Setting up Kaspersky Internet Security 2009

• The Settings window

• Protection

• Anti-Malware


• Files and Memory

• E-mail and IM

• Web Traffic

• System Security

• Online Security

• Content Filtering


• Anti-Spam

• Banner Ad Blocker

• Parental Control

• Scan

• Update

• Options

• Threats and exclusions

• Network

• Notifications

• Reports


• The Reports window

• Working with reports

• Feedback

• Appearance

The Settings window

The application settings window can be opened in 3 different ways:

• from the shortcut menu of the application, by right-clicking on the application icon (K) in the system tray and then selecting the Settings item from the context menu. In this case, the settings window will be opened with the Protection panel displayed.



• from the main application window, by clicking on the Settings button in the upper-right corner of the window. In this case, the appropriate settings panel will be displayed, according to the currently selected component in the left-hand part of the window.



• from the shortcut menu of individual components, by clicking on the name of the component that you wish to set up and then selecting the Settings item from the context menu. In this case, the appropriate settings panel will be displayed, according to the selected component.



The Settings window consists of 2 parts:

• the navigation panel, on the left-hand side of the window, provides quick access to the configuration settings of individual components.

• the settings panel, on the right-hand side of the window, contains a list of setting options for the component selected in the left part of the window.

A context-sensitive text message, placed on the banner at the top of the Settings window, will explain the meaning of the items listed in the navigation panel as they are selected.



There are 4 main categories in the left panel: Protection, Scan, Update and Options. They all provide access to general settings, while the sub-categories (Anti-Malware, System security etc.) provide access to module-specific settings.

Before we go on to consider the detail of the application settings, it is worth reminding you that the default settings for KIS 2009 ensure the best compromise between the safety of your data and the responsiveness of your system.

The Protection panel



Enable protection: turns on/off the real-time monitoring system provided by KIS. By unchecking this option, you will simultaneously disable all the components of the real-time protection system. Disabling the real-time protection is not recommended, as it will leave your computer vulnerable to viruses and other attacks.

If real-time protection is turned off, then the disabled components and the application icon in the system tray will appear greyed out. The status bar at the top of the window and the traffic lights will turn red and a warning message will appear indicating that your computer security is at risk.



A notification window will also be displayed above the system tray, informing you that the protection is disabled. You can click on the Enable Protection link to turn the protection on.



Launch Kaspersky Internet Security at computer start-up: if this option is selected, then KIS will be automatically launched at system start-up, else you will have to manually start the application. Disabling this option is not recommended, since it will pose a serious threat to your security.

Interactive protection

Select action automatically: if this option is checked, then KIS will automatically apply the recommended action to any dangerous events that might occur. No critical decisions to be made: KIS will do all the work for you. This option will affect all the components of KIS.
The recommended action for malicious objects will be Disinfect, or Delete if disinfection is not possible. The default action for suspicious objects will be Block.
Before disinfecting or deleting a file, KIS will make a backup copy of it. So, even in the case of unwanted deletion (for instance, when a false positive occurs), you will be able to restore the deleted file from backup.
If the option is unchecked, KIS will only notify you about dangerous and/or suspicious events, leaving you to decide what to do with them, whether or not to allow them, whether to disinfect or block.

Do not delete suspicious objects: when KIS is set in automatic mode, check this box to prevent suspicious files from being deleted.

Password protection

Enable password protection: this option allows you to restrict the access to the application by password and prevent unwanted configuration changes. After you checked the Enable password protection box, click on the Settings… button to define the password and its scope. You can protect all the program operations (except notifications of dangerous events) or select one or more of the listed actions. In this way, all the users will have to enter the set password in order to access the protected operations.



Application settings management

From here you can export (Save… button) your settings to a .cfg file, or import them (Load… button) from a pre-existing configuration record.

The Restore… button allows you to restore the program settings recommended by Kaspersky Lab specialists. A setup wizard will guide you through the restore process. After you clicked on the Next link, you will be asked to select the components that you want to be reset. If you want to keep any changes you made to the default settings, just uncheck the desired items in the list.



The Restore link in the lower-left corner of the Settings window acts in the same way as the Restore… button.

Anti-Malware

The Anti-Malware section contains the settings for 3 different components: Files and Memory, E-mail and IM, Web Traffic.



Enable Anti-Malware: turns on/off the Anti-Malware monitoring system. By unchecking this box, you will stop all the three components of the Anti-Malware protection system. Disabling the Anti-Malware real-time protection is not recommended, as it will expose your computer to serious security risks.

You can also turn on/off individual components, by checking/unchecking one or more of the boxes listed in the Anti-Malware section.

The disabled components will appear greyed out in the main window. The status bar at the top of the window and the traffic lights will turn red (or yellow, depending on how important the disabled component is for your system security) and a warning message will appear indicating that your computer security is at risk.

A notification window will also be displayed above the system tray, informing you that some components are disabled. You can click on the Resume all link to resume all the disabled components.



Files and Memory

This component scans files in real time as they are executed, opened or saved.

E-mail and IM

This component scans sent and/or received e-mails at protocol level (POP3, SMTP, IMAP, MAPI, NNTP).

Web Traffic

This component scans HTTP web traffic for viruses and blocks dangerous scripts (JavaScript, Visual Basic Script etc.).

For each component, you can specify the preset security level and the default action to be performed when an infected or potentially infected object is detected.



Security Level: you can choose between High, Recommended and Low. The higher the level is, the more significant the impact on object processing time will be.

On detection: you can choose between Prompt for action (a dialog box will appear prompting you for action) or Do not prompt (KIS will automatically take an action on the event according to the current settings).
Selecting the Do not prompt item, will bring up some additional options: Disinfect (KIS will try to repair the infected object), Delete (KIS will delete the infected object), or neither of them (KIS will only block the infected object without altering it).
When the Disinfect action is set as default, the Delete option will turn into Delete if disinfection fails: in this case you can select both the actions.

If you previously checked the Select action automatically box in the Protection section, then the On detection value will be set to Select action automatically.



The On detection menu for the Web Traffic protection contains only 3 items: Prompt for action (or Select action automatically), Block download, Allow download.

Click on the appropriate Settings… button to access the options for a specific component.

Files and Memory Settings

Files and Memory Settings -> General tab



File types

Here you can specify which file formats should be scanned.

All files: all files will be scanned without exceptions.

Files scanned by format: only files which format can be infected will be scanned (for instance, .txt files will be skipped). The format of each file will be determined by the analysis of its header information.

Files scanned by extension: only files which format can be infected will be scanned, but in this case the format will be determined on the base of the file extension (.doc, .exe, etc).
Warning: an infected file with changed extension (for instance, a virus.exe file renamed as virus.txt), will be skipped.

Protection scope

All drives are scanned by default. You can reduce the scope of protection by unchecking one or more of the listed boxes, or extend it by clicking on the Add new item link.



Files and Memory Settings -> Performance tab



Scan methods

Here you can specify the scan method to be used for analyzing files.

Signature analysis: this is the standard scan method. KIS will compare the bit patterns of each file against a database of known virus signatures.

Heuristic analysis: the files will be virtually processed by a software emulator and monitored for suspicious activities. The heuristic method is useful to detect any unknown viruses before they have been included in the virus database. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan, Deep scan). The deeper the detail is, the more significant the impact on system responsiveness will be.

Scan optimization

Scan only new and changed files: only the new files or the files changed after the last scan will be analyzed.

Scan of compound files

Scan archives: the .arj, .cab, .ice, .jar, .lha, .rar and .zip archives will be unpacked and scanned.

Scan installation packages: the self-extracting installation archives will be unpacked and scanned.

Scanning all the archives and installation packages, might increase the demand for system resources and therefore cause system slowdown.

Scan embedded OLE object: the objects embedded in files (for instance, MS Excel objects embedded in MS Word files) will be scanned.

If the Scan only new and changed files box is unchecked, then you will be able to specify, for each compound files category, whether you want KIS to scan all the objects or only the new ones.



Click on the Additional... button to access some additional settings:



Background scan

While archives are being unpacked by KIS, you might experience a variable delay in opening them. To minimize the amount of delay, select the Extract compound files in the background checkbox and specify a minimum file size value.

If the file is smaller than the specified size, then KIS will treat it as a compound object and will scan it completely before returning it to the user. Otherwise, if the file is larger than the set size, then KIS will treat it as a single object and will scan its header only, so that the file can be released to be used by other processes. In that case, the contents of the archive will be scanned later in the session.

Size limit

Do not unpack compound files larger than...: archives larger than the specified size will not be unpacked.

Files and Memory Settings -> Additional tab



Scan mode

Smart mode: KIS will analyze the operations performed on the file, to determine whether it needs to be scanned or not.

On access and modification: the object will be scanned when opened and changed.

On access: the object will be scanned when an attempt to access the file is made.

On execution: the object will be scanned when executed.

Scan technologies

iSwift and iChecker are proprietary scan technologies developed to reduce the duration of the scanning process.

iSwift: iSwift technology is based on the comparison results of object IDs under the NTFS file system.

iChecker: iChecker technology is based on the checksum (unique digital signature) comparison results. On the first scan, checksums are calculated for all files. During the next scans, KIS will exclude certain files from scanning, through comparing the actual checksums with the saved ones.

Both iChecker and iSwift use a complex algorithm that involves many different variables (like, for instance, the release date of the program database, the last scan date and any modifications made to the scan settings).

Pause Task

In some situations, you might need to pause real-time monitoring in order to free the available system resources for other critical applications (like, for example, defragmentation software). To do so, you can stop the component from running at a specified time or when working with certain applications.

By schedule: check the box and click on the Schedule... button to select pausing and resuming time.



At application start-up: check the box and click on the Select... button to select an application. Click on the Add new item link and browse through your programs to choose the desired application.



Warning: disabling the real-time protection, even if temporarily, is not recommended, as it will leave your computer vulnerable to viruses.

E-mail and IM Settings

E-mail and IM Settings -> General tab



Protection scope

Incoming and outgoing email: both incoming and outgoing e-mails will be scanned.

Incoming email only: only the incoming e-mails will be scanned.

Connectivity

POP3/SMTP/NNTP/IMAP traffic: KIS scans the e-mail messages at protocol level, before they are delivered to your computer. If this box is unchecked, then the e-mails will be scanned after they have been received.

ICQ/MSN traffic: checking/unchecking this box will enable/disable the scan of ICQ and Microsoft Messenger traffic.

Additional: Microsoft Office Outlook plug-in: enables/disables the plug-in for Microsoft Outlook e-mail client.

Additional: TheBat! plug-in: enables/disables the plug-in for TheBat! e-mail client.

If the plug-in integration is enabled, some additional program-specific options will be available. For instance, in Outlook (Tools -> Options -> Email protection) you can specify when the e-mails will be scanned, choosing between "Scan upon receiving", "Scan when read", "Scan upon sending".



E-mail and IM Settings -> Performance tab



Scan methods

Heuristic analysis: enables/disables the heuristic analysis of e-mail messages. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan, Deep scan). The deeper the detail is, the longer the time required to scan e-mails will be.

Scan of compound files

Skip attached archives: the archives attached to e-mail messages will not be scanned.

Do not process archives larger than...: if the size of the attached archive exceeds the specified limit, then the file will not be scanned.

E-mail and IM Settings -> Attachment filter tab



In order to prevent any attached files from automatically running on your computer, you can set appropriate filters so that certain attachment types are renamed or deleted.

Disable filtering: attachments will be delivered without any changes.

Rename selected attachment types: the checkmarked attachment types will be renamed (the file extension will be changed).

Delete selected attachment types: the checkmarked attachment types will be deleted.

You can add new attachment types by clicking on the Add new item link.

Web Traffic Settings

Web Traffic Settings -> General tab



Block dangerous scripts in Microsoft Internet Explorer: all the scripts embedded in Web pages (JavaScript, Visual Basic Script etc.) and run in Internet Explorer will be scanned.

Scan HTTP traffic: all the objects transmitted via the HTTP protocol will be scanned.

Disabling both the HTTP traffic and scripts scanning, will act as if you disabled the Web Traffic component.

Analyze according to the base of suspicious web pages: URLs will be checked against a database of known suspicious Web pages.

Trusted URLs

Add here the addresses of any trusted Web sites that you want to exclude from scanning. Click on the Add new item link and enter the desired address or its mask (for instance, http://www.kaspersky.com/*).



Web Traffic Settings -> Performance tab



Scan methods

Heuristic analysis: enables/disables the heuristic analysis of Web traffic. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan, Deep scan). The deeper the detail is, the longer the time required to load Web pages will be.

Scan optimization

Limit fragment buffering time: KIS caches fragments of Web objects before scanning them. While an object is being processed by KIS, it cannot be returned to the user and that might cause client timeouts, especially when dealing with large objects. Use the Limit fragment buffering time value to set the maximum time limit for fragment caching.

System Security



Enable System Security: turns on/off the System Security monitoring component. By unchecking this box, you will stop all the three modules of the System Security protection. Disabling the System Security protection is not recommended, as it will expose your computer to serious security risks.

You can also turn on/off individual components by checking/unchecking one or more of the boxes listed in the System Security section.

Application Filtering

The Application Filtering component monitors all applications activity for suspicious behaviour, blocking or allowing certain actions, depending on the level of risk associated with each specific application.

Enable Application Filtering: turns on/off the Application Filtering component.

Access rights for applications

- to computer resources
- to devices
- to runtime environment

For each type of system resource, you can specify how the Application Filtering should operate. The available choices are:

By the rules: the applications monitoring will be performed according to the Application Filtering rules.

Allow: the applications will access the specified system resource without any restrictions.

Settings: click on the Settings menu item to open the Rules settings window. From there you will be able to customize the rules for Application Filtering and edit both the lists of monitored resources and devices.

Clicking on the Settings... button will bring up the same configuration window.



For more details on how to properly configure the Application Filtering component, please refer to this topic.

Firewall

The Firewall component monitors network traffic, allowing or denying connections for any application and filtering data packets according to customizable rules.

Enable Firewall: turns on/off the Firewall component.

Click on the Settings... button to open the Rules settings window. From there you will be able to customize the rules for Application Filtering, the resources monitored by the Firewall component, the rules for Network packages and the list of Network connections.



For more details on how to properly configure the Firewall component, please refer to this topic.

Proactive Defense

The Proactive Defense component checks applications for suspicious behaviour like, for example, key logging activity or hidden drivers installing.
When the Proactive Defense detects a program that is trying to record the keystrokes entered on the keyboard, or to copy itself to the start-up folder or to perform any action similar to those commonly performed by malicious software, it blocks such actions (or, if you unchecked the Select action automatically box in the Protection settings window, it displays a warning message prompting you to allow or deny).

Enable Proactive Defense: turns on/off the Proactive Defense component.

Settings: click on the Settings... button to display the Proactive Defense settings window.



If you want to exclude one or more of the listed events from being detected, just uncheck the desired box. For security reasons, the detection of Trojans, Worms and P2P worms cannot be disabled.

Do not notify about detection of suspicious activity for digitally signed applications, or for applications described in the database of known software: if this box is checked, any suspicious actions performed by well known or digitally signed software will not be reported.

Online Security



Enable Online Security: turns on/off the Online Security monitoring system. By unchecking this option, you will simultaneously disable all the three components of the Online Security protection. Disabling the Online Security protection is not recommended, as it will leave your computer vulnerable to hacker attacks.

Anti-Phishing

Anti-Phishing will automatically block any attempts to access known phishing sites.

Enable Anti-Phishing: turns on/off the Anti-Phishing component.

Intrusion Prevention System

The Intrusion Prevention System monitors your network traffic for signs of malicious or suspicious activity. All known attacks are defeated by KIS and any further access from the IP address of the attacking system is blocked for a certain time interval. You can set the time interval for this feature by entering a value in the provided field.

Enable Intrusion Prevention System: turns on/off the Intrusion Prevention System component.

Anti-Dialer

The Anti-Dialer component detects and blocks all the hidden, unauthorized dial-up connections. In case an attempt to establish an unauthorized connection is detected, you will be prompted to select the desired action (allow or block).

Enable Anti-Dialer: turns on/off the Anti-Dialer component.

Click on the Settings... button to edit the list of trusted numbers. All the connections established through trusted numbers will be allowed.

Content Filtering



Enable Content Filtering: turns on/off the Content Filtering component. By unchecking this box, you will stop all the three modules of the Content Filtering component.

Anti-Spam

The Anti-Spam module checks your e-mails for unwanted messages against an updatable database of phrases that are typical of spam, a white and black list and through other filtering technologies (like PDB, GSG and iBayes).

Enable Anti-Spam: turns on/off the Anti-Spam component.

Click on the Sensitivity level link to select the desired sensitivity level for anti-spam filter. You can choose between High, Recommended and Low. The level of sensitivity will affect the rating system for spam and probable spam, by increasing or decreasing the minimum rate required for messages to be labelled as spam and probable spam.

Click on the Settings... button to display the Anti-Spam settings.

Banner Ad Blocker

The Banner Ad Blocker module blocks the display of publicity banners on Web pages and advertising frames embedded into programs.

Enable Banner Ad Blocker: turns on/off the Banner Ad Blocker component.

Click on the Settings... button to display the Banner Ad Blocker settings.

Parental Control

The Parental Control module restricts access to Web pages which are known to be unsuitable for children.

There are 3 different Web access profiles, based on 3 different rulesets: Child (set as default profile), Teenager and Parent. The Child profile uses the highest restriction level, the Parent profile has no restrictions.

Both the Child and Teenager profiles are customizable but cannot be deleted.

Click on the Settings... button to display the Parental Control settings.

Anti-Spam Settings

Anti-Spam Settings -> General tab



Connectivity

POP3/SMTP/NNTP/IMAP traffic: KIS will check e-mails for spam at protocol level.

Additional: Microsoft Office Outlook plug-in: enables/disables the plug-in for Microsoft Outlook e-mail client.

Additional: Microsoft Outlook Express plug-in: enables/disables the plug-in for Microsoft Outlook Express e-mail client.

Additional: Thunderbird plug-in: enables/disables the plug-in for Mozilla Thunderbird e-mail client.

Additional: TheBat! plug-in: enables/disables the plug-in for TheBat! e-mail client.

If the plug-in integration is enabled, some additional program-specific options will be available. For instance, an additional configuration panel will be available in Outlook (Tools -> Options -> Anti-Spam) and Outlook Express and two buttons (to be used to label messages as spam or not spam), will be displayed on the toolbar.

Microsoft Office Outlook



Microsoft Outlook Express



Incoming messages

Open Mail Dispatcher when receiving e-mail through POP3 protocol: allows you to check the list of messages directly on the server, before they have been downloaded to your computer. In this way you can decide whether the received messages should be rejected or accepted. When a message is received through POP3 protocol, the Mail Dispatcher window will popup showing the list of the messages on the server.



Outgoing messages

Train using outgoing e-mail messages: your first 50 outgoing messages will be used to build the white list of trusted senders. Messages sent from whitelisted senders will not be classified as spam.

Exclusions

Do not check Microsoft Exchange Server native messages: if this option is selected, all the e-mails sent within the intranet will not be checked for spam. In order to have this function working properly, it is required that all the users mailboxes are located on a single Exchange server (or different servers linked with X400 connectors) and Microsoft Office Outlook is the default e-mail client.

Anti-Spam Settings -> Algorithms tab



Recognition algorithms

Phrases analysis using the updatable database (Recent terms): all phrases in your incoming messages will be checked against an updatable database of phrases that are typical of spam.

Use "large" updatable database: an extended database of spam phrases will be used.

Message header analysis (PDB technology): the headers of e-mail messages will be analyzed on the base of heuristic rules.

Image recognition (GSG technology): e-mail messages will be checked for spam images.

Self-training text recognition algorithm (iBayes): e-mail messages will be checked by an algorithm based on the Bayes theorem (conditional probabilities). Messages will be classified according to the frequency with which typical spam words occur.
In order to have this feature working at its full potential, a training procedure is required. Click on the train link in the Content Filtering section of the main program window to run the training procedure.



Spam rate

Add label [!!SPAM] to subject if message has spam rating above: if the e-mail message is rated with a probability value greater than this, then it will be labelled as Spam (the [!!SPAM] tag will be added to the Subject field).

Probable spam rate

Add label [??Probable spam] to subject if message has spam rating above: if the e-mail message is rated with a probability value greater than this, then it will be labelled as Probable Spam (the [??Probable Spam] tag will be added to the Subject field).

Click on the Additional... button to access some additional setting options.



The spam rating for the message will be increased when one or more of the selected conditions are verified.

After you checked the desired item, you can also set the rating value to be assigned to the message if the specified condition is verified.

"Not addressed to me": all the messages sent to an address different than yours will be labelled as spam. If you have checked this box, then click on the My addresses… button to enter your e-mail address(es).

Anti-Spam -> "White" list tab



All the e-mail messages sent from the addresses listed here or containing any phrases listed here, will not be classified as spam. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character); for instance, *@kaspersky.com, *@kaspersky*, proof@kaspersky.??? etc. The "White" list can also be imported from Microsoft Outlook and Microsoft Outlook Express address book files and from *.txt or *.csv files.

Anti-Spam -> "Black" list tab



All the e-mail messages sent from the addresses listed here or containing any phrases listed here, will be classified as spam. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character).

Banner Ad Blocker Settings

Banner Ad Blocker Settings -> General tab



Here you will find a list of regular expressions that match the URLs of the most common publicity banners. You can check/uncheck one or more of the listed masks according to your needs.
You can also check the Use heuristic analyzer box in order to block the banners that cannot be matched by the regular expressions.

Banner Ad Blocker Settings -> "Black" list tab



All the addresses listed here will be blocked. Use the Add link to add new addresses to the list. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character). The "Black" list can also be imported from or exported to *.txt files.

Banner Ad Blocker Settings -> "White" list tab



All the addresses listed here will not be blocked. Use the Add link to add new addresses to the list. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character). The "White" list can also be imported from or exported to *.txt files.

Parental Control Settings

Parental Control Settings -> Child tab



Restriction level

You can choose between High, Recommended and Low. The High level will cover all the content categories ("Pornography, erotic materials", "Drugs", "Violence", "Explicit language", "Weapons", "Gambling", "Chat", "Web mail"), the Recommended level will cover all the categories but two ("Chat" and "Web mail"), the Low level will cover only "Pornography, erotic materials", "Drugs", "Violence" and "Explicit language". You can also select a custom level of restriction if required, by checking/unchecking the desired boxes in the settings window.

Click on the By default button to change the security level to default.

Click on the Settings... button to open the settings window for Child profile.

Action

You can specify the default action to be performed when an attempt to access an unsuitable site is detected. There are two available options: Log Event and Block access.

Time limit

The time limit option allows you to restrict Internet access at specified times and/or limit the total daily Internet access time.

Click on the Settings... button to display the Time limit settings window.

Child profile settings:

Blocked categories of websites: check/uncheck one or more boxes according to your needs.



"White" list: all the addresses listed here will not be blocked. Use the Add link to add new addresses to the list or click on the Edit/Delete links to edit/delete the existing ones. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character).



"Black" list: all the addresses listed here will be blocked. Use the Add link to add new addresses to the list or click on the Edit/Delete links to edit/delete the existing ones. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character).



Time limit settings:



Limit daily operating time on the Internet: check this box to enter the maximum number of hours per day your child should spend surfing the net.

Allow Internet access at a specified time: check this box and click on the Add link in order to set the time interval during which the Internet access will be allowed.

Parental Control Settings -> Teenager tab



Check the Use profile box to activate the Teenager profile.

User identification

Password: set here a password for profile switching. In order to switch to a protected profile, the users will be required to enter the password you set. You can switch to a different profile by clicking on the User profile link in the Content Filtering section of the main program window.



Click on the Users... button and then on the Add new item link to assign the current profile to a specific Windows user account.



Customize the Restriction level, the Action and the Time limit options in the same way explained above for the Child profile.

Parental Control Settings -> Parent tab



Check the Use profile box to activate the Parent profile.

Password: set here a password for profile switching. In order to switch to a protected profile, the users will be required to enter the password you set. You can switch to a different profile by clicking on the User profile link in the Content Filtering section of the main program window.

Click on the Users... button and then on the Add new item link to assign the current profile to a specific Windows user account.

When the Parental Control is enabled, if you have not set before a password for application access, you will be prompted to set it now. By restricting the access to the program, you will prevent the Parental Control settings from being changed.

Scan

In addition to the background scanning process performed by the Anti-Malware module, KIS provides a set of customizable scanning tasks. For instance, they can be used to perform the scanning process at specified times or on selected file types only.



Scan: a generic customizable scan task. You can also use this task to define global scan settings for all the tasks. To do so, click on the Apply button in the Other task settings section.

Full scan: a complete scan of your pc (system memory, start-up objects, system backup storage, hard and removable drives etc.).

Quick scan: a quick scan of system memory, start-up objects and disk boot sectors.

For each scanning task, you can specify the preset Security level and the default action to be performed when an infected or potentially infected object is detected.



Security level: you can choose between High, Recommended and Low. The higher the level is, the more thorough (and long) the scan will be.

On detection: specify the default action to be performed when an infected or potentially infected object is detected. You can choose between Prompt on completion (at the end of the scanning process, KIS will prompt you for the action to be taken on any detected threats), Prompt for action (you will be prompted for action during the scan, as the threats are detected) and Do not prompt (KIS will automatically take an action on the event according to the current settings).
Selecting the Do not prompt item, will bring up some additional options: Disinfect (KIS will try to repair the infected object), Delete (KIS will delete the infected object), or neither of them (KIS will only inform you about the threat).
When the Disinfect action is set as default, the Delete option will turn into Delete if disinfection fails: in this case you can select both the actions.

If you previously checked the Select action automatically box in the Protection section, then the On detection value will be set to Select action automatically.



Run mode: select the run mode for the current scan task. You can choose between Manually (the task will be run on demand) or Every… (the task will be run at specified times or time intervals or under certain conditions, according to the options you set in the Run mode tab of the task settings).

Click on the Restore... button to restore the default settings.

Click on the Settings... button to open the settings panel for the current task.

Task settings window -> Scope tab



File types

Here you can specify which file formats should be scanned.

All files: all files will be scanned without exceptions.

Files scanned by format: only files which format can be infected will be scanned (for instance, .txt files will be skipped). The format of each file will be determined by the analysis of its header information.

Files scanned by extension: only files which format can be infected will be scanned, but in this case the format will be determined on the base of the file extension (.doc, .exe, etc).
Warning: an infected file with changed extension (for instance, a virus.exe file renamed as virus.txt) will be skipped.

Scan optimization

Scan only new and changed files: only the new files or the files changed after the last scan will be analyzed.

Stop scan if it takes longer than…: if the duration of the scanning process for a single object will exceed the specified time limit, the file scan will stop.

Scan of compound files

Scan all/new archives: all the .arj, .cab, .ice, .jar, .lha, .rar and .zip archives (or only the new ones) will be unpacked and scanned.

Scan all/new installation packages: all the self-extracting installation archives (or only the new ones) will be unpacked and scanned.

Scan all/new embedded OLE object: all the objects embedded in files (or only the new ones), for instance the MS Excel objects embedded in MS Word files, will be scanned.

Parse email formats: if this box is checked, then KIS will parse and scan the e-mail format files and databases, otherwise any e-mail files will be treated as single objects.

Scan password-protected archives: password-protected archives will be scanned (you will be prompted to enter the required password).

Click on the Additional... button to access some additional settings.

Additional settings



Size limit

Do not unpack compound files larger than: archives larger than the specified size will not be unpacked.

Task settings window -> Additional tab



Scan methods

Here you can specify the scan method to be used for analyzing files.

Signature analysis: this is the standard scan method. KIS will compare the bit patterns of each file against a database of known virus signatures.

Heuristic analysis: the files will be virtually processed by a software emulator and monitored for suspicious activities. The heuristic method is useful to detect any unknown viruses before they have been included in the virus database. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan and Deep scan). The deeper the detail is, the longer the duration of the scan will be.

Signature scan of vulnerabilities: all applications will be checked for vulnerabilities against an updatable database of known vulnerabilities provided by Secunia.

Rootkit scan: the computer will be scanned for rootkits. Rootkits are hidden programs intended to hide something else: network connections, malware, registry keys etc.

Deep scan: turns on/off the deep scan for rootkits.

Scan technologies

iSwift and iChecker are proprietary scan technologies developed to reduce the duration of the scanning process.

iSwift: iSwift technology is based on the comparison results of object IDs under the NTFS file system.

iChecker: iChecker technology is based on the checksum (unique digital signature) comparison results. On the first scan, checksums are calculated for all files. During the next scans, KIS will exclude certain files from scanning, through comparing the actual checksums with the saved ones.

Both iChecker and iSwift use a complex algorithm that involves many different variables (like, for instance, the release date of the program database, the last scan date and any modifications made to the scan settings).

Task settings window -> Run mode tab



Schedule

Select the run mode for the current scan task. You can choose between Manually (the task will be run on demand) or By schedule.
By creating a schedule for scan task, you can specify how often you want the task to be run. The task can be run at specified times or time intervals or under certain conditions (for instance, at application start-up or after every update).

Run skipped tasks: when this box is checked, even if for some reasons the scheduled task cannot be run at the specified time, then it will be run later.

User account

Run task as: check this box to run the task under a different Windows account.

Update



Run mode: select the run mode for the update process. You can choose between Manually (the update will be run on demand), Automatically (the update will be automatically run at regular time intervals) or Every… (the update can be run at specified times or time intervals or under certain conditions, according to the options you set in the Run mode tab of the update settings).

Click on the Settings... button to display the Update settings window.

Click on the Restore... button to restore the default settings.

Update Settings -> Source tab



Select the preferred source for updates or add a new one by clicking on the Add link. You can enter either the address of an FTP/HTTP server or the path to a local or network folder.



By default, the preferred update source is Kaspersky Lab's update servers. If the list contains multiple items, you will be able to change the priority level of each listed source by selecting it and clicking on the Move up or Move down link. To edit or remove an item, select it and click on the appropriate icon (the pencil or the X icon).

If you connect to the Internet through a proxy server, click on the Proxy server... button to open the Proxy server settings window. Once there, you will be able to edit your proxy configuration.



Regional settings

Detect automatically: the source server will be automatically selected.

Select from the list: the source server will be selected from the list. Choose the one closest to your location.

Update Settings -> Additional tab



During update

Update databases and application program modules: KIS will download both the updates for application databases (known viruses, application vulnerabilities, Anti-Spam recent terms, Parental Control unwanted sites etc.) and for program modules (program improvements and hotfixes).

Update application databases only: KIS will download only the application databases.

After update

Rescan quarantine: select this option if you want to have the files in the Quarantine folder automatically checked against the newly updated database.

Copy updates to folder: check this box in order to copy all the downloaded updates to a local folder and make them available to other users on your home network.

Update Settings -> Run mode tab



Schedule

Select the run mode for the update process. You can choose between Manually (the update will be run on demand), Automatically (the update will be automatically run at regular time intervals) or By schedule. By creating a schedule for the update process, you can specify how often you want the update to run. The update can run at specified times or time intervals or at application start-up.

User account

Run task as: check this box to perform the updates under a different Windows account.

Options



Self-defense

Enable Self-Defense: turns on/off the Self-Defense, a mechanism used by KIS to prevent its own files and registry keys from being altered. Disabling the Self-Defense mechanism is not recommended.

Disable external service control: check/uncheck this box to block/allow any attempts to control the program from remote computers.

Compatibility

Enable advanced disinfection technology: turns on/off the advanced disinfection method. This method is used to remove the memory-resident malware on machine reboot.

Disable scheduled scans while running on battery power: if you are using the application on a laptop computer, then select this option to skip any scheduled scanning processes while running on battery power.

Concede resources to other applications: if this box is checked, the scanning process will pause if required, in order to free system resources for other critical processes.

Threats and exclusions



Threats

Click on the Settings... button to specify which threat types should be detected by KIS in addition to viruses, worms ad Trojan programs. Some software like IRC clients, remote assistance tools, dialers, keyloggers etc., although they cannot be considered as malware, however pose a threat to your security. In the Threats list, many of such programs fall within the definition of "Other programs". Check/uncheck one or more of the listed items according to your needs.



Exclusions

Click on the Trusted zone... button to add one or more objects to the exclusion list. The objects in the exclusion list will not be processed (or will be only partially processed) by KIS.

Trusted zone settings -> Exclusion rules tab



Click on the Add link to add a new item to the list. In the Properties area, check the Object box to select an object (file or folder) or the Threats type box to exclude a threat type from being processed by KIS.



Rule description:

Object: select object...: click on the select object... link to select the desired object and press the Browse... button to browse through your files. When working with folders, you may also want to check the Include subfolders box.



Threats type: enter threat name...: click on the enter threat name... link to specify a threat name. The names of threats should follow the definitions set out in the Virus Encyclopedia.



Protection components: any: if you want to specify to which component(s) the exclusion rule will apply, click on the any link and then on the select components... link. Check one or more boxes in the available list. Otherwise, if you want to apply the rule to all the components, then leave the any link as it is.



Trusted zone settings -> Trusted applications tab

Click on the Add link to add a new item to the list. From the drop-down menu, select the Browse... item if you want to browse through your files, or the Applications... item to choose the desired application from a list of running processes.



In the Exclusions area, check/uncheck one or more boxes according to your needs.



Exclusions:

Do not scan opened files: all the files opened by the trusted application will not be scanned.

Do not monitor application activity: the activity of the trusted application will not be checked for suspicious actions by the Proactive Defense component.

Do not scan network traffic: all the network traffic generated by the trusted application will not be scanned for viruses.

Rule description:

Do not scan all network traffic: click on the all link to limit the exclusion to the encrypted traffic.

any remote IP addresses: click on the any link and then on the specify link to restrict the exclusion to specific remote IP addresses.

any remote ports: click on the any link and then on the specify link to restrict the exclusion to specific remote ports.

Network



Monitored ports

Here you can specify which ports KIS should monitor when analysing the network traffic.

Monitor all network ports: all the ports will be monitored.

Monitor selected ports only: KIS will monitor only the most common ports. To edit the list of the monitored ports, click on the Select... button.



Encrypted connections scan

Scan encrypted connections: enables/disables the scanning of traffic through SSL encrypted connections. The SSL protocol supports the mutual authentication of both server and client, based on public-key certificates. In order to scan the encrypted connections, KIS will use its own security certificate.
Check the Scan encrypted connections box if you want the encrypted connections to be scanned, then click on the Install certificate... button and follow the installation wizard.
The automatic installation of the Kaspersky certificate will only work with Microsoft Internet Explorer. In other browsers, like Mozilla Firefox or Opera, you will have to install the certificate manually. The certificate file (Cert(fake)Kaspersky Anti-Virus personal root certificate.cer) is located in the following folder:

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Cert(fake)Kaspersky Anti-Virus personal root certificate.cer

Proxy server

If you connect to the Internet through a proxy server, click on the Proxy server settings... button to open the Proxy server settings window. Once there, you will be able to edit your proxy configuration.



Network package analysis

Show "Network package analysis" monitor: enables/disables the Network Package Analysis tool. The tool shows all the details about intercepted packets (date and time, source, destination, protocol etc.) and is intended for experienced users. When this box is checked, the Network Package Analysis item will be displayed in the Content Filtering section of the main program window.

Notifications



Enable events notifications: turns on/off the events notification. When this box is checked, a pop-up message will be displayed in case certain events occur.

Enable sound notifications: turns on/off the sound alert for events notification.

Use classic sound scheme Windows Default: check this box to use the system default sound alerts.

Enable email notifications: if this box is checked, you will be notified by e-mail when certain events occur. Click on the E-mail settings... button to enter all the required data.



Click on the Settings... button to configure the notification settings for each event. You can check/uncheck one or more of the listed boxes according to your needs.

Reports



Events

All the components of KIS save information about their own activity to report files. Here you can specify which events should be logged and set the maximum size for report files.

Log non-critical events: if this box is checked, non-critical events will be logged. This might require a certain amount of free disk space in order to function properly.

Log file system events: if this box is checked, the file system events will be logged.

Log registry events: if this box is checked, the registry events will be logged.

Store reports no longer than...: after the set time limit has expired, the report files will be automatically overwritten.

Maximum file size: the maximum file size allowed for report files. If the specified size is exceeded, KIS will overwrite the report files with new data.

Click on the Clear... button to clear the report files. In the resulting window, check/uncheck one or more boxes according to your needs.



Statistics

Store statistics no longer than...: after the set time limit has expired, the statistics files will be automatically overwritten.

The Reports window

The reports window can be accessed in many different ways from the main program window:

• from the shortcut menu of individual components, by clicking on the name of a component in the right part of the window and then selecting the Reports and statistics item from the context menu.



• by clicking on the component activity graphical representation.



• by clicking on the Reports button in the lower-right corner of the main window.

Working with reports

From the first of the three drop-down menus at the top of the window, you can select the component you want to see the report for.

From the second one, you can specify how the report information should be organized. The data can be grouped by task, by application, by scan result (where available). Choose the Do not group menu item to leave the report structure as it is.

From the third menu, you can select the events category to be displayed, choosing between Critical events (like malware detection), Important events and All events.



If the logging of one or more event categories is disabled in the Reports settings panel, then the link Disabled will be displayed at the top of the window. Clicking on it will open the Reports settings panel.



The statistics for each component are displayed in the lower part of the window. By clicking on the histogram icon , you will switch between graphical view and text view. To hide/show the statistics, click on the window partition icon .



Click on the Save button in order to export the current report to a .txt or .csv file.

By clicking on the filter symbol in the column headers, you will access the drop-down filter menus. From there you can select the filters to apply to the report data.



For instance, if you select the Tuesday item for the Time column and the Detected item for the Result column, the resulting report will only show the objects detected on Tuesday. If no records match the filter criteria, then no entry will be displayed in the report.

Select the Custom menu item in the filter drop-down menus to access the Custom filter window and create complex filter criteria, combining filters with Boolean operators (AND, OR).



By right-clicking on the column headers, you will access a shortcut menu. From there you will be able to sort the report, perform a text search, apply grouping and filtering conditions, enable/disable the display of certain report columns.



Click on the + sign in the column headers of Application, Object and Result categories to expand the row and bring up more information.

Feedback



The feedback function gathers information about the threats detected on your computer, to help Kaspersky Lab to quickly develop even better methods of fighting security threats. If you accept to join in the Kaspersky Security Network, the following data will be sent to Kaspersky Lab:

• "information about your computer hardware and software, including operating system and service packs installed, kernel objects, drivers, services, Internet Explorer extensions, printing extensions, Windows Explorer extensions, downloaded program files, active setup elements, control panel applets, host and registry records, IP addresses, browser types, e-mail clients and the version number of the Kaspersky Lab product, that is generally not personally identifiable;"

• "a unique ID that is generated by the Kaspersky Lab product to identify individual machines without identifying the user and which does not contain any personal information;"

• "information about the status of your computer's antivirus protection, and data on any files or activities suspected of being malware (e.g., virus name, date/time of detection, names/paths and size of infected files, IP and port of network attack, name of the application suspected of being malware). Please note that the above referenced collected data does not contain personally identifiable information."

(taken from the Kaspersky Security Network Data Collection Statement).

For further details please click on the Kaspersky Security Network Data Collection Statement link.

Check the I agree to participate in Kaspersky Security Network box to join in the Security Network. If you want, you can also enable the sending of extended information by checking the I agree to send extended statistics… box.

Appearance



Icon in the taskbar notification area

Animate taskbar icon when executing tasks: enables/disables the animation of the red K icon in the system tray. If this box is checked, KIS will display the animation while processing scripts or e-mails or during the update process.

Enable semi-transparent windows: if this box is checked, the pop-up notification messages will be semi-transparent.

Enable news notifications: check this box if you want to receive notification of news from Kaspersky Lab. When news are received, the K icon in the system tray will change into a K with a closed envelope. Double-click on the icon to bring up the news window.

Show icon above Microsoft Windows login window: the Kaspersky logo will be displayed in the upper-right corner of the screen at Windows log-in.

Directory with skin descriptions

Use alternative skin: you can use skins to customize the program interface. To do so, check this box and browse to the folder where skin files are stored.

Some ready-to-use skins can be downloaded from here.