When the interactive protection mode is enabled, you can view the information on the incidents collected System Watcher in a form malware activity data report. This may help you select the action to be performed on detected malware.
On detection of the potentially harmful program, the link to the System Watcher report displays in the upper part of the notification window.
Automatic Exploit Prevention
The System Watcher component features the technology of preventing and blocking actions of exploit programs.
Application Privilege Control
System Watcher analyzes applications activity. If an application is identified as malware, one of the following actions will be performed (according to the selected protection mode):
-
Select action automatically (if the automatic protection mode is enabled). In this case, System Watcher automatically performs actions recommended by Kaspersky Lab specialists.
-
Prompt for action (if the interactive protection mode is enabled). In this case, System Watcher notifies you about the detection of suspicious activity in the system and prompt you for action: allow or block actions.
-
Delete the malware.
-
Terminate the malware (all processes of the malware will be terminated).
-
Ignore ( no actions will be performed on the malware).
Rollback of malware actions
Based on the collected information, the System Watcher component allows you to roll back actions performed by malware. In Kaspersky Small Office Security 4 for Personal Computer, the information about suspicious actions in the system is collected not only for the current session, but also for previous sessions. This allows to roll back all actions performed by the application if it is subsequently recognized as malicious.
Rolling back actions after malicious activity is detected in the system can be initiated by the System Watcher component based on the patterns of dangerous behaviour, during a virus scan task, or during the operations of File Anti-Virus.
Protection against screen lockers
The System Watcher component features the technology of protection against screen lockers. If you see a banner with a demand that you send a text message or make a money transfer to unlock the computer, use a keyboard shortcut that will enable Kaspersky Small Office Security 4 for Personal Computer meachanism that will detect and remove the screen locker.
Protection from cryptoviruses
The System Watcher component features the technology of blocking the actions of cryptoviruses.
When a cryptovirus attempts to encrypt a file, Kaspersky Small Office Security 4 for Personal Computer automatically creates a backup copy of the file before it is affected. Backup copies are stored in the system Temp folder (temporary files storage). If the file gets encrypted by a cryptovirus, Kaspersky Small Office Security 4 for PC automatically restores it from a backup copy.
Please note:
- The backup copy is not created and no notification on backup failure is sent if there is not enough space on the system disk where the Temp folder is located.
- Backup copies are removed when Kaspersky Small Office Security 4 for Personal Computer is closed or System Watcher is disabled.
- Backup copies are not removed if Kaspersky Small Office Security 4 for Personal Computer is stopped unexpectedly. If necessary, you can remove backup copies manually by deleting the contents of the Temp folder.