User guide
U S E R G U I D E
124
PROACTIVE DEFENSE
This section describes the functions of Kaspersky Small Office Security 2 for Personal Computer. These functions are
missing in Kaspersky Small Office Security 2 for File Server.
Proactive Defense ensures protection against new threats which are not yet included in Kaspersky Small Office Security
databases.
The preventative technologies provided by Proactive Defense neutralize new threats before they harm your computer. In
contrast with responsive technologies, which analyze code based on records in Kaspersky Small Office Security
databases, preventative technologies recognize a new threat on your computer by the sequence of actions executed by
a program. If, as a result of activity analysis, the sequence of an application's actions arouses suspicion, Kaspersky
Small Office Security blocks the activity of this application.
For example, when actions such as a program copying itself to network resources, the startup folder and the system
registry are detected, it is highly likely that this program is a worm. Hazardous sequences of actions also include
attempts to modify the HOSTS file, hidden installation of drivers, etc. You can turn off monitoring for any hazardous
activity or edit the rules of monitoring (see page 125) for it.
As opposed to the Security Zone, Proactive Defense responds immediately to a defined sequence of an application's
actions. Activity analysis is performed for all applications, including those grouped as Trusted by the Security Zone
component.
You can create a group of trusted applications (see page 125) for Proactive Defense. If done, you will not be notified of
activities of these applications.
If your computer runs under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, Microsoft
Windows Vista x64, Microsoft Windows 7, or Microsoft Windows 7 x64, control will not apply to each event. This is due to
specific features of these operating systems. For example, control will not apply in full volume to the sending data
through trusted applications, and suspicious system activities.
IN THIS SECTION:
Enabling and disabling Proactive Defense .................................................................................................................... 124
Creating a group of trusted applications ........................................................................................................................ 125
Using the dangerous activity list .................................................................................................................................... 125
Changing the dangerous activity monitoring rule .......................................................................................................... 125
Rolling back a malicious program's actions ................................................................................................................... 126
ENABLING AND DISABLING PROACTIVE DEFENSE
By default, Proactive Defense is enabled, functioning in optimum mode. You can disable Proactive Defense, if required.
To enable or disable Proactive Defense, perform the following steps:
1. Open the main application window.
2. In the top part of the window, click the Settings link.