User guide
W EB T R A F F I C P R O T E C T I O N
63
USING HEURISTIC ANALYSIS
Essentially, the heuristic method analyzes the object's activities in the system. If those actions are typical of malicious
objects, the object is likely to be classed as malicious or suspicious. This allows new threats to be detected even before
they have been researched by virus analysts. By default, heuristic analysis is enabled.
Kaspersky Anti-Virus will notify you when a malicious object is detected in a message. You should react to the notification
by further processing the message.
Additionally you can set the detail level of scanning: Light, Medium, or Deep. To do so, move the slider bar to the
selected position.
To enable/disable the heuristic analysis, and to set the detail level for the scan, please do the following:
1. Open the main application window and click the Settings link in the top part of the window.
2. In the window that will open, in the Protection section select the Web Anti-Virus component.
3. Click the Settings button for the component you have selected.
4. In the Web Anti-Virus window that will open, in the Scan methods section, check / uncheck the
Heuristic analysis box and set the scan detail level below for the component selected.
SCAN OPTIMIZATION
To detect malicious code more efficiently, Web Anti-Virus buffers fragments of objects downloaded from the Internet.
When using this method, Web Anti-Virus only scans an object after it has been completely downloaded. Then, the object
is scanned for viruses and returned to the user for work or blocked, depending on scan results.
However, buffering objects increases object processing time, and hence the time before the application returns objects to
the user. This can cause problems when copying and processing large objects because the connection with the HTTP
client may time out.
To solve this problem, we suggest limiting the buffering time for web object fragments downloaded from the Internet.
When this time limit expires, the user will receive the downloaded part of the file without scanning, and once the object is
fully copied, it will be scanned in its entirety. This allows reducing the time period needed to transfer the object to the
user, and eliminating the problem of disconnection; at that, security level for Internet use will not reduce.
By default, the buffering time for file fragments is limited to one second. Increasing this value or removing the buffering
time limit will result in better virus scans but somewhat slower access to the object.
To set a time limit for fragment buffering or remove it, please do the following:
1. Open the main application window and click the Settings link in the top part of the window.
2. In the window that will open, in the Protection section select the Web Anti-Virus component.
3. Click the Settings button for the component you have selected.
4. In the Web Anti-Virus window that will open, in the Scan optimization section, check / uncheck the
Limit fragment buffering time box and enter the time value (in seconds) in the field right to it.