Security

In this section, you can learn how Kaspersky ensures the security of your computer.

Assessing computer protection status and resolving security issues

Problems with computer protection are symbolized by an indicator located in the upper part of the main application window. Green indicates that your computer is protected. Yellow indicates that there are protection problems and red indicates that your computer's security is at serious risk. You are advised to fix problems and security threats immediately.

You can open the Notification Center window by clicking the Details button in the main application window. This window provides detailed information about the protection status of the computer and suggests possible actions for rectifying problems and threats.

Problems with protection are grouped by categories. For each problem, a list is displayed of actions that you can take to solve the problem.

The Status section displays information about the computer protection status and subscription status. If problems are detected that must be fixed, a Fix button is displayed next to the notification; you can fix security problems by clicking this button.

The Recommendations section lists actions that should be performed to optimize operation of the application and use it more effectively.

The News section displays cybersecurity news.

Clicking the Show <N> ignored notifications button displays notifications to which the Ignore action has been applied. Ignored notifications do not affect the color of the protection indicator in the main application window.

How to fix security issues on your PC

To fix security issues on your PC:

1. Open the main application window of Kaspersky.
2. Click on the Details link in the upper part of the main application window to go to the Notification Center window.
3. Go to the Status section. This section displays security issues on your PC.
   • Select an issue from the list and click an action button, e.g. Fix.
   • Select Ignore from the drop-down list if you do not want to fix this issue now. You can view the list of ignored notifications later by clicking the Show N ignored notifications button.
4. Go to the Recommendations section. This section displays recommendations that are not mandatory but will help you optimize your usage of the application and better protect your PC.
   1. Select a suggestion from the list.
   2. Click the button next to a suggested action; for example, click the Enable button next to the Want to get rid of noisy pop-up ads? suggestion.
5. Go to the News section. In this section, you will find cybersecurity news. Use the navigation buttons to read the next news item or to go back to the previous news.

How to restore a deleted or disinfected file

Backup copies of deleted or disinfected files are placed in a special folder on your computer, named Quarantine. Backup copies of files are stored in a special format that is not dangerous to your computer. You can restore deleted or disinfected file from the backup copy stored in Quarantine.

We recommend that you avoid restoring deleted or disinfected files since they may pose a threat to your computer!

Kaspersky does not disinfect Windows Store apps. If scanning results indicate that such an app is dangerous, it is deleted from your computer. When a Windows Store app is deleted, Kaspersky does not create a backup copy of it. To restore such objects, you must use the recovery tools included with the operating system (for detailed information, see the documentation for the operating system that is installed on your computer) or update apps via the Windows Store.

To restore deleted or disinfected file:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the upper-right corner of the Kaspersky window, click the Quarantine button.

   The Quarantine window opens.

4. In the Quarantine window that opens, select the required file from the list and click the Restore button.

Scanning the computer

During the scan Kaspersky searches for infected files and malware. There are several types of scans that vary in their search duration and scope.

• Full Scan. Scans all areas of the computer. This scan requires a lot of time to complete.
• Quick Scan. Scans objects that are loaded when the operating system starts as well as system memory and boot files. This scan does not require a lot of time to complete.
• Selective Scan. Scans the selected file or folder.
• Removable drives scan. Scan of removable drives, such as hard drives and USB sticks connected to the computer.
• Context Menu Scan. This option scans files from the context menu.
• Background Scan. Scan of system memory, the system partition, boot sectors, and startup objects, as well as rootkits search.

• Application Vulnerability Scan. Scan the computer for vulnerabilities in applications that malware can exploit to infect your system.

After you install Kaspersky, we recommend that you perform a full scan of your computer.

How to run a Quick Scan

During a quick scan, Kaspersky scans the following objects by default:

• Objects loaded at the startup of the operating system;
• System memory
• Disk boot sectors.

To run a Quick Scan:

1. Open the main window of Kaspersky and perform the following actions:
   • Go to Home section, and click the Quick Scan button.
   • Go to the Security section.
     1. In the Scan section, click the Choose scan button.
     2. The Scan window opens.
     3. In the Scan window, select the Quick Scan section.
     4. In the Quick Scan section, click the Run scan button.

Kaspersky starts a quick scan of your computer.

How to run a Full Scan

During a full scan, Kaspersky scans the following objects by default:

• System memory
• Objects loaded on operating system startup;
• System backup storage;
• Hard drives and removable drives.

We recommend running a full scan immediately after installing Kaspersky to your computer.

To run a Full Scan:

1. Open the main window of Kaspersky and go to the Security section.
2. In the Scan section, click the Choose scan button.

   The Scan window opens.

3. In the Scan window, select the Full Scan section.
4. In the drop-down list next to the Scan now button, select the action to perform when the scan is complete.
5. Click the Run scan button.

Kaspersky starts a full scan of your computer.

How to run a Custom Scan

A Selective Scan lets you scan a file, folder, or drive for viruses and other threats.

To run a Custom Scan:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the Scan section, click the Choose scan button.

   The Scan window opens.

4. In the Scan window, select the Selective Scan section.
5. Click the Select button and specify an object in the file or folder selection window that opens.
6. Click the Run scan button.

How to run a removable drive scan

Removable drives that you connect to the computer may contain viruses or other applications that present a threat. Kaspersky scans removable drives to prevent your computer from becoming infected. You can configure a removable drive scan to be started manually or automatically when a removable drive is connected to the computer. Automatic scanning of removable drives is enabled by default.

To run a removable drive scan manually:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the Scan section, click the Choose scan button.

   The Scan window opens.

4. In the Scan window select the Removable drives scan section.
5. In the drop-down list, select the drive letter of the external device and click on the Run scan button.

Kaspersky will start scanning the connected device.

How to run a Context Menu File or Folder Scan

To run a Context Menu File or Folder Scan:

1. Right-click on the file or folder that needs to be scanned.
2. In the context menu that opens, select Scan for viruses.

Kaspersky will start scanning the selected file or folder.

In Microsoft Windows 11, you must expand the context menu of an object to see Kaspersky commands.

How to enable or disable a background scan

A Background scan is an automatic scan mode that does not display notifications. This scan requires fewer computer resources than other types of scans (for example, Full Scan). When in this mode, Kaspersky scans the system memory, system volumes, boot sectors and startup objects, and searches for rootkits.

A background scan is started in the following cases:

• After the anti-virus databases are updated.
• Thirty minutes after Kaspersky launch.
• Every six hours.
• If the computer remains idle for five or more minutes (after the screen saver is started).

A background scan is interrupted when any of the following conditions is met:

• The computer becomes active again.
• The computer (laptop) switches to battery mode.

If a background scan has not been performed for over ten days, the scan is not stopped. When running a background scan, Kaspersky does not scan files whose contents are located in OneDrive cloud storage.

To enable or disable a background scan:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the Scan section, click the Choose scan button.

   The Scan window opens.

4. Click the icon in the Background scan block.

   The Background scan settings window opens.

5. In the Background scan settings window, switch the toggle to On or Off.

How to create a scan schedule

To create a scan schedule:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the Scan section, click the Choose scan button.

   The Scan window opens.

4. In the Scan window, select the type of scan and click the icon.
5. In the opened window, click the Scan schedule link to proceed to the Scan schedule window.
6. In the Scan schedule window, in the Run scan list, select a period, such as Daily, and specify the time to start the scan.

A scan schedule cannot be created for the Scan from Context Menu or Background Scan.

How to search for vulnerabilities in applications installed on your computer

Applications installed on your computer may have vulnerabilities that can be exploited by malware. Scanning your computer will help find these vulnerabilities and prevent infection of your computer.

To run the Application Vulnerability Scan:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the Scan section, click the Choose scan button.

   The Scan window opens.

4. In the Scan window, select the Application Vulnerability Scan section.
5. Click the Run scan button.

Kaspersky starts scanning your computer for vulnerabilities in applications.

How to exclude a file, folder, or threat type from scanning

To exclude a file, folder, or threat type from scanning:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Go to Security settings → Threats and exclusions.
4. Click the Manage exclusions link to open the Exclusions window.
5. Click the Add button.
6. Add an exclusion in one of the following ways:
   • Click Browse and select the folder or file that you want to exclude from scanning. Click Select.
   • In the File or folder field, enter the full name or mask of the file or folder.
   • In the Object field, enter the full name or mask of the threat type in accordance with the Kaspersky classification of detected object.
   • If you fill in both fields, File or folder and Object, the specified file or folder is not scanned for the specified threat type.
   • In the File hash field, enter the hash if you want files to be excluded from scanning by their hashes.
7. Clear the check boxes for protection components that the exclusion rule must not apply to. Enter a comment if you like.
8. Select the Active status for the rule and click Add.

Specified objects are excluded from scanning.

Additional information about settings in the Threats and Exclusions window

Scanning files in OneDrive cloud storage

In Windows 10 RS3 or later, Kaspersky does not scan files in OneDrive cloud storage. If the application detects such files during a scan, it shows a notification stating that the files in cloud storage were not scanned.

The following components do not scan files in OneDrive cloud storage:

• Full Scan
• Selective Scan
• Quick Scan
• Background Scan.

The report on the operation of Kaspersky contains a list of files in OneDrive cloud storage that were skipped during scan.

Files downloaded from OneDrive cloud storage to a local computer are scanned by real-time protection components. If a file scan was postponed and the file has been uploaded back to OneDrive cloud storage before the scan is started, this file may be skipped during a scan.

When running applications and scripts, the Intrusion Prevention and System Watcher components download applications from the OneDrive cloud storage to the local computer to scan.

In order to make sure that OneDrive files are displayed in Explorer, turn on the Files on demand in the OneDrive client application feature. If you are connected to the Internet, you can use them just like any other files on your computer.

Update of anti-virus databases and application modules

This section contains information about database and application module updates.

About database and application module updates

The installation package of Kaspersky includes anti-virus databases and application modules. Using these databases:

• Kaspersky detects the majority of threats using Kaspersky Security Network, which requires an Internet connection.
• Kaspersky detects adware, auto dialers, and other legitimate software that can be used by intruders to damage your computer or personal data.

To get full protection, we recommend updating the anti-virus databases and application modules as soon as the application has been installed.

Anti-virus databases and program modules are updated in stages:

1. Kaspersky starts updating anti-virus databases and application modules according to the specified settings: automatically, on schedule, or on demand. The application contacts an update source that stores a anti-virus databases and application modules update package.
2. Kaspersky compares the existing databases with the databases available at the update source. If the databases are different, Kaspersky downloads the missing parts of the databases.

The application then uses the updated databases and application modules to scan the computer for viruses and other threats.

Update sources

You can use the following update sources:

• Kaspersky update servers
• HTTP or FTP server
• Network folder

Special considerations when updating anti-virus databases and application modules

Updates of anti-virus databases and application modules are subject to the following restrictions and specifics:

• Anti-virus databases are considered out of date after one day and extremely out of date after seven days.
• To download an update package from Kaspersky servers, an Internet connection is required.
• Updates of anti-virus databases and application modules are unavailable in the following cases:
  • The subscription has expired, and the grace period or limited functionality mode is not available.
  • A metered mobile Internet connection is used. This limitation applies on computers running under Microsoft Windows 8 or more recent versions of this operating system if automatic updates or scheduled updates are enabled and a traffic limit has been set for a metered mobile connection. If you want the application to update anti-virus databases and application modules in this case, clear the Limit traffic on metered connections check box in Settings → Security settings → Advanced settings → Network settings.
  • The application is used under subscription from a service provider, and you have suspended your subscription on the website of the service provider.

Installing an update package

When an update package (patch) is received, Kaspersky installs it automatically. To complete the installation of an update package, you must restart the computer. Until the computer is restarted, the application icon in the notification area is red, and the Kaspersky Notification Center window displays a prompt to restart the computer.

How to start an update of databases and application modules

To start an update of anti-virus databases and application modules:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. In the Anti-Virus Database Update window, click the Update button.

How to recover the operating system after infection

This section contains information on restoring the operating system after it has been infected with malware.

Recovering the operating system after infection

If you suspect that the operating system of your computer has been corrupted or modified due to malware activity or a system failure, use the Microsoft Windows Troubleshooting Wizard, which clears the system of any traces of malicious objects. Kaspersky recommends that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by infections have been fixed.

The Wizard checks whether there are any changes to the system, which can include access to the network being blocked, file name extensions for known formats being changed, Control Panel being blocked, etc. There are different reasons for these different kinds of damage. These reasons may include malware activity, incorrect system configuration, system failures, or malfunctioning applications for system optimization.

After the review is complete, the Wizard analyzes the information to evaluate whether there is system damage that requires immediate attention. Based on the review, the Wizard generates a list of actions that are necessary to eliminate the damage. The Wizard groups these actions by category based on the severity of the problems detected.

Troubleshooting the operating system by using the Microsoft Windows Troubleshooting Wizard

To run the Microsoft Windows Troubleshooting Wizard:

1. Open the main application window of Kaspersky.
2. Go to Security → Microsoft Windows Troubleshooting.
3. Click the Find damage button.

The Microsoft Windows Troubleshooting Wizard window opens.

The Wizard consists of a series of pages (steps), which you can navigate through by clicking the Back and Next buttons. To close the Wizard after it finishes, click the Done button. To stop the Wizard at any stage, click the Cancel button.

Let us review the steps of the Wizard in more detail.

Start recovery of the operating system

1. Select one of the two options for Wizard operation:
   • Search for damage caused by malware activity. The Wizard will search for problems and possible damages.
   • Roll back changes. The Wizard will roll back the fixes applied to previously identified problems and damages.
2. Click the Next button.

Search for problems

If you selected the Search for damage caused by malware activity option, the Wizard searches for problems and possible damages that should be fixed. When the search is complete, the Wizard proceeds automatically to the next step.

Select actions to fix damage

All damage found at the previous step is grouped based on the type of danger that it poses. For each damage group, Kaspersky recommends a set of actions to repair the damage.

There are three groups:

• Strongly recommended actions eliminate problems that pose a serious security threat. You are advised to repair all damage in this group.
• Recommended actions are aimed at repairing damage that may pose a threat. You are also advised to repair damage in this group.
• Additional actions repair operating system damage that is not dangerous now, but may pose a threat to the computer's security in the future.

Expand the list of the selected group to view damage within the group.

To get the Wizard to fix a specific type of damage, select the check box next to the damage description. By default, the Wizard fixes damage belonging to the groups of recommended and strongly recommended actions. If you do not want to fix a specific type of damage, clear the check box next to it.

It is strongly recommended that you not clear the check boxes selected by default, as doing so will leave your computer vulnerable to threats.

After you define the set of actions for the Wizard to perform, click the Next button.

Fix damage

The Wizard performs the actions selected during the previous step. It may take a while to fix damage. After fixing damage, the Wizard automatically proceeds to the next step.

Wizard completion

Click the Done button to exit the Wizard.

Operating system emergency recovery

The Kaspersky Rescue Disk application is intended for emergency recovery of the operating system. You can use Kaspersky Rescue Disk for scanning and disinfecting infected computers that cannot be disinfected using other methods (for example, with anti-virus applications).

More details on using Kaspersky Rescue Disk are available on the Technical Support website.

Handling unknown applications

Kaspersky helps to minimize the risk associated with using unknown applications (such as the risk of infection with viruses and other malware).

Kaspersky includes components and tools that allow checking an application's reputation and controlling its activities on your computer.

Checking application reputation

Kaspersky allows you to verify the reputation of applications with users all over the world. The reputation of an application comprises the following criteria:

• Name of the vendor
• Information about the
  digital signature

  An encrypted block of data embedded in a document or application. A digital signature is used to identify the author of the document or application. To create a digital signature, the document or application author must have a digital certificate proving the author's identity.

  A digital signature lets you verify the data source and data integrity and protect yourself against counterfeits.

  (if the application is digitally signed)
• Information about the group to which the application has been assigned by Intrusion Prevention or most users of Kaspersky Security Network;
• Number of users of Kaspersky Security Network who use the application (available if the application has been included in the Trusted group in the Kaspersky Security Network database);
• Time at which the application become known to Kaspersky Security Network;
• Countries in which the application is the most widespread.

Checking of application reputation is available if you have agreed to participate in Kaspersky Security Network.

To learn the reputation of an application:

Open the context menu of the application’s executable file and select Check reputation in KSN.

This opens a window with information about the reputation of the application in Kaspersky Security Network.

Intrusion Prevention

This functionality is not available on the Kaspersky Basic subscription plan.

The Intrusion Prevention component prevents applications from performing actions that may be dangerous for the operating system, and controls access to operating system resources (including file resources located on remote computers) and your personal data.

Intrusion Prevention tracks actions performed in the operating system by applications installed on the computer and regulates them based on rules. These rules restrict suspicious activity of applications, including access by applications to protected resources, such as files and folders, registry keys, and network addresses.

On 64-bit operating systems, applications' rights for the following actions cannot be configured:

• Direct access to physical memory
• Managing printer driver
• Service creation
• Service reading
• Service editing
• Service reconfiguration
• Service management
• Service start
• Service removal
• Access to internal browser data
• Access to critical objects of the operating system
• Access to password storage
• Setting debug privileges
• Use of program interfaces of the operating system
• Use of program interfaces of the operating system (DNS)
• Use of program interfaces of other applications
• Change system modules (KnownDlls)
• Start drivers

On 64-bit Microsoft Windows 8 and Microsoft Windows 10, applications' rights for the following actions cannot be configured:

• Sending windows messages to other processes
• Suspicious operations
• Installation of keyloggers
• Interception of inbound stream events
• Making of screenshots

Applications' network activity is controlled by the Firewall component.

When an application is started on the computer for the first time, Intrusion Prevention checks the safety of the application and assigns it to a group (Trusted, Untrusted, High Restricted, or Low Restricted). The group defines the rules that Kaspersky applies for controlling the activity of the application.

Kaspersky assigns applications to trust groups (Trusted, Untrusted, High Restricted, or Low Restricted) only if Intrusion Prevention or Firewall is enabled, and also when both these components are enabled. If both these components are disabled, the functionality that assigns applications to trust groups does not work.

You can edit application control rules manually.

The rules you create for applications are inherited by child applications. For example, if you deny all network activity for cmd.exe, that activity will also be denied for notepad.exe when it is started using cmd.exe. When an application is not a child of the application it runs from, rules are not inherited.

How to change Intrusion Prevention settings

This functionality is not available on the Kaspersky Basic subscription plan.

To change Intrusion Prevention settings:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Select the Security settings section.
4. Select the Intrusion Prevention component.
5. In the Intrusion Prevention settings window, click the Manage applications link to open the Manage applications window.
6. Select the application you need in the list and double-click its name to open the Application rules window.
7. To configure the rules for access by an application to operating system resources:
   1. On the Files and system registry tab, select the relevant resource category.
   2. Click the icon in the column with an available action for the resource (Read, Write, Delete, or Create) to open the menu. In the menu, select the relevant item (Inherit, Allow, Select action automatically, or Block).
8. To configure the rights of an application to perform various actions in the operating system:
   1. On the Rights tab, select the relevant category of rights.
   2. In the Action column, click the icon to open the menu and select the relevant item (Inherit, Allow, Select action automatically., or Block).
9. To configure the rights of an application to perform various actions on the network:
   1. On the Network rules tab, click the Add button.

      The Network rule window opens.

   2. In the window that opens, specify the required rule settings and click Save.
   3. Assign a priority to the new rule. To do so, select the rule and move it up or down the list.
10. To exclude certain application actions from the scan, on the Exclusions tab, select the check boxes for actions that you do not want to be controlled.
11. Click the Save button.

    All exclusions created in the Intrusion Prevention rules are accessible in the Kaspersky settings window, in the Threats and Exclusions section.

Intrusion Prevention monitors and restricts the actions of the application in accordance with the specified settings.

About protecting an audio stream coming from sound recording devices

This functionality is not available on the Kaspersky Basic subscription plan.

Intruders may attempt to receive the audio stream from sound recording devices by means of special software. Sound recording devices are microphones that are connected to or built into the computer and capable of transmitting an audio stream through the sound card interface (input signal). Kaspersky monitors which applications receive an audio stream from sound recording devices and protects the audio stream from unauthorized intercepts.

By default, Kaspersky blocks applications from Untrusted and High Restricted trust groups from receiving the audio stream coming from sound recording devices connected to the computer. You can manually allow applications to receive the audio stream from sound recording devices.

If an application from the Low Restricted trust group is requesting access to a sound recording device, Kaspersky displays a notification and prompts you to choose whether or not to allow this application to receive the audio stream from a sound recording device. If Kaspersky is unable to display this notification (for example, when the Kaspersky graphical interface has not yet loaded), the application from the Low Restricted trust group is allowed to receive the audio stream from a sound recording device.

All applications in the Trusted group are allowed to receive an audio stream from sound recording devices by default.

Audio stream protection has the following special features:

• The Intrusion Prevention component has to be enabled for this functionality to work.
• After the settings of application access to sound recording devices have been changed (for example, the application has been prohibited from receiving the audio stream in the Intrusion Prevention settings window), this application has to be restarted to stop it from receiving the audio stream.
• Control of access to the audio stream from sound recording devices does not depend on an application's webcam access settings.
• Kaspersky protects access to built-in microphones and external microphones only. Other audio streaming devices are not supported.
• Kaspersky allows an application to receive an audio stream and does not show any notifications if the application began to receive the audio stream before Kaspersky was started, or if you placed the application into the Untrusted or High Restricted group after the application began to receive the audio stream.

Kaspersky does not guarantee protection of the audio stream from such devices as DSLR cameras, camcorders, and action cameras.

How to change audio stream protection settings

This functionality is not available on the Kaspersky Basic subscription plan.

To change audio stream protection settings:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. Select the Intrusion Prevention component.
4. Click the Manage applications link to open the Manage applications window.
5. In the list, select the application for which you want to allow access to sound recording devices. Double-click the application to open the Application rules window.
6. In the Application rules window, go to the Rights tab.
7. In the list of rights categories, select Operating system modification → Suspicious modifications in the operating system → Access sound recording devices.
8. In the Action column, click the icon and select one of the menu items:
   • To allow the application to receive the audio stream, select Allow.
   • To deny the application access to the audio stream, select Block.
9. To receive notifications about instances of applications being allowed or denied access to the audio stream, in the Action column, click the icon and select Log events.
10. Click the Save button.

Protecting email

This section provides information about how to protect your email against spam, viruses, and other threats.

Configuring Mail Anti-Virus

Kaspersky allows scanning email messages for dangerous objects by using Mail Anti-Virus. Mail Anti-Virus starts when the operating system is started and remains constantly in the RAM of the computer, scanning all email messages that are sent or received over the POP3, SMTP, IMAP, and NNTP protocols, as well as via encrypted connections (SSL) over the POP3, SMTP, and IMAP protocols.

By default, Mail Anti-Virus scans both incoming and outgoing messages. If necessary, you can enable scanning of incoming messages only.

To configure Mail Anti-Virus:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Select the Security settings section.
4. In the Security settings window, select the Mail Anti-Virus component.

   The Mail Anti-Virus settings window opens.

5. Make sure that the switch in the upper part of the window that enables / disables Mail Anti-Virus, is enabled.
6. Select a security level:
   • Optimal. When this security level is set, Mail Anti-Virus scans incoming and outgoing messages and attached archives, and performs heuristic analysis with the Medium scan level of detail.
   • Low. If you select this security level, Mail Anti-Virus scans incoming messages only, without scanning attached archives.
   • Maximum. When this security level is set, Mail Anti-Virus scans incoming and outgoing messages and attached archives, and performs heuristic analysis with the Deep scan level of detail.
7. In the Action on threat detection section, select the action that you want Mail Anti-Virus to perform when an infected object is detected (for example, disinfect).

If no threats are detected in an email message, or if all infected objects have been successfully disinfected, the message becomes available for further access. If the component fails to disinfect an infected object, Mail Anti-Virus renames or deletes the object from the message and adds a notification to the message subject line, stating that the message has been processed by Kaspersky. Before deleting an object, Kaspersky creates a backup copy of it and places a copy in Quarantine.

When you upgrade to a more recent application version, the user-configured Mail Anti-Virus settings are not saved. The new application version will use the default Mail Anti-Virus settings.

If Kaspersky detects the password for the archive in the message text during scanning, the password is used to scan the contents of that archive for malware. The password is not saved. The archive is unpacked before scanning. If the application crashes while unpacking the archive, you can manually delete the files that are unpacked at the following path: %systemroot%\temp. The files have the PR prefix.

Blocking unwanted email (spam)

If you receive large amounts of unwanted messages (spam), we recommend that you enable the Anti-Spam component and set the Optimal security level for it.

To enable Anti-Spam and set the Optimal security level:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Select the Privacy settings section.
4. Select the Anti-Spam component.

   The window displays the settings of Anti-Spam.

5. Enable Anti-Spam using the switch.
6. In the Security level section, make sure that the Optimal security level is set.

The following limitations apply to Anti-Spam:

• The Anti-Spam component can only analyze messages that are fully downloaded from the mail server, regardless of the protocol used.
• The Anti-Spam component does not check mail transferred using MAPI protocol.

The Anti-Spam component is disabled when you upgrade to a more recent application version. You can enable the component manually.

In some Kaspersky versions, to enable the Anti-Spam component, you must accept the terms of the Statement regarding data processing for Anti-Spam.

Weak Settings Scan

In this section, you will learn about weak operating system settings, and how to search for and fix weak settings in the operating system.

About weak settings of the operating system

When you are working with a computer, operating system settings can be changed as a result of your actions or the actions of applications that you run. Changing the operating system settings can pose a risk to the security of your computer. For example, if automatic sign-in with the current user name and password is enabled in the browser, a third-party website can intercept your password.

Weak settings in the operating system can be divided into two types:

• Critical settings. Such settings are equated with vulnerabilities of the operating system.
• Recommended settings. You are advised to fix these settings to improve the security of the operating system.

By default, Kaspersky scans for weak settings of the operating system at least once a day. If Kaspersky detects weak settings in the operating system, it prompts you to fix them to restore the security of the operating system. More details about each weak setting are available on the Kaspersky Technical Support website.

You can click the link in the notification window to go to the Weak Settings Scan window that displays the weak settings detected in the operating system. Information about weak settings is also displayed in the Notification Center. You can proceed to view and fix the weak settings from the Notification Center.

In the Weak Settings Scan window, you can perform the following actions:

• Fix weak settings in the operating system.
• Ignore: Leave weak settings of the operating system unchanged.
• Cancel: Restore previously fixed weak settings of the operating system to their original state.

The application identifies weak settings of the operating system for all user accounts on your computer. You can fix weak settings for other user accounts on the computer only if you have logged in to the operating system under an administrator account.

If you are not an administrator of the computer, you can ignore weak settings only for your own user account. Only a computer administrator can ignore weak settings of all user accounts.

You can manually start a scan for weak settings or disable the scan for weak settings.

You can remotely manage the protection of your computer and send a command to fix weak settings from My Kaspersky.

How to find and fix weak settings in the operating system

To find and fix weak settings of the operating system:

1. Open the main application window of Kaspersky.
2. Select the Security section.
3. Under Security, select Weak Settings Scan.
4. Click the Scan button.

   This runs a Weak Settings Scan. After the scan is complete, you will see scan results in the Weak Settings Scan section.

5. Click View to go to the Weak Settings Scan window.
6. In the Weak Settings Scan window, select an action to take on weak settings:
   • Detected weak settings. Do one of the following:
     • Click the Fix all button to fix all weak settings.
     • Click the Fix button to fix a weak setting.
     • If open applications are interfering with fixing a weak setting, click the View button to view the list of interfering applications.

       To close applications that prevent the setting from getting fixed, do one of the following:

       • Click the button to the right of the name of the interfering application to shut it down normally. If the application detects any unsaved changes, it will prompt you to save them.
       • Click the Force close link to close all interfering applications without saving data.
     • In the drop-down list next to the Fix button, select Ignore to leave a weak setting unchanged.
     • In the drop-down list next to the Fix button, select Read more to view information about a weak setting on the Kaspersky Technical Support website.
   • Previously fixed weak settings.
     • Click the Cancel button to restore the fixed setting to its original state.
     • In the drop-down list next to the Cancel button, select Read more to view information about a weak setting on the Kaspersky Technical Support website.
   • Ignored settings. Click the Show all link next to the <N> ignored settings message to open the list of weak settings that you left unchanged, and click the Fix button.

How to enable Weak Settings Scan

To disable the Weak Settings Scan:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Go to the Performance settings section.
4. Click PC resource consumption.
5. Clear the Scan for weak operating system settings check box.

Kaspersky will not scan for weak settings of the operating system or show alerts about them.

Network Monitor

This functionality is not available on the Kaspersky Basic subscription plan.

Network Monitor allows you to view your PC's network activity data in real time, block network activity, or create network and packet rules for applications installed on your PC.

To go to the Network Monitor settings:

1. Open the main application window of Kaspersky.
2. Go to the Security section.
3. Under Network Monitor, click View.

This opens the Network Monitor window.

The Network activity section displays all the currently active network connections. It displays both the inbound and outbound connections. You can use the Block all network activity link to block all network connections.

The Open ports section lists all the open network ports. You can also use this section to create network and packet rules for applications.

The Network traffic section displays the volume of inbound and outbound network traffic between your PC and other computers on your network.

The Blocked computers section contains a list of IP addresses for remote computers from which the Network Attack Blocker has detected network attack attempts and has blocked their network activity.

Protection using hardware virtualization

In this section, you will learn how you can protect your computer using hardware virtualization.

About protection using hardware virtualization

When Kaspersky is installed in 64-bit Microsoft Windows 8, Microsoft Windows 8.1 or Microsoft Windows 10, it uses

Protection using hardware virtualization is enabled by default. If protection has been disabled manually, you can enable it in Kaspersky settings window.

On computers running 64-bit Microsoft Windows 8, Microsoft Windows 8.1 or Microsoft Windows 10, the protection provided by Kaspersky hardware virtualization (hypervisor) has the following limitations:

• This feature is not available when a third-party hypervisor is running, such as the hypervisor used by the VMware virtualization software. After you close the third-party hypervisor, protection against screenshots becomes available again.
• The feature is not available if the CPU of your computer does not support hardware virtualization technology. For more details on whether your CPU supports hardware virtualization, please refer to the documentation shipped with your computer or to the website of the CPU manufacturer.
• The feature is not available if a third-party hypervisor (such as the VMware hypervisor) is running when you start Protected Browser.
• The feature is not available if hardware virtualization is disabled on your computer. For details on how to enable hardware virtualization on your computer, please refer to your computer's technical documentation or visit the website of your processor's manufacturer.
• The feature is not available if Device Guard is enabled in the Microsoft Windows 10 operating system.
• The feature is not available if Virtualization Based Security (VBS) is enabled in the Microsoft Windows 10 operating system.

How to enable protection using hardware virtualization

To enable protection using hardware virtualization:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Go to Security → Secure Data Input.
4. Select the Use hardware virtualization if available check box. This check box is displayed when the application is installed on a 64-bit version of Windows 8, Windows 8.1 and Windows 10.
5. Select the Use advanced features of hardware virtualization check box if you want to turn hardware virtualization on when the operating system starts.

If hardware virtualization is disabled on your computer, protection using hardware virtualization will be disabled.

Protection using Antimalware Scan Interface (AMSI)

This section informs you that third-party applications such as Microsoft Office can send scripts to Kaspersky to be scanned using the Antimalware Scan Interface (AMSI), and describes how to disable protection using the AMSI in Kaspersky.

About protection using Antimalware Scan Interface

Antimalware Scan Interface (AMSI) allows a third-party application that supports AMSI to send objects (for example, PowerShell scripts) to Kaspersky for additional scanning and to receive scan results for these objects. For example, Microsoft Office applications can be such third-party applications. For more information about the AMSI interface, refer to Microsoft documentation.

Antimalware Scan Interface allows only to detect a threat and notify a third-party application about the detected threat. After receiving the threat notification, the third-party application prevents malicious actions (for example, shuts down).

Kaspersky may decline a request from a third-party application if, for example, this application exceeds the maximum number of requests allowed for a period. In this case, Kaspersky displays a notification about the declined request. If you receive such a notification, you do not have to perform any actions.

Protection using Antimalware Scan Interface is available in the Windows 10 Home / Pro / Education / Enterprise operating systems.

How to enable protection using Antimalware Scan Interface

To enable protection using Antimalware Scan Interface:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Go to Security settings → AMSI Protection.
4. In the Script scanner section, select the Scan scripts using Antimalware Scan Interface (AMSI) check box.

How to exclude a script from scanning using Antimalware Scan Interface

To exclude a script from scanning using Antimalware Scan Interface:

1. Open the main application window of Kaspersky.
2. Click the button in the lower part of the main window.

   The Settings window opens.

3. Go to Security settings → AMSI Protection.
4. In the Script scanner section, select the Scan scripts using Antimalware Scan Interface (AMSI) check box.
5. Click the Manage exclusions link to go to the Exclusions window.
6. In the Exclusions window, click the Add button.

   The Add new exclusion window opens.

7. In the File or folder field, specify the folder with the script.
8. In the Object field, specify the name of the script.

   You can also add several files of the same type to the exclusions by using a mask.

9. In the Protection components section, select the check box next to the File Anti-Virus component.
10. Select the Active status.

The specified object will not be scanned using Antimalware Scan Interface.