Proactive Defense
127
run is traced for dangerous behavior, and if suspicious activity is detected,
Proactive Defense allows or blocks the macro.
Example:
The macro
PDFMaker
is a plug-in for the Adobe Acrobat toolbar in
Microsoft Office Word that can create a .pdf file out of any document.
Proactive Defense classifies embedding elements in software as a
dangerous action. If Office Guard is enabled, when a macro is loaded
Proactive Defense issues a warning on the screen, informing you that it
has detected a dangerous macro command. You can choose to terminate
that macro or allow it to continue.
You can configure Kaspersky Internet Security's reactions to macros executing
suspicious behavior. If you are sure that this macro is not dangerous when
working with a specific file, for example, an Microsoft Word document, we
recommend creating an exclusion rule. If a situation arises that matches the
terms of the exclusion rule, the suspicious action performed by the macro will not
be processed by Proactive Defense.
To configure Office Guard:
1. Open the Kaspersky Internet Security settings window by clicking
Settings in the main program window.
2. Select
Proactive Defense
in the settings tree.
3. Click
the
Settings
button in the
Office Guard
box.
Rules for processing dangerous macros are configured in the
Office Guard
settings
window (see fig. 37). It contains rules by default for actions that
Kaspersky Lab classifies as dangerous. The actions of dangerous macros
include, for example, embedding modules in programs and deleting files.
If you do not consider one of the suspicious actions indicated in the list
dangerous, deselect the checkbox next to its name. For example, you might
frequently use macros to open files (not as read-only) and you are positive that
this operation is not malicious.
