internet Security can be used in conjunction with other anti-virus applications.........

in the Protection Center section. select the desired settings. Open the application settings window. When configuring Mail Anti-Virus. Open the application settings window. you can select one of the preset email security levels or configure Mail Anti-Virus on your own. select the Mail Anti-Virus component. Open the application settings window. you can always restore the recommended values. in the Protection Center section. In the left part of the window. 3. recommended by Kaspersky Lab. To select the protocols to scan and the settings for integrating Mail Anti-Virus into the system: 1. it is sufficient to select a different security level. 4. 2. set the desired security level. in the Protection Center section. Click the Settings button in the right part of the window. These settings are considered optimal. In the left part of the window. 4. In the left part of the window. in the Protection Center section. 3.ADVANCED APPLICATION SETTINGS To disable scanning of outgoing emails: 1. In the window that opens. 3. the name of the security level will change to Custom. on the Additional tab in the Connectivity section. 2. Scanning outgoing mail allows you to avoid problems occurring due to uncontrolled sending of email messages from your computer. In most cases. 3. To restore the default mail protection settings: 1. In the left part of the window. Open the application settings window. If you have selected scanning incoming messages only. Click the Settings button in the right part of the window. Kaspersky Lab advises you not to configure Mail Anti-Virus settings on your own. In the right part of the window. it is recommended that you scan outgoing mail when first running Kaspersky Internet Security. CHANGING AND RESTORING THE EMAIL SECURITY LEVEL Depending on your current needs. If you modify the settings manually. 2. Use the General tab in the Protection scope section of the displayed window to select the Incoming messages only option. To change the current email security level: 1. and grouped in the Recommended security level. select the Mail Anti-Virus component. select the Mail Anti-Virus component. 85 . in the Security level section. Click the Default level button in the Security level section in the right part of the window. or click the Settings button to modify the settings manually. 2. select the Mail Anti-Virus component. since your computer may be infected with email worms that use your email to breed and spread.

86 . click the Add link to open the Input file name mask window and enter the required information. You can configure filtering by type of attachments in email messages. select the Mail Anti-Virus component.e. in the Protection Center section. in the Protection Center section. 3. check the Heuristic Analysis box and specify the detail level for the scan. select the Mail Anti-Virus component. Open the application settings window. the application performs the selected action. In the left part of the window.. Open the application settings window. Click the Settings button in the right part of the window. 3. To change the action that should be taken on infected email messages: 1. you can use heuristic analysis (i. When you select either of the last two modes. the list of file types (extensions) will be enabled. 3. in the Protection Center section. on the General tab in the Scan methods section. In the window that opens. To configure filtering of attachments: 1. Open the application settings window. In the Security level section in the right part of the window click the Settings button. To add a mask of a new type to the list. CHANGING THE ACTION TO TAKE ON INFECTED EMAIL MESSAGES If infected objects are detected. 2. select the Mail Anti-Virus component. To enable heuristic analysis: 1. This analysis makes it possible to detect new malicious objects which are not yet described in the databases. signature analysis is always used: Kaspersky Internet Security compares the object found with the database records. 4. select the desired option in the Action on threat detection section. 2. there you can select the desired types or add a new type mask. To improve protection efficiency. Use the Attachment filter tab of the displayed window to select the filtering mode for attachments. In the right part of the window. analysis of activity that an object performs in the system).USER GUIDE USING HEURISTIC ANALYSIS WHEN WORKING WITH MAIL ANTI-VIRUS During Mail Anti-Virus operation. 2. In the left part of the window. 4. FILTERING ATTACHMENTS IN EMAIL MESSAGES Malicious programs may spread via email as attachments in email messages. which allows the renaming or deleting files of specified types automatically. In the left part of the window.

and determine when email messages should be scanned for viruses and other riskware. and limit the maximum size of compound files to be scanned. 87 . embedded OLE objects. Open the main Microsoft Office Outlook window. Select Tools Options from the application menu. 3. Note that incoming email messages are first scanned by Mail Anti-Virus and only then by the plug-in for The Bat!. select the Mail Anti-Virus component. In the left part of the window. and mail file formats. If a malicious object is detected. they are first scanned by the plug-in and then by Mail Anti-Virus. 2. If you select the Disinfect (Delete) action in the Mail Anti-Virus notification window. 4. in the Protection Center section.ADVANCED APPLICATION SETTINGS SCAN OF COMPOUND FILES BY MAIL ANTI-VIRUS A common method of concealing viruses is to embed them into compound files: archives. a special plug-in is integrated into Microsoft Office Outlook. To detect viruses that are hidden in this way. or sending a message. It allows you to quickly switch to configuration of Mail Anti-Virus from Microsoft Office Outlook. Open the application settings window. EMAIL SCANNING IN THE BAT! Actions with regard to infected email objects in The Bat! are defined using the application's own tools. which can significantly decrease scanning speed. In the Settings window that opens. it is not recommended that you disable the scanning of compound files. The email protection settings extend to all the anti-virus components installed on the computer that support working with the Bat!. The only thing that The Bat! takes into account is the scanning of attached archives. Click the Settings button in the right part of the window. and which exclusions should apply are ignored. To configure the scanning of compound files: 1. Kaspersky Internet Security immediately notifies you of this. actions aimed at eliminating the threat are performed by Mail Anti-Virus. If you select the Ignore option in the notification window. installation packages. whether this should be done when receiving. 3. To switch to the email scan settings in Microsoft Office Outlook: 1. 2. a compound file should be unpacked. select the Email protection tab. the object will be disinfected by the plug-in for The Bat!. You can enable or disable scanning of compound files. opening. If your computer is not protected by any local network software (you access the Internet directly without a proxy server or a firewall). which actions should be performed in regard to dangerous objects in email. EMAIL SCANNING IN MICROSOFT OFFICE OUTLOOK While installing Kaspersky Internet Security. When sending email messages. Use the General tab in the window that opens to define the necessary settings. Mail Anti-Virus settings which determine whether incoming and outgoing messages should be scanned. Configuration of Mail Anti-Virus from Microsoft Office Outlook is available if this option is selected in the protection scope settings of Mail Anti-Virus.

and prevents hazardous scripts from being run on your computer. select Settings. HTTPS and FTP protocols. Web Anti-Virus scans web traffic with regard for a specific collection of settings named security level. it will perform the prescribed action. The Bat! places all infected email objects in Quarantine without attempting to disinfect them. you endanger information stored on your computer. They may penetrate your computer when you download free applications or view information on websites that had been attacked by hackers before you have visited them. A list of monitored ports that are most commonly used for data transfer. Malicious objects are detected using both Kaspersky Internet Security databases and a heuristic algorithm. the dangerous object in the message is deleted regardless of whether it is infected or suspected to be infected. To configure email scanning in The Bat! you must define the following criteria: which mail stream (incoming. network worms may penetrate into your computer even before you open a web page or download a file. Select the Virus protection object from the settings tree. Delete infected parts – if this option is selected. If Web Anti-Virus detects a threat. Email messages that contain dangerous objects are not marked with the special subject add-on when scanned by the plug-in for The Bat!. what actions are to be performed by the mail client if dangerous objects are detected in email messages. In most cases. 2. Moreover. the object remains in the message. if it cannot be disinfected. the attempt is made to disinfect the infected object. 3. when mail objects should be scanned (when opening a message. is included in the Kaspersky Internet Security distribution kit. In the Properties menu. Open the main window of the The Bat!. just at the moment your computer establishes an Internet connection. by exposing it to a risk of being infected with viruses and other malware. it is sufficient to select an appropriate security level. you should add them to the list of monitored ports (see section "Creating a list of monitored ports" on page 119) to ensure protection of web traffic transferred via them. 88 . Web Anti-Virus only monitors web traffic transferred via ports specified on the list of monitored ports. Kaspersky Lab advises you not to configure Web Anti-Virus settings on your own. If you use ports that are not included in the list of monitored ports. Web Anti-Virus protects information received by your computer and sent from it over HTTP. To switch to the email scan settings in The Bat!: 1. WEB ANTI-VIRUS Each time you work on the Internet. By default. before saving to disk).USER GUIDE The settings of Mail Anti-Virus are available from The Bat! if this option is selected in the protection scope settings of Mail Anti-Virus. outgoing) should be scanned. For example. you can select: Attempt to disinfect infected parts – if this option is selected.

.............. 94 Controlling access to regional domains ...........................ADVANCED APPLICATION SETTINGS Web traffic scan algorithm Each web page or file that is accessed by the user or an application via the HTTP......................... if necessary................................... If the file or web page does not contain malicious code.............................. 94 Controlling access to online banking services .................... Web Anti-Virus is enabled...... select the Web Anti-Virus component............... In the left part of the window........................................................ 94 Creating a list of trusted addresses .............................. 95 ENABLING AND DISABLING WEB ANTI-VIRUS By default.................................................................... 93 Scan optimization ...................................................... access to it is blocked........... A notification is displayed that the requested file or web page is infected............ uncheck the Enable Web Anti-Virus box.................... Open the application settings window.................................................... To disable Web Anti-Virus: 1....... If no malicious code is discovered in the script................... You can disable Web Anti-Virus............................... 90 Using heuristic analysis when working with Web Anti-Virus ........... Web Anti-Virus intercepts only scripts based on the Microsoft Windows Script Host functionality........................ 89 Changing and restoring the web traffic security level ........................................................... In the right part of the window........... Web Anti-Virus blocks it and displays a notification on the screen.................................................... running in a mode recommended by Kaspersky Lab specialists.................................................... it is run............ 3...... Script scan algorithm Each script run is intercepted by Web Anti-Virus and is analyzed for malicious code: If a script contains malicious code...................................................... the program immediately grants the user access to it............... 93 Blocking dangerous scripts ............. 2...................................................... HTTPS..................................... 90 Changing the action to take on dangerous objects from web traffic ......... 90 Checking URLs on web pages ......................................... or FTP protocols is intercepted and scanned for malicious code by Web Anti-Virus: If a web page or a file accessed by the user contains malicious code......................................................................... 89 ............ IN THIS SECTION: Enabling and disabling Web Anti-Virus ......................................................................... in the Protection Center section..................................................................................

set the desired security level. You cannot change the action to be taken on a dangerous script. 2. but also from other sources. the number of a banking card or the login and the password of an online banking account. select the Web Anti-Virus component. all your actions on the site are tracked and can be used to steal your money. recommended by Kaspersky Lab. CHANGING THE ACTION TO TAKE ON DANGEROUS OBJECTS FROM WEB TRAFFIC If infected objects are detected. as a letter from your bank with a link to its official website. for example. select the desired option in the Action on threat detection section. In the right part of the window. In the right part of the window. If you modify the settings manually. as a rule. In the left part of the window. Phishing attacks are. The email message convinces the reader to click the URL and enter private information in the window that opens. Web Anti-Virus monitors attempts to access a phishing web site on the level of web traffic and blocks access to such locations. such as ICQ messages.USER GUIDE CHANGING AND RESTORING THE WEB TRAFFIC SECURITY LEVEL Depending on your current needs. the name of the security level will change to Custom. select the Web Anti-Virus component. or click the Settings button to modify the settings manually. you can always restore the recommended values. Web Anti-Virus always blocks actions by dangerous scripts and displays messages that inform the user of the action taken. you can select one of the preset web traffic security levels or configure Web Anti-Virus on your own. Open the application settings window. To change the web traffic security level: 1. the application performs the selected action. Open the application settings window. all you can do is disable script scan (see section "Blocking dangerous scripts" on page 93). and grouped in the Recommended security level. 2. 3. From this point forward. Click the Default level button in the Security level section in the right part of the window. in the Protection Center section. A phishing attack can be disguised. Since links to phishing web sites may be received not only in email. in the Security level section. for example. To restore the default web traffic security level: 1. in the Protection Center section. 3. 90 . CHECKING URLS ON WEB PAGES Scanning web pages for phishing allows you to prevent phishing attacks. In the left part of the window. In the left part of the window. 2. Open the application settings window. To change the action to be performed with regard to detected objects: 1. even though you are on a counterfeit site. email messages from alleged financial organizations that contain URLs to websites of such organizations. in the Protection Center section. These settings are considered optimal. select the Web Anti-Virus component. By clicking the link. 3. When configuring Web Anti-Virus. you go to an exact copy of the bank's website and can even see the bank site's address in the browser.

.... check the Check URLs box.... In the left part of the window................... In the Checked URLs window that opens........ check URLs on all websites except those included in the list of exclusions. select the Web Anti-Virus component......... 4.......... The Web Anti-Virus window opens........ create a list of websites that do not need any check of URLs on them...... Select the websites on which the links need to be scanned: a............. which is available from your web browser........ and Google Chrome as a plug-in.... on which all URLs should be checked: 1... 92 ENABLING AND DISABLING THE CHECKING OF URLS To enable URL checks using the databases of suspicious web addresses and phishing addresses: 1............... 2. on which all URLs should be checked.... The Web Anti-Virus window opens...... On the Safe Surf tab.. If you want to check URLs on all websites except those specified.............. In the left part of the window........... check the Check if URLs are listed in the database of suspicious URLs and Check web pages for phishing boxes................ Click the Settings button in the right part of the window....... Kaspersky URL Advisor checks all URLs on a web page to find out if they are included in the list of suspicious URLs........................ heuristic analysis (see page 93) can also be used for scanning web pages for phishing.... Mozilla Firefox..... IN THIS SECTION: Enabling and disabling the checking of URLs ...... create a list of websites to be checked. in the Kaspersky URL Advisor section..... 5.......... You can create a list of websites. 2...... 3... Not only can you configure Kaspersky URL Advisor in the application settings window. Open the application settings window....... but also in the Kaspersky URL Advisor settings window..................... If you want to create a list of websites.... or specify categories of websites with URLs that should be checked..... b. highlighting each one in the browser window.. on which all URLs should be checked... USING KASPERSKY URL ADVISOR Kaspersky URL Advisor is integrated into Microsoft Internet Explorer....... in the Protection Center section.......... 91 Blocking access to dangerous websites ....... 4. To specify websites. select All but the exclusions and click the Exclusions button..... It also checks them for phishing........ Open the application settings window.............. check URLs in search results only............ Click the Settings button in the right part of the window.. in the Protection Center section.. 6.................. in the Kaspersky URL Advisor section.........ADVANCED APPLICATION SETTINGS In addition to Kaspersky Internet Security databases. 91 ...................... On the General tab......... 91 Using Kaspersky URL Advisor ..... select Only websites from the list and click the Specify button... 3.. In the Exclusions window that opens... select the Web Anti-Virus component.....

In the Kaspersky URL Advisor settings window that opens. 3. check the boxes next to categories of websites with URLs that should be checked. 2. 3. On the Safe Surf tab. 7. In the left part of the window. In the Kaspersky URL Advisor settings window that opens. in the Protection Center section. in the Kaspersky URL Advisor section. Open the application settings window. In the list of categories. Open the application settings window. in the Blocking Dangerous Websites section. check the Show information on the categories of websites content box. The Web Anti-Virus window opens. Click the Settings button in the right part of the window. select the Web Anti-Virus component. 4. Click the Settings button in the right part of the window. in the Protection Center section. 4. The Web Anti-Virus window opens. in the Protection Center section. 3. In the left part of the window.USER GUIDE To check URLs in search results only: 1. To open the Kaspersky URL Advisor settings window from your web browser. 5. In the left part of the window. 6. select Only URLs in search results. The Web Anti-Virus window opens. 2. 2. To block access to dangerous websites: 1. click the button with the Kaspersky Internet Security icon in the browser toolbar. check the Check URLs box and click the Settings button. check the Check URLs box and click the Settings button. select the Web Anti-Virus component. select the Web Anti-Virus component. On the Safe Surf tab. BLOCKING ACCESS TO DANGEROUS WEBSITES You can block access to websites which have been deemed suspicious or phishing sites by Kaspersky URL Advisor (see section "Using Kaspersky URL Advisor" on page 91). 4. Click the Settings button in the right part of the window. 5. 92 . in the Websites categories section. To select categories of websites with URLs that should be checked: 1. 6. check the Block dangerous websites box. in the Check mode section. On the Safe Surf tab. Open the application settings window. in the Kaspersky URL Advisor section.

On the General tab. Click the Settings button in the right part of the window. In the left part of the window. it will be blocked. select the Web Anti-Virus component.e. If a script presents a threat to your computer. 5. in the Protection Center section.. In the left part of the window. 2. etc.ADVANCED APPLICATION SETTINGS USING HEURISTIC ANALYSIS WHEN WORKING WITH WEB ANTI-VIRUS To improve protection efficiency. 93 . select the Web Anti-Virus component. 3. 2. To disable blocking of dangerous scripts: 1. JavaScript. Open the application settings window. 3. 4. 3. In the Anti-Phishing settings window that opens. The Web Anti-Virus window opens. click the Additional button. 4. The Web Anti-Virus window opens. check the Use Heuristic Analysis box and set a scan detail level. Open the application settings window. select the Web Anti-Virus component. BLOCKING DANGEROUS SCRIPTS Web Anti-Virus scans all scripts processed in Microsoft Internet Explorer. analysis of activity that an object performs in the system). Visual Basic Script. you can use heuristic analysis (i. To enable the heuristic analysis for checking web pages for phishing: 1. On the General tab in the Heuristic Analysis section. This analysis makes it possible to detect new malicious objects which are not yet described in the databases. On the General tab in the Additional section uncheck the Block dangerous scripts in Microsoft Internet Explorer box. in the Protection Center section. you can separately enable the heuristic analysis for scanning web traffic and for checking web pages for phishing. When Web Anti-Virus is running. Click the Settings button in the right part of the window. check the Use Heuristic Analysis to check web pages for phishing box and set a scan detail level. as well as any other WSH scripts (for example. 4. Click the Settings button in the right part of the window. in the Kaspersky URL Advisor section. To enable the heuristic analysis for scanning web traffic: 1. Open the application settings window. The Web Anti-Virus window opens. in the Protection Center section. 2.) launched when you are working on the computer. In the left part of the window.

select the Web Anti-Virus component. On the Geo Filter tab. To set or remove a time limit for fragment buffering: 1. Web Anti-Virus uses the caching of fragments of objects coming from the Internet. You can solve this problem using the option of limiting the caching of fragments of objects coming from the Internet. though it may slow down access to objects. Caching can cause problems when downloading or processing large objects. check the Limit traffic caching time to 1 sec to optimize scan box. 3. 94 . 4. By default. Lifting restrictions on the duration of web traffic caching leads to improved efficiency of virus scans. CONTROLLING ACCESS TO REGIONAL DOMAINS Depending on your choice. as the connection with the HTTP client may time out. The caching increases the amount of time required to process objects and pass it to the user for further operations. The Internet security level is not reduced. in the Additional section. select the Web Anti-Virus component. Using the caching. In the left part of the window. On the General tab. Open the application settings window. for example. check the Enable filtering by regional domains box and specify in the list of controlled domains below which domains should be allowed or blocked.USER GUIDE SCAN OPTIMIZATION To improve efficiency of detection of malicious code. 4. The Web Anti-Virus window opens. in the Protection Center section. This allows you. To allow or block access to websites which belong to specified domains: 1. Web Anti-Virus in Geo Filter mode can block or allow access to websites on the grounds of their belonging to regional web domains. This allows us to reduce the amount of time required to pass objects to the user and solving the problem with connection losses. Click the Settings button in the right part of the window. 3. 2. Requesting permission for access is set for other domains by default. When copying is complete. access is allowed for regional domains that match your location. Upon expiration of a certain time interval. in the Protection Center section. and for which ones the application should request permission for access using a notification (see section "Request for permission to access a website from a regional domain" on page 197). the object will be scanned entirely. In the left part of the window. Web Anti-Virus scans objects only after they are received on the computer in their entirety. each fragment of an object is passed to the user unscanned. 2. The Web Anti-Virus window opens. Open the application settings window. Click the Settings button in the right part of the window. to block access to websites which belong to regional domains with a high risk of infection.

select the Web Anti-Virus component. in the Protection Center section. You will be prompted to start the Certificate Installation Wizard that you can use to install a Kaspersky Lab certificate for scanning encrypted connections. The Address mask (URL) window will open.ADVANCED APPLICATION SETTINGS CONTROLLING ACCESS TO ONLINE BANKING SERVICES When working with online banking. 5. The Web Anti-Virus window opens. 4. If necessary. Create a list of websites / web pages with content that you trust. A new record appears on the list of trusted URLs. check the Do not scan web traffic from trusted URLs box. Web Anti-Virus can control access to online banking services. To configure control of access to online banking services: 1. you can specify its URL in the list of banking websites. repeat steps from a to c. If necessary. 4. In the left part of the window. in the Protection Center section. create a list of resources that Kaspersky Internet Security should identify as online banking services. b. since leakages of confidential information may lead to financial losses. Open the application settings window. In the left part of the window. Enter the address of a website / web page or the address mask of a website / web page. 3. Open the application settings window. Click the Settings button in the right part of the window. The Web Anti-Virus window opens. select the Web Anti-Virus component. check the Enable control box. your computer needs an especially reliable protection. 95 . To create a list of trusted web addresses: 1. 2. 6. Click the OK button. Click the Add button. Web Anti-Virus automatically determines which web resources are online banking services. thus ensuring safe interaction with them (see section "About Safe Run for Websites" on page 141). c. On the Trusted URLs tab. CREATING A LIST OF TRUSTED ADDRESSES Web Anti-Virus does not scan web traffic for dangerous objects if it comes from trusted URLs. To do this: a. On the Online Banking tab. 2. For guaranteed identification of a web resource as online banking service. 5. Click the Settings button in the right part of the window. 3.

97 ENABLING AND DISABLING IM ANTI-VIRUS By default.... 2............... IM Anti-Virus replaces this message with a warning message for the user............................ IM Anti-Virus is enabled and functions in normal mode.......... uncheck the Enable IM Anti-Virus box........Ru Agent and IRC.... you have to enable encrypted connections scanning (see page 116)................ Files transferred via IM clients are scanned by the File Anti-Virus component (on page 77) when attempts are made to save them........................ such as Yahoo! Messenger and Google Talk.......... AIM........ 96 .............. MSN................. Jabber.... 96 Creating the protection scope of IM Anti-Virus ..... select the IM Anti-Virus component................ If you are sure that messages you send cannot contain any dangerous objects... Kaspersky Internet Security scans both incoming and outgoing messages. In the left part of the window.... Yahoo! Messenger....... Malicious programs use IM clients to send spam messages and links to programs (or the programs themselves) which steal users' ID numbers and passwords... You can select the types of messages to scan and various scanning methods......... Kaspersky Internet Security ensures safe operation of various instant messaging applications.......... By default..................................... To disable IM Anti-Virus: 1........ 96 Checking URLs in messages from IM clients .......... including ICQ.. If threats are detected in a message.... 97 Using heuristic analysis when working with IM Anti-Virus ....... IN THIS SECTION: Enabling and disabling IM Anti-Virus .. Some IM clients....................USER GUIDE IM ANTI-VIRUS IM Anti-Virus scans the traffic of instant messaging clients (so-called Internet pagers).................. in the Protection Center section...................... IM Anti-Virus intercepts messages and scans them for dangerous objects or URLs.. Open the application settings window......... CREATING THE PROTECTION SCOPE OF IM ANTI-VIRUS The protection scope is the type of messages to be scanned........................... You can disable IM Anti-Virus if necessary........................ use encrypted connections........ Google Talk.. In the right part of the window.......... Mail....................... To scan the traffic generated by those programs... IM messages may contain links to suspicious websites and to websites used by hackers to organize phishing attacks.................... you may disable scanning of outgoing traffic..... 3.....

it is highly likely that this program is a worm. Open the application settings window. the sequence of an application's actions arouses suspicion. you can use heuristic analysis (i. in the Protection Center section. any script included in an IM client's message is executed in a protected environment. USING HEURISTIC ANALYSIS WHEN WORKING WITH IM ANTI-VIRUS To improve protection efficiency. 3. 2. 3. select the IM Anti-Virus component. In the right part of the window. the startup folder and the system registry are detected. etc. check the Check if URLs are listed in the database of suspicious URLs and Check if URLs are listed in the database of phishing URLs boxes. 2. As opposed to the Application Control protection component (on page 101). select the IM Anti-Virus component. when actions such as a program copying itself to network resources. CHECKING URLS IN MESSAGES FROM IM CLIENTS To scan messages for suspicious and phishing URLs: 1. preventative technologies recognize a new threat on your computer by the sequence of actions executed by a program.. Activity analysis is applied to all applications running on your computer. In the right part of the window. By default. In the left part of the window. in the Protection Center section. You can turn off monitoring (see page 99) for any hazardous activity or edit its monitoring rules (see page 99). in the Scan methods section. in the Scan methods section. select the Incoming messages only option. In the right part of the window. Unlike responsive technologies.e. Open the application settings window. Kaspersky Internet Security blocks the activity of this application. When using heuristic analysis. If the script's activity is typical of malicious objects. as a result of activity analysis. This analysis makes it possible to detect new malicious objects which are not yet described in the databases. For example. hidden installation of drivers. In the left part of the window. check the Heuristic Analysis box and set the necessary scanning intensity level. in the Protection scope section. Hazardous sequences of actions also include attempts to modify the HOSTS file. 97 . in the Protection Center section. the object is likely to be classed as malicious or suspicious. The functioning of Proactive Defense is based on proactive technologies. In the left part of the window.ADVANCED APPLICATION SETTINGS To disable scanning of outgoing messages: 1. PROACTIVE DEFENSE Proactive Defense protects your computer against new threats which are not yet included in Kaspersky Internet Security databases. 2. heuristic analysis is enabled. Open the application settings window. analysis of activity that an object performs in the system). Proactive technologies allow you to neutralize a new threat before it does any harm to your computer. To enable heuristic analysis: 1. Proactive Defense responds immediately to a defined sequence of an application's actions. 3. If. which analyze code based on records in Kaspersky Internet Security databases. select the IM Anti-Virus component. including those allocated in the Trusted group by the Application Control protection component.

You can create a group of trusted applications exerting activity that should not be controlled by Proactive Defense............. Microsoft Windows Vista.................. To disable Proactive Defense: 1.... 3...USER GUIDE You can create a group of trusted applications (see page 98) for Proactive Defense................................................. check the Applications with digital signature box.... 2... 2. Microsoft Windows Vista x64........ For example................................................ 98 .... Proactive Defense is enabled............. You can disable Proactive Defense if necessary............................. However......... In the right part of the window. This is due to specific features of these operating systems............. control will not apply fully to the sending of data through trusted applications and suspicious system activities......... Open the application settings window.... perform the following actions: If you want applications with verified digital signatures to be included in the group of trusted applications...... 3. In the left part of the window.................. in the Trusted applications section..... You will not be notified of the activities of these applications.............. uncheck the Enable Proactive Defense box. If your computer runs under Microsoft Windows XP Professional x64 Edition...... in the Protection Center section.. in the Protection Center section.... 99 Changing the action to be taken on applications' dangerous activity ... By default...... To change the settings of the trusted applications group: 1.............. CREATING A GROUP OF TRUSTED APPLICATIONS Programs recognized by the Application Control protection component as Trusted pose no threat for the system...... IN THIS SECTION: Enabling and disabling Proactive Defense . If you want applications trusted by the Kaspersky Security Network database to be included in the group of trusted applications........................ select the Proactive Defense component....... select the Proactive Defense component.................... check the Trusted in Kaspersky Security Network database box..... control will not apply to all events................... 99 ENABLING AND DISABLING PROACTIVE DEFENSE By default... In the left part of the window. 98 Using the dangerous activity list .............. the list of trusted applications includes applications with verified digital signatures and applications that are trusted in the Kaspersky Security Network database. Microsoft Windows 7.. or Microsoft Windows 7 x64.. their activities will also be monitored by Proactive Defense...................................... 98 Creating a group of trusted applications ............... running in a mode recommended by Kaspersky Lab specialists. In the right part of the window....... Open the application settings window.................

in the Protection Center section. 2. 5. In the left part of the window. 99 . Open the application settings window. Click the Settings button in the right part of the window. In the left part of the window. you can refuse to control a selected case of dangerous activity. To turn off monitoring for one dangerous activity or another: 1. select the Proactive Defense component. Click the Settings button in the right part of the window. Rolling back actions performed by malicious programs can be initiated by one of the following protection components: System Watcher .based on patterns of dangerous activity. Click the On / Off link to indicate that a report on operation execution should be created. Configure the settings for the selected event using the links in the Rule description section. To change the action that Kaspersky Lab application takes on dangerous activity of another application: 1. In the Proactive Defense window that opens. In the Proactive Defense window that opens. Kaspersky Internet Security can roll back actions performed by malicious programs. 3. when performing a virus scan. However. 4. 4. in the Protection Center section. SYSTEM WATCHER System Watcher collects data about application actions on your computer and provides information to other components for improved protection. File Anti-Virus. Open the application settings window. you can change the action that Kaspersky Internet Security takes when applications' dangerous activity is detected. Click the link with the preset action and select the desired action in the Select action window that opens. Proactive Defense. Based on information collected by System Watcher. b. select the desired event for which you want to edit the rule.ADVANCED APPLICATION SETTINGS USING THE DANGEROUS ACTIVITY LIST The list of actions typical of dangerous activity cannot be edited. For example: a. However. select the Proactive Defense component. 2. uncheck the box next to the type of activity which you do not want to be monitored. 3. in the Event column. CHANGING THE ACTION TO BE TAKEN ON APPLICATIONS' DANGEROUS ACTIVITY The list of actions typical of dangerous activity cannot be edited.

..... By default........ In the right part of the window....... 100 Using patterns of dangerous activity (BSS) ................... in the Protection Center section.... System Watcher moves this application to Quarantine........ In the left part of the window... if an application's activity matches a pattern of dangerous activity.... uncheck the Enable System Watcher box.. 100 Rolling back a malicious program's actions ............. System Watcher prompts for action regardless of the operation mode...... since this inevitably decreases the efficiency of Proactive Defense and other protection components that may request data collected by System Watcher in order to identify the potential threat detected......... In addition to exact matches between applications' activities and patterns of dangerous activity....... which are used by System Watcher........... the link to the System Watcher's report is displayed in the top part of the notification window (see page 197)... select the System Watcher component......................... System Watcher is enabled..... Kaspersky Internet Security performs the prescribed action..... during the database updates............ USING PATTERNS OF DANGEROUS ACTIVITY (BSS) Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of actions typical of applications classified as dangerous.. To disable System Watcher: 1..................USER GUIDE If suspicious events are detected in the system...... Open the application settings window. Open the application settings window............... 3..... You can disable System Watcher if necessary.... running in a mode recommended by Kaspersky Lab specialists.............................. To select the action that the component should perform if an application's activity matches a pattern of dangerous activity: 1........ You can specify the action that the component should perform when an application's activity matches a pattern of dangerous activity......... along with a prompt for action..... If suspicious activity is detected.... 101 ENABLING AND DISABLING SYSTEM WATCHER By default. This data can help you make a decision when selecting an action in the notification window.... System Watcher also detects actions that partly match patterns of dangerous activity and are considered suspicious based on the heuristic analysis....... 2................. 100 .... In interactive protection mode of Kaspersky Internet Security (see section "Selecting a protection mode" on page 64). System Watcher prompts for action... select the System Watcher component......... you can view data collected by the System Watcher component and presented as a report on dangerous activity history..... When running in interactive mode.... You are advised not to disable the component unless it is absolutely necessary........ If an application's activity matches a pattern of dangerous activity...... in the Protection Center section.. When the component detects a malicious program. 2. Kaspersky Internet Security protection components can request additional information from System Watcher..... In the left part of the window.......... Kaspersky Internet Security adds patterns of dangerous activity............... when Kaspersky Internet Security is running in automatic mode............... IN THIS SECTION: Enabling and disabling System Watcher ...... To provide real-time effective protection..........

and network addresses. To enable a rollback. To select an action that should be taken if a rollback of actions performed by a malicious program is available: 1. check the Use updatable patterns of dangerous activity (BSS) box. 2. the Application Control component verifies its safety and includes it in one of the groups.ADVANCED APPLICATION SETTINGS 3. in the Rollback of malware actions section. Kaspersky Internet Security rolls back relevant operations automatically when the protection components detect malicious activity. 4. registry keys. In the right part of the window. in the Protection Center section. in the Rollback of malware actions section. 3. APPLICATION CONTROL Application Control prevents applications from performing actions that may be dangerous for the system and ensures control of access to operating system resources and your identity data. select the System Watcher component. choose Select action. By default. Open the application settings window. check the Limit data to be stored for rollback box and specify the maximum data volume that System Watcher should store for a rollback. At the first startup of an application on the computer. System Watcher prompts for action. The procedure of rolling back malware operations affects a strictly defined set of data. and then select the required action from the dropdown list. or edit the rules of Kaspersky Internet Security (see page 104). 3. move an application to another group (see page 103). including applications' access to protected resources. You can specify an action that should be taken if a rollback of actions performed by a malicious program is available. To limit the volume of information that System Watcher stores for a rollback: 1. You can configure the conditions for distribution of applications by groups (see page 102). Applications' network activity is controlled by the Firewall component (on page 109). select the System Watcher component. You can limit the volume of information that System Watcher stores for a rollback. When running in interactive mode. These rules regulate potentially dangerous activity. System Watcher logs the history of program activity. In the right part of the window. In the right part of the window. ROLLING BACK A MALICIOUS PROGRAM'S ACTIONS You can use the option of rolling back the actions performed by malware in the system. such as files and folders. In the left part of the window. 2. in the Heuristic Analysis section. The Application Control rules are a set of access rights to computer resources and restrictions posed on various actions being performed by applications on the computer. Click Select action and then specify the desired action on the dropdown list. It causes no negative consequences for the operating system or data integrity on your computer. The component tracks actions performed in the system by applications installed on the computer and regulates them based on the Application Control rules. In the left part of the window. in the Protection Center section. The group defines the rules that Kaspersky Internet Security should apply for controlling the activity of this application. 101 . Open the application settings window.

....... the component applies the current rule to it... IN THIS SECTION: Enabling and disabling Application Control ......................... The analysis helps determine the application's threat rating.................. based on which it is placed into a group.................... 3................... In the right part of the window........................ Kaspersky Internet Security uses the heuristic analysis to group unknown applications (those not included in the Kaspersky Security Network database and functioning without a digital signature)............... Data obtained using the Kaspersky Security Network allows you to group applications with more accuracy and apply optimal Application Control rules.......... By default......................... this group includes applications with a digital signature and applications whose parent objects have one..................... in the Protection Center section.......... select the Application Control component.. If the application has not been changed...................... 108 ENABLING AND DISABLING APPLICATION CONTROL By default....USER GUIDE We recommend that you participate in the Kaspersky Security Network in order to improve the performance of Application Control (see section "Kaspersky Security Network" on page 174)........... you can use the preset list of protected resources or add user resources to the list (see page 107)....................... 102 Viewing application activity......... To disable Application Control: 1.... Instead of using heuristic analysis. You can disable Application Control................... You can disable the automatic inclusion of applications with a digital signature in the Trusted group................ running in a mode recommended by Kaspersky Lab specialists.. uncheck the Enable Application Control box....... The behavior of applications included in the Trusted group will............................................................... When the application is restarted.. be controlled by the Proactive Defense component (on page 97)........ In the left part of the window............................... To control applications' access to various resources of your computer........... if necessary.... however.................................... the Application Control component verifies its safety and includes it in one of the groups............... Application Control checks its integrity......... 103 Working with Application Control rules .... PLACING APPLICATIONS INTO GROUPS At the first startup of an application on the computer... 102 .......... 2............ you can specify a group into which Kaspersky Internet Security should automatically place all unknown applications.. By default....... Application Control re-scans it as at the first startup..... Open the application settings window........................ 103 Modifying a group and restoring the default group ...... 102 Placing applications into groups ................... 104 Interpreting data on application usage by the participants of the Kaspersky Security Network ... Application Control is enabled.................................................................... If the application has been modified............................. Applications that do not pose any threat to the system are placed in the Trusted group..

Open the application settings window. Based on the statistics and taking into account the history of how this application appeared on your computer. After that. At any moment. Application Control analyzes an application for 30 seconds. 3. select the desired category of applications from the dropdown list. Kaspersky Internet Security notifies you and prompts you to select a group into which to place the application. perform the following actions: a.ADVANCED APPLICATION SETTINGS By default. on the contrary. select the Application Control component. Kaspersky Internet Security automatically includes it into a group (see section "Placing applications into groups" on page 102). edit the rules for an individual application. If the application threat rating is high. the application is placed into its final group. the application is placed into the Low Restricted group. In the left part of the window. select Move to the following group automatically and specify the required group in the dropdown list. using the Maximum time to define the application group field. you are advised to increase the time for analysis. You can change the time allocated for application analysis. select the Applications Activity section. MODIFYING A GROUP AND RESTORING THE DEFAULT GROUP At the first startup of an application. you can move the application back to the default group. while determination of the threat rating continues in background mode. 103 . If you want applications with digital signatures to be automatically included in the Trusted group. b. in the Applications restriction section. 2. If you want to place all unknown applications into a specified group. Specify a time interval for scanning an application being run. In the Applications Activity window that opens. check the Trust applications with digital signature box. To configure distribution of applications by groups: 1. If. Kaspersky Lab specialists recommend that you avoid moving applications from default groups. In the right part of the window. To view application activity: 1. you can decrease the time spent on analysis. you are installing software and are not sure that it is safe. in the Protection Center section. If this time interval turns out to be insufficient for determining the threat rating. 2. c. Select a method of allocating unknown applications by groups: If you want to use heuristic analysis to allocate unknown applications by groups. If you are sure that no applications started on your computer pose any threat to its security. Instead. In the lower part of the window. in the top left corner. Notification (see page 195) contains statistics on the application's use by Kaspersky Security Network participants. VIEWING APPLICATION ACTIVITY You can view information about applications used on your computer and about processes running. 3. You can move the application to another group manually. select Use the heuristic analysis to define group. if needed. Open the main application window (see page 33). you can make a more objective decision regarding the group into which the application should be placed (see section "Interpreting data on application usage by the participants of the Kaspersky Security Network" on page 108).

............................ To change a group rule: 1...... In the Applications Activity window that opens..... 3... in the top left corner............. 106 Deleting rules for unused applications .................... 4................... Open the main application window (see page 33)......... By default.......USER GUIDE To move an application to another group: 1.................................................................................. 105 Use of rules from Kaspersky Security Network by Application Control ........ 106 Inheritance of restrictions of the parent process ............... In the Applications Activity window that opens.................... 2............. select the Applications Activity section............ You can edit the preset group rules....................................................... If necessary.................. 2.. 3................. you can edit these rules or adjust them for an individual application................................. In the left part of the window........ Restore default 4... WORKING WITH APPLICATION CONTROL RULES The Application Control rules are a set of access rights to computer resources and restrictions posed on various actions being performed by applications on the computer.............. in the Protection Center section....................... In the lower part of the window...... The rules for an application have higher priority than the rules for a group..... in the top left corner.. To restore an application in the default group: 1............ select the Applications Activity section.................. IN THIS SECTION: Editing group rules ............ In the lower part of the window................ Right-click to open the context menu for the desired application and select Move to group group........... 2............................... The group rules have been developed by Kaspersky Lab specialists for optimum control of application activity. select the desired category of applications from the dropdown list....... 107 Protecting operating system resources and identity data .... Right-click to open the context menu for the desired application and select Move to group <group name>............................................... 104 Editing application rules ....................................... select the desired category of applications from the dropdown list...... different groups have different optimal sets of access rights to computer resources. 107 EDITING GROUP RULES By default..... an application is controlled according to the rules of the group into which Kaspersky Internet Security placed the application when it was run for the first time........... Open the main application window (see page 33)........................... 104 ..... Open the application settings window............... select the Application Control component..................

In the left part of the window. click the Applications button. select the desired group from the list and click the Edit button. Open the application settings window. Block. In the Application rules window that opens. 6. in the Protection Center section. select the desired application from the list. Right-click the column with the appropriate action for the desired resource to open the context menu and select the desired value (Allow. 4. In the Applications window that opens.ADVANCED APPLICATION SETTINGS 3. Access to these resources is managed by the application rules. In the right part of the window. 3. 5. protect digital identity data and other resources section. EDITING APPLICATION RULES You can modify restrictions at the level of an individual application or exclude some actions from the rules for an application. In the Applications window that opens. In the right part of the window. or Prompt for action). in the Configure application rules. All exclusions created in the rules for applications are available in the application settings window (see section "The application settings window" on page 36) in the Threats and Exclusions section. 6. To disable applying group rules to access to resources: 1. 4. select the tab that matches the desired resource category (Files and system registry or Rights). select the desired application from the list and click the Edit button. protect digital identity data and other resources section. Open the application settings window. 3. 2. select the Application Control component. You can also disable the application of group rules to the control of access to selected categories of protected resources. click the Applications button. in the Protection Center section. In the Application rules window that opens. 5. 7. or Prompt for action). 105 . click the Applications button. In the right part of the window. Right-click the column with the appropriate action for the required resource to open the context menu and select the Inherit item with the box checked. To change an application rule: 1. in the Configure application rules. 2. In the Group rules window that opens. 6. In the Applications window that opens. In the left part of the window. select the Application Control component. in the Configure application rules. protect digital identity data and other resources section. select the tab that matches the desired resource category (Files and system registry or Rights). Click the Edit button. Block. Kaspersky Internet Security will not control actions that have been added to the exclusions from the rules for an application. 5. Right-click the column with the appropriate action for the desired resource to open the context menu and select the desired value (Allow. select the tab that matches the desired resource category (Files and system registry or Rights). 4.

in the Protection Center section. Kaspersky Internet Security will automatically update the rules for the control of this application by default. This mechanism prevents a non-trusted application or an application with restricted rights from using a trusted application to perform actions requiring certain privileges. select the Application Control component. 6. 3. Open the application settings window. You can disable the usage of rules from the Kaspersky Security Network and / or the automatic update of the rules for previously unknown applications. 2. INHERITANCE OF RESTRICTIONS OF THE PARENT PROCESS On your computer. Open the application settings window. Check the boxes for the actions that should not be controlled. 3. In the right part of the window. 4. in the Protection Center section. protect digital identity data and other resources section. 2. If an application was not found in the Kaspersky Security Network database at the first run but information about it was added later. In the Applications window that opens. select the desired application from the list and click the Edit button. select the Application Control component. USE OF RULES FROM KASPERSKY SECURITY NETWORK BY APPLICATION CONTROL By default. you are not the only one that has rights to launch programs and processes. In the left part of the window. you can modify these rights or disable inheritance of restrictions from the parent process. In the Application rules window that opens. Application Control applies the same restrictions to the program being launched as to the parent process. 5. Other running programs (processes) also can do it. In the right part of the window. In the left part of the window. In the right part of the window. In the left part of the window. uncheck the Load rules for applications from Kaspersky Security Network (KSN) box. To disable updates of Kaspersky Security Network rules for previously unknown applications: 1. Open the application settings window. thus they become parent ones. If an application's activity is blocked because a parent process has insufficient rights. in the Protection Center section.USER GUIDE To add an exclusion to the application rules: 1. in the Applications restriction section. 2. the program being launched inherits all restrictions from its parent process. If a parent process has a lower rights priority than a program that it launches. Thus. uncheck the Update rules for previously unknown applications from KSN box. To disable the usage of rules from the Kaspersky Security Network: 1. click the Applications button. select the Application Control component. in the Configure application rules. select the Exclusions tab. You should modify the rights of a parent process only if you are absolutely certain that the process' activities do not threaten the security of the system! 106 . in the Applications restriction section. 3. applications found in the Kaspersky Security Network database are processed according to the rules loaded from this database.

You cannot edit this list. 107 . In the left part of the window. 7. Access to those resources will not be controlled. Click the Identity protection button in the right part of the window. select the Application Control component. However. 2. 4. In the right part of the window. 6.ADVANCED APPLICATION SETTINGS To disable inheritance of restrictions from the parent process. in the Protection Center section. 2. In the right part of the window. click the Applications button. uncheck the Delete rules for applications remaining inactive for more than box. 3. In the Application rules window that opens. 4. Open the application settings window. In the Applications window that opens. DELETING RULES FOR UNUSED APPLICATIONS By default. in the Additional section. In the left part of the window. In the window that opens. To disable the automatic removal of the rules for unused applications: 1. you can expand this list by adding user categories and / or individual resources. In the left part of the window. protect digital identity data and other resources section. the rules for applications which have not been started for 60 days are deleted automatically. select the desired application from the list. check the Delete rules for applications remaining inactive for more than box in the Additional section and specify the desired number of days. select the Application Control component. To add personal data to be protected: 1. in the Configure application rules. 2. on the Identity data tab. select the Exclusions tab. Open the application settings window. 5. To change the storage time for application rules: 1. in the Protection Center section. Kaspersky Lab specialists have created preset categories of protected resources. 3. or stop controlling the selected resources. select the Application Control component. Open the application settings window. In the left part of the window. Check the Do not inherit restrictions from the parent process (application) box. select the required category of identity data from the dropdown list. 2. Click the Edit button. Open the application settings window. select the Application Control component. PROTECTING OPERATING SYSTEM RESOURCES AND IDENTITY DATA Application Control manages the applications' rights to perform actions with various resource categories of the operating system and personal data. In addition. You can modify the storage time for rules for unused applications or disable automatic removal of rules. 3. in the Protection Center section. in the Protection Center section. 3. perform the following steps: 1. you can add specified resources to the exclusions. In the right part of the window.

in the Protection Center section. enter a name for the new resource category. select the desired category of operating system objects from the Category dropdown list. In the window that opens. 2. To add a resource to the exclusions list: 1. In the User resource window that opens. Click the Add button and select the desired type of resource from the menu that opens. Kaspersky Lab specialists distinguish the following possible sources of new applications: the user downloads a setup file from the Internet and then opens it. Click the Identity protection button in the right part of the window. In the left part of the window. 108 . Open the application settings window. 5. on the Operating system tab. specify the desired settings based on the resource being added. 2. 6. In the User resource window that opens. To create a category of identity data items to be protected: 1. To add operating system settings and resources to be protected: 1. Click the Add button and select the desired type of resource from the menu that opens. specify the desired settings based on the resource being added. you should know the history of how this application appeared on your computer. In the Identity data category window that opens. 4. on the Exclusions tab. In the window that opens.USER GUIDE 5. 3. 6. To assess the maliciousness or safety of an application accurately based on KSN data. INTERPRETING DATA ON APPLICATION USAGE BY THE PARTICIPANTS OF THE KASPERSKY SECURITY NETWORK Information about application usage by the participants of the Kaspersky Security Network (see page 175) will allow you to make an objective decision on which status should be assigned to an application running on your computer. 5. In the left part of the window. 2. click the Add category button. specify the desired settings based on the resource being added. 4. click the Add button and specify the desired resource from the menu that opens. select the Application Control component. on the Identity data tab. Click the Identity protection button in the right part of the window. in the Protection Center section. in the Protection Center section. In the User resource window that opens. select the Application Control component. Click the Identity protection button in the right part of the window. In the window that opens. 5. Open the application settings window. a setup file is automatically downloaded and opened when the user clicks a link on a web page. 3. In the left part of the window. 4. 3. select the Application Control component. the user opens a setup file stored on a CD / DVD or copied to the hard disk from it. Open the application settings window.

.......... 119 FIREWALL The Firewall ensures the security of your work in local networks and on the Internet........................ proxy server settings...... or social network............. 118 Creating a list of monitored ports ..... Network Monitor.. IM client......... NETWORK PROTECTION The various protection components.....................................000 participants of KSN) and recently................... 118 Configuring the proxy server .................... 109 ......................................... rarely (less than 1......................... Below are the main categories of application usage: very rarely (less than 100 participants of KSN use this application) and recently (the file appeared a few days ago)..000 participants of KSN) and long ago (more than six months ago)................. addresses and ports to which the connection is established......... 113 Encrypted connections scan .............ADVANCED APPLICATION SETTINGS the user opens a setup file stored on a USB drive or copied to the hard disk from it...... 109 Network Attack Blocker ............................................... 116 Network Monitor . This component filters the entire network activity according to the network rules of Application Control.... The sections below contain detailed information about the principles of operation and configuration of the Firewall................................... frequently (more than 100...... most users restrict the activity of this application..................... most users trust or restrict this application.. most users trust this application.............................................................................. very frequently (more than 100..................................................... scanning of secure connections..............000 participants of KSN) and relatively long ago (a few months ago)............................. A network rule is an action that the Firewall performs when it detects a connection attempt with a specified status......................... IN THIS SECTION: Firewall ..... tools................ Statistics of application usage by the participants of the Kaspersky Security Network include the frequency of application usage and how long ago it was used............. frequently (more than 100.. Network Attack Blocker...................... the user opens a setup file received in a message via email................. and settings of Kaspersky Internet Security together ensure security and control of your network activities............................ most users trust this application............................................................ A status is assigned to each network connection and is defined by set parameters: data transfer direction and protocol.......................................................................................................................... and monitoring of network ports...........................................000 participants of KSN) and recently (a few weeks ago).......

............................... 110 Configuring notifications of changes in the network . running in a mode recommended by Kaspersky Lab specialists....... you can change the status (see page 110) of a network connection manually............. the Firewall defines the status based on the network type...... Open the application settings window... CHANGING THE NETWORK STATUS The network connection status affects the set of rules used to filter network activity for that connection. in the Protection Center section..................... In the right part of the window......................................... In the left part of the window....... when a certain type of network connection is prohibited for some applications but allowed for others.. In the left part of the window.................... regardless of the application. select the Firewall component............. WORKING WITH FIREWALL RULES The Firewall operates on the basis of two types of rules: Packet rules.................... Open the application settings window........................ These are used for posing restrictions on packets...................... 110 ............. asks you for the status of the connected network (see page 196).............. You can change the network status................... 2....... such rules restrict incoming network activity on specified TCP and UDP ports and filter ICMP messages...... In the right part of the window......... when first connected...... If interactive mode is disabled.. for example................. if necessary.. 3... To disable the Firewall: 1......... in the Networks list.............................. select a network connection and click the Edit button to open the network settings window.. 113 Advanced Firewall settings....................... the Firewall.... IN THIS SECTION: Enabling and disabling the Firewall ......................................... If the application is running in the interactive mode..USER GUIDE The Firewall analyzes the settings of the networks to which you connect your computer.............. 110 Changing the network status ........................... Application rules....... you can disable the Firewall.. These are used to set limits on the network activity of a particular application......... Typically. If necessary......... uncheck the Enable Firewall box......... select the desired status from the drop-down list on the Properties tab..................... 110 Working with Firewall rules.... the Firewall is enabled............ To change the network connection status: 1... in the Protection Center section....... 4.................. 3. If necessary......... 113 ENABLING AND DISABLING THE FIREWALL By default...... ranges of addresses and other specifications............................................... 2......... In the window that opens...... select the Firewall component...... Such rules allow fine-tuning of activity filtering............................

on the Application rules tab. 2. on the Packet rules tab. In the left part of the window. The network rules of a group define which access rights to various networks can be granted to the applications that have been included in the group. Open the application settings window. 2. You can add new network rules for a group or edit the preset ones. To add a network rule for a group: 1. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list. 3. In the window that opens. click the Add button. 4. In the left part of the window. CREATING A PACKET RULE Packet rules consist of a set of conditions and operations performed with regard to packets when these conditions are met. specify the desired settings and click the OK button. by default the Firewall filters an application's network activity using the rules of the group in which this application has been placed. in the Protection Center section. select the Firewall component. 7. Open the application settings window. In the Network rule window that opens. EDITING GROUP RULES Similarly to the Application Control (on page 101) component. 4. remember that they have priority over the rules for applications. select the Firewall component. 3. If both packet rules and application rules are applied to the same type of network activity. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list. 4. 5. In the Network rule window that opens. To create a packet rule: 1. You can also set a priority for each rule (see page 112). Click the Settings button in the right part of the window. Click the Settings button in the right part of the window. specify the desired settings and click the OK button. When creating packet rules. 6. In the window that opens. 5. in the Protection Center section. In the window that opens. this network activity is processed using the packet rules. Open the application settings window. select the desired group from the list and click the Edit button.ADVANCED APPLICATION SETTINGS Packet rules have higher priority than application rules. 6. select the Network rules tab and click the Add button. 2. In the Group rules window that opens. select the Firewall component. 3. To change a network rule for a group: 1. 111 . select the desired group from the list and click the Edit button. In the left part of the window. Click the Settings button in the right part of the window. in the Protection Center section. on the Application rules tab.

open the window for creating a network rule for the application by clicking the Add button. Click the Settings button in the right part of the window. The network rules of an application have a higher priority than network rules of a group. To create a network rule of an application: 1. 4. In the window that opens. To change the priority of an application rule or a group rule: 1. EDITING APPLICATION RULES You can create network rules for individual applications. 2. 2. In the Group rules window that opens. Right-click the Permission column to open the context menu for the desired rule and select a value: Allow. 4. Open the application settings window. In the Application rules window that opens. 112 . select the Firewall component. select an application or group and open the rules configuration window by clicking the Edit button. Each packet rule created manually is added to the end of the list of packet rules. To change the priority of a packet rule: 1. select the Firewall component. on the Application rules tab. CHANGING A RULE'S PRIORITY The priority of a rule is defined by its position in the list. Block. In the window that opens. Assign a priority to the new rule by using the Move up and Move down buttons to move it up or down the list. In the left part of the window. 3. select the rule and move it to the required place in the list by clicking the Move up or Move down buttons. 6. 4. 7. specify the desired settings and click the OK button. 6. in the Protection Center section. 3. The first rule on the list has the highest priority. Rules for applications created manually have higher priority than inherited group rules. select an application and click the Edit button to open the rules configuration window.USER GUIDE 5. or Prompt for action. In the window that opens. select a rule and move it to the desired position in the list clicking the Move up or Move down buttons. In the window that opens. In the left part of the window. and the rule priority applies to an individual group only. in the Protection Center section. select the Network rules tab. Click the Settings button in the right part of the window. on the Packet rules tab. 2. Rules for applications are grouped by application name. in the Protection Center section. on the Network rules tab. on the Network rules tab. In the Network rule window that opens. Open the application settings window. Click the Settings button in the right part of the window. select the Firewall component. 3. on the Application rules tab. 5. 5. In the left part of the window. Open the application settings window.

NETWORK ATTACK BLOCKER The Network Attack Blocker scans inbound traffic for activity typical of network attacks. To configure notifications about changes to network connection settings: 1. ADVANCED FIREWALL SETTINGS You can adjust the following advanced settings of the Firewall: enable the active mode for FTP. in the Protection Center section. 2.ADVANCED APPLICATION SETTINGS CONFIGURING NOTIFICATIONS OF CHANGES IN THE NETWORK Network connection settings can be changed during operation. Descriptions of currently known network attacks (see section "Types of detected network attacks" on page 114) and methods to fight them are provided in Kaspersky Internet Security databases. Open the application settings window. on the Additional tab. A warning will appear on the screen stating that an attempted network attack has taken place. 3. By default. 2. on the Packet rules tab. 4. You can receive notifications of modifications in the network connection settings. select the Firewall component. in the Networks section. In the left part of the window. all the settings are enabled. In the window that opens. In the window that opens. in the Protection Center section. 5. Click the Settings button in the right part of the window. In the right part of the window. In the left part of the window. In the Additional window that opens. To adjust the advanced settings of the Firewall: 1. 3. Open the application settings window. keep running until the system is shut down. block connections if they cannot be prompted for action (application interface is not loaded). The list of attacks which the Network Attack Blocker can detect is updated when the application's databases are updated (see section "Update" on page 72). Once an attempt to attack your computer is detected. Kaspersky Internet Security blocks any network activity of the attacking computer towards your computer. select a network connection and open the network settings window by clicking the Edit button. 113 . open the advanced settings window by clicking the Additional button. 4. By default. with specific information about the computer which attacked yours. the block lasts for one hour. in the Notify section. check / uncheck the boxes next to the desired settings. select the Firewall component. check the boxes for events that you want to be notified of.

Intrusion attacks..................... to use the invaded system in a zombie network.. installed on your computer. which intensifies the load on the processor and can lead to the crashing of some operating systems.... the information obtained through the scan (a model of the system) helps the malefactor to know what operating system the remote computer uses.......... There are two basic types of DoS attacks: sending the target computer specially created packets that the computer does not expect which cause the system either to restart or to stop..................... The Land attack consists of sending a request to an open port on the target computer to establish a connection with itself... the hacker takes total control of your system........ The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a fake connection...... you must know what kinds of network attacks you might encounter............. 114 .. which slows the processor to a crawl.... Known network attacks can be divided into three major groups: Port scan – this type of threat is not itself an attack. To ensure the security of your computer....... but it usually precedes one.............. are attacks which cause unstable performance of a system or its crash........................ 114 Enabling and disabling Network Attack Blocker .............. 115 Editing the blockage settings.. The system reserves certain resources for each of those connections... which completely drains your system resources.. Prime examples of this group of attacks are the following: The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64 KB.... the time spent perpetrating them......................g................. Attacks of this type may make it impossible to use the information resources under attack (for example................................. system-type or otherwise.. In addition..... This attack can crash some operating systems. The computer attempts to reply to each inbound packet.............. This...... The UDP / TCP ports used by the network tools on the computer targeted by an intruder are scanned to determine their status (closed or open).... because if it is successful. and the computer stops reacting to other connection attempts... further restricts the number of potential attacks..... since it is one of the common ways of obtaining information about a remote computer... or as a platform for new attacks)..... it may not be possible to access the Internet).................. a great number of network attacks exist.... This is the most dangerous type of attack. The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer......... in turn. It also aids a hacker in attempting to use vulnerabilities characteristic of the operating system... credit card numbers. or to penetrate the system to use its computing resources for malicious purposes later (e.. passwords)........ which aim to take over your computer.. These attacks exploit the vulnerabilities of the operating system and other software..................... DoS attacks. This attack sends the computer into a cycle.. which causes system resources to be exhausted.............. or Denial of Service attacks.USER GUIDE IN THIS SECTION: Types of detected network attacks ..... and.. Port scans can tell a hacker what types of attacks work on that system and what types do not.... Hackers use this type of attack to obtain confidential information from a remote computer (for example.... correspondingly........ 115 TYPES OF DETECTED NETWORK ATTACKS Nowadays.................... sending the target computer many packets within a short timeframe such that the computer cannot process them..........

fprintf(). and system components available via the network – DCom. the use of various malicious scripts. in the Protection Center section. check the Add the attacking computer to the list of blocked computers for box and specify the blockage time. Network Attack Blocker is enabled. Open the application settings window. You can cancel blockage of the selected computer or change the blockage time. select the Network Attack Blocker component. EDITING THE BLOCKAGE SETTINGS By default. The essence of this attack type consists of sending a special type of UDP packet that can execute malicious code to a remote computer. In the Network Monitor window that opens. and a common group for network services available in both operating systems. LSASS. In the right part of the window. select the Network Attack Blocker component. IIS5). In addition. Unix attacks. Open the application settings window. in the Protection Center section. In the left part of the window. In the right part of the window. Wins. 2. from the standard C library. To modify the time for which an attacking computer will be blocked: 1. Attacks aimed at computers with Microsoft Windows are based on the use of the vulnerabilities of the software installed on a computer (such as Microsoft SQL Server. To disable Network Attack Blocker: 1. In the lower part of the window. The Intrusion Detection System automatically analyzes and prevents attempts to exploit these vulnerabilities in the most common network services (FTP. This is one of the oldest vulnerability types and the easiest for hackers to exploit. 3. Messenger.ADVANCED APPLICATION SETTINGS This group includes the largest number of attacks. scanf(). ENABLING AND DISABLING NETWORK ATTACK BLOCKER By default. running in a mode recommended by Kaspersky Lab specialists. the hacker is able to send specially created queries and can take total control of the system. uncheck the Enable Network Attack Blocker box. such as printf(). Format string attacks. select the blocked computer and click the Unblock button. If an application has this vulnerability. on the Blocked computers tab. Microsoft Internet Explorer. 115 . 2. select the Network Monitor section. 2. can be classified as isolated incidents of intrusion attacks. POP3. 3. 3. Buffer overflow may be caused by the absence (or insufficiency) of control when working with data arrays. Network Attack Blocker blocks the activity of an attacking computer for one hour. To unblock an attacking computer: 1. and others. Open the main application window (see page 33). In the left part of the window. You can disable Network Attack Blocker if necessary. The following types of attacks are the most common among those which use the network resources of operating systems: Buffer overflow attacks. SMB. IMAP) if they are running on the user’s computer. They may be divided into three groups depending on the operating system installed on the user's computer: Microsoft Windows attacks. including scripts processed by Microsoft Internet Explorer and Helkern-type worms. Format string errors arise from insufficient control of input values for I/O functions.

When you first enable this setting.. you should install the Kaspersky Lab certificate manually.. To enable encrypted connections scanning and install Kaspersky Lab's certificate: 1. The SSL / TLS protocols allow you to identify the parties exchanging data using electronic certificates.... In the browser menu..... IN THIS SECTION: Scanning encrypted connections in Mozilla Firefox ....... select Tools Settings..... If an invalid certificate is detected when connecting to the server (for example........... as well as to get instructions on installing Kaspersky Lab's certificate for Opera.. Mozilla Firefox (if it is not launched) and Google Chrome... since most antivirus applications do not scan SSL / TLS traffic.... in the Advanced Settings section. 117 SCANNING ENCRYPTED CONNECTIONS IN MOZILLA FIREFOX The Mozilla Firefox browser does not use Microsoft Windows certificate storage....... check the Scan encrypted connections box.. In the Certificates section.... Kaspersky Internet Security will no longer scan the encrypted connection with this website.. 116 Scanning encrypted connections in Opera ......... 3..... and ensure their integrity during the transfer. Kaspersky Internet Security scans encrypted connections using a Kaspersky Lab certificate... select the Authorities tab and click the Restore button..... 3. select the Security tab and click the View Certificates button... You can use the Certificate Installation Wizard to install a certificate for scanning encrypted connections in semiinteractive mode in Microsoft Internet Explorer........... In the window that opens. select the Network component.... To install Kaspersky Lab's certificate: 1....... in spite of an invalid certificate. the Certificate Installation Wizard starts automatically... a notification will pop up containing a prompt to either accept or reject the certificate... If the wizard does not start.. 2...... 4............. 116 ........... 4........ To scan SSL connections when using Firefox................. In the window that opens...... In the window that opens.. You can use the Certificate Installation Wizard.... These features of the protocol are used by hackers to spread malicious programs... you can add the website into the list of trusted URLs..............USER GUIDE ENCRYPTED CONNECTIONS SCAN Connecting using the SSL / TLS protocols protects the data exchange channel on the Internet......... if the browser is not launched. Open the application settings window. 2........ select the Additional section...... click the Install certificate button........ encode the data being transferred... If you are sure that connection with a website is always secure.... This will start a Wizard with instructions to follow for successful installation of the Kaspersky Lab certificate.... In the left part of the window. if the certificate is replaced by an intruder)...................

2. the path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate. 3. In the window that opens.cer.cer. select the Security tab and click the Manage Certificates button. select Tools Settings. select the certificate in the list and click the View button. In the browser menu. To scan SSL connections when using Opera. 5. select the Security tab and click the Manage Certificates button. select the Authorities tab and click the Import button. select the Additional section. In the window that opens.cer. click the View button. 4. click the View Certificates button. In the browser menu. 117 . 4. In the window that opens. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate. If your computer runs under Microsoft Windows Vista or Microsoft Windows 7. To view information about the certificate and select the actions for which the certificate will be used. In the left part of the window. SCANNING ENCRYPTED CONNECTIONS IN OPERA The Opera browser does not use Microsoft Windows certificate storage. check the boxes to select the actions that should be scanned with the certificate installed. 6. In the window that opens. select the Vendors tab and click the Import button.x: 1. In the window that opens. click the View button. To view information about the certificate. 3. select the Kaspersky Lab certificate file. In the window that opens. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate. you should install Kaspersky Lab's certificate manually. To install Kaspersky Lab's certificate for Mozilla Firefox version 3. In the browser menu. In the window that opens. In the window that opens. 5. 6. 2. check the boxes to select the actions that should be scanned with the certificate installed. select the Kaspersky Lab certificate file. 2. select the Additional section. select Tools Settings. select the Additional section. select the Authorities tab and click the Import button. 4. In the window that opens. On the Encryption tab. To view information about the certificate. In the window that opens. To install Kaspersky Lab's certificate: 1. In the window that opens. In the left part of the window. select the Kaspersky Lab certificate file.cer. Kaspersky Lab's certificate will be installed. To install Kaspersky Lab's certificate for Opera version 9. click the Install button.x manually: 1. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate. In the window that opens.ADVANCED APPLICATION SETTINGS 5. 6. 3. select Tools Settings.

In the lower part of the window. The path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate. you can open Network Monitor using the Kaspersky Gadget. you may need to configure its connection settings. click the Install button. In the Network Monitor window that opens. select the Kaspersky Lab certificate file. NETWORK MONITOR Network Monitor is a tool used to view information about network activities in real time. If your computer runs under Microsoft Windows Vista or Microsoft Windows 7.cer.cer. 3. the Network activity tab provides information about network activity. in the Advanced Settings section. click the Proxy server settings button. Kaspersky Lab's certificate will be installed. Open the main application window (see page 33). Kaspersky Gadget should be configured so that the option of opening the Network Monitor window is assigned to one of its buttons (see section "How to use the Kaspersky Gadget" on page 59). the path to Kaspersky Lab's certificate file is: %AllUsersProfile%\Kaspersky Lab\AVP12\Data\Cert\(fake)Kaspersky Anti-Virus personal root certificate. If your network includes a proxy server using a non-standard port. In the window that opens. you should add the port number to the list of monitored ports (see section "Creating a list of monitored ports" on page 119). as well as for updating the databases and application modules. To do this. 4. In the Network Monitor window that opens.USER GUIDE 5. select the Network Monitor section. CONFIGURING THE PROXY SERVER If the computer's Internet connection is established via a proxy server. To view information about network activity: 1. Kaspersky Internet Security uses these settings for certain protection components. When working on a computer running under Microsoft Windows Vista or Microsoft Windows 7. 6. 2. Open the application settings window. click the button with the Network Monitor icon in the Kaspersky Gadget interface. In the left part of the window. 118 . In the window that opens. specify the required settings for connection to a proxy server. In the Proxy server settings window that opens. select the Network component. the Network activity tab provides information about network activity. 2. In the Proxy server section. To open Network Monitor using the gadget. To configure connection with a proxy server: 1.

Click the Add link located under the list of ports in the top part of the window to open the Network port window. you can create a list of applications for which all ports will be monitored. select Browse and specify the file's location on the computer. Open the application settings window. For example. 4. Anti-Spam and Web Anti-Virus (on page 88) monitor the data streams transferred via specific protocols and through certain open TCP ports on your computer. The Network ports window will open. 4. 4. 2. in the Advanced Settings section. and enter the number and description of a port. 3. while Web Anti-Virus scans information transferred via HTTP. 3. select Monitor selected ports only and click the Select button. The Network ports window will open.ADVANCED APPLICATION SETTINGS CREATING A LIST OF MONITORED PORTS Such protection components as Mail Anti-Virus. To add a port to the list of monitored ports: 1. add it as follows: a. 119 . and FTP. select Monitor selected ports only and click the Select button. The Network ports window will open. b. check the boxes for the names of the applications for which all ports should be monitored. and select an item: To specify the location of the executable file of an application. In the Application window. and in the list of applications below. In the left part of the window. In the Monitored ports section. HTTPS. 3. Open the application settings window. Check the Monitor all ports for specified applications box. If you configure the product to monitor the selected ports. Open the application settings window. select the Network subsection. 5. 2. In the left part of the window. To select an application from the list of applications currently running. in the Advanced Settings section. We recommend that you expand this list by including applications that receive or transfer data via FTP. Click the Add link under the list of applications to open a menu. In the left part of the window. To create a list of applications for which you wish to monitor all ports: 1. select the Network subsection. In the list of ports in the top part of the window. uncheck the box next to the description of the port that should be excluded. Mail Anti-Virus scans information transferred via SMTP. In the Monitored ports section. select the Network subsection. In the Monitored ports section. select Applications. select Monitor selected ports only and click the Select button. If the desired application is not in the list. You can enable monitoring of all or just selected network ports. In the Select application window that opens. 2. in the Advanced Settings section. enter a description for the application selected. select the required application. To exclude a port from the list of monitored ports: 1.

The Anti-Spam algorithm consists of the following steps: 1. the message receives Not Spam status. If the analysis finds signs typical of spam in a message. 6. and the message is transferred to the mail client for processing (see algorithm steps 1 to 5 below). Microsoft Outlook Express (Windows Mail) (on page 133). the scan is stopped. This step is skipped by default. Anti-Spam calculates the probability of their being spam. The Bat! (on page 134). Email is analyzed using heuristic rules. Anti-Spam assigns the message spam or not spam status. the message receives Spam status. as well as for phrases from a list of obscene expressions. The message sender's address is checked for presence in the lists of allowed or blocked senders. 3. the probability of it being spam increases. Thunderbird (on page 134). Furthermore. the message will receive Spam status. Such messages cannot be unambiguously considered spam. the message is given Not Spam status. If at least one line from this list has been found. Anti-Spam's operation consists of two stages: 1. To enable efficient recognition of spam and useful mail by Anti-Spam. These criteria quickly determine whether the message is spam. Analyzing email messages that have undergone filtering. If a sender's address is in the list of allowed senders. 2. If the sum of the coefficients exceeds 100. Anti-Spam uses a self-training algorithm that allows the component to better distinguish spam from useful mail with time. their weighting coefficients are added together. Messages addressed not to you may be classified as spam (see page 129). If a sender's address is in the list of blocked senders. Anti-Spam analyzes a message to check whether it contains strings from the list of blocked phrases or the list of obscene words. This step is skipped by default. Anti-Spam can check a message for the presence of allowed and blocked phrases. 120 . the message will be assigned Not Spam status. 5. The source of data for the algorithm is the contents of the message.USER GUIDE ANTI-SPAM Anti-Spam detects unsolicited email (spam) and processes it according to the rules of your email client. The lists of blocked and allowed senders allow to specify the addresses from which messages will be deemed useful mail or spam. 2. If a message was sent using Microsoft Exchange Server and scanning of such messages is disabled. Anti-Spam is built into the following mail clients as a plug-in: Microsoft Office Outlook (on page 133). the component needs training (see section "Training Anti-Spam" on page 122). Whenever words from these lists are found in a message. A message analysis is performed to check whether it contains strings from the list of allowed phrases. If the message text contains an address included in the database of phishing or suspicious web addresses. Therefore. the message receives Spam status. The application of strict filtering criteria to a message. 4.

................................................................ 131 Adding a label to the message subject .............. in the Protection Center section..................... Availability of this function depends on the application localization language................. 8............................ 125 Detecting spam by phrases and addresses........... select the Anti-Spam component............................. By default.. 121 Changing and restoring the spam protection level ......................... To disable Anti-Spam: 1............................................................. 131 Selecting a spam recognition algorithm................... the use of this technology is disabled... Anti-Spam is enabled........... 9............... In the left part of the window....... Spam or Probable spam status will be assigned to a message depending upon the specified threshold values of the spam rate (see section "Regulating threshold values of the spam rate" on page 130)...............ADVANCED APPLICATION SETTINGS 7................ running in a mode recommended by Kaspersky Lab specialists............................. The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy of Kaspersky Internet Security........ 125 Regulating threshold values of the spam rate ..... Anti-Spam calculates the increase in the probability of the message being spam... IN THIS SECTION: Enabling and disabling Anti-Spam ...................................................rtf format........... the probability of the message being spam increases.............. You can disable AntiSpam... 132 Scanning messages from Microsoft Exchange Server ............... By default the product adds the label [!! SPAM] or [?? Probable Spam] to the Subject field of spam and probable spam messages (see section "Adding a label to the message subject" on page 132).. Message analysis determines the probability of its being spam expressed as the spam rate value............... 122 Training Anti-Spam ............................ Then each message will be processed in accordance with the rules you have defined for email clients (see section "Configuring spam processing by mail clients" on page 132).. In the right part of the window. 3........... Once the analysis is complete...... 121 .............................................................. 122 Checking URLs in email messages ................. The self-training iBayes algorithm calculates the probability of a message being spam based on the frequency of phrases typical of spam found in the message text.......................................................................................... It scans attached documents for signs of spam... uncheck the Enable Anti-Spam box....... 10....... 132 ENABLING AND DISABLING ANTI-SPAM By default............................................... 2............................................................ Creating lists .......... Open the application settings window.................. In this kind of analysis................... Anti-Spam analyzes images attached to the email message....... Each feature detected increases the probability that the message being scanned is spam............................... 130 Using additional features affecting the spam rate ......................................... if necessary......................................... If the analysis finds signs typical of spam in them..... the message will be scanned using iBayes technology.............................................................................. The application analyzes email attachments in ...... If Anti-Spam has been trained................................ It checks for the presence of additional features typical of spam............................................................................... 132 Configuring spam processing by mail clients ................................................................ Email is analyzed using GSG technology............................

select the Anti-Spam component. Availability of this function depends on the application localization language.. Recommended. TRAINING ANTI-SPAM One of the most powerful spam detection tools is the self-training iBayes algorithm. In the left part of the window. spam and potential spam messages are less frequently recognized. Open the application settings window. and grouped in the Recommended security level. If you modify the settings manually. in the Security level section. The application uses the algorithm to decide which status should be assigned to a message based on the phrases it contains. when using free mail services. the frequency of false positives rises. 122 . This security level should be used in most cases. sample strings of useful and spam mail should be submitted to the iBayes algorithm. i. or click the Settings button to modify the settings manually. This security level should be used if you receive spam frequently. When you select this level. set the desired security level. The training is only started if the function of self-training text analysis algorithm iBayes is enabled in your copy of Kaspersky Internet Security. To change the spam protection level set: 1. The levels of anti-spam protection correspond to the following security levels configured by the experts at Kaspersky Lab: High. recommended by Kaspersky Lab. There are several approaches to training Anti-Spam: Training Anti-Spam using outgoing messages. 2. if you are working in a protected corporate email environment.e. 2. for example. select the Anti-Spam component. When configuring Anti-Spam. in the Protection Center section. it should be trained. 3. This security level should be used if you rarely receive spam. To restore the default Anti-Spam settings: 1. you can select one of the preset spam protection levels or configure AntiSpam on your own. you can always restore the recommended values. the name of the security level will change to Custom. for example. When this level is selected. that is. useful mail is more often recognized as spam. Click the Default level button in the Security level section in the right part of the window. in the Protection Center section. Training is performed while working with messages in the mail client using special buttons and menu items.USER GUIDE CHANGING AND RESTORING THE SPAM PROTECTION LEVEL Depending on how often you receive spam. Low. Training when working with Anti-Spam reports. Open the application settings window. These settings are considered optimal. In the right part of the window. Prior to beginning work. In the left part of the window.

.................. Do the following depending upon your email client: click the Spam or Not Spam button in the Microsoft Office Outlook toolbar................................................. Click the Settings button in the right part of the window..... the addresses of mail recipients are automatically added to the list of allowed senders..... In the left part of the window..........................ADVANCED APPLICATION SETTINGS IN THIS SECTION: Training on outgoing messages .......... To train Anti-Spam using the email client interface: 1..... 124 TRAINING ON OUTGOING MESSAGES You can train Anti-Spam using a sample of 50 outgoing emails........................... 123 Training on the interface of a mail client ..... Training will complete after you send the 50th message. using it as a sample of useful mail. You can disable this feature (see section "Adding an address to the list of allowed senders" on page 124).... 3......... Select a message with which you wish to train Anti-Spam..... 2..... Start the email client........ in the Protection Center section.................... The buttons and menu items for Anti-Spam training only appear in the interfaces of mail client software after installation of Kaspersky Internet Security................... To enable Anti-Spam training using outgoing emails: 1............... While training using outgoing mail is in progress.................... 124 Training with reports .. On the Additional tab in the Outgoing messages section... using buttons on the taskbar and the menu of your email client........... Open the application settings window........................................... 123 Adding an address to the list of allowed senders ........ check the Train using outgoing email messages box. use the special Mark as Spam and Mark as Not Spam items in the Special menu of The Bat! email client... 123 ................................................................................ Once training is enabled. select the Anti-Spam component. 3........................... The Anti-Spam window will be displayed... 2............................... 4.... Anti-Spam will analyze every message you send.............. use the Spam / Not Spam button in the Mozilla Thunderbird toolbar............. click the Spam or Not Spam button in the Microsoft Outlook Express toolbar (Windows Mail)..................................... TRAINING ON THE INTERFACE OF A MAIL CLIENT You can train Anti-Spam while handling email..

Essentially. Use the records in the Object column in the right part of the window to select the messages you wish to use for Anti-Spam training. ADDING AN ADDRESS TO THE LIST OF ALLOWED SENDERS When Anti-Spam is trained. click the Detailed report button. all of them are used for training. 3. You can disable this feature (see section "Adding an address to the list of allowed senders" on page 124). Messages are not marked with the spam and not spam tags if the function of self-training text analysis algorithm iBayes is enabled in Kaspersky Internet Security. select the Anti-Spam component. 5. If you select several messages. as well as adding senders of those messages to the lists of allowed or blocked senders (see section "Blocked and allowed senders" on page 128). Availability of this function depends on the application localization language. Anti-Spam conducts training using the selected message. To disable adding the address to the list of allowed senders: 1. Open the application settings window. In the left part of the window. The Anti-Spam window will be displayed. The application also adds the addresses of outgoing mail recipients to that list if training with outgoing mail is used. To train Anti-Spam using a report: 1. the addresses of useful mail senders are automatically added to the list of allowed senders (see section "Blocked and allowed senders" on page 128). 124 . 3. Uncheck the Add allowed senders' addresses when training Anti-Spam box. Select the Anti-Spam section in the left part of the window. On the Exact methods tab in the Consider message as not spam section. the address of its sender will be added to the list of allowed senders automatically. 4. 5.USER GUIDE After selecting an action from the list above. in the Protection Center section. 4. In the top part of the window. The Allowed senders window opens. If a message is marked as useful mail. Click the Settings button in the right part of the window. In the Reports window that opens. 2. Open the main application window. Mark as Not Spam. right-click to open the context menu and select one of the menu commands corresponding to the operation which should be performed on the message: Mark as Spam. The Detailed report window opens. click the Reports button. For each such message. check the If it is from an allowed sender box and click the Select button. You can disable that function to prevent the automatic addition of allowed senders to the list in the course of training. the training means assigning the Spam or Not Spam labels to messages. TRAINING WITH REPORTS There is the option to train Anti-Spam using its reports displaying information about messages recognized as probable spam. 2.

in the Consider message as spam section. in the Protection Center section. 2. On the Exact methods tab in the Consider message as spam section. and it checks whether the addresses of the mail sender and recipients match the records in the address lists. Add to the list of blocked senders. DETECTING SPAM BY PHRASES AND ADDRESSES. CREATING LISTS You can create lists of allowed. 125 .ADVANCED APPLICATION SETTINGS Add to the list of allowed senders. On the Exact methods tab. In the left part of the window. click the Additional button. messages sent from a blocked address or not addressed to you directly. or if phishing elements are detected in the message body. this message is identified as spam. check the Use Heuristic Analysis to check mail for phishing box and set a scan detail level using the slider. Click the Settings button in the right part of the window. in the Protection Center section. Anti-Spam identifies the message as useful mail or spam. select the Anti-Spam component. The Anti-Spam window will be displayed. To enable URL checks using the databases of suspicious and phishing addresses: 1. 4. The Anti-Spam window will be displayed. 5. depending upon which list contains the phrase or address. 3. 3. check the If it contains URLs from the database of suspicious URLs and If it contains phishing elements boxes. blocked and obscene key phrases. If you participate in Kaspersky Security Network (on page 174). If a phishing or suspicious link is detected in a message. Anti-Spam analyzes every message to check whether it contains the phrases added to the lists. In the Anti-Phishing settings window that opens. select the Anti-Spam component. The following mail will be recognized as spam: messages containing blocked or obscene phrases with total weighting coefficient exceeding 100. you can also use the heuristic analysis. To enable heuristic analysis: 1. Open the application settings window. as well as lists of allowed and blocked sender addresses and a list of your addresses. 4. 2. In the left part of the window. Kaspersky Internet Security also accesses Kaspersky Security Network when checking URLs. Open the application settings window. To check URLs in email messages. If these lists are used. Once a sought phrase or address is found. Click the Settings button in the right part of the window. These lists are included in the product package of Kaspersky Internet Security. CHECKING URLS IN EMAIL MESSAGES Anti-Spam can check the URLs in mail messages to identify the ones included in the lists of suspicious web addresses or phishing web addresses.

.................... We offer – this mask covers any message containing a phrase that starts with the words "We offer" and continues with any text.................. for example: info..*@test......................... 127 Obscene words ...... it should be preceded by the \ character to ensure that Anti-Spam recognizes it correctly...................................com. The lists of allowed and blocked addresses and the list of trusted addresses support address masks.... admin@* – the mask matches the sender address with the admin name..company@test.. for example: admin@test......product@test........ Certain symbols in a mask are used to represent others: * replaces any sequence of characters..... admin@test.................... 128 Your addresses ................ and ends with the ! character.............................. admin@example.......... If the * or ? character is a part of the sought phrase (e................org............... Sample phrase masks: Welcome to our *! – this mask covers any message containing a phrase that starts with the words "Welcome to our"......................................... *@test* – this mask matches the address of any message sender from a domain beginning with test..................................org......... 129 USING MASKS FOR PHRASES AND ADDRESSES You can use phrase masks in the lists of allowed.................... for example.................... What's the time?)..................... What's the time\?).... it can match several phrases or addresses (see examples)...........................ru........... 129 Exporting and importing lists of phrases and addresses .. but not info.....org.... while ? replaces any single character................... messages sent from an allowed address................ the ? character should be represented as \? (e........... Thus.........??? – this mask corresponds to the address of any sender whose name begins with info.... If a mask uses such wildcards.. and whose mail domain name begins with test.....USER GUIDE The following messages will be recognized as useful mail: messages containing allowed phrases..................com. info....... blocked and obscene phrases........ Examples of address masks: admin@test.. and ends with any three characters........ instead of the * character you should use the \* combination in masks........................................................product@test................g.................com – this mask only matches the address admin@test.......... info....... 126 ....................................com.......com.................................... A mask is a template string against which a phrase or an address is compared.................................. continues with any text...........g... 127 Blocked and allowed senders.............................................. info@test............ IN THIS SECTION: Using masks for phrases and addresses .. 126 Blocked and allowed phrases...........

You can add both entire phrases and their masks to the list of blocked and allowed expressions (see section "Using masks for phrases and addresses" on page 126). 127 . The weighting coefficient allows you to specify how typical a certain phrase is of spam messages: the larger the value. 6. The Blocked phrases window will open. the higher the probability that mail containing such a phrase is spam. select the Anti-Spam component. in the Protection Center section. The list contains obscene words that indicate with a high probability that the message is spam if present. specify the weighting coefficient for a blocked phrase. The Allowed phrases window will open. 5.ADVANCED APPLICATION SETTINGS BLOCKED AND ALLOWED PHRASES You can add expressions which you typically observe in spam to the list of blocked phrases and define the weighting coefficient for each phrase. The Anti-Spam window will be displayed. 3. If the total of the weighting coefficients of all phrases found in a message exceeds 100. Click the Settings button in the right part of the window. Use the Exact methods tab to perform the following steps: If you need to create a list of blocked phrases. Open the application settings window. the user will have to enter the password to view the list of obscene phrases. 2. The weighting coefficient of a phrase can range from 0 to 100. If you need to create a list of allowed phrases. OBSCENE WORDS Kaspersky Lab experts have compiled the list of obscene words included in the distribution package of Kaspersky Internet Security. 2. In the left part of the window. check the If it contains allowed phrases box and click the Select button to the right. To edit the list of obscene phrases: 1. 3. Click the Settings button in the right part of the window. To create a list of blocked or allowed phrases: 1. Open the application settings window. it will be identified as useful mail (not spam). Enter the complete phrase or phrase mask. You can supplement the list by adding complete phrases and their masks to it (see section "Using masks for phrases and addresses" on page 126). select the Anti-Spam component. in the Protection Center section. Once Anti-Spam finds such a phrase in a message. and then click OK. check the If it contains blocked phrases box and click the Select button to the right. in the Consider message as spam section. unchecking the corresponding box next to it will be sufficient. Key expressions typical of useful mail can be added to the list of allowed phrases. You do not have to delete a mask to stop using it. In the left part of the window. 4. in the Consider message as not spam section. Click the Add link to open the Blocked phrase window (or the Allowed phrase window). If Parental Control (see page 143) is enabled for the user and a password (see page 63) for editing the Parental Control settings is set. the message will be identified as spam.

128 . in the Consider message as not spam section. if you agree to the terms and conditions described in the window. Sender addresses from which you expect no spam are stored in the list of allowed senders. unchecking the corresponding box next to it will be sufficient. check the If it contains blocked phrases box and click the Select button. check the box in the bottom part of the window and click the OK button. 5. 7. The Blocked senders window will open. If you need to create a list of allowed senders. specify the phrase weighting coefficient and click OK. Open the application settings window. 2. in the Consider message as spam section. You do not have to delete a mask to stop using it. 8. check the If it is from an allowed sender box and click the Select button to the right. In the left part of the window. Read the agreement and. 3. To create a list of blocked or allowed senders: 1. unchecking the corresponding box next to it will be sufficient. Enter an address mask and click the OK button. The Explicit language window will open. 4. 5. mail from which Anti-Spam will identify as spam to the list of blocked senders. You do not have to delete a mask to stop using it. The Blocked phrases window will open. You can add complete addresses or address masks to the lists of allowed or blocked senders (see section "Using masks for phrases and addresses" on page 126). Click the Settings button in the right part of the window. 6. BLOCKED AND ALLOWED SENDERS You can add addresses. Click the Add link to open the Blocked phrase window. in the Protection Center section. in the Consider message as spam section. You can also supplement the list manually. On the Exact methods tab. Use the Exact methods tab to perform the following steps: If you need to create a list of blocked senders. Enter the complete phrase or its mask. select the Anti-Spam component. This list is created automatically during Anti-Spam training (see section "Adding an address to the list of allowed senders" on page 124). Click the Add link to open the Email address mask window. The Allowed senders window opens. The Anti-Spam window will be displayed. 6.USER GUIDE The Anti-Spam window will be displayed. check the If it is from a blocked sender box and click the Select button to the right. 4. Check the Also block obscene words box and click the obscene words link to open the Agreement dialog.

send it by email or use a removable data medium). Click the Add link to open the Email address mask window. Click the Export link. Enter an address mask and click the OK button. On the Exact methods tab. To do this: 1. 2. check the If it is not addressed to me box and click the My addresses button. When importing the list. 5. The My addresses window opens. You do not have to delete a mask to stop using it. or the entire list. On the Exact methods tab. 3. The Anti-Spam window will be displayed. or replace the existing list with the one being imported. you can reuse them. 4. 129 . EXPORTING AND IMPORTING LISTS OF PHRASES AND ADDRESSES Once you have created the lists of phrases and addresses. In the left part of the window. 4. 6. In the displayed list window. select the Anti-Spam component. The Anti-Spam window will be displayed. To export records from a list: 1. you can copy either a selected list element only. check the box in the line containing the name of the list from which the records should be exported and click the corresponding button to the right. 3. 2. 6. In the left part of the window. in the Protection Center section. you can add the new elements to the existing list. Perform the export procedure – copy records from the list into a file. When exporting the list. Addresses in the list of allowed senders can be imported from Microsoft Office Outlook / Microsoft Outlook Express (Windows Mail) address books. To create the list of your email addresses: 1. Open the application settings window. Click the Settings button in the right part of the window. check the records which should be included in the file.ADVANCED APPLICATION SETTINGS YOUR ADDRESSES You can create a list of your mail addresses to make Anti-Spam label as spam any mail that is not addressed to you directly. Open the application settings window. select the Anti-Spam component. Click the Settings button in the right part of the window. transfer the addresses to a similar list on another computer running Kaspersky Internet Security. 2. unchecking the corresponding box next to it will be sufficient. Move the file you have saved to another computer (for example. 5. Perform the import procedure – add the records from the file to the list of the same type on another computer. 3. for example. in the Protection Center section.

in the Protection Center section. select the file with the list of records that you want to import. In the window that opens. In doing so. the application will display a menu in which you should select the Import from file item. 4. If you are importing a list of allowed senders. Open the application settings window. 3. each individual element of good emails or spam is assigned a factor. in the Protection Center section. On the Exact methods tab in the Consider message as not spam section. 2. 5. select the Anti-Spam component. 2. Click the Settings button in the right part of the window. which allow you to train (see section "Training Anti-Spam" on page 122) Anti-Spam to distinguish spam. check the box in the line containing the name of the list to which the records should be imported and click the button to the right. 130 . and select Import from the Address Book. In the left part of the window. To import records from a file to a list: 1. a window opens prompting you to add items to be imported.USER GUIDE This opens a window that prompts you to export the highlighted items only. In this window. selection from the menu is not required. select the Anti-Spam component. click the No button if you want to replace the existing records with the list from the file. Click the Settings button in the right part of the window. In the left part of the window. 7. 5. For other list types. take one of the following actions: click the Yes button if you need to include only selected records in the file. Specify a type and name for the file in the displayed window and confirm saving. The Anti-Spam window will be displayed. Use the window that opens to select the desired address book. Click the Import link in the list window. To import a list of allowed senders from an address book: 1. 6. 4. 3. REGULATING THRESHOLD VALUES OF THE SPAM RATE Spam recognition is based on cutting-edge filtering methods. Click the Import link. The Anti-Spam window will be displayed. The Allowed senders window opens. 6. Open the application settings window. take one of the following actions: click the Yes button if you want to add records from the file to the list. probable spam and useful email. On the Exact methods tab. open the source selection menu. If the list is not empty. check the If it is from an allowed sender box and click the Select button. In this window. click the No button if you need to include the entire list in the file.

check the appropriate boxes. The Anti-Spam window will be displayed. You can modify the threshold values for the spam rate. perform the following steps: 1. the spam rate will increase. 5. 4.ADVANCED APPLICATION SETTINGS When an email message comes in your inbox. Anti-Spam checks it for spam and useful mail. in the Protection Center section. SELECTING A SPAM RECOGNITION ALGORITHM Anti-Spam analyzes email messages using spam recognition algorithms. 2. 2. check the boxes next to the characteristics which should be taken into account during message analysis and which increase the spam rate. To enable the use of a spam recognition algorithm when analyzing email messages: 1. in the Protection Center section. click the Additional button. The Anti-Spam window will be displayed. On the Expert methods tab. in the Recognition algorithms section. select the Anti-Spam component. In the Additional window which opens. such a message is considered to be potential spam. Click the Settings button in the right part of the window. In the left part of the window. 4. You can select which additional characteristics will be taken into account during message analysis. select the Anti-Spam component. the higher the probability that such mail contains spam. On the Expert methods tab. If the spam rate is higher than 60. The Anti-Spam window will be displayed. In the left part of the window. such signs increase the probability of its being spam. On the Expert methods tab. use the Spam rate section to configure the spam rate values using the corresponding sliders or entry fields. Open the application settings window. A message is recognized by default as useful mail if its spam rate does not exceed 60. To use additional characteristics which increase the spam rate: 1. When present in a message. If the value exceeds 90. 131 . Open the application settings window. the message is considered spam. 4. Consequently. select the Anti-Spam component. The component sums up the ratings of each spam (useful mail) item and calculates the resulting spam rate. for example. in the Protection Center section. USING ADDITIONAL FEATURES AFFECTING THE SPAM RATE The result of spam rate calculation can be affected by additional message characteristics. To change the spam rate thresholds. Click the Settings button in the right part of the window. the absence of a recipient's address in the "To" field or a very long message subject (over 250 characters). 3. The larger the spam rate. 3. 3. Click the Settings button in the right part of the window. Open the application settings window. 2. In the left part of the window.

The Anti-Spam window will be displayed. uncheck the Do not check Microsoft Exchange Server native messages box. Click the Settings button in the right part of the window. select the Anti-Spam component. CONFIGURING SPAM PROCESSING BY MAIL CLIENTS If after scanning it is determined that an email is spam or probable spam. 2. special plug-ins are provided in the Microsoft Office Outlook and Microsoft Outlook Express (Windows Mail) clients. respectively. SCANNING MESSAGES FROM MICROSOFT EXCHANGE SERVER By default. You can select additional actions to be taken with spam or probable spam. Open the application settings window. the label [!! SPAM] or [?? Probable Spam]. and if all user mailboxes are located on the same Exchange server or on linked servers. is added (see section "Adding a label to the message subject" on page 132). You can configure mail filtering rules for The Bat! and Thunderbird email clients. such labels can help you distinguish spam and probable spam visually while viewing the mail lists. the Anti-Spam component does not scan Microsoft Exchange Server messages. 4. [?? Probable Spam] – for messages identified as potential spam. To enable scan of messages in Microsoft Exchange Server: 1. email messages considered spam or probable spam are modified: in the Subject field of the message. Use the Additional tab to select the checkboxes next to the labels which should be added to message subjects in the Actions section. On the Additional tab in the Exclusions section. select the Anti-Spam component. 132 . the further actions of Anti-Spam depend on the status of the message and the action selected. If necessary. 3. When present in message subject. Open the application settings window. in the Protection Center section. In the left part of the window. 4. To do so. 2. 3. The Anti-Spam window will be displayed. Click the Settings button in the right part of the window. In the left part of the window. corporate email). in the Protection Center section. You can enable scan of email messages exchanged within an internal network (for example. To configure adding of a label to messages' subjects: 1. By default.USER GUIDE ADDING A LABEL TO THE MESSAGE SUBJECT Anti-Spam can add appropriate labels to the Subject field of the message which has been deemed spam or potential spam after analysis: [!! SPAM] – for messages identified as spam. edit the label text. Messages are considered to be internal mail if Microsoft Office Outlook is used on all network computers.

The Rules Wizard includes the following steps: a................... The method used to access the wizard depends upon your version of Microsoft Office Outlook....... This Help file describes how to create a rule using Microsoft Office Outlook 2003..... CREATING A RULE FOR HANDLING SPAM REPORTS Below are the instructions for creating a rule for handling spam reports using Anti-Spam in Microsoft Office Outlook......... You can also open it by clicking the Settings button in the email client toolbar next to the Spam and Not Spam buttons... In the Rules and Alerts window that opens..... email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] or [?? Probable Spam] in the Subject field............ 133 Microsoft Outlook Express (Windows Mail) ........ 2.... You can use the guidelines to create custom rules.................................... click the custom action link................................... the Rules Wizard is launched................. The spam processing settings window opens the first time you run your client after installing the application......... 134 Thunderbird .... you can configure Microsoft Office Outlook as necessary....................................................................... 134 MICROSOFT OFFICE OUTLOOK By default...................................... 133 Creating a rule for handling spam reports ..... click the New Rule button......ADVANCED APPLICATION SETTINGS IN THIS SECTION: Microsoft Office Outlook .......... 133 ................... on the Email Rules tab....... In the lower part of the window................. Run Microsoft Office Outlook and use the Tools Rules and Alerts command in the main application menu......................... The spam and probable spam processing settings for Microsoft Outlook are displayed on the special Anti-Spam tab of the Tools Options menu item................... Select the Start from a blank rule option and select the Check messages when they arrive scan condition........ b...................... To create a spam processing rule: 1............... Select Kaspersky Anti-Spam from the drop-down list in the window that opens and click the OK button....................................... If additional processing of mail after Anti-Spam scans it is required............. If additional processing of mail after Anti-Spam scans it is required.......................................................... c.................. Confirm in the dialog box that you want to apply this rule to all emails received................. 133 The Bat!....... email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] or [?? Probable Spam] in the Subject field................. MICROSOFT OUTLOOK EXPRESS (WINDOWS MAIL) By default........ In the message filtering condition configuration window click the Next button without checking any boxes. check the perform a custom action box in the action list........... You should decide whether you want to create a rule from scratch or use a template................... The spam processing settings window automatically opens the first time you run Microsoft Outlook after installing Kaspersky Internet Security..... you can configure Microsoft Outlook Express (Windows Mail) as necessary..................................................................... Click the Next button.. In the window for selecting actions with regard to messages..... As a result......................

the priority of each following rule is lower than that of the preceding one. If you like. This does not alter the functionality of Thunderbird. The order in which rules are applied depends upon the priority specified for each rule. Probable spam – 50%. For more details on the spam rate and processing rules. also based on a spam rate. All incoming emails are processed using these rules. In the final window. Displayed settings of anti-spam protection apply to all installed Anti-Spam modules that support integration with The Bat!. If you do not want the Anti-Spam rule to further process emails after a rule is applied. Kaspersky Internet Security checks messages instead of Thunderbird. 3. Thunderbird's Anti-Spam plug-in module allows training based on messages received and sent using this email client application and checking your email correspondence for spam on the server. Thus.USER GUIDE d. Kaspersky Internet Security assigns a spam or probable spam status to the message based on a rating with an adjustable value. To modify spam processing rules in The Bat!: 1. THUNDERBIRD By default. Make sure that the Turn on this rule box is checked. The default position for the new rule is first on the rule list in the Rules and Alerts window. In the Properties menu of the mail client. Thus. You need to define the rating level and specify how messages with a certain rating should be handled (in the case of Anti-Spam – the probability of a message being spam): delete messages with ratings that exceed the specified value. To prevent discrepancies between spam rates in Kaspersky Internet Security and The Bat!. and click the Finish button. see the documentation for The Bat! mail client. select the Settings item. Click the Next button in the exceptions from the rules window without checking any boxes. you can change the rule's name (the default name is Kaspersky Anti-Spam). Select the Spam protection object from the settings tree. you can configure Thunderbird by opening its configuration window from the Tools Message Filters menu (for more details about using the mail client. Spam – 100%. email messages classified by Anti-Spam as spam or probable spam are marked with special labels [!! SPAM] or [?? Probable Spam] in the Subject field. The Bat! has its own email rating algorithm for spam. After processing an email. move spam marked with special headers to the spam folder. The plug-in module is integrated into Thunderbird and forwards messages to the Anti-Spam component for scanning when commands from the Tools Run Junk Mail Controls on Folder menu are executed. 134 . leave spam in the Inbox folder. THE BAT! Actions with regard to spam and probable spam in The Bat! are defined by the client's own tools. You can increase or decrease rule priority by moving a rule up or down in the list. If additional processing of mail is required after Anti-Spam scans it. move email messages with a given rating to a special spam folder. 2. Rules are applied starting at the beginning of the list. e. you must check the Stop processing more rules box in the rule settings (see Step 3 of the rule creation window). the email rating in The Bat! corresponds to the rating of the relevant status and not to the spam rate assigned in Anti-Spam. see Mozilla Thunderbird Help). move this rule to the end of the list so it is applied to the email last. all messages checked in AntiSpam are assigned the rating corresponding to the message status: Not Spam email – 0%.

...... ANTI-BANNER Anti-Banner is designed to block banners on web pages you open and in the interface of specified applications......... To select methods of address scanning for Anti-Banner: 1...... you must enable Anti-Banner..... Adverts on banners may distract you from your activities... in the Protection Center section... in the Scan methods group..... check the boxes next to the names of the methods that should be used............ A gray icon informs you that there is a problem in the plug-in's operation or that the Anti-Spam component is disabled.... IN THIS SECTION: Enabling and disabling Anti-Banner ........... In the left part of the window.... disable Anti-Banner........................ADVANCED APPLICATION SETTINGS The Anti-Spam plug-in module status is displayed as an icon in the Thunderbird status line.......... Before a banner is displayed on a web page or in an application's window...... Open the application settings window...... In the left part of the window.... To modify the Anti-Spam settings.............. To display some of banners... you can create a list of allowed addresses to determine which banners should be allowed for display..... 2...................... Anti-Banner checks banner addresses for matches to the masks from the lists of allowed and blocked addresses... To enable Anti-Banner: 1........................ 136 ENABLING AND DISABLING ANTI-BANNER Immediately after Kaspersky Internet Security installation.. check the Enable Anti-Banner box........... the Anti-Banner component is disabled................ 136 Exporting and importing lists of addresses .... 135 .......... In the right part of the window.. click the Settings button in the Anti-Spam section.. Double-click the icon to open the settings of Kaspersky Internet Security... To block banners with address masks not found in the abovementioned lists....... if those are in use... select the Anti-Banner component.. In addition............................................ If the address matches a mask from the list included with the Kaspersky Internet Security package or from the list of blocked banners addresses you have compiled on your own............ Anti-Banner blocks the banner... 3..... To activate banner blocking..... while banner downloads increase the amount of inbound traffic............................ SELECTING A SCAN METHOD You can specify which methods should be used by Anti-Banner to scan addresses from which banners may be downloaded. in the Protection Center section...... it does not block banners. To display all banners....................................... select the Anti-Banner component................ Open the application settings window........ it must be downloaded from the Internet............ In the right part of the window........................ 2........ 3................. 135 Selecting a scan method .............. add their respective addresses to the list of allowed banner addresses (see section "Creating lists of blocked and allowed banner addresses" on page 136)..... In addition to these methods........ 135 Creating lists of blocked and allowed banner addresses........ the heuristic analyzer is used.... AntiBanner scans the address from which the banner is downloaded...........

In the right part of the window. 3. 5. In the left part of the window. and from which ones they are not. in the Protection Center section. Perform the export procedure – copy records from the list into a file. click the Settings button located in the line with the name of the list from which you need to copy addresses into a file. Click the Add button. you can export banner addresses to a similar list on another computer with Kaspersky Internet Security installed on it). from which addresses banners are allowed to load and display. perform the following steps: 1. Perform the import procedure – add the records from the file to the list of the same type on another computer. send it by email or use a removable data medium). or replace the existing list with the one being imported. EXPORTING AND IMPORTING LISTS OF ADDRESSES Lists of allowed and blocked banner addresses can be used repeatedly (for example. The Address mask (URL) window will open. in the Additional section. 3. Enter a banner address mask and click the OK button. 2. Open the application settings window. If you use Microsoft Internet Explorer. Open the application settings window. 2. Mozilla Firefox. You do not have to delete a mask to stop using it. unchecking the box next to the mask will be sufficient. The Blocked URLs (or Allowed URLs) window opens. or Google Chrome. select the Anti-Banner component.USER GUIDE CREATING LISTS OF BLOCKED AND ALLOWED BANNER ADDRESSES You can use lists of blocked and allowed banner addresses to specify. in the Protection Center section. When exporting the list. In the right part of the window. and select Add to Anti-Banner. To add a mask to the list of blocked (allowed) addresses: 1. right-click the image in the browser window to open a context menu. When importing the list. you can add masks to the list of blocked addresses directly from the browser window. you can add the new elements to the existing list. select the Anti-Banner component. In the left part of the window. Move the file you have saved to another computer (for example. To do this: 1. or the entire list. To add a mask to the list of blocked addresses from the browser window. Create a list of blocked address masks to let Anti-Banner block download and display of banners from the addresses that correspond to those masks. check the Use the list of blocked URLs box (or the Use the list of allowed URLs box) and click the Settings button located under the box. To export banner addresses from the list of allowed or blocked URLs. 2. in the Additional section. Create a list of allowed address masks to let Anti-Banner download and display banners from the addresses that correspond to those masks. 136 . 3. you can copy either a selected list element only. 4.

In this window. The functionality of certain applications launched on computers running Microsoft Windows Vista x64 and Microsoft Windows 7 x64 is limited when operating in the safe environment. In the left part of the window. a window opens prompting you to add items to be imported. In the window that opens. When files are recovered from Quarantine. click the Import button. in the Protection Center section. 5. In the Allowed URLs (or Blocked URLs) window that opens. click the No button if you need to include the entire list in the file. If the list is not empty. enter a name for the file you want to save and confirm saving. 4. Click the Export button. select the Anti-Banner component. 3. 5. In the Allowed URLs window that opens (or the Blocked URLs window). select the file with the list of records that you want to import. click the Settings button located in the line with the name of the list to which you need to add addresses from a file. in the Additional section. 6. Suspicious files detected while you work in the safe environment are quarantined in the normal mode. a message to that 137 . take one of the following actions: click the Yes button if you need to include only selected addresses in the file. take one of the following actions: click the Yes button if you want to add records from the file to the list. In the window that opens. This opens a window that prompts you to export the highlighted items only. In this window. Open the application settings window. Kaspersky Internet Security provides the following features for this purpose: run separate application in Safe Run on the main desktop (see page 52). To import banner addresses from a file to the list of allowed or blocked URLs: 1. 2. Kaspersky Internet Security prompts you to specify a location to restore the object in the environment (normal or safe) in which the restoration procedure was started. Safe Run and Safe Run for Websites are not available on computers running under Microsoft Windows XP x64. If the original folder cannot be found. Isolation from the main operating system provides additional security for your computer because real operating system files are not modified. use Safe Run for Websites (see page 141). If such applications are started. SAFE RUN FOR APPLICATIONS AND SAFE RUN FOR WEBSITES Kaspersky Internet Security can perform potentially dangerous actions in isolation from the main operating system.ADVANCED APPLICATION SETTINGS 4. click the No button if you want to replace the existing records with the list from the file. use Safe Run for Applications (see page 138). they are restored to the original folder. check the boxes next to the addresses that you need to include in the file. In the right part of the window.

........................................... In addition....................... using the key combination CTRL+ALT+SHIFT+K............................ using a button in the Kaspersky Gadget interface if the option of running Safe Run for Applications is assigned to a button (see section "How to use the Kaspersky Gadget" on page 59)................................................... 139 Using the pop-up toolbar in Safe Run ............................................. 143 ABOUT SAFE RUN Safe Run is a secure environment isolated from the main operating system and designed for running applications whose safety raises doubts.......... IN THIS SECTION: About Safe Run .......... 138 ............................................................................. real operating system files do not undergo changes............................................... IN THIS SECTION: Launching and closing applications in Safe Run ........ 139 Switching between the main desktop and Safe Run for Applications ............................................ 140 Clearing Safe Run .............................. 141 Using a shared folder .......... 141 LAUNCHING AND CLOSING APPLICATIONS IN SAFE RUN You can activate Safe Run for Applications using one of the following methods: from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" on page 33)...... 140 Creating a shortcut for Safe Run on the desktop ................................... So even if you run an infected application in Safe Run........................................ You can close Safe Run for Applications using one of the following methods: using the operation system's Start menu..... In Safe Run............................. all of its actions will be limited to the virtual environment without affecting the operating system................................ from the pop-up toolbar (see section "Using the pop-up toolbar" on page 140)................ using a shortcut on the desktop (see section "Creating a shortcut for Safe Run on the desktop" on page 141)................................................................................................................................................. 138 Automatic launch of applications in Safe Run .................................................................. 138 About Safe Run for Websites ................................................................................. from the Kaspersky Internet Security context menu (see section "Context menu" on page 32)..................................................................................................................USER GUIDE effect is displayed on screen if you have enabled notifications (see page 172) of the Application functionality is limited in safe mode event................................................................................................................................... Safe Run for Applications is completely inaccessible.......

select Disable. using the gadget. To close Safe Run from the pop-up toolbar: 1. from the pop-up toolbar (see section "Using the pop-up toolbar in Safe Run" on page 140) (available in Safe Run only). Open the main application window. click the button with the Safe Run icon in the Kaspersky Gadget interface (only for Microsoft Windows Vista and Microsoft Windows 7 operating systems). To start Safe Run for Applications from the Kaspersky Gadget. click the button.ADVANCED APPLICATION SETTINGS To start Safe Run for Applications from the main Kaspersky Internet Security window: 1. To generate an autorun list for Safe Run: 1. select Safe Run for Applications – shutdown. To close Safe Run from the Start menu. 139 . 2. click the Go to Safe Run for Applications button. You can use the following methods to switch between the main desktop and Safe Run: from the Kaspersky Internet Security main window (see section "The Kaspersky Internet Security main window" on page 33). in the Start menu of the operating system. Copy applications icons to be launched at startup of Safe Run for Applications into the opened folder. Roll over the top part of the screen with the mouse pointer. 3. In the window that opens. An autorun list can only be created in Safe Run. SWITCHING BETWEEN THE MAIN DESKTOP AND SAFE RUN FOR APPLICATIONS You can switch to the main desktop without closing Safe Run and then switch back. select the Safe Run for Applications section. right-click to open the Kaspersky Internet Security context menu in the taskbar notification area and select Safe Run for Applications. In the bottom part of the window. select Programs Right-click to open the context menu and select Open. 2. In the pop-up toolbar. To activate Safe Run for Applications from the context menu of Kaspersky Internet Security. 3. 3. AUTOMATIC LAUNCH OF APPLICATIONS IN SAFE RUN You can create a list of applications that will run automatically when you start the Safe Run. from the Kaspersky Internet Security context menu (see section "Context menu" on page 32). In the action selection window that opens. Autorun Safe Run for Applications. 2. In the Start menu of the operating system.

Prior to clearing. Otherwise. Roll over the top part of the screen with the mouse pointer. make sure that all data that may be needed for further work have been saved in the Safe Run shared folder. In the window that opens. Clearing is carried out from the Kaspersky Internet Security main window on the main desktop and only if Safe Run has been closed. select the Safe Run for Applications section. 2. Open the main application window. In the pop-up toolbar. 3. Kaspersky Internet Security deletes data that was saved in Safe Run and restores settings that were modified. To display the pop-up toolbar in Safe Run. To clear Safe Run data: 1. In the pop-up toolbar. 2. roll over the top part of the screen with the mouse pointer. In the window that opens. To switch to the main desktop from the context menu of Kaspersky Internet Security. In the bottom part of the window. click the button. click the button. the data will be deleted irretrievably. Roll over the top part of the screen with the mouse pointer. 2. select the Clear Safe Run for Applications item. To switch to the main desktop from the pop-up toolbar: 1. CLEARING SAFE RUN During the clearing process.USER GUIDE To switch to the main desktop from the main window of Kaspersky Internet Security: 1. To fix the pop-up toolbar: 1. switch to the main desktop (see section "Switching between the main desktop and Safe Run for Applications" on page 139). right-click to open the context menu for the Kaspersky Internet Security icon in the notification area and select Return to the main desktop. 2. In the menu that opens. USING THE POP-UP TOOLBAR IN SAFE RUN You can use the pop-up toolbar in Safe Run to perform the following actions: close Safe Run (see section "Launching and closing applications in Safe Run" on page 138). click the Main desktop button. 140 . 3. 4. select the Safe Run for Applications section. click the button. Open the main application window. In the bottom part of the window.

........ You can select a different browser installed on your computer.......... To create a desktop shortcut for Safe Run: 1..x.ADVANCED APPLICATION SETTINGS CREATING A SHORTCUT FOR SAFE RUN ON THE DESKTOP If you want to start Safe Run quickly.... 4..... 142 Creating a desktop shortcut for Safe Run for Websites .......x...... Open the main application window........ In the window that opens... 8.... you can create a shortcut on the desktop.... Open the main application window.... 7. and also start Safe Run for Websites manually (see section "Protection of confidential data entered on websites" on page 51)............. 141 .......................................... In Safe Run for Websites............ 9..................x........................ ABOUT SAFE RUN FOR WEBSITES Safe Run for Websites is designed for accessing online banking systems and other websites processing confidential data.. Kaspersky Internet Security allows the use of the following browsers: Microsoft Internet Explorer versions 6.......... select the Safe Run for Websites section.. 4. no input data or modifications (for example... which means they cannot be exploited by hackers................... click the button.. 2............ 142 SELECTING THE BROWSER FOR SAFE RUN FOR WEBSITES The default browser is used for Safe Run for Websites... Mozilla Firefox versions 3... Google Chrome versions 7. To select the browser for Safe Run for Websites: 1... select the Safe Run for Applications section........ 3..... website logs) are stored in the operating system............. saved cookies... In the lower part of the window...........x. select the Create desktop shortcut item...... A browser running in Safe Run for Websites mode is marked with a green frame around the application window.. 2. 141 Clearing Safe Run for Websites .................. In the bottom part of the window................................................ 8... You can enable access control for online banking services (see section "Controlling access to online banking services" on page 94) to determine banking websites automatically........... IN THIS SECTION: Selecting the browser for Safe Run for Websites .. In the window that opens.......

In the lower part of the window. Click the Save button. To enable automatic clearing of Safe Run for Websites: 1. the data will be deleted irretrievably. In the menu that opens. CLEARING SAFE RUN FOR WEBSITES By default. In the Select browser for Safe Run for Websites list in the window that opens. you can enable automatic clearing. 4. 5. select the Clear Safe Run for Websites item. 4. in Safe Run for Websites Kaspersky Internet Security saves changes to browser settings and data entered on websites. CREATING A DESKTOP SHORTCUT FOR SAFE RUN FOR WEBSITES If you want to start Safe Run for Websites quickly. In the window that opens. In this case. Kaspersky Internet Security deletes data that was saved in Safe Run for Websites and restores settings that were modified. 6. 5. select the Settings item. In the menu that opens. it is recommended that you clear Safe Run for Websites on a regular basis. select the Safe Run for Websites section. Open the main application window.USER GUIDE 3. The Safe Run for Websites settings window opens. 2. Otherwise. click the button. To clear Safe Run for Websites data manually: 1. 2. To protect data. Instead of clearing Safe Run for Websites manually. select the Safe Run for Websites section. click the button. The Safe Run for Websites settings window opens. click the button. During the clearing process. 3. In the window that opens. you can create a shortcut on the desktop. 3. 7. In the menu that opens. Click the Save button. 6. In the Additional settings section in the window that opens. 142 . select the required browser. select the option Enable the automatic clearing of data. 4. select the Settings item. Kaspersky Internet Security performs clearing automatically when Safe Run for Websites is closed. In the lower part of the window. Prior to clearing. and manual clearing is not available. In the window that opens. 7. Open the main application window. make sure that all data that may be needed for further work has been saved in the Safe Run shared folder.

ADVANCED

APPLICATION SETTINGS

To create a desktop shortcut for Safe Run for Websites: 1. 2. Open the main application window. In the lower part of the window, select the Safe Run for Websites section.

3. 4.

In the window that opens, click the

button.

In the window that opens, select the Create desktop shortcut item.

USING A SHARED FOLDER
The shared folder is designed to share files between the main operating system, Safe Run for Applications and Safe Run for Websites. All files saved in this folder when working in Safe Run for Applications and Safe Run for Websites are available from the standard desktop. The shared folder is created when the application is being installed. The location of the shared folder may vary depending on the operating system: for Microsoft Windows XP – C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SandboxShared; for Microsoft Windows Vista and Microsoft Windows 7 – C:\ProgramData\Kaspersky Lab\SandboxShared. The location of the shared folder cannot be changed. The shared folder can be opened in two ways: from the main application window (see section "The Kaspersky Internet Security main window" on page 33); using the shortcut marked with the icon. Depending on the application settings specified by developers, the shortcut may be located in the My Computer section or the My Documents section of Microsoft Windows Explorer. To open the shared folder from the Kaspersky Internet Security main window: 1. 2. 3. Open the main application window. In the lower part of the window, select the Safe Run for Applications or Safe Run for Websites section. In the window that opens, click the Open shared folder button.

PARENTAL CONTROL
Parental Control allows the monitoring of actions users take on the computer and online. This control provides the option of restricting access to Internet resources and applications, as well as viewing reports of users' activities. Nowadays, an ever-increasing number of children and teenagers are obtaining access to computers and web resources. This means problems for security, since activity and communication on the Internet may entail a whole range of threats. These are the most frequent ones: access to websites that could waste time (chat rooms, games) or money (e-stores, auctions); access to websites targeted at an adult audience, such as those displaying pornography, extremism, firearms, drug abuse, and explicit violence;

143

USER GUIDE

downloading of files infected with malware; excessive time spent using the computer, which may result in deterioration of health; contact with unfamiliar people who may pretend to be peers to obtain personal information from the user, such as real name, physical address, time of day when nobody is home. Parental Control allows you to reduce risks posed by the computer and the Internet. To do this, the following module functions are used: limiting the time for computer and Internet use; creating lists of allowed and blocked applications, as well as temporarily limiting the number of startups for allowed applications; creating lists of allowed and blocked websites and selection of categories of websites with content not recommended for viewing; enabling a safe search mode through search engines (links to websites with dubious content are not displayed in the search results); restricting file downloads from the Internet; creating lists of contacts which are allowed or blocked for communication via IM clients and social networks; viewing message logs from IM clients and social networks; blocking sending of certain personal data; searching for specified key words in message logs. All these restrictions can be enabled independently from each other, which allows you to flexibly configure Parental Control for various users. For each account, you can view reports of events in the categories to be controlled that the component has logged over a specified period. To configure and view Parental Control reports, you must enter your username and password. If you have not yet created a password for Kaspersky Internet Security (see section "Restricting access to Kaspersky Internet Security" on page 63), you will be prompted to do so when Parental Control starts for the first time.

IN THIS SECTION:
Configuring a user's Parental Control............................................................................................................................ 144 Viewing reports of a user's activity ................................................................................................................................ 153

CONFIGURING A USER'S PARENTAL CONTROL
You can enable and configure Parental Control for each account on your computer separately by imposing different limits on different users, for instance, depending on age. You can also disable Parental Control for users whose activity needs no control.

144

ADVANCED

APPLICATION SETTINGS

IN THIS SECTION:
Enabling and disabling user control .............................................................................................................................. 145 Exporting and importing Parental Control settings ........................................................................................................ 146 Displaying an account in Kaspersky Internet Security ................................................................................................... 147 Time for computer use .................................................................................................................................................. 148 Time for Internet use ..................................................................................................................................................... 148 Applications Usage ....................................................................................................................................................... 148 Viewing websites ........................................................................................................................................................... 149 Downloading files from the Internet ............................................................................................................................... 150 Communicating via IM clients ........................................................................................................................................ 150 Communicating via social networks .............................................................................................................................. 151 Sending confidential information ................................................................................................................................... 152 Searching for key words ................................................................................................................................................ 153

ENABLING AND DISABLING USER CONTROL
You can enable and disable Parental Control individually for each account. For example, there is no need to control the activity of an adult user with the administrator account; Parental Control for this user can be disabled. For other users whose activity should be controlled, the Parental Control should be enabled and configured, for example, by loading the standard configuration from a template. Parental Control can be enabled or disabled in the following ways: from the main application window (see page 33); from the Parental Control settings window; from the application settings window (see page 36); from the context menu of the application icon (see page 32). Parental Control can be enabled / disabled from the context menu only for the current user account. To enable Parental Control for an account from the main window: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Enable button.

To enable Parental Control for an account from the Parental Control window: 1. 2. Open the main application window. In the lower part of the window, select the Parental Control section.

145

USER GUIDE

3.

In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open.

4. 5.

Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window, check the Enable control for the user box if you want to enable Parental Control for the account. Click the Apply button to save the changes you have made.

6.

To enable Parental Control for an account from the application settings window: 1. 2. 3. 4. Open the application settings window. In the left part of the window, in the Advanced Settings section, select the Parental Control component. In the right part of the window, select the user for whom you want to enable Parental Control. Above the list of users, click the Control button.

To enable Parental Control for the current account from the context menu, select Enable Parental Control in the context menu of the application icon.

EXPORTING AND IMPORTING PARENTAL CONTROL SETTINGS
If you have configured Parental Control for a certain account, you can save the settings to a file (export). You can subsequently load the settings from that file to configure them quickly (import). Furthermore, you can apply the control settings defined for another account or a configuration template (predefined set of rules for different types of users depending upon their age, experience and other characteristics). After a certain configuration is applied to an account, you can modify the values of the settings. That will not affect the values in the source file from which these settings have been imported. To save the Parental Control settings to a file: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Settings button. The Parental Control window will open. 4. 5. Open the Settings tab and select the User Account Settings section in the left part of the window. In the right part of the window in the Manage Settings section, click the Save button and save the settings file.

To load the control settings from a file: 1. 2. 3. Open the main application window. In the lower part of the window, select the Parental Control section. In the section containing the account in the window that opens, click the Enable button. The Parental Control window will open. 4. Open the Settings tab and select the User Account Settings section in the left part of the window.

146

In the lower part of the window. 6. select the Parental Control section. 4. Open the main application window. 5. 7. To apply the settings of another account: 1. To specify an alias and an image for an account: 1. 3. 147 . specify the user's alias in the Alias field. Select an image for the user account in the Image section. In the lower part of the window. DISPLAYING AN ACCOUNT IN KASPERSKY INTERNET SECURITY You can select an alias and an image with which your account will be displayed in Kaspersky Internet Security. Open the main application window. In the right part of the window in the Manage Settings section. 4. In the right part of the window. 2. click the Enable button. To use a configuration template: 1. Open the main application window. 6. 6. In the section containing the account in the window that opens. In the right part of the window in the Manage Settings section. In the section containing the account in the window that opens. 4. 2. click the Load button. The Parental Control window will open. Select the Another user option In the Load Parental Control settings window that opens and specify the account whose settings should be used. Open the Settings tab and select the User Account Settings section in the left part of the window. select the Parental Control section. click the Settings button. In the right part of the window in the Manage Settings section. select the Parental Control section. 5. click the Load button. 5. 3. 2. click the Enable button. Click the Apply button to save the changes you have made. click the Load button. In the lower part of the window. The Parental Control window will open. Use the Load Parental Control settings window that opens to select the Configuration file option and specify the file location.ADVANCED APPLICATION SETTINGS 5. Select the Template option in the Load Parental Control settings window that opens and specify the template that contains the necessary settings. The Parental Control window will open. In the section containing the account in the window that opens. Open the Settings tab and select the User Account Settings section in the left part of the window. 6. Open the Settings tab and select the User Account Settings section in the left part of the window. 3.

6. In the section containing the account in the window that opens. The Parental Control window will open. To restrict the amount of time spent on the computer: 1. 4. select the Parental Control section. APPLICATIONS USAGE You can allow or block the running of specified programs and impose time limits on startup. 3. In the lower part of the window. check the Enable control box. 6. click the Settings button. 5. click the Settings button. The Parental Control window will open. Open the Settings tab and select the Internet Usage section in the left part of the window. 3. 5. 4. 7.USER GUIDE TIME FOR COMPUTER USE You can set up a schedule for a user's access to the computer (specifying days of the week and time of day) and limit the total time for computer use per 24 hours. 148 . To restrict the amount of time spent on the Internet: 1. 2. In the right part of the window. Click the Apply button to save the changes you have made. The Parental Control window will open. In the lower part of the window. Open the Settings tab and select the Computer Usage section in the left part of the window. In the right part of the window. In the lower part of the window. Open the main application window. 7. Impose time limits on computer use. select the Parental Control section. Click the Apply button to save the changes you have made. 2. 2. TIME FOR INTERNET USE You can restrict the time a user spends on the Internet. click the Settings button. Open the main application window. To restrict running of applications: 1. you can set up a schedule for Internet use (specifying days of the week and time of day when access should be granted or denied) and limit the total time for Internet in a 24 hour period. select the Parental Control section. In the section containing the account in the window that opens. Open the main application window. check the Enable control box. Impose time limits on Internet use. In the section containing the account in the window that opens. 3. To do this.

In the Block websites section. when indexing websites. click the Settings button. Click the Apply button to save the changes you have made. Bing. In the lower part of the window. click the Exclusions button. check the Enable control box. 7. select the access mode for websites: If you want to block access to certain categories of websites. drug abuse. 7. 8. To do this. and assign them the Allowed status. add the URLs to the list of exclusions. Open the Settings tab and select the Applications Usage section in the left part of the window. Create lists of allowed and blocked applications and set a schedule for the use of allowed applications. add the URLs to the list of exclusions. add the URLs to the list of exclusions. click the Exclusions button. 6. such as pornography. which is applied when the user is working with search engines. and assign them the Blocked status. To do this. If you want to generate a list of websites to which access is allowed and block access to all other websites. Click the Apply button to save the changes you have made. search results do not include websites belonging to unwanted categories. The Parental Control window will open. violence. check the Enable control box. In the section containing the account in the window that opens. if necessary. resources' addresses and categories are analyzed. 2. click the Exclusions button. 5. Some search engines are designed to protect users against unsolicited content of web resources. You can also enable the safe search mode. and other materials not recommended for underage audiences. To place restrictions on visited websites: 1. select the Parental Control section. Parental Control allows enabling of the safe search mode simultaneously for the following search engines: Google. 149 . When the safe search mode is enabled. Open the Settings tab and select the Web Browsing section in the left part of the window. Open the main application window. If you want to block access to certain websites. 6. Check the Enable safe search box to enable safe search mode. and assign them the Allowed status. 4. If you need to allow access to certain websites that come under a blocked category. key words and phrases. In the right part of the window. 3. select the option Block websites from the following categories and check the boxes for all the categories of websites that you want to block access to. In the right part of the window. VIEWING WEBSITES You can impose restrictions on access to specified websites depending on their content. you can select categories of websites to be blocked and create a list of exclusions. select the option Block access to all websites except websites allowed in the list of exclusions.ADVANCED APPLICATION SETTINGS 4. 5.

5. The current version of Parental Control monitors communication via the following IM clients: ICQ. specify key words that should be checked for in messages. click the Settings button. communication is not monitored. and specify personal information whose transmission is to be blocked. 2. Information about blocked messages and key words encountered in them is displayed in a report.USER GUIDE DOWNLOADING FILES FROM THE INTERNET You can specify the types of files that a user can download from the Internet. If communication with a contact is blocked. check the Enable control box. 7. GoogleTalk. select the Parental Control section. COMMUNICATING VIA IM CLIENTS Controlling communication via instant messaging programs (IM clients) consists of controlling contacts allowed for communication. When using an HTTP proxy. communication monitoring will not start until the IM client is restarted. QIP. To restrict downloading of files from the Internet: 1. Miranda. all messages addressed to this contact or received from it will be filtered out. and monitoring messaging logs. In the section containing the account in the window that opens. 3. mIRC. Select the file categories that should be allowed for downloading. 150 . Windows Live Messenger (MSN). The report also includes messaging logs for each contact. 4. In the lower part of the window. Yahoo Messenger. The following restrictions are imposed on communication monitoring: If an IM client was launched before Parental Control was enabled. Open the Settings tab and select the File Downloads section in the left part of the window. You can create lists of allowed and blocked contacts. Psi. In the right part of the window. blocking banned contacts. Click the Apply button to save the changes you have made. Mail.Ru Agent. Open the main application window. 6. The Parental Control window will open.

If you want to allow communication only with contacts in the list that have the Allowed status. In the right part of the window. Jabber. 6. check the Enable control box. COMMUNICATING VIA SOCIAL NETWORKS Controlling communication via social networks consists of controlling contacts allowed for communication. Information about blocked messages and key words encountered in them is displayed in a report. specify key words that should be checked for in messages. RnQ. The Parental Control window will open. Click the Apply button to save the changes you have made. such as Yahoo! Messenger and Google Talk. To restrict messaging via IM clients: 1. In the section containing the account in the window that opens. click the Block messaging with contacts not from the list box. The report also includes messaging logs for each contact. 151 . blocking banned contacts. click the Add contact button. Trilian. You can create lists of allowed and blocked contacts. 7. all messages addressed to this contact or received from it will be filtered out. select the Parental Control section. Qnext. you have to enable encrypted connections scanning (see page 116). Open the Settings tab and select the Instant Messaging section in the left part of the window. If communication with a contact is blocked. 3. SIM. To scan the traffic generated by those programs. click the Settings button. use encrypted connections. In the Contacts list. Some IM clients. Instantbird. Pidgin. Create a list of allowed and blocked contacts: a. select a contact from the list or enter one manually. and specify personal information whose transmission is to be blocked. 5. In the New contact window that opens. 2.ADVANCED APPLICATION SETTINGS Digsby. and monitoring messaging logs. MSN. b. Xchat. 4. 8. In the lower part of the window. Open the main application window.

8. To ban the sending of confidential information: 1. select a contact from the list or enter one manually. 5. Open the main application window. SENDING CONFIDENTIAL INFORMATION You can block sending of data that contains confidential information via IM clients. check the Enable control box. The Parental Control window will open. If you want to allow communication only with contacts in the list that have the Allowed status. 4. such as Twitter. click the Add contact button. use encrypted connections. you have to enable encrypted connections scanning (see page 116). a. 5. you should create a list of records that contain confidential data. 152 . and when sending data to websites. 6. 7. social networks. 3. Open the Settings tab and select the Social Networking section in the left part of the window. Attempts to send listed data are blocked. 3. In the Contacts list. check the Enable control box. b. Open the Settings tab and select the Private Data section in the left part of the window. Click the Apply button to save the changes you have made. click the Block messaging with contacts not from the list box. enter the information that you want to prevent from being sent. Create a list of allowed and blocked contacts: A list cannot be generated if Kaspersky Internet Security has not yet gathered sufficient data on social network usage. 2. 6. Open the main application window. In the Private Data list. click the Add button. click the Settings button. and information about blocked messages is displayed in a report. In the right part of the window. Create a list of private data that should not be sent: a. click the Settings button. In the New contact window that opens. 4. The Parental Control window will open. such as physical address and phone number. select the Parental Control section. 2. In the right part of the window. To scan the traffic generated by those networks. 7. To do this. In the section containing the account in the window that opens.USER GUIDE Some social networks. In the lower part of the window. In the lower part of the window. b. In the Private Data window that opens. Click the Apply button to save the changes you have made. In the section containing the account in the window that opens. select the Parental Control section. To restrict messaging via social networks: 1.

Open the Settings tab and select the Word Usage section in the left part of the window. In the section containing the account in the window that opens. 2. VIEWING REPORTS OF A USER'S ACTIVITY You can access reports on the activity of each user account under Parental Control. 2. In the lower part of the window. In the Key words list. 153 .ADVANCED APPLICATION SETTINGS SEARCHING FOR KEY WORDS You can check a user's messages for specified words and word combinations in communications via IM clients and social networks and when sending data to websites. Select the Reports tab. If listed key words are detected in the messages. 7. check the Enable control box. or control of websites being visited. enter the words or phrases that are to be monitored. 3. A report of actions and content being supervised will be displayed in the right part of the window. click the Settings button. In the Key word window that opens. for example. Internet Usage or Private Data. Use the left part of the window that opens to select the category of supervised operations or content. reviewing individually each category of controlled events. 4. 4. Open the main application window. The Parental Control window will open. b. To monitor specified key words in messages and data being sent: 1. In the right part of the window. Generate a list of key words to be monitored in messages and data that is sent: a. this is displayed in a report. 3. In the section containing the account in the window that opens. select the Parental Control section. Click the Apply button to save the changes you have made. select the Parental Control section. 6. key words are not searched for. If you have disabled control of messaging via IM clients. social networks. 5. Open the main application window. click the Add button. click the Settings button. In the lower part of the window. To view a report on the activity of a controlled user account: 1. 5. The Parental Control window will open.

154 Creating exclusion rules ..... it is a set of exclusions from the scope of Kaspersky Internet Security protection.. depending on the features of the objects you work with and applications installed on the computer. and others............... run... if you think objects used by Microsoft Windows Notepad are harmless and require no scanning................ you can configure exclusion rules....... When an application is added into the list of trusted ones....... For instance........ password hacking programs.... for example.. or when running virus scan tasks....... the executable file and the trusted application's process are scanned for viruses as they were before..... the object is scanned by all protection components according to their respective protection settings......... Kaspersky Internet Security excludes it from scanning....... Mail Anti-Virus (see section "Mail Anti-Virus" on page 83).. various utility tools for halting or concealing processes. or saved by any program process and monitors the activity of all applications and the network traffic they create.. the problems of double scanning of network traffic on a third-party computer by Kaspersky Internet Security and by another anti-virus application).... 154 ....... To take into account the specifics of such applications and disable the monitoring of their activity.... which is critical when using server applications........ When you add an application to the list of trusted ones... Kaspersky Internet Security scans objects being opened. add Notepad to the list of trusted applications to exclude scanning of objects used by this process........ FTP servers... Exclusion rules for the trusted zone may be used by several application components........... This category includes remote administration applications...... Kaspersky Internet Security blocks access to an object or application... For example... To avoid blockage..... dialers.. At the same time..... So do its attempts to access the system registry..... In its turn............... Such applications may be blocked by Kaspersky Internet Security. such as File Anti-Virus (see section "File Anti-Virus" on page 77).......... that is... such as Punto Switcher. applications that automatically toggle keyboard layouts. regularly intercept text being entered on your keyboard. its file and network activities (including suspicious ones) become uncontrolled.................. 155 CREATING A LIST OF TRUSTED APPLICATIONS By default... The Trusted zone is created based on the list of trusted applications (see section "Creating a list of trusted applications" on page 154) and exclusion rules (see section "Creating exclusion rules" on page 155).. In other words... These applications have no malicious features.g.... you are advised to add them to the list of trusted applications........ exclusion rules for the trusted zone ensure the option of working with legal applications that may be exploited by intruders to do harm to the user's computer or data...... and also increases the computer's performance rate..................... even though you are certain that this object / application is absolutely harmless........ Some actions classified as dangerous may be safe in the framework of certain applications.. In any other case.. you should use exclusion rules.. An Exclusion rule is a set of conditions which determine that an object should not be scanned by Kaspersky Internet Security.... Including objects in the trusted zone may be required if....... To completely exclude an application from a scan....USER GUIDE TRUSTED ZONE The Trusted zone is a list of objects which should not be monitored by the application. Excluding trusted applications from scanning avoids problems related to the application's compatibility with other programs (e...... keyloggers.... IN THIS SECTION: Creating a list of trusted applications . you trust this application. IRC clients.... but they may be used as auxiliary components of a malicious program..... Web Anti-Virus (see section "Web Anti-Virus" on page 88)).

In the Exclusions for applications window that opens. select an application from the Applications list. in the Advanced Settings section. edit the exclusion rule settings. The special laptop mode of Kaspersky Internet Security (see section "Battery saving" on page 156) allows you to automatically postpone scheduled scan and update tasks when using batteries. In the Exclusion rule window that opens. 2. To solve problems of simultaneous operations which increase the load on the CPU and disk subsystems. the application automatically disables displaying notifications of Kaspersky Internet Security's activity when starting other applications in full-screen mode. we recommend that you configure exclusion rules for them. check the boxes for the types of application activity that should be excluded from scanning. 155 . 6. 4. select the Threats and Exclusions subsection. click the Add button. 5. 5. Scanning a computer for viruses and updating the Kaspersky Internet Security databases often require significant amounts of resources. or select Browse to specify the path to the executable files of the desired application. To create an exclusion rule: 1. as well as its consumption of energy and computer resources. Open the application settings window. In the left part of the window. In the left part of the window. In the Exclusions section. In the menu that opens. while Idle Scan mode (see section "Running tasks in background mode" on page 157) allows you to run resource-intensive tasks when your computer is not in use. 3. select the Threats and Exclusions subsection. click the Settings button. thus saving battery charge. 4. Kaspersky Internet Security allows you to select various categories of threats (see section "Selecting detectable threat categories" on page 156) that the application should detect. In the Exclusions section. Energy consumption is of great importance for portable computers. Consumption of the computer's resources by Kaspersky Internet Security may impact other applications' performance. In the Gaming Profile (see page 158) mode. on the Trusted applications tab. 2. CREATING EXCLUSION RULES If you use applications recognized by Kaspersky Internet Security as legal ones that may be used by intruders to do harm to the user's computer or data. Open the application settings window.ADVANCED APPLICATION SETTINGS To add an application to the trusted list: 1. In the window that opens. In the window that opens. 3. click the Settings button. open the application selection menu by clicking the Add button. Kaspersky Internet Security may pause scan tasks and concede resources to other applications (see section "Distributing computer resources when scanning for viruses" on page 157) running on your computer. in the Advanced Settings section. PERFORMANCE AND COMPATIBILITY WITH OTHER APPLICATIONS The performance of Kaspersky Internet Security is defined as the range of threats it can detect. on the Exclusion rules tab.

.... In the left part of the window............... In the right part of the window................ In the left part of the window....... click the Settings button located under the Detection of the following threat types is enabled list.... 156 .... check the boxes for the categories of threats that should be detected. The application always searches for viruses............................ in the Advanced Settings section..... which may also impact other applications' performance......... you can update Kaspersky Internet Security or start a virus scan manually....................... 3........................................ 2...................................... If a malicious activity is detected within the system. Kaspersky Internet Security offers you to apply the Advanced Disinfection technology.............................USER GUIDE In case of an active infection in the system. and malicious utility tools............ If necessary.................. 156 Distributing computer resources when scanning for viruses ........ Gaming Profile . 156 Battery saving ....... you can disable the advanced disinfection technology (see page 156) to avoid an unwanted restart of your computer..................... the advanced disinfection procedure requires restarting your computer............................. 3... virus scanning and scheduled update tasks can be postponed............ which makes them practically impossible to delete. you can extend the list of detected threats by enabling control of actions performed by legal applications that may be exploited by an intruder to do harm to the user's computer and data......................... If necessary........ 158 SELECTING DETECTABLE THREAT CATEGORIES Threats detected by Kaspersky Internet Security are divided into categories based on various attributes......................... in the Advanced Settings section....................... 156 Advanced Disinfection ....... Trojan programs............. Open the application settings window............................. To ensure a more reliable protection to your computer................................................................................... 157 Full-screen mode.............................................................. To select detectable threat categories: 1.............. which eliminates the threat and removes it from the computer.................... BATTERY SAVING To save power on a portable computer......... 2.................... In the right part of the window.... IN THIS SECTION: Selecting detectable threat categories .. Open the application settings window............ To enable the power conservation mode when working from a battery: 1............. These programs can do significant harm to your computer.................. ADVANCED DISINFECTION Today's malicious programs can invade the lowest levels of an operating system.... 157 Running tasks in background mode ......................................... In the Threats window that opens.............. select the Threats and Exclusions subsection....................... 4....... select the Battery Saving subsection. check the Disable scheduled scans while running on battery power box..

system resources should not be conceded to them. In the left part of the window. there are a number of applications which start immediately when CPU resources become available and run in the background. If your computer is battery-powered. and system partition. you are advised to run the full virus scan (see section "How to perform a full scan of your computer for viruses" on page 48). no tasks are run when the computer is idle. the application restarts the computer. their progress is displayed in the Task Manager (see section "Managing scan tasks. in the Advanced Settings section. Kaspersky Internet Security performs regular scanning for rootkits in background mode and running of resource-intensive tasks when the computer is idle. However. thus slowing down other applications. the following tasks can be run: automatic update of anti-virus databases and program modules. 2. The scan takes 5 minutes at the most and involves a minimal share of the computer resources. DISTRIBUTING COMPUTER RESOURCES WHEN SCANNING FOR VIRUSES Executing scan tasks increases the load on the CPU and disk subsystems. For Kaspersky Internet Security to postpone scan tasks when they slow down other applications: 1. Open the application settings window. In the left part of the window. Regular scanning for rootkits is run while you work at the computer. When the computer is idle. After tasks are run in background mode. Kaspersky Internet Security pauses virus scan tasks and releases system resources for the user's applications. To enable Kaspersky Internet Security to apply the Advanced Disinfection technology: 1. By default. 2. select the Compatibility subsection. 3. Idle Scan tasks are run if the computer has been blocked by the user or if the screensaver is displayed on the screen for at least 5 minutes. if such a situation arises. startup objects. Check the Enable Advanced Disinfection technology box. Task Manager" on page 72). scanning of system memory. RUNNING TASKS IN BACKGROUND MODE To optimize the load on the computer's resources.ADVANCED APPLICATION SETTINGS When the advanced disinfection procedure is complete. select the Compatibility subsection. 157 . After restarting your computer. For the scan not to depend on the performance of those applications. in the Advanced Settings section. Check the Concede resources to other applications box. 3. Open the application settings window.

............. and system registry......... In the right part of the window.......... To disable regular rootkit scan: 1.. 3...... 158 Idle Scan .. switching to full-screen mode automatically changes the settings of all product components to ensure optimal system functioning in that mode..... then the application runs the scan task for the system memory.......... in the Scan section..... 2... select the General Settings subsection................... select the General Settings subsection.... 3. Quite often those applications require significant system resources.. in the Scan section............... To disable Idle Scan mode: 1. In the right part of the window. 2....... If running Idle Scan tasks was interrupted while downloading an update package..... Note that the application remembers the stage at which the task was interrupted to resume the scan from this stage later..... you can disable rootkit scan............ When the gaming profile is active... If an update is required after scanning........ the update will start from the beginning next time... the Idle Scan task is automatically interrupted.......... uncheck the Perform regular rootkit scan box... uncheck the Perform Idle Scan box..... Kaspersky Internet Security performs regular rootkit scan..... Idle Scan is performed using a deep level of heuristic analysis...... Open the application settings window..... or was interrupted......... Upon exit from the full-screen mode. In the left part of the window............ or was run more than 7 days ago.... When the user returns to his or her work... 158 SEARCHING FOR ROOTKITS IN BACKGROUND MODE By default...... the application verifies the date and status of the last run of Idle Scan...... GAMING PROFILE Certain programs (especially computer games) running in full-screen mode are only marginally compatible with some features of Kaspersky Internet Security: for example... 158 . At the second stage..... If Idle Scan has not been run at all. Open the application settings window..................... Kaspersky Internet Security provides the option of temporarily changing the settings using the gaming profile..... product settings return to the initial values used before entering the full-screen mode. which increases the probability of threat detection.......... startup objects.. If necessary....................... IDLE SCAN The first stage of Idle Scan is checking whether the databases and application modules are up-to-date..... meaning that running certain Kaspersky Internet Security tasks may slow down their performance....USER GUIDE IN THIS SECTION: Searching for rootkits in background mode . an automatic update task starts. FULL-SCREEN MODE.. In the left part of the window. To avoid manually disabling notifications and pausing tasks every time you launch full-screen applications.................. pop-up notifications are undesirable in that mode....

............... Open the application settings window........ PROTECTION AGAINST EXTERNAL CONTROL By default... In the left part of the window.......... 159 Protection against external control . Kaspersky Internet Security self-defense is enabled..... select the Gaming Profile subsection.. Protection against external control allows you to block all attempts to remotely control application services... 3. In the left part of the window... KASPERSKY INTERNET SECURITY SELF-DEFENSE Because Kaspersky Internet Security ensures your computer's protection against malware............. You can disable protection.. Kaspersky Internet Security self-defense prevents the modification and deletion of its own files on the hard disk. Kaspersky Internet Security selfdefense is only available for preventing the application's own files on local drives and system registry records from being modified or deleted... 2.. protection against external control is enabled........ in the Advanced Settings section.............. 3... if necessary........ 159 ...... and entries in the system registry.......... In the right part of the window................ 2.... uncheck the Enable Self-Defense box....... malicious programs penetrating your computer attempt to block Kaspersky Internet Security or delete the application from your computer.. Open the application settings window................... Check the Use Gaming Profile box and specify the necessary gaming profile settings in the Profile options section below.... if necessary.. processes in the memory................ select the Self-Defense subsection.................................. To disable Kaspersky Internet Security self-defense: 1..ADVANCED APPLICATION SETTINGS To enable the gaming profile: 1.... IN THIS SECTION: Enabling and disabling self-defense.. You can disable self-defense......... When using remote administration applications (such as RemoteAdmin) you will need to add such applications to the Trusted Applications list (see section "Trusted zone" on page 154) when External Service Control is enabled and enable the Do not monitor application activity setting for them................. in the Advanced Settings section......... Stable performance of your computer defense is ensured by self-defense features and protection against external control implemented in Kaspersky Internet Security.............. On computers running under 64-bit operating systems and Microsoft Windows Vista..... 159 ENABLING AND DISABLING SELF-DEFENSE By default...

.......... In the left part of the window................. the file is moved to Quarantine after heuristic analysis performed by File Anti-Virus and Mail Anti-Virus............. Files are quarantined in the following cases: File code resembles a known but partially modified threat or has a malware-like structure............................................... you can specify the maximum size of Quarantine and Backup........ In addition.. but is not registered in the database.............. Files in Quarantine pose no threat................ 161 Working with objects in Backup . 162 Scanning files in Quarantine after an update ........... in the Advanced Settings section... In this case... check the Store objects no longer than box and specify the maximum storage duration for quarantined objects............... In the External control section........ information about new threats and ways of neutralizing them appears........ Heuristic analysis rarely causes false alarms..USER GUIDE To disable protection against external control: 1....... 2.... The sequence of operations performed by an object looks suspicious............ IN THIS SECTION: Storing files in Quarantine and Backup ................ In the left part of the window.............. in the Storing Quarantine and Backup objects section... 3.................. 163 STORING FILES IN QUARANTINE AND BACKUP The default maximum storage duration for objects is 30 days.. or during an anti-virus scan. In the right part of the window................. With the course of time... Open the application settings window... Backup storage is designed for storing backup copies of files that have been deleted or modified during the disinfection process............ 2.............. To modify the object maximum storage time: 1....... If the maximum size value is reached...... in the Advanced Settings section............... You can cancel the time restriction or change the maximum object storage duration.... select the Self-Defense subsection................ the file is moved to Quarantine after its behavior is analyzed by the Proactive Defense component....... the content of Quarantine and Backup is replaced with new objects.... 3.. uncheck the Disable external service control box........... QUARANTINE AND BACKUP Quarantine is a special area storing files probably infected with viruses and files that cannot be disinfected at the time when they are detected..... 160 ........ In this case............................ Mail AntiVirus or Proactive Defense................ 160 Working with quarantined files .... which may cause Kaspersky Internet Security to disinfect a file stored in Quarantine...... the maximum size restriction is disabled...... A potentially infected file can be detected and quarantined in the course of a virus scan or by File Anti-Virus........ select the Reports and Storages subsection...................................... By default................... Open the application settings window........... After that the objects will be deleted.....................

You can use the following methods to move a file to Quarantine: using the Move to Quarantine button in the Quarantine window. in the Advanced Settings section. 2. select the Quarantine section. In the lower part of the window. In the right part of the window. select the Quarantine section. To scan a quarantined file: 1. On the Quarantine tab. select a file that you need to scan. Right-click to open the context menu of the file and select Move to Quarantine. 2. using the context menu for the file. 161 . select the Reports and Storages subsection. 4. Click the Scan button. 4. Open the application settings window. WORKING WITH QUARANTINED FILES The Kaspersky Internet Security quarantine lets you perform the following operations: quarantine files that you suspect are infected. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to Quarantine. To move a file to Quarantine from the Quarantine window: 1. 2. In the window that opens. from which they have been moved to Quarantine. in the Storing Quarantine and Backup objects section. Open the main application window. In the left part of the window. To move a file to Quarantine using the context menu: 1. restore files in original folders. check the Maximum size box and specify the maximum Quarantine and Backup size.ADVANCED APPLICATION SETTINGS To configure the maximum Quarantine and Backup size: 1. select the file that you want to move to Quarantine. delete selected files from Quarantine. 3. send files from Quarantine to Kaspersky Lab for research. 3. scan files in Quarantine using the current version of Kaspersky Internet Security databases. On the Quarantine tab click the Move to Quarantine button. 3. In the lower part of the window. 2. Open the main application window.

WORKING WITH OBJECTS IN BACKUP The Kaspersky Internet Security backup storage lets you perform the following operations: restore files in a specified folder or in original ones. On the Quarantine tab. 4. select a file that you need to restore. 4. On the Quarantine tab. in which a file had been stored before it was processed by Kaspersky Internet Security. In the lower part of the window. 3. select a file that you need to delete. 162 . 2. select the Quarantine section. Click the Restore button. In the lower part of the window. To delete a quarantined object: 1. 2. select a file that you need to delete.USER GUIDE To restore a quarantined object: 1. 3. 3. On the Storage tab. select a file that you need to restore. 4. Open the main application window. On the Quarantine tab. To send a quarantined object to Kaspersky Lab for analysis: 1. Open the main application window. Open the main application window. To restore an object from Backup: 1. Right-click the file to open its context menu and select Delete. Right-click to open the context menu of the file and select the Send for analysis item. delete selected files or all files from Backup. Click the Restore button. Open the main application window. select the Quarantine section. 3. select the Quarantine section. Right-click the file to open its context menu and select Delete. 2. select the Quarantine section. In the lower part of the window. In the lower part of the window. In the lower part of the window. 3. 2. 4. To delete a file from Backup: 1. Open the main application window. On the Storage tab. select a file that you need to send for research. select the Quarantine section. 4. 2.

After the databases are updated. 3. You are advised to perform all the actions in this group without delay to eliminate the threat. as well as operating system settings which allow the gathering of information about user activities. Open the main application window. 2. You can enable automatic scanning of quarantined objects after each update. Three groups of problems and. Some files can then be restored to their previous locations. Kaspersky Lab offers a set of actions for each group of problems which help eliminate vulnerabilities and weak points in the system's settings. Scanning may change their status. On the Storage tab. Kaspersky Internet Security may be able to clearly identify and remove the threat. SCANNING FILES IN QUARANTINE AFTER AN UPDATE If the application has scanned a file and has not been able to determine exactly what malicious programs have infected it. three groups of actions to be taken when they are detected are distinguished: Strongly recommended actions will help eliminate problems posing a serious security threat. select the Update Settings component. the file is quarantined. The Privacy Cleaner Wizard is designed to search for and eliminate traces of a user's activities in the system. Recommended actions help eliminate problems posing a potential threat. In the left part of the window. The Browser Configuration Wizard is designed to analyze and adjust the settings of Microsoft Internet Explorer in order to eliminate its potential vulnerabilities. Check the Rescan Quarantine after update box in the Additional section. 2. The System Restore Wizard is designed to eliminate system damage and traces of malware objects in the system. Open the application settings window. In the lower part of the window. To enable scanning quarantined files after update: 1. All the problems found by the Wizards (except the Kaspersky Rescue Disk Creation Wizard) are grouped based on the type of danger they pose to the operating system.ADVANCED APPLICATION SETTINGS To delete all files from Backup: 1. click the Clear storage button. select the Quarantine section. which allows you to recover the system's operability after a virus attack if you load the application from the removable medium. 163 . 3. ADDITIONAL TOOLS FOR BETTER PROTECTION OF YOUR COMPUTER The following wizards and tools included with Kaspersky Internet Security are used to resolve specific issues concerning your computer's security: Kaspersky Rescue Disk Creation Wizard is designed for creating an ISO disk image and writing Kaspersky Rescue Disk on a removable medium. and you will be able to continue working with them. accordingly. Kaspersky Rescue Disk should be used when the infection is at such a level that it is deemed impossible to disinfect the computer using anti-virus applications or malware removal utilities. in the Update section. We recommend that you periodically view quarantined files. You are advised to perform all actions in this group as well to provide the optimal level of protection.

. Some files.......................... 2..... Performing these actions ensures comprehensive protection of your computer... as well as for operation system settings which contribute to the storing of information about user activity.. in some cases............ click the Start button.............. for example the Microsoft Windows log file.. In the lower part of the window... Saved data includes the search queries entered by users and web sites visited..... 167 PRIVACY CLEANER When working with the computer................. may be in use by the system while the Wizard is attempting to delete them...... these files may be recreated and detected again as activity traces.. However... This Wizard searches for traces of user activities in the system.... repeated running of the Privacy Cleaner Wizard may detect activity traces which were not cleaned up by the previous run of the Wizard................. click the Finish button... IN THIS SECTION: Privacy Cleaner ... The launch of any file or the opening of any document is logged.. during the restart............... The Microsoft Windows system log registers many events occurring in the system...................................... Step 2.. To remove traces of the user's activity in the system: 1........... Activity signs search This Wizard searches for traces of malware activities in your computer............. 164 .... the Wizard will prompt you to restart the system... etc...... the user has insufficient knowledge to prevent information being stolen from these sources.. click the Cancel button............. they may lead to deletion of user settings (such as cookies)............ Step 1... 165 Rolling back changes made by Wizards ............ Open the main application window.... temporary files.. 3. 164 Configuring a browser for safe work .. the Microsoft Windows system event log... The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons............ All these sources of information about the user's activity may contain confidential data (including passwords) and may become available to intruders for analysis.... In the window that opens........................... select the Tools section..... in the Privacy Cleaner section..... To stop the Wizard at any stage.............. Let us review the steps of the Wizard in more detail......... In order to delete these files.......... Once the search is complete. However...... Please keep in mind that data related to user activity in the system..USER GUIDE Additional actions help repair system damages which do not pose a current threat but may threaten your computer's security in the future.......... Frequently.......... Kaspersky Internet Security includes the Privacy Cleaner Wizard.............. The scan may take some time.... launched programs.. is accumulated constantly. opened and saved files. a user's actions are registered in the system.............. For this reason..... Starting the Wizard Make sure the option Perform user's activity traces diagnostics is selected and click the Next button to start the Wizard.... the Wizard will proceed automatically to the next step.................. To close the Wizard once it has completed its task....

To improve protection. the Wizard will proceed automatically to the next step. you are advised to enable the display of files of known formats. uncheck the box next to it. so the user does not have to download them next time. You are advised to clear the cache every time you close your browser to improve protection. Click the Finish button to close the Wizard.g. CONFIGURING A BROWSER FOR SAFE WORK The Microsoft Internet Explorer browser requires special analysis and configuration in certain cases. the Wizard displays the detected activity traces and actions suggested to eliminate them. as doing so will leave your computer vulnerable to threats. To clean up certain activity traces. Wizard completion If you wish to clean up the traces of user activity automatically whenever Kaspersky Internet Security completes its work. click the Next button. malicious objects can add links to websites created by intruders to this list. do not check this box. This problem can be solved by adding these websites to the trusted zone. it is sometimes useful to see the file extension. example. If you plan to remove activity traces manually using the Wizard. the user's email addresses.txt. and intruders can obtain. check the box to the left of the corresponding action description.ADVANCED APPLICATION SETTINGS Step 3. Selecting Privacy Cleaner actions When the search is complete. To view the actions within a group. you should add them to the list of trusted sites. To make the Wizard perform a certain action. The cache stores data downloaded from the Internet. If the real file extension is not displayed. The elimination of activity traces may take some time. 165 . click the + icon to the left of the group name. It is strongly recommended that you not uncheck the boxes selected by default. for example. since some setting values selected by the user or set by default may cause security problems. a reboot may be required. This speeds up the download time of web pages and reduces Internet traffic. If you do not wish to perform a certain action. you can disable the display of their extensions. use the last screen of the Wizard to check the box Clean activity traces every time on Kaspersky Internet Security exit. Some malware objects also scan the cache while scanning the disk. The browser configuration for Safe Run may cause problems with the display of certain websites (for example.com). Once the clean-up is complete. Step 5. Privacy Cleaner The Wizard will perform the actions selected during the previous step. To edit file names conveniently. if so. In addition to that. Step 4. Nevertheless. the Wizard performs all recommended and strongly recommended actions. the cache contains confidential data and makes it possible to find out which sites the user has visited. if they use ActiveX elements). List of trusted websites. At the same time. the Wizard will notify you. Display of known file types extensions. Here are some examples of the objects and parameters used in the browser and how they are associated with potential security threats: Microsoft Internet Explorer cache. By default. For some websites to run correctly.. users can see just the file name part with the imitated extension and so they may identify a malicious object as a harmless file. Having defined the set of actions which the Wizard will perform. File names of many malicious objects contain combinations of symbols imitating an additional file extension before the real one (e.

To close the Wizard once it has completed its task. uncheck the box next to it. click the Cancel button. Open the main application window. Searching the browser settings for problems may take some time.USER GUIDE Browser analysis and configuration are performed in the Browser Configuration Wizard. as doing so will leave your computer vulnerable to threats. It is strongly recommended that you not uncheck the boxes selected by default. The Wizard consists of a series of screens (steps) that you can navigate through using the Back and Next buttons. In the window that opens. Step 2. Close all Microsoft Internet Explorer windows before starting the diagnostics. In the lower part of the window. a report is generated which can be sent to Kaspersky Lab for analysis. 3. Starting the Wizard Make sure the option Perform diagnostics for Microsoft Internet Explorer is selected and click the Next button to start the Wizard. Step 3. Once the search is complete. Once the Wizard is complete. Step 4. Wizard completion Click the Finish button to close the Wizard. click the Start button. Step 5. the Wizard performs all recommended and strongly recommended actions. Having defined the set of actions which the Wizard will perform. Browser Configuration The Wizard will perform the actions selected during the previous step. Let us review the steps of the Wizard in more detail. in the Browser Configuration section. To stop the Wizard at any stage. select the Tools section. The Wizard checks whether the latest browser updates are installed and makes sure that the current browser settings do not make the system vulnerable to malicious exploits. Step 1. click the Finish button. Browser configuration may take some time. To configure the browser for safe work: 1. click the + icon to the left of the group name. 166 . 2. By default. click the Next button. the Wizard displays the detected problems and actions suggested to eliminate them. To view the actions within a group. Once configuration is complete. Microsoft Internet Explorer settings analysis The Wizard analyzes the settings of Microsoft Internet Explorer. Selecting actions for browser configuration When the search is complete. To make the Wizard perform a certain action. If you do not wish to perform a certain action. the Wizard proceeds automatically to the next step. the Wizard will proceed automatically to the next step. check the box to the left of the corresponding action description.

Step 2. Starting the Wizard Select Roll back changes and click the Next button. for which you need to roll back changes made: Privacy Cleaner – to roll back changes made by the Privacy Cleaner Wizard. click the Start button in the section with the name of a Wizard. System Restore Wizard (see section "What to do if you suspect your computer is infected" on page 53). To make the wizard roll back an action taken earlier. Search for changes The Wizard searches for the changes that it made earlier and that can be rolled back.ADVANCED APPLICATION SETTINGS ROLLING BACK CHANGES MADE BY WIZARDS Some changes made when running the Privacy Cleaner Wizard (see section "Privacy Cleaner" on page 164). REPORTS Events that occur during the operation of the protection components or when the Kaspersky Internet Security tasks are run are logged in reports. Once the search is complete. To roll back changes made by Wizards: 1. the Wizard informs you of changes found. check the box located to the left of the action's name. In the right part of the window. Step 3. After you have selected actions that you want to roll back. click the Next button. Step 4. the Wizard automatically proceeds to the next step. Rolling back changes The Wizard rolls back the actions selected at the previous step. Microsoft Windows Troubleshooting – to roll back changes made by the Microsoft Windows Troubleshooting Wizard. Wizard completion Click the Finish button to close the Wizard. 2. Browser Configuration – to roll back changes made by the Browser Configuration Wizard. When the changes are rolled back. Step 1. Selecting changes to roll back When the search is completed. the Wizard will proceed automatically to the next step. 167 . Let us take a closer look at Wizards' steps taken when rolling back changes. Open the main application window and select the Tools section in the lower part of the window. Step 5. and Browser Configuration Wizard (see section "Configuring a browser for safe work" on page 165) can be rolled back.

..................................... click the Reports link... a report is created for all protection components.......................... 5. 4............................................ When you select the Protection Center item.......... For added convenience when working with reports..................... In the Reports window that opens................... Open the main application window...................................... 169 Saving a report to file .. sort events by column or by importance.... click the Reports link.......................................... 168 Events search ................................ if necessary................. In the left part of the Detailed report window that opens........................ Open the main application window................ In the right part of the Detailed report window that opens........... 2........ In the top part of the window.......................................................... Select the value which should be used to filter data in the filter menu...... In the Reports window that opens.......................... In the top part of the window... 170 Storing reports....................................................................... you can change the data display on the screen: group events by various parameters......... click the Detailed report button....................................... 168 .. 6.................................... select the component or task.......... and hide columns............................................... 171 CREATING A REPORT FOR THE SELECTED PROTECTION COMPONENT You can obtain a detailed report about events which occurred during the operation of each of the Kaspersky Internet Security protection components or during execution of its tasks.. for which a report should be created................................................USER GUIDE IN THIS SECTION: Creating a report for the selected protection component ......... 170 Recording non-critical events into the report .................. 4. 3............. as well as define complex data filtering conditions... 171 Configuring the notification of report availability .......................................................................................................... move the mouse pointer to the upper left corner of the column header and click it to open the filter menu................................................ To filter events by values: 1...................... 168 Data filtering ..... 3............. To create a report on a certain protection component or a task: 1......... 2...................................................... select the report period............. click the Detailed report button................................. Repeat the procedure for another column..... 170 Clearing application reports..................................................... DATA FILTERING You can filter events in Kaspersky Internet Security reports by one or several values in the report columns....

4. In the window that opens. b. select the necessary query condition from the Condition dropdown list (e. If necessary. on the Report tab. click the Detailed report button. 6. click the Find next button. c. In the Custom filter window that opens. Click the Reports link in the top part of the window to open the reports window. select AND. Start the search using one of the following methods: If you want to find an event that meets the specified search criteria and comes next after the one that you have highlighted on the list. To find an event using the search line: 1. In the Reports window that opens. b. Specify the search criteria in the Search window that opens: a. 2. Define the query limits in the right part of the window. 2. In the String field. c. If necessary.ADVANCED APPLICATION SETTINGS To specify a complex filtering condition: 1. 5. 2. In the top part of the window. equals or does not equal the value specified as the query limit). click the Detailed report button.. set the filtration conditions: a. In the right part of the Detailed report window that opens. select the name of the column that should be searched for the specified key word. Open the main application window. Open the main application window. 3.g. Enter the key word in the search line in the right part of the Detailed report window that opens. If you wish your data query to satisfy both specified conditions. select OR. EVENTS SEARCH You can search a report for the desired event using a key word in the search line or special search window. 3. enter a key word to be searched for. In the right part of the Detailed report window that opens. click the Reports link. Open the main application window. 3. is greater or less than. If only one of the two conditions is required. 169 . If you want to find all events that meet the specified search criteria. In the top part of the window. click the Detailed report button. click the Reports link. click the Mark all button. 5. To find an event using the search window: 1. right-click the appropriate report column to display the context menu for it and select Custom. In the left part of the window. check the boxes for additional search settings. right-click the appropriate column header to display the context menu for it and select Search. In the Reports window that opens. add a second condition using logical conjunction (logical AND) or disjunction (logical OR) operations. In the Column dropdown list. 4. 4.

In the Detailed report window that opens. click the Reports link. 4. the maximum size is 1024 MB. create a required report and click the Save link to select a location for the file that you want to save. in the Clear reports section. 2. 2. Once the maximum size has been reached. select the Reports and Storages subsection. 5. in the Advanced Settings section. 3. You can cancel any limits imposed on the report's size. Open the main application window. in the Storing reports section. In the left part of the window. in the Advanced Settings section. 3. CLEARING APPLICATION REPORTS You can clear the reports containing data that you no longer need. By default. check the Store reports no longer than box and specify the maximum storage period for reports. click the Clear button. You can cancel the time restriction or change the maximum report storage duration. To save the report to file: 1. In the Storing reports section in the right part of the window. the content of the file is replaced with new records. check the boxes for the reports you wish to clear. check the Maximum file size box and specify the maximum size for a report file. In the Reports window that opens. Open the application settings window. In the left part of the window. In the window that opens. 2. To modify the report maximum storage time: 1. In the right part of the window. 2. In the top part of the window. After that the reports will be deleted. click the Detailed report button. Open the application settings window. To clear application reports: 1. 170 .USER GUIDE SAVING A REPORT TO FILE The report obtained can be saved to a text file. In the right part of the window. STORING REPORTS The default maximum report storage duration is 30 days. select a folder into which you wish to save the report file and enter the file name. or enter another value. select the Reports and Storages subsection. In the Clearing reports window that opens. To configure the maximum report file size: 1. Open the application settings window. you can also define the maximum report file size. 3. 3. In the left part of the window. In addition. select the Reports and Storages subsection. in the Advanced Settings section. 4.

.......... 3................... Open the application settings window....... 2.. click the button........ To add non-critical events to the report: 1..... CONFIGURING THE NOTIFICATION OF REPORT AVAILABILITY You can create a schedule according to which Kaspersky Internet Security will remind you that a report is ready......... specify schedule settings...... In the right part of the window..... and pop-up messages).... In the Icon in the taskbar notification area section.. 4.......... 171 ......... 2....... select the Appearance subsection...... 2....... In the top part of the window................... 172 TRANSLUCENCE OF NOTIFICATION WINDOWS To make notification windows translucent: 1..... 3........ APPLICATION APPEARANCE..... You can add records of such events to the report........................... In the left part of the window............................. the product does not add non-critical events or registry and file system events to its reports......... Open the main application window.......... check the Enable semi-transparent windows box..... select the Reports and Storages subsection.................. In the Notifications window that opens... 172 Text on Microsoft Windows logon screen .. check the Log non-critical events box........ In the Reports window that opens. in the Advanced Settings section............. In the left part of the window. click the Reports link... Open the application settings window............................. in the Advanced Settings section............... MANAGING ACTIVE INTERFACE ELEMENTS Kaspersky Internet Security allows you to adjust the settings for display of text on the logon screen in Microsoft Windows and active interface elements (the application icon in the notification area..........ADVANCED APPLICATION SETTINGS RECORDING NON-CRITICAL EVENTS INTO THE REPORT By default.......... IN THIS SECTION: Translucence of notification windows . 3.... notification windows........... To configure notification of a report's completion: 1.. 171 Animation of the application icon in the notification area ...........

...... 173 Disabling news delivery ......................... in the Advanced Settings section............. To disable animation of the application icon: 1..... 3...................... In the Icon in the taskbar notification area section.......... In the left part of the window.... Kaspersky Internet Security comprises the News Agent (on page 37) that Kaspersky Lab uses to notify you of various news. the text "Protected by Kaspersky Lab" is displayed on the logon screen while Microsoft Windows is loading......... 174 ENABLING AND DISABLING NOTIFICATIONS By default......... notification windows will be displayed on the screen (see section "Notification windows and pop-up messages" on page 34).... If you are required to select further actions.................... 172 Configuring the notification method ........................USER GUIDE ANIMATION OF THE APPLICATION ICON IN THE NOTIFICATION AREA Animation of the application icon is displayed in the notification area when running an update or a scan......... If you do not want to receive any news.................................. NOTIFICATIONS By default.......................... select the Appearance subsection. 3...... you can disable the news delivery.. TEXT ON MICROSOFT WINDOWS LOGON SCREEN By default.. Kaspersky Internet Security notifies you of them.... In the left part of the window...... uncheck the Animate taskbar icon when executing tasks box.... To enable display of this text during the loading of Microsoft Windows: 1................. Text "Protected by Kaspersky Lab" is only displayed in Microsoft Windows XP..... Open the application settings window.............. 2...... Open the application settings window.......... In the Icon in the taskbar notification area section.......... select the Appearance subsection.. email messages..... The application notifies you of events which do not require selection of an action with audio signals.. uncheck the Show "Protected by Kaspersky Lab" on Microsoft Windows logon screen box. and pop-up messages in the taskbar notification area (see section "Notification windows and pop-up messages" on page 34).. You can disable the delivery of notifications.................... By default............. in the Advanced Settings section.......... animation of the application icon in the notification area is enabled......... 172 .... 2................... if Kaspersky Internet Security is enabled and protects your computer....... IN THIS SECTION: Enabling and disabling notifications ......... if any events occur during operation....... Kaspersky Internet Security uses various methods to notify you of all important events related to application operation (see section "Configuring the notification method" on page 173)....................

In the right part of the window. select the Notifications subsection. In the left part of the window. 2. 4. 2. 2. 173 . In the right part of the window. information about events that occur during the operation of Kaspersky Internet Security is logged in an application operation report (see page 167). 3. select the Notifications subsection.ADVANCED APPLICATION SETTINGS Regardless of whether notification delivery is enabled or disabled. check the Enable events notifications box and click the Settings button located under the box. with a pop-up message. 4. To minimize the number of notification windows displayed on the screen. In the Notifications window that opens. You can modify the current scheme or disable sounds. Open the application settings window. To modify the email settings for notification delivery: 1. Open the application settings window. email messages. in the Advanced Settings section. In the left part of the window. critical notifications and notifications of application operation failures are accompanied by an audio signal. select the Notifications subsection. To allow Kaspersky Internet Security to notify you of events by email. use the automatic protection mode (see section "Selecting a protection mode" on page 64). 3. uncheck the Enable events notifications box. you should adjust the email settings of notification delivery. Open the application settings window. in the Advanced Settings section. To select notifications delivery methods for various types of events: 1. CONFIGURING THE NOTIFICATION METHOD The application notifies you of events using the following methods: pop-up messages in the taskbar notification area. In the Email notification settings window that opens. check the boxes corresponding to how you want to be notified of various events: by email. To disable notification delivery: 1. By default. 3. You can configure an individual set of notification delivery methods for each type of event. check the Enable email notifications box and click the Settings button. In the right part of the window. or with an audio signal. The Microsoft Windows sound scheme is used as the source of sound effects. in the Advanced Settings section. audio notifications. it does not impact the display of notification windows. In the left part of the window. specify the settings for sending notifications by email. When you disable the notifications delivery.

..... 2..... select the Notifications subsection........... you can change your decision later.. 175 174 .. The Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab. uncheck the Enable audio notifications box. and reduces the risk of false positives... IN THIS SECTION: Enabling and disabling participation in Kaspersky Security Network . which contains information about the reputation of files........ processed. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky Internet Security when encountering new types of threats.. Kaspersky Internet Security uses data received from users from all over the world... Open the application settings window... When you participate in the Kaspersky Security Network.......... in the Advanced Settings section........ In the right part of the window. Participating in the Kaspersky Security Network is voluntary........... improves performance of some protection components..... If this box is unchecked... and reduce the number of false positives..... and software.... Besides....... You should decide whether to participate when installing Kaspersky Internet Security.... certain statistics collected while Kaspersky Internet Security protects your computer are sent to Kaspersky Lab automatically.. DISABLING NEWS DELIVERY To disable news delivery from the application settings window: 1...... No private data is collected. Kaspersky Security Network is designed for collecting this data.. In the left part of the window.... 175 Verifying connection to Kaspersky Security Network . select the Appearance subsection............ User participation in Kaspersky Security Network enables Kaspersky Lab to gather real-time information about the types and sources of new threats.......... however...... 3. in the Advanced Settings section... In the left part of the window.. 3.. Open the application settings window..... In the right part of the window......... the sound scheme from previous Kaspersky Internet Security versions is used.. web resources........ or stored... develop methods to neutralize them.....USER GUIDE To configure the sound scheme used with notifications: 1.... participating in Kaspersky Security Network grants you access to information about reputation of various applications and websites. uncheck the Enable news notifications box..... 2.. KASPERSKY SECURITY NETWORK To increase the efficiency of your computer's protection.................. check the Use Windows Default sound scheme box. If you want to use the sound scheme of Microsoft Windows for notification of Kaspersky Internet Security events..

2. VERIFYING CONNECTION TO KASPERSKY SECURITY NETWORK Connection to Kaspersky Security Network may be lost for the following reasons: your computer is not connected to the Internet. 2. check the I agree to participate in Kaspersky Security Network box. 3. the status of connection to Kaspersky Security Network is displayed. select the Feedback subsection. you do not participate in Kaspersky Security Network. 3. In the top part of the window. click the Cloud protection button. To test the connection to Kaspersky Security Network: 1. In the right part of the window. Open the main application window.ADVANCED APPLICATION SETTINGS ENABLING AND DISABLING PARTICIPATION IN KASPERSKY SECURITY NETWORK To participate in Kaspersky Security Network: 1. In the left part of the window. in the Advanced Settings section. 175 . Open the application settings window. your license for Kaspersky Internet Security is limited. In the left part of the window that opens.

................................ 176 .................................................................... a major part of anti-virus applications identify the test file EICAR as a virus. If necessary......................................TESTING THE APPLICATION'S OPERATION This section provides information about how to ensure that the application detects viruses and their modifications and performs the correct actions on them... TESTING THE APPLICATION'S FUNCTIONING USING THE TEST FILE EICAR You can use the test file EICAR to test the Internet traffic protection........... 2..................... You can download this test file from EICAR's official website at http://www.........htm.. and computer scan....... The test file EICAR is not intended for testing the functionality of the heuristic analyzer or searching for malware at the system level (rootkits)...... Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the test file EICAR. Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the test file EICAR........org/anti_virus_test_file........... 177 ABOUT THE TEST FILE EICAR You can make sure that the application detects viruses and disinfects infected files by using a test file EICAR............. you can use various types of the test file EICAR (see section "About the types of the test file EICAR" on page 177)................... Try to save the EICAR test file in any folder on your computer.................... Kaspersky Internet Security informs you that a threat has been detected at the requested URL and blocks the attempt to save the object on the computer............. 176 About the types of the test file EICAR . The test file EICAR is not a virus... 176 Testing the application's functioning using the test file EICAR ................. 3........... IN THIS SECTION: About the test file EICAR.......... The test file EICAR does not contain any program code that could damage your computer.... anti-virus protection of files.... To test the Internet traffic protection using the test file EICAR: 1.................... However. The test file EICAR has been developed by the European Institute for Computer Antivirus Research (EICAR) in order to test the functionality of anti-virus applications..... Do not use real viruses to test the functionality of anti-virus applications! This may damage your computer...........eicar........

ABOUT THE TYPES OF THE TEST FILE EICAR You can test the application's functioning by creating various modifications of the test file EICAR. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR" on page 177).org/anti_virus_test_file. Add one of the prefixes to the head of the EICAR test file (see section "About the types of the test file EICAR" on page 177). add the DELE.eicar.htm. 4. 3. To test the virus scan using the test file EICAR or a modification of it: 1. Pause anti-virus protection of Internet traffic and anti-virus protection of files on your computer. 2. it is not recommended that you connect the computer to local networks or use removable devices to prevent harm to your computer caused by malware. When protection is paused. The application detects the test file EICAR (or a modification of it) and assigns it a status depending on the results of the scan. select Start programs Accessories Notepad. You can use any text or hypertext editor to do this.com. for example. select Start programs Accessories Notepad. 3. You can download this test file from EICAR's official website at http://www. Kaspersky Internet Security informs you of a threat detected on the hard drive of your computer and performs the action specified in the settings of the virus scan. 7.htm. When protection is paused.com. You can download this test file from EICAR's official website at http://www. 5. it is not recommended that you connect the computer to local networks or use removable devices to prevent harm to your computer caused by malware. Start the scan of the file that you have saved. You can use any text or hypertext editor to do this. Notepad.eicar. Try to run the file that you have saved. 4. for example. 177 . for example. Save the resulting file under a name reflecting the modification of the test file EICAR. Notepad. To open Notepad.prefix and save the file as eicar_dele. 6. The application takes specified actions on the test file EICAR if they had been selected in the settings of the component that has detected the test file EICAR.org/anti_virus_test_file. Kaspersky Internet Security informs you of a threat detected on the hard drive of your computer and performs the action specified in the settings of the anti-virus protection of files. add the DELEprefix and save the file as eicar_dele. All Save the resulting file under a name reflecting the modification of the file EICAR.TESTING THE APPLICATION'S OPERATION To test the anti-virus protection of files using the test file EICAR or a modification of it: 1. Save the EICAR test file in any folder on your computer. 6. All 5. Resume anti-virus protection of Internet traffic and anti-virus protection of files on your computer. To open Notepad. 2. Resume anti-virus protection of Internet traffic and anti-virus protection of files on your computer. for example. Pause anti-virus protection of Internet traffic and anti-virus protection of files on your computer.

The application could not access the file. By default. File contains modified code of a known virus. An error occurred during the scan of a file. File The application displays an on-screen notification that the disinfected cannot be disinfected. SUSPPotentially infected. The application does not scan this type of file because its structure is damaged (for example. 178 . Infected. ERRO- Scan error. WARNPotentially infected. File can be disinfected. the application displays an on-screen notification that a potentially infected file has been detected.USER GUIDE The first column of the table (see the table below) contains prefixes that you can use when creating modifications of the test file EICAR. The application detected a partial correspondence of a section of file code with a section of code of a known virus. File processing information The application identifies this file as a file containing a virus that cannot be disinfected. the application displays an on-screen notification that a potentially infected file has been detected. The application applies the action set for potentially infected files on the file. standard test virus. The third column indicates how the application processes files with the specified status. The second column lists all possible statuses assigned to the file. CURE- The file contains a virus that can be disinfected or deleted. File is potentially infected. file has been deleted. You can find the information that the file has been processed in the report on the application's operation. You can find the information that the file has been processed in the report on the application's operation. the application databases do not contain a description of the full code of the virus. By default. File cannot be disinfected. File status Infected. File contains code of an unknown virus. the cannot be disinfected. File The action set for infected files is applied to the file. the text of the virus body is replaced with File contains code of a the word CURE. DELE- File contains code of a known virus. File cannot be disinfected. The application identifies the file as a virus that cannot be disinfected. When a potentially infected file is detected. Modifications of the test file EICAR Prefix No prefix. application displays an on-screen notification that the file cannot be disinfected. no end to a multivolume archive) or there is no connection to it (if the file is scanned on a network drive). and deletes it. the file format is invalid). The application displays an on-screen notification that a disinfected file has been detected. By default. The application applies the action set for potentially infected files on the file. CORR- Corrupted. known virus. based on the results of the scan by the application. Infected. File contains code of a known virus. since the integrity of the file has been breached (for example. Table 2. The application disinfects the file.

179 ....... Technical support is not available to users of trial versions of the application.. You can contact the Technical Support Service in one of the following ways: By telephone........ IN THIS SECTION: How to get technical support ............. 182 Obtaining technical support via My Kaspersky Account ....... Also...................................... Before contacting the Technical Support Service... our specialists will help to fix any problems caused by malware............ 179 Technical support by phone ...... you must be a registered user of a commercial version of Kaspersky Internet Security.............. and create reports on results of system scans...................... To qualify for technical support.......................... If the computer is infected......... By sending a query from your Kaspersky Account on the Technical Support Service website.................................................................................... The trace file allows you to trace the process of executing the application's commands step-by-step and find out on which stage of the application's operation an error has occurred........................... This method allows you to contact our specialists using the query form..... 179 Using the trace file and the AVZ script ......... Technical Support Service specialists may ask you to create a trace file...............com/support/rules).................... 182 HOW TO GET TECHNICAL SUPPORT If you do not find a solution to your problem in the application documentation or in one of the sources of information about the application (see section "Sources of information about the application" on page 12)............ Technical Support Service specialists will answer any of your questions about installing and using the application........ Running AVZ scripts allows you to analyze active processes for malicious code.............. they can create an AVZ script and send it to you... scan the system for malicious code........ USING THE TRACE FILE AND THE AVZ SCRIPT After you notify Technical Support Service specialists of a problem encountered............... they may ask you to create a report that should contain information about your operating system................. disinfect / delete infected files......CONTACTING THE TECHNICAL SUPPORT SERVICE This section provides information about how to obtain technical support and what conditions should be met to receive help from the Technical Support Service...................... please read the support rules (http://support............. This method allows you to consult with specialists from our Russian-language or international Technical Support Service....kaspersky................. we recommend that you contact Kaspersky Lab's Technical Support Service............ After Technical Support Service specialists analyze the data that you have sent............................... and send it to the Technical Support Service..............

To view the report: 1. To stop the trace process. In the absence of guidance from the Technical Support Service. Click the Support link at the bottom of the main window to open the Support window. You can switch to uploading tracing results (see section "Sending data files" on page 180) to Kaspersky Lab's server. Click the Support link at the bottom of the main window to open the Support window. then follow the Support Tools link. specify the trace level from the drop-down list in Traces section.zip.zip archive which contains the report files. click the Create system state report button. you can view the report. It is recommended that the required trace level be clarified by a Technical Support Service specialist. you are advised to set the trace level to 500.USER GUIDE CREATING A SYSTEM STATE REPORT To create a system state report: 1. In the Support Tools window that opens. 2. Click the Support link at the bottom of the main window to open the Support window. To start the trace process. SENDING DATA FILES After you have created the trace files and the system state report. 3. then follow the Support Tools link. You will need a request number to upload data files to the Technical Support Service server. 2. 3. 6. Open the main application window. then follow the Support Tools link. Open the main application window. 2. This number is available in your My Kaspersky Account on the Technical Support Service website if your request is active. Once the information has been gathered. 4. In the Support Tools window that opens. click the View button. The system state report is created in HTML and XML formats and is saved in the archive sysinfo. click the Disable button. Reconstruct the situation in which the problem occurred. you need to send them to Kaspersky Lab Technical Support Service experts. 180 . 3. 5. In the Support Tools window that opens. Open the main application window. click the Enable button. CREATING A TRACE FILE To create a trace file: 1. Open the sysinfo. 4.

then follow the Support Tools link. 4. If problems occur during script execution. 2. Specify the archive name and confirm saving. To save data files on a disk: 1. The Request number window will open. The Uploading information for Technical Support Service to the server window will open. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the Send button.CONTACTING THE TECHNICAL SUPPORT SERVICE To upload the data files to the Technical Support Service server: 1. 3. Check the boxes next to the trace files that you want to send to the Technical Support Service and click the Send button. The created archive can be sent to the Technical Support Service from My Kaspersky Account. The archive saving window will open. 3. 5. the data files can be stored on your computer and later sent from My Kaspersky Account. Click the Support link at the bottom of the main window to open the Support window. The selected data files are packed and sent to the Technical Support Service server. Specify the number assigned to your request by contacting the Technical Support Service through My Kaspersky Account and click the OK button. In the Support Tools window that opens. AVZ SCRIPT EXECUTION You are advised not to change the text of an AVZ script received from Kaspersky Lab experts. then follow the Support Tools link. The Request number window will open. 181 . click the Upload information for Technical Support Service to the server button. Open the main application window. click the Upload information for Technical Support Service to the server button. In the Support Tools window that opens. Open the main application window. Click the Cancel button and confirm saving the files on the disk by clicking the Yes button in the window that opens. The Uploading information for Technical Support Service to the server window will open. 5. Click the Support link at the bottom of the main window to open the Support window. If for any reason it is not possible to contact the Technical Support Service. in the Actions section. 4. please contact the Technical Support Service (see section "How to get technical support" on page 179). 2. in the Actions section. 6.

you should collect information (http://support. you can perform the following actions: contact the Technical Support Service and Virus Lab.kaspersky. view a detailed history of your requests to the Technical Support Service.kaspersky. customer ID and password.kaspersky.kaspersky. Before contacting the Technical Support Service. then follow the Support Tools link. receive a copy of the key file if it has been lost or removed. This will allow our specialists to help you more quickly. request description.com) on the Technical Support Service website.com/support/details) about your computer and anti-virus applications installed on it. Click the Support link at the bottom of the main window to open the Support window. In the Support Tools window that opens. German. contact the Technical Support Service without using email. email address. English. Technical Support by email You can send an online request to the Technical Support Service in Russian. you can call specialists from the Russian-speaking or international Technical Support Service by phone (http://support. In My Kaspersky Account. or Spanish.USER GUIDE To run the AVZ script: 1. TECHNICAL SUPPORT BY PHONE If an urgent issue arises.com/support/support_local). click the Execute AVZ script button. the Wizard closes. If the script successfully executes. 2. 3. the Wizard displays a message to that effect.com/registration). Enter your email address and a password to log in to My Kaspersky Account. 182 . If an error occurs during script execution. You should specify the following data in the fields of the online request form: request type. Open the main application window. OBTAINING TECHNICAL SUPPORT VIA MY KASPERSKY ACCOUNT My Kaspersky Account is your personal area (https://my. application name and version number. French. track the status of your request in real time. you should go through the registration procedure on the registration page (https://my. To obtain access to My Kaspersky Account.

using the name of the virus.html) without being registered in My Kaspersky Account. If they detect a previously unknown virus. You can send requests of the following types to the Virus Lab: Unknown malicious program – you suspect that a file contains a virus but Kaspersky Internet Security has not identified it as infected. Virus Lab specialists analyze malicious code sent. which becomes available when updating anti-virus applications.CONTACTING THE TECHNICAL SUPPORT SERVICE A specialist from the Technical Support Service sends an answer to your question to your My Kaspersky Account and to the email address that you have specified in your online request. On this page. Request for description of malicious program – you want to receive the description of a virus detected by Kaspersky Internet Security. False alarm – Kaspersky Internet Security classifies the file as a virus.com/virlab/helpdesk. they add a corresponding description to the database. yet you are sure that the file is not a virus.kaspersky. 183 . You can also send requests to the Virus Lab from the page with the request form (http://support. you do not have to specify the application activation code. Online request to the Virus Lab Some requests should be sent to the Virus Lab instead of the Technical Support Service.

....com <command> [options] You should access the application from the command line from the application installation folder or by specifying the full path to avp..... 184 Kaspersky Internet Security notifications list ........ STATUS 184 ......... The capability is provided to perform the following operations: activating the application...... The command can only be executed if the password assigned via the Kaspersky Internet Security interface is entered..........APPENDIX This section provides information that complements the document text....... START STOP Starts a component or a task............... Stops a component or a task..... as well as their statistics...... updating databases and software modules. Displays the current status of a component or task on the screen... rolling back updates................ The list of commands used to control the application and its components is provided in the table below................ Command prompt syntax: avp... IN THIS SECTION: Working with the application from the command line ........... starting and stopping virus scan tasks..... exporting and importing security settings.................................... opening help files using command line syntax in general and for individual commands....... starting and stopping application components............ starting and stopping tasks.................... 194 WORKING WITH THE APPLICATION FROM THE COMMAND LINE You can work with Kaspersky Internet Security from the command line.................. obtaining information on the current status of components and tasks........com.. starting and stopping the application. scanning selected objects..

...................... 192 Viewing Help ............. Rolls back to the last Kaspersky Internet Security update made.............................................. Scans objects for viruses............................................................................................................. 190 Rolling back the last update ........................................................... 185 Starting the application ............................................................................................................................................... Closes the application........................... 191 Importing protection settings ................................................................................... Command syntax: avp.........................key extension........... 191 Creating a trace file ........APPENDIX STATISTICS HELP SCAN UPDATE ROLLBACK Displays the statistics for a component or task on the screen................ The command can only be executed if the password assigned via the Kaspersky Internet Security interface is entered.................................................................................................................................................................................................................................. 186 Managing application components and tasks................................................................................................... IN THIS SECTION: Activating the application........ Imports application protection settings...................................................................... 191 Exporting protection settings .................................................................................. 186 Stopping the application ................................................ 192 ACTIVATING THE APPLICATION You can activate Kaspersky Internet Security using a key file............................................... EXIT IMPORT EXPORT Each command requires its own specific set of settings......................... Displays the list of commands and command syntax information............................. <filename> Application key file name with the *..................................... 186 Virus scan ............................... 188 Updating the application ..................................................................................................................................................................................com ADDKEY <filename> The table below describes the settings of command execution............................. 192 Return codes of the command line ............................................................................... 185 ........ Starts the application update.............................................................................. Exports the application protection settings........................................................... The command can only be run if the password assigned via the application interface is entered................. The command can only be executed if the password assigned via the Kaspersky Internet Security interface is entered............

/R:<report_file> – log only important events in the report. If the setting is not defined. STOP – stop a protection component or a task. You can use an absolute or relative path to the file. Note that the STOP command will not be accepted without a password.USER GUIDE Example: avp. You can specify the name of any on-demand scan or update task as the value for the <task_name> setting. 186 .com ADDKEY 1AA111A1. MANAGING APPLICATION COMPONENTS AND TASKS Command syntax: avp.key STARTING THE APPLICATION Command syntax: avp. scan results are displayed on the screen.com EXIT /password=<your_password> A description of parameters is provided in the table below. <your_password> Application password specified in the interface.com STOP <profile|task_name> /password=<your_password> [/R[A]:<report_file>] Descriptions of commands and settings are given in the table below. In the <profile> setting. STATISTICS – output statistics to the screen for a protection component or a task. Note that this command is not accepted without a password. on-demand scan or update task as the value for the <profile> setting (the standard values used by the application are shown in the table below). <your_password> /R[A]:<report_file> Application password specified in the interface. STATUS – display the current status of a protection component or a task. and all events are shown. <command> You can manage Kaspersky Internet Security components and tasks from the command prompt with the following commands: START – start a protection component or a task. /RA:<report_file> – log all events in the report. <profile|task_name> You can specify any protection component of Kaspersky Internet Security.com STOPPING THE APPLICATION Command syntax: avp.com <command> <profile|task_name> [/R[A]:<report_file>] avp. component module. you should specify one of the values given in the table below.

it is not launched by the avp. Proactive Defense.com START RTP command runs all the protection components if the protection has been completely disabled. FW HIPS pdm FM EM WM Firewall. In order to start it. sc – scan scripts.com START FM.com START <profile> command with the name of the specific protection component entered for <profile>. Application Control. Update. enter the following command: 187 . avp. Anti-Banner. Mail Anti-Virus. If the component has been disabled using the STOP command from the command prompt. IM AB AS PC AP ids Updater Rollback Scan_My_Computer Scan_Objects Scan_Quarantine Scan_Startup (STARTUP) Scan_Vulnerabilities (SECURITY) IM Anti-Virus. Anti-Spam. Values for Web Anti-Virus subcomponents: httpscan (HTTP) – scan HTTP traffic. Quarantine scan.com START RTP command. Scan. Objects Scan. for example. File Anti-Virus.APPENDIX RTP All protection components. Network Attack Blocker. Parental Control. The avp. Startup Objects Scan. you should execute the avp. Vulnerability Scan. Rolling back the last update. Web Anti-Virus. Components and tasks started from the command prompt are run with the settings configured in the application interface. Anti-Phishing. Examples: To enable File Anti-Virus.

Each scan object should be listed on a separate line. <files> List of paths to the files and folders to be scanned.com SCAN [<object scanned>] [<action>] [<file types>] [<exclusions>] [<configuration file>] [<report settings>] [<advanced settings>] To scan objects. The parameter may include several space-separated values from the list provided. You can enter an absolute or relative path to the file with the list. The file with the list of objects should be in a text format. you can also use the tasks created in the application by starting the one you need from the command line. Full computer scan. it must be placed in quotation marks.lst> RAM objects.com START FM To stop a computer scan. All internal drives. not relative to the file with the list of objects to be scanned. all files in this folder are scanned. You are advised to specify absolute paths to objects to be scanned. Mailboxes. The path must be indicated without quotation marks even if it contains a space. When specifying a relative path. Items on the list are separated by a space. All network drives. if reference is made to a specific folder.USER GUIDE avp. Path to a file containing a list of objects and catalogs to be scanned. The task will be run with the settings specified in the Kaspersky Internet Security interface. Quarantined objects. 188 . you must specify the path relative to the executable file of an application. Startup objects. You can enter an absolute or relative path to the file. All removable media drives.com STOP Scan_My_Computer /password=<your_password> VIRUS SCAN Starting a scan of a certain area for viruses and processing malicious objects from the command prompt generally looks like this: avp. enter the following command: avp. /MEMORY /STARTUP /MAIL /REMDRIVES /FIXDRIVES /NETDRIVES /QUARANTINE /ALL /@:<filelist. Comments: if the object name contains a space. <object to scan> – this parameter gives the list of objects that are scanned for malicious code. A description of parameters is provided in the table below.

Skip objects that are scanned for longer than the time specified in the <seconds> parameter. The configuration file is in text format and contains the set of command line parameters for the anti-virus scan. /i3 /i4 /i8 /i9 <file types> – this parameter defines the file types that are subject to an anti-virus scan. This setting is only available for compound files (such as archives). Delete all compound objects completely if the infected parts cannot be deleted. skip if disinfection fails. If this parameter has not been defined. do not delete infected objects from compound objects. the default action is the one with the value of /i8. 189 . only infectable files by contents are scanned. skip if disinfection fails. An action which corresponds to the <action> parameter value is ignored. Scan only infectable files by contents. <configuration file> – defines the path to the configuration file that contains the application settings for the scan. if this parameter is not defined. Scan all files. Delete infected objects. delete infected compound objects with executable headers (sfx archives). Disinfect infected objects. Do not scan plain text emails. record information about it in the report. Skip objects whose size (in MB) exceeds the value specified in the <size> setting. skip if disinfection fails. You can enter an absolute or relative path to the file. <exclusions> – this parameter defines objects that are excluded from the scan. Prompt the user for action if an infected object is detected. Do not scan email databases. If this parameter is not defined. /i0 /i1 /i2 Take no action with regard to the object. /fe /fi /fa Scan only infectable files by extension. the values set in the application interface are used. Disinfect infected objects. delete all compound objects completely if infected embedded files cannot be deleted. The parameter may include several space-separated values from the list provided. Do not scan objects which match the mask. /C:<file_name> Use the settings' values specified in the <file_name> configuration file. -e:a -e:b -e:m -e:<filemask> -e:<seconds> -es:<size> Do not scan archives. If you are working in automatic mode. Disinfect infected objects. then Kaspersky Internet Security automatically applies the action recommended by Kaspersky Lab's specialists when dangerous objects are detected. Prompt the user for action at the end of the scan.APPENDIX <action> – this parameter determines what action will be taken with malicious objects detected during the scan. By default.

log Enable / disable the use of iChecker technology. create a report to log all events: avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.USER GUIDE <report settings> – this parameter determines the format of the report on scan results. the values for the settings in the application interface are used. A configuration file is a file in plain text format containing a list of command-line parameters for an application update. scan results are displayed on the screen. Log all events in this file. /R:<report_file> /RA:<report_file> Log important events in this file only. the update source will be taken from the application update settings. The value for the parameter may be in the form of a full path to an update source or a URL. UPDATING THE APPLICATION The syntax for updating the modules of Kaspersky Internet Security and application databases from the command line is as follows: avp. and the file test. Startup programs. <update_source> HTTP or FTP server or network folder for downloading updates.txt for the job. Use the scan_settings. the directories My Documents and Program Files. You can use an absolute or relative path to the file.exe: avp. mailboxes.txt /RA:scan. /R:<report_file> – log only important events in the report. Enable / disable the use of iSwift technology.txt.txt /RA:scan. If a path is not selected. Examples: Update application databases and record all events in a report: avp.com UPDATE /RA:avbases_upd. scan results are displayed on the screen. /RA:<report_file> – log all events in the report.txt /R[A]:<report_file> 190 . You can use an absolute or relative path to the file. You can enter an absolute or relative path to the file.txt /C:scan_settings.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" "C:\Downloads\test. If the setting is not defined.log A sample configuration file: /MEMORY /@:objects2scan.txt configuration file. and all events are shown. /C:<file_name> Path to the configuration file that contains the Kaspersky Internet Security update settings.com UPDATE [<update_source>] [/R[A]:<report_file>] [/C:<file_name>] A description of parameters is provided in the table below. using the configuration file scan_setting. <advanced settings> – settings that define the use of anti-virus scan technologies.exe" Scan the objects listed in the file object2scan. When the scan is complete. and all events are shown. If the setting is not defined. /iChecker=<on|off> /iSwift=<on|off> Examples: Start a scan of memory. If this parameter is not defined.

Note that this command is not accepted without a password. you can use any value listed in the "Managing application components and tasks" Help section. <filename> Path to the file to which the Kaspersky Internet Security settings are being exported. 191 . /RA:<report_file> – log all events in the report.com ROLLBACK [/R[A]:<report_file>][/password=<your_password>] A description of parameters is provided in the table below. type the .txt /password=<your_password> EXPORTING PROTECTION SETTINGS Command syntax: avp. scan results are displayed on the screen. You can use an absolute or relative path to the file. Example: avp.com UPDATE /C:updateapp. For the <profile> setting. or it is not specified at all. it can be used later to export application settings onto other computers.com EXPORT RTP c:\settings.com ROLLBACK /RA:rollback. /R[A]:<report_file> /R:<report_file> – log only important events in the report.dat IMPORTING PROTECTION SETTINGS Command syntax: avp. To do so. Note that you cannot import protection settings from a text file. Example: avp.APPENDIX Update the Kaspersky Internet Security modules using the settings of the updateapp. if no other format is specified.ini configuration file: avp. The configuration file is saved in binary format (DAT). If the setting is not defined. An absolute or a relative path may be specified. <profile> Component or task for which the settings are being exported. and all events are shown.txt extension in the file name.com EXPORT <profile> <filename> The table below describes the settings of command execution.ini A sample configuration file: "ftp://my_server/kav updates" /RA:avbases_upd. <your_password> Application password specified in the interface. The configuration file can also be saved as a text file.txt ROLLING BACK THE LAST UPDATE Command syntax: avp.com IMPORT <filename>[/password=<your_password>] The table below describes the settings of command execution. This file can only be used to specify the main settings for Kaspersky Internet Security operation.

com IMPORT c:\settings.com <command> /? avp. we recommend setting the value to 500.com TRACE file off To create a trace file to be sent to Technical Support with a maximum trace level of 500: avp.USER GUIDE <filename> Path to the file from which the Kaspersky Internet Security settings are imported.com [ /? | HELP ] You can use one of the following commands to view help information about the syntax of a specific command: avp.com TRACE [file] [on|off] [<trace_level>] A description of parameters is provided in the table below. We only recommend creating trace files for troubleshooting a specific problem. An absolute or a relative path may be specified. only critical messages) to 700 (maximum level. If the level is not specified.dat /password=<your_password> CREATING A TRACE FILE Trace file creation may be required in case of problems in Kaspersky Internet Security operation. Example: avp. Technical Support will tell you what trace level you need when you contact Technical Support. Command syntax: avp. Output trace to file. Regularly enabling traces may slow down your computer and fill up your hard drive. <your_password> Kaspersky Internet Security password specified in the application interface.com HELP <command> 192 . [on|off] [file] <trace_level> Enable / disable trace file creation. Note that this command is not accepted without a password. This setting can be a value from 0 (minimum level. Examples: To disable trace file creation: avp.com TRACE file on 500 VIEWING HELP The following command is used to view help about the command line syntax: avp. all messages). Security parameters can only be imported from a binary file. This will help Technical Support Service specialists to diagnose problems more accurately.

Unknown error. 193 . Invalid setting value. GENERAL RETURN CODES 0 1 2 3 4 Operation completed successfully. as well as codes specific to a certain type of task.APPENDIX RETURN CODES OF THE COMMAND LINE This section describes the return codes of the command line (see table below). Task completion error. Hazardous objects detected. Task cancelled. The general codes may be returned by any command from the command line. VIRUS SCAN TASK RETURN CODES 101 102 All dangerous objects processed. The return codes include general codes.

.............. a malicious process in the RAM or in startup objects)...........................................................................KASPERSKY INTERNET SECURITY NOTIFICATIONS LIST This section provides information about notifications that Kaspersky Internet Security may display on the screen................................................................................................................................................................................... 197 Quarantined file not infected .............................................................................................................................................................. 195 An application without a digital signature is being run ............................ 198 New product version released .................... IN THIS SECTION: Special treatment required ......................................................................................................................................................... 200 License expired ..... 194 Notifications in interactive protection mode ................................................ 194 . 199 Downloaded technical update not installed ......................................................................................................................................................................................................................................................................................................................... 200 SPECIAL TREATMENT REQUIRED When you detect a threat that is currently active in the system (for example............... 196 Unreliable certificate detected .................................................................................. IN THIS SECTION: Notifications in any protection mode .................................... a notification is displayed on the screen requesting the confirmation of a special advanced disinfection procedure........................................................................................................................................................................................................................................ 196 New network detected ................ 199 Technical update downloaded................................................... 194 Hidden driver download. 197 Request for permission to access a website from a regional domain ...................................................................................................................................................................................................................................... 197 An application that may be exploited by an intruder in order to do harm to the user's computer or data........................................................... has been detected ........................................................................................ 201 NOTIFICATIONS IN ANY PROTECTION MODE This section provides information about notifications that are displayed both in automatic and in interactive protection mode (see section "Selecting a protection mode" on page 64)........................................................................................ 200 We recommend that you update the databases before scan ............................................................................................................................................................................................................................................................. 198 Technical update released ........................... 195 Removable drive connected ...............

AN APPLICATION WITHOUT A DIGITAL SIGNATURE IS BEING RUN When Application Control detects an application without digital signature and with high threat rating according to the heuristic analysis that runs on your computer. Quarantine – block driver download and move the driver file to Quarantine. You can select one of the following actions: Yes. Clicking the icon opens a window with information about the driver. The icon is displayed next to the name of the file. 195 . The notification provides the following information: Description of the threat. so it is recommended that you save the changes that you have made and close all applications before starting the disinfection. all applications are blocked except for trusted ones. you are advised to run a full virus scan.APPENDIX The notification provides the following information: Description of the threat. When the disinfection is in progress. When the disinfection is complete. After restarting your computer. Block now – block driver download. Do not run – the detected object or process will be processed according to the selected action. The icon is displayed next to the name of the malicious object. check the Apply to all objects box. File name of the malicious object. including the path to it. Name of the driver file.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. including the path to it. HIDDEN DRIVER DOWNLOAD Some malicious applications download drivers onto the computer without being noticed by the user.securelist. the operating system will be restarted. it displays a notification on the screen. disinfect with reboot – perform the special disinfection procedure (recommended). Clicking the icon opens a window with information about the object. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. it displays a notification on the screen. To apply the selected action automatically every time such situation reoccurs. Useful applications seldom use such methods for downloading drivers. When Application Control detects an attempt to download a driver covertly. You can select one of the following actions: Allow now – allow downloading the driver and adding it into the list of exclusions. Clicking the www. after which the malicious application's activity cannot be controlled by Kaspersky Internet Security.

Restrict the application – allow application startup. I trust – allow opening and running the application without any restrictions. This status is recommended to apply to networks with a medium risk factor (for example.e. it is a trusted network. The icon is displayed next to the name of the application. Information about the number of users that use the application and trust it. network). check the Always perform in such cases box. a notification appears on the screen. Do not scan – do not scan the removable drive. 196 . a notification is displayed on the screen. Clicking the icon opens a window with information about the application. It is only recommended to apply this status to safe networks. Full Scan – scan all files stored on the removable drive. where your computer is not exposed to attacks and attempts of unauthorized access to your data. Local network. You can select one of the following actions: Yes. The lower part of the window prompts you to assign a status to the network and network activity is allowed on the basis of that status: Yes. REMOVABLE DRIVE CONNECTED When a removable drive is connected to the computer. or filters. Name of the application being run. No. "wireless"). NEW NETWORK DETECTED Every time your computer connects to a new zone (i. Block – block the opening and running of the application currently and in the future. To apply the selected action to all removable drives that may be connected in the future. When you select this status. The top part of the notification window provides information about the network: the network adapter used for network connection. A high-risk network in which your computer is in danger of any possible type of threat. This status is also recommended to apply to networks that are not protected with anti-virus applications. network type (for example.USER GUIDE The notification provides the following information: Description of the threat. the application ensures maximum security of your computer in this zone. You can select one of the following actions: Quick Scan – scan only files stored on the removable drive that can pose a potential threat. but block dangerous operations. firewalls. it is a public network. name of the network. corporate LANs).

the name of the region to which the website belongs. 197 . You can select one of the following actions: Yes. the URL of the website. The notification provides the following information: description of the threat. HAS BEEN DETECTED When Activity Monitor detects an application that may be exploited by an intruder in order to do harm to the user's computer or data. the URL of the web resource. if the certificate is replaced by an intruder). the domain and level of infectiousness of websites in this domain. a notification is displayed on the screen. a notification is displayed on the screen. REQUEST FOR PERMISSION TO ACCESS A WEBSITE FROM A REGIONAL DOMAIN If you attempt to access a website from a regional domain that is not recognized as neither blocked nor allowed. To apply the selected action to all websites from this regional domain. check the Remember for this region box. No. block request – cancel website loading. accept the untrusted certificate – proceed with connecting to the web resource. The notification provides the following information: a description of the reason for blocking access to the website.APPENDIX UNRELIABLE CERTIFICATE DETECTED Kaspersky Internet Security verifies security of the connection established via the SSL protocol using an installed certificate. You can select one of the following actions: Yes. probable causes of the error. Deny certificate – interrupt the connection with the website. the name of the application that has attempted to access the website. AN APPLICATION THAT MAY BE EXPLOITED BY AN INTRUDER IN ORDER TO DO HARM TO THE USER'S COMPUTER OR DATA. allow request – load the website. If an invalid certificate is detected when the connection to the server is attempted (for example. a notification is displayed on screen. a link for viewing the certificate.

Cancel – leave the file in Quarantine. Kaspersky Internet Security scans quarantined files after each update of the databases. Add to exclusions – always allow the application to perform such actions in the future. Clicking the icon opens a window with information about the application. the object could be assigned the not infected status and then restored. Terminate application – interrupt the execution of the application. If the scan of a quarantined file shows that it is not infected. a notification is displayed on the screen. the status of the object may change. The icon is displayed next to the name of the application. The notification provides the following information: a recommendation to restore the quarantined file. The status of a file moved to Quarantine can be changed to not infected at a next scan. the object may be identified as infected and can be processed using an updated database. You can select one of the following actions: Restore – restore the file by removing it from Quarantine and moving it to the folder in which this file had been stored before it was moved to Quarantine. You can select one of the following actions: Allow – allow the application to run. Link to the window with the application emergence log. QUARANTINED FILE NOT INFECTED By default. Type and name of the application that may be exploited by an intruder in order to do harm to the user's computer or data.USER GUIDE The notification provides the following information: Description of the threat. including the path to it. a notification is displayed on the screen. 198 . ID of the process and name of the application file. For example. including the path to the folder in which it had been stored before it was moved to Quarantine. NEW PRODUCT VERSION RELEASED When a new version of Kaspersky Internet Security has been released and is available for downloading from Kaspersky Lab servers. With further scans of Quarantine. the name of the file. but not earlier than three days after it is moved to Quarantine. Otherwise. move the application file to Quarantine where it poses no threat to your computer's security. Quarantine – close the application.

You can select one of the following actions: Yes. a link to a window with detailed information about the technical update. TECHNICAL UPDATE RELEASED When a technical update of Kaspersky Internet Security has been released and is available for downloading from Kaspersky Lab servers. remind later – cancel the immediate download and receive a reminder to update later. If you do not want the notification of the new application version to be displayed on the screen in the future. check the Do not inform of this update box. This option is available if the Do not inform of this update box is unchecked (see below). No – cancel the installation package download. If you do not want this notification to be displayed on the screen in the future. No – cancel the update download. a link to the update file. This option is available if the Do not inform of this update box is checked (see below). 199 . download – download the update file into the selected folder. TECHNICAL UPDATE DOWNLOADED When downloading of the technical update of Kaspersky Internet Security from Kaspersky Lab servers is completed. a notification is displayed on the screen. download – download the installation package of the new application version into the selected folder. the number of the application version after the expected technical update. No.APPENDIX The notification provides the following information: a link to a window with detailed information about the newly released version of the application. the size of the update file. the size of the installation package. a notification is displayed on the screen. You can select one of the following actions: Yes. The notification provides the following information: the number of the application version after the technical update. check the Do not inform of this update box. The notification provides the following information: the number of the application version installed on your computer.

Postpone installation – cancel installation to perform it later. you need to reboot your operating system. After the update is installed. The notification provides the following information: the length of the trial period. install – install the update. The notification provides the following information: the number of the application version after the technical update. a notification is displayed on the screen. install – install the update. a notification is displayed on the screen. real-time protection. If you select this option. etc. The notification contains a recommendation to update the databases or wait until the update is completed before scan. purchase – selecting this option opens a browser window and loads the eStore web page where you can purchase the commercial license. Kaspersky Internet Security displays a notification on the screen. After the update is installed. information about the application operation outcome (may include a link to more details).USER GUIDE You can select one of the following actions: Yes. you need to reboot your operating system. WE RECOMMEND THAT YOU UPDATE THE DATABASES BEFORE SCAN If you initiate scan tasks before or during the first update of the databases. update.). You can select one of the following actions: Yes. LICENSE EXPIRED When the trial license expires. a link to the update file. DOWNLOADED TECHNICAL UPDATE NOT INSTALLED If a technical update of Kaspersky Internet Security has been downloaded but not installed on your computer. Cancel – stop using the application. Postpone installation – cancel installation to perform it later. You can select one of the following actions: 200 . You can select one of the following actions: Yes. check the Do not ask until new version is available box. the application stops performing all of its main functions (virus scan. If you do not want notification of this update to be displayed on the screen in the future.

................................................ 210 It is recommended that you switch to Safe Run for Websites ... 206 Suspicious / malicious link detected ........................................................................................................ 202 Vulnerability detected ..................................................................................................................................................................................................................... 211 It is recommended that you quit Safe Run for Websites ..............APPENDIX Update databases before scan – start updating the databases............................... 209 Blocked domain region / Access denied......................................................................................................................................................................................................................................................................................... Start scan after update – wait until the update of the databases is completed and start the scan task automatically............................................................... 207 Attempt to access a phishing website detected ..................... 203 Request for permission for an application's actions ...................................................................... 205 An application that may be exploited by intruders........................................................................................... 204 Rolling back changes made by the application that may be exploited by an intruder in order to do harm to the user's computer or data ........................................... 202 A suspicious / malicious object detected ...................... IN THIS SECTION: Network activity of an application has been detected ............. 204 Dangerous activity detected in the system ....... NOTIFICATIONS IN INTERACTIVE PROTECTION MODE This section provides information about notifications that are displayed in interactive protection mode (see section "Selecting a protection mode" on page 64)...................................................................................... 205 Malicious application detected ........................................................ This action option is unavailable if you have started the scan task during the first update of the databases....................................................................................... 208 Attempt to access the system registry detected ......... 211 201 .. 208 Object cannot be disinfected ................................................................................................................................................................................................................................................................................................................................................................. after which the scan task starts automatically.................................................. This action option is unavailable if you have started the scan task before the first update of the databases.................................................... 208 Hidden process detected....................................................................... 210 Dangerous web resource ........................................................ Start scan now – start the scan task without waiting for the update of the databases is completed................................................................................................................................................................................................................................................................ 207 Dangerous object detected in traffic ............................................................................................. is detected .......................................... 210 No information on whether the web resource is safe .....

a notification is displayed on the screen. Mail Anti-Virus. The notification contains the following information: the name of the application and a brief description of the connection that it initiates. You can allow or block the network activity of the application once or for a longer period by selecting one of the following actions: Allow now or Block now – once allow or block the network activity of the application. information about the connection (connection type. object that contains the code of an unknown virus. If the Apply always box is checked in the window. application run sequence. and if no packet rule is created for the application. effective for applications included in the Low Restricted or High Restricted groups). where you can create a rule to manage the network activity of the application (see section "Editing application rules" on page 112). If the Apply to current application session box is checked in the window. the Firewall window opens. a notification is displayed on the screen if any of the following objects is detected: malicious object. Allow now or Block now (when the Apply to current application session box is checked) – remember the selected action for the current session of the application that has shown network activity. you can click the always link to change its name to Apply to current application session. object that contains the modified code of an unknown virus. A SUSPICIOUS / MALICIOUS OBJECT DETECTED While File Anti-Virus. 202 . or a virus scan is running. you can click the to current application session link to change its name to Apply always. whose activity has been detected (see page 111). Block now. You can select one of the following actions: Allow now. Allow now or Block now (when the Apply always box is checked) – remember the action selected for the application and always apply it subsequently. The notification is displayed if Kaspersky Internet Security runs in interactive mode (see section "Selecting a protection mode" on page 64). Create a rule. local and remote port.USER GUIDE NETWORK ACTIVITY OF AN APPLICATION HAS BEEN DETECTED If any network activity of an application is detected (by default. If you select this option. address to which the connection is established).

The icon is displayed next to the name of the malicious object.securelist. The notification contains the following information: Descriptions of the vulnerability. You can return to the processing of skipped objects in the report window. we recommend adding it to the trusted zone to keep the program from making repeat false positives when you use the object. Clicking the icon opens a window with information about the object. The icon is displayed next to the name. Before disinfecting the object. Clicking the icon opens a window with information about the vulnerability. where you can obtain more detailed information about the vulnerability. Otherwise. To apply the selected action to all threats of the same type detected in the current session of a protection component or task. you cannot postpone the processing of objects detected in email messages. However. the status of the object may change.APPENDIX The notification provides the following information: Description of the threat. 203 . If you are sure that the object detected it is not malicious. This option is suggested if the threat is known. a backup copy of it is created. VULNERABILITY DETECTED A notification is displayed on the screen if a vulnerability is detected. The current session is the time from when the component is started until it is disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete. Delete – delete the object. Clicking www. Quarantine – move the object to Quarantine where it will pose no threat to your computer.securelist. This option is suggested if neither the threat nor any ways of disinfecting the object are known. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. a backup copy of it is created. check the Apply to all objects box. You can select one of the following responses to the object: Disinfect – attempt to disinfect the malicious object. but not earlier than three days after it is moved to Quarantine. but perform no actions with regard to it. the object could be assigned the not infected status and then restored. simply record information about it in a report. With further scans of Quarantine.com in the window takes you to the Virus Encyclopedia website.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. the object may be identified as infected and can be processed using an updated database. File name of the vulnerable object. Clicking the www. The status of a file moved to Quarantine can be changed to not infected at a next scan. Before deleting the object. File name of the malicious object. The name of the vulnerability as listed in the Kaspersky Lab Virus Encyclopedia. Ignore / Block – block access to the object. For example. including the path to it. including the path to it.

a notification is displayed on the screen. Location of the application file. including the path to it. The icon is displayed next to the name of the malicious object.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. With further scans of Quarantine. the object could be assigned the not infected status and then restored. Terminate application and make untrusted – move the application to the Untrusted group (so that the application will always be prohibited to run). REQUEST FOR PERMISSION FOR AN APPLICATION'S ACTIONS If an application attempts to perform an action about whose security or necessity Kaspersky Internet Security is unaware.USER GUIDE You can select one of the following responses to the object: Yes. You can block or allow the application run by selecting one of the following actions: Make trusted – move the application to the Trusted group (so that the application will always be allowed to run). Quarantine – close the application. Allow now – allow the application run once. ID of the process and name of the application file. Clicking the icon opens a window with information about the object. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia.securelist. The notification provides the following information: Name and icon of the application. Block now – block the application run once. DANGEROUS ACTIVITY DETECTED IN THE SYSTEM When Proactive Defense detects dangerous application activity on your system. For example. the object may be identified as infected and can be processed using an updated database. Otherwise. fix – eliminate the vulnerability. 204 . move the application file to Quarantine where it poses no threat to your computer's security. Description of the application's actions. a notification pops up. Application run sequence. The notification contains the following information: Description of the threat. Ignore – take no actions on the vulnerable object. the status of the object may change. You can select one of the following actions: Allow – allow the application to run. Clicking the icon opens a window with information about the application. Clicking the www.

Clicking the icon opens a window with information about the application. 205 . ROLLING BACK CHANGES MADE BY THE APPLICATION THAT MAY BE EXPLOITED BY AN INTRUDER IN ORDER TO DO HARM TO THE USER'S COMPUTER OR DATA We recommend that you roll back (discard) changes made by the application that may be exploited by an intruder in order to do harm to the user's computer or data. When such an application ceases its activity. You can select one of the following actions: Skip – cancel changes rollback. The notification provides the following information: Requesting a rollback of changes made by the application that may be exploited by an intruder in order to do harm to the user's computer or data. roll back – roll back the changes made by the application. Add to exclusions – always allow the application to perform such actions in the future. including the path to it. If you are sure that the program detected is not dangerous. a notification is displayed on the screen. Yes. ID of the process and name of the application file. requesting a rollback of changes. but not earlier than three days after it is moved to Quarantine. The icon is displayed next to the name of the application. MALICIOUS APPLICATION DETECTED When System Watcher detects an application whose behavior completely matches the activities of malicious applications. we recommend adding it to the trusted zone to avoid Kaspersky Internet Security making repeat false positives when detecting it. Type and name of the application. ID of the process and name of the application file. The notification provides the following information: Description of the threat. including the path to it.APPENDIX The status of a file moved to Quarantine can be changed to not infected at a next scan. Clicking the icon opens a window with information about the application. The icon is displayed next to the name of the application. a notification is displayed on the screen. Type and name of the malicious application. Terminate application – interrupt the execution of the application. Link to the window with the application emergence log.

Before deleting the object. Clicking the icon opens a window with information about the object. IS DETECTED If File Anti-Virus. Mail Anti-Virus. Quarantine – close the application. the object may be identified as infected and can be processed using an updated database. the object could be assigned the not infected status and then restored. move the application file to Quarantine where it poses no threat to your computer's security.securelist. Name of the object file.com link in the window allows you to go to the Virus Encyclopedia website and obtain more details. This option is suggested if neither a threat nor any ways of disinfecting the object are known. Delete – delete the object. the object may be identified as infected and can be processed using an updated database. Type of the threat and name of the object as listed in the Kaspersky Lab Virus Encyclopedia.delete password-protected archive. With further scans of Quarantine. a backup copy of it is created. Otherwise. You can return to the processing of skipped objects in the report window. but perform no actions with regard to it.USER GUIDE You can select one of the following actions: Allow – allow the application to run. The notification provides the following information: Description of the threat. but not earlier than three days after it is moved to Quarantine. For example. Add to exclusions – create an exclusion rule for this threat type. The status of a file moved to Quarantine can be changed to not infected at a next scan. you cannot postpone the processing of objects detected in email messages. but not earlier than three days after it is moved to Quarantine. Add to exclusions – always allow the application to perform such actions in the future. AN APPLICATION THAT MAY BE EXPLOITED BY INTRUDERS. the status of the object may change. 206 . Otherwise. the object could be assigned the not infected status and then restored. However. the status of the object may change. The status of a file moved to Quarantine can be changed to not infected at a next scan. The icon is displayed next to the name of the object. simply record information about it in a report. Clicking the www. Ignore / Block – block access to the object. a notification is displayed on the screen. Terminate application – interrupt the execution of the application. or the virus scan task detects an application that may be exploited by intruders. including the path to it. For example. Delete archive . With further scans of Quarantine. You can select one of the following responses to the object: Quarantine – move the object to Quarantine where it will pose no threat to your computer.

To apply the selected action to all websites with threats of the same type detected in the current session of a protection component. SUSPICIOUS / MALICIOUS LINK DETECTED When Kaspersky Internet Security detects an attempt to go to a website with suspicious or malicious content. a special notification is displayed on the screen. Block – blocks the website download. check the Apply to all objects box. 207 . The icon is displayed next to the name of the malicious object. Block – block the object download from the web resource. The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted. If you are sure that the object detected it is not malicious. You can select one of the following actions: Allow – continues the website download. To apply the selected action to all threats of the same type detected in the current session of a protection component or task. Object location (URL). a notification is displayed on the screen. we recommend adding it to the trusted zone to keep the program from making repeat false positives when you use the object. check the Apply to all objects box. The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted. DANGEROUS OBJECT DETECTED IN TRAFFIC When Web Anti-Virus detects a malicious object in traffic. You can select one of the following actions: Allow – continue the object download. Clicking the www. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia. Name of the application which performs the action.APPENDIX To apply the selected action to all threats of the same type detected in the current session of a protection component or task. Clicking the icon opens a window with information about the object. The notification contains the following information: A description of the threat or the actions performed by the application.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. the URL of the website or web page with suspicious or malicious content. check the Apply to all objects box.securelist. The notification provides the following information: description of the threat. the name of the application (browser) using which the website was loaded. The current session is the time from when the component is started until it is disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete.

The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted. Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia.USER GUIDE ATTEMPT TO ACCESS A PHISHING WEBSITE DETECTED When Kaspersky Internet Security detects an attempt to access a website that is or may be a phishing site. check the Create a rule box. If you are sure that no activity of the application that attempted to access system registry keys is dangerous. Block – blocks the dangerous action once. a notification is displayed on the screen. You can select one of the following actions: Allow – continues the website download. The notification provides the following information: description of the threat. if the file is so corrupted that the application is unable to remove malicious code from it and restore its integrity. Clicking the www. Besides. check the Apply to all objects box. To apply the selected action to all websites with threats of the same type detected in the current session of Kaspersky Internet Security. OBJECT CANNOT BE DISINFECTED In some cases. including the path to it. ATTEMPT TO ACCESS THE SYSTEM REGISTRY DETECTED When Proactive Defense detects an attempt to access system registry keys. The icon is displayed next to the name of the malicious object.securelist. such as Trojans. 208 . To apply the selected action to each attempt of obtaining access to registry keys. The notification provides the following information: Description of the threat. You can select one of the following actions: Allow – allows the execution of the dangerous action once. add the application to the trusted application list. If an object cannot be disinfected. Block – blocks the website download. Clicking the icon opens a window with information about the object. the file name of the process that initiated the attempt to access the registry keys. The notification provides the following information: the registry key being accessed. File name of the malicious object. an object cannot be disinfected: for example. a notification is displayed on the screen. the disinfection procedure cannot be applied to several types of malicious objects.com link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object. including the path to it. the URL of the website. a notification pops up.

The current session is the time from the moment the component was started until the moment it was closed or Kaspersky Internet Security was restarted. where it poses no threat to your computer's security. a notification is displayed on the screen. check the Apply to all objects box.APPENDIX You can select one of the following actions: Delete – delete the object. The current session is the time from when the component is started until it is disabled or Kaspersky Internet Security is restarted or the time from beginning a virus scan until it is complete. simply record information about it in a report. Before deleting the object. You can return to the processing of skipped objects in the report window. However. The icon is displayed next to the name. Ignore / Block – block access to the object. Allow – allow the execution of the process. we recommend adding it to the trusted zone to avoid Kaspersky Internet Security making repeat false positives when detecting it. Clicking the icon opens a window with information about the threat. check the Apply to all such cases box. Type and name of threat as listed in the Kaspersky Lab Virus Encyclopedia. but perform no actions with regard to it. Add to exclusions – create an exclusion rule for this threat type. Otherwise. The status of a file moved to Quarantine can be changed to not infected at a next scan. You can select one of the following actions: Quarantine – close the process and move the process file to Quarantine. For example.com in the window takes you to the Virus Encyclopedia website. the object could be assigned the not infected status and then restored. where you can obtain more detailed information about the threat. Clicking www. Name of the process file. The notification provides the following information: Description of the threat. you cannot postpone the processing of objects detected in email messages. HIDDEN PROCESS DETECTED If Proactive Defense detects a hidden process in the system. the object may be identified as infected and can be processed using an updated database. With further scans of Quarantine. a backup copy of it is created. including the path to it. To apply the selected action to all threats of the same type detected in the current session of a protection component or task.securelist. the status of the object may change. Terminate – interrupt the process. 209 . If you are sure that the process detected is not dangerous. but not earlier than three days after it is moved to Quarantine. To apply the selected action to all threats of the same type detected in the current session of Proactive Defense.

The notification provides the following information: a description of the reason for blocking access to the website. Open web resource – load the website which belongs to the blocked domain. a notification is displayed in the browser window. The notification provides the following information: a description of the reason for pausing access to the website. When Geo Filter (a module of Web Anti-Virus) detects an attempt to go to a website that belongs to a blocked region. Open anyway – load the dangerous website. A domain is considered as blocked in the following cases: access to the domain was blocked by the user when configuring Web Anti-Virus. a notification is displayed in the browser window. a special notification is displayed in the browser window. DANGEROUS WEB RESOURCE When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a dangerous website. Open Geo Filter settings – open the Web Anti-Virus settings window on the Geo Filter tab. You can select one of the following actions: Back to the previous page – open the previous page without loading the dangerous website. the domain and level of infectiousness of websites in this domain.USER GUIDE BLOCKED DOMAIN REGION / ACCESS DENIED Access to a website may be blocked by Web Anti-Virus on the grounds that the website belongs to a specified regional domain. the URL of the website. a previous attempt to access a website from the same region was blocked by the user. 210 . The notification provides the following information: a description of the reason for blocking access to the website. the URL of the website. You can select one of the following actions: Back to the previous page – open the previous page. NO INFORMATION ON WHETHER THE WEB RESOURCE IS SAFE When Safe Surf (a module of Web Anti-Virus) detects an attempt to go to a website whose security is doubtful. the name of the region to which the website belongs. the URL of the website.

but open the previous page instead. Web Anti-Virus displays a notification in the browser window. You can select one of the following actions: Open web resource in usual browser – quit Safe Run for Websites and open the website in normal mode. This is a bank's website. When you go to a different website that does not have to do with online banking. Mozilla Firefox. Open and add to the trusted addresses – load the website and add its URL to the list of trusted ones to prevent Safe Surf from pausing the loading of this website. Mozilla Firefox. it is recommended that you quit Safe Run for Websites. Open in Safe Run for Websites – load the website in Safe Run for Websites (only for Microsoft Internet Explorer. this may weaken the protection of your digital identity data. When attempting to go to an online banking website. The notification provides the following information: recommendation of quitting Safe Run for Websites. If you continue working with a common website in Safe Run for Websites. Open web resource – open the website in standard mode. Back to the previous page – open the previous page in Safe Run for Websites. When working in Safe Run for Websites and attempting to go from an online banking website to another one. Safe Run for Websites is used. malicious objects on web pages being loaded do not constitute any menace to your computer's security. 211 . No. the address of the website to which you have gone from the online banking website. which will ensure improved protection of your digital identity data when working with online banking. return to the previous page – do not load the website. IT IS RECOMMENDED THAT YOU QUIT SAFE RUN FOR WEBSITES When working with online banking websites. Web AntiVirus displays a notification in the browser window. the address of the online banking resource. The notification provides the following information: recommendation of switching to Safe Run for Websites.APPENDIX You can select one of the following actions: Yes. You can select one of the following actions: Open in Safe Run for Websites – open the website using the safe browser (only for Microsoft Internet Explorer. IT IS RECOMMENDED THAT YOU SWITCH TO SAFE RUN FOR WEBSITES Kaspersky Lab recommends that you use Safe Run for Websites. continue in Safe Run for Websites – open the website in Safe Run for Websites. open web resource – load the website. When loading the website in Safe Run for Websites. and Google Chrome). Back to the previous page – open the previous page in normal mode without opening the website. and Google Chrome).

stored separately. ALTERNATE NTFS STREAMS NTFS data streams (alternate data streams) designed to contain additional attributes or file information. By running a full scan of your computer from the main window. regulating the application's operation as a whole. such as application performance settings. updates). report settings. One of them contains the file content that one is able to view after opening the file. Streams can be created. ACTIVE LICENSE The license currently used for the operation of a Kaspersky Lab application.GLOSSARY A ACTIVATING THE APPLICATION Switching the application into full-function mode. APPLICATION MODULES Files included in the Kaspersky Lab installation package that are responsible for performing its main tasks. The Administration Server certificate is created when Administration Server is installed and then stored in the folder %ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert. The additional license enters into effect when the active license expires. you initiate the execution of this task's module. renamed. AVAILABLE UPDATES A set of updates for Kaspersky Lab application modules. The application cannot have more than one license with active status. A particular executable module corresponds to each type of task performed by the application (real-time protection. B BLACK LIST OF KEY FILES A database containing information on blacklisted Kaspersky Lab key files. and backup storage settings. The user needs a license to activate the application. The license defines the expiration date for full functionality and the license policy for the application. which may also be archives. The content of the black list file is updated along with the product databases. and even run as a process. APPLICATION SETTINGS Application settings which are common for all task types. ARCHIVE File "containing" one or several other objects. deleted. including critical updates accumulated over a certain period of time and changes to the application's architecture. or to steal them from a computer. Alternate streams can be used by intruders to transfer data secretly. Each file in an NTFS file system is a set of streams. 212 . such as an older file system by Macintosh called the Hierarchical File System (HFS). other streams (called alternate) are designed to contain meta information and ensure. on-demand scan. ADDITIONAL LICENSE A license that has been added for the operation of Kaspersky Lab application but has not been activated. NTFS compatibility with other systems. for example. ADMINISTRATION SERVER CERTIFICATE A certificate which allows Administration Server authentication when connecting the Administration Console to it and when exchanging data with users' computers.

folder. We recommend that this method be applied to dangerous objects which. executed. 213 . Consists of creating a copy of the infected object. we recommend that you disinfect it using one of Kaspersky Lab's applications. changed. DISK BOOT SECTOR A boot sector is a particular area on a computer's hard drive. BOOT VIRUS A virus that infects the boot sectors of a computer's hard drive. cannot be disinfected. D DANGEROUS OBJECT An object containing a virus. DATABASE OF PHISHING WEB ADDRESSES List of web addresses which are defined as phishing by Kaspersky Lab specialists. In doing so. It is regularly updated and is included in the Kaspersky Lab application package. as well as methods used for their detection and disinfection. A blocked object cannot be read. These databases are constantly updated by Kaspersky Lab as new threats appear. or deleted. Once an infected object is detected. and replacing the original infected object with the disinfected copy after the next system restart. or other data storage device. DISINFECTING OBJECTS ON RESTART A method of processing infected objects that are being used by other applications at the moment of disinfection. You are advised not to access these objects. DATABASE OF SUSPICIOUS WEB ADDRESSES List of web addresses whose content can be considered to be potentially dangerous. There exist a number of viruses that infect boot sectors. The database is regularly updated and is part of the Kaspersky Lab application. for whatever reason. DELETING AN OBJECT The method of processing objects which ends in it being physically deleted from its original location (hard drive. DATABASE UPDATE One of the functions performed by a Kaspersky Lab application that enables it to keep protection current. C COMPRESSED FILE An archive file that contains a decompression program and instructions for the operating system for executing it. network resource). or delete it if disinfection is not possible. The virus forces the system to load it into memory during reboot and to direct control to the virus code instead of the original boot loader code. which are thus called boot viruses. disinfecting the copy created. It contains information on the disk's file system and a boot loader program that is responsible for starting the operating system. because it may result in infection of your computer. DATABASES Databases created by Kaspersky Lab's experts and containing a detailed description of all current threats to computer security. floppy. The Kaspersky Lab application allows scanning of boot sectors for viruses and disinfecting them if an infection is found. the databases are downloaded from the Kaspersky Lab update servers onto the computer and are automatically connected to the application. The list was created by Kaspersky Lab specialists.GLOSSARY BLOCKING AN OBJECT Denying access to an object from external applications.

serial port. depending on the situation when the event occurred. EVENT SEVERITY LEVEL Description of an event logged during the operation of the Kaspersky Lab application. Each incoming/outgoing email is placed in the mail database after it is received/sent. not by users. You can exclude files of certain formats. The two standard wildcards used in file masks are * and ?. EXCLUSION An Exclusion is an object excluded from the scan by a Kaspersky Lab application. Resolution of DNS names is usually carried out by network applications. Events of the same type may have different severity levels. where * represents any number of any characters and ? stands for any single character. E EMAIL DATABASES Databases containing emails in a special format and saved on your computer. according to the Virus Encyclopedia classification from the scan. Information message. H HARDWARE PORT Socket on a hardware component of a computer in which a cable or a plug can be connected (LPT port. DUAL-HOMED GATEWAY Computer equipped with two network adapters (each of which is connected to a different network) which transfers data from one network to the other. There are four severity levels: Critical event. you can represent any file. 214 . Warning. As a special case. a certain area (for example. USB port). These databases are scanned during a full computer scan. F FALSE ALARM A situation when a Kaspersky Lab application considers a non-infected object to be infected because its code is similar to that of a virus.USER GUIDE DOMAIN NAME SERVICE (DNS) A distributed system for converting the name of a host (a computer or other network device) to an IP address. a folder or a program). Using these wildcards. DNS functions in TCP/IP networks. FILE MASK Representation of a file name and extension using wildcards. DNS can also store and process reverse requests and determine the name of a host by its IP address (PTR record). Each task can be assigned a set of exclusions. application processes. Functional failure. or objects by threat type. file masks. Note that the name and extension are always separated by a period. Incoming and outgoing emails are analyzed for viruses in real time at the time that they are sent and received if real-time protection is enabled.

GLOSSARY HEADER The information in the beginning of a file or a message. the technology supports a limited number of formats (EXE. CHM. The information for each file is stored in a special database. RAR). LNK. which is comprised of low-level data on file (or message) status and processing. It allows detection of objects suspected of being infected with an unknown virus or a new modification of known viruses. I ICHECKER TECHNOLOGY iChecker is a technology that increases the speed of anti-virus scans by excluding objects that have remained unchanged since their last scan. The input/output port is associated with a certain hardware component and allows applications to address it for data exchange. The next time the application will skip this archive unless it has been altered or the scan settings have been changed. For example. INF. INSTALLATION USING A LOGON SCRIPT A method of remote installation of Kaspersky Lab applications which allows the startup of the remote installation task to be assigned to an individual user account (or to several user accounts). modified the scan settings. INPUT/OUTPUT PORT Used in processors (such as Intel) for exchanging data with hardware components. 215 . or updated the antivirus database. you have an archive file that was scanned by the Kaspersky Lab application and assigned not infected status. the email message header contains such data as information about the sender and recipient and the date. the archive is re-scanned. INCOMPATIBLE APPLICATION An antivirus application from a third-party developer or a Kaspersky Lab application that does not support management through Kaspersky Internet Security. This method is recommended for installing the applications on computers running under Microsoft Windows 98 / Me operating systems. TTF. In particular. The use of a heuristic analyzer detects up to 92% of threats. since it is faster to scan a file than check whether it was modified since it was last scanned. Kaspersky Lab does not recommend using such objects since they may infect your computer. Files detected by the heuristic analyzer are considered suspicious. SYS. HEURISTIC ANALYZER A technology designed for detecting threats that cannot be identified using the Kaspersky Lab application databases. It is detected when a section of the object's code completely matches a section of the code of a known threat. provided that the scan parameters (the anti-virus database and settings) have not changed. This mechanism is fairly effective and very rarely leads to false positives. INFECTED OBJECT Object containing a malicious code. The set of interceptors specific to your installation depends on what role or what combination of roles the application is being deployed for. This technology is used in both real-time protection and on-demand scan modes. DLL. Limitations of iChecker technology: this technology does not work with large files. COM. ZIP. If you altered the archive content by adding a new object to it. INTERCEPTOR Subcomponent of the application responsible for scanning specific types of email. Registering a user in a domain leads to an attempt to install the application on the client computer on which the user has been registered.

USER GUIDE INTERNET PROTOCOL (IP) The basic protocol for the Internet. It performs basic operations for transmitting data from one computer to another and serves as the foundation for higher-level protocols like TCP and UDP. LIST OF BLOCKED SENDERS (also "Black" list of addresses) The list of email addresses from which messages should be blocked by the Kaspersky Lab application. LIST OF BLOCKED URLS A list of masks and addresses of web resources. which makes it possible to meet the demands of the constantly growing Internet using the relatively restricted IPv4 address space. access to which is blocked by the Kaspersky Lab application. used without change since the time of its development in 1974. 216 . the application has reduced functionality. You will not be able to update the application databases. improves performance of some protection components. Technologies such as NAT and masking make it possible to hide a large number of private networks using a small number of IP addresses (or even one address). regardless of their content. LIST OF ALLOWED URLS A list of masks and addresses of web resources to which access is not blocked by the Kaspersky Lab application. LIST OF ALLOWED SENDERS (also "White" list of addresses) The list of email addresses from which messages should not be scanned by Kaspersky Lab application. L LICENSE VALIDITY PERIOD The period of time during which you are able to use all features of your Kaspersky Lab application. or is emailed to you if you purchased the product online. The list of addresses is created by the user during application settings configuration. and reduces the risk of false positives. The list of addresses is created by the user during application settings configuration. and software. The license validity period generally runs for one calendar year from the date of installation. After the license expires. KEY FILE A file with the KEY extension. A key file is included with the product if you purchased it from Kaspersky Lab distributors. LIST OF TRUSTED URLS A list of masks and addresses of web resources whose content the user trusts. A Kaspersky Lab application does not scan web pages corresponding to a list item for the presence of malicious objects. It manages connection and error processing. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky Internet Security when encountering new types of threats. web resources. KASPERSKY SECURITY NETWORK The Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab. K KASPERSKY LAB'S UPDATE SERVERS A list of Kaspersky Lab's HTTP and FTP servers from which the application downloads databases and module updates to your computer. which is your personal "key" and is necessary for working with the Kaspersky Lab application. which contains information about the reputation of files.

there are usually standard port numbers (for example. a program can use any protocol on any port. OBSCENE MESSAGE Email message containing offensive language. the table is scanned as an OLE object. Part of the data may be lost during disinfection. N NETWORK PORT A TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host over a network and makes it possible for various programs running on a single host to receive data independently of each other. OBJECT DISINFECTION A method used for processing infected objects that results in complete or partial recovery of data or the decision that the objects cannot be disinfected. MOVING OBJECTS TO QUARANTINE A method of processing a potentially infected object by blocking access to the file and moving it from its original location to the Quarantine folder. Possible values: 1 to 65535. For example. which rules out the threat of infection. MESSAGE DELETION The method of processing an email message where the message is physically removed. O OLE OBJECT An attached object or an object embedded into another file. For some common network protocols. generally. NOTIFICATION TEMPLATE A template based on which a notification about infected objects detected by a scan is generated. A notification template includes a combination of settings regulating the mode of notification. and the text of messages to be sent. or SMTP protocols across the firewall and sent to a Kaspersky Lab application to be scanned. however. M MEMORY DUMP Content of the working memory of a process or the entire RAM of the system at a specified moment of time.GLOSSARY LIST OF WEB ADDRESSES TO BE CHECKED A list of masks and addresses of web resources which are mandatorily scanned for malicious objects by the Kaspersky Lab application. MONITORED OBJECT A file transferred via HTTP. We recommend that this method be applied to messages that definitely contain spam or malware. web servers usually receive HTTP requests on TCP port 80). where the object is saved in encrypted form. Objects are disinfected using the database records. the means of distribution. FTP. a copy of it is saved in backup (unless this option is disabled). Each program processes data received via a certain port (this is sometimes referred to as the program "listening" to that port). if you insert a Microsoft Office Excel table into a Microsoft Office Word document. Before deleting a message. 217 . The Kaspersky Lab application allows scanning of OLE objects for viruses.

USER GUIDE

P
PHISHING
A kind of Internet fraud which consists of sending email messages with the purpose of stealing confidential information as a rule, various financial data.

POTENTIALLY INFECTABLE OBJECT
An object which, due to its structure or format, can be used by intruders as a "container" to store and distribute a malicious object. As a rule, they are executable files, for example, files with the extensions COM, EXE, DLL, etc. The risk of penetration of malicious code into such files is fairly high.

POTENTIALLY INFECTED OBJECT
An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Potentially infected files are detected using a heuristic analyzer.

PROTECTION STATE
The current status of protection, summarizing the degree of security of the computer.

PROTOCOL
A clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known protocols and the services associated with them include HTTP (WWW), FTP, and NNTP (news).

PROXY SERVER
A computer network service which allows users to make indirect requests to other network services. First, a user connects to a proxy server and requests a resource (e.g., a file) located on another server. Then the proxy server either connects to the specified server and obtains the resource from it or returns the resource from its own cache (if the proxy has its own cache). In some cases, a user's request or a server's response can be modified by the proxy server for certain purposes.

Q
QUARANTINE
A certain folder where all potentially infected objects which were detected during scans or by real-time protection are placed.

R
REAL-TIME PROTECTION
The application's operating mode under which objects are scanned for the presence of malicious code in real time. The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats. Uninfected objects are passed on to the user; objects containing threats or suspected of containing them are processed pursuant to the task settings (they are disinfected, deleted or quarantined).

RECOMMENDED LEVEL
The level of security based on application settings recommended by Kaspersky Lab experts and providing an optimal level of protection for your computer. This level is set to be used by default.

RESTORATION
Moving an original object from Quarantine or Backup to the folder where it was originally found before being moved to Quarantine, disinfected, or deleted, or to a different folder specified by the user.

218

GLOSSARY

ROOTKIT
An application or a set of applications developed for masking traces of an intruder or malware in the system. In Windows-based systems, rootkit usually means a program that penetrates in the system and intercepts system functions (Windows API). First of all, intercepting and modifying low-level API functions allow such program to mask its presence in the system in a quite sophisticated manner. Besides, a rootkit may, as a rule, mask the presence of any processes, folders and files on the disk, and registry keys if they are described in the rootkit's configuration. Many rootkits install their own drivers and services in the system (they also are "invisible").

S
SCRIPT
A small computer program or an independent part of a program (function) which, as a rule, has been developed to execute a small specific task. It is most often used with programs embedded into hypertext. Scripts are run, for example, when you open a certain website. If real-time protection is enabled, the application tracks the launching of scripts, intercepts them, and scans them for viruses. Depending on the results of the scan, you may block or allow the execution of a script.

SECURITY LEVEL
The security level is defined as a pre-set component configuration.

SOCKS
Proxy server protocol that allows establishment of a point-to-point connection between computers in the internal and external networks.

SPAM
Unsolicited mass email mailings, most often including advertising messages.

STARTUP OBJECTS
The set of programs needed to start and correctly operate the operating system and software installed on your computer. These objects are executed every time the operating system is started. There are viruses capable of infecting such objects specifically, which may lead, for example, to blocking of operating system startup.

SUBNET MASK
The subnet mask (also known as netmask) and network address determine the addresses of computers on a network.

SUSPICIOUS MESSAGE
A message that cannot be unambiguously considered spam, but seems suspicious when scanned (e.g., certain types of mailings and advertising messages).

SUSPICIOUS OBJECT
An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Suspicious objects are detected using the heuristic analyzer.

T
TASK
Functions performed by Kaspersky Lab's application are implemented as tasks, such as: Real-time file protection, Full computer scan, Database update.

TASK SETTINGS
Application settings which are specific for each task type.

219

USER GUIDE

THREAT RATING
The rating of how dangerous an application is for the operating system. The rating is calculated using heuristic analysis based on two types of criteria: static (such as information about the executable file of an application: size, creation date, etc.); dynamic, which are used when simulating the application's operation in a virtual environment (analysis of the application's calls to system functions). The threat rating allows the detection of behavior typical of malware. The lower the threat rating is, the more actions the application will be allowed to perform in the system.

TRACES
Running the application in debugging mode; after each command is executed, the application is stopped, and the result of this step is displayed.

TRAFFIC SCAN
A real-time scan using information from the latest version of the databases for objects transmitted via all protocols (for example, HTTP, FTP, etc.).

TRUSTED PROCESS
A program process, whose file operations are not monitored by Kaspersky Lab's application in real-time protection mode. In other words, no objects run, open, or saved by the trusted process are scanned.

U
UNKNOWN VIRUS
A new virus about which there is no information in the databases. Generally, unknown viruses are detected by the application in objects using the heuristic analyzer, and those objects are classified as potentially infected.

UPDATE
The procedure of replacing/adding new files (databases or application modules) retrieved from the Kaspersky Lab update servers.

UPDATE PACKAGE
File package for updating the software. It is downloaded from the Internet and installed on your computer.

URGENT UPDATES
Critical updates to Kaspersky Lab application modules.

V
VIRUS ACTIVITY THRESHOLD
The maximum permissible level of a specific type of event over a limited time period that, when exceeded, is considered to be excessive virus activity and a threat of a virus outbreak. This feature is highly significant during virus outbreaks and enables an administrator to react in a timely fashion to threats of virus outbreaks that arise.

VIRUS OUTBREAK
A series of deliberate attempts to infect a computer with a virus.

VIRUS OUTBREAK COUNTER
A template based on which a notification of a virus outbreak threat is generated. A virus outbreak counter includes a combination of settings which determine the virus activity threshold, means of spreading, and the text in messages sent.

220

KASPERSKY LAB ZAO
Kaspersky Lab software is internationally renowned for its protection against viruses, malware, spam, network and hacker attacks, and other threats. In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred developer of computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009". Kaspersky Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The company employs more than 2000 qualified specialists. Products. Kaspersky Lab’s products provide protection for all systems—from home computers to large corporate networks. The personal product range includes anti-virus applications for desktop, laptop, and pocket computers, and for smartphones and other mobile devices. Kaspersky Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and firewalls. Used in conjunction with Kaspersky Lab’s centralized management system, these solutions ensure effective automated protection for companies and organizations against computer threats. Kaspersky Lab's products are certified by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are optimized to run on many hardware platforms. Kaspersky Lab’s virus analysts work around the clock. Every day they uncover thousands of new computer threats, create tools to detect and disinfect them, and include them in the databases used by Kaspersky Lab applications. Kaspersky Lab's Anti-Virus database is updated hourly; and the Anti-Spam database every five minutes. Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by Kaspersky Lab. It is no coincidence that many other developers user the Kaspersky Anti-Virus kernel in their products, including: SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies (Israel), Clearswift (UK), CommuniGate Systems (USA), Critical Path (Ireland), D-Link (Taiwan), M86 Security (USA), GFI (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), NETASQ (France), NETGEAR (USA), Parallels (Russia), SonicWALL (USA), WatchGuard Technologies (USA), ZyXEL Communications (Taiwan). Many of the company’s innovative technologies are patented. Achievements. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer threats. For example, in 2010 Kaspersky Anti-Virus was given several top Advanced+ awards after a series of tests held by AV-Comparatives, a renowned Austrian anti-virus lab. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The company’s products and technologies protect more than 300 million users, and its corporate clients number more than 200,000. Kaspersky Lab official site: Virus Encyclopedia: Anti-Virus Lab: http://www.kaspersky.com http://www.securelist.com newvirus@kaspersky.com (only for sending probably infected files in archive format) http://support.kaspersky.com/virlab/helpdesk.html (for queries addressed to virus analysts) Kaspersky Lab web forum: http://forum.kaspersky.com

221

INFORMATION ABOUT THIRD-PARTY CODE
Information about third-party code is contained in a file named legal_notices.txt and stored in the application installation folder.

222

INDEX
A
Anti-Banner list of blocked banner addresses .......................................................................................................................... 136 Anti-Spam additional filtering features .................................................................................................................................... 131 agressiveness level .............................................................................................................................................. 122 database of phishing web addresses ................................................................................................................... 125 list of allowed phrases .......................................................................................................................................... 127 list of allowed senders .......................................................................................................................................... 128 list of blocked phrases .......................................................................................................................................... 127 list of blocked senders .......................................................................................................................................... 128 Microsoft Exchange Server messages ................................................................................................................. 132 plug-in for Microsoft Office Outlook ...................................................................................................................... 133 plug-in for Microsoft Outlook Express ................................................................................................................... 133 plug-in for The Bat! ............................................................................................................................................... 134 plug-in for Thunderbird ......................................................................................................................................... 134 restoring the default settings................................................................................................................................. 122 training .................................................................................................................................................................. 122 Application Control application run sequence ...................................................................................................................................... 106 editing an application rule ..................................................................................................................................... 105 protection scope ................................................................................................................................................... 107 Application rule Firewall ................................................................................................................................................................. 112 Application run sequence Application Control ............................................................................................................................................... 106 Application self-defense ............................................................................................................................................. 159

B
Browser Configuration ................................................................................................................................................ 165

C
Computer performance .............................................................................................................................................. 157

D
Data clearing Safe Run............................................................................................................................................................... 140 Database of phishing web addresses Anti-Spam ............................................................................................................................................................. 125 IM Anti-Virus ........................................................................................................................................................... 97 Web Anti-Virus........................................................................................................................................................ 90 Disabling / enabling real-time protection ...................................................................................................................... 40

E
Editing an application rule Application Control ............................................................................................................................................... 105 EICAR ........................................................................................................................................................................ 176 Enable Parental Control.................................................................................................................................................... 145

F
File Anti-Virus heuristic analysis .................................................................................................................................................... 81 pausing ................................................................................................................................................................... 78

223

USER GUIDE

protection scope ..................................................................................................................................................... 79 response to a threat ................................................................................................................................................ 81 scan mode .............................................................................................................................................................. 80 scan of compound files ........................................................................................................................................... 82 scan optimization .................................................................................................................................................... 83 scan technology...................................................................................................................................................... 81 security level ........................................................................................................................................................... 80 Firewall application rule ..................................................................................................................................................... 112 changing rule priority ............................................................................................................................................ 112 changing the network status ................................................................................................................................. 110 Firewall rule .......................................................................................................................................................... 110 packet rule ............................................................................................................................................................ 111 Firewall rule Firewall ................................................................................................................................................................. 110

H
Heuristic analysis File Anti-Virus ......................................................................................................................................................... 81 Mail Anti-Virus ........................................................................................................................................................ 86 Web Anti-Virus........................................................................................................................................................ 93

I
IM Anti-Virus database of phishing web addresses ..................................................................................................................... 97 protection scope ..................................................................................................................................................... 96 Installation folder .......................................................................................................................................................... 20

K
Kaspersky URL Advisor Web Anti-Virus........................................................................................................................................................ 91

L
License activating the application ........................................................................................................................................ 43 End User License Agreement ................................................................................................................................. 29 License renewal ........................................................................................................................................................... 44

M
Mail Anti-Virus attachment filtering ................................................................................................................................................. 86 heuristic analysis .................................................................................................................................................... 86 protection scope ..................................................................................................................................................... 84 response to a threat ................................................................................................................................................ 86 scanning of compound files .................................................................................................................................... 87 security level ........................................................................................................................................................... 90

N
Network encrypted connections .......................................................................................................................................... 116 monitored ports..................................................................................................................................................... 119 Network Attack Blocker blocking time......................................................................................................................................................... 115 types of detected network attacks ........................................................................................................................ 114 unblocking a computer ......................................................................................................................................... 115 Network Monitor ......................................................................................................................................................... 118 Notifications.................................................................................................................................................................. 45 delivery of notifications using email ...................................................................................................................... 173 disabling ............................................................................................................................................................... 172 disabling the audio signal ..................................................................................................................................... 173

224

................ 149 searching for key words ......................... 79 IM Anti-Virus .......................................................................................................................................................................... 169 filtering ......................................... 146 limiting time for computer use .......................................................... 95 Q Quarantine and Backup............................... 168 view ......................................................................................................................................................................................................................................... 149 communicating via IM clients ...... 96 Mail Anti-Virus ..................... 99 dangerous activity monitoring rule ..................................... 86 virus scan .................................................................................................................................................INDEX notification types ......................................................... 148 safe search mode ..................... 69 Web Anti-Virus................................ 152 Proactive Defense dangerous activity list ................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 148 limiting time for Internet use........................................................... 173 P Packet rule Firewall .................................................................................................................................................................... 170 selecting a component or a task ........................................................................................ 66 type of objects to scan ................. 150 downloading files from the Internet .................................................. 122 Restricting access to the application ............................................................................. 81 Mail Anti-Virus .................................................................................................................................................................. 99 group of trusted applications.......................................................................................................................................................................................................................... 150 enabling and disabling ............................................................................................................................................................. 145 exporting / importing settings ............................................................................................................ 63 S Safe Run data clearing ....... 70 schedule ................................................................................................................................................................................................ 67 scan optimization ................................................................................................................................ 69 225 ............................................................................................................................................................................................................................................................................................................................. 67 security level .......................................................... 168 saving to file........................................................................................................................................................................................................................................................ 69 action with regard to a detected object ............................................................. 98 Protection scope Application Control ..................................................................................................................................................................................................................... 90 Restoring the default settings ........................................................................................................................................................................................... 153 sending private data ................................................................................................. 143 Scan account ..................................................................................................................................................... 160 R Reports events search ............................... 70 scan technologies ............................................................................................................................................................................................................................................................................................................................................. 107 File Anti-Virus ................................................................................................................................................ 140 shared folder..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 84 Web Anti-Virus................................................................................................................................................................... 111 Parental Control browsing websites .. 148 running applications ...................................................................................................................... 57 Rescue Disk ................................................................................ 69 automatic startup of a skipped task ....................................................................... 68 scanning of compound files ................................................................... 54 Response to a threat File Anti-Virus ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 58 Anti-Spam ........................................................................................................................................................................................................................

............................................................................................................ 94 heuristic analysis ....................................................................................................................................................................................................................................................................................................................... 74 update source .. 90 Shared folder Safe Run.. 74 rolling back the last update ............................................................................................................................................................. 90 Web Anti-Virus............................... 80 Mail Anti-Virus .................. 73 V Virtual Keyboard........................................................................................................................................................................................................................................................................................................ 143 T The context menu .............................................................................................................................................................................................................................................................................................. 50 W Web Anti-Virus database of phishing web addresses .......................................................................................................................................................................................................................USER GUIDE vulnerability scan .......... 90 scan optimization ......................................................................... 90 226 .............................................. 67 Security level File Anti-Virus ............................................................................................................... 94 security level .............................................................................................................................................................................................................................................................................................................................................................. 123 using outgoing messages ........................... 95 response to a threat ............................................................................................................................................................................................................................................................ 180 uploading tracing results ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 77 regional settings ........................................... 33 The taskbar notification area icon ....................................... 32 The main application window ...................................................................................................................................................... 124 Trusted zone exclusion rules ...................................................................................................... 72 Schedule update................................................................................................................................................................................................ 31 Traces creating a trace file ............................................................................................................................................................................................. 154 U Uninstallation application ............................................................................................................................................................................ 93 Kaspersky URL Advisor ..... 76 Updating from a local folder ............................................................................................................................................................ 155 trusted applications ............................................................................................................................................................................................................................................................................................................................................................ 123 using reports ........ 27 Update proxy server ............................................................................... 90 Geo Filter ......................................................................... 180 Training Anti-Spam using an email client .............................................. 91 protection scope ......................................... 75 virus scan .................................................................................................................

Sign up to vote on this title
UsefulNot useful