Kaspersky Antivirus

Icon in the taskbar notification area

Animate taskbar icon when executing tasks: enables/disables the animation of the red K icon in the system tray. If this box is checked, KIS will display the animation while processing scripts or e-mails or during the update process.

Enable semi-transparent windows: if this box is checked, the pop-up notification messages will be semi-transparent.

Enable news notifications: check this box if you want to receive notification of news from Kaspersky Lab. When news are received, the K icon in the system tray will change into a K with a closed envelope. Double-click on the icon to bring up the news window.

Show icon above Microsoft Windows login window: the Kaspersky logo will be displayed in the upper-right corner of the screen at Windows log-in.

Directory with skin descriptions

Use alternative skin: you can use skins to customize the program interface. To do so, check this box and browse to the folder where skin files are stored.

Some ready-to-use skins can be downloaded from here.

From the first of the three drop-down menus at the top of the window, you can select the component you want to see the report for.

From the second one, you can specify how the report information should be organized. The data can be grouped by task, by application, by scan result (where available). Choose the Do not group menu item to leave the report structure as it is.

From the third menu, you can select the events category to be displayed, choosing between Critical events (like malware detection), Important events and All events.

If the logging of one or more event categories is disabled in the Reports settings panel, then the link Disabled will be displayed at the top of the window. Clicking on it will open the Reports settings panel.

The statistics for each component are displayed in the lower part of the window. By clicking on the histogram icon , you will switch between graphical view and text view. To hide/show the statistics, click on the window partition icon .

Click on the Save button in order to export the current report to a .txt or .csv file.

By clicking on the filter symbol in the column headers, you will access the drop-down filter menus. From there you can select the filters to apply to the report data.

For instance, if you select the Tuesday item for the Time column and the Detected item for the Result column, the resulting report will only show the objects detected on Tuesday. If no records match the filter criteria, then no entry will be displayed in the report.

Select the Custom menu item in the filter drop-down menus to access the Custom filter window and create complex filter criteria, combining filters with Boolean operators (AND, OR).

By right-clicking on the column headers, you will access a shortcut menu. From there you will be able to sort the report, perform a text search, apply grouping and filtering conditions, enable/disable the display of certain report columns.

Click on the + sign in the column headers of Application, Object and Result categories to expand the row and bring up more information.

The reports window can be accessed in many different ways from the main program window:

• from the shortcut menu of individual components, by clicking on the name of a component in the right part of the window and then selecting the Reports and statistics item from the context menu.

• by clicking on the component activity graphical representation.

• by clicking on the Reports button in the lower-right corner of the main window.

Events

All the components of KIS save information about their own activity to report files. Here you can specify which events should be logged and set the maximum size for report files.

Log non-critical events: if this box is checked, non-critical events will be logged. This might require a certain amount of free disk space in order to function properly.

Log file system events: if this box is checked, the file system events will be logged.

Log registry events: if this box is checked, the registry events will be logged.

Store reports no longer than…: after the set time limit has expired, the report files will be automatically overwritten.

Maximum file size: the maximum file size allowed for report files. If the specified size is exceeded, KIS will overwrite the report files with new data.

Click on the Clear… button to clear the report files. In the resulting window, check/uncheck one or more boxes according to your needs.

Statistics

Store statistics no longer than…: after the set time limit has expired, the statistics files will be automatically overwritten.

Enable events notifications: turns on/off the events notification. When this box is checked, a pop-up message will be displayed in case certain events occur.

Enable sound notifications: turns on/off the sound alert for events notification.

Use classic sound scheme Windows Default: check this box to use the system default sound alerts.

Enable email notifications: if this box is checked, you will be notified by e-mail when certain events occur. Click on the E-mail settings… button to enter all the required data.

Click on the Settings… button to configure the notification settings for each event. You can check/uncheck one or more of the listed boxes according to your needs.

Monitored ports

Here you can specify which ports KIS should monitor when analysing the network traffic.

Monitor all network ports: all the ports will be monitored.

Monitor selected ports only: KIS will monitor only the most common ports. To edit the list of the monitored ports, click on the Select… button.

Encrypted connections scan

Scan encrypted connections: enables/disables the scanning of traffic through SSL encrypted connections. The SSL protocol supports the mutual authentication of both server and client, based on public-key certificates. In order to scan the encrypted connections, KIS will use its own security certificate.
Check the Scan encrypted connections box if you want the encrypted connections to be scanned, then click on the Install certificate… button and follow the installation wizard.
The automatic installation of the Kaspersky certificate will only work with Microsoft Internet Explorer. In other browsers, like Mozilla Firefox or Opera, you will have to install the certificate manually. The certificate file (Cert(fake)Kaspersky Anti-Virus personal root certificate.cer) is located in the following folder:

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Cert(fake)Kaspersky Anti-Virus personal root certificate.cer

Proxy server

If you connect to the Internet through a proxy server, click on the Proxy server settings… button to open the Proxy server settings window. Once there, you will be able to edit your proxy configuration.

Network package analysis

Show “Network package analysis” monitor: enables/disables the Network Package Analysis tool. The tool shows all the details about intercepted packets (date and time, source, destination, protocol etc.) and is intended for experienced users. When this box is checked, the Network Package Analysis item will be displayed in the Content Filtering section of the main program window.

Threats

Click on the Settings… button to specify which threat types should be detected by KIS in addition to viruses, worms ad Trojan programs. Some software like IRC clients, remote assistance tools, dialers, keyloggers etc., although they cannot be considered as malware, however pose a threat to your security. In the Threats list, many of such programs fall within the definition of “Other programs”. Check/uncheck one or more of the listed items according to your needs.

Exclusions

Click on the Trusted zone… button to add one or more objects to the exclusion list. The objects in the exclusion list will not be processed (or will be only partially processed) by KIS.

Trusted zone settings -> Exclusion rules tab

Click on the Add link to add a new item to the list. In the Properties area, check the Object box to select an object (file or folder) or the Threats type box to exclude a threat type from being processed by KIS.

Rule description:

Object: select object…: click on the select object… link to select the desired object and press the Browse… button to browse through your files. When working with folders, you may also want to check the Include subfolders box.

Threats type: enter threat name…: click on the enter threat name… link to specify a threat name. The names of threats should follow the definitions set out in the Virus Encyclopedia.

Protection components: any: if you want to specify to which component(s) the exclusion rule will apply, click on the any link and then on the select components… link. Check one or more boxes in the available list. Otherwise, if you want to apply the rule to all the components, then leave the any link as it is.

Trusted zone settings -> Trusted applications tab

Click on the Add link to add a new item to the list. From the drop-down menu, select the Browse… item if you want to browse through your files, or the Applications… item to choose the desired application from a list of running processes.

In the Exclusions area, check/uncheck one or more boxes according to your needs.

Exclusions:

Do not scan opened files: all the files opened by the trusted application will not be scanned.

Do not monitor application activity: the activity of the trusted application will not be checked for suspicious actions by the Proactive Defense component.

Do not scan network traffic: all the network traffic generated by the trusted application will not be scanned for viruses.

Rule description:

Do not scan all network traffic: click on the all link to limit the exclusion to the encrypted traffic.

any remote IP addresses: click on the any link and then on the specify link to restrict the exclusion to specific remote IP addresses.

any remote ports: click on the any link and then on the specify link to restrict the exclusion to specific remote ports.

Self-defense

Enable Self-Defense: turns on/off the Self-Defense, a mechanism used by KIS to prevent its own files and registry keys from being altered. Disabling the Self-Defense mechanism is not recommended.

Disable external service control: check/uncheck this box to block/allow any attempts to control the program from remote computers.

Compatibility

Enable advanced disinfection technology: turns on/off the advanced disinfection method. This method is used to remove the memory-resident malware on machine reboot.

Disable scheduled scans while running on battery power: if you are using the application on a laptop computer, then select this option to skip any scheduled scanning processes while running on battery power.

Concede resources to other applications: if this box is checked, the scanning process will pause if required, in order to free system resources for other critical processes.

Run mode: select the run mode for the update process. You can choose between Manually (the update will be run on demand), Automatically (the update will be automatically run at regular time intervals) or Every… (the update can be run at specified times or time intervals or under certain conditions, according to the options you set in the Run mode tab of the update settings).

Click on the Settings… button to display the Update settings window.

Click on the Restore… button to restore the default settings.

Update Settings -> Source tab

Select the preferred source for updates or add a new one by clicking on the Add link. You can enter either the address of an FTP/HTTP server or the path to a local or network folder.

By default, the preferred update source is Kaspersky Lab’s update servers. If the list contains multiple items, you will be able to change the priority level of each listed source by selecting it and clicking on the Move up or Move down link. To edit or remove an item, select it and click on the appropriate icon (the pencil or the X icon).

If you connect to the Internet through a proxy server, click on the Proxy server… button to open the Proxy server settings window. Once there, you will be able to edit your proxy configuration.

Regional settings

Detect automatically: the source server will be automatically selected.

Select from the list: the source server will be selected from the list. Choose the one closest to your location.

Update Settings -> Additional tab

During update

Update databases and application program modules: KIS will download both the updates for application databases (known viruses, application vulnerabilities, Anti-Spam recent terms, Parental Control unwanted sites etc.) and for program modules (program improvements and hotfixes).

Update application databases only: KIS will download only the application databases.

After update

Rescan quarantine: select this option if you want to have the files in the Quarantine folder automatically checked against the newly updated database.

Copy updates to folder: check this box in order to copy all the downloaded updates to a local folder and make them available to other users on your home network.

Update Settings -> Run mode tab

Schedule

Select the run mode for the update process. You can choose between Manually (the update will be run on demand), Automatically (the update will be automatically run at regular time intervals) or By schedule. By creating a schedule for the update process, you can specify how often you want the update to run. The update can run at specified times or time intervals or at application start-up.

User account

Run task as: check this box to perform the updates under a different Windows account.

In addition to the background scanning process performed by the Anti-Malware module, KIS provides a set of customizable scanning tasks. For instance, they can be used to perform the scanning process at specified times or on selected file types only.

Scan: a generic customizable scan task. You can also use this task to define global scan settings for all the tasks. To do so, click on the Apply button in the Other task settings section.

Full scan: a complete scan of your pc (system memory, start-up objects, system backup storage, hard and removable drives etc.).

Quick scan: a quick scan of system memory, start-up objects and disk boot sectors.

For each scanning task, you can specify the preset Security level and the default action to be performed when an infected or potentially infected object is detected.

Security level: you can choose between High, Recommended and Low. The higher the level is, the more thorough (and long) the scan will be.

On detection: specify the default action to be performed when an infected or potentially infected object is detected. You can choose between Prompt on completion (at the end of the scanning process, KIS will prompt you for the action to be taken on any detected threats), Prompt for action (you will be prompted for action during the scan, as the threats are detected) and Do not prompt (KIS will automatically take an action on the event according to the current settings).
Selecting the Do not prompt item, will bring up some additional options: Disinfect (KIS will try to repair the infected object), Delete (KIS will delete the infected object), or neither of them (KIS will only inform you about the threat).
When the Disinfect action is set as default, the Delete option will turn into Delete if disinfection fails: in this case you can select both the actions.

If you previously checked the Select action automatically box in the Protection section, then the On detection value will be set to Select action automatically.

Run mode: select the run mode for the current scan task. You can choose between Manually (the task will be run on demand) or Every… (the task will be run at specified times or time intervals or under certain conditions, according to the options you set in the Run mode tab of the task settings).

Click on the Restore… button to restore the default settings.

Click on the Settings… button to open the settings panel for the current task.

Task settings window -> Scope tab

File types

Here you can specify which file formats should be scanned.

All files: all files will be scanned without exceptions.

Files scanned by format: only files which format can be infected will be scanned (for instance, .txt files will be skipped). The format of each file will be determined by the analysis of its header information.

Files scanned by extension: only files which format can be infected will be scanned, but in this case the format will be determined on the base of the file extension (.doc, .exe, etc).
Warning: an infected file with changed extension (for instance, a virus.exe file renamed as virus.txt) will be skipped.

Scan optimization

Scan only new and changed files: only the new files or the files changed after the last scan will be analyzed.

Stop scan if it takes longer than…: if the duration of the scanning process for a single object will exceed the specified time limit, the file scan will stop.

Scan of compound files

Scan all/new archives: all the .arj, .cab, .ice, .jar, .lha, .rar and .zip archives (or only the new ones) will be unpacked and scanned.

Scan all/new installation packages: all the self-extracting installation archives (or only the new ones) will be unpacked and scanned.

Scan all/new embedded OLE object: all the objects embedded in files (or only the new ones), for instance the MS Excel objects embedded in MS Word files, will be scanned.

Parse email formats: if this box is checked, then KIS will parse and scan the e-mail format files and databases, otherwise any e-mail files will be treated as single objects.

Scan password-protected archives: password-protected archives will be scanned (you will be prompted to enter the required password).

Click on the Additional… button to access some additional settings.

Additional settings

Size limit

Do not unpack compound files larger than: archives larger than the specified size will not be unpacked.

Task settings window -> Additional tab

Scan methods

Here you can specify the scan method to be used for analyzing files.

Signature analysis: this is the standard scan method. KIS will compare the bit patterns of each file against a database of known virus signatures.

Heuristic analysis: the files will be virtually processed by a software emulator and monitored for suspicious activities. The heuristic method is useful to detect any unknown viruses before they have been included in the virus database. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan and Deep scan). The deeper the detail is, the longer the duration of the scan will be.

Signature scan of vulnerabilities: all applications will be checked for vulnerabilities against an updatable database of known vulnerabilities provided by Secunia.

Rootkit scan: the computer will be scanned for rootkits. Rootkits are hidden programs intended to hide something else: network connections, malware, registry keys etc.

Deep scan: turns on/off the deep scan for rootkits.

Scan technologies

iSwift and iChecker are proprietary scan technologies developed to reduce the duration of the scanning process.

iSwift: iSwift technology is based on the comparison results of object IDs under the NTFS file system.

iChecker: iChecker technology is based on the checksum (unique digital signature) comparison results. On the first scan, checksums are calculated for all files. During the next scans, KIS will exclude certain files from scanning, through comparing the actual checksums with the saved ones.

Both iChecker and iSwift use a complex algorithm that involves many different variables (like, for instance, the release date of the program database, the last scan date and any modifications made to the scan settings).

Task settings window -> Run mode tab

Schedule

Select the run mode for the current scan task. You can choose between Manually (the task will be run on demand) or By schedule.
By creating a schedule for scan task, you can specify how often you want the task to be run. The task can be run at specified times or time intervals or under certain conditions (for instance, at application start-up or after every update).

Run skipped tasks: when this box is checked, even if for some reasons the scheduled task cannot be run at the specified time, then it will be run later.

User account

Run task as: check this box to run the task under a different Windows account.