Proactive Defense
113
Suspicious values in registry
. The system registry is a database for stor-
ing system and user settings that control the operation of Microsoft
Windows, as well as any utilities established on the computer. Malicious
programs, attempting to mask their presence in the system, copy incor-
rect values in registry keys. Kaspersky Anti-Virus analyzes system regi-
stry entries for suspicious values.
Suspicious system activity
. The program analyzes actions executed by
the Microsoft Windows operating system and detects suspicious activi-
ty. An example of suspicious activity would be an integrity breach,
which involves modifying one or several modules in a monitored appli-
cation since the time it was last run.
Keylogger detection
. This activity is used in attempts by malicious pro-
grams to read passwords and other confidential information which you
have entered using your keyboard.
The list of dangerous activities can be extended automatically by the Kaspersky
Anti-Virus update process, but it cannot be edited by the user. You can:
Turn off monitoring for an activity by deselecting the
next to its name.
Edit the rule that Proactive Defense uses when it detects a dangerous
activity.
Create an exclusion list (see 6.9 on pg. 64) by listing applications that
you do not consider dangerous.
To configure activity monitoring,
1. Open the application settings window and select
Proactive Defense
under
Protection
.
2. Click the
Settings
button in the
Application Activity Analyzer
section
(see Figure 35).
The types of activity that Proactive Defense monitors are listed in the
Settings:
Application Activity Analyzer
window (see Figure 36).
