• No results found

D ELETING RULES FOR APPLICATIONS

By default, the rules for applications which have not been started for the 60 days are deleted automatically. You can modify the storage time for rules for unused applications, or disable rules' automatic removal.

To set the storage time for application rules:

1. Open the main application window and click the Settings link in the top part.

2. In the window that opens, in the Protection Center section, select the Security Zone component.

3. For the selected component, check the Delete rules for applications remaining inactive for more than box in the Additional section and specify the necessary number of days.

AD V A N C E D A P P L I C A T I O N S E T T I N G S

123

To disable the automatic removal of the rules for unused applications:

1. Open the main application window and click the Settings link in the top part.

2. In the window that opens, in the Protection Center section, select the Security Zone component.

3. In the Additional section, uncheck the Delete rules for applications remaining inactive for more than box for the selected component.

PROTECTING OPERATING SYSTEM RESOURCES AND IDENTITY DATA

Security Zone manages the applications' rights to take actions on various resource categories of the operating system and identity data.

Kaspersky Lab specialists have distinguished the preset categories of protected resources. You cannot edit this list. However, you can expand this list by adding user categories and / or individual resources, or stop controlling the selected resources.

To add identity data to be protected:

1. Open the main application window and click the Settings link in the top part.

2. In the window that opens, in the Protection Center section, select the Security Zone component. 3. Click the Settings button for the component you have selected.

4. In the window that opens, on the Identity data tab, in the Category dropdown list, select the required category of identity data and open the window for adding resources, by clicking the Add link.

5. In the User resource window that opens, click the Browse button and specify required data, depending on the resource being added.

After you add a resource, you can edit or remove it using the respective buttons in the top part of the tab. To disable the control of a resource or category, uncheck the box next to it.

To create the category of identity data items to be protected:

1. Open the main application window and click the Settings link in the top part.

2. In the window that opens, in the Protection Center section, select the Security Zone component. 3. Click the Settings button for the component you have selected.

4. In the window that opens, on the Identity data tab, open the window for adding resources, by clicking the Add category link.

5. In the Identity data category window that opens, enter a name for the new resource category.

To add operating system settings and resources to be protected:

1. Open the main application window and click the Settings link in the top part.

2. In the window that opens, in the Protection Center section, select the Security Zone component. 3. Click the Settings button for the component you have selected.

4. In the window that opens, on the Operating system tab, in the Category dropdown list, select the required category of operating system objects and open the window for adding resources, by clicking the Add link. After you add a resource, you can edit or remove it using the respective buttons in the top part of the tab. To disable the control of a resource or category, uncheck the box next to it.

US E R GU I D E

124

PROACTIVE DEFENSE

This section describes the functions of Kaspersky Small Office Security 2 for Personal Computer. These functions are missing in Kaspersky Small Office Security 2 for File Server.

Proactive Defense ensures protection against new threats which are not yet included in Kaspersky Small Office Security databases.

The preventative technologies provided by Proactive Defense neutralize new threats before they harm your computer. In contrast with responsive technologies, which analyze code based on records in Kaspersky Small Office Security databases, preventative technologies recognize a new threat on your computer by the sequence of actions executed by a program. If, as a result of activity analysis, the sequence of an application's actions arouses suspicion, Kaspersky Small Office Security blocks the activity of this application.

For example, when actions such as a program copying itself to network resources, the startup folder and the system registry are detected, it is highly likely that this program is a worm. Hazardous sequences of actions also include attempts to modify the HOSTS file, hidden installation of drivers, etc. You can turn off monitoring for any hazardous activity or edit the rules of monitoring (see page 125) for it.

As opposed to the Security Zone, Proactive Defense responds immediately to a defined sequence of an application's actions. Activity analysis is performed for all applications, including those grouped as Trusted by the Security Zone component.

You can create a group of trusted applications (see page 125) for Proactive Defense. If done, you will not be notified of activities of these applications.

If your computer runs under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, Microsoft

Windows Vista x64, Microsoft Windows 7, or Microsoft Windows 7 x64, control will not apply to each event. This is due to specific features of these operating systems. For example, control will not apply in full volume to the sending data through trusted applications, and suspicious system activities.

IN THIS SECTION:

Enabling and disabling Proactive Defense ... 124

Creating a group of trusted applications ... 125

Using the dangerous activity list ... 125

Changing the dangerous activity monitoring rule ... 125

Rolling back a malicious program's actions ... 126

ENABLING AND DISABLING PROACTIVE DEFENSE

By default, Proactive Defense is enabled, functioning in optimum mode. You can disable Proactive Defense, if required.

To enable or disable Proactive Defense, perform the following steps:

1. Open the main application window.

AD V A N C E D A P P L I C A T I O N S E T T I N G S

125

3. In the left part of the window, in the Protection Center section, select the Proactive Defense component. 4. In the right part of the window, uncheck the Enable Proactive Defense box if you need to disable this

component. Check this box if you need to enable the component.

CREATING A GROUP OF TRUSTED APPLICATIONS

Programs recognized by the Security Zone component as Trusted pose no threat for the system. However, their activities will also be monitored by Proactive Defense.

You can create a group of trusted applications; Proactive Defense will not monitor their activity. By default, the list of trusted applications includes applications with verified digital signature and applications from Kaspersky Security Network database.

To change the settings of the trusted applications group, perform the following steps:

1. Open the main application window.

2. In the top part of the window, click the Settings link.

3. In the left part of the window, in the Protection Center section, select the Proactive Defense component. 4. In the right part of the window, in the Trusted applications section, check the boxes next to the required

settings.

USING THE DANGEROUS ACTIVITY LIST

The list of actions typical of dangerous activity cannot be edited. You can turn off monitoring for one dangerous activity or another.

To turn off monitoring for one dangerous activity or another:

1. Open the main application window.

2. In the top part of the window, click the Settings link.

3. In the left part of the window, in the Protection Center section, select the Proactive Defense component. 4. Click the Settings button in the right part of the window.

5. In the Proactive Defense window that opens, uncheck the box next to the type of activity which you do not want to be monitored.

CHANGING THE DANGEROUS ACTIVITY MONITORING RULE

Applications' actions classified as dangerous activity cannot be edited. You can perform the following actions: turn off monitoring for any activity (see page 125);

create an exclusion list, by listing applications the activities of which you do not consider dangerous; edit the rule that Proactive Defense uses when it detects dangerous activity.

US E R GU I D E

126

To change the rule:

1. Open the main application window.

2. In the top part of the window, click the Settings link.

3. In the left part of the window, in the Protection Center section, select the Proactive Defense component. 4. Click the Settings button in the right part of the window.

5. In the Proactive Defense window that opens, in the Event column, select the required event for which you want to edit the rule.

6. Configure the settings for the selected event using the links in the Rule description section. For example: a. Click the link with the preset action and select the required action in the Select action window that opens. b. Click the link with the preset time period (not for any activity type), and in the Hidden processes detection

window that opens, specify the scan interval for hidden processes.

c. Click the On / Off link to indicate that a report on operation execution should be created.

ROLLING BACK A MALICIOUS PROGRAM'S ACTIONS

Proactive Defense allows rolling back of a malicious activity in the system.

By default, during the Kaspersky Small Office Security operation in automatic mode, the rollback of malware actions is performed automatically upon detection of a malicious activity by the Proactive Defense component. When working in interactive mode (see page 39), you can change the action to be performed upon detection of a malicious activity.

The procedure of rolling back malware operations affects a defined set of data. It causes no negative consequences for the operating system or data integrity on your computer.

To configure rollback of malware operations, perform the following steps:

1. Open the main application window.

2. In the top part of the window, click the Settings link.

3. In the left part of the window, in the Protection Center section, select the Proactive Defense component. 4. In the right part of the window, in the Additional section, select the required response to malware actions.

NETWORK PROTECTION

Various protection components, tools, and settings of Kaspersky Small Office Security together ensure security and control of your network activities.

The sections below contain detailed information about the principles of operation and configuration of Firewall, Network Attack Blocker, Network Monitor, scan of secure connections, proxy server settings, and monitoring of network ports.

AD V A N C E D A P P L I C A T I O N S E T T I N G S

127 IN THIS SECTION:

Firewall ... 127

Network Attack Blocker ... 130

Encrypted connections scan ... 133

Network Monitor ... 135

Configuring the proxy server ... 135

Creating a list of monitored ports ... 135

FIREWALL

The Firewall ensures security for your work in local networks and on the Internet.

The component filters the entire network activity according to the network rules of Security Zone. Network rule is an action that Firewall performs when it detects a connection attempt that has a specified status. Status is assigned to each network connection; it is defined by specified settings: data transfer direction and protocol, addresses and ports to which the connection is established.

The Firewall analyzes the settings of the networks to which you connect your computer. If the application works in interactive mode, the Firewall, when first connected, will request that you specify a status of the connected network. If interactive mode is off, the Firewall defines the status based on the network type, ranges of addresses and other specifications. You can change the status of the network connection manually.

In Kaspersky Small Office Security 2 for File Server, the Firewall is disabled by default.

IN THIS SECTION:

Enabling and disabling Firewall ... 127

Changing the network status ... 128

Extending the range of network addresses ... 128

Working with Firewall rules ... 128

Configuring notifications of changes in the network ... 130

Advanced Firewall settings ... 130