Page 1 KASPERSKY LAB ® Kaspersky Internet Security 6.0 USER GUIDE...
Page 2 K A S P E R S K Y I N T E R N E T S E C U R I T Y 6 . 0 User Guide © Kaspersky Lab http://www.kaspersky.com Revision date: January 2007...
Page 3: Table Of Contents
1.5. What to do if you suspect infection ..............18 1.6. Preventing Infection..................... 19 CHAPTER 2. KASPERSKY INTERNET SECURITY 6.0 ..........21 2.1. What’s new in Kaspersky Internet Security 6.0..........21 2.2. The elements of Kaspersky Internet Security Defense........24 2.2.1. Protection components................. 24 2.2.2.
Page 4 Internet Security 6.0 3.2.7. Application Integrity Control................40 3.2.8. Configuring Anti-Hacker settings..............41 3.2.8.1. Determining a security zone’s status ............ 41 3.2.8.2. Creating a list of network applications........... 43 3.2.9. Finishing the Setup Wizard ................43 3.3. Installing the program from the command prompt ..........43 3.4.
Page 5 Table of Contents 6.4. Starting virus scan and update tasks under another profile....... 77 6.5. Configuring virus scan and update schedules ........... 78 6.6. Power options...................... 80 6.7. Advanced Disinfection Technology ..............81 CHAPTER 7. FILE ANTI-VIRUS ................... 82 7.1. Selecting a file security level ................82 7.2.
Page 6 Internet Security 6.0 10.1.3. Office Guard....................126 10.1.4. Registry Guard..................128 10.1.4.1. Selecting registry keys for creating a rule ......... 130 10.1.4.2. Creating a Registry Guard rule............131 CHAPTER 11. ANTI-SPY.................... 134 11.1. Configuring Anti-Spy ..................136 11.1.1. Creating Popup Blocker trusted address list ........... 136 11.1.2.
Page 7 Table of Contents 13.3.2. Selecting spam filtration technologies............172 13.3.3. Defining spam and potential spam factors ..........173 13.3.4. Creating white and black lists manually........... 174 13.3.4.1. White lists for addresses and phrases ..........175 13.3.4.2. Black lists for addresses and phrases..........176 13.3.5.
Page 8 Internet Security 6.0 16.4.3. Configuring connection settings............... 213 16.4.4. Update distribution..................215 16.4.5. Actions after updating the program............217 CHAPTER 17. ADVANCED OPTIONS ..............218 17.1. Quarantine for potentially infected objects............219 17.1.1. Actions with quarantined objects.............. 220 17.1.2. Setting up Quarantine................222 17.2.
Page 9 Table of Contents 17.10.1. Creating a rescue disk................252 17.10.1.1. Getting ready to write the disk............252 17.10.1.2. Creating an .iso file ................253 17.10.1.3. Burning the disk ................253 17.10.1.4. Finishing creating a rescue disk............253 17.10.2. Using the rescue disk ................254 17.11.
Page 10 Internet Security 6.0 A.1. List of files scanned by extension..............282 A.2. Possible file exclusion masks ................284 A.3. Possible exclusion masks by Virus Encyclopedia classification ..... 285 APPENDIX B. KASPERSKY LAB................286 B.1. Other Kaspersky Lab Products ................ 287 B.2.
Page 11: Chapter 1. Threats To Computer Security
CHAPTER 1. THREATS TO COMPUTER SECURITY As information technology has rapidly developed and penetrated many aspects of human existence, so the number and range of crimes aimed at breaching information security has grown. Cyber criminals have shown great interest in the activities of both state structures and commercial enterprises.
Page 12: How Threats Spread
Internet Security 6.0 • Internal, including the actions of company staff and users of home PCs. Actions taken by this group could be deliberate or accidental. • The technological factor. This threat group is connected with technical problems – use of obsolete or poor-quality software and hardware to process information.
Page 13 Threats to Computer Security Intranet Your intranet is your internal network, specially designed for handling information within a company or a home network. An intranet is a unified space for storing, exchanging, and accessing information for all the computers on the network. This means that if one computer on the network is infected, the others are at great risk of infection.
Page 14: Types Of Threats
Internet Security 6.0 1.3. Types of Threats There are a vast number of threats to computer security today. This section will review the threats that are blocked by Kaspersky Internet Security. Worms This category of malicious programs spreads itself largely by exploiting vulnerabilities in computer operating systems.
Page 15 Threats to Computer Security traffic that the user cannot control. This can lead to a security breach and to direct financial losses. Spyware This software collects information about a particular user or organization without their knowledge. Spyware often escapes detection entirely. In general, the goal of spyware is to: •...
Page 16 Internet Security 6.0 Other dangerous programs These are programs created to, for instance, set up denial of service (DoS) attacks on remote servers, hack into other computers, and programs that are part of the development environment for malicious programs. These programs include hack tools, virus builders, vulnerability scanners, password-cracking programs, and other types of programs for cracking network resources or penetrating a system.
Page 17: Signs Of Infection
Threats to Computer Security Kaspersky Internet Security uses two methods for detecting and blocking these threat types: • Reactive – this method searches for malicious files using a threat signature database that is regularly updated. • Proactive – in contrast to reactive protection, this method is not based on analyzing code but on the system’s behavior.
Page 18: What To Do If You Suspect Infection
Internet Security 6.0 • The web browser (e.g., Microsoft Internet Explorer) freezes or behaves unexpectedly (for example, you cannot close the program window). In 90% of cases, these indirect systems are caused by malfunctions in hardware or software. Despite the fact that such symptoms rarely indicate infection, we recommend that, upon detecting them, you run a complete scan of your computer (see 5.2 on pg.
Page 19: Preventing Infection
Threats to Computer Security 1.6. Preventing Infection Not even the most reliable and deliberate measures can provide 100% protection against computer viruses and Trojans, but following such a set of rules significantly lowers the likelihood of virus attacks and the level of potential damage.
Page 20 Internet Security 6.0 once you download the threat signature updates, you will have plenty of time to protect yourself against the new virus. Rule No. 4: Do not trust virus hoaxes, such as prank programs and emails about infection threats.
Page 21: Chapter 2. Kaspersky Internet Security 6.0
Kaspersky Internet Security 6.0 heralds a new generation of data security products. What really sets Kaspersky Internet Security 6.0 apart from other software, even from other Kaspersky Lab products, is its multi-faceted approach to data security. 2.1. What’s new in Kaspersky Internet Security 6.0...
Page 22 Internet Security 6.0 • The program protects the computer against rootkits and dialers, blocks banner ads, popup windows, and malicious scripts downloaded from web pages, and detects phishing sites. • File Anti-Virus technology has been improved to lower the load on the central processor and disk subsystems and increase the speed of file scans using iChecker and iSwift.
Page 23 Kaspersky Internet Security 6.0 • The user notification function (see 17.11.1 on pg. 255) has been expanded for certain protection events You can select the method of notification by choosing from emails, sound notifications, log event. • The program now has the ability to scan traffic sent over SSL protocol.
Page 24: The Elements Of Kaspersky Internet Security Defense
Internet Security 6.0 2.2. The elements of Kaspersky Internet Security Defense Kaspersky Internet Security protection is designed with the sources of threats in mind. In other words, a separate program component deals with each threat, monitoring it and taking the necessary action to prevent malicious effects of that threat on the user's data.
Page 25 Kaspersky Internet Security 6.0 Mail Anti-Virus Email is widely used by hackers to spread malicious programs, and is one of the most common methods of spreading worms. This makes it extremely important to monitor all email. The Mail Anti-Virus component scans all incoming and outgoing email on your computer.
Page 26: Virus Scan Tasks
Internet Security 6.0 The Anti-Hacker component protects your computer while you are using the Internet and other networks. It monitors inbound and outbound connections, and scans ports and data packets. Anti-Spam Although not a direct threat to your computer, spam increases the load on email servers, fills up your email inbox, and wastes your time, thereby representing a business cost.
Page 27: Program Tools
Kaspersky Internet Security 6.0 2.2.3. Program tools Kaspersky Internet Security includes a number of support tools, which are designed to provide real-time software support, expanding the capabilities of the program and assisting you as you go. Updater In order to be prepared for a hacker attack, or to delete a virus or some other dangerous program, Kaspersky Internet Security needs to be kept up-to-date.
Page 28: Hardware And Software System Requirements
Kaspersky Internet Security by phone. 2.3. Hardware and software system requirements For Kaspersky Internet Security 6.0 to run properly, your computer must meet these minimum requirements: General Requirements: • 50 MB of free hard drive space •...
Page 29: Software Packages
Kaspersky Internet Security 6.0 • 128 MB of RAM Microsoft Windows Vista, Microsoft Windows Vista x64: • Intel Pentium 800 MHz 32-bit (x86)/ 64-bit (x64) faster (or compatible) • 512 MB of RAM 2.4. Software packages You can purchase the boxed version of Kaspersky Internet Security from our resellers, or download it from Internet shops, including the eStore section of www.kaspersky.com.
Page 30: Support For Registered Users
Internet Security 6.0 2.5. Support for registered users Kaspersky Lab provides its registered users with an array of services to make Kaspersky Internet Security more effective. When the program has been activated, you become a registered user and will have the following services available until the license expires: •...
Page 31: Chapter 3. Installing Kaspersky Internet Security 6.0
CHAPTER 3. INSTALLING KASPERSKY INTERNET SECURITY 6.0 You can fully or partially install Kaspersky Internet Security on your computer. If you choose partial installation, you can select the components to install or automatically install just anti-virus components (see Step 9 of the installation procedure).
Page 32 <Drive>\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0. You can specify a different folder by clicking the Browse button and selecting it in the folder selection window, or by entering the path to the folder in the field available.
Page 33 Installing Kaspersky Internet Security 6.0 Step 5. Selecting an installation type In this stage, you select how much of the program you want to install on your computer. You have three options: Complete. If you select this option, all Kaspersky Internet Security components will be installed.
Page 34 Kaspersky Anti-Virus® Personal Pro, we recommend saving the license key that they use before deleting them, as you can use it as your license key for Kaspersky Internet Security 6.0. We also recommend saving Quarantine and Backup objects. These objects will automatically be moved to the Kaspersky Internet Security Quarantine and Backup and you can continue working with them.
Page 35: Setup Wizard
Next to go on to the Setup Wizard. 3.2. Setup Wizard The Kaspersky Internet Security 6.0 Setup Wizard starts after the program has finished installation. It is designed to help you configure the initial program settings to conform to the features and uses of your computer.
Page 36: Activating The Program
Kaspersky Internet Security 6.0. Activate later. If you choose this option, you will skip the activation stage. Kaspersky Internet Security 6.0 will be installed on your computer and you will have access to all program features except updates (you can only...
Page 37: Entering The Activation Code
3.2.2.4. Selecting a license key file If you have a license key file for Kaspersky Internet Security 6.0, the Wizard will ask if you want to install it. If you do, use the Browse button and select the file path for the file with the .key extension in the file selection window.
Page 38: Completing Program Activation
Internet Security 6.0 3.2.2.5. Completing program activation The Setup Wizard will inform you that the program has been successfully activated. It will also display information on the license key installed: name of the person to whom the software is registered, license number, license type (full, beta-testing, demo, etc.), and the expiration date for the license.
Page 39: Configuring Update Settings
Installing Kaspersky Internet Security 6.0 command line settings, loading into program processes, and window hooks (these settings are disabled by default). 3.2.4. Configuring update settings Your computer’s security depends directly on updating the threat signatures and program modules regularly. In this window, the Setup Wizard asks you to select a mode for program updates, and to configure a schedule.
Page 40: Restricting Program Access
Internet Security 6.0 To automatically scan critical areas of your computer (system memory, Startup objects, boot sectors, Microsoft Windows system folders) for viruses, check the appropriate box. You can configure the schedule by clicking Change. The default setting for this automatic scan is disabled.
Page 41: Configuring Anti-Hacker Settings
Installing Kaspersky Internet Security 6.0 count application checksum files, and create a list of programs that can be trusted from a virus security perspective. For example, this list will automatically include all applications digitally signed by Microsoft. In the future, Kaspersky Internet Security will use information obtained while analyzing application structure to prevent malicious code from being imbedded in application modules.
Page 42 Internet Security 6.0 • blocking rules for applications and packet filtering that allow NetBios activity within this subnet Even if you have created an open access directory, the information in it will not be available to users from subnets with this status. Additionally, when you select this status, you cannot access files and printers on other computer networks.
Page 43: Creating A List Of Network Applications
Installing Kaspersky Internet Security 6.0 To delete a network from the list, click the Delete button. 3.2.8.2. Creating a list of network applications The Setup Wizard analyzes the software installed on your computer and creates a list of applications that use network connections.
Page 44: Upgrading From 5.0 To 6.0
Personal, or Kaspersky Anti-Virus Personal Pro is installed on your computer, you can upgrade it to Kaspersky Internet Security 6.0. After you start the Kaspersky Internet Security 6.0 installation program, you will be given the choice of first uninstalling the already installed version 5.0 of the product.
Page 45: Chapter 4. Program Interface
CHAPTER 4. PROGRAM INTERFACE Kaspersky Internet Security has a straightforward, user-friendly interface. This chapter will discuss its basic features: • System tray icon (see 4.1 on pg. 45) • Context menu (see 4.2 on pg. 46) • Main window (see 4.3 on pg. 47) •...
Page 46: The Context Menu
Internet Security 6.0 The Kaspersky Internet Security icon changes in relation to the operation being performed: Emails are being scanned. Scripts are being scanned. A file that you or some program is opening, saving, or running is being scanned.
Page 47: Main Program Window
Program interface Scan My Computer – launches a complete scan of your computer for dangerous objects. The files on all drives, including removable storage media, will be scanned. Virus scan… – selects objects and starts scanning them for viruses. The default list contains a number of files, such as the My Documents folder, the Startup folder, email databases, all the drives on your computer, etc.
Page 48 Internet Security 6.0 scans, work with quarantined files and backup copies, manage license keys, and so on. Figure 2. Kaspersky Internet Security main window After selecting a section or component in the left part of the window, you will find...
Page 49 Program interface We will now examine the elements in the main window’s navigation panel in greater detail. Main Window Section Purpose This window mostly informs you of the To view general information about protection status of your computer. The Kaspersky Internet Security Protection section is designed for exactly...
Page 50: Program Settings Window
Internet Security 6.0 Comments tips section This section offers tips on raising accompanies security level your application. computer. will also find comments on the application’s current performance settings. The links in this section guide you to take the actions...
Page 51 Program interface Figure 3. Kaspersky Internet Security settings window...
Page 52: Chapter 5. Getting Started
CHAPTER 5. GETTING STARTED One of Kaspersky Lab’s main goals in creating Kaspersky Internet Security was to provide optimum configuration for each of the program’s options. This makes it possible for a user with any level of computer literacy to quickly protect their computer straight after installation.
Page 53: Protection Indicators
Getting started 5.1.1. Protection indicators Protection status is determined by three indicators, each of which reflect a different aspect of your computer’s protection at any given moment, and indicate any problems in program settings and performance. Figure 4. Indicators reflecting the computer protection status Each indicator has three possible appearances: –...
Page 54 Internet Security 6.0 All threats have been neutralized Kaspersky Internet Security has treated all infected files and programs, and deleted those that could not be treated. Hacker attack has been blocked Kaspersky Internet Security has detected and blocked an attempted network attack.
Page 55 Getting started Signatures are obsolete Kaspersky Internet Security has not been updated for some time. You are putting the data at great risk. Update the program as soon as possible. To do so, use the Update link.. Signatures are corrupted or partially corrupted The threat signature files are fully or partially damaged.
Page 56: Kaspersky Internet Security Component Status
Internet Security 6.0 All protection components are disabled Protection is fully disabled. To restore the components, select Resume protection from the context menu by clicking on the system tray icon. Some protection components have malfunctioned One or more Kaspersky Internet Security components has internal errors.
Page 57: Program Performance Statistics
Getting started • File Anti-Virus : not running – file protection is not available for some reason. For example, you do not have a license key for the program. • File Anti-Virus : disabled (error) – the component encountered an error. If this occurs, contact Kaspersky Lab’s Technical Support.
Page 58: How To Scan Your Computer For Viruses
Internet Security 6.0 5.2. How to scan your computer for viruses After installation, the application will without fail inform you with a special notice in the lower left-hand part of the application window that the server has not yet been scanned and will recommend that you scan it for viruses immediately.
Page 59: How To Scan A File, Folder Or Disk For Viruses
Getting started When you do this, a scan of the selected areas will begin, and the details will be shown in a special window. When you click the Close button, the window with information about installation progress will be hidden. This will not stop the scan. 5.4.
Page 60: How To Train Anti-Spam
Internet Security 6.0 5.5. How to train Anti-Spam One step in getting started is training Anti-Spam, using your emails to filter out junk. Spam is junk email, although it is difficult to say what constitutes spam for a given user. While there are email categories which can be applied to spam with a high degree of accuracy and generality (for example, mass emailings, advertisements), such emails could belong in the inbox of some users.
Page 61: How To Update The Program
(Start→Programs→ Kaspersky Internet Security 6.0 →Modify, restore, or remove). If the application restore procedure does not help, contact Kaspersky Lab Technical Support. You may need to save a report on component operation or the entire application to file and send it to Technical Support for further study.
Page 62 Internet Security 6.0 To save the report to file: Select the component in the Protection section of the main window of the program and left-click anywhere in the Statistics box. Click the Save As button and in the window that opens specify the file name for the component's performance report.
Page 63: Chapter 6. Protection Management System
CHAPTER 6. PROTECTION MANAGEMENT SYSTEM Kaspersky Internet Security lets you multi-task computer security management: • Enable, disable, and pause (see 6.1 on pg. 63) the program • Define the types of dangerous programs (see 6.2 on pg. 67) against which Kaspersky Internet Security will protect your computer •...
Page 64: Pausing Protection
Internet Security 6.0 6.1.1. Pausing protection Pausing protection means temporarily disabling all the protection components that monitor the files on your computer, incoming and outgoing email, executable scripts, application behavior, and Anti-Hacker and Anti-Spam. To pause a Kaspersky Internet Security operation: Select Pause protection in the program’s context menu (see 4.2 on...
Page 65: Stopping Protection
Protection management system • Inactive (gray) names of the disabled components in the Protection section of the main window. • Inactive (gray) system tray icon. • The third protection indicator (see 5.1.1 on pg. 53) on your computer, which shows that No protection components are enabled.
Page 66: Restoring Protection On Your Computer
Internet Security 6.0 them. It is likely that the problem can be solved in another way, for example, by changing the security level. If, for example, you are working with a database that you are sure does not contain viruses, simply add its files as an exclusion (see 6.3 on pg.
Page 67: Shutting Down The Program
You can also resume protection automatically after restarting your operating system. To enable this feature, select the Protection section in the program settings window and check Start Kaspersky Internet Security 6.0 at startup. 6.2. Types of programs to be monitored Kaspersky Internet Security protects you from various types of malicious programs.
Page 68: Creating A Trusted Zone
Internet Security 6.0 To choose what malicious programs Kaspersky Internet Security will protect you from, select the Protection section in the program settings window (see 4.4 on pg. 50). The Malware categories box contains threat types: Viruses, worms, Trojans, and hacker tools. This group combines the most common and dangerous categories of malicious programs.
Page 69: Exclusion Rules
Protection management system Warning! Excluded objects are not subject to scans when the disk or folder where they are located are scanned. However, if you select that object in particular, the exclusion rule will not apply. In order to create an exclusion list, Open the Kaspersky Internet Security settings window and select the Protection section.
Page 70 Internet Security 6.0 You can exclude files of certain formats from the scan, use a file mask, or exclude a certain area, such as a folder or a program, program processes, or objects according to their Virus Encyclopedia classification.\ The classification is the status that Kaspersky Internet Security assigns to an object during the scan.
Page 71 Protection management system Figure 9. Creating an exclusion rule If you check both boxes at once, a rule will be created for that object with a certain Virus Encyclopedia classification. In such a case, the following rules apply: • If you specify a certain file as the Object and a certain status in the Verdict section, the file specified will only be excluded if it is classified as the threat selected during the scan.
Page 72 Internet Security 6.0 You can add advanced settings for the following verdicts, among others: Invader (injects into program processes). For this verdict, you can give a name, mask, or complete path to the object being injected into (for example, a .dll file) as an additional exclusion condition.
Page 73 Protection management system Figure 10. Dangerous object detection notification In the window that opens, be sure that all the exclusion rule settings match your needs. The program will fill in the object name and threat type automatically, based on information from the notification. To create the rule, click OK.
Page 74: Trusted Applications
Internet Security 6.0 Figure 11. Creating an exclusion rule from a report 6.3.2. Trusted applications You can only exclude trusted applications from the scan in Kaspersky Internet Security installed computer running Microsoft Windows 4.0/2000/XP/Vista. Kaspersky Internet Security can create a list of trusted applications, that need not have their file and network activity monitored, suspicious or otherwise.
Page 75 Protection management system In addition, some actions classified as dangerous are perfectly normal features for a number of programs. For example, keyboard layout toggling programs regularly intercept text entered on your keyboard. To accommodate such programs and stop monitoring their activity, you are advised to add them to the trusted application list.
Page 76 Internet Security 6.0 To add a program to the trusted application list: 1. Click the Add button on the right-hand part of the window. 2. In the Trusted Applications window (see fig. 13) that opens, select the application using the Browse button. A context menu will open,...
Page 77: Starting Virus Scan And Update Tasks Under Another Profile
Note that this feature is unavailable in Microsoft Windows 98/МЕ. Kaspersky Internet Security 6.0 has a feature that can start scan tasks under another user profile. This feature is by default disabled, and tasks are run under the profile under which you are logged into the system.
Page 78: Configuring Virus Scan And Update Schedules
Internet Security 6.0 Figure 14. Configuring an update task from another profile 6.5. Configuring virus scan and update schedules You can run virus scan and update tasks manually, or automatically using a schedule. Virus scans preinstalled with the application are started automatically according to a selected schedule, except for startup items which are scanned every time you start your computer.
Page 79 Protection management system To have tasks start according to a schedule, check the automatic task start box in the Run Mode section. You can edit the times for starting the scan task in the Schedule window (see fig. Figure 15), that opens when you click Change. Figure 15.
Page 80: Power Options
Internet Security 6.0 • Select Every weekday if you want the scan to run daily, Monday through Friday. • Select Every weekend for the task to run on Saturdays and Sundays only. In addition to the frequency, specify what time of day or night the scan task will run in the Time field.
Page 81: Advanced Disinfection Technology
Protection management system Note that this setting can be configured individually for every virus scan task. If you choose to do this, the configuration for a specific task has a higher priority. Figure 16. Configuring power settings To configure power settings for virus scan tasks: Select the Protection section of the main program window and click the Settings link.
Page 82: Chapter 7. File Anti-Virus
CHAPTER 7. FILE ANTI-VIRUS The Kaspersky Internet Security component that protect your computer files against infection is called File Anti-Virus. It loads when you start your operating system, runs in your computer’s RAM, and scans all files opened, saved, or executed.
Page 83 File Anti-Virus • High – the level with the most comprehensive monitoring of files opened, saved, or run. • Recommended – Kaspersky Lab recommends this settings level. It will scan the following object categories: • Programs and files by contents •...
Page 84: Configuring File Anti-Virus
Internet Security 6.0 Based on the source data, one can conclude that you have a fairly high risk of being infected by a malicious program. The size and type of the files being handled is quite varied and skipping them in the scan would put your data at risk.
Page 85 File Anti-Virus The file types scanned are defined in the File types section (see fig. Figure 18). Select one of the three options: Scan all files. With this option selected, all file system objects that are opened, run, or saved will be scanned without exceptions. Scan programs and documents (by content).
Page 86 Internet Security 6.0 Figure 18. Selecting the file types scanned for viruses Tip: Do not forget that someone could send a virus to your computer with an extension (e.g. .txt) that is actually an executable file renamed as a .txt file. If you select Scan Programs and documents (by extension), the scan would skip such a file.
Page 87: Defining Protection Scope
File Anti-Virus You can select and scan all files, or only new files, for each type of compound file. To do so, left-click the link next to the name of the object to toggle its value. If the Productivity section has been set up only to scan new and modified files, you will not be able to select the type of compound files to be scanned.
Page 88: Configuring Advanced Settings
Internet Security 6.0 Figure 19. Creating a protected zone You can use masks when you add objects for scanning. Note that you can only enter masks will absolute paths to objects: • C:\dir\*.* or C:\dir\* or C:\dir\ - all files in folder C:\dir\ •...
Page 89 File Anti-Virus To configure additional File Anti-Virus settings: 1. Select File Anti-Virus in the main window and go to the component settings window by clicking the Settings link. 2. Click the Customize button and select the Additional tab in the window that opens (see fig.
Page 90 Internet Security 6.0 • On execution – only scans files when an attempt is made to run them. You might need to pause File Anti-Virus when performing tasks that require significant operating system resources. To lower the load and ensure that the user regains access to files quickly, we recommend configuring the component to disable at a certain time or while certain programs are used.
Page 91: Restoring Default File Anti-Virus Settings
File Anti-Virus 7.2.4. Restoring default File Anti-Virus settings When configuring File Anti-Virus, you can always return to the default performance settings. Kaspersky Lab considers them to be optimal and has combined them in the Recommended security level. To restore the default File Anti-Virus settings: Select File Anti-Virus in the main window and go to the component settings window by clicking Settings.
Page 92 Internet Security 6.0 Figure 23. Possible File Anti-Virus actions with dangerous objects If the action selected was When it detects a dangerous object File Anti-Virus issues warning message Prompt for action containing information about what malicious program has infected or potentially infected the file, and gives you a choice of actions.
Page 93: Postponed Disinfection
File Anti-Virus 7.3. Postponed disinfection If you select Block access as the action for malicious programs, the objects will not be treated and access to them will be blocked. If the actions selected were Block access Disinfect all untreated objects will also be blocked. In order to regain access to blocked objects, they must be disinfected.
Page 94: Chapter 8. Mail Anti-Virus
CHAPTER 8. MAIL ANTI-VIRUS Mail Anti-Virus is Kaspersky Internet Security’s component to prevent incoming and outgoing email from transferring dangerous objects. It starts running when the operating system boots up, stays active in your system memory, and scans all email on protocols POP3, SMTP, IMAP, MAPI and NNTP, as well as encryption for POP3 and IMAP (SSL).
Page 95: Selecting An Email Security Level
Mail Anti-Virus • If no malicious code is discovered in the email, it is immediately made available again to the user. A special plug-in (see 8.2.2 on pg. 99) is provided for Microsoft Office Outlook that can configure email scans more exactly. If you use The Bat!, Kaspersky Internet Security can be used in conjunction with other anti-virus applications.
Page 96: Configuring Mail Anti-Virus
Internet Security 6.0 You can raise or lower the email security level by selecting the level you want, or editing the settings for the current level. To change the security level: Adjust the sliders. By altering the security level, you define the ratio of scan speed to the total number of objects scanned: the fewer email objects are scanned for dangerous objects, the higher the scan speed.
Page 97: Selecting A Protected Email Group
Mail Anti-Virus Warning! This version of Kaspersky Internet Security does not provide Mail Anti- Virus plug-ins for 64-bit mail clients. • settings that define actions for dangerous email objects (see 8.2.4 on pg. 103) The following sections examine these settings in detail. 8.2.1.
Page 98 Internet Security 6.0 Figure 25. Mail Anti-Virus settings In addition to selecting an email group, you can specify whether archived attachments should be scanned, and also set the maximum amount of time for scanning a single email object. These settings are configured in the Restrictions section.
Page 99: Configuring Email Processing In Microsoft Office Outlook
Mail Anti-Virus You can find more information about filtered attachment types in section A.1 on pg. 282. By using the filter, you increase your computer’s security, since malicious programs spread through email most frequently as attachments. By renaming or deleting certain attachment types, you protect your computer against automatically opening attachments when a message is received.
Page 100 Internet Security 6.0 Figure 26. Configuring Mail Anti-Virus settings in Microsoft Office Outlook Select an email scan mode: Scan upon receiving – analyzes each email when it enters your Inbox. Scan when read – scans each email when you open it to read it.
Page 101: Configuring Email Scans In The Bat
Mail Anti-Virus Warning! If you use Microsoft Office Outlook to connect to your email service on IMAP, you are advised not to use Scan upon receiving mode. Enabling this mode will lead to emails being copied to the local computer when delivered to the server, and consequently the main advantage of IMAP is lost –...
Page 102 Internet Security 6.0 Figure 27. Configuring email scans in The Bat! You must decide: • What group of emails will be scanned for viruses (incoming, outgoing) • At what point in time email objects will be scanned for viruses (when opening an email or before saving one to disk) •...
Page 103: Restoring Default Mail Anti-Virus Settings
Mail Anti-Virus Warning! The Bat! does not mark emails containing dangerous objects with special headers. 8.2.4. Restoring default Mail Anti-Virus settings When configuring Mail Anti-Virus, you can always return to the default performance settings, which Kaspersky Lab considers to be optimal and has combined in the Recommended security level.
Page 104 Internet Security 6.0 Figure 28. Selecting actions for dangerous email objects Let’s look at the possible options for processing dangerous email objects in more detail. If the action selected was When a dangerous object is detected Mail Anti-Virus will...
Page 105 Mail Anti-Virus infected will be moved to Quarantine. Block access When E-Mail Anti-Virus detects an infected or potentially infected object, it deletes it Disinfect without informing the user. Delete When disinfecting or deleting an object, Kaspersky Internet Security creates a backup copy (see 17.2 on pg.
Page 106: Chapter 9. Web Anti-Virus
CHAPTER 9. WEB ANTI-VIRUS Whenever you use the Internet, information stored on your computer is open to the risk of infection by dangerous programs, which can penetrate your computer when you read an article on the Internet. Web Anti-Virus is Kaspersky Internet Security’s component for guarding your computer during Internet use.
Page 107: Selecting The Web Security Level
Web Anti-Virus malicious code. Malicious objects are detected using both the threat signatures included in Kaspersky Internet Security, and the heuristic algorithm. The signatures contain descriptions of all malicious programs known to date, and methods for neutralizing them. The heuristic algorithm can detect new viruses that have not yet been entered in the threat signatures.
Page 108 Internet Security 6.0 Figure 29. Selecting a web security level By default, the protection level is set to Recommended. You can raise or lower the security level by selecting the level you want or editing the settings for the current level.
Page 109: Configuring Web Anti-Virus
Web Anti-Virus 9.2. Configuring Web Anti-Virus Web Anti-Virus scans all objects that are loaded on your computer via the HTTP protocol, and monitors any WSH scripts (JavaScript or Visual Basic Scripts, etc.) that are run. You can configure Web Anti-Virus settings to increase component operation speed, specifically: •...
Page 110 Internet Security 6.0 interrupting the connection without reducing security while using the Internet. To select the scanning algorithm that Web Anti-Virus will use: Click on the Customize button in the Web Anti-Virus configuration window. In the window that opens (see fig. 30), select the option you want in the Scan method section.
Page 111: Creating A Trusted Address List
Web Anti-Virus 9.2.2. Creating a trusted address list You have the option of creating a list of trusted addresses whose contents you fully trust. Web Anti-Virus will not analyze data from those addresses for dangerous objects. This option can be used in cases where Web Anti-Virus repeatedly blocks the download of a particular file.
Page 112: Selecting Responses To Dangerous Objects
Internet Security 6.0 To restore the default Web Anti-Virus settings: Select Web Anti-Virus in the main window and go to the component settings window by clicking Settings. Click the Default button in the Security Level section. 9.2.4. Selecting responses to dangerous...
Page 113 Web Anti-Virus Web Anti-Virus always blocks dangerous scripts, and issues popup messages that inform the user of the action taken. You cannot change the response to a dangerous script, other than by disabling the script scanning module.
Page 114: Chapter 10. Proactive Defense
CHAPTER 10. PROACTIVE DEFENSE Warning! This version of the application does not have the proactive defense component: There are no Proactive Defense components in this version of the application (Application Integrity Control and Office Guard) for computers running Microsoft Windows XP Professional x64 Edition or computers running Microsoft Windows Vista or Microsoft Windows Vista x64.
Page 115 Proactive Defense The preventative technologies provided by Kaspersky Internet Security Proactive Defense do not require as much time as the reactive technique, and neutralize new threats before they harm your computer. How is this done? In contrast with reactive technologies, which analyze code using a threat signature database, preventative technologies recognize a new threat on your computer by a sequence of actions executed by a certain program.
Page 116 Internet Security 6.0 Proactive Defense tracks and blocks all dangerous operations by using the set of rules together with a list of excluded applications. Proactive Defense also tracks all macros executed in Microsoft Office applications. In operation, Proactive Defense uses a set of rules included with the program, as well as rules created by the user while using the program.
Page 117: Proactive Defense Settings
Proactive Defense taken. You must accept the decision, block, or allow this activity on your own. You can create a rule for the activity and cancel the actions taken in the system. 10.1. Proactive Defense settings The categories of settings (see fig. 32) for the Proactive Defense component are as follows: •...
Page 118 Internet Security 6.0 Figure 32. Proactive Defense settings • Whether system registry changes are monitored By default, Enable Registry Guard is checked, which means Kaspersky Internet Security analyzes all attempts to make changes to the Microsoft Windows system registry keys.
Page 119: Activity Control Rules
Proactive Defense This Proactive Defense component is not available under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista or Microsoft Windows Vista x64. You can configure exclusions (see 6.3.1 on pg. 69) for Proactive Defense modules and create a trusted application list (see 6.3.2 on pg. 74). The following sections examine these aspects in more detail.
Page 120 Internet Security 6.0 • Appearance of masked processes. A rootkit is a set of programs used to mask malicious programs and their processes in the system. Kaspersky Internet Security analyzes the operating system for masked processes. • Invaders. This activity is used in attempts to read passwords and other confidential information displayed in operating system dialog boxes.
Page 121 Proactive Defense The types of activity that Proactive Defense monitors are listed in the Settings: Application Activity Analyzer window (see fig. 33). Figure 33. Configuring application activity control To edit a dangerous activity monitoring rule, select it from the list and assign the rule settings in the lower part of the tab: •...
Page 122: Application Integrity Control
Internet Security 6.0 If you are running one of the operating systems listed above, only one type of system event is controlled, dangerous activity (behavior analysis). If you want Kaspersky Internet Security to monitor modifications of system user accounts in...
Page 123: Configuring Application Integrity Control Rules
Proactive Defense Security comes with a list of critical applications, each of which has its own monitoring rule to control application activity. You can extend this list of critical applications, and delete or edit the rules for the applications on the list provided. Besides the list of critical applications, there is a set of trusted modules allowed to be opened in all controlled applications.
Page 124 Internet Security 6.0 specify whether to log component activity in the component report. The default settings allow most critical operations are allowed to start, be edited, or be started as child processes. To add an application to the critical application list and create a rule for it: Click Add on the Critical applications tab.
Page 125: Creating A List Of Shared Components
Proactive Defense You can use any of these actions as a response: allow, prompt for action, or block. Left-click on the action link until it reaches the value that you need. • Choose if you want to generate a report about the activity, by clicking log / do not log.
Page 126: Aspersky Internet Security
Internet Security 6.0 Figure 36. Configuring the trusted module list If you install programs on your computer, you can ensure that those with modules signed by Microsoft are automatically added to the trusted modules list. To do this, check Automatically add components signed by Microsoft Corporation to this list.
Page 127 Proactive Defense run is traced for dangerous behavior, and if suspicious activity is detected, Proactive Defense allows or blocks the macro. Example: The macro PDFMaker is a plug-in for the Adobe Acrobat toolbar in Microsoft Office Word that can create a .pdf file out of any document. Proactive Defense classifies embedding elements in software as a dangerous action.
Page 128: Registry Guard
Internet Security 6.0 Figure 37. Configuring Office Guard settings For Kaspersky Internet Security not to block the macro: uncheck the box next to that action. The program will no longer consider that behavior dangerous and Proactive Defense will not process it.
Page 129 Proactive Defense Proactive Defense can detect unknown threats that attempt to edit registry keys on your computer, through the Registry Guard module. You can enable it by checking the box Enable Registry Guard in the Proactive Defense settings window. The special Proactive Defense module traces modifications of system registry files.
Page 130: Selecting Registry Keys For Creating A Rule
Internet Security 6.0 Figure 38. Controlled registry key groups You can create your own groups of monitored system registry files. To do so, click Add in the file group window. Take these steps in the window that opens: Enter the name of the new file group for monitoring system registry keys in the Group name field.
Page 131: Creating A Registry Guard Rule
Proactive Defense Specify the file or group of files, to which you want the rule to apply in the Value field. Check Including subkeys for the rule to apply to all files attached to the listed registry file. Figure 39. Adding controlled registry keys You only need to use masks with an asterisk and a question mark at the same time as the Include subkeys feature if the wildcards are used in the name of the key.
Page 132 Internet Security 6.0 To create a rule for your selected system registry files: Click New on the Rules tab. The new rule will be added at the top of the list (see fig. 40). Figure 40. Creating an registry key monitoring rule...
Page 133 Proactive Defense You can use any of these actions as a response: allow, prompt for action, and block. Left-click on the link with the action until it reaches the value that you need. • Choose if you want to generate a report on the operation carried out, by clicking on the log / do not log link.
Page 134: Chapter 11. Anti-Spy
CHAPTER 11. ANTI-SPY The component of Kaspersky Internet Security which protects you against all types of malware is called Anti-Spy. Recently, malware has increasingly included programs that aim to: • Steal your confidential information, including passwords, credit card numbers, important documents, etc. •...
Page 135 To integrate Anti-Banner into Opera, add the following line to standard_menu.ini, section [Image Link Popup Menu]: Item, "New banner" = Copy image address & Execute program, "<drive>\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0 for Workstation\opera_banner_deny.vbs", "//nologo %C" • Anti-Dialer protects computers against attempts to make unauthorized modem connections.
Page 136: Configuring Anti-Spy
Internet Security 6.0 Dialers generally establish connections with specific websites, such as sites with pornographic material. Then you are forced to pay for expensive traffic that you never wanted or used. If you want to exclude a number from the blocked list, you must place it on the trusted numbers list (see 11.1.3 on pg.
Page 137 Anti-Spy Specify if addresses in the Internet Explorer trusted zone or addresses on your local area network will be excluded from the scan. The program considers them trusted by default and does not block pop-up windows from these addresses. Tip: When entering a trusted address mask, you can use the characters * or ?.
Page 138: Banner Ad Blocking List
Internet Security 6.0 You can also unblock windows through Internet Explorer if you have Windows XP Service Pack 2. To do so, use the context menu that you can open over the program icon that flashes in the bottom corner of the browser when popup windows are blocked.
Page 139: Banner Ad White Lists
Anti-Spy Figure 42. Blocked banner list The list of standard blocked masks cannot be edited. If you do not want to block a banner covered by a standard mask, uncheck the box next to the mask. To analyze banner ads that do not match the masks from the standard list, check Use heuristic analysis methods.
Page 140: Banner Ad Black Lists
Internet Security 6.0 Add the allowed banner mask with the Add button. You can either specify the whole, or a partial, URL for the banner or mask. In the latter case, when a banner attempts to load, the program will scan its address for the mask.
Page 141 Anti-Spy Whenever a secret connection is attempted, the program notifies you by issuing a special message on the screen, which prompts the user to either allow or block the phone call. If you did not initialize the connection, it is very probable that it was configured by a malicious program.
Page 142: Chapter 12. Anti-Hacker
CHAPTER 12. ANTI-HACKER Today computers have become quite vulnerable when connected to the Internet. They are subjected both to virus infections and to other types of attacks that take advantage of vulnerabilities in operating systems and software. The Kaspersky Internet Security Anti-Hacker component ensures your security on local networks and the Internet, by protecting your computer at the network and application levels, and masking your computer on the net to prevent attacks.
Page 143 Anti-Hacker amount of time, and the user receives a message stating that his computer was subjected to an attempted network attack. The Intrusion Detection System uses a special network attack database in analysis, which Kaspersky Lab adds to regularly, and is updated together with the threat signatures.
Page 144: Selecting An Anti-Hacker Security Level
Internet Security 6.0 12.1. Selecting an Anti-Hacker security level When you use the network, Kaspersky Internet Security protects your computer at one of the following levels (see fig. 44): Block all – blocks any network activity on your computer. If you select this security level, you will not be able to use any network resources or programs that require a network connection.
Page 145: Application Rules
Anti-Hacker the future Anti-Hacker will apply the new rule for that connection without warning you on screen. Low Security – blocks only banned network activity, using block rules that either were installed by with the program or that you created. However, if there is a allow rule for an application with a higher priority than the block rule, the program will allow the network activity of that application.
Page 146 Internet Security 6.0 Figure 45. List of rules for the applications installed on a computer The behavior of the buttons in this window depends on how the rules are grouped, that is, whether the checkbox Group the rules by application is checked or not.
Page 147: Creating Rules Manually
Anti-Hacker • General list of rules If Group the rules by application is unchecked, then each line in the general list displays complete information for a rule: the application name and the command for starting it, whether to allow or block network activity, the data transfer protocol, the direction of data (inbound or outbound), and other information.
Page 148 Internet Security 6.0 Check Group the rules by application on the Rules for applications tab, if not checked already, and click the Add button. In the window that opens, select the executable file of the application for which you want to create a rule. A window with rules for the application selected will open.
Page 149: Packet Filtering Rules
Anti-Hacker Edit the rules created for the application, if necessary. You can modify actions, network connection direction, remote address, ports (local and remote), and the time range for the rule. If you want the rule to apply to a program opened with certain command line settings, check Command line and enter the string in the field to the right.
Page 150 Internet Security 6.0 Figure 47. List of packet filtering rules The following information is given for every packet filtering rule: name of the rule, the action (i.e. whether to allow or block the packet transfer), the data transfer protocol, the direction of the packet, and the network connection settings used to transfer the packet.
Page 151: Fine-Tuning Rules For Applications And Packet Filtering
Anti-Hacker 12.4. Fine-tuning rules for applications and packet filtering The New rule window for advanced rule settings is practically identical for applications and data packets (see Figure 48). Figure 48. Creating a new application rule Step One: • Enter a name for the rule. The program uses a default name that you should replace.
Page 152 Internet Security 6.0 Note that when you a create a blocking rule in Anti-Hacker training mode, information about the rule being applied will automatically be entered in the report. If you do not need to record this information, deselect the Log event checkbox in the settings for that rule.
Page 153 Anti-Hacker If you selected a remote address as a network connection property, left-click specify the address and enter the IP address for the rule in the window that opens. You can use one type of IP address or several types for one rule. Several addresses of each type can be specified.
Page 154: Ranking Rule Priority
Internet Security 6.0 (see 12.10 You can create a rule from the network activity detection alert window on pg. 161). 12.5. Ranking rule priority Each rule created for an program or a data packet has a priority ranking. When other conditions are equal (for example, the network connection settings), the action applied to the program activity will be the rule with the higher priority.
Page 155 Anti-Hacker If Anti-Hacker Training Mode is enabled, a window will open every time your computer connects to a new zone, displaying a basic description about it. You must assign a status to the zone, and network activity will be allowed based on that status.
Page 156 Internet Security 6.0 We do not recommend using Stealth Mode if the computer is being used as a server (for example, an email or HTTP server), as the computers that connect to the server will not see it as connected.
Page 157: Firewall Mode
Anti-Hacker 12.7. Firewall mode The Firewall mode (see Figure 51) controls Anti-Hacker compatibility with programs that establish multiple network connections, and to network games. Maximum compatibility – the Firewall ensures that Anti-Hacker will work optimally with programs that establish multiple network connections, for example, file-sharing network clients.
Page 158: Configuring The Intrusion Detection System
Internet Security 6.0 Select the Additional tab in the window that opens and select the mode you want, Maximum Compatibility or Maximum Speed. Changes to the Firewall settings will not take effect until after Anti-Hacker has been restarted. 12.8. Configuring the Intrusion...
Page 159: List Of Network Attacks Detected
Anti-Hacker 12.9. List of network attacks detected There are currently a multitude of network attacks that utilize operating system vulnerabilities and other software, system or otherwise, installed on your computer. Malefactors are constantly perfecting attack methods, learning how to steal confidential information, making your system malfunction, or take over your computer to use it as part of a zombie network for carrying out new attacks.
Page 160 Internet Security 6.0 a cycle, which intensifies the load on the processor and can end with some operating systems crashing. • ICMP Flood sends a large number of ICMP packets to your computer. The attack leads to the computer being forced to reply to each inbound packet, which seriously weighs down the processor.
Page 161: Blocking And Allowing Network Activity
Anti-Hacker Messenger, and system components that can be accessed through the network – DCom, SMB, Wins, LSASS, IIS5. Anti-Hacker protects your computer from attacks that use the following known software vulnerabilities (this list of vulnerabilities is cited with the Microsoft Knowledge Base numbering system): (MS03-026) DCOM RPC Vulnerability(Lovesan worm) (MS03-043) Microsoft Messenger Service Buffer Overrun (MS03-051) Microsoft Frontpage 2000 Server Extensions Buffer Overflow...
Page 162 Internet Security 6.0 For example, after opening Microsoft Office Outlook, it downloads your email from a remote Exchange server. To display your Inbox, the program connects to the email server. Anti-Hacker always tracks this kind of network activity. A message will appear on the screen (see fig.
Page 163 Anti-Hacker To perform the action this time only: uncheck Create a rule and click the button with the name of the action, e.g. Allow. To perform the action you select automatically every time this activity is initiated on your computer: Check Create a rule.
Page 164: Chapter 13. Anti-Spam
CHAPTER 13. ANTI-SPAM The Kaspersky Internet Security component which detects spam, processes it according to a set of rules, and saves you time when using email, is called Anti- Spam. Anti-Spam uses the following method to determine whether an email is spam: The sender’s address is scanned for matches on black and white lists of addresses.
Page 165 Anti-Spam installed. This could include scanning for correctness of HTML tags, font size, or hidden characters. You can enable or disable each of these stages of the analysis. Anti-Spam exists as a plug-in for the following email clients: • Microsoft Office Outlook (see 13.3.9 on pg. 181) •...
Page 166: Selecting An Anti-Spam Sensitivity Level
Internet Security 6.0 13.1. Selecting an Anti-Spam sensitivity level Kaspersky Internet Security protects you from spam at one of the following levels (see fig. 54): Block all – strictest level of sensitivity, at which only messages containing phrases from the phrase white list (see 13.3.4.1 on pg.
Page 167: Training Anti-Spam
Anti-Spam Allow all – lowest sensitivity level. Only email that contains phrases from the phrase black list, or senders listed on the address black list, are marked as spam. At this level, email is only processed using the black list, and all other features all disabled.
Page 168: Training Wizard
Internet Security 6.0 13.2.1. Training Wizard The Training Wizard trains Anti-Spam by indicating which mailbox folders contain spam and which contain accepted email. To open the Training Wizard: Select Anti-Spam in the settings window. Click the Training Wizard button Training section of the settings window.
Page 169: Training Using Your Email Client
Anti-Spam Warning! Anti-Spam will only train itself with outgoing emails sent via MAPI protocol if you check Scan when sending in the Microsoft Office Outlook Mail Anti-Virus plug-in (see 13.3.9 on pg. 181). 13.2.3. Training using your email client To training while using your mailbox, you use special buttons on your email client's tools panel.
Page 170 Internet Security 6.0 Left-click in the Statistics box (see fig. 55). The component’s reports can help you make a conclusion about the accuracy of its configuration, and, if necessary, make certain corrections to Anti-Spam. To mark a certain email as spam or not spam: Select it from the report list on the Events tab, and use the Actions button.
Page 171: Configuring Anti-Spam
Anti-Spam 13.3. Configuring Anti-Spam Fine-tuning Anti-Spam is essential for the spam security feature. All settings for component operation are located in the Kaspersky Internet Security settings window and allow you to: • Determine the particulars of operation of Anti-Spam (see 13.3.1 on pg.
Page 172: Selecting Spam Filtration Technologies
Internet Security 6.0 Figure 56. Configuring scan settings 13.3.2. Selecting spam filtration technologies Emails are scanned for spam using state-of-the-art filtration technologies: • iBayes, based on the Bayes theorem, analyzes email text to detect phrases that mark it as spam. The analysis uses the statistics obtained by training Anti-Spam (see 13.2 on pg.
Page 173: Defining Spam And Potential Spam Factors
Anti-Spam Figure 57. Configuring spam recognition Uncheck the boxes next to the filtration technologies that you do not want to use for detecting spam. 13.3.3. Defining spam and potential spam factors Kaspersky Lab specialists have optimally configured Anti-Spam to recognize spam and probable spam.
Page 174: Creating White And Black Lists Manually
Internet Security 6.0 The probable spam factor defines the likelihood that the email will be classified as probable spam. If you are using the Recommended level, any email has between a 50% and 59% chance of being considered probable spam. Email that, after being scanned, has a likelihood of less than 50% will be considered accepted email.
Page 175: White Lists For Addresses And Phrases
Anti-Spam 13.3.4.1. White lists for addresses and phrases The white list contains key phrases from emails that you marked as accepted, and addresses of trusted senders who would not send spam. The white list is filled manually, and the list of senders’ addresses is done automatically while training the Anti-Spam component.
Page 176: Black Lists For Addresses And Phrases
Internet Security 6.0 You can assign both addresses and address masks in the address list. When entering an address, the use of capitals is ignored. Let’s look at some examples of address masks: • ivanov@test.ru – emails from this address will always be classified as accepted.
Page 177 Anti-Spam To fill the black list: Select Anti-Spam in the Kaspersky Internet Security settings window. Click the Settings button in the right-hand part of the settings window. Open the Black list tab (see fig. 59). The tab is divided into two sections: the upper portion contains the addresses of spam senders, and the lower contains key phrases from such emails.
Page 178: Additional Spam Filtration Features
Internet Security 6.0 To disable the use of a certain address or phrase as attributes of spam, it can be deleted using the Delete button, or the box alongside the text can be unchecked to disable them. 13.3.5. Additional spam filtration features...
Page 179: Creating The List Of Trusted Addresses
Anti-Spam To use an additional filtration indicator, check the flag beside it. Each of the factors also requires that you set a spam factor (in percentage points) that defines the likelihood that an email will be classified as spam. The default value for the spam factor is 80%.
Page 180: Actions For Spam
Internet Security 6.0 The rest of your email will be downloaded to your computer after you close the Mail Dispatcher window. Sometimes it can be difficult to decide whether to accept a certain email, judging only by the sender and the email's subject line. In such cases, Mail Dispatcher gives you more information by downloading the email’s headers.
Page 181: Configuring Spam Processing In Microsoft Office Outlook
Anti-Spam 13.3.9. Configuring spam processing in Microsoft Office Outlook Note that there is no spam plug-in for Microsoft Office Outlook if you are running the application under Windows 9x. This option is only supported for the 32-bit build of Microsoft Office Outlook for computers running Microsoft Windows XP Professional x64 Edition and Microsoft Windows Vista x64.
Page 182 Internet Security 6.0 It opens automatically when the email client is first opened after installing the program and asks if you to configure spam processing. You can assign the following processing rules for both spam and potential spam: Move to folder – spam is moved to the specified folder.
Page 183 Anti-Spam The Rule Wizard will guide you through the following windows and steps: Step One You can choose to create a rule from scratch or from a template. Select Create new rule and select Apply this rule after the message arrives.
Page 184: Configuring Spam Processing In Microsoft Outlook Express
Internet Security 6.0 13.3.10. Configuring spam processing in Microsoft Outlook Express Email that is classified by Anti-Spam as spam or potential spam is by default marked with special markings [!! SPAM] or [?? Probable Spam] in the Subject line.
Page 185: Configuring Spam Processing In The Bat
Anti-Spam To assign these rules, select the appropriate value from the dropdown list in the Spam or Probable Spam section. 13.3.11. Configuring spam processing in The Bat! This option is only supported for the 32-bit build of The Bat! for computers running Microsoft Windows XP Professional x64 Edition and Microsoft Windows Vista x64.
Page 186 Internet Security 6.0 Figure 63. configuring spam recognition and processing in The Bat! Warning! After processing an email, Kaspersky Internet Security assigns a spam or potential spam status to the email based on a factor (see 13.3.3 on pg.
Page 187: Chapter 14. Scanning For Viruses On Your Computer
CHAPTER 14. SCANNING FOR VIRUSES ON YOUR COMPUTER One of the important aspects of protecting your computer is scanning user- defined areas for viruses. Kaspersky Internet Security can scan individual items – files, folders, disks, plug-and-play devices – or the entire computer. Scanning for viruses stops malicious code which has gone undetected by protection components from spreading.
Page 188: Managing Virus Scan Tasks
Internet Security 6.0 14.1. Managing virus scan tasks You can run a virus scan task manually or automatically using a schedule (see 6.5 on pg. 78). To start a virus scan task manually: Check the box beside the task name in the Scan section of the main program window, and click the button on the status bar.
Page 189 Scanning for viruses on your computer Object scan lists are already made for default tasks created when you install the program. When you create your own tasks or select an object for a virus scan task, you can create a list of objects. You can add to or edit an object scan list using the buttons to the right of the list.
Page 190: Creating Virus Scan Tasks
Internet Security 6.0 14.3. Creating virus scan tasks To scan objects on your computer for viruses, you can use built-in scan tasks included with the program and create your own tasks. New scan tasks are created using existing tasks that a template.
Page 191: Configuring Virus Scan Tasks
Scanning for viruses on your computer 14.4. Configuring virus scan tasks The methods are used to scan objects on your computer are determined by the properties assigned for each task. To configure task settings: Select the task name in the Scan of the main window. Right-click on the task name to open the context menu, or click the Actions button on the right of the list of scan objects, and select Settings.
Page 192: Specifying The Types Of Objects To Scan
Internet Security 6.0 Figure 66. Selecting a virus scan security level By default, the File Anti-Virus security level is set to Recommended. You can raise or lower the scan security level by selecting the level you want or changing the settings for the current level.
Page 193 Scanning for viruses on your computer Note: There are files in which viruses cannot insert themselves, since the contents of such files does not contain anything for the virus to hook onto. An example would be .txt files. And vice versa, there are file formats that contain or can contain executable code.
Page 194 Internet Security 6.0 In the Productivity section, you can specify that only new files and those that have been modified since the previous scan or new files should be scanned for viruses. This mode noticeably reduces scan time and increases the program’s performance speed.
Page 195: Restoring Default Scan Settings
Scanning for viruses on your computer Please note, when scanning password-protected email databases: • Kaspersky Internet Security detects malicious code in Microsoft Office Outlook 2000 databases but does not disinfect them; • Kaspersky Internet Security does not support scans for malicious code in Microsoft Office Outlook 2003 protected databases.
Page 196 Internet Security 6.0 Figure 68. Selecting actions for dangerous objects If the action selected was When detects malicious potentially infected object The program does not process the objects Prompt for action when the until the end of the scan. When the scan is...
Page 197: Advanced Virus Scan Options
Scanning for viruses on your computer Do not prompt for action The program attempts to treat the object detected without asking the user for Disinfect confirmation. If the object cannot be Delete if disinfection disinfected, it is deleted. fails Do not prompt for action The program automatically deletes the object Disinfect...
Page 198 Internet Security 6.0 Enable iChecker technology – uses technology that can increase the scan speed by excluding certain objects from the scan. An object is excluded from the scan using a special algorithm that takes into account the release date of the threat signatures, the date the object was last scanned, and modifications to scan settings.
Page 199: Setting Up Global Scan Settings For All Tasks
Scanning for viruses on your computer Show detected dangerous objects on the “Detected” report tab – display a list of threats detected during the scan on the Detected tab of the report (see 17.3.2 on pg. 229) window. Disabling this function may be appropriate for special scans, for example of text collections, to increase the scan speed.
Page 200: Chapter 15. Testing Kaspersky Internet Security Features
CHAPTER 15. TESTING KASPERSKY INTERNET SECURITY FEATURES After installing and configuring Kaspersky Internet Security, we recommend that you verify that settings and program operation are correct using a test virus and variations of it. 15.1. The EICAR test virus and its variations The test virus was specially developed by (The European Institute for...
Page 201 Testing Kaspersky Internet Security features Prefix Test virus status Corresponding action when the application processes object CORR– Corrupted. The application could access the object but could not scan it, since object corrupted (for example, the file structure is breached, or it is an invalid file format).
Page 202: Testing File Anti-Virus
Internet Security 6.0 The first column of the table contains the prefixes that need to be added to the beginning of the string for a standard test virus. The second column describes the status and reaction of Kaspersky Internet Security to various types of test virus.
Page 203: Testing Virus Scan Tasks
Testing Kaspersky Internet Security features When you select different options for dealing with detected objects, you can test File Anti-Virus's reaction to detecting various object types. You can view details on File Anti-Virus performance in the report on the component. 15.3.
Page 204 Internet Security 6.0 This way, by selecting different options for actions, you can test Kaspersky Internet Security reactions to detecting various object types. You can view details on virus scan task performance in the report on the component.
Page 205: Chapter 16. Program Updates
CHAPTER 16. PROGRAM UPDATES Keeping your anti-virus software up-to-date is an investment in your computer’s security. Because new viruses, Trojans, and malicious software emerge daily, it is important to regularly update the application to keep your information constantly protected. This task is managed by the Updater component. Updating the application involves the following components being downloaded and installed on your computer: •...
Page 206: Starting The Updater
Internet Security 6.0 If you do not have access to Kaspersky Lab’s update servers (for example, your computer is not connected to the Internet), you can call the Kaspersky Lab main office at +7 (495) 797-87-00 to request contact information for Kaspersky Lab partners, who can provide you with zipped updates on floppy disks or CDs.
Page 207: Rolling Back To The Previous Update
Program updates To start the Updater from the shortcut menu: Right click the application icon in the system tray to open the shortcut menu. Select Update. To start the Updater from the main program window: Select Update in the Service section. Click the Update now! Button in the right panel of the main window or use the button on the status bar.
Page 208: Configuring Update Settings
Internet Security 6.0 For example, you installed Kaspersky Internet Security on a laptop that you use at home and at your office. At home, you update the program from the Kaspersky Lab update servers, and at the office, from a local folder that stores the updates you need.
Page 209: Selecting An Update Source
Program updates • The source from which the updates are downloaded and installed (see 16.4.1 on pg. 209) • The run mode for the updating procedure (see 16.4.2 on pg. 211) • Which objects are updated • What actions are to be performed after updating is complete (see 16.4.4 on pg.
Page 210 Internet Security 6.0 Figure 72. Selecting an update source To download updates from another FTP or HTTP site: Click Add. In the dialog box, select the target FTP or Select Update Source HTTP site or specify the IP address, character name, or URL address of this site in the Source field.
Page 211: Selecting An Update Method And What To Update
Program updates the updates from the first available source. You can change the order of sources in the list using the Move up and Move down buttons. To edit the list, use the Add, Edit and Remove buttons. The only source you cannot edit or delete is the one labeled Kaspersky Lab’s update servers.
Page 212 Internet Security 6.0 If you want to download and install updates for program modules: Check Update program modules in the Settings dialog box of the Update service. If there are currently program module updates on the update source, the program will download the updates it needs and apply them after the computer restarts.
Page 213: Configuring Connection Settings
Program updates Manually. With this option, you start the Updater manually. Kaspersky Internet Security notifies you when it needs to be updated: • A popup message, informing you that updating is required, appears above the application icon in the system tray (if notices are enabled; see 17.11.1 on pg.
Page 214 Internet Security 6.0 Check Use passive FTP mode if possible if you download the updates from an FTP server in passive mode (for example, through a firewall). If you are working in active FTP mode, clear this checkbox. In the Connection timeout (sec) field, assign the time allotted for connection with the update server.
Page 215: Update Distribution
Program updates This feature is unavailable under Windows 9X/NT 4.0. However, the proxy server is by default not used for local addresses. 16.4.4. Update distribution If your home computers are connected through a home network, you do not need to download and installed updates on each of them separately, since this would consume more network bandwidth.
Page 216 Copy updates for all components checkbox. Note that Kaspersky Internet Security 6.0 only retrieves update packages for v. 6.0 applications from the Kaspersky Lab update servers. If you want other computers on the network to update from the folder that contains updates copied from the Internet, you must take the following steps: Grant public access to this folder.
Page 217: Actions After Updating The Program
Program updates 16.4.5. Actions after updating the program Every threat signature update contains new records that protect your computer from the latest threats. Kaspersky Lab recommends that you scan quarantined objects and startup objects each time after the database is updated. Why these objects should be scanned? The quarantine area contains objects that have been flagged by the program as suspicious or possibly infected (see 17.1 on pg.
Page 218: Chapter 17. Advanced Options
CHAPTER 17. ADVANCED OPTIONS Kaspersky Internet Security has other features that expand its functionality. The program places some objects in special storage areas, in order to ensure maximum protection of data with minimum losses. • Backup contains copies of objects that Kaspersky Internet Security has changed or deleted (see 17.2 on pg.
Page 219: Quarantine For Potentially Infected Objects
Advanced options Monitored ports can regulate which Kaspersky Internet Security modules control data transferred on select ports (see 17.7 on pg. 246). The Rescue Disk can help restore your computer’s functionality after an infection (see 17.10 on pg. 251). This is particularly helpful when you cannot boot your computer’s operating system after malicious code has damaged system files.
Page 220: Actions With Quarantined Objects
Internet Security 6.0 When you place an object in Quarantine, it is moved, not copied. The object is deleted from the disk or email and is saved in the Quarantine folder. Files in Quarantine are saved in a special format and are not dangerous.
Page 221 Advanced options Figure 77. List of quarantined objects • Scan and disinfect all potentially infected objects in Quarantine using the current threat signatures by clicking, click Scan all. After scanning and disinfecting any quarantined object, its status may change to infected, potentially infected, false positive, OK, etc. The infected status means that the object has been identified as infected but it could not be treated.
Page 222: Setting Up Quarantine
Internet Security 6.0 Tip: We recommend that you only restore objects with the status false positive, OK, and disinfected, since restoring other objects could lead to infecting your computer. • Delete any quarantined object or group of selected objects. Only delete objects that cannot be disinfected.
Page 223: Backup Copies Of Dangerous Objects
Advanced options 17.2. Backup copies of dangerous objects Sometimes when objects are disinfected their integrity is lost. If a disinfected file contains important information which is partially or fully corrupted, you can attempt to restore the original object from a backup copy. A backup copy is a copy of the original dangerous object that is created before the object is disinfected or deleted.
Page 224 Internet Security 6.0 Figure 79. Backup copies of deleted or disinfected objects You can restore selected copies using the Restore button. The object is restored from Backup with the same name that it had prior to disinfection. If there is an object in the original location with that name (this is possible if a copy was made of the object being restored prior to disinfection), a warning will be given.
Page 225: Configuring Backup Settings
Advanced options 17.2.2. Configuring Backup settings You can define the maximum time that backup copes remain in the Backup area. The default Backup storage time is 30 days, at the end of which backup copies are deleted. You can change the storage time or remove this restriction altogether.
Page 226 Internet Security 6.0 Figure 80. Reports on component operation To review all the events reported for a component or task: Select the name of the component or task on the Reports tab and click the Details button. A window will then open that contains detailed information on the performance of the selected component or task.
Page 227 Advanced options • The Macros and Registry tabs are only in the Proactive Defense report and contain information about all macros which attempted to run on your computer, and on all attempts to modify the operating system registry. • The Phishing Sites, Popup Windows, Banner Ads, and Dial Attempts tabs are only in the Anti-Spy report.
Page 228: Configuring Report Settings
Internet Security 6.0 Discard All – clears the report on detected objects. When you use this function, all detected dangerous objects remain on your computer. View on www.viruslist.ru – goes to a description of the object in the Virus Encyclopedia on the Kaspersky Lab website.
Page 229: The Detected Tab
Advanced options Detected 17.3.2. The To view detected objects: In the main application window, click on Data Files in the Service area on the left-hand panel. Click anywhere in the Reports section to open the Protection window, which will open at the Reports tab. Select a scan task in the list of reports, and click on the Details button to open a detailed report on the scan task.
Page 230: The Events Tab
Internet Security 6.0 Events 17.3.3. The This tab (see fig. 83) provides you with a complete list of all the important events in component operation, virus scans, and threat signature updates that were not overridden by an activity control rule (see 10.1.1 on pg. 119).
Page 231: The Statistics Tab
Advanced options For virus scan tasks, the event log contains the name of the object scanned and the status assigned to it by the scan/processing. You can also train Anti-Spam while viewing the report using the special context menu. To do so, select the name of the email and open the context menu by right-clicking and select Mark as spam, if the email is spam, or Mark as accepted, if the selected email is accepted email.
Page 232 Internet Security 6.0 dangerous objects, or what settings are being used for program updates. Use the Change settings link to configure the component. You can configure advanced settings for virus scans: • Establish the priority of scan tasks used if the processor is heavily loaded.
Page 233: The Macros Tab
Advanced options Macros 17.3.6. The All the macros that attempted to run during the current Kaspersky Internet Security session are listed on the Macros tab (see fig. ). Here you will find the full name of each macro, the time it was executed, and its status after macro processing.
Page 234: The Phishing Tab
Internet Security 6.0 Figure 87. . Read and modify system registry events The tab lists the full name of the key, its value, the data type, and information about the operation that has taken place: what action was attempted, at what time, and whether it was allowed.
Page 235: The Popups Tab
Advanced options Popups 17.3.9. The This report tab (see fig. 89) lists the addresses of all the popup windows that Anti-Spy has blocked. These windows generally open from websites. The address and date and time when Popup Blocker blocked the window are recorded for each popup.
Page 236: The Hidden Dials Tab
Internet Security 6.0 Figure 90. Blocked banner ad list You can allow blocked banners to be displayed. To do so, select the object you → want from the list and click Actions Allow. Hidden Dials 17.3.11. The This tab (see fig. 91) displays all secret dialer attempts to connect to paid websites.
Page 237: The Network Attacks Tab
Advanced options Network Attacks 17.3.12. The This tab (see fig. 92) displays a brief overview of network attacks on your computer. This information is recorded if the Intrusion Detection System is enabled, which monitors all attempts to attack your computer. Figure 92.
Page 238: The Application Activity Tab
Internet Security 6.0 Figure 93. Blocked host list Application Activity 17.3.14. The If Kaspersky Internet Security is using the Firewall, all applications with actions that match rules for applications and were logged during the current session of the program are listed on the Application Activity tab (see fig. 94).
Page 239: The Packet Filtering Tab
Advanced options Packet Filtering 17.3.15. The The Packet filtering tab contains information about sending and receiving packets that match filtration rules and were logged during the current session of the application (see fig. 95). Figure 96. Monitored data packets Activity is only recorded if Log is checked in the rule.
Page 240: The Open Ports Tab
Internet Security 6.0 Figure 97. List of established connections Open Ports 17.3.17. The All ports currently open on your computer for network connections are listed on the Open ports tab (see fig. 98). It lists the port number, data transfer protocol, name of the application that uses the port, and how long the port has been open for each port.
Page 241: The Traffic Tab
Advanced options This information may be useful during virus outbreaks and network attacks if you know exactly which port is vulnerable. You can find out whether that port is open on your computer and take the necessary steps to protect your computer (for example, enabling Intrusion Detector, closing the vulnerable port, or creating a rule for it).
Page 242: Managing Licenses
Internet Security 6.0 Figure 100. Information on the program, the license, and the system it is installed on All the information is broken into three sections: • The program version, the date of the last update, and the number of threats known to date are displayed in the Product info box.
Page 243 Advanced options Without a license key, unless a trial version of the application has been activated, Kaspersky Internet Security will run in one update mode. The program will not download any new updates. If a trial version of the program has been activated, after the trial period expires, Kaspersky Internet Security will not run.
Page 244: Technical Support
Internet Security 6.0 Figure 101. License information Kaspersky Lab regularly has special pricing offers on license extensions for our products. Check for specials on the Kaspersky Lab website in the Products ! Sales and special offers area. Information about the license key used is available in the License info box in the Service section of the main program window.
Page 245 Advanced options Figure 102. Technical support information Depending on the problem, we provide several technical support services: User forum. This resource is a dedicated section of the Kaspersky Lab website with questions, comments, and suggestions by program users. You can look through the basic topics of the forum and leave a comment yourself.
Page 246: Creating A Monitored Port List
Internet Security 6.0 computer. You can describe the system configuration on your own or use the automatic information collector on your computer. To go to the comment form, use the Submit a bug report or a suggestion link. Technical support. If you need help with using Kaspersky Internet Security, click the link located in the Local Technical Support box.
Page 247 Advanced options Figure 103. List of monitored ports This window provides a list of ports monitored by Kaspersky Internet Security. To scan data streams enter on all open network ports, select the option Monitor all ports. To edit the list of monitored ports manually, select Monitor only selected ports.
Page 248: Checking Your Ssl Connection
These features of the protocol are used by hackers to spread malicious programs, since most antivirus programs do not scan SSL traffic. Kaspersky Internet Security 6.0 has the option of scanning SSL traffic for viruses. When an attempt is made to connect securely to a web resource, a notification will appear on screen (see fig.
Page 249 Advanced options Figure 104. Notification on SSL connection detection To scan encrypted connections, Kaspersky Internet Security replaces the security certificate requested with a certificate it signs itself. In some cases, programs that are establishing connections will not accept this certificate, resulting in no connection being established.
Page 250: Configuring The Kaspersky Internet Security Interface
Internet Security 6.0 17.9. Configuring the Kaspersky Internet Security interface Kaspersky Internet Security gives you the option of changing the appearance of the program by creating and using skins. You can also configure the use of active interface elements such as the system tray icon and popup messages.
Page 251: Rescue Disk
Advanced options Depending on the program operation performed, the system tray icon changes. For example, if a script is being scanned, a small depiction of a script appears in the background of the icon, and if an email is being scanned, an envelope.
Page 252: Creating A Rescue Disk
Internet Security 6.0 • Microsoft Windows XP Service Pack 2 system files • A set of operating system diagnostic utilities • Kaspersky Internet Security program files • Files containing threat signatures To create a rescue disk: Open the program’s main window and select Rescue disk in the Service section.
Page 253: Creating An .Iso File
Advanced options • Folder where rescue disk files will be saved before burning the CD If you are not creating an emergency disk for the first time, this folder will already contain a set of files made the last time. To use files saved previously, check the corresponding box.
Page 254: Using The Rescue Disk
Internet Security, click Start→Programs→Kaspersky Internet Security 6.0 →Start. The Kaspersky Internet Security main window will open. In system rescue mode, you can only access virus scans and threat signature updates from the LAN (if you have enabled network support in Bart PE).
Page 255: Using Advanced Options
Advanced options session with a rescue disk. Otherwise, these objects will be lost when you restart your computer. 17.11. Using advanced options Kaspersky Internet Security provides you with the following advanced features: • Notifications of certain events that occur in the program •...
Page 256: Types Of Events And Notification Delivery Methods
Internet Security 6.0 To use this feature, you must: Check Enable Notifications in the Interaction with user box (see fig. 106). Figure 106. Enabling notifications Click on the Settings button to open the Notification settings window. On the Events tab, define the event types from Kaspersky Internet Security for which you want notifications, and the notification delivery method (see 17.11.1.1 on pg.
Page 257 Advanced options You can configure the following notification methods for the events listed above in the Notification settings window that opens (see fig. 107): • Popup messages above the program icon in the system tray that contain an informative message on the event that occurred. To use this notification type, check in the Balloon section across from the event about which you want to be informed.
Page 258: Configuring Email Notification
Internet Security 6.0 17.11.1.2. Configuring email notification After you have selected the events (see 17.11.1.1 on pg. 256) about which you wish to receive email notifications, you must set up notification delivery. To do Open the program setup window with the Settings link in the main window.
Page 259: Configuring Event Log Settings
Advanced options Figure 108. Configuring email notification settings 17.11.1.3. Configuring event log settings To configure event log settings: Open the application settings window with the Settings link in the main window. Select Service in the settings tree. Click Advanced in the Interaction with user section of the right-hand part of the screen.
Page 260: Self-Defense And Access Restriction
Internet Security 6.0 Logs can be viewed in the Microsoft Windows Event Viewer, which you can open by going to Start/Settings/Control Panel/Administration/View Events. 17.11.2. Self-Defense and access restriction Kaspersky Internet Security ensures your computer’s security against malicious programs, and because of that , it can itself be the target of malicious programs that try to block it or delete it from the computer.
Page 261 Advanced options Figure 109. Configuring program defense To password-protect the program, check Enable password protection. Click on the Settings button to open the Password Protection window, and enter the password and area that the access restriction will cover (see fig. 110). You can block any program operations, except notifications for dangerous object detection, or prevent any of the following actions from being performed: •...
Page 262: Resolving Conflicts Between Kaspersky Internet Security And Other Programs
Internet Security 6.0 17.11.3. Resolving conflicts between Kaspersky Internet Security and other programs In some cases, Kaspersky Internet Security may cause conflicts with other applications installed on a computer. This is because those programs have built- in self-defense mechanisms that turn on when Kaspersky Internet Security attempts to inspect them.
Page 263: Resetting To Default Settings
Advanced options To import settings from a configuration file: Open the Kaspersky Internet Security main window. Select the Service section and click Settings. Click the Load button and select the file from which you want to import Kaspersky Internet Security settings. 17.13.
Page 264 Internet Security 6.0 to keep. In addition, settings that you configured with the Setup Wizard will also be applied.
Page 265: Chapter 18. Working With The Program From The Command Prompt
CHAPTER 18. WORKING WITH THE PROGRAM FROM THE COMMAND PROMPT You can use Kaspersky Internet Security from the command prompt. You can execute the following operations: • Starting, stopping, pausing and resuming the activity of application components • Starting, stopping, pausing and resuming virus scans •...
Page 266: Activating The Application
Internet Security 6.0 STATUS Displays the current component or task status on screen STATISTICS Displays statistics for the component or task on screen HELP Help with command syntax and the list of commands SCAN Scans objects for viruses UPDATE...
Page 267: Managing Program Components And Tasks
Working with the program from the command prompt <activation_code> Program activation code provided when purchased it. <file_name> Name of the license key file with the extension .key. Example: avp.com ACTIVATE 00000000-0000-0000-0000-000000000000 avp.com ADDKEY 00000000.key 18.2. Managing program components and tasks You can manage Kaspersky Internet Security components and tasks from the command prompt with these commands: •...
Page 268: Anti-Virus Scans
Internet Security 6.0 Mail Anti-Virus Web Anti-Virus Proactive Defense ASPY Anti-Spy Anti-Hacker Anti-Spam UPDATER Updater SCAN_OBJECTS Virus scan task SCAN_MY_COMPUTER My Computer task SCAN_CRITICAL_AREAS Critical Areas task SCAN_STARTUP Startup Objects task <task name> User-defined task Components and tasks started from the command prompt are run with the settings configured with the program interface.
Page 269 Working with the program from the command prompt avp.com SCAN [<object scanned>] [<action>] [<action query>] [<file types>] [<exclusions>] [<configuration file>] [<report settings>] To scan objects, you can also start one of the tasks created in Kaspersky Internet Security from the command prompt (see 18.1 on pg. 266). The task will be run with the settings specified in the program interface.
Page 270 Internet Security 6.0 /@:<filelist.lst> Path to a file containing a list of objects and folders to be included in the scan. The file should be in a text format and each scan object must start a new line. You can enter an absolute or relative path to the file.
Page 271 Working with the program from the command prompt Scan only potentially infected files by contents (default) Scan all files <exclusions> - this parameter defines objects that are excluded from the scan. It can include several values from the list provided, separated by spaces. /e:a Do not scan archives /e:b...
Page 272: Program Updates
Internet Security 6.0 Start a scan of RAM, Startup programs, email databases, the directories My Documents and Program Files, and the file test.exe: avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" "C:\Downloads\test.exe" Pause scan of selected objects and start full computer scan, then continue to scan for viruses within the selected objects: avp.com PAUSE SCAN_OBJECTS /password=<your_password>...
Page 273: Rollback Settings
Working with the program from the command prompt /C:<settings_file> Path to the configuration file with the settings for program updates. You can enter an absolute or relative path to the file. If this parameter is not defined, the values for the settings in the Kaspersky Internet Security interface are used.
Page 274: Importing Settings
Internet Security 6.0 Parameter description: <profile> Component or task with the settings being exported. One of the following values may be used: RTP – all protection components FM – File Anti-Virus EM – Mail Anti-Virus WM – Web Anti-Virus BM - Proactive Defense ASPY –...
Page 275: Starting The Program
Working with the program from the command prompt Note that you cannot execute this command without entering the password. Example: avp.com IMPORT c:\settings.dat password=<password> 18.8. Starting the program Command syntax: avp.com 18.9. Stopping the program Command syntax: EXIT /password=<password> <password> Kaspersky Internet Security password assigned in the program interface.
Page 276: Return Codes From The Command Line Interface
18.11. Return codes from the command line interface This section contains a list of return codes from the command line. The general codes may be returned by any command from the command line. The return codes include general codes as well as codes specific to a specific type of task. General return codes Operation completed successfully Invalid setting value...
Page 277: Chapter 19. Modifying, Repairing, And Removing The Program
Select Start → Programs → Kaspersky Internet Security 6.0 → Modify, Repair, or Remove. An installation wizard then will open for the program. Let’s take a closer took at...
Page 278 Internet Security 6.0 Step 1. Installation Welcome window If you take all the steps described above necessary to repair or modify the program, the Kaspersky Internet Security installation welcome window will appear. To continue, click the Next button. Step 2. Selecting an operation At this stage, you select which operation you want to run.
Page 279: Uninstalling The Program From The Command Prompt
Modifying, repairing, and removing the program Warning! If a long period of time elapses between uninstalling one version of Kaspersky Internet Security and installing another, you are advised not to use the iSwift database from a previous installation. A dangerous program could penetrate the computer during this period and its effects would not be detected by the database, which could lead to an infection.
Page 280: Chapter 20. Frequently Asked Questions
Kaspersky Internet Security; here we shall try to answer them here in detail. Question: Is it possible to use Kaspersky Internet Security 6.0 with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky Internet Security to avoid software conflicts.
Page 281 Chapter 20 Open Kaspersky Internet Security. Use the Settings link in the main window and select the Protection section in the program settings window. Uncheck Run program system startup and click OK. Reboot the operating system in regular mode. After this contact the Technical Support Service through the Kaspersky Lab’s corporate website (Service ! Technical Support ! Send request to Technical Support).
Page 282: Appendix A. Reference Information
APPENDIX A. REFERENCE INFORMATION This appendix contains reference materials on the file formats and extension masks used in Kaspersky Internet Security settings. A.1. List of files scanned by extension If you select Scan programs and documents (by extension), File Anti-Virus will scan files with the extensions below in-depth for viruses.
Page 283 Appendix A vbs – Visual Basic script vbe – BIOS video extension js, jse – JavaScript source text htm – hypertext document htt – Microsoft Windows hypertext header hta – hypertext program for Microsoft Internet Explorer asp – Active Server Pages script chm –...
Page 284: Possible File Exclusion Masks
Internet Security 6.0 pp* – Microsoft Office PowerPoint documents and files, such as: pps – Microsoft Office PowerPoint slide, ppt – presentation, etc. md* – Microsoft Office Access documents and files, such as: mda – Microsoft Office Access work group, mdb – database, etc.
Page 285: Possible Exclusion Masks By Virus Encyclopedia Classification
Appendix A Tip: *.* and * exclusion masks can only be used if you assign a classification excluded according to the Virus Encyclopedia. Otherwise the threat specified will not be detected in any objects. Using these masks without selecting a classification essentially disables monitoring.
Page 286: Appendix B. Kaspersky Lab
APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks.
Page 287: Other Kaspersky Lab Products
Appendix B B.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Kaspersky Anti-Virus 6.0 is designed to safeguard personal computers against malicious software as an optimal combination of conventional methods of anti- virus protection and new proactive technologies. The program provides for complex anti-virus checks including: •...
Page 288 Internet Security 6.0 • The product allows the users to subscribe and unsubscribe from news channels. • It retrieves news from each subscribed channel at the specified frequency and notifies the user of fresh news. • It allows news on the subscribed channels to be reviewed.
Page 289 Appendix B • anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using HotSync™ technology. ® handheld (PDA) from unauthorized Kaspersky Security for PDA protects your intrusion by memory encrypting both access to the device and data stored on cards Kaspersky Anti-Virus Mobile ®...
Page 290 Internet Security 6.0 You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. ® Kaspersky Corporate Suite This package provides corporate networks of any size and complexity with comprehensive, scalable anti-virus protection. The package components have been developed to protect every tier of a corporate network, even in mixed ®...
Page 291 Appendix B Installed at the entrance to a network, where it monitors incoming email traffic ® streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited email. The product is compatible with any email system and can be installed on either an existing email server or a dedicated one.
Page 292: Contact Us
Internet Security 6.0 ® Kaspersky Anti-Virus for Proxy Server ® Kaspersky Anti-Virus for Proxy Server is an antivirus solution for protecting web traffic transferred over HTTP protocol through a proxy server. The application scans Internet traffic in real time, protects against malware penetrating your system while web surfing, and scans files downloaded from the Internet.
Page 293: Appendix C. License Agreement
APPENDIX C. LICENSE AGREEMENT Standard End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT (“AGREEMENT”), FOR THE LICENSE OF KASPERSKY INTERNET SECURITY (“SOFTWARE”) PRODUCED BY KASPERSKY LAB (“KASPERSKY LAB”). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT.
Page 294 Internet Security 6.0 All references to “Software” herein shall be deemed to include the software activation code with which you will be provided by Kaspersky Lab as part of the Kaspersky Internet Security 6.0. 1. License Grant. Subject to the payment of the applicable license fees, and...
Page 295 Appendix C 1.1.7 Kaspersky Lab may ask User to install the latest version of the Software (the latest version and the latest maintenance pack). 1.1.8 You shall not use this Software in automatic, semi-automatic or manual tools designed to create virus signatures, virus detection routines, any other data or code for detecting malicious code or data.
Page 296 Internet Security 6.0 Technical support via Internet and hot phone-line provided by Vendor and/or Reseller; Virus detection and disinfection updates in 24-hours period. Support Services are provided only if and when you have the latest version of the Software (including maintenance packs) as available on the official Kaspersky Lab website (www.kaspersky.com) installed on your...
Page 297 Appendix C may be reasonably necessary to assist the Supplier in resolving the defective item. The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended, or (c) use the Software other than as permitted under this Agreement.
Page 298 Internet Security 6.0 (iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software.

KAPERSKY INTERNET SECURITY 6.0 User Manual

Chapter 1. Threats to Computer Security

Chapter 2. Kaspersky Internet Security 6.0

Chapter 3. Installing Kaspersky Internet Security 6.0

Chapter 4. Program Interface

Chapter 5. Getting Started

Chapter 6. Protection Management System

Chapter 7. File Anti-Virus

Chapter 8. Mail Anti-Virus

Chapter 9. Web Anti-Virus

Chapter 10. Proactive Defense

Chapter 11. Anti-Spy

Chapter 12. Anti-Hacker

Chapter 13. Anti-Spam

Chapter 14. Scanning for Viruses on Your Computer

Chapter 15. Testing Kaspersky Internet Security Features

Chapter 16. Program Updates

Chapter 17. Advanced Options

Chapter 18. Working with the Program from the Command Prompt

Chapter 19. Modifying, Repairing, and Removing the Program

Chapter 20. Frequently Asked Questions

Appendix A. Reference Information

Appendix B. Kaspersky Lab

Appendix C. License Agreement

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KAPERSKY INTERNET SECURITY 6.0

Summary of Contents for KAPERSKY INTERNET SECURITY 6.0