Kaspersky Antivirus

Monitored ports

Here you can specify which ports KIS should monitor when analysing the network traffic.

Monitor all network ports: all the ports will be monitored.

Monitor selected ports only: KIS will monitor only the most common ports. To edit the list of the monitored ports, click on the Select… button.

Encrypted connections scan

Scan encrypted connections: enables/disables the scanning of traffic through SSL encrypted connections. The SSL protocol supports the mutual authentication of both server and client, based on public-key certificates. In order to scan the encrypted connections, KIS will use its own security certificate.
Check the Scan encrypted connections box if you want the encrypted connections to be scanned, then click on the Install certificate… button and follow the installation wizard.
The automatic installation of the Kaspersky certificate will only work with Microsoft Internet Explorer. In other browsers, like Mozilla Firefox or Opera, you will have to install the certificate manually. The certificate file (Cert(fake)Kaspersky Anti-Virus personal root certificate.cer) is located in the following folder:

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Cert(fake)Kaspersky Anti-Virus personal root certificate.cer

Proxy server

If you connect to the Internet through a proxy server, click on the Proxy server settings… button to open the Proxy server settings window. Once there, you will be able to edit your proxy configuration.

Network package analysis

Show “Network package analysis” monitor: enables/disables the Network Package Analysis tool. The tool shows all the details about intercepted packets (date and time, source, destination, protocol etc.) and is intended for experienced users. When this box is checked, the Network Package Analysis item will be displayed in the Content Filtering section of the main program window.

Threats

Click on the Settings… button to specify which threat types should be detected by KIS in addition to viruses, worms ad Trojan programs. Some software like IRC clients, remote assistance tools, dialers, keyloggers etc., although they cannot be considered as malware, however pose a threat to your security. In the Threats list, many of such programs fall within the definition of “Other programs”. Check/uncheck one or more of the listed items according to your needs.

Exclusions

Click on the Trusted zone… button to add one or more objects to the exclusion list. The objects in the exclusion list will not be processed (or will be only partially processed) by KIS.

Trusted zone settings -> Exclusion rules tab

Click on the Add link to add a new item to the list. In the Properties area, check the Object box to select an object (file or folder) or the Threats type box to exclude a threat type from being processed by KIS.

Rule description:

Object: select object…: click on the select object… link to select the desired object and press the Browse… button to browse through your files. When working with folders, you may also want to check the Include subfolders box.

Threats type: enter threat name…: click on the enter threat name… link to specify a threat name. The names of threats should follow the definitions set out in the Virus Encyclopedia.

Protection components: any: if you want to specify to which component(s) the exclusion rule will apply, click on the any link and then on the select components… link. Check one or more boxes in the available list. Otherwise, if you want to apply the rule to all the components, then leave the any link as it is.

Trusted zone settings -> Trusted applications tab

Click on the Add link to add a new item to the list. From the drop-down menu, select the Browse… item if you want to browse through your files, or the Applications… item to choose the desired application from a list of running processes.

In the Exclusions area, check/uncheck one or more boxes according to your needs.

Exclusions:

Do not scan opened files: all the files opened by the trusted application will not be scanned.

Do not monitor application activity: the activity of the trusted application will not be checked for suspicious actions by the Proactive Defense component.

Do not scan network traffic: all the network traffic generated by the trusted application will not be scanned for viruses.

Rule description:

Do not scan all network traffic: click on the all link to limit the exclusion to the encrypted traffic.

any remote IP addresses: click on the any link and then on the specify link to restrict the exclusion to specific remote IP addresses.

any remote ports: click on the any link and then on the specify link to restrict the exclusion to specific remote ports.

Self-defense

Enable Self-Defense: turns on/off the Self-Defense, a mechanism used by KIS to prevent its own files and registry keys from being altered. Disabling the Self-Defense mechanism is not recommended.

Disable external service control: check/uncheck this box to block/allow any attempts to control the program from remote computers.

Compatibility

Enable advanced disinfection technology: turns on/off the advanced disinfection method. This method is used to remove the memory-resident malware on machine reboot.

Disable scheduled scans while running on battery power: if you are using the application on a laptop computer, then select this option to skip any scheduled scanning processes while running on battery power.

Concede resources to other applications: if this box is checked, the scanning process will pause if required, in order to free system resources for other critical processes.

Run mode: select the run mode for the update process. You can choose between Manually (the update will be run on demand), Automatically (the update will be automatically run at regular time intervals) or Every… (the update can be run at specified times or time intervals or under certain conditions, according to the options you set in the Run mode tab of the update settings).

Click on the Settings… button to display the Update settings window.

Click on the Restore… button to restore the default settings.

Update Settings -> Source tab

Select the preferred source for updates or add a new one by clicking on the Add link. You can enter either the address of an FTP/HTTP server or the path to a local or network folder.

By default, the preferred update source is Kaspersky Lab’s update servers. If the list contains multiple items, you will be able to change the priority level of each listed source by selecting it and clicking on the Move up or Move down link. To edit or remove an item, select it and click on the appropriate icon (the pencil or the X icon).

If you connect to the Internet through a proxy server, click on the Proxy server… button to open the Proxy server settings window. Once there, you will be able to edit your proxy configuration.

Regional settings

Detect automatically: the source server will be automatically selected.

Select from the list: the source server will be selected from the list. Choose the one closest to your location.

Update Settings -> Additional tab

During update

Update databases and application program modules: KIS will download both the updates for application databases (known viruses, application vulnerabilities, Anti-Spam recent terms, Parental Control unwanted sites etc.) and for program modules (program improvements and hotfixes).

Update application databases only: KIS will download only the application databases.

After update

Rescan quarantine: select this option if you want to have the files in the Quarantine folder automatically checked against the newly updated database.

Copy updates to folder: check this box in order to copy all the downloaded updates to a local folder and make them available to other users on your home network.

Update Settings -> Run mode tab

Schedule

Select the run mode for the update process. You can choose between Manually (the update will be run on demand), Automatically (the update will be automatically run at regular time intervals) or By schedule. By creating a schedule for the update process, you can specify how often you want the update to run. The update can run at specified times or time intervals or at application start-up.

User account

Run task as: check this box to perform the updates under a different Windows account.

In addition to the background scanning process performed by the Anti-Malware module, KIS provides a set of customizable scanning tasks. For instance, they can be used to perform the scanning process at specified times or on selected file types only.

Scan: a generic customizable scan task. You can also use this task to define global scan settings for all the tasks. To do so, click on the Apply button in the Other task settings section.

Full scan: a complete scan of your pc (system memory, start-up objects, system backup storage, hard and removable drives etc.).

Quick scan: a quick scan of system memory, start-up objects and disk boot sectors.

For each scanning task, you can specify the preset Security level and the default action to be performed when an infected or potentially infected object is detected.

Security level: you can choose between High, Recommended and Low. The higher the level is, the more thorough (and long) the scan will be.

On detection: specify the default action to be performed when an infected or potentially infected object is detected. You can choose between Prompt on completion (at the end of the scanning process, KIS will prompt you for the action to be taken on any detected threats), Prompt for action (you will be prompted for action during the scan, as the threats are detected) and Do not prompt (KIS will automatically take an action on the event according to the current settings).
Selecting the Do not prompt item, will bring up some additional options: Disinfect (KIS will try to repair the infected object), Delete (KIS will delete the infected object), or neither of them (KIS will only inform you about the threat).
When the Disinfect action is set as default, the Delete option will turn into Delete if disinfection fails: in this case you can select both the actions.

If you previously checked the Select action automatically box in the Protection section, then the On detection value will be set to Select action automatically.

Run mode: select the run mode for the current scan task. You can choose between Manually (the task will be run on demand) or Every… (the task will be run at specified times or time intervals or under certain conditions, according to the options you set in the Run mode tab of the task settings).

Click on the Restore… button to restore the default settings.

Click on the Settings… button to open the settings panel for the current task.

Task settings window -> Scope tab

File types

Here you can specify which file formats should be scanned.

All files: all files will be scanned without exceptions.

Files scanned by format: only files which format can be infected will be scanned (for instance, .txt files will be skipped). The format of each file will be determined by the analysis of its header information.

Files scanned by extension: only files which format can be infected will be scanned, but in this case the format will be determined on the base of the file extension (.doc, .exe, etc).
Warning: an infected file with changed extension (for instance, a virus.exe file renamed as virus.txt) will be skipped.

Scan optimization

Scan only new and changed files: only the new files or the files changed after the last scan will be analyzed.

Stop scan if it takes longer than…: if the duration of the scanning process for a single object will exceed the specified time limit, the file scan will stop.

Scan of compound files

Scan all/new archives: all the .arj, .cab, .ice, .jar, .lha, .rar and .zip archives (or only the new ones) will be unpacked and scanned.

Scan all/new installation packages: all the self-extracting installation archives (or only the new ones) will be unpacked and scanned.

Scan all/new embedded OLE object: all the objects embedded in files (or only the new ones), for instance the MS Excel objects embedded in MS Word files, will be scanned.

Parse email formats: if this box is checked, then KIS will parse and scan the e-mail format files and databases, otherwise any e-mail files will be treated as single objects.

Scan password-protected archives: password-protected archives will be scanned (you will be prompted to enter the required password).

Click on the Additional… button to access some additional settings.

Additional settings

Size limit

Do not unpack compound files larger than: archives larger than the specified size will not be unpacked.

Task settings window -> Additional tab

Scan methods

Here you can specify the scan method to be used for analyzing files.

Signature analysis: this is the standard scan method. KIS will compare the bit patterns of each file against a database of known virus signatures.

Heuristic analysis: the files will be virtually processed by a software emulator and monitored for suspicious activities. The heuristic method is useful to detect any unknown viruses before they have been included in the virus database. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan and Deep scan). The deeper the detail is, the longer the duration of the scan will be.

Signature scan of vulnerabilities: all applications will be checked for vulnerabilities against an updatable database of known vulnerabilities provided by Secunia.

Rootkit scan: the computer will be scanned for rootkits. Rootkits are hidden programs intended to hide something else: network connections, malware, registry keys etc.

Deep scan: turns on/off the deep scan for rootkits.

Scan technologies

iSwift and iChecker are proprietary scan technologies developed to reduce the duration of the scanning process.

iSwift: iSwift technology is based on the comparison results of object IDs under the NTFS file system.

iChecker: iChecker technology is based on the checksum (unique digital signature) comparison results. On the first scan, checksums are calculated for all files. During the next scans, KIS will exclude certain files from scanning, through comparing the actual checksums with the saved ones.

Both iChecker and iSwift use a complex algorithm that involves many different variables (like, for instance, the release date of the program database, the last scan date and any modifications made to the scan settings).

Task settings window -> Run mode tab

Schedule

Select the run mode for the current scan task. You can choose between Manually (the task will be run on demand) or By schedule.
By creating a schedule for scan task, you can specify how often you want the task to be run. The task can be run at specified times or time intervals or under certain conditions (for instance, at application start-up or after every update).

Run skipped tasks: when this box is checked, even if for some reasons the scheduled task cannot be run at the specified time, then it will be run later.

User account

Run task as: check this box to run the task under a different Windows account.

Parental Control Settings -> Child tab

Restriction level

You can choose between High, Recommended and Low. The High level will cover all the content categories (”Pornography, erotic materials”, “Drugs”, “Violence”, “Explicit language”, “Weapons”, “Gambling”, “Chat”, “Web mail”), the Recommended level will cover all the categories but two (”Chat” and “Web mail”), the Low level will cover only “Pornography, erotic materials”, “Drugs”, “Violence” and “Explicit language”. You can also select a custom level of restriction if required, by checking/unchecking the desired boxes in the settings window.

Click on the By default button to change the security level to default.

Click on the Settings… button to open the settings window for Child profile.

Action

You can specify the default action to be performed when an attempt to access an unsuitable site is detected. There are two available options: Log Event and Block access.

Time limit

The time limit option allows you to restrict Internet access at specified times and/or limit the total daily Internet access time.

Click on the Settings… button to display the Time limit settings window.

Child profile settings:

Blocked categories of websites: check/uncheck one or more boxes according to your needs.

“White” list: all the addresses listed here will not be blocked. Use the Add link to add new addresses to the list or click on the Edit/Delete links to edit/delete the existing ones. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character).

“Black” list: all the addresses listed here will be blocked. Use the Add link to add new addresses to the list or click on the Edit/Delete links to edit/delete the existing ones. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character).

Time limit settings:

Limit daily operating time on the Internet: check this box to enter the maximum number of hours per day your child should spend surfing the net.

Allow Internet access at a specified time: check this box and click on the Add link in order to set the time interval during which the Internet access will be allowed.

Parental Control Settings -> Teenager tab

Check the Use profile box to activate the Teenager profile.

User identification

Password: set here a password for profile switching. In order to switch to a protected profile, the users will be required to enter the password you set. You can switch to a different profile by clicking on the User profile link in the Content Filtering section of the main program window.

Click on the Users… button and then on the Add new item link to assign the current profile to a specific Windows user account.

Customize the Restriction level, the Action and the Time limit options in the same way explained above for the Child profile.

Parental Control Settings -> Parent tab

Check the Use profile box to activate the Parent profile.

Password: set here a password for profile switching. In order to switch to a protected profile, the users will be required to enter the password you set. You can switch to a different profile by clicking on the User profile link in the Content Filtering section of the main program window.

Click on the Users… button and then on the Add new item link to assign the current profile to a specific Windows user account.

When the Parental Control is enabled, if you have not set before a password for application access, you will be prompted to set it now. By restricting the access to the program, you will prevent the Parental Control settings from being changed.

Banner Ad Blocker Settings -> General tab

Here you will find a list of regular expressions that match the URLs of the most common publicity banners. You can check/uncheck one or more of the listed masks according to your needs.
You can also check the Use heuristic analyzer box in order to block the banners that cannot be matched by the regular expressions.

Banner Ad Blocker Settings -> “Black” list tab

All the addresses listed here will be blocked. Use the Add link to add new addresses to the list. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character). The “Black” list can also be imported from or exported to *.txt files.

Banner Ad Blocker Settings -> “White” list tab

All the addresses listed here will not be blocked. Use the Add link to add new addresses to the list. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character). The “White” list can also be imported from or exported to *.txt files.

Connectivity

POP3/SMTP/NNTP/IMAP traffic: KIS will check e-mails for spam at protocol level.

Additional: Microsoft Office Outlook plug-in: enables/disables the plug-in for Microsoft Outlook e-mail client.

Additional: Microsoft Outlook Express plug-in: enables/disables the plug-in for Microsoft Outlook Express e-mail client.

Additional: Thunderbird plug-in: enables/disables the plug-in for Mozilla Thunderbird e-mail client.

Additional: TheBat! plug-in: enables/disables the plug-in for TheBat! e-mail client.

If the plug-in integration is enabled, some additional program-specific options will be available. For instance, an additional configuration panel will be available in Outlook (Tools -> Options -> Anti-Spam) and Outlook Express and two buttons (to be used to label messages as spam or not spam), will be displayed on the toolbar.

Microsoft Office Outlook

Microsoft Outlook Express

Incoming messages

Open Mail Dispatcher when receiving e-mail through POP3 protocol: allows you to check the list of messages directly on the server, before they have been downloaded to your computer. In this way you can decide whether the received messages should be rejected or accepted. When a message is received through POP3 protocol, the Mail Dispatcher window will popup showing the list of the messages on the server.

Outgoing messages

Train using outgoing e-mail messages: your first 50 outgoing messages will be used to build the white list of trusted senders. Messages sent from whitelisted senders will not be classified as spam.

Exclusions

Do not check Microsoft Exchange Server native messages: if this option is selected, all the e-mails sent within the intranet will not be checked for spam. In order to have this function working properly, it is required that all the users mailboxes are located on a single Exchange server (or different servers linked with X400 connectors) and Microsoft Office Outlook is the default e-mail client.

Anti-Spam Settings -> Algorithms tab

Recognition algorithms

Phrases analysis using the updatable database (Recent terms): all phrases in your incoming messages will be checked against an updatable database of phrases that are typical of spam.

Use “large” updatable database: an extended database of spam phrases will be used.

Message header analysis (PDB technology): the headers of e-mail messages will be analyzed on the base of heuristic rules.

Image recognition (GSG technology): e-mail messages will be checked for spam images.

Self-training text recognition algorithm (iBayes): e-mail messages will be checked by an algorithm based on the Bayes theorem (conditional probabilities). Messages will be classified according to the frequency with which typical spam words occur.
In order to have this feature working at its full potential, a training procedure is required. Click on the train link in the Content Filtering section of the main program window to run the training procedure.

Spam rate

Add label [!!SPAM] to subject if message has spam rating above: if the e-mail message is rated with a probability value greater than this, then it will be labelled as Spam (the [!!SPAM] tag will be added to the Subject field).

Probable spam rate

Add label [??Probable spam] to subject if message has spam rating above: if the e-mail message is rated with a probability value greater than this, then it will be labelled as Probable Spam (the [??Probable Spam] tag will be added to the Subject field).

Click on the Additional… button to access some additional setting options.

The spam rating for the message will be increased when one or more of the selected conditions are verified.

After you checked the desired item, you can also set the rating value to be assigned to the message if the specified condition is verified.

“Not addressed to me”: all the messages sent to an address different than yours will be labelled as spam. If you have checked this box, then click on the My addresses… button to enter your e-mail address(es).

Anti-Spam -> “White” list tab

All the e-mail messages sent from the addresses listed here or containing any phrases listed here, will not be classified as spam. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character); for instance, *@kaspersky.com, *@kaspersky*, proof@kaspersky.??? etc. The “White” list can also be imported from Microsoft Outlook and Microsoft Outlook Express address book files and from *.txt or *.csv files.

Anti-Spam -> “Black” list tab

All the e-mail messages sent from the addresses listed here or containing any phrases listed here, will be classified as spam. You can enter address masks as well, by using the wildcards * (any sequence of characters) and ? (any single character).

Enable Content Filtering: turns on/off the Content Filtering component. By unchecking this box, you will stop all the three modules of the Content Filtering component.

Anti-Spam

The Anti-Spam module checks your e-mails for unwanted messages against an updatable database of phrases that are typical of spam, a white and black list and through other filtering technologies (like PDB, GSG and iBayes).

Enable Anti-Spam: turns on/off the Anti-Spam component.

Click on the Sensitivity level link to select the desired sensitivity level for anti-spam filter. You can choose between High, Recommended and Low. The level of sensitivity will affect the rating system for spam and probable spam, by increasing or decreasing the minimum rate required for messages to be labelled as spam and probable spam.

Click on the Settings… button to display the Anti-Spam settings.

Banner Ad Blocker

The Banner Ad Blocker module blocks the display of publicity banners on Web pages and advertising frames embedded into programs.

Enable Banner Ad Blocker: turns on/off the Banner Ad Blocker component.

Click on the Settings… button to display the Banner Ad Blocker settings.

Parental Control

The Parental Control module restricts access to Web pages which are known to be unsuitable for children.

There are 3 different Web access profiles, based on 3 different rulesets: Child (set as default profile), Teenager and Parent. The Child profile uses the highest restriction level, the Parent profile has no restrictions.

Both the Child and Teenager profiles are customizable but cannot be deleted.

Click on the Settings… button to display the Parental Control settings.

Enable Online Security: turns on/off the Online Security monitoring system. By unchecking this option, you will simultaneously disable all the three components of the Online Security protection. Disabling the Online Security protection is not recommended, as it will leave your computer vulnerable to hacker attacks.

Anti-Phishing

Anti-Phishing will automatically block any attempts to access known phishing sites.

Enable Anti-Phishing: turns on/off the Anti-Phishing component.

Intrusion Prevention System

The Intrusion Prevention System monitors your network traffic for signs of malicious or suspicious activity. All known attacks are defeated by KIS and any further access from the IP address of the attacking system is blocked for a certain time interval. You can set the time interval for this feature by entering a value in the provided field.

Enable Intrusion Prevention System: turns on/off the Intrusion Prevention System component.

Anti-Dialer

The Anti-Dialer component detects and blocks all the hidden, unauthorized dial-up connections. In case an attempt to establish an unauthorized connection is detected, you will be prompted to select the desired action (allow or block).

Enable Anti-Dialer: turns on/off the Anti-Dialer component.

Click on the Settings… button to edit the list of trusted numbers. All the connections established through trusted numbers will be allowed.