View
128
Download
1
Category
Preview:
DESCRIPTION
No Description
Citation preview
Kaspersky PURE 2.0
Documentation for the online video course on
Kaspersky PURE 2.0
Kaspersky PURE 2.0
1 | 7 4 6
Content
CONTENT 1
GLOSSARY 10
CHAPTER 1. INTRODUCTION 12
What is Kaspersky PURE 2.0 12 Key functions and advantages 12 What’s new in Kaspersky PURE 2.0 13 What’s new in Kaspersky PURE 2.0 13 What’s improved in Kaspersky PURE 2.0 13
Interface of Kaspersky PURE 2.0 15 Application icon in the Microsoft Windows taskbar notification area 15 Main window of Kaspersky PURE 2.0 20 Notification windows and pop-up messages 23 The program settings window 25
CHAPTER 2. COMPARISON OF KASPERSKY PURE 2.0 WITH OTHER KASPERSKY LAB PRODUCTS 27
CHAPTER 3. INSTALLATION OF KASPERSKY PURE 2.0 29
System requirements for Kaspersky PURE 2.0 29 General requirements 29 Supported operating systems 29 System requirements for netbooks 30
Installation procedure of Kaspersky PURE 2.0 30 Express installation of Kaspersky PURE 2.0 30 Custom installation of Kaspersky PURE 2.0 34
Uninstalling third-party software or earlier versions of Kaspersky Lab products 41
List of applications incompatible with Kaspersky PURE 2.0 45
Upgrade from other Kaspersky Lab products to Kaspersky PURE 2.0 46
CHAPTER 4. LICENSE MANAGEMENT AND MIGRATION TO NEW PRODUCT VERSION 47
License management 47 About license agreement 47 About license 47 About activation code 48 Purchasing license after the product installation 50 About activation procedure 52
Activation during the application installation 52 Activation after the application installation 54 Activation issues of Kaspersky Lab products 58
Viewing license information 58 License renewal procedure 60 Licensing window 62
Kaspersky PURE 2.0
2 | 7 4 6
Migration policy from Kaspersky Lab products to Kaspersky PURE 2.0 65
CHAPTER 5. COMPUTER PROTECTION 66
“Cloud” protection (The Kaspersky Security Network service) 67
Protection Center 71
Scan 75 Scan for viruses 76 Starting scan for viruses 76
Starting scan from the main application window 76 Starting scan from the Computer Protection window 78
Full Scan 79 Critical Areas Scan 82 Custom Scan 84 Vulnerability Scan 88
Update 98
Quarantine 101 Working with quarantined objects 102 Working with objects in Backup 109
Network Monitor 110 Network Activity 112 Open ports 116 Network traffic 118 Blocked computers 121
Applications activity 122 Changing trusted group for an individual application 124 Editing rules for an individual application 126
Reports 126
CHAPTER 6. BACKUP AND RESTORE 131
Creating a backup task 131 Selecting data category for backing up 131 Creating a storage 151 Setting schedule for automatic launch of a backup task 165 Summary 169
Starting, editing and deleting backup tasks 170 Starting a backup task 170 Editing and deleting a backup task 175
Restoring data from backup 178
Managing backup storages 186 Connecting a storage 186 Editing storage settings 188
Clearing a storage 191 Deleting a storage 193
Viewing backup reports 197
Kaspersky PURE 2.0
3 | 7 4 6
CHAPTER 7. PARENTAL CONTROL 202
Starting work with Parental Control 202
Control levels 208
Configuring Parental Control settings 214
Account settings 215
Control over computer usage 217 Computer Usage 217 Application Usage 218 Reports 222
Control over Internet usage 223 Internet Usage 223 Web Browsing 224 File Downloads 229 Reports 230
Instant Messaging 231 Control messaging over instant messengers 231 Control over social networking 235 Controlling or restricting sending private data 238 Control over word usage 240 Reports 241
CHAPTER 8. HOME NETWORK CONTROL 242
Protecting access with an administrator password 242
Search for computers 244
Setting group update 245
Group launch of update and virus scan 248 How to start group scan for viruses 248 How to start group update 249
Detailed protection setting of networked computers 251 Information 252 Parental Control 255 Scan 256 Update 257 Backup and Restore 262
CHAPTER 9. ADDITIONAL TOOLS 264
Browser Configuration 264 Running Browser Configuration Wizard 264 Rolling back wizard actions which resulted in problems when working on the Internet 269
Kaspersky Rescue Disk 270 Creating Kaspersky Rescue Disk 271 Starting the computer from the rescue disk 282
Microsoft Windows Troubleshooting 285 What is Microsoft Windows Troubleshooting? 285
Kaspersky PURE 2.0
4 | 7 4 6
Running Microsoft Windows Troubleshooting Wizard 286
File Shredder 290 What is File Shredder? 290 Data deletion methods 291 Permanent data deletion procedure 291
Privacy Cleaner 296 Privacy Cleaner Wizard 297
Unused Data Cleaner 301 Unused Data Cleaning Wizard 301
CHAPTER 10. SAFE RUN 308
What is Safe Run 308
Running applications in the Safe Run for Applications mode 308 Running an application in Safe Run 308 Starting Safe Run for Applications 310 Closing Safe Run for Applications 314 Switching between the main desktop and Safe Run for Applications 316
Using a shared folder 317
Clearing Safe Run for Applications 319
What is Safe Run for Websites 320 Starting Safe Run for Websites 321 Using a shared folder 327 Clearing Safe Run for Websites 329
CHAPTER 11. DATA ENCRYPTION 335
Creating an encrypted container 335
Encrypting data 338
Connecting an earlier created container 339
Decrypting data. Configuring container 341
Deleting container 345
CHAPTER 12. PASSWORD MANAGER 348
What is Password Manager 348
Main features of Password Manager 348
Starting Password Manager 350 What is Master Password 350 Creating Master Password 350 Locking Password Manager 355 Password Manager Settings window 358 Password database window 359 Caption button of Password Manager 360
Kaspersky PURE 2.0
5 | 7 4 6
Adding account to Password database 361 Adding website account to Password database 361 Adding account for application to Password database 371 Adding and using Identities 379 Adding and using bookmarks 384 Adding Secure memos 387
Password database managing 394 Importing/exporting password database 394
Importing Password Database 394 Exporting Password Database 399
Backup copies of Password Database 407 Restoring data from backup copies 407 Deleting old backup copies 410
Configuring Password Manager 411
Portable version of Password Manager 423
Virtual Keyboard 426
Password Generator 429 What is Password Generator 429 Creating password for account 429
CHAPTER 13. SETTINGS. PROTECTION 434
General protection settings 436 Enabling and disabling protection 436 Selecting protection mode 441 Enabling and disabling autorun 442 Virtual keyboard 443
Self-Defense 445 Enabling and disabling self-defense 445 Protection from external control 446
File Anti-Virus 448 What is File Anti-Virus 448 Enabling/Disabling File Anti-Virus 448 Operating algorithm of File Anti-Virus 449 Security levels of File Anti-Virus 450 Actions to be performed by File Anti-Virus on detected threats 451
Default actions 451 Actions set by the user 451 Actions for each object 453 How to specify action on detected threats 454
Customizing security level in File Anti-Virus 455 Selecting file types scanned by File Anti-Virus 456 Selecting location of files scanned by File Anti-Virus 458 Scan methods of File Anti-Virus 459 Optimization of files scan 459 Setting scan of compound files 460 Scan modes of File Anti-Virus 464 iSwift и iChecker scan technologies 465 Pausing File Anti-Virus 466 Rollback to default settings of File Anti-Virus 468
Mail Anti-Virus 470
Kaspersky PURE 2.0
6 | 7 4 6
What is Mail Anti-Virus 470 Enabling/disabling Mail Anti-Virus 470 Operation algorithm of Mail Anti-Virus 471 Changing Mail Anti-Virus actions to be performed on detected threats 472 Security levels of Mail Anti-Virus 474 Customizing security level 475
Creating protection scope 476 Heuristic analysis 477 Scan of compound files 478 Filtering attachments 479
Configuring embedded plug-ins for Microsoft Office Outlook and The Bat! 480 Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2003/2007 480 Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2010 482 Installing Mail Anti-Virus plug-in in The Bat! 483 Disabling embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Outlook or The Bat! 484 Scan of SMTP, POP3, NNTP, IMAP mail traffic 486 Working features with Microsoft Outlook and Mozilla Thunderbird version 1.5 and above 488
Web Anti-Virus 491 What is Web Anti-Virus 491 Enabling/disabling Web Anti-Virus 491 Working algorithm of Web Anti-Virus 492 Security levels of Web Anti-Virus 493 Customizing security level 494
Checking suspicious and phishing URLs by Web Anti-Virus 494 Heuristic Analyzer 496 Blocking dangerous scripts 497 Scan optimization 498 Kaspersky URL Advisor 499 Blocking access to dangerous sites 503 Controlling access to regional web domains 504 Creating the list of trusted URLs 505 Controlling access to online banking services 506
Web Anti-Virus actions on detected threats 509
IM Anti-Virus 512 What is IM Anti-Virus 512 Enabling/Disabling IM Anti-Virus 512 Operation algorithm of IM Anti-Virus 513 Creating a protection scope of IM Anti-Virus 513 Selecting the scan methods of IM Anti-Virus 514
Application Control 517 What is Application Control 517 Operational algorithm of Application Control 517 Enabling/disabling Application Control 517 Loading rules from Kaspersky Security Network (KSN) 518 Placing applications into groups 519 Application control rules 524
Editing the group rule 525 Editing rules for an individual application 528 Setting exclusions 531 Inheriting restrictions of the parent process 531 Modifying the storage time for rules 534
Identity protection 534
System Watcher 542 Enabling/disabling System Watcher 542 Using patterns of dangerous behavior (BSS) 543 Rolling back actions performed by malware 544
Kaspersky PURE 2.0
7 | 7 4 6
Firewall 547 What is Firewall 547 Enabling/disabling Firewall 547 Changing the network status 548 Firewall rules 549
Creating a packet rule 550 Editing packet rules 555 Creating application rules 557 Editing an application rule 561 Configuring network service 563 Allocating range of IP-addresses 565 Extending the range of IP addresses 568 Changing the rule for a group of applications 569 Changing the rule priority 573
Configuring notifications of changes in the network 574 Advanced Firewall settings 576 Firewall working features 578
Proactive Defense 579 What is Proactive defense 579 Enabling/disabling Proactive Defense 579 Configuring Proactive defense settings 580
Creating group of trusted applications excluded from Proactive Defense scan 580 Modifying rules of Proactive defense 585
Network Attack Blocker 588 What is Network Attack Blocker 588 Enabling/Disabling Network Attack Blocker 588 Changing blocking settings 589
Anti-Spam 593 What is Anti-Spam 593 Enabling/Disabling Anti-Spam 593 Security levels of Anti-Spam 594 Customizing security level 595
Exact methods 596 Expert methods 604 Additional 607
Rollback to Anti-Spam default settings 608 Training Anti-Spam 609
Anti-Banner 610 What is Anti-Banner 610 Enabling/disabling Anti-Banner 610 Selecting the scan method 611 Creating the list of blocked and allowed banner addresses 612 Exporting and importing the lists of addresses 616
Threats and exclusions 619 Detecting definite types of threats 619 Exclusions 621
Creating the list of trusted applications 622 Creating exclusion rules 625
SETTINGS. SCAN 631
General settings 631 Background scan 631 Scanning removable drives on connection 632
Kaspersky PURE 2.0
8 | 7 4 6
Starting scan using a shortcut 633
Full Scan 635 Security levels 635
Modifying type of scanned objects 636 Scan optimization 639 Scan of compound files 640 Selecting scan method 642 Selecting scan technology 643 Creating scan schedule 644 Starting scan under a different account 645
Actions over detected treats 646 Default actions 646 Actions defined by the user 647 Actions for every detected object 649
Run mode and scan scope 652 Run mode 652 Creating list of objects to scan 654
Critical Areas Scan 656 Security levels 656
Modifying type of scanned objects 657 Scan optimization 660 Scan of compound files 661 Selecting scan method 663 Selecting scan technology 664 Creating scan schedule 665 Starting Critical Areas Scan under a different account 666
Actions upon threat detection 667 Default actions 667 Actions defined by the user 668 Actions specified for every detected object 671
Run mode and scan scope 675 Run mode 675 Creating a scan scope 676
Custom Scan 679 Security levels 679
Modifying type of scanned objects 680 Scan optimization 683 Scan of compound files 683 Selecting scan method 686 Selecting scan technology 687
Actions over detected threats 688 Default actions 688 Actions defined by the user 688 Actions specified for every detected object 691
Vulnerability scan 695 Starting vulnerability scan with an existing shortcut 695 Run mode 696 Starting vulnerability scan task under different account 698 Creating a scan scope for vulnerability scan 699
SETTINGS. UPDATE 702
Update task’s run modes 702
Running update under a different user account 703
Kaspersky PURE 2.0
9 | 7 4 6
Selecting an update source 704 Selecting the update server region 706 Using proxy server 707
Scanning quarantine after update 709
Notifications on updates or new versions releases 710
Updating from a shared (local) folder 710
SETTINGS. PASSWORD 716 Restricting access to PURE 716
SETTINGS. ADDITIONAL 718
Battery Saving 718
Compatability 718
Network 720 Monitored ports 720 Encrypted connections scan 722 Proxy server 724
Notifications 726
Reports and Storages 729
Feedback 734
Gaming Profile 735
Appearance 737
Manage Settings 738
RESTORING DEFAULT KASPERSKY PURE 2.0 SETTINGS 742
Kaspersky PURE 2.0
10 | 7 4 6
Glossary KSN, Kaspersky Security Network is an infrastructure of online services that provides
access to the online Knowledge Base of Kaspersky Lab, which contains information about
the reputation of files, web resources, and software. Using data from the Kaspersky Security
Network ensures a faster response time for Kaspersky PURE 2.0 when encountering new
types of threats, improves performance of some protection components, and reduces the
risk of false positives.
Phishing is a specific form of cybercrime. Phishing attacks are created the following way:
the criminal creates an almost 100 percent perfect replica of a chosen financial institution’s
website, then attempts to trick the user in to disclosing their personal details – username,
password, PIN etc. – via a form on the fake website, allowing the criminal to use the details
to obtain money.
Script is a computer program or a part of a program (function), created to perform a specific
small task. Scripts are usually inserted as parts of web pages to provide extended web page
functionality and they are executed when the web page is loaded.
Network Attack is network activity aimed to perform some actions (mostly malicious) on the
remote computer.
POP3, SMTP, IMAP, MAPI и NNTP are network protocols designed to create, receive and
send E-mail.
TCP, UDP, ICMP, ICMPv6, IGMP, GRE are network protocols (sets of rules) designed for
data transfer on the network.
VLSM is Variable Length Subnet Mask.
FTP (File Transfer Protocol) is a protocol, designed to transfer files on the network.
HTTP is Hypertext Transfer Protocol.
HTTPS (Hypertext Transfer Protocol Secure) is an HTTP-protocol extension with
encryption support.
IMAP4 is a standard protocol designed to access E-mail.
SSL is a protocol designed for safe transfer (encryption) of data of other protocols (ex.
POP3 or IMAP).
ICMP-packet is a packet containing a report about an error or an exception occurred during
data transfer. ICMP-packet includes segments called Type and Code that contain info
about type and code of occurred error.
Kaspersky PURE 2.0
11 | 7 4 6
Classless InterDomain Routing, CIDR is a methodology of allocating IP addresses and
routing Internet Protocol packets without rigid class addressing. This methodology allows
economical use of finite amount of IP-addresses and therefore performance increase in
Kaspersky PURE 2.0.
Databases — contain records about threats and network attacks, as well as methods used
for their disinfection. Protection components use them for searching for dangerous objects
on a computer and further disinfection.
Registry is a hierarchical database that stores configuration settings of most Microsoft
Windows OS.
Cookies are small text files with data created by a web server and stored on a user's
computer. They are sent to a web server each time a user accesses that server. Cookies
are used for authenticating (ex. login, password), remembering specific information about
users, such as site preferences, and for gathering statistic.
Every website matches its own cookie file.
Сompound file is a structured storage of files. Examples of compound files include
archives and OLE-objects. Often malefactors hide malicious objects by inserting them into
compound files (archives).
Rootkit is a program kit that hides the presence of malware in the system. Rootkits
penetrate into the system and hide their presence. Moreover rootkits can hide the presence
of particular processes, folders, files and registry keys.
Keylogger is a malicious program that tracks the sequence of keystrokes on the keyboard
in order to record a user’s personal information, such as passwords.
Clipboard is a software facility can be used for short-term data storage and/or data transfer
between documents or applications, via copy and paste operations.
Kaspersky PURE 2.0
12 | 7 4 6
Chapter 1. Introduction
What is Kaspersky PURE 2.0
Kaspersky PURE 2.0 is an optimal solution for comprehensive protection of computers
within your home network. The product provides real-time protection against modern
Internet threats irrespective whether you are working, using web banking, shopping,
chatting or playing in the network.
Key functions and advantages
Kaspersky PURE 2.0 ensures protection of your computer against all types of information
threats in real time, secures your personal data from loss and unauthorized use, protects
children and teenagers from threats related to computer and Internet usage, and manages
the security of all computers within your home network from any single computer.
► Advanced anti-virus technology of Kaspersky PURE 2.0 provides protection
against such modern-day data threats as viruses, trojans, worms, rootkits,
bootkits, botnets, and other illegal methods of controlling computers remotely,
theft of logins, passwords, and other personal data stored on a computer, spam
and phishing, hacker attacks, and unwanted web content.
► Proactive Defense technology of Kaspersky PURE 2.0 provides protection
against new threats by using behavior stream signature analysis to monitor and
prevent suspicious or dangerous behavior of computer applications.
► Application Control monitors the activity of applications running on the computer
and restricts their access to important areas of the operating system and personal
data. Applications are grouped as Trusted, Low Restricted, High Restricted,
and Untrusted, based on the data of Kaspersky Lab reputation services. The
group to which an application has been assigned defines restrictions imposed on
its activity.
► Depending on the selected functionality, unique Sandbox technologies called
Safe Browser, and Safe Run employ virtualization techniques on a lesser or
greater scale to create a safe environment for running applications. Safe Run
mode allows users to try out new software in isolation, thereby protecting the
operating system against any modifications. An unlimited number of web
browsers and other applications can be run in Safe Run mode at the same time.
► The personal data protection toolkit automatically denies user access to known
phishing sites and blocks key loggers from stealing passwords and access codes.
► Anti-Spam technology employs exact and expert methods to reduce the flow of
unsolicited emails considerably. The exact methods apply strict email filtering
rules that help identify a message as spam beyond any doubt. The expert
methods are used to analyze the email messages that have passed filtering by
exact methods.
► Backup provides storage and protection of important user data (documents,
pictures, and music files) against loss and damage by malware, accidental
deletion, or hard drive failure. In the event of loss, data can be restored quickly
from backups saved in special storages on a user-selected drive.
Kaspersky PURE 2.0
13 | 7 4 6
► Parental Control protects children and teenagers against threats inherent in
computer and Internet usage. Parental Control allows setting flexible user-level
access restrictions for resources and applications based on user age and
experience and lets you view statistical reports on user activity.
► Cutting-edge transparent encryption technology provides reliable protection of
user data against unauthorized access or theft by creating special data storages
called container files. Once mounted, a container file operates as a secure virtual
drive. Kaspersky PURE 2.0 ensures that encrypted information remains
confidential in case of a virus attack, loss or theft of a USB drive, or when a
mobile computer is used on an unsecured Wi-Fi network.
► Password Manager securely stores passwords and other user account data as
well as ensures confidential completion of various login forms. Password
Manager links passwords and accounts to web pages or Microsoft Windows
applications. When a web page or application is loaded, user names and
passwords are filled in automatically.
► Home Network Control lets you run virus scan and update tasks for all or some
computers on the network, manage data backup, and customize Parental
Control settings for any computer on the network directly from the user’s
workstation. This allows remote security management of any computer on the
home network.
What’s new in Kaspersky PURE 2.0
Kaspersky PURE 2.0 is a versatile tool for protecting data on the home network against all
kinds of information threats. The application ensures protection against viruses and
malware, unknown threats and fraud, it lets you control user access to the computer and the
Internet, back up data, and create encrypted containers for confidential information, and
manage computer security on the home network from the administrator workstation.
This comprehensive protection covers all channels that are used to receive and transfer
data. Flexible customization of every protection component makes Kaspersky PURE 2.0
adaptable to specific user requirements.
What’s new in Kaspersky PURE 2.0
► Users can now check an application's reputation, threat rating, and statistics of
usage on other computers before starting it.
► Backup compression feature has been added for more efficient use of backup
storage space.
► Parental Control now supports quick access to reports and control settings and
offers improved control of user communication via social networks.
► One encrypted container now comes by default.
► The account creation procedure in Password Manager is adapted to the account
type selected.
► Rescue Disk has been improved and can now be written to a USB drive.
What’s improved in Kaspersky PURE 2.0
► More application operations can now be undone if the application is recognized
as malware.
Kaspersky PURE 2.0
14 | 7 4 6
► The application threat rating technology has been improved to protect the
computer and personal data based on analysis of application behavior reported
by other users of Kaspersky Lab products.
► Cloud-enabled protection has been enhanced considerably. The cloud technology
in combination with conventional signature-based methods provides a high level
of security for computers, whether or not they have a permanent Internet
connection.
► Enhanced protection against rootkits: improved technology to prevent malware
from hijacking the boot process of the operating system. Backup tasks take less
time.
► Preset options have simplified the creation of backup tasks.
► Initial configuration of Parental Control has been simplified significantly through
the added option of user control level selection.
► The creation of encrypted containers for important files has been simplified.
► Virtual Keyboard has been redesigned.
► Centralized remote management of security, Parental Control, backup, and
licensing on the home network has been simplified.
► Application interface has been improved considerably to provide ease of use for
people with different levels of computer literacy.
Kaspersky PURE 2.0
15 | 7 4 6
Interface of Kaspersky PURE 2.0
The interface of the main application window in Kaspersky PURE 2.0 has been considerably
improved. The modern animated design eases perception of the information and allows to
simplify operational process of the product.
Now in the main window you can see all the necessary information about the computer
protection status, activity of the protection components, up-to-dateness of the anti-virus
databases and the license expiry date.
Let’s view the following main elements of Kaspersky PURE 2.0 in detail:
► Application icon in the Microsoft Windows taskbar notification area
► Main window of Kaspersky PURE 2.0
► Kaspersky Security Network (KSN) service
► Notification windows and pop-up messages
► Application settings window
► News agent of Kaspersky PURE 2.0
Application icon in the Microsoft Windows taskbar notification area
Immediately after installation of Kaspersky PURE 2.0, the application icon appears in the Microsoft Windows taskbar notification area.
Kaspersky PURE 2.0
16 | 7 4 6
In Microsoft Windows 7 the application icon is hidden by default, you can display the icon to
work with the application (see documentation to the operating system).
The icon performs the following functions:
► is an indicator of the application's operation;
► provides access to the context menu, the main application window and the news
window.
This icon serves as an indicator of the application's operation. It also indicates the
protection status and displays the basic functions currently being performed by the
application:
scanning an email message;
scanning web traffic;
updating databases and application modules;
computer needs to be restarted to apply updates;
a failure occurred in the operation of an application component.
The icon is animated by default. For example, during the email message scan, a tiny letter
symbol blinks in front of the application icon; when the update is in progress, you see a
revolving globe.
You can disable the animation the following way:
1. Open the main application window and in top right corner of the window click the
Settings link.
Kaspersky PURE 2.0
17 | 7 4 6
2. In the top part of the Settings window select the Additional tab and the
Appearance subsection.
3. In the Icon in the taskbar notification area section uncheck the Animate taskbar
icon when executing tasks box.
Kaspersky PURE 2.0
18 | 7 4 6
4. Click the OK button, to save the made changes.
When the animation is disabled, the icon can take the following form:
(colored symbol) – all or certain protection components are activated;
(black-and-white symbol) – all protection components are disabled.
Using the icon, you can open the context menu and the main application window.
► To open the context menu, hover the cursor over the icon and right-click the
area.
► To open the main application window, hover the cursor over the icon and left-
click the area.
Using the context menu, you can quickly take various actions on the application.
Kaspersky PURE 2.0
19 | 7 4 6
The Kaspersky PURE 2.0 menu contains the following items:
► Scan Tasks — opens the Scan Tasks window where you can view the list of
scan tasks which were performed or are being performed at the moment.
► Update — runs the update of application databases and modules.
► Tools — opens a submenu containing the following items:
Virtual Keyboard — displays the Virtual Keyboard.
Safe Run for Applications — runs a safe desktop designed for handling
applications that you suppose to be unsafe. When working with Safe Run
for Applications, this menu item is named Return to the main desktop
and is used for switching to the main desktop
Applications Activity — opens the Applications Activity window.
Network Monitor — opens the Network Monitor window.
► Kaspersky PURE 2.0 — opens the main program window.
► Enable Parental Control — enables/disables Parental Control for the current
account.
► Pause protection — temporarily disables / enables real-time protection
components. This menu item does not affect the application's updates or the
execution of virus scan.
► Settings — opens the application settings window.
► About — opens a window containing information about the application.
► Exit — closes Kaspersky PURE 2.0 (when this item is selected, the application is
unloaded from the computer’s RAM).
If a virus scan or update task is running at the moment that you open the context menu, its
name as well as its progress status (percentage complete) is displayed in the context menu.
When you select a menu item with the name of a task, you can switch to the main window
with a report of current task run results.
Kaspersky PURE 2.0
20 | 7 4 6
Main window of Kaspersky PURE 2.0
The main application window contains interface elements that provide access to all the main features of the application.
You can open the main application window one of the following ways:
► By left-clicking the application icon in the Microsoft Windows taskbar notification
area. In Microsoft Windows 7 the application icon is hidden by default. You can
display the program icon to work with the program (see the documentation to the
operating system).
► By selecting Kaspersky PURE 2.0 from the context menu of the application icon
in the Microsoft Window taskbar notification area.
Kaspersky PURE 2.0
21 | 7 4 6
The main window can be divided into three parts:
► The top part of the window provides information about the current protection
status of your computer.
Three protection statuses are predefined and each status is color-coded. Green color
means your protection is on the due level; yellow and red warn about various security
threats. Malicious programs, old program databases, some disabled components, minimal
protection settings and etc. refer to threats.
► The central part of the window allows quickly launch one of the computer scan
types, launch update of anti-virus databases, and go to the Backup and Restore,
Parental Control and Computer Protection modules. The Computer
Protection module lets you quickly go to the list of all protection components of
Kaspersky PURE 2.0.
► The bottom part of the window allows to access additional program modules
which provide enhanced protection and optimize the system work:
Additional Tools – optimizes system work and offers tools for advanced
protection of your data.
Kaspersky PURE 2.0
22 | 7 4 6
Safe Run – launches safe desktop to work with the programs which you
find unsafe. If safe desktop is already started, you are returned to the main
desktop.
Home Network Control – remote management of Kaspersky PURE 2.0.
Data Encryption – prevents from unauthorized access to private
information.
Password Manager – protects personal data, such as: passwords, user
names, numbers of internet pagers, contact data and etc.
When you select a module in the central or bottom part of the window, a window for the
corresponding module opens. You can return by clicking the Back button in the bottom right
corner of the window or by clicking the arrow in the upper left corner of the window.
You can also use the following buttons and links from the main program window:
► News – to switch to viewing news in the News Agent window. This link is
displayed after the application receives a piece of news.
Kaspersky PURE 2.0
23 | 7 4 6
► Settings – to open the application settings window.
► Help – to view the Kaspersky PURE 2.0 help system.
► My Kaspersky Account – to enter the user's personal account on the Technical
Support Service website.
► Support – to open the window containing information about the system and links
to Kaspersky Lab information resources (Technical Support Service website,
forum).
► License – to go to Kaspersky PURE 2.0 activation and license renewal.
Notification windows and pop-up messages
Kaspersky PURE 2.0 notifies you of important events occurring during its operation using
notification windows and pop-up messages that appear over the application icon in the
taskbar notification area.
Notification windows are displayed by Kaspersky PURE 2.0 when various actions can be
taken in connection with an event: for example, if a malicious object is detected, you can
block access to it, delete it, or try to disinfect it. The application prompts you to select one of
the available actions. A notification window only disappears from the screen if you select
one of the actions.
Kaspersky PURE 2.0
24 | 7 4 6
Pop-up messages are displayed by Kaspersky PURE 2.0 in order to inform you of events
that do not require you to select an action. Some pop-up messages contain links that you
can use to take an action offered by the application: for example, run a database update or
initiate activation of the application). Pop-up messages automatically disappear from the
screen soon after they appear.
Notifications and pop-up messages are divided into three types:
► Critical notifications – inform you of events that have a critical importance for
the computer's security, such as detection of a malicious object or a dangerous
activity in the system. Windows of critical notifications and pop-up messages are
red-colored.
► Important notifications – inform you of events that are potentially important for
the computer's security, such as detection of a potentially infected object or a
suspicious activity in the system. Windows of important notifications and pop-up
messages are yellow-colored.
► Information notifications – inform you of events that do not have critical
importance for the computer's security. Windows of information notifications and
pop-up messages are green-colored.
To know how to configure notification settings, read the chapter Settings - Additional.
Kaspersky PURE 2.0
25 | 7 4 6
The program settings window
The Kaspersky PURE 2.0 settings window is designed for configuring the entire application
and separate protection components, scanning and update tasks.
To open the settings window, click the Settings link in the top part of the main application
window or select the Settings item from the application context menu in the Windows
taskbar notification area.
The program settings window consists of three parts.
Kaspersky PURE 2.0
26 | 7 4 6
► In the top left part of the window you can choose the section that should be
configured:
► In the left part of the window you can choose the application component, task or
another item that should be configured;
► The right part of the window contains the controls that you can use to configure
the item selected in the left part of the window.
Kaspersky PURE 2.0
27 | 7 4 6
Chapter 2. Comparison of Kaspersky PURE 2.0 with other Kaspersky Lab products
Kaspersky PURE 2.0 is an optimal solution for comprehensive protection of computers
within your home network. The product provides real-time protection against modern
Internet threats irrespective whether you are working, using web banking, shopping,
chatting or playing in the network.
Kaspersky PURE 2.0 provides real-time protection against all types of data threats,
prevents loss and unauthorized use of user data, protects children and teenagers from
threats inherent in computer and Internet usage, and lets you manage the security of all
computers on the home network from any networked computer.
Use the table below to compare Kaspersky PURE 2.0 with Kaspersky PURE R2, as well as
with Kaspersky Internet Security 2012 (KIS 2012) and Kaspersky Anti-Virus (KAV 2012).
A greyed cell in the table means the described option is present in the product. A white cell
means the option is missing from the product.
Pay attention to new functionality and possibilities of Kaspersky PURE 2.0. For your
convenience they are red-framed and their short description is given below.
KIS
2012 KAV 2012 PURE R2 PURE 2.0
File Anti-Virus
Mail Anti-Virus
Web Anti-Virus
IM Anti-Virus
System Watcher
Proactive Defense
Network Attack Blocker
Anti-Spam1 Need to train Anti-Spam
Protection from spam with cloud technologies
Anti-Banner
Task Manager
Safe Run
Application Control
Firewall
Parental Control
Kaspersky URL Advisor2
Expanded compatibility of the URL Advisor module with web browsers
Block dangerous websites 3
1 To protect you from spam alongside with the traditional methods (analysis of a text, images and etc.)
Kaspersky PURE 2.0 uses state of the art “cloud” technologies and heuristic analyzer thus considerably enhancing efficiency of spam recognition. 2 The Kaspersky URL Advisor in Kaspersky PURE 2.0 is embedded into the toolbar for web browsers. It
highlights links that may take you to infected or phishing resources, with a color indicator. 3 Using Kaspersky PURE 2.0 you can block access to web sites which were detected as phishing as a result
of work of the ―block dangerous sites‖ module. If the program cannot make unequivocal decision about the
Kaspersky PURE 2.0
28 | 7 4 6
Geo Filter
Trusted URLs
Online Banking
File Advisor4
Data collection on behavioral patterns of programs
Virtual Desktop
Virtual Keyboard
Safe Browser5
Browser Configuration
Kaspersky Rescue Disk
Microsoft Windows Troubleshooting
Privacy Cleaner6
Vulnerability Scan7
Identity Protection
Backup and Restore
Password Manager
Data Encryption
File Shredder
Unused Data Cleaner
Intellectual system of downloading updates8
Rollback of malware actions
Home Network Control
Anti-Phishing
To protect you from spam alongside with the traditional methods (analysis of a text, images and etc.) Kaspersky PURE 2.0 uses state of the art “cloud” technologies and heuristic analyzer thus considerably enhancing efficiency of spam recognition.
site safety, you will be offered to load in the safe browser mode (only compatible with the web browsers Microsoft Internet Explorer, Mozilla Firefox and Google Chrome). When started in Safe Browser malicious objects cannot harm your computer. 4 Now Kaspersky PURE 2.0 has the option to find out the reputation of any file in Kaspersky Security Network.
For example, you downloaded a program from the Internet, but doubt its safety and want to quickly check its reputation. You will get detailed information about the file/program and other users' level of trust. 5 Safe Browser is a new module in Kaspersky PURE 2.0, which allows to open any web pages without a risk
of infection with malware. In Safe Browser web sites are opened in virtual environment which does not let out possible threats penetrate the operating system. 6 Privacy Cleaner Wizard clears logs and browser cache, deletes the data (cookies, temporary and
installation files) stored on your computer after browsing the net and thus keeps your user activity private. 7 Vulnerability Scan is a special tool which helps to search and eliminate security vulnerabilities of
applications, installed on your computer, and in operating system settings. All the problems detected at the system analysis stage will be grouped based on the degree of danger it poses. Kaspersky Lab specialists offer a set of actions for each group of problems which help to eliminate vulnerabilities and weak points in the system's settings.
8 Kaspersky PURE 2.0 downloads updates only for active components of the application, which helps to
minimize the number of updates and the time needed to download them. For example, if you have disabled Anti-Spam, Kaspersky PURE 2.0 will not download updates for this component. On activating a function/component, the application immediately starts downloading the relevant updates. This ensures up-to-date protection. Furthermore, in automatic update mode Kaspersky PURE 2.0 only runs update tasks 15 minutes after the computer has come out of sleep mode so as not to slow down the process of restoring the operating system.
Kaspersky PURE 2.0
29 | 7 4 6
Chapter 3. Installation of Kaspersky PURE 2.0
System requirements for Kaspersky PURE 2.0
General requirements
► 600 MB free hard drive space.
► CD-ROM (for installing Kaspersky PURE 2.0 from the setup CD).
► Microsoft Internet Explorer 6.0 or later (to update the application modules and
databases via the Internet).
► Microsoft Windows Installer 2.0
► Internet access to activate the application and update the databases
► Mouse
Supported operating systems
► Microsoft Windows XP:
Home Edition (Service Pack 3 or later).
Professional (Service Pack 3 or later).
Professional x64* Edition (Service Pack 2 or later).
Intel Pentium 800 MHz processor or faster (or compatible equivalent)
RAM: 512 MB
► Microsoft Windows Vista 32/64* Bit (Service Pack 2 or later):
Home Basic
Home Premium
Business
Enterprise
Ultimate
Intel Pentium 1 GHz 32-bit (x86)/ 64-bit (x64) processor or faster (or
compatible equivalent)
RAM: 1 GB
► Microsoft Windows 7 32/64* Bit
Starter
Home Basic
Home Premium
Professional
Ultimate
Intel Pentium 1 GHz 32-bit (x86)/ 64-bit (x64) processor or faster (or
compatible equivalent)
RAM: 1 GB (32-bit OS) or 2 GB (64-bit OS)
*Limitations for 64-bit operating systems:
Kaspersky PURE 2.0
30 | 7 4 6
Safe Browser and Safe Run Mode cannot be run under Windows XP x64, and run in
limited mode under Windows Vista x64 and Windows 7 x64 (running applications cannot
create COM objects).
Safe Desktop cannot be run under all x64 systems.
Password Manager cannot be run with x64 applications under all 64-bit operating systems.
System requirements for netbooks
► Intel Atom 1.6 GHz (Z520) processor (or a compatible equivalent)
► RAM: 1 GB
► Graphics: Intel GMA950, RAM: 64 MB minimum (or a compatible equivalent)
► Display: 10.1", resolution 1024x600 or higher
Installation procedure of Kaspersky PURE 2.0
If third-party anti-virus software is installed on your computer, go to the chapter Removing
third-party products. You can know the list of applications incompatible with Kaspersky
PURE 2.0 from the chapter Products incompatible with Kaspersky PURE 2.0. If an
earlier version of Kaspersky PURE 2.0 is installed on your computer, go to the chapter
Migration to Kaspersky PURE 2.0 from other Kaspersky Lab products.
If you install Kaspersky PURE 2.0 on your computer ―from the scratch‖, then you can select
one of the two installation variants:
► Express installation. If you choose this option, the application will be fully
installed on your computer with the protection settings recommended by
Kaspersky Lab experts. During the installation process you will be offered to
activate the product.
► Custom installation. In this case (the Change installation settings box is
checked), you will be asked to specify the destination folder into which the
application should be installed, activate the application and configure using a
special wizard.
Express installation of Kaspersky PURE 2.0
Step 1. Selecting the type of the installation.
If you purchased Kaspersky PURE 2.0 on a CD, then the installation starts automatically
after you have inserted your CD in the CD-ROM drive. If an executable installer file from the
CD is not started automatically, then it should be run manually. For this, open the CD and
the Install folder via Windows Explorer and double-click an executable file (with the exe.
extension).
If you purchased Kaspersky PURE 2.0 in the eStore in this case you get a download link to
an executable installer file which you have to run manually (by double-clicking the file). The
Setup Wizard will be launched. To start express installation, click the Next box.
Kaspersky PURE 2.0
31 | 7 4 6
Step 2. Accepting the License Agreement.
Read the License Agreement concluded by you and Kaspersky Lab. Read the agreement
carefully, and if you accept each of its terms, click the I agree button. The application
installation will go on. To cancel the application installation, click the Cancel button.
Step 3. Participating in the Kaspersky Security Network program.
At this step, you will be invited to participate in the Kaspersky Security Network.
Participation in the program involves sending information about new threats detected on
Kaspersky PURE 2.0
32 | 7 4 6
your computer, running applications, and downloaded signed applications to Kaspersky
Lab, along with the unique ID assigned to your copy of Kaspersky PURE 2.0 and your
system information. We guarantee that none of your personal data will be sent. Review the
Kaspersky Security Network Data Collection Statement. If you agree with all points of
the statement, check the I accept the terms of participation in Kaspersky Security
Network box. To continue the installation, click the Install button.
Step 4. Searching for incompatible software.
On this step the wizard searches for applications installed on your computer, incompatible
with Kaspersky PURE 2.0. If such applications are not found, the wizard goes to the next
step automatically.
Upon detection incompatible software is listed and you are offered to delete such software
from your computer. Applications which Kaspersky PURE 2.0 cannot delete automatically
should be removed manually. During removal of incompatible software, the system reboots.
After reboot installation of Kaspersky PURE 2.0 continues automatically.
You can find more information about removal of incompatible software from the chapter List
of applications incompatible with Kaspersky PURE 2.0.
Step 5. Installation.
Installation of the application can take some time. Wait for it to finish. Once the installation is
complete, the Wizard will automatically proceed to the next step.
If an installation error occurs, which may be due to malicious programs that prevent anti-
virus applications from being installed on your computer, the Setup Wizard will prompt you
to download Kaspersky Virus Removal Tool, a special utility for neutralizing an infection.
You can read about the utility in the KB6219.
If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab
servers, after which installation of the utility starts automatically. If the Wizard cannot
Kaspersky PURE 2.0
33 | 7 4 6
download the utility, you will be asked to download it on your own by clicking the link
provided.
After you finish working with the utility, you should delete it and restart the installation of
Kaspersky PURE 2.0.
Step 6. Finishing the installation.
After the program files have been copied and the modules have been registered, the Wizard
informs you of successful completion of the application installation. If you want to launch
Kaspersky PURE 2.0, check the Run Kaspersky PURE 2.0 box and click the Finish
button.
During the first application launch, you will be offered to activate Kaspersky PURE 2.0.
Kaspersky PURE 2.0
34 | 7 4 6
► If you have an activation code, select the Activate commercial version option
and enter an activation code of 20 characters. An Internet access is required to
activate the application.
► If you do not have an activation code, you can activate trial version. In this case
the Configuration Wizard will download and install a trial key valid for 30 days.
An Internet access is required to activate the application.
The difference between trial and commercial versions, and the activation procedure are
described in detail in the License management chapter.
Custom installation of Kaspersky PURE 2.0
Step 1. Selecting the type of the installation.
After installation start in the bottom left corner of the Wizard window check the Change
installation settings box and click Next.
Kaspersky PURE 2.0
35 | 7 4 6
Step 2. Accepting the License Agreement.
Read the License Agreement concluded by you and Kaspersky Lab. Read the agreement
carefully, and if you accept each of its terms, click the I agree button. The application
installation will go on. To cancel the application installation, click the Cancel button.
Step 3. Participating in the Kaspersky Security Network program.
At this step, you will be invited to participate in the Kaspersky Security Network.
Participation in the program involves sending information about new threats detected on
your computer, running applications, and downloaded signed applications to Kaspersky
Kaspersky PURE 2.0
36 | 7 4 6
Lab, along with the unique ID assigned to your copy of Kaspersky PURE 2.0 and your
system information. We guarantee that none of your personal data will be sent. Review the
Kaspersky Security Network Data Collection Statement. If you agree with all points of
the statement, check the I accept the terms of participation in Kaspersky Security
Network box. To continue the installation, click the Install button.
Step 4. Searching for incompatible software.
On this step the wizard searches for applications installed on your computer, incompatible
with Kaspersky PURE 2.0. If such applications are not found, the wizard goes to the next
step automatically.
Upon detection incompatible software is listed and you are offered to delete such software
from your computer. Applications which Kaspersky PURE 2.0 cannot delete automatically
should be removed manually. During removal of incompatible software, the system reboots.
After reboot installation of Kaspersky PURE 2.0 continues automatically.
You can find more information about removal of incompatible software from the chapter List
of applications incompatible with Kaspersky PURE 2.0.
Step 5. Selecting a destination folder.
At this stage you can select the folder in which to install Kaspersky PURE 2.0. The following
path is set by default:
For 32-bit systems: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0.
For 64-bit systems: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0.
To select a different folder, perorm the following actions:
1. In the Destination folder window click the Browse button.
Kaspersky PURE 2.0
37 | 7 4 6
2. In the Select current destination folder window select a folder.
3. Click the OK button.
4. Click the Next button to continue installation.
Kaspersky PURE 2.0
38 | 7 4 6
To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the window that opens you can view the disk space information. To close the window, click OK.
Keep in mind the following restrictions:
► The application cannot be installed on network or removable drives, or on virtual
drives (those created using the SUBST command).
► We recommend that you avoid installing the application in a folder that already
contains files or other folders, because that folder will then become inaccessible
for editing.
► The path to the installation folder cannot be longer than 160 characters or contain
the special characters /, ?, :, *, ", >, < or |.
Step 6. Preparing for installation.
During custom installation you are recommended not to uncheck the Protect the
installation process box. If any errors occur during the application installation, the enabled
protection will help to perform correct rollback procedure of the installation. During the
following installation (for example, after removal of incompatible software) you are advised
to uncheck the box.
When performing remote installation using Windows Remote Desktop you are advised to
uncheck this box if the application cannot be installed. Enabled protection may be the
reason.
To proceed with the installation, click the Install button.
Kaspersky PURE 2.0
39 | 7 4 6
Step 7. Installation.
Installation of the application can take some time. Wait for it to finish. Once the installation is
complete, the Wizard will automatically proceed to the next step.
If an installation error occurs, which may be due to malicious programs that prevent anti-
virus applications from being installed on your computer, the Setup Wizard will prompt you
to download Kaspersky Virus Removal Tool, a special utility for neutralizing an infection.
If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab
servers, after which installation of the utility starts automatically. If the Wizard cannot
download the utility, you will be asked to download it on your own by clicking the link
provided.
After you finish working with the utility, you should delete it and restart the installation of
Kaspersky PURE 2.0.
Step 8. Finishing the installation.
After the program files have been copied and the modules have been registered, the Wizard
informs you of successful completion of the application installation. If you want to launch
Kaspersky PURE 2.0, check the Run Kaspersky PURE 2.0 box and click the Finish
button.
Kaspersky PURE 2.0
40 | 7 4 6
During the first application launch you will be offered to activate Kaspersky PURE 2.0.
► If you have an activation code, select the Activate commercial license option
and enter an activation code of 20 characters. An Internet access is required to
activate the application.
► If you do not have an activation code, you can activate a trial version. In this case
the Wizard will download and install a trial key valid for 30 days. An Internet
access is required to activate the application.
The difference between a trial and commercial license, and the activation procedure are
described in detail in the License management chapter.
Kaspersky PURE 2.0
41 | 7 4 6
Uninstalling third-party software or earlier versions of Kaspersky Lab products
Before installation of Kaspersky PURE 2.0 all earlier versions of Kaspersky Lab products or
third-party anti-virus software need to have been uninstalled. If such third-party anti-virus
software has not been removed, during installation it is detected by the wizard and is
deleted automatically. In case third-party software cannot be deleted automatically, you will
be offered to delete such software manually.
You can use standard Windows means, to uninstall anti-virus software:
For users of Windows XP:
1. In the bottom left corner of the screen click the Start button.
2. Select the Control Panel item.
3. In the Control Panel window select the Add or Remove Programs section.
Kaspersky PURE 2.0
42 | 7 4 6
4. In the Add or Remove Programs window select a program you need to remove.
1. Click the Change/Remove button.
2. Anti-virus software will be deleted from your computer.
For users of Windows Vista/7:
1. In the bottom left corner of the screen click the Start button.
2. Select the Control Panel item.
Kaspersky PURE 2.0
43 | 7 4 6
3. In Control Panel window select the Programs section.
4. In the Programs window select the Programs and Features section.
Kaspersky PURE 2.0
44 | 7 4 6
5. In the Programs and Features window select an application you need to remove.
6. Double-click the application’s name.
7. Anti-virus software will be deleted from your computer.
Some folders and files of previously installed anti-virus applications may still remain in the
Program Files folder after removal with the Windows standard means. If the folder contains
folders and files of other anti-virus applications, delete them.
Sometimes after removal of anti-virus software with the standard means and the computer
restart some records may still remain in the system registry and prevent Kaspersky PURE
2.0 from installation. You will know about the records of the previous anti-virus software in
the registry during the product installation.
Before the files are copied onto a hard disk the Setup Wizard scans the disk for software
incompatible with Kaspersky PURE 2.0. Records in the system registry are recognized by
the Setup Wizard as fully installed software, even though the product was removed and is
no longer installed on the PC. As a result Kaspersky Lab Setup Wizard asks to delete the
detected incompatible software manually and terminates the installation process.
To resolve the situation, use the links to the special removal utilities that will fully remove a
product from your computer.
Kaspersky PURE 2.0
45 | 7 4 6
Removing Norton products
How to remove Norton products Removal tool to uninstall Norton products (NORTON REMOVAL TOOL (С) Symantec Corporation. Distributed under the terms of the NORTON Software Tool Usage Agreement)
Removing McAfee products
How to remove McAfee products Removal tool to uninstall McAfee products (MCPR (C) McAfee, Inc)
Removing TrendMicro products
How to remove TrendMicro products Removal tool to uninstall Trend Micro products (TISSUPRT (C) Trend Micro, Inc)
Removing BitDefender products
How to remove BitDefender products Removal tool to uninstall BitDefender products (BITDEFENDER UNINSTALL TOOL (C) BITDEFENDER)
Removing Avast products
How to uninstall Avast products. Removal tool to uninstall Avast products (ASWCLEAR5 (С) ALWIL Software)
Removing F-Secure products
How to uninstall F-Secure products Removal tool to uninstall F-Secure products (UNINSTALLATION TOOL (C) F-Secure Corporation. Distributed under the terms of the F-Secure License Terms)
Removing AVG products
How to uninstall AVG products. Removal tools to uninstall AVG anti-virus (AVGREMOVER (C) AVG Technologies): For 32-bit systems. For 64-bit systems.
Removing ESET products
How to uninstall ESET products. Removal tool to uninstall ESET Nod32 (ESET UNINSTALLER (C) ESET, LLC).
Removing Agnitum Outpost products
How to uninstall Agnitum Outpost products. Removal tools to uninstall Agnitum Outpost (for Outpost 2008/2009) (CLEAN (C) Agnitum Ltd): For 32-bit systems. For 64-bit systems.
Removing Norman Virus Control product
How to uninstall Norman Virus Control.
Removal tool to uninstall Norman Virus
Control (version 5.x) (DELNVC5 (C) Norman ASA).
List of applications incompatible with Kaspersky PURE 2.0
Kaspersky PURE 2.0
46 | 7 4 6
During installation of any Kaspersky PURE 2.0 component, products from the list which can
be found in the article from the link are always detected and automatically deleted – List of
applications incompatible with Kaspersky PURE 2.0.
Upgrade from other Kaspersky Lab products to Kaspersky PURE 2.0
You can install Kaspersky PURE 2.0 on top of the following Kaspersky Lab products:
► Kaspersky PURE
► Kaspersky PURE R2
► KIS 2011/2012
► KAV 2011/2012
In order to install Kaspersky PURE 2.0 on top of one of the mentioned programs, do the
following:
1. Download the product distributive of Kaspersky PURE 2.0 from the Kaspersky Lab
official site (http://www.kaspersky.com/productupdates).
2. Run the distributive of Kaspersky PURE 2.0.
3. Follow the instructions of the Setup Wizard (see chapter Express installation of
Kaspersky PURE 2.0).
Kaspersky PURE 2.0
47 | 7 4 6
Chapter 4. License management and migration to new product version
License management
This chapter contains information regarding the basic concepts used in the context of the application licensing. You will also learn about the automatic renewal of the license and where to view information regarding the current license.
About license agreement
The End User License Agreement – is an agreement between natural or legal person
lawfully in possession of a copy of Kaspersky PURE 2.0 and Kaspersky Lab, ZAO. The
EULA is included in each Kaspersky Lab application. It contains a detailed description of
rights and Kaspersky PURE 2.0 usage restrictions. According to the EULA, when you
purchase and install a Kaspersky Lab application, you get an unlimited right to own its
copy.
About license
License is a right to use Kaspersky PURE 2.0 and the related additional services offered by
Kaspersky Lab or its partners.
Each license is defined by its expiry date and a type.
License term – a period during which the additional services are offered:
► Technical support;
► Updating databases and application modules.
The scope of provided services depends on the type of the license.
The following license types are provided:
1. Trial – a free license with a limited validity period, for example, 30 days, offered to
become familiar with Kaspersky PURE 2.0.
Trial license can only be used once and cannot be used after a commercial license!
As soon as the trial license expires, all Kaspersky PURE 2.0 features become
disabled.
To continue using the application you should activate it with an activation code. The
activation procedure will be described below.
NOTE: Technical support is provided only to the customers of commercial license.
Kaspersky PURE 2.0
48 | 7 4 6
2. Commercial – a commercial license with a limited validity period (for example, one
year), offered upon purchase of Kaspersky PURE 2.0. One license can cover several
computers.
If a commercial license is activated, all application features and additional services
(technical support, update of bases and application modules) are available.
As soon as a commercial license expires, Kaspersky PURE 2.0 remains a full-
featured application, but the anti-virus databases are not updated. You can still scan
your computer for viruses and use the protection components, but only using the
databases that you had when the license expired.
Two weeks before the license expiration date, the application will notify you of this
event so you can renew the license in advance. The procedure of a license renewal
will be described below.
Commercial with an update subscription and commercial with an update and
protection subscription – a paid license with flexible management.
You can suspend and resume the subscription, extend its validity period in the
automatic mode and cancel the subscription. A license with subscription is
distributed by service providers. You can manage the subscription from the
user's Personal Cabinet on the service provider's website.
The validity period of a subscription can be limited (for example, to one year) or
unlimited. If a subscription with a limited validity period is activated, you should renew
it on your own when it expires. A subscription with an unlimited validity period is
extended automatically subject to timely prepayment to the provider.
If the subscription term is limited, when it expires, you will be offered a grace period
for subscription renewal, during which the full functionality of the program will be
maintained.
If the subscription is not renewed, when grace period expires, Kaspersky PURE 2.0
ceases to update the application databases (for licenses with an update subscription)
and stops performing computer protection or executing scan tasks (for licenses with
a protection subscription).
When using the subscription, you will not be able to use another activation code to
renew the license. This is only possible after the subscription expiry date.
If you already have an activated license with a limited term at the time of subscription
activation, it is substituted with the subscription license. To cancel the subscription,
contact the service provider from whom you purchased Kaspersky PURE 2.0.
About activation code
An activation code is a unique set of Latin letters and digits that comes in four blocks of five
symbols, separated by a hyphen, for example AA111-AA111-AA111-AA111.
Activation code is the code supplied with a Kaspersky PURE 2.0 commercial license. This
code is required for activation of the application.
If you purchased a box version of the Kaspersky Lab product, the activation code can be
found printed on the first page of the user manual left cover.
Kaspersky PURE 2.0
49 | 7 4 6
If you have purchased Kaspersky Lab product via E-Store, the activation code will be
sent to you via e-mail you have specified when making the order.
The activation code which has never been activated does not have an expiry date. An
unused activation code can be activated at any time, but the license will begin to expire on
the day of initial activation.
In this case the Configuration Wizard will connect to the Kaspersky Lab servers and send
the activation code to the servers. If the activation code is verified, the wizard receives a key
file which is automatically installed to the program. The activation process is complete and
is accompanied by a window with the detailed information about the purchased license.
If the activation code was not verified, the corresponding message is displayed on the
screen. In this case contact the company where you purchased the license.
Kaspersky PURE 2.0
50 | 7 4 6
If the number of activations with one activation code is exceeded a corresponding message
will appear on the screen. The activation process will be terminated and the program will
offer you to contact Kaspersky Lab Technical Support.
If an activation error occurred and the activation code was not activated, contact Technical
support via My Kaspersky Account service from any computer with an Internet connection.
Give the following information in your request:
Place where you purchased Kaspersky Lab product;
Information about the owner: surname, name;
Exact purchase date;
Full registration number of your license (this number is written on the first page of
the user manual left cover from the box version of the product or in an email (if
you purchased the product via eStore);
Product activation code.
Without an activation code the application will work in limited functionality.
For example, you will be able to update the program only once (further updates will not be
performed), some other functionalities will be unavailable.
Purchasing license after the product installation
If you have installed Kaspersky PURE 2.0 without a license, you can purchase one after
installation:
1. Open the main application window.
2. Click the License: not available link in the bottom right corner of the window.
Kaspersky PURE 2.0
51 | 7 4 6
3. In the Licensing window click the Buy activation code button.
The eStore web page of Kaspersky Lab opens where you can purchase a license or find
the partner nearest to you.
Kaspersky PURE 2.0
52 | 7 4 6
About activation procedure
Activation is the procedure of activating a license that allows you to use a fully functional
version of the application until the license expires.
Activation during the application installation
You can activate the commercial version of the application during the first launch of
Kaspersky PURE 2.0.
For this, perform the following actions:
1. In the Activation of Kaspersky PURE 2.0 window select a license type —
commercial or trial. See the chapter About license for the details.
► If you have selected Activate commercial version, enter an activation code into
the corresponding field and click the Next button.
► If you want to activate trial version, select the corresponding option and click the
Next button.
Pay attention, on this step you can purchase a commercial license by clicking the
Purchase activation code button. A Kaspersky Lab web-page opens where you
can purchase a license and obtain an activation code.
Kaspersky PURE 2.0
53 | 7 4 6
2. The Wizard sends a request to the activation server to obtain permission for
activation of the selected version of the application.
If the request is sent successfully, the Wizard automatically proceeds to the next
step.
3. This window displays information on the activation results: type of license used and
license expiry date. Click the Finish button, to complete the work of the Wizard.
Kaspersky PURE 2.0
54 | 7 4 6
Activation after the application installation
On the activation step during the application installation you can click the Cancel button. In
this case the application will not be activated. To activate the application after the
installation, perform the following actions:
1. Open the Licensing window using one of the methods below:
► Click the Activate link in the Kaspersky PURE 2.0 notice window which appears
in the taskbar notification area.
► Click the License: not available link in the bottom part of the main application
window.
Kaspersky PURE 2.0
55 | 7 4 6
► In the program main window click License issues or the Fix button. In the
Security Problems window click the Details button next to the message about
not activated application.
Kaspersky PURE 2.0
56 | 7 4 6
2. In the Licensing window click the Activate the application button in order to
activate the program with a new license.
Kaspersky PURE 2.0
57 | 7 4 6
3. Select Activate commercial version/ Activate trial version. If you want to activate
a commercial license, enter the activation code into the corresponding field. Click the
Next button. After successful activation completion, information about the license
type and the expiry date will be shown in the wizard window.
Kaspersky PURE 2.0
58 | 7 4 6
Activation issues of Kaspersky Lab products
Kaspersky Lab products can be activated by activation codes purchased in the region
where the product will be used.
The error may appear if you try to activate your application using an activation code in one
region (country), but the activation code you use is intended for use in another region
(country). For example, you bought Kaspersky PURE 2.0 via E-Store in India, but you try to
install and activate the application in the United Kingdom.
In order to eliminate the problem, you need to install and activate your Kaspersky Lab
product in the region (country), where you bought the application.
Viewing license information
In order to view current license information, perform the following actions:
1. Open the main application window.
2. Click on the License link in the bottom of the window.
Kaspersky PURE 2.0
59 | 7 4 6
In the Licensing window you can view the following license information:
► License number (for example, 0101-010101-01010101);
► License status (for example, active);
► License type (for example, commercial for 2 computers for 365 days);
► Expiration date (for example,13/03/2012 11:59 PM);
► Remaining (for example, 364 days).
Kaspersky PURE 2.0
60 | 7 4 6
License renewal procedure
To protect your computer after the license validity period, you can extend the license for the
next term prematurely.
To prolong the license validity period, perform the following actions:
1. Open the main application window.
2. In the bottom of the window click the License link.
3. In the Licensing window in the New activation code section:
If you already have an activation code (for example, you purchased a box version),
then perform the following actions:
a) Click on the Enter activation code button.
b) Enter your activation code in the Enter activation code window.
c) Click on the Next button.
Kaspersky PURE 2.0
61 | 7 4 6
If you do not have an activation code and you want to buy a new license, then in the
Licensing window perform the following actions:
1. Click on the button Buy activation code with a discount.
2. A Kaspersky Lab web-page opens where you can prolong your license validity
period online in the License Renewal Center or find the partner nearest to you
and then prolong your license offline.
Kaspersky PURE 2.0
62 | 7 4 6
Licensing window
The section in the top part of the Licensing window provides the following information
about the license:
► License number (for example, 0101-010101-01010101);
► License status (for example, active);
► License type (for example, commercial for 1 computer for 365 days);
► Expiration data (for example,13.03.2012);
► Remaining days (for example, 364 days).
Kaspersky PURE 2.0
63 | 7 4 6
You can delete the key which currently in use in the top part of the Licensing window. To
delete the license, click the cross button next to the license number.
The bottom section of the Licensing window allows to select an action over a license
depending on its type and status.
If a commercial license is in use, the New activation code section is available.
In this section you can purchase a new activation code (by clicking the Buy activation
code with a discount button) which would be automatically activated after the license in
use has expired (new activation code).
If a trial license is in use, the License expires soon section is displayed. Using the buttons
in this section you can:
► Enter activation code — if you have an activation code, you can activate the
application with a commercial license in the open window.
► Buy activation code — go to a Kaspersky Lab page where you can buy a
license for the product via the eStore or to know the location of the partner
nearest to you.
Kaspersky PURE 2.0
64 | 7 4 6
Kaspersky PURE 2.0
65 | 7 4 6
Migration policy from Kaspersky Lab products to Kaspersky PURE 2.0
The migration terms depend on the status of the license in use.
If you have an active license for the products:
► Kaspersky PURE, Kaspersky PURE R2 — you can use your current license to
migrate.
► KIS 7.0, KIS 2009, KIS 2010, KIS 2011, KIS 2012 — you can purchase a license
renewal with a discount in E-Store.
► KAV 7.0, KAV 2009, KAV 2010, KAV 2011, KAV 2012 — you can purchase a
license renewal with a discount in E-Store.
If the license for product KAV 2012/KIS 2012/KAV 2011 / KIS 2011 / KAV 2010 /KIS 2010 /
KAV 2009 / KIS 2009 / KIS 7.0 / KAV 7.0 has expired, then you may purchase a license
renewal for Kaspersky PURE 2.0 with a discount in E-Store or by Kaspersky Lab’s partners.
Kaspersky PURE
Kaspersky PURE R2
FREE Kaspersky PURE 2.0
KIS
7.0
KIS
2009
KIS
2010
KIS
2011
KIS
2012
With a discount
Kaspersky PURE 2.0
KAV
7.0
KAV
2009
KAV
2010
KAV
2011
KAV
2012
With a discount
Kaspersky PURE 2.0
Kaspersky CRYSTAL 2.0
66 | 7 4 6
Chapter 5. Computer Protection
Kaspersky PURE 2.0 is a versatile tool for protecting data on the home network against all
kinds of information threats. The application ensures protection against viruses and malware,
unknown threats and fraud, it lets you control user access to the computer and the Internet,
back up data, and create encrypted containers for confidential information, and manage
computer security on the home network from the administrator workstation.
In order to check the current computer protection state, click on the Computer Protection
module.
Computer Protection includes three main sections: Protection Center, Scan, Update. Also
the Computer Protection window contains the following links: Quarantine, Network Monitor,
Applications Activity. The upper part of the window contains the Cloud Protection button
and the Settings and Reports links.
Kaspersky CRYSTAL 2.0
67 | 7 4 6
“Cloud” protection (The Kaspersky Security Network service)
To increase the efficiency of your computer's protection, Kaspersky PURE 2.0 uses data
received from users from all over the world. Kaspersky Security Network is designed for
collecting those data and thus provides Cloud protection.
Kaspersky Security Network (KSN) is a global service of the operative threat analysis that
unites millions of users all over the world.
When Kaspersky PURE 2.0 detects suspicious or not scanned data on a computer of a KSN
participant, it automatically sends such data to Kaspersky Lab where virus analysts analyze
potential threats round the clock and release protection updates for customers in real time.
User participation in Kaspersky Security Network enables Kaspersky Lab to gather real-
time information about the types and sources of new threats, develop methods to neutralize
them, and reduce the number of false positives. The more users participate in KSN, the safer
cloud protection is for all the participants.
Thus, KSN allows the user to obtain:
► Additional level of protection;
► Operative data about applications reputation;
► Operative data about sites reputation;
► On-the-fly response to appearance of new threats.
Kaspersky CRYSTAL 2.0
68 | 7 4 6
To know the current operational status of the Kaspersky Security Network service, perform
the following actions:
1. In the Computer Protection window click on the Cloud protection button.
2. In the left part of the Cloud Protection window you can see the current service status –
Connected/Disconnected. In the right part of the window you can view the information
received by the service for the time being. To get more information about the cloud
protection technology of Kaspersky Security Network (KSN), click the Read more
button.
Kaspersky CRYSTAL 2.0
69 | 7 4 6
User participation in Kaspersky Security Network allows Kaspersky Lab to operatively
collect information about types and sources of new threats, develop disinfection methods, and
decrease the number of false alerts.
No privacy data are collected, processed, or stored.
Participating in the Kaspersky Security Network is voluntary. You should decide whether to
participate when installing Kaspersky PURE 2.0; however, you can change your decision at
any time later.
To participate/not participate in the Kaspersky Security Network service, perform the
following actions:
1. Open the Settings window by clicking on the Settings link in the left upper corner of the
main application window.
2. In the upper part of the window select Additional.
3. In the left part of the window select Feedback.
4. In the right part of the window check/clear the box I agree to participate in Kaspersky
Security Network.
Kaspersky CRYSTAL 2.0
70 | 7 4 6
5. Click on the OK button, to save the changes.
You can know the file reputation in only one click. In order to do this, right-click the required file
and select Check reputation in KSN from the open context menu.
Kaspersky CRYSTAL 2.0
71 | 7 4 6
Protection Center
Protection Center is a Kaspersky PURE 2.0 module which provides protection of personal
data against all kinds of threats. The module also protects the computer from spam and
network attacks. Components of Protection Center allow to protect the computer from
unknown threats and Internet-fraud, phishing; it lets you control user access to the Internet.
This comprehensive protection covers all channels that are used to receive and transfer data.
Protection Center lets you enable/disable protection components and go to their configuration
windows.
Real-time protection of your computer is provided by the following components:
► File Anti-Virus monitors the computer file system and prevents infection of the
computer's file system. The component starts upon startup of the operating system,
continuously remains in the computer's RAM, and scans all files being opened,
saved, or launched on your computer and all connected drives. Kaspersky PURE 2.0
intercepts each access to files and scan. The file will be accessible only if the file is
not infected or is disinfected by the application. If the file cannot be disinfected, the
file will be deleted. In this case the file copy will be saved in a backup quarantine
store.
► Mail Anti-Virus scans incoming and outgoing messages for dangerous objects.
Messages will be accessible only if contain no dangerous objects.
► Web Anti-Virus protects incoming web traffic and prevents dangerous scripts from
running on your computer. The component also blocks access to dangerous web
sites.
► IM Anti-Virus provides protection of your computer when you work with instant
messengers. The component protects incoming data via instant messengers’
protocols. IM Anti-Virus provides secure work with most of internet messengers.
► Application Control tracks actions in the system performed by applications installed
on the computer, and regulates them based on the rules of Application Control.
These rules regulate potentially dangerous activity, including applications' access to
protected resources.
► Proactive Defense allows detecting new types of threats even if they are not added
to anti-virus databases. The component controls and analyzes all types of activities
on the computer. If, as a result of activity analysis, the sequence of an application's
actions arouses suspicion, Proactive Defense blocks the activity of this application.
Thus, your computer is protected against known and new threats and malware.
► Firewall ensures your security on local networks and the Internet. Protection against
various types of attacks is performed based on two groups of rules: packet rules and
application rules.
► Network Attack Blocker loads during the operating system launch, and scans
incoming network traffic for activities characteristic of network attacks. As soon as an
attempt to attack the computer is detected, Kaspersky PURE 2.0 blocks any network
activity of the attacking computer towards your computer.
Kaspersky CRYSTAL 2.0
72 | 7 4 6
► Anti-Spam embeds into your mail client and filters all incoming mail for unwanted
mail and sorts it according to the settings configured by the user. All emails
containing spam will be marked with a special subject. You can configure work of the
Anti-Spam component (automatic deleting, removing to a specified folder and etc.).
► Network Monitor. The component allows to view real-time network activity data.
► Anti-Phishing. The component is embedded to Web Anti-Virus, Anti-Spam and IM
Anti-Virus. The component filters access to phishing web sites and prevents
phishing attacks.
► Anti-Banner blocks ads and banners in your web browser and in some applications.
You can enable/disable any of the components. In order to do this, perform the following
actions:
1. Select Computer Protection in the main application window.
2. In the Computer Protection window click on the List button in the Protection
components section.
Kaspersky CRYSTAL 2.0
73 | 7 4 6
3. In order to enable/disable the required component, click on the button located in the
right part of the window in the section of the required component.
The icon shows that a component is enabled, the icon – a component is
disabled.
Kaspersky CRYSTAL 2.0
74 | 7 4 6
4. In order to go to the component configuration window click on the button . You can
find detailed instructions on how to configure components in the Setting section.
Also in the Computer Protection window you can find out the status of detected threats and
databases status.
Kaspersky CRYSTAL 2.0
75 | 7 4 6
Anti-virus databases statuses of Kaspersky PURE 2.0:
► Obsolete;
► Out of date;
► Have not been updated for a long time;
► Update is in progress;
► Up to date.
Scan
Scanning the computer for viruses and vulnerabilities is one of the most important tasks in
ensuring the computer's security. It is necessary to scan your computer for viruses on a regular
basis in order to rule out the possibility of spreading malicious programs that have not been
discovered by protection components, for example, because of a low security level set, or for
other reasons.
Vulnerability scan performs the diagnostics of operating system and detects software
features that can be used by intruders to spread malicious objects and obtain access to
personal information.
Further we will study peculiarities configuring settings of the scan tasks, as well as security
levels, scan methods and technologies.
Kaspersky CRYSTAL 2.0
76 | 7 4 6
Scan for viruses
Kaspersky PURE 2.0 comprises the following tasks to scan for viruses:
► Full Scan. A thorough scan of the entire system. The following objects are scanned
by default: system memory, objects loaded on startup, system backup, email
databases, hard drives, removable storage media and network drives.
► Critical Areas Scan. Virus scan of operating system startup objects (system
memory, startup objects and bootable sectors).
► Custom Scan. Scan of objects selected by the user. You can create your own list by
adding or excluding from scan any object of the computer's file system from the
default list.
Starting scan for viruses
Scan tasks can be started from the main application window or from the Computer Protection
window.
Starting scan from the main application window
To start a scan task from the main application window, perform the following actions:
Kaspersky CRYSTAL 2.0
77 | 7 4 6
1. Open the main application window.
2. In the bottom part of the Computer Protection section click on the Scan link.
3. Select the required scan type from the open menu.
Kaspersky CRYSTAL 2.0
78 | 7 4 6
Starting scan from the Computer Protection window
In order to start a scan task from the Computer Protection window, perform the following
actions:
1. In the main application window select Computer Protection.
2. In the left part of the window select Scan.
Kaspersky CRYSTAL 2.0
79 | 7 4 6
3. In the right part of the window launch the necessary task.
Full Scan
In order to start the Full Scan task, click on the icon next to the task name.
Kaspersky CRYSTAL 2.0
80 | 7 4 6
Before the first launch of a scan task, a short description of the task is given in the Full Scan
section. After the first launch of the task, the window will contain task execution time (time
reference is a link to the scan report window), number of scanned objects and scan results.
During the Full Scan task performing you can specify an action for the computer to be
performed when scan is complete. In order to do this, perform the following actions:
1. Click on the details link under Full Scan.
Kaspersky CRYSTAL 2.0
81 | 7 4 6
2. In the Scan Tasks window click on the link keep the computer turned on.
3. Select the required action:
► keep the computer turned on;
► shut down the computer;
► switch the computer to standby mode;
► switch the computer to sleep mode;
► reboot the computer.
Kaspersky CRYSTAL 2.0
82 | 7 4 6
By default, the keep the computer turned on option is selected.
You can stop the launched task by pressing on the button . In order to resume the scan
task, click on the button and you will be asked to select one of the following options: Resume
scan or Start new scan.
Critical Areas Scan
In order to launch the Critical Areas Scan, click on the button next to the scan name
in the Computer Protection window.
Before the first launch of a scan task, a short description of the task is given in the Critical
Areas Scan section. After the first launch of the task, the window will contain task execution
time (time reference is a link to the scan report window), number of scanned objects and scan
results.
Kaspersky CRYSTAL 2.0
83 | 7 4 6
You can stop the launched task by pressing on the button .
In order to resume the scan task, click on the button and you will be asked to select one of the
following options: Resume scan or Start new scan.
Kaspersky CRYSTAL 2.0
84 | 7 4 6
Custom Scan
Using Custom Scan you can scan individual objects on the computer. You can create your
own list by adding or excluding from scan any object of the computer's file system from the
default list.
In comparison with custom scan, tasks of full scan and critical areas scan are specific scan
tasks – it is not recommended to edit scan lists for these scan types.
In order to launch a custom scan task, perform the following actions:
1. Drag the required object and drop it to the Custom Scan section. You can also click on
the browse link and select the object to scan.
Kaspersky CRYSTAL 2.0
85 | 7 4 6
2. The Custom Scan window contains the pre-defined list of objects to scan.
3. Check the required boxes next to the objects or select an object by pressing the Add
link:
Kaspersky CRYSTAL 2.0
86 | 7 4 6
4. In the Select object to scan window select the required object and click on the Add
button. Perform the same actions to add all required objects to scan. Once all objects
are added click on the OK button.
5. You can also check the Include subfolders box to scan all subfolders from the selected
object.
6. The selected objects appears in the Custom Scan window:
Kaspersky CRYSTAL 2.0
87 | 7 4 6
7. In order to edit or delete objects in the list of objects to scan, click on the Edit or Delete
links.
8. In the bottom of the Custom Scan window click on the OK button to start scan of the
selected objects.
9. Once the scan task is complete the Scan Tasks window appears on the screen. In the
Scan Tasks window click on the Close button.
Kaspersky CRYSTAL 2.0
88 | 7 4 6
Vulnerability Scan
Vulnerability scan is a special tool which helps to search and eliminate security vulnerabilities
of applications, installed on your computer, and in operating system settings. All the problems
detected at the system analysis stage will be grouped based on the degree of danger it poses.
Kaspersky Lab specialists offer a set of actions for each group of problems which help to
eliminate vulnerabilities and weak points in the system's settings.
There are three groups of problems distinguished, and, respectively, three groups of actions
associated with them:
► Strongly recommended actions will help eliminate problems posing a serious
security threat. You are advised to perform all actions of this group.
► Recommended actions help eliminate problems posing a potential threat. You are
advised to perform all actions of this group too.
► Additional actions help repair system damages which do not pose a current threat
but may threat the computer's security in the future.
As a result of search of possible vulnerabilities in the operating system and in the applications
installed on the computer direct links to critical fixes (application updates) are displayed.
After the vulnerability scan task start, its progress is displayed in the Vulnerability Scan
section, on the Scan tab in the Computer Protection window. Vulnerabilities detected when
scanning the system and applications, are displayed in the same window, on the System
vulnerabilities and Vulnerable applications tabs.
When searching for threats, information on the results is logged in a Computer Protection
report.
By default, the applications already installed on the computer are selected as scan objects.
In order to launch a Vulnerability Scan task, In the left part of the Computer Protection
window select Scan and in the right part of the window click on the button next to
Vulnerability Scan.
Kaspersky CRYSTAL 2.0
89 | 7 4 6
Before the first launch of a scan task, a short description of the task is given in the
Vulnerability Scan section. After the first launch of the task, the window will contain task
execution time, number of scanned objects and scan results.
You can stop the task by clicking on the button . In order to resume the task, click on
the button.
Once the Vulnerability Scan task is complete, click on the link displaying number of detected
threats.
Kaspersky CRYSTAL 2.0
90 | 7 4 6
The scan results will be displayed in the Vulnerability Scan window in two tabs:
► System vulnerabilities;
► Vulnerable applications.
Kaspersky CRYSTAL 2.0
91 | 7 4 6
In order to fix vulnerabilities, perform the following actions:
1. Select the System vulnerabilities tab.
2. Select the required item in the list and click on the Fix it button.
Kaspersky CRYSTAL 2.0
92 | 7 4 6
3. In order to display fixed vulnerabilities, check the Show fixed vulnerabilities box in the
bottom of the window.
If you select an item on the Vulnerable applications tab:
► you can read the vulnerability description on the web site http://www.securelist.com,
by clicking on the Details button;
► you can create an exclusion rule for the selected vulnerability by clicking the Add to
exclusions button.
Kaspersky CRYSTAL 2.0
93 | 7 4 6
The full report contains the information about the time when the task was started, paused or
finished and the list of detected vulnerabilities with the links to their description. To go to the
report, click the time reference link in the bottom part of the Vulnerability Scan window.
Kaspersky CRYSTAL 2.0
94 | 7 4 6
In order to create an exclusion rule for the vulnerability of the application, perform the following
actions:
1. In the Vulnerability Scan window go to the Vulnerable applications tab.
Kaspersky CRYSTAL 2.0
95 | 7 4 6
2. Select the required application from the list of vulnerable applications.
3. Click on the Add to exclusions button.
Kaspersky CRYSTAL 2.0
96 | 7 4 6
4. In the Exclusion rule window select the required Properties by checking the boxes:
► Object;
► Threat type.
Kaspersky CRYSTAL 2.0
97 | 7 4 6
5. If the Threat type box is checked, the Rule description field displays also the Threat
type section (threat type name mask according to Virus Encyclopedia).
6. In the Exclusion rule window in the Protection components section of the Rule
description field click on the any link and then on the select components.
7. To exclude the object from being scanned by some protection components, check the
boxes next to the required components.
Kaspersky CRYSTAL 2.0
98 | 7 4 6
8. Click on the OK button.
9. In the Exclusion rule window click on the OK button.
10. In the Vulnerable Scan window click on the Close button.
Update
Updating databases and program modules of Kaspersky PURE 2.0 ensures the up-to-date
protection status for your computer. New viruses, Trojans, and other types of malware appear
worldwide on a daily basis.
Kaspersky PURE 2.0 databases contain information about threats and ways of eliminating
them, so regular application update is required for ensuring your computer's security and for
timely detection of new threats.
Regular update requires an active license for application usage and an Internet connection.
Without a license, you will only be able to update the application once.
Application update downloads and installs the following updates on your computer:
► Kaspersky PURE 2.0 databases. The protection of information is based on
databases which contain signatures of threats and network attacks, and the methods
used to fight them. Protection components use these databases to search for and
disinfect dangerous objects on your computer. The databases are supplemented
every hour with records of new threats. That is why it is recommended to update on
a daily basis. In addition to the anti-virus databases, the network drivers that enable
the application's components to intercept network traffic are also updated.
► Application modules. In addition to the databases of Kaspersky PURE 2.0, you can
also update the program modules (i.e. some parts of the application). The update
packages fix Kaspersky PURE 2.0 vulnerabilities, and supplement or improve the
existing functionality.
The main update source of Kaspersky PURE 2.0 are special Kaspersky Lab update servers.
While updating Kaspersky PURE 2.0, you can copy database and program module updates
received from Kaspersky Lab servers into a local folder, providing access to other networked
computers. This saves Internet traffic.
You can also run update automatically, by schedule or manually.
Your computer should be connected to the Internet for successful downloading of updates from
our servers. By default, the Internet connection settings are determined automatically. If you
use a proxy server, you may need to adjust the connection settings.
Kaspersky CRYSTAL 2.0
99 | 7 4 6
During an update, the application modules and databases on your computer are compared
with those at the update source. If the databases and modules on your computer differ from
those on the update server, the application downloads only the incremental part of the updates.
If the databases outdated, the update package can be large and it can cause the additional Internet traffic (up to several tens of MB).
Prior to updating the databases, Kaspersky PURE 2.0 creates backup copies of them if you
want to roll back to the previous version of databases.
Information on the update results and events, which have occurred during the execution of the
update task, is logged in a Kaspersky PURE 2.0 report.
Update of anti-virus databases and application modules can be launched from the context
menu or via Protection Center.
To launch update from the context menu, right-click the application icon in the Windows
notification area and in the context menu select the Update item.
To launch update via Protection Center, perform the following actions:
1. Open the main program window.
2. In the main window select the Computer Protection module. In the Computer
Protection window select Update in the left menu.
Kaspersky CRYSTAL 2.0
100 | 7 4 6
3. In the right part of the window click the Run update button. As a result update of anti-
virus databases and application modules starts.
The Update window displays the information about the current state of Kaspersky PURE 2.0
databases, date of the last update and the run mode.
The Virus activity review link in the bottom right corner takes you to the site
www.securelist.com.
The Run update button allows you to update the databases, go to the update settings or roll
back to the previous databases.
In the Settings you can configure an update schedule, run update under another account, if
necessary or select an update source.
To know more about Update settings, go to the Settings. Update chapter.
The Roll back to the previous databases function allows you return to the previous
databases. Update roll back feature is useful in case the new databases are damaged.
The function becomes available after the first update of databases and program modules in
Kaspersky PURE 2.0.
Kaspersky CRYSTAL 2.0
101 | 7 4 6
At the start of the update process, Kaspersky PURE 2.0 creates a backup copy of the current
databases and application modules. If necessary, you can restore the previous databases.
Update roll back feature is useful in case the new databases version contains an invalid
signature that makes Kaspersky PURE 2.0 block a safe application.
In the event of Kaspersky PURE 2.0 database damage it is recommended to launch update to
download a valid set of databases for up-to-date protection.
Quarantine
Quarantine is a special area storing files probably infected with viruses and files that cannot
be disinfected at the time when they are detected.
Potentially infected objects are objects that are suspected of being infected with viruses or
their modifications.
Files are quarantined in the following cases:
► File code resembles a known but partially modified threat or has a malware-like
structure, but is not registered in the database.
In this case files are moved to Quarantine after heuristic analysis performed by the File
Anti-Virus, Mail Anti-Virus or during an anti-virus scan. Heuristic analysis rarely
causes false alarms.
► The sequence of operations performed by an object looks suspicious. In this case
files are moved to Quarantine after analysis of their behavior by the Proactive
Defense component.
When you place a file in Quarantine, it is moved, not copied: the file is deleted from the disk
or email and saved in the Quarantine folder. Files in Quarantine are saved in a special format
and are not dangerous.
Backup storage is designed for storing backup copies of files that have been deleted or
modified during the disinfection process.
Kaspersky CRYSTAL 2.0
102 | 7 4 6
Backup storage may come in hand if, for example, Kaspersky PURE 2.0 disinfected an
infected file, but the file was modified due to a virus and cannot be used. However, if the file is
necessary or if Kaspersky PURE 2.0 failed to disinfect an object and deleted it and you still
want to restore such an object, in spite of the threat the file may cause to the computer, you
can find such file in the Backup storage.
Working with quarantined objects
The Quarantine in Kaspersky PURE 2.0 lets you perform the following operations:
► quarantine files that you suspect are infected;
► scan files in Quarantine using the current version of Kaspersky PURE 2.0
databases;
► restore files in original folders, from which they have been moved to Quarantine (by
default);
► delete selected files from Quarantine;
► send files from Quarantine to Kaspersky Lab for research.
You can use the following methods to move a file to Quarantine:
► using the Computer Protection module;
► using the context menu of an object.
Kaspersky CRYSTAL 2.0
103 | 7 4 6
To move a file to Quarantine from the main program window, perform the following actions:
1. Select the Computer Protection module in the main program window.
2. In the bottom left corner of the window click the Quarantine link.
3. On the Quarantine tab click the Move to Quarantine button.
Kaspersky CRYSTAL 2.0
104 | 7 4 6
4. In the opened window select the object you want to move to Quarantine.
To move a file to Quarantine using the context menu, perform the following actions:
1. Open Microsoft Windows Explorer and go to the folder that contains the file that you
want to move to Quarantine. If the file is saved on the Desktop, go to step 2.
2. Right-click to open the context menu of the file and select Move to Quarantine.
To scan a quarantined file, perform the following actions:
Kaspersky CRYSTAL 2.0
105 | 7 4 6
1. Select Computer Protection in the main program window.
2. In the Computer Protection window click the Quarantine link.
3. On the Quarantine tab, select a file that you need to scan.
4. Right-click the object and from the context menu select the Scan button. Or use the
corresponding button at the top part of the list of objects.
To restore a quarantined object, in the context menu of an object select Restore or use the
corresponding button at the top part of the list of objects.
Kaspersky CRYSTAL 2.0
106 | 7 4 6
To delete a quarantined object, right-click an object and in the context menu select Delete or
use the corresponding button at the top part of the list of objects.
Kaspersky CRYSTAL 2.0
107 | 7 4 6
The Open original folder function allows going to the folder where the object was originally
located.
Kaspersky CRYSTAL 2.0
108 | 7 4 6
To send a quarantined object to Kaspersky Lab for analysis, on the Quarantine tab select an
object you want to to send for analysis, right-click the object and in the context menu select
Send for analysis.
Kaspersky CRYSTAL 2.0
109 | 7 4 6
Working with objects in Backup
The Storage tab contains the list of infected objects, whose copies were moved to the Backup
storage before disinfection/deletion, their status, the full path to the object and the time when
the copies were moved to backup.
You can perform the following actions over objects on the Storage tab:
► Restore — restore a copy of the original file to its initial location on the hard drive.
► Delete — delete copies of an infected object from Backup.
► Clear storage — delete all files from Backup.
Kaspersky CRYSTAL 2.0
110 | 7 4 6
Kaspersky Lab specialists do not recommend that you restore files from Backup as they can pose threat to the security of your computer.
Network Monitor
Network Monitor is a tool in Kaspersky PURE 2.0 used to display information about network
activities filtered by the Firewall component in real time as a report.
The Network Monitor window can be opened from the application context menu and from the
main program window.
To open the Network Monitor window from the main application window, perform the following
actions:
1. Right-click the Kaspersky PURE 2.0 icon in the Windows taskbar notification area.
2. In the menu select Tools > Network Monitor.
Kaspersky CRYSTAL 2.0
111 | 7 4 6
In order to open the Network Monitor tool from the main program window, perform the
following actions:
1. Select Computer Protection in the main program window.
2. In the bottom left corner of the window click the Network Monitor link.
The Network Monitor window provides the information grouped on the following tabs:
► Network Activity;
► Open ports;
► Network traffic;
Kaspersky CRYSTAL 2.0
112 | 7 4 6
► Blocked computers.
Let’s study each tab in detail.
Network Activity
This tab contains all active network connections currently established on your computer.
The following information for each connection is displayed:
► name of the process (program, service, server) that initiated the connection;
► the connection protocol;
► connection settings (local and remote ports and IP addresses).;
► connection duration;
► transferred / received data volume.
Clicking the «+» icon in the header of the Protocol, Remote address and Bytes
received/sent data column splits these columns into several smaller ones with more detailed
information about the network activity of the selected process.
For each connection it lists the following information: the name of an application that initiated
this connection, the connection protocol, the direction of the connection (inbound or outbound),
Kaspersky CRYSTAL 2.0
113 | 7 4 6
the connection settings (local and remote ports and IP addresses). Here you can also check
the lifetime of this connection and the volume of data sent/received.
The bottom part of the window displays a network traffic chart that shows volumes of inbound
and outbound traffic for a process selected from the list. The chart reflects traffic volume in real
time. Traffic volume is displayed in kilobytes. You can use the «+» and «-» buttons to change
the scale of the chart.
The Rules settings button on the Network activity tab takes you to the Firewall window
where you can configure network rules. According to the rule, set by Kaspersky PURE 2.0 or
by the user, Firewall allows or blocks network activity to the data packet or application.
Correspondingly, only activity allowed by the established network rules is displayed in the
Network Monitor window on the Network activity tab.
If you have configured a blocking network rule, activity which was blocked by this rule is not
displayed in the Network Monitor window on the Network activity tab.
To configure a packet rule, click the Rules settings button and in the drop-down menu select
the All network rules item.
To configure a rule for an application, click the Rules settings button and in the drop-down
menu select the Application network rules item.
Kaspersky CRYSTAL 2.0
114 | 7 4 6
Pay attention, that the Application network rules item becomes active only after a process has been selected in a list.
You can find more detailed information about how to configure rules from the Firewall window
in the Settings chapter.
If you click the Block network traffic button, Firewall blocks network activity of any
processes. If network activity is blocked, this button is designated as Unblock network traffic.
If you click the Unblock network traffic button, Firewall allows network activity of any
processes.
Kaspersky CRYSTAL 2.0
115 | 7 4 6
Clicking the Filter button opens a menu that contains the following items:
► Show connections established by Kaspersky PURE 2.0 – the list displays
information about connections established by Kaspersky PURE 2.0.
► Show local connections – the list displays information about connections to other
computers on the same local network.
Kaspersky CRYSTAL 2.0
116 | 7 4 6
Open ports
The tab contains information about all open ports for each process.
Kaspersky CRYSTAL 2.0
117 | 7 4 6
The following information is displayed for each port:
► name of the process (application, service, server) which uses the port;
► number of the port;
► local IP address of the process;
► data transfer protocol.
To configure packet rules and rules for applications click the Rules settings button. The
opened menu contains the following items:
► All network rules – opens the Firewall window, where you can configure packet
rules for an application selected from the list.
► Application network rules – opens the Application rules window, where you can
configure a network rule for an application selected from the list.
Pay attention, that the Application network rules item becomes active only after a process has been selected in a list.
Kaspersky CRYSTAL 2.0
118 | 7 4 6
You can find more detailed information about rules for applications and how to edit these rules
in the Firewall subchapter from the Settings chapter.
Network traffic
The tab contains information about all inbound and outbound connections established between
your computer and other computers.
Kaspersky CRYSTAL 2.0
119 | 7 4 6
Incoming and outgoing traffic volume is displayed for each program (computer, service, server,
process). Traffic volume is displayed in bytes, kilobytes and megabytes.
The bottom part of the window displays a chart that shows time distribution of traffic of the
selected application for the specified time interval.
You can view information for a day, week, month, year or the entire period of the application
operation. To set the required time interval, use the drop-down Period list.
Clicking the arrow buttons in the top left part of the window allows you to view the
data distribution for the previous and following time intervals. For example, if the Week interval
was selected from the Period drop-down list, then using the arrows you can view the
information for the last week, before the last week and etc.
Kaspersky CRYSTAL 2.0
120 | 7 4 6
The search bar is designed for quickly searching for records in the list. As the symbols are
entered, the list displays only entries that contain that particular combination of character.
Kaspersky CRYSTAL 2.0
121 | 7 4 6
Pay attention, after installation of a Kaspersky Lab product onto a computer, you may notice
sharp increase of incoming and outgoing traffic on this computer. The matter is Kaspersky
Lab products function in the proxy-server mode and therefore scan all Internet traffic before the
downloaded information gets onto your hard drive.
Kaspersky Lab products include their own internal requests into the general statistics of the
incoming and outgoing internet traffic. Third-party applications for statistics calculation also
consider their internal traffic. This statistics differs from the traffic statistics calculated by your
Internet provider and no payment is taken for the internal traffic on your computer, i.e. in reality
your traffic is not spent. This can be easily proven by a request on statistics from your provider.
Blocked computers
The tab contains information about the hosts for which Network Attack Blocker has forbidden
all network activity aimed at your computer.
Kaspersky CRYSTAL 2.0
122 | 7 4 6
The Address column displays the IP address of a blocked host.
The Time column displays the time elapsed since blocking of the host.
By default, Network Attack Blocker blocks the incoming traffic of an attacking computer for
one hour.
Clicking the Unblock button cancels blocking of the selected computer.
Applications activity
Applications Activity tracks work of the Application Control component and displays the
information about all applications installed on the computer, and about all processes running at
the moment.
To view applications activity, perform the following actions:
1. Select Computer Protection in the main program window.
2. In the bottom right corner of the window click the Applications Activity link.
3. In the top part of the Applications Activity window from the drop-down menu select the
category of applications (All or Running).
Kaspersky CRYSTAL 2.0
123 | 7 4 6
4. If you select to display running applications, the Filter button becomes available in the
Applications Activity window. Using the button you can sort out the applications
according to the following criteria:
► Run on startup – processes, run on the startup of the operating system.
► System processes – processes, required for the operation of the operating system.
► Kaspersky PURE 2.0 processes – processes, launched by Kaspersky PURE 2.0.
5. If you select to display all installed applications, applications filtering by status and by
kind becomes available in the Applications Activity window:
Kaspersky CRYSTAL 2.0
124 | 7 4 6
► A click upon green, yellow or red light sorts out applications according to the groups
they belong to: Trusted, Low/High Restricted, Untrusted.
► A click upon the View button groups the applications by time or by vendor.
Changing trusted group for an individual application
In the Application Activity window in the Status/Group column you can see the group to
which an application belongs.
However, Kaspersky Lab specialists recommend that you avoid moving applications from
default groups.
To move an application to another group, perform the following actions:
1. In the Applications Activity window select the required applications category
(Running or All).
2. If necessary, set the filter: click either the Filter or View button and select the required
display category.
3. Left-click the status of the required application and in the context menu select the group
to which an application should be moved:
► Trusted;
► Low Restricted;
► High Restricted;
► Untrusted.
4. Wait till the status icon changes.
Kaspersky CRYSTAL 2.0
125 | 7 4 6
To restore an application to the default group, perform the following actions:
1. In the Applications Activity window select the required applications category
(Running or All).
2. Left-click the status of the required application and in the context menu, select the
Restore default group item.
3. In the Applications Activity window click the Close button.
Kaspersky CRYSTAL 2.0
126 | 7 4 6
Editing rules for an individual application
The Application Control component registers actions performed by every application in the
system, regulates the application’s activity depending on the trust group of an application. Each
group has a specific set of rules. According to these rules the Application Control component
allows, prompts the user, or denies an action for an application. When an application accesses
a resource, the component verifies its rights and performs an action set by the rule.
In the Applications Activity window you can edit applications rules. For this perform the
following actions:
1. Open the main application window and select Computer Protection.
2. In the bottom left corner of the window click the Applications Activity link.
3. In the Applications Activity window right-click the required application and in the
context menu select Application rules.
You can find more detailed information about application’s rules and how to edit them from the
Applications Control chapter.
Reports
Kaspersky CRYSTAL 2.0
127 | 7 4 6
Events which occur in the work of protection components or task execution are logged in the
reports. Kaspersky PURE 2.0 creates reports about work of every component as well as
monitors the update processes.
In order to view a brief report, perform the following actions:
1. In the main program window select Computer Protection.
2. In the top right corner of the window click the Reports link.
Kaspersky CRYSTAL 2.0
128 | 7 4 6
The button opens the Notifications window where you can configure frequency and
run time for notifications.
To view a detailed report, click the Detailed report button.
Kaspersky CRYSTAL 2.0
129 | 7 4 6
In the right part of the window select the necessary component. You can set the required time
period in the Period drop-down list and select more proper view to present the information in
the View drop-down list. The window provides a search string. If you need to save a report to a
file, use the Save link in the bottom left corner of the window.
Kaspersky CRYSTAL 2.0
130 | 7 4 6
Kaspersky CRYSTAL 2.0
131 | 7 4 6
Chapter 6. Backup and Restore
The Backup component in Kaspersky PURE 2.0 allows to quickly restore your data in case of
a loss or erasing.
Data stored on a computer can be lost or damaged due to various issues, such as impact of a
virus, information modification or deletion by another user, etc. To avoid losing important
information, you should regularly back up data.
Duration of the backup process directly depends on the volume of the information you wish to
save. That is why Kaspersky Lab experts recommend creating backup copies of the files and
folders which contain important information (documents, photos, music and etc.).
Backup copying creates backup copies of objects in a special storage on the selected device.
Backup storage is a specially assigned area of disk space or a data storage media. When
creating a storage area, the user performs the following actions:
1. selects the data medium;
2. specifies the name of the new storage area’
3. specifies the settings for storing backup copies’
4. may also password-protect stored data against unauthorized access.
Creating a backup task
During a task execution, backup copies of the selected files are created and saved into a
specified storage. If necessary these copies can be restored.
A task is created with the help of the wizard. The wizard consists of the following steps:
1. Selecting data category for backing up.
2. Creating and connecting the storage.
3. Setting automatic schedule for a backup task.
4. Summary.
Selecting data category for backing up
In order to select a category of data for backing up, perform the following actions:
1. In the main program window select the Backup and Restore button.
Kaspersky CRYSTAL 2.0
132 | 7 4 6
2. In the Backup and Restore window click the Create a backup task button.
Kaspersky CRYSTAL 2.0
133 | 7 4 6
3. In the Create backup task window select a data category you want to back up. You can
select one of the following categories:
► My Documents and Desktop (all files from My Documents folder and from
desktop);
► Movies and Video (all video files);
► Pictures and Photos (all image files);
► Music (all music files);
► Custom files.
4. Click the Next button.
Kaspersky CRYSTAL 2.0
134 | 7 4 6
If you select the Custom files variant, you can specify manually what files to back up. Click the Next button to continue.
Kaspersky CRYSTAL 2.0
135 | 7 4 6
a) In the opened window specify the files you want to back up.
For this, in the right part of the window check the boxes for the categories you need
or check the All files box to select all files saved on your computer.
The default categories include:
► Audio;
► Documents;
► Images;
► Video;
► Financial documents.
Each category has a list of file extensions by which the program refers a file to a
specific category.
Kaspersky CRYSTAL 2.0
136 | 7 4 6
b) You can add new categories or new file extensions which refer to these
categories. For this, click the Category editor link.
Kaspersky CRYSTAL 2.0
137 | 7 4 6
In order to add a new category, in the Category Editor window click the Add category button.
Kaspersky CRYSTAL 2.0
138 | 7 4 6
In the New category window enter the name of the category and click the OK
button.
To add a new extension, in the right part of the Category Editor window select a category. Click the Add extension link at the top of the window.
Kaspersky CRYSTAL 2.0
139 | 7 4 6
In the New extension window enter an extension you want to add (for example,
.flv). Click the OK button.
An extension is added. Description of the extension is given in the right part next
to the added extension. Using the Edit and Delete buttons you can make
changes to the extension.
Kaspersky CRYSTAL 2.0
140 | 7 4 6
In order to select or delete extensions from a category, check/uncheck the boxes
next to the necessary extensions. Check/uncheck the Extension box at the top
part of the window, to select/clear all extensions.
Kaspersky CRYSTAL 2.0
141 | 7 4 6
You can reject changes made in the extensions for a default category. For this,
click the Default button at the top of the window.
Kaspersky CRYSTAL 2.0
142 | 7 4 6
In the Restore settings window click OK.
In the Category Editor window click the OK button.
c) You can add folders where files for backing up are located. In order to add a
folder, in the left part of the Create backup task window click the Add folder
button.
Kaspersky CRYSTAL 2.0
143 | 7 4 6
In the Select folder window specify the path to the folder you want to add. Click
the OK button.
In order to delete a folder from the list, click the icon on the right of the folder
name.
Kaspersky CRYSTAL 2.0
144 | 7 4 6
d) In order to view selected files, in the right part of the Create backup task
window, click the link with the number of files next to the category.
Kaspersky CRYSTAL 2.0
145 | 7 4 6
In the View selected files window on the File categories tab you can select the
data for backing up by categories.
Kaspersky CRYSTAL 2.0
146 | 7 4 6
In order to select data for backing up by categories, select the File categories
tab.
In the left part of the window select the necessary category. In the right part of the
window check the necessary files. Check the File name box at the top of the
window, to select all files.
Kaspersky CRYSTAL 2.0
147 | 7 4 6
Select the Location of files tab to select data for backing up by location.
Kaspersky CRYSTAL 2.0
148 | 7 4 6
In the left part of the window select the necessary folder. In the right part of the window check the necessary files. Check the Name box at the top of the window, to select all files.
Kaspersky CRYSTAL 2.0
149 | 7 4 6
Click the OK button.
e) By default system and hidden files are not backed up. If you want to back up these categories of files, then in the bottom right corner of the Create backup task window click the Additional link.
Kaspersky CRYSTAL 2.0
150 | 7 4 6
Select the necessary category.
Kaspersky CRYSTAL 2.0
151 | 7 4 6
Creating a storage
1. In order to create a storage, on the Storage tab click the Create or Create now button
(the Create now button is available only during the first launch of backup).
Kaspersky CRYSTAL 2.0
152 | 7 4 6
2. In the Backup Storage Creation window in the left part of the Drive tab select the type
of the information medium which will be used as storage.
Kaspersky CRYSTAL 2.0
153 | 7 4 6
You can select from the following drives:
► Removable drive – any portable device (memory card, CD, etc.) connected to the
computer.
In order to create a storage on a removable drive, in the left part of the Drive tab
select Removable drive and connect a removable drive to the computer.
If you are creating a storage on a removable drive, you can record a special utility
tool on it to allow extract data from the storage on any computer - even if Kaspersky
PURE 2.0 is not installed on it. To do so, check the Copy Kaspersky Restore
Utility to storage box.
Kaspersky CRYSTAL 2.0
154 | 7 4 6
► Local drive — a folder or a logical drive on the computer's hard drive.
In order to create a storage on a local drive, in the left part of the Drive tab select
Local drive.
Kaspersky CRYSTAL 2.0
155 | 7 4 6
Click the Browse button, to select a folder to store backup copies.
Kaspersky CRYSTAL 2.0
156 | 7 4 6
In the Select folder window select the required folder and click the OK button.
► Network drive — network folder.
In order to create a storage on a network drive, in the left part of the Drive tab select
Network drive.
Kaspersky CRYSTAL 2.0
157 | 7 4 6
Click the Browse button to specify the path to the network folder. If access to the
selected folder is restricted, then you can enter account data for authorization. For
this, enter your data in the User name and Password fields.
Value of the User name field should be identical to an entry line <computer
name>|<user name>.
Example how to enter the settings of a network drive:
Drive: \\Z
User name: kl-12345\smith
Password: ***
► FTP-server — server that ensures file exchange via the FTP protocol.
In order to create a storage on a FTP server, in the left part of the Drive tab select
FTP server.
Kaspersky CRYSTAL 2.0
158 | 7 4 6
When using an FTP server, you should also specify the following connection
settings:
o Server – address of the server;
o Port – number of the port;
o Folder – folder on the server into which backup copies will be saved;
o User name and Password – account data to pass authentication on the
server;
o Mode – server operation mode (active or passive).
To ensure data security, we recommend that you create backup storages on removable
disk drives
If you have not been granted sufficient privileges to record data on the selected medium,
you will not be able to create a storage on it.
Kaspersky CRYSTAL 2.0
159 | 7 4 6
3. After you have selected a drive, click the Next button.
Kaspersky CRYSTAL 2.0
160 | 7 4 6
4. On the Protection tab check the Enable password protection (recommended) box to
protect your storage against unauthorized access. Enter your password twice.
Click the Next button.
Kaspersky CRYSTAL 2.0
161 | 7 4 6
5. On the File versions tab check the box Restrict the number of file versions and restrict
the number of file versions which would be simultaneously stored in the storage.
Kaspersky CRYSTAL 2.0
162 | 7 4 6
To limit the storage period of backup copies, check the box Restrict storage period of file
versions and set the time period to keep old versions of files.
Kaspersky CRYSTAL 2.0
163 | 7 4 6
6. Click the Next button. On the Summary tab enter the name of a new storage and
confirm creation of a new storage with the specified settings.
Kaspersky CRYSTAL 2.0
164 | 7 4 6
7. Click the Finish button.
8. A backup storage will be successfully created. To go to the next step, click Next.
Kaspersky CRYSTAL 2.0
165 | 7 4 6
Setting schedule for automatic launch of a backup task
In order to set an automatic schedule of a backup task, do the following:
1. If you want the task to be performed when a removable drive with a backup storage is
connected, check the box Run task on drive connection.
Kaspersky CRYSTAL 2.0
166 | 7 4 6
If you want the task to be started automatically at a specified time, check the box Run task
by schedule.
Kaspersky CRYSTAL 2.0
167 | 7 4 6
From the drop-down menu select the task frequency (minutes, hours, days, at the specified
time, every month or after application startup).
Kaspersky CRYSTAL 2.0
168 | 7 4 6
Set the task frequency and start time in the corresponding fields.
Kaspersky CRYSTAL 2.0
169 | 7 4 6
If you want the tasks skipped due to some reasons (for example, computer restart or OS
failure) to be performed, then check the box Run skipped tasks.
2. Click the Next button.
Summary
1. On the Summary tab enter the name of a new task.
2. Check the box Run task when the wizard is complete, if you want to launch the task
immediately after its creation.
3. Confirm the task creation with the specified settings by clicking the Finish button.
Kaspersky CRYSTAL 2.0
170 | 7 4 6
Starting, editing and deleting backup tasks
Starting a backup task
Backup tasks can be started either automatically (by schedule) or manually.
An automatic schedule is created during the task creation and can be changed later.
In order to run a backup task manually, do the following:
1. In the main program window select Backup and Restore.
2. In the right part of the Backup and Restore window select the necessary task from the
list and click the Run button.
Kaspersky CRYSTAL 2.0
171 | 7 4 6
3. Wait till the task is finished. In the line of the selected task, the time from the beginning
of the task execution is displayed. As a result of the task execution, an archive of
backup copies for the current date is created in the storage.
Kaspersky CRYSTAL 2.0
172 | 7 4 6
In order to postpone the task, click the Stop button.
Kaspersky CRYSTAL 2.0
173 | 7 4 6
In order to pause the backup task, click the arrow on the Stop button and in the drop-down
list select Pause.
Kaspersky CRYSTAL 2.0
174 | 7 4 6
You can later resume the task by clicking the Resume button.
Kaspersky CRYSTAL 2.0
175 | 7 4 6
Editing and deleting a backup task
All options of a created backup task can be changed. For this, do the following:
1. In the main program window select Backup and Restore.
2. In the Backup and Restore window click the arrow right of the Run button. In the drop-
down menu select Edit.
Kaspersky CRYSTAL 2.0
176 | 7 4 6
Change the necessary parameters of the backup task on the corresponding tab Task type, Content, Storage, Schedule and Summary. See the chapter Creating a backup task, to know how to configure parameters of a backup task.
Kaspersky CRYSTAL 2.0
177 | 7 4 6
3. Confirm your changes by clicking the Finish button on the Summary tab.
4. In order to delete a backup task, in the Backup and Restore window click the arrow on
the right of the Run button and in the drop-down menu select Delete.
Kaspersky CRYSTAL 2.0
178 | 7 4 6
5. In the Delete task window confirm the task deletion by clicking the OK button. If you
want the backup copes created by the task to be deleted too, check the box Delete
backup files created by this task.
Restoring data from backup
The data may be restored from the backup copies of files, if necessary. When restoring data
from backup copies a restoring procedure is launched and the Kaspersky Restore Utility is
used (if you are restoring data on the computer with no Kaspersky PURE 2.0 installed). Files
from the backup copies can be restored either to their initial location or to a random folder.
Kaspersky CRYSTAL 2.0
179 | 7 4 6
In order to restore data from backup, do the following:
1. In the main program window click the Backup and Restore button.
2. In the Backup and Restore window go to the Restore tab.
3. In the right part of the window select a storage where the required backup copies are
stored and click the Restore data button.
4. At the top part of the Restoring data from storage window select the name of a
backup task, date of the backup copies creation and the category of data. Use search to
find the necessary file.
Kaspersky CRYSTAL 2.0
180 | 7 4 6
5. In the left part of the window select the folders to be restored and in the right part of the
window specify what files from which folders should be restored. For this, check the
required files and folders.
Kaspersky CRYSTAL 2.0
181 | 7 4 6
6. A click upon the Open button opens the latest version of a select file.
Kaspersky CRYSTAL 2.0
182 | 7 4 6
7. In order to restore a specific version of a file, in the right part of the window select a file
and click the Versions button.
Kaspersky CRYSTAL 2.0
183 | 7 4 6
8. In the File versions window select the required version of a file and click the Restore
file version button.
Kaspersky CRYSTAL 2.0
184 | 7 4 6
9. At the lower part of the Restoring data from storage window click the Restore data
button (this step is skipped when a file version is restored).
Kaspersky CRYSTAL 2.0
185 | 7 4 6
10. In the Restore window select a location to save the restored files. By default the
restored files are saved into a source folder.
Kaspersky CRYSTAL 2.0
186 | 7 4 6
If you want to save the restored files into a specified folder, select Specified folder
and click the Browse button. In the Select folder window select the specified folder.
Click OK.
11. In the Restore window click the Restore button.
12. Wait till the data has been restored. In the In the Restore window click the Close
button.
Managing backup storages
Connecting a storage
If a backup storage created with the Backup and Restore module was moved/copied from
one computer to another, such storage should first be connected via Kaspersky PURE 2.0 in
order to become available. You may need to connect a storage after system reinstallation.
List of storages contains only storages which are connected. You will not be able to find a
storage in the list, if that storage is not connected.
Kaspersky CRYSTAL 2.0
187 | 7 4 6
In order to connect an existing storage, do the following:
1. In the main program window select Backup and Restore.
2. In the Backup and Restore window go to the Restore tab.
3. Click the button Connect backup storage.
4. In the Connect storage window select a drive type and define the required connection
settings:
► For a local drive specify the path;
► For a network drive specify the path, user name and password;
► For FTP server specify the server, port, folder, user name, password and mode;
► For a removable drive you do not have to specify additional settings; connect the
drive to the computer.
5. Click the OK button.
Kaspersky CRYSTAL 2.0
188 | 7 4 6
6. If the settings were specified correctly, the storage will be added to the list.
Editing storage settings
You can restrict the number of file versions and the storage period of file versions. For this, do
the following:
1. In the main program window select Backup and Restore.
2. In the Backup and Restore window go to the Restore tab.
3. Select the required storage.
4. Click the arrow on the right of the Restore data button. In the drop-down menu select
Edit.
Kaspersky CRYSTAL 2.0
189 | 7 4 6
5. In order to restrict the number of file versions that should be simultaneously stored in the
storage, on the File versions tab check the box Restrict the number of file versions
and specify the number of stored versions. Click the Next button.
Kaspersky CRYSTAL 2.0
190 | 7 4 6
6. On the Summary tab confirm the changes by clicking the Finish button.
Kaspersky CRYSTAL 2.0
191 | 7 4 6
Clearing a storage
Backup copies of the selected files are created in a special storage during the backup process.
If storage volume is not sufficient for your current operations, you can delete obsolete versions
and backup copies of files which have been already deleted from the computer.
In order to clear the storage, please perform the following:
1. In the main program window select Backup and Restore.
2. In the Backup and Restore window go to the Restore tab.
3. Select the necessary storage.
4. Click the arrow on the right of the Restore data button. In the drop-down menu select
Clear.
Kaspersky CRYSTAL 2.0
192 | 7 4 6
5. In the Clear storage window select the file versions you want to delete from the
storage:
► If you wish to delete not all data from the storage but only file versions created
before a certain date, then check the File versions created earlier than box. Use
scrolling arrows or enter manually from the keyboard to set the date which should be
the starting point for saving object copies. Backup copies created before the date
you have specified, will be deleted.
► If you want to save only some file versions and to delete other versions, check the
box Previous file versions. Specify the number of versions to keep, including
the most current one. Use the scrolling arrows to set the value from 1 to 99 or enter
the value manually using the keyboard. All backup copies above this number will be
deleted.
► If you wish to delete the backup copies of all files that have been deleted from the
computer, check the Backup copies of files deleted from the computer box.
Kaspersky CRYSTAL 2.0
193 | 7 4 6
6. To start the clearing process, click the OK button.
7. Wait until the clearing process is over and the Operation completed successfully
message appears. Click the OK button.
Deleting a storage
To remove a storage for backup data, you should use Storage Removal Wizard.
In order to remove a storage for backup data, please do the following:
1. In the main program window select Backup and Restore.
2. In the Backup and Restore window go to the Restore tab.
3. Select the necessary storage.
4. Click the arrow on the right of the Restore data button. In the drop-down menu select
Delete.
Kaspersky CRYSTAL 2.0
194 | 7 4 6
5. In the Storage Removal window on the Content tab select an action to perform on the
backup copies that are located within the storage to be removed:
► Save;
► Delete.
If you select the Delete variant, all data stored on the storage will be permanently
deleted!
Kaspersky CRYSTAL 2.0
195 | 7 4 6
6. Click the Next button.
7. On the Tasks tab select an action to be performed over the tasks that use the storage
for backup:
► Do not delete (in this case tasks will be saved not related to any storage; you will
have to select another storage for each task).
► Delete (all tasks will be deleted).
Kaspersky CRYSTAL 2.0
196 | 7 4 6
8. Click the Next button.
9. On the Summary tab confirm deletion of the storage with the specified settings by
clicking the Finish button.
Kaspersky CRYSTAL 2.0
197 | 7 4 6
A storage was removed.
Viewing backup reports
Each event related to data backup and restore is displayed in the report.
To get and save a report about executed backup and restore tasks, please do the following:
1. In the main program window select Backup and Restore.
2. In the Backup and Restore window click the Reports link.
Kaspersky CRYSTAL 2.0
198 | 7 4 6
3. In the Report window on the Backup tab you can select the period within which you
need to get a report: day, week, month, year, entire period. Use the arrows to view a
report for a required time interval: for example, create a report from January 1, 2012 till
May 1, 2012.
Kaspersky CRYSTAL 2.0
199 | 7 4 6
4. In the Report window on the Restore tab you can select the period within which you
need to get a report: day, week, month, year, entire period.
Kaspersky CRYSTAL 2.0
200 | 7 4 6
5. After you have finished working with the report, click the Close button.
Kaspersky CRYSTAL 2.0
201 | 7 4 6
Kaspersky CRYSTAL 2.0
202 | 7 4 6
Chapter 7. Parental Control
The Parental Control component in Kaspersky PURE 2.0 enables you to apply restrictions on
use of the computer and Internet for each user account on the computer.
The Parental Control features can help protect children and teenagers from negative
influences while using the computer and Internet, for example by preventing them spending
long periods of time on the computer and Internet, and wasting time and money when visiting
certain websites, and by limiting access to websites intended for adults.
Parental Control can help you control:
► Use of the computer.
► Launch of various applications.
► Use of the Internet (time restriction on Internet use).
► Visits to websites depending on their content.
► Downloading of files from the Internet depending on their category.
► Correspondence with specified contacts through IM clients (such as ICQ, Miranda,
and mIRC).
► Correspondence with specified contacts on social networks (Facebook, Yahoo,
Twitter).
► Sending of personal data.
► Use of specified words and word combinations in correspondence through IM clients.
Starting work with Parental Control
By default after the program installation the Parental Control component is disabled.
You can enable Parental Control for all users or for an individual account.
You can enable Parental Control:
► from the main program window;
► from the context menu in the taskbar panel.
To enable a component from the main program window, perform the following actions:
1. In the main program window select the Parental Control component.
Kaspersky CRYSTAL 2.0
203 | 7 4 6
2. In the Protect with Administrator Password window specify a password to protect
the settings against modification by other users. Click Continue.
The Protect with Administrator Password window appears only when Parental
Control is launched for the first time.
Kaspersky CRYSTAL 2.0
204 | 7 4 6
3. To go to the administrator password settings, click the Administrator password
settings link.
Kaspersky CRYSTAL 2.0
205 | 7 4 6
4. At the top part of the Administrator Password Protection Settings window check the
Enable password protection box. To change a password, in the corresponding fields
enter your old password, then enter a new password and confirm your new password.
Kaspersky CRYSTAL 2.0
206 | 7 4 6
5. In the Apply password to section, you can specify which features of the application
management should be protected with a password. Check the boxes next a required
variant:
► Configuring the application settings;
► Managing Parental Control;
► Exiting the application;
► Removing the application.
Kaspersky CRYSTAL 2.0
207 | 7 4 6
6. Click OK to finish setting an administrator password.
In order to quickly enable Parental Control for a current account, right-click the program icon
in the taskbar notification area and in the context menu select Enable Parental Control.
Kaspersky CRYSTAL 2.0
208 | 7 4 6
Control levels
Kaspersky Lab specialists have developed three preset control levels (or profiles):
► Data collection;
► Child profile;
► Teenager profile.
You can use either a preset profile or customize a control level by selecting Custom
restrictions.
Each profile has a set of restrictions and settings:
► Data collection. For this profile the program logs the statistics of the user activity on
the computer and on the Internet but does not apply Parental Control restrictions.
► "Child" profile. The program logs the statistics of the user activity on the computer
and on the Internet, and blocks file downloads and visits to websites belonging to
unwanted categories.
► "Teenager” profile. The program logs the statistics of the user activity on the
compute and on the Internet, and blocks visits to websites belonging to unwanted
categories.
In order to set a profile for a user account registered on the computer, perform the following
actions:
1. In the Parental Control window in the Computer Users section select a user account
and click the Select control level button.
Kaspersky CRYSTAL 2.0
209 | 7 4 6
2. Select a profile.
Kaspersky CRYSTAL 2.0
210 | 7 4 6
3. You can set different control levels for different accounts. Once a control level is
assigned to an account, the corresponding profile will be displayed on the buttons right
of the account name.
Kaspersky CRYSTAL 2.0
211 | 7 4 6
4. In order to edit a profile set for a specific account, click the Settings and reports button
next to the required user.
Kaspersky CRYSTAL 2.0
212 | 7 4 6
5. In the opened window on the Settings tab you can make the necessary changes in the
control level settings.
Kaspersky CRYSTAL 2.0
213 | 7 4 6
6. Once the standard settings of the control level have been changed, the profile
automatically switches to the Custom restrictions profile.
Kaspersky CRYSTAL 2.0
214 | 7 4 6
Configuring Parental Control settings
Using Parental Control you can control:
► Computer usage. You can restrict computer usage and control and limit running of
some applications by restricting the time spent at the computer and the launch of
blocked applications.
► Internet usage. You can enable control over the Internet usage, restrict visiting web-
sites depending on their contents and loading files from the Internet depending on
their category.
► Instant messaging. You can control messaging using the instant messengers (for
example, ICQ, Miranda) and social network (for example, Facebook, Yahoo, Twitter),
block transferring personal data (for example, passwords) and control presence of
the specified words and phrases in messages.
Kaspersky CRYSTAL 2.0
215 | 7 4 6
Account settings
You can specify an alias or select another image that would be displayed in the application
interface for an account. For this perform the following actions:
1. In the main program window select Parental Control.
2. Enter your administrator password in the window. Check the Save password for
current session box, if you do not want to enter your password when you address
Parental Control window once again (after closing it).
3. In the Computer Users window next to the required account click the Settings and
reports button.
Kaspersky CRYSTAL 2.0
216 | 7 4 6
4. In the right part of the Parental Control window on the Settings tab go to the User
Account Settings section.
5. Enter an alias and select an image.
6. To save the changes, click the Apply button.
Kaspersky CRYSTAL 2.0
217 | 7 4 6
Control over computer usage
In the sections Computer Usage and Applications Usage you can disable control over
computer usage for a user, enable control over applications usage and create lists of allowed
and blocked applications for launching.
Computer Usage
If you want to limit the time which the user spends working on the computer, restrict use of the
computer by time. You can also limit the overall time spent on the computer (for example, 9
hours) and specify the required time interval for every weekday (for example, from 10am to
7pm Mondays – Fridays). For this, perform the following actions:
1. In the left part of the Parental Control window select the Computer Usage section.
2. In the right part of the Computer Usage section check the Enable control box.
3. Check the Limit usage on the selected days box.
4. Highlight green the time intervals on certain weekdays when the computer will be
available for the user. To prohibit computer use, highlight grey the time interval on
certain weekdays.
Kaspersky CRYSTAL 2.0
218 | 7 4 6
5. You can set the overall number of hours and minutes when the computer will be
available to the user. For this check the box Limit daily usage time and specify the
total operating time. Thus, the user will spend by the computer set number of hours at
the specified time interval (highlighted green in the table).
Application Usage
If you want to control applications launch by the user, you can enable control over the
applications usage and create lists of allowed and blocked applications and create the list of
allowed applications. For this, perform the following actions:
1. In the left part of the Parental Control window select the Applications Usage section.
2. In the right part of the Computer Usage section check the Enable control box.
3. To create the list of allowed or blocked applications, in the right part of the window in the
Applications section click the Add button.
Kaspersky CRYSTAL 2.0
219 | 7 4 6
4. In the Control running the application window select the application executable file by
clicking the Select button:
► To select the software installed on the computer, click the Browse item. In the Open
window find the software executable file and click the Open button.
► To select among running software, select the Applications item. In the Select
application window select the application and click the OK button.
Kaspersky CRYSTAL 2.0
220 | 7 4 6
5. Allow or block the application launch and set the necessary restrictions:
► To limit the overall time of the application’s usage, check the Limit usage on the
selected days box. Highlight green the time intervals on certain weekdays when the
application will be available for the user. Highlight grey the time interval on certain
weekdays block the application usage.
► To set the overall number of hours and minutes when the application startup will be
available to the user, check the box Limit daily usage time and specify the total
operating time.
Kaspersky CRYSTAL 2.0
221 | 7 4 6
6. Click the OK button, to add an application to the list of uncontrolled.
You can edit the list of applications using the buttons Add/Block, Edit, Delete.
Kaspersky CRYSTAL 2.0
222 | 7 4 6
Reports
If the control is enabled the start time and the usage time of the computer and the applications
will be displayed in the report.
If you want to view the report, in the Parental Control window go to the Reports tab.
► To view the report of the computer usage, select Computer Usage. The following
information will be available to you in the right part of the window: session start time,
usage time, result.
► To view the report of the applications startup, select Applications Usage. The
following information will be available to you in the right part of the window:
application, usage time and result (allowed or blocked access).
You can create a report for a definite time interval, for this select the period in the
corresponding drop-down list.
Kaspersky CRYSTAL 2.0
223 | 7 4 6
Control over Internet usage
In the Internet section you can configure access settings to the Internet and web sites, enable
control of files loading from the Internet and the safe search mode when working with search
engines.
Internet Usage
If you want to limit the time which the user spends on the Internet, you can configure Internet
access. You can also limit the overall time spent on the Internet (for example, 3 hours) and
specify the required overall time on the Internet for every weekday (for example, from 3pm to
8pm Mondays – Fridays and from 5pm to 11pm Saturdays – Sundays). For this:
1. In the left part of the Parental Control window select Internet Usage.
2. In the right part of the Internet Usage section check the Enable control box.
3. Check the box Limit usage on the selected days.
4. Highlight green the time intervals on certain weekdays when the Internet will be
available for the user. To prohibit Internet access, highlight grey the time interval on
certain weekdays.
5. To set the overall number of hours and minutes when the Internet will be available to the
user, check the box Limit daily usage time and specify the total operating time.
6. Click the Apply button, to save the changes.
Kaspersky CRYSTAL 2.0
224 | 7 4 6
Web Browsing
When working with the search engines (for example, Google, Bing) the search results may
display unacceptable materials (for example, web sites containing pornography).You can
exclude such web sites from the search results the following way:
1. In the left part of the Parental Control window select Web Browsing. 2. In the right part of the Parental Control window check the Enable safe search box. 3. Click the Apply button.
Kaspersky CRYSTAL 2.0
225 | 7 4 6
Use the Control Web Browsing option, to restrict access for the user to a web-site.
You can block or allow the access to all sites except the sites which are added to the list of
allowed sites or specify the categories according to which access to a site will be granted. For
example you can block web-sites from the Violence or Weapons category.
To restrict access, in the right-part of the Web Browsing section make sure the control is
enabled.
If you want to restrict access to some web-site categories, perform the following actions:
1. In the left part of the Parental Control window select Web Browsing.
2. In the right part of the window select the Block websites from the following
categories variant.
3. Check the categories you want to block or use the links Select all/Clear all.
4. Click the Apply button.
Kaspersky CRYSTAL 2.0
226 | 7 4 6
If you want to restrict access to all sites, except sites from the Allowed list, perform the
following actions:
1. In the left part of the Parental Control window select Web Browsing.
2. In the right part of the Parental Control window in the Block websites section select
the Block access to all websites except websites allowed in the list of exclusions
variant.
3. Click the Exclusions button to create the list of allowed websites.
Kaspersky CRYSTAL 2.0
227 | 7 4 6
4. In the Exclusions window click the Add button.
5. In the Address mask (URL) window enter the address of an allowed website and click
the OK button.
6. In the Exclusions window click the OK button.
Kaspersky CRYSTAL 2.0
228 | 7 4 6
You can create the list of blocked web sites the following way:
1. In the left part of the Parental Control window select Web Browsing.
2. In the right part of the Parental Control window in the Block websites section select
the Block access to all websites except websites allowed in the list of exclusions
variant.
3. Click the Exclusions button to create the list of blocked websites.
4. In the Exclusions window click the Add button.
5. In the Address mask (URL) window enter the address of an allowed website and click
the OK button.
6. In the Address mask (URL) window enter the address of a blocked website.
7. Check the Block this URL box and click the OK button.
8. In the Exclusions window click the OK button.
9. In the Parental Control window click the Apply button.
Kaspersky CRYSTAL 2.0
229 | 7 4 6
File Downloads
You can control and block downloading files depending on their category from the Internet. For
this, perform the following actions:
1. In the left part of the Parental Control window select File Downloads.
2. In the right part of the Parental Control window check the Enable control box.
3. In the File categories section, select the necessary category, for example Video and
click the Block button. The status will change to Blocked in the Status column.
Kaspersky CRYSTAL 2.0
230 | 7 4 6
Reports
You can view the report about actions of every user for whom Parental Control is enabled, on
each category of the controlled events.
To view a report, go to the Reports tab in the Parental Control window and select the
necessary section:
To view the report of the Internet usage, select Internet Usage. The following
information will be available to you in the right part of the window: start time, usage time
and the result (whether Internet usage is allowed or blocked).
To view the report of the access to web sites, select Web Browsing. The following
information will be available to you in the right part of the window: URL, time and reason
(whether access is allowed or blocked).
To view the report on the file downloading, select File Downloads. The following
information will be available to you in the right part of the window: file, time and reason
(allowed or blocked).
You can create a report for a specified time period. For this, select the corresponding period in
the drop-down list.
Kaspersky CRYSTAL 2.0
231 | 7 4 6
Instant Messaging
In the Instant Messaging section you can enable control over messaging via instant
messengers in social networks, as well as control sending of private data and use of unwanted
words in the correspondence.
Control messaging over instant messengers
If you want to restrict messaging of the user with other users via instant messengers (ICQ,
Miranda), you can enable control and create lists of allowed or blocked contacts. For this in the
right part of the Instant Messaging section click the Enable control box.
If you want to create the list of allowed contacts, perform the following actions:
1. In the left part of the Parental Control window select Instant Messaging.
2. In the right part of the Parental Control window in the Contacts section click the Add
contact button.
Kaspersky CRYSTAL 2.0
232 | 7 4 6
3. In the New contact window select the necessary contact from the list of existing
contacts or click the manually link and enter an account number or contact email
address.
4. In the Description field enter a proper description which will be displayed in the list of
allowed contacts. Click the OK button.
Kaspersky CRYSTAL 2.0
233 | 7 4 6
5. Check the box Block messaging to/from contacts who not on the list to allow
messaging only with contacts from the created list of contacts.
6. Click the Apply button, to save the changes.
Kaspersky CRYSTAL 2.0
234 | 7 4 6
If you want to create the list of blocked contacts, perform the following actions:
1. In the left part of the Parental Control window select Instant Messaging.
2. In the right part of the Parental Control window in the Contacts section click the Add
contact button.
3. In the New contact window select the necessary contact from the list of existing
contacts or click the manually link and enter an account number or contact email
address.
4. In the Description field enter a proper description which will be displayed in the list of
allowed contacts. Click the OK button.
5. To block the contact, click the Block button.
6. Click the Apply button, to save the changes.
You can view, allow/block messaging with the contact or delete the contact from the list using
the View messaging, Allow/Block and Delete buttons.
Kaspersky CRYSTAL 2.0
235 | 7 4 6
Control over social networking
If you want to control messaging with other users in social networks (for example, Yahoo or
Facebook), you can enable control and create lists of allowed and blocked contacts. For this in
the right part of the Social Networking section check the Enable control box.
To create the list of allowed or blocked contacts, perform the following actions:
1. In the left part of the Parental Control window select Social Networking.
2. In the right part of the Parental Control window in the Contacts section click the Add
button.
Kaspersky CRYSTAL 2.0
236 | 7 4 6
The possibility to add contacts becomes available only when an account for whom Parental
Control is being configured, logs in a social network under his/her account and becomes
active there (sends/receives a message).
3. In the Adding contact window select the necessary contact from the list of existing
contacts.
4. Messages from the selected contact are displayed in the bottom part of the window.
5. Click the OK button.
Kaspersky CRYSTAL 2.0
237 | 7 4 6
6. To block a contact, highlight the contact and click the Block button.
Kaspersky CRYSTAL 2.0
238 | 7 4 6
7. To block messaging with the contacts not included in the list, check the Block
messaging with other contacts box.
8. Save the changes by clicking the Apply button in the Parental Control window.
Controlling or restricting sending private data
You can also control or restrict sending private data (for example, passwords) via instant
messengers. For this create the list of records which contain confidential data (for example,
home address, phone number and etc.).
Any attempts to send such data will be blocked and the information about blocked messages
will be added to the report.
In order to enable control sending private data and create the list of data blocked for sending,
perform the following actions:
1. In the left part of the Parental Control window select Private Data.
2. In the right part of the Parental Control window check the Enable control box.
3. In the Parental Control window in the Private Data section click the Add button.
Kaspersky CRYSTAL 2.0
239 | 7 4 6
4. In the Private Data window in the Data field enter the data restricted for sending (for
example, 12345 for ―Password‖, 1234567 for ―Phone number‖).
5. In the Description field enter a proper description which will be displayed in the data list
(for example, ―Password‖, ―Phone number‖).
6. Click the OK button.
7. You can edit the list of data using the Edit and Delete buttons.
8. In the Parental Control window click the Apply button.
Kaspersky CRYSTAL 2.0
240 | 7 4 6
Control over word usage
If you want to monitor use of unwanted words or phrases (for example, referring to confidential
data) within the user’s messaging, perform the following actions:
1. In the left part of the Parental Control window select Word Usage.
2. In the right part of the Parental Control window check the Enable control box.
3. In the Parental Control window in the Key words section click the Add button.
4. In the Key word window enter a word or a phrase which will be detected in the user’s
messaging. Click the OK button.
5. You can edit the list of data using the Edit and Delete buttons.
6. In the Parental Control window click the Apply button.
Kaspersky CRYSTAL 2.0
241 | 7 4 6
Reports
If the control is enabled the text, time, recipients, messages with personal data and every key
word detected in the messaging will be displayed in the report.
To view a report, go to the Reports tab in the Parental Control window and select the
necessary section in the left part of the window.
To view the report of the instant messaging, select Instant Messaging. The following
information will be available to you in the right part of the window: direction, contact,
time, and the result.
To view the report of the social networking, select Social Networking. The following
information will be available to you in the right part of the window: direction, contact,
time.
To view the report of the personal data transfer, select Private Data. The following
information will be available to you in the right part of the window: private data, recipient,
time, result.
To view the report of the key words usage, select Word Usage. The following
information will be available to you in the right part of the window: key word,
recipient/sender, time.
You can create a report for a specified time period. For this, select the corresponding period in
the drop-down list.
Kaspersky CRYSTAL 2.0
242 | 7 4 6
Chapter 8. Home Network Control
The Home Network Control functions are designed to control Kaspersky PURE 2.0 installed
on home network computers remotely from the administrator's workstation.
Home Network Control lets you accomplish the following home network security tasks:
► analyze the level of home network protection;
► scan of the whole network or individual computers for threats;
► update anti-virus databases simultaneously;
► configure protection settings for networked computers;
► monitor computer and internet usage by the users;
► back up the data on networked computers;
► view reports on security subsystems' operation.
Protecting access with an administrator password
At the first launch of Home Network Control Kaspersky PURE 2.0 will suggest that you set an
administrator password to protect unauthorized access to networked computers. In order to set
an administrator password, do the following:
1. Open the main application window and in the lower part of the window click the Home
Network Control button.
Kaspersky CRYSTAL 2.0
243 | 7 4 6
2. If you launch Home Network Control for the first time, then the Protect with
Administrator Password window will appear in the window a password in the fields
Password and Confirm password. Then click the Specify password button.
3. If you have already set protection with an administrator password, then in an opened
window enter your password.
Kaspersky CRYSTAL 2.0
244 | 7 4 6
In order to change administrator password settings, click the Administrator password
settings link. To know how to change settings of the administrator password, read in the
chapter Settings.
If you use Home Network Control to remotely manage Kaspersky PURE 2.0 via a local
network, then the password for Home Network Control must be the same on all computers in
the network.
Search for computers
Once Home Network Control is launched, select a network for remote management (if your
computer hosts more than one network). Click the Search for computers button or click the
Add computer manually button to add computers manually.
Computers found in the network are displayed as a table with a status assigned for each
computer. The following computer statuses are possible:
► Controlled. Kaspersky PURE 2.0 is installed on the computer, and the administrator
password is identical to the password set on this computer. Remote administration of
Kaspersky PURE 2.0 is available.
► Kaspersky PURE 2.0 not installed. Kaspersky PURE 2.0 was not found on the
computer.
► Remote management prohibited. The option to manage Kaspersky PURE 2.0
services remotely has been disabled on the computer.
Kaspersky CRYSTAL 2.0
245 | 7 4 6
Buttons at the top of the table allow to add a computer manually, delete a computer from the
list or clear the entire list.
Check the Hide not controlled computers box at the bottom of the window, to display only
controlled computers in the table.
To display the computer in the Home Network Control on each computer, the status "Trusted
network" or "Local network" should be installed in the Firewall settings for your home
network. Otherwise, the computer will not be found when scanning the network.
To check the Firewall settings on the current computer, click the Settings link in the main
program window and in the Settings window select Firewall. In the Networks section right-
click the required network and select either Local or Trusted network.
Setting group update
Via Home Network Control you can remotely manage update of Kaspersky PURE 2.0 on the
networked computer.
Below are the available database update modes:
► Update databases on the computers independently.
Kaspersky CRYSTAL 2.0
246 | 7 4 6
► Load updates from a selected computer in the network. In this update scenario, one
computer in the network should be assigned as an update server. Other networked
computers will download updates from this computer.
By default, updates are downloaded on each computer in the network individually. In order to
change an update method in the networked computers, do the following:
1. In the Home Network Control window click the Configure group update button.
2. In the Configure group update window select the required update method.
3. For the computers to update from a selected computer on the network, from the drop-
down list select a computer to be the update source.
Kaspersky CRYSTAL 2.0
247 | 7 4 6
4. In the table of computers, a computer – update source should have the Controlled
status.
Kaspersky CRYSTAL 2.0
248 | 7 4 6
Group launch of update and virus scan
Via the Home Network Control you can start scan for viruses and update tasks remotely
either for the entire network or for an individual computer.
How to start group scan for viruses
In order to start a group scan for viruses, perform the following actions:
1. In the main program window click the Home Network Control button.
2. At the top of the Home Network Control window click the Scan for viruses link.
3. Select a scan type: Full Scan or Critical Areas Scan.
4. Check the computers you want to scan. Click the Run scan button.
Kaspersky CRYSTAL 2.0
249 | 7 4 6
How to start group update
In order to start a group update of databases, perform the following actions:
1. In the main program window click the Home Network Control button.
2. At the top of the Home Network Control window click the Update databases link.
Kaspersky CRYSTAL 2.0
250 | 7 4 6
3. In the Group start of update window select the computers you want to update.
4. Click the Run update button.
Kaspersky CRYSTAL 2.0
251 | 7 4 6
Detailed protection setting of networked computers
In order to manage protection of every computer on the network remotely, perform the
following actions:
1. In the main program window click the Home Network Control button.
2. Enter your administrator password.
3. At the top part of the Home Network Control window select the necessary computer by
clicking it.
4. On the corresponding tabs in the lower part of the Home Network Control window you
can see information about the selected computer, configure Parental Control, scan
computer for viruses, update databases, and get backup information.
Kaspersky CRYSTAL 2.0
252 | 7 4 6
Let’s study each tab in detail.
Information
In the Home Network Control window the Information tab displays the name of the selected
computer in the local network and the program installed on it available for remote
management.
Kaspersky CRYSTAL 2.0
253 | 7 4 6
Additionally, you can view the following information about a selected computer:
► Protection components store current operation settings of all protection
components with the possibility of their remote enabling/disabling.
► Problems – is a list of problems in the computer security and the ways of
troubleshooting these problems.
► License – the section contains information about the license in use, prolong and
activation links.
Kaspersky CRYSTAL 2.0
254 | 7 4 6
Click the buttons in the right part of the window to know more.
Kaspersky CRYSTAL 2.0
255 | 7 4 6
Parental Control
The Parental Control tab allows to enable or disable Parental Control remotely on a
controlled computer, to change the Parental Control settings for each account and to view
reports.
Kaspersky CRYSTAL 2.0
256 | 7 4 6
Scan
The tab is designed to run a virus and vulnerabilities task remotely for a selected computer:
► Full Scan. Full system scan. The following objects are scanned by default: system
memory, objects run on startup, system backup, email databases, hard drives,
removable storage media and network drives.
► Critical Areas Scan. A quick scan of objects that are loaded with the operating
system at startup.
► Vulnerability Scan performs the diagnostics of operating system and detects
software features that can be used by intruders to spread malicious objects and
obtain access to personal information.
Kaspersky CRYSTAL 2.0
257 | 7 4 6
Update
The Update tab provides the information about the last update on a selected computer and the
update source.
Kaspersky CRYSTAL 2.0
258 | 7 4 6
Any computer can be selected as an update server from which other computers will download
updates.
To assign a selected computer an update source, click the Make this computer an update
source button.
Kaspersky CRYSTAL 2.0
259 | 7 4 6
In the opened window confirm that you want to make this computer an update source.
The Virus activity review link takes you to http://www.securelist.com, where you can view
actual information about network threats.
Kaspersky CRYSTAL 2.0
260 | 7 4 6
To start application update on a selected computer, click the Run update button.
Kaspersky CRYSTAL 2.0
261 | 7 4 6
Click the arrow in the right part of the Run update button to configure an update schedule or
roll back to the previous databases (this function becomes available after the first update).
Kaspersky CRYSTAL 2.0
262 | 7 4 6
Backup and Restore
The Backup and Restore tab is designed for remote management of backup tasks.
The list of tasks includes all the backup tasks created on the selected computer.
You cannot create a backup task remotely. The task should be created from the main
application window on the computer (the Backup and Restore module). After that a backup
task will appear in the Home Network Control window of this computer.
In order to run the task, click the Run button. You can pause or stop the task.
Kaspersky CRYSTAL 2.0
263 | 7 4 6
Kaspersky CRYSTAL 2.0
264 | 7 4 6
Chapter 9. Additional Tools
To facilitate solving specific tasks of providing computer security, Kaspersky PURE
2.0 includes the following wizards and tools:
► Browser Configuration;
► Kaspersky Rescue Disk;
► Microsoft Windows Troubleshooting;
► File Shredder;
► Privacy Cleaner;
► Unused Data Cleaner.
Browser Configuration
The Browser Configuration Wizard analyzes Microsoft Internet Explorer settings from the
perspective of security, since some settings selected by the user or set by default may cause
security problems.
The Wizard checks whether the latest software updates for the browser have been installed,
and whether its settings contain any potential vulnerability which can be used by intruders to
inflict damage on your computer. In the result of analysis the wizard will offer you to select from
the list the problems you wish to eliminate. The list is divided into three groups:
► Additional actions. List of the least dangerous threats.
► Recommended actions. List of problems posing a potential threat.
► Strongly recommended actions. List of problems posing a serious security threat.
Browser Configuration Wizard checks the following objects:
► Microsoft Internet Explorer cache. The cache contains confidential data, from
which a history of websites visited by the user can also be obtained. Some malware
objects also scan the cache while scanning the disk, and intruders can obtain, for
example, the user's email addresses. You are advised to clear the cache every time
you close your browser to improve the protection.
► Display of known file types extensions. It is useful to see the file extension. File
names of many malicious objects contain combinations of symbols imitating an
additional file extension before the real one. If the real file extension is not displayed,
users can see just the file name part with the imitated extension. Such scheme is
commonly used by cyber criminals. To improve protection, you are advised to enable
the display of files of known formats.
► List of trusted websites. Malicious objects can add to this list links to websites
created by intruders.
Running Browser Configuration Wizard
In order to run Browser Configuration Wizard, perform the following:
1. Open the main program window.
Kaspersky CRYSTAL 2.0
265 | 7 4 6
2. At the lower part of the window click the Additional Tools button.
3. In the Additional Tools window in the Browser Configuration section click the Run
button to configure the browser.
Kaspersky CRYSTAL 2.0
266 | 7 4 6
4. In the Browser Configuration Wizard window (if launched for the first time) only one
action is available Perform diagnostics for Microsoft Internet Explorer. To start the
search process, click the Next button.
Close all browser windows before starting the diagnostics.
Kaspersky CRYSTAL 2.0
267 | 7 4 6
When you start the Wizard next time, you will be able to select from the two options:
► Perform diagnostics for Microsoft Internet Explorer.
► Roll back changes. You can roll back changes if after the Wizard's work
some problems when working on the Internet appear.
5. Wait until the system is being checked.
6. In the wizard window, check the boxes for problems to be fixed. Click the Next button.
Kaspersky CRYSTAL 2.0
268 | 7 4 6
7. In the wizard window, click the Finish button.
Kaspersky CRYSTAL 2.0
269 | 7 4 6
Rolling back wizard actions which resulted in problems when working on the Internet
If the Wizard's work causes problems with the Internet, you can roll back the changes which
were made by the Wizard. In order to do so, perform the following actions:
1. Start the Browser Configuration Wizard.
2. In the welcome window, select the Roll back changes option and then click the Next
button.
3. In the list of made changes, select the changes for rollback and click the Next button.
Kaspersky CRYSTAL 2.0
270 | 7 4 6
4. Wait until the rollback process is completed.
5. In the wizard window, click the Finish button. Make sure problems with the Internet are
eliminated.
Kaspersky Rescue Disk
Kaspersky PURE 2.0 includes a service which allows to create rescue disk designed to scan
and disinfect x86-compatible computers.
It is required when a computer is so damaged that the anti-virus solution or disinfection tools
(for example, Kaspersky AVPTool), run under control of the operating system, fail to disinfect a
computer. Efficiency of such disinfection enhances considerably as malicious programs in the
system do not get control during the boot of the operating system.
Rescue disk is an .iso image which includes the following:
► system and configuration files;
► a set of utilities to diagnose the system;
► a set of additional utilities (file manager and etc.);
► Kaspersky Rescue Disk files;
► anti-virus databases files.
A computer with the damaged operating system is booted from a CD/DVD-disk or a USB-
medium (a corresponding device should be installed on the computer).
Kaspersky CRYSTAL 2.0
271 | 7 4 6
Creating Kaspersky Rescue Disk
You can create the disk image (an .iso file) with up-to-date anti-virus databases and
configuration files. A source image can be downloaded from Kaspersky Lab servers or copied
from a local source. The file created by the Wizard is saved in the path specified during the
work of the Wizard.
To create a Rescue Disk, perform the following actions:
1. Open the main application window.
2. At the lower part of the window click the Additional Tools button.
3. In the Additional Tools window in the Kaspersky Rescue Disk section click the
Create button.
4. Kaspersky Rescue Disk is created with the help of the wizard. The Wizard consists of
a series of screens (steps) navigated using the Back and Next buttons. To close the
Wizard once it has completed its task, click the Finish button. To stop the Wizard at any
stage, click the Cancel button.
5. The Create and record Kaspersky Rescue Disk on a CD / DVD or USB flash drive
window of the Wizard contains information about the Rescue Disk that will be created by
the Wizard.
Kaspersky CRYSTAL 2.0
272 | 7 4 6
If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder, the Use
existing disk image box will be displayed in the first window of the Wizard. Check the
box to use the detected file as original ISO image and go directly to the Updating disk
image step. Uncheck this box if you do not want to use the disk image that has been
found.
Kaspersky CRYSTAL 2.0
273 | 7 4 6
6. The Select disk image source window is skipped if you have checked the Use existing
disk image box in the first Wizard window.
At this step, you should select the image file source from the list of options:
► Select Copy ISO image from local or network drive if you already have a Rescue
Disk or an image prepared for it and stored on your computer or on a local network
resource.
► Select the Download ISO image from Kaspersky Lab server option if you do not
have an image file, and you want to download it from the Kaspersky Lab server.
Make sure that the Internet connection is established on your computer. The latest
version of an image is downloaded from the Kaspersky Lab server. The file size is
about 200 MB.
After you have selected an image source, click the Next button.
Kaspersky CRYSTAL 2.0
274 | 7 4 6
7. The Downloading disk image window is skipped if you have checked the Use existing
ISO image box in the first Wizard window,
If you have selected Download ISO image from Kaspersky Lab server, the disk
image downloading progress is displayed immediately.
Kaspersky CRYSTAL 2.0
275 | 7 4 6
If you have selected the option to copy the image from a local source at the previous
step (Copy ISO image from local or network drive), you should specify the path to the
ISO file at this current step. To do this, click the Browse button. After you have specified
the path to the file, click the Next button. The disk image copying progress is displayed
in the Wizard window.
Kaspersky CRYSTAL 2.0
276 | 7 4 6
8. When copying or downloading the ISO image is complete, the Wizard automatically
proceeds to Updating disk image.
Disk update procedure includes:
► update of anti-virus databases;
► update of configuration files.
Configuration files determine the possibility of starting the computer from a removable
disk or CD / DVD written using a rescue disk image provided by the Wizard.
When updating anti-virus databases, those distributed at the last update of Kaspersky
PURE 2.0 are used. If the databases are obsolete, it is recommended to update the
program and restart the Rescue Disk Creation Wizard.
To begin updating of the files, click the Next button. The updating progress will be
displayed in the Wizard window.
Kaspersky CRYSTAL 2.0
277 | 7 4 6
9. The Wizard informs you of a successful creation of the Rescue Disk and offers you to
record it on a data medium.
Kaspersky CRYSTAL 2.0
278 | 7 4 6
Specify a data medium for recording the disk image:
► Select Record to CD / DVD to record the image on a CD / DVD. You will be
prompted to specify the CD / DVD on which the image should be recorded. Then,
the ISO image will be recorded on this CD / DVD. The recording process may
take some time so please wait until it has completed.
Kaspersky CRYSTAL 2.0
279 | 7 4 6
A special program is needed for burning. For example, Nero.
► Select the Record to USB flash drive option to record the image on a removable
drive. Kaspersky Lab recommends that you do not record the ISO image on
devices which are not designed specifically for data storage, such as
smartphones, cellphones, PDAs, and MP3 players. Recording ISO images on
these devices may lead to their incorrect functioning in the future. You will be
prompted to specify the removable drive on which the image should be recorded.
Then, the image will be recorded on this removable drive. The recording process
may take some time so please wait until it has completed.
Kaspersky CRYSTAL 2.0
280 | 7 4 6
► Select Save the disk image to file on local or network drive to record the ISO
image to the hard drive installed on your computer or another one that you can
access over a network. You will be offered to specify the folder into which the image
should be recorded, and the name of the ISO file, after which it will be recorded on
the hard drive. The recording process may take some time so please wait until it has
completed. Later you will have to record this file on the CD/DVD disk or a USB drive
on your own.
Kaspersky CRYSTAL 2.0
281 | 7 4 6
10. To complete the Wizard, click the Finish button. You can use the disk that you have
created for further booting of the computer (see Starting the computer from the
rescue disk).
Kaspersky CRYSTAL 2.0
282 | 7 4 6
Creation and record of a rescue disk is completed.
Starting the computer from the rescue disk
To boot the operating system from the rescue disk, you should use a CD / DVD or removable
drive with a rescue disk image (.iso) file recorded on it, and start the computer. If a CD-disk
cannot be inserted into the CD/DVD drive, then start up the computer and next insert the CD
into the CD/DVD drive. Insert the disk quickly, otherwise the infected operating system starts
booting not from a rescue disk.
1. Insert a medium drive with the recorded disk image into the corresponding slot and
switch the computer.
2. If a disk cannot be inserted before computer is enabled, in this case first, switch on the
computer, and then insert a disk into the disk drive. Try to insert the disk into the drive
quickly so the computer would boot from the rescue disk and not from an infected
system.
3. Immediately after the computer restart, press the Delete key several times to enter
BIOS9.
4. In BIOS in the Advanced BIOS Features menu set CD/DVD-ROM (or USB-drive) as
the first boot device (the BIOS interface may vary depending on its version).
5. Exit BIOS saving the made changes.
9 BIOS is a part of the system hardware designed to provide access to computer hardware and the connected
devices.
Kaspersky CRYSTAL 2.0
283 | 7 4 6
6. When a screen with Kaspersky Rescue Disk 10 appears, press any key within 10
seconds, to prevent your computer to boot from the hard drive.
7. Using the keys to move the cursor in the left part of the screen, select the language of
the graphic interface. Press the ENTER key.
If no choice is made for some time, English is used as a default language.
Next, the folders for anti-virus databases, reports, the quarantine and auxiliary files are
searched (created). By default, folders of a Kaspersky Lab product, installed on an
infected computer, are used (ProgramData/Kaspersky Lab/AVP12 – for Microsoft
Windows Vista/7, Documents and Settings/All Users/Application Data/Kaspersky
Lab/AVP12 – for earlier versions of Microsoft Windows).
Pay attention, the folders Application Data in Microsoft Windows XP and ProgramData
in Microsoft Windows Vista and Microsoft Windows 7 are hidden by default. Read
KB3580(http://support.kaspersky.com/faq/?qid=208281592), to know how to enable
display of hidden folders.
If the application’s folders are not found, an attempt is made to create them. If the
folders cannot be found or created, the kl.files folder is created on one of the drives.
8. Next you are offered to select from one of the following boot modes:
► Kaspersky Rescue Disk. Graphic mode loads the graphic subsystem
(recommended for most of the users).
► Kaspersky Rescue Disk. The text mode loads the user text interface provided by
the console file manager Midnight Commander (MC).
► Boot from the Hard Disk.
Kaspersky CRYSTAL 2.0
284 | 7 4 6
9. Using the Up/Down arrows on the keyboard select Graphic mode. Press the ENTER
key.
Carefully read the text of a license agreement for Kaspersky Rescue Disk 10 and if you agree
with its conditions, press the C key on the keyboard.
When the operating system has booted you can start working with Kaspersky Rescue Disk
10.
If the operating system of the booting computer is in the sleep mode or its work was finished
incorrectly, you will be suggested to mount the file system for usage (prepare the file system
tor usage in the operating system) or restart the computer. In this case select one of the three
variants:
► Continue. If you click the Continue button, Kaspersky Rescue Disk 10 continues
mounting the file system but the file system can be damaged.
► Skip. If you click the Skip button, Kaspersky Rescue Disk 10 skips mounting of the
file system. In this case you can only scan boot sectors and startup elements for
viruses.
However, some file systems can be mounted.
► Restart computer. In this scenario you can boot from a hard drive and finish work of
the operating system correctly.
Kaspersky Rescue Disk 10 allows the user to perform the following actions:
1. Scan objects for viruses and configure scan settings, including:
► modify the security level;
Kaspersky CRYSTAL 2.0
285 | 7 4 6
► change an action performed upon a threat detection;
► create the list of objects to scan;
► change type of scanned objects;
► restrict scan duration;
► specify scan settings of compound files;
► change the scan method;
► restore default scan settings.
2. Start update of anti-virus databases and configure the update settings:
► select an update source;
► configure proxy-server settings;
► specify regional settings;
► if necessary, roll the latest update back.
3. Configure additional settings:
► specify the category of the detected threats;
► create the trusted zone;
► configure notification settings;
► set the storage time for report files;
► configure settings of storing objects on quarantine and backup.
4. Create a report for scan and update tasks.
5. View statistics of the application operation.
You can find more detailed information about the features of the rescue disk in the help system
of Kaspersky Rescue Disk.
Microsoft Windows Troubleshooting
What is Microsoft Windows Troubleshooting?
The Microsoft Windows Troubleshooting Wizard allows to neutralize the consequences of
malicious activity in the system. Kaspersky Lab recommends that you run the Wizard after the
computer has been disinfected to make sure that all threats and damage caused by infections
have been fixed. You can also use the Wizard if you suspect that your computer is infected.
The Wizard checks whether there are any changes to the system, such as the following:
► access to the network being blocked (for example, it is impossible to address other
computers in the LAN);
► known file format extensions have been changed;
► the toolbar is locked (as a result applications cannot be deleted) and etc.
Such damage can have various causes:
► the activity of malicious programs;
► system failures;
► incorrect operation of system optimization applications.
Kaspersky CRYSTAL 2.0
286 | 7 4 6
Running Microsoft Windows Troubleshooting Wizard
To start the Wizard, perform the following actions:
1. Open the main application window.
2. At the lower part of the main window click the Additional Tools button.
3. In the Additional Tools window in the Microsoft Windows Troubleshooting section
click the Run button.
Kaspersky CRYSTAL 2.0
287 | 7 4 6
4. The Microsoft Windows Troubleshooting Wizard will be started.
The Wizard consists of a series of screens (steps) navigated using the Next buttons. To
stop the Wizard at any stage, click the Cancel button.
If the wizard is started for the first time, then only the option Search for problems
caused by malware activity will be available.
If the wizard was started earlier and some changes were made, then you will also be
able to select the Roll back changes option.
Click the Next button to continue.
Kaspersky CRYSTAL 2.0
288 | 7 4 6
5. All damage found during the previous step is grouped on the basis of the type of danger
it poses. For each damage group, Kaspersky Lab recommends a sequence of actions to
repair the damage. There are three groups of actions:
► Strongly recommended actions eliminate problems posing a serious security
threat.
► Recommended actions eliminate problems presenting a potential threat.
► Additional actions list the least dangerous problems.
Check the boxes for the problems to be fixed. Click the Next button.
Kaspersky CRYSTAL 2.0
289 | 7 4 6
6. To close the Wizard, click the Finish button.
Kaspersky CRYSTAL 2.0
290 | 7 4 6
File Shredder
What is File Shredder?
In some cases (for example, when you want to sell your computer) you may need to
permanently delete your personal data which are stored on your computer. Deleting data with
the standard Microsoft Windows tools (sending them to the Recycle Bin and then emptying
the Recycle Bin) cannot ensure safety and prevent possible restoration. Files may be restored
using any high-performance software tools. Formatting data storage media (such as hard disk
drives, flash cards, or USB cards) cannot guarantee total data deletion either.
In order to protect your confidential data from unauthorized restoration, Kaspersky PURE 2.0
includes the File Shredder option. Data deletion is based on rewriting deleted information with
ones, zeroes, or random symbols. In Kaspersky PURE 2.0 algorithms of re-recording symbol
chains (methods for permanent deletion of personal data) are standardized. Rewriting cycles
and number of them may vary depending on the selected method for permanent deletion.
The wizard supports data deletion from the following information carrier:
► Local drives. Deletion is possible if the user has the rights required for recording and
deleting information.
► Removable drives or other devices that are recognized as removable drives (such as
floppy disks, flash memory cards, USB disks, or cell phones). Data can be deleted
from a flash memory card if its mechanical protection from rewriting is disabled.
Kaspersky CRYSTAL 2.0
291 | 7 4 6
Before permanently deleting data from a medium, the program finds out whether deletion from
a selected drive is available. The deleting procedure will be performed only of the selected
drive supports data deletion. Otherwise the data cannot be permanently deleted from a drive.
You can delete the data that you can access under your personal account. Before deleting
data, make sure that it is not used by running applications.
Such objects as a file or a folder can be deleted. To prevent accidental deletion of important
files at a time you can select only one object for deletion (a selected folder may contain several
files or sub-folders).
Methods for permanent deletion of personal data are standardized. They are all based on
overwriting deleted information with ones, zeros, or random characters multiple times. Deletion
speed and quality may vary depending on the number of overwrite cycles.
Data deletion methods
Sure methods are methods when data rewriting contains three or more cycles.
In the File Shredder Tool from Kaspersky PURE 2.0 you are offered to select one of the
following data deletion standards:
► Quick delete (Recommended). Deletion process consists of two cycles of data
rewriting: writing zeroes and pseudorandom numbers. The main advantage of this
algorithm is performance speed. Two cycles are enough to complicate the
operations of data restoration tools. Even if the file itself will be restored, the data will
turn out to be annihilated.
► GOST state standard P 50739-95, Russian Federation. The algorithm carries out
one rewriting cycle using pseudorandom numbers and protects the data from
restoration with common tools. This algorithm corresponds to protection class 2 out
of 6 total, according to the State Technical Commission classification.
► VSITR standard, Germany. The algorithm carries out seven rewriting cycles. The
algorithm is considered reliable but it requires more time for execution.
► Bruce Schneier algorithm. The process consists of seven rewriting cycles. The
method differs from VSITR by its rewriting sequence. This enhanced method of data
deletion is considered the most reliable.
► NAVSO P-5239-26 (MFM) standard, USA and NAVSO P-5239-26 (RLL) standard,
USA. The algorithm carries out three rewriting cycles. The standards differ from one
another by their sequences of data deletion.
► DoD 5250.22-M standard, USA. The algorithm carries out three rewriting cycles. It
is considered a reliable method of protection against people who do not have special
tools but, however, data are successfully restored in many cases.
Permanent data deletion procedure
In order to permanently delete data, do the following:
Deletion of system files and folders may cause operating system malfunctions. If you
select system files or folders for deletion, the application will request additional
confirmation of their deletion.
Kaspersky CRYSTAL 2.0
292 | 7 4 6
1. Open the main program window.
2. At the lower part of the window click the Additional Tools button.
3. In the Additional Tools window in the File Shredder section click the Open button.
Kaspersky CRYSTAL 2.0
293 | 7 4 6
4. In the File Shredder window click the Browse button. In the Select file or folder
window select an object for deletion and click the OK button.
Kaspersky CRYSTAL 2.0
294 | 7 4 6
5. In the drop-down list Data deletion method, select a required deletion method.
Kaspersky CRYSTAL 2.0
295 | 7 4 6
6. Click the Delete button.
Kaspersky CRYSTAL 2.0
296 | 7 4 6
7. In the opened window confirm deletion by clicking the OK button.
Privacy Cleaner
Many of user's actions performed on the Internet or with applications are registered in the
system. The following data is saved:
► Histories containing information about visited websites, applications launch , search
requests, opening / saving files by different applications;
► Microsoft Windows system log records;
Kaspersky CRYSTAL 2.0
297 | 7 4 6
► Temporary files and etc.
Privacy Cleaner Wizard
Privacy Cleaner Wizard allows to delete the files, including files with the user private data (for
example, passwords).
To start Privacy Cleaner Wizard, perform the following actions:
1. Open the main application window.
2. At the lower part of the main window click the Additional Tools button.
3. In the Additional Tools window in the Privacy Cleaner section click the Run button.
Kaspersky CRYSTAL 2.0
298 | 7 4 6
4. In the Erase Your Activities History window select an action:
► Perform user activity traces diagnostics;
► Roll back changes (the option is available if the wizard was used before)
5. Click the Next button.
Kaspersky CRYSTAL 2.0
299 | 7 4 6
6. Wait until the process is completed.
7. Select the required information about the user's actions to delete. The list contains three
sections:
► Additional actions – the list of the least dangerous problems;
► Recommended actions – the list of potentially dangerous problems;
► Strongly recommended actions – this group includes dangerous problems.
8. To start the process, click the Next button.
Kaspersky CRYSTAL 2.0
300 | 7 4 6
9. Wait until the deletion is completed.
In order to delete some files, the wizard will suggest that you restart the system.
10. In the Activity traces cleaned successfully window, you can specify the mode that the
wizard will be started automatically every time on Kaspersky PURE 2.0 exit. To do so,
check the box Clean activity traces every time on Kaspersky PURE 2.0 exit.
11. To finish the wizard's work, click the Finish button.
Kaspersky CRYSTAL 2.0
301 | 7 4 6
In order to delete some files, the wizard will suggest that you restart the system.
Repeated running of the Privacy Cleaner Wizard may detect activity traces which were not
cleaned up by the previous run of the Wizard. The matter is that data related to user activity in
the system are accumulated constantly. Some files, for example the Microsoft Windows log
file, may be in use by the system while the Wizard is attempting to delete them. In order to
delete these files, the Wizard will prompt you to restart the system. However, during the restart,
these files may be recreated and detected again as activity traces.
Unused Data Cleaner
The temporary files are created at the launch of any applications or operating systems. But
some of them remain undeleted when closing the application or operating system. However in
some cases (emergency shutdown, incorrect program installation, error in the program and
etc.) temporary files are not automatically deleted. Whereas deletion of temporary and unused
files will save free place on your hard drive.
Unused Data Cleaning Wizard
Kaspersky PURE 2.0 includes the Unused Data Clearing Wizard to delete unused files. The
wizard deletes the following:
► system event logs, where the names of all active applications are recorded;
Kaspersky CRYSTAL 2.0
302 | 7 4 6
► event logs of various applications (such as Microsoft Office, Microsoft Visio,
Macromedia Flash Player) or update utilities (such as Windows Updater, Adobe
Updater);
► system connection logs;
► temporary files of Internet browsers (cookies);
► temporary files remaining after installation / removal of applications;
► Recycle Bin contents;
► files in the TEMP folder whose volume may grow up to several gigabytes.
To start the Unused Data Clearing Wizard, please do the following:
1. Open the main application window.
2. At the lower part of the window select the Additional Tools button.
3. In the Additional Tools window in the Unused Data Cleaner section click the Run
button.
Kaspersky CRYSTAL 2.0
303 | 7 4 6
4. In the welcome window of the window click Next to start the wizard.
Kaspersky CRYSTAL 2.0
304 | 7 4 6
5. Wait till the search of unused files is complete.
Kaspersky CRYSTAL 2.0
305 | 7 4 6
6. In the Searching for unused data is complete window check the boxes for the actions
to be performed by the Unused Data Clearing Wizard. All actions are grouped into
three categories:
► Additional actions;
► Recommended actions;
► Strongly recommended actions.
To start the deletion process, click the Next button.
Kaspersky CRYSTAL 2.0
306 | 7 4 6
7. Wait until the deletion process is over.
8. In the Unused data deletion is complete window click the Finish button.
Kaspersky CRYSTAL 2.0
307 | 7 4 6
Kaspersky CRYSTAL 2.0
308 | 7 4 6
Chapter 10. Safe Run
What is Safe Run
Safe Run is a secure environment isolated from the main operating system and designed for
running applications whose safety raises doubts. When you use Safe Run, the real objects of
the operating system do not undergo changes. So even if you run an infected application in
Safe Run, all of its actions will be limited to the virtual environment without affecting the
operating system.
Suspicious objects detected while you work in the safe environment are quarantined in the
normal mode. The type of safe environment and the original file locations are saved in the list
of detected threats and in the full report of Kaspersky PURE 2.0.
When objects are recovered from Quarantine, they are restored to the original folder. If the
original folder cannot be found, Kaspersky PURE 2.0 offers you to specify a location to restore
the object in the environment in which the restoration procedure has been started.
The Safe Run for Applications component from Kaspersky PURE 2.0 does not work on
computers running under Microsoft Windows XP x64 and work with restriction on computers
running under Windows Vista x64 and Windows 7 x64.
Running applications in the Safe Run for Applications mode
It is recommended to use the safe environment for launching suspicious applications as well as
trusted applications vulnerabilities of which can be exploited by criminals to access data on
your computer.
You can run an application in the safe environment as well as use the safe desktop.
Safe Run for Applications opens in the full-screen mode and represents a copy of the main
desktop with all file system objects. You can create a list of applications that will run
automatically when you start Safe Run for Applications.
By default, after you close Safe Run for Applications, all changes you have made during the
last session will be saved and remain available at the next startup. If necessary, you can clear
all changes made to the safe environment.
Running an application in Safe Run
You can run applications in Safe Run, without switching to the safe desktop. You can run an
application in Safe Run from the context menu of Microsoft Windows.
Applications running in safe environment, are highlighted with a green frame around the
application window, and have a safe run indicator in the list of applications monitored by
Application Control.
Kaspersky CRYSTAL 2.0
309 | 7 4 6
In order to run an application in safe environment from the Microsoft Windows context menu,
perform the following actions:
1. Right-click to open the context menu for the selected object: shortcut or executable file
of the application.
2. In the context menu select Safe Run.
To save the data from an application run in Safe Run, save them to a folder:
► in Microsoft Windows XP: C:\Documents and Settings\All Users\Application
Data\Kaspersky Lab\SandboxShared;
Kaspersky CRYSTAL 2.0
310 | 7 4 6
► in Microsoft Windows Vista and Microsoft Windows 7:
C:\ProgramData\Kaspersky Lab\SandboxShared.
See how to use the Shared folder in Using a Shared folder.
The folders Application Data in Microsoft Windows XP and ProgramData in Microsoft
Windows Vista and Microsoft Windows 7 are hidden by default. Read the article KB3580
(http://support.kaspersky.com/faq/?qid=208281592) in Kaspersky Lab Knowledge Base, to
know how to enable display of hidden folders.
If no data were saved to the Shared folder, then once the application is closed, all changes
made during work with the application, are automatically cleared.
Starting Safe Run for Applications
You can launch the safe desktop:
► from the Kaspersky PURE 2.0 context menu;
► from the Kaspersky PURE 2.0 main window;
► using an existing shortcut.
In order to launch the safe desktop from the Kaspersky PURE 2.0 context menu, right-click the
Kaspersky icon in the notification area. From the open context menu select Tools and then
Safe Run for Applications.
Safe desktop opens in the full-screen mode and represents a copy of the main desktop with all
file system objects. If you roll over the top of the screen with the mouse pointer, a pop-up
toolbar of the Safe Run desktop appears.
The perimeter of the main desktop is highlighted with a green frame.
Kaspersky CRYSTAL 2.0
311 | 7 4 6
Safe Run pop-up toolbar allows you to perform the following actions:
— to fix the pop-up toolbar.
— to switch between the main and the Safe Run desktops.
— to close the Safe Run desktop or switch between the main and the Safe Run
desktops.
To switch to the Safe Run for Applications from the main window of Kaspersky PURE 2.0,
perform the following actions:
1. Open the main application window.
2. Click Safe Run.
3. In the Safe Run for Applications window click on the Go to Safe Run for
Applications button.
Kaspersky CRYSTAL 2.0
312 | 7 4 6
4. A welcome window opens. Click on the Close button to start work with the Safe Run for
Applications.
Kaspersky CRYSTAL 2.0
313 | 7 4 6
In order to launch the Safe Run desktop using a desktop shortcut, perform the following
actions:
1. Open the main application window.
2. Click on the Safe Run button.
3. Click the arrow next to the Go to Safe Run for Applications button. Select Create
desktop shortcut from the list.
Kaspersky CRYSTAL 2.0
314 | 7 4 6
4. The Safe Run for Applications shortcut will appear on the desktop. Using the shortcut
you can quickly launch Safe Run, without opening the main application window or the
context menu.
Closing Safe Run for Applications
You can exit from the Safe Run for Applications mode with three methods:
► From the Start menu: in the Start menu of your operating system select Safe Run
for Applications – Shut down.
Kaspersky CRYSTAL 2.0
315 | 7 4 6
► From the pop-up toolbar. In order to do this, perform the following actions:
1. In the upper part of the screen in the Safe Run for Applications mode click the
button on the pop-up toolbar.
2. In the Leaving Safe Run for Applications window click on the Shut down
button.
► Using the key combination. You can exit from the Safe Run for Applications
mode by pressing the key combination CTRL+ALT+SHIFT+K.
Kaspersky CRYSTAL 2.0
316 | 7 4 6
When closing Safe Run desktop you will be offered to save the data in the running
applications. After it all applications will be closed and the Safe Run work will be over.
Switching between the main desktop and Safe Run for Applications
You can switch to the main desktop, without closing Safe Run, and then switch back. You can
use the following methods to switch between the main desktop and the Safe Run:
► from the Kaspersky PURE 2.0 main window;
► from the Kaspersky PURE 2.0 context menu;
► from the pop-up toolbar.
To switch to the main desktop from the main window of Kaspersky PURE 2.0, perform the
following actions:
1. Open the main application window.
2. Click on the Safe Run button.
3. In the Safe Run for Applications window click on the Return to the main desktop
button.
To switch to the main desktop from the context menu of Kaspersky PURE 2.0, right-click to
open the context menu on the Kaspersky icon in the notification area and select Tools ->
Return to the main desktop.
Kaspersky CRYSTAL 2.0
317 | 7 4 6
To switch to the main desktop from the pop-up toolbar, perform the following actions:
1. Roll over the top part of the screen with the mouse pointer. The pop-up panel of Safe
Run for Applications appears.
2. Click on the button .
Using a shared folder
Shared folder of Safe Run is designed to share files between the main operating system and
safe environment. All files saved in this folder when working in safe environment are available
from the standard desktop. Shared folder is created when the application is being installed.
Location of the shared folder may vary depending on the operating system:
► for Microsoft Windows XP: C:\Documents and Settings\All Users\Application
Data\Kaspersky Lab\SandboxShared.
► for Microsoft Windows Vista and Microsoft Windows 7:
C:\ProgramData\Kaspersky Lab\SandboxShared.
The folders Application Data in Microsoft Windows XP and ProgramData in Microsoft
Windows Vista and Microsoft Windows 7 are hidden by default. Read the article KB3580
(http://support.kaspersky.com/faq/?qid=208281592) in Kaspersky Lab Knowledge Base, to
know how to enable display of hidden folders.
If you haven’t finished work with the Safe Run and switched to the main desktop, then
when you launch the Safe Run for Applications mode with any method described in
Starting Safe Run for Applications, you will find the applications running at the same
stage as they were, before you switched to the main desktop.
Kaspersky CRYSTAL 2.0
318 | 7 4 6
Location of the shared folder cannot be changed.
The safe environment shared folder can be opened in two ways:
► using a shortcut;
► using a link in the main window of the program.
Depending on the application settings specified by developers, the shortcut may be located in
the (My) Computer section or the (My) Documents section of Microsoft Windows Explorer.
To open the shared folder from the main window of Kaspersky PURE 2.0, perform the following
actions:
1. Open the main application window.
2. Click on the Safe Run button.
3. In the Safe Run for Applications window click on the Open shared folder button.
Kaspersky CRYSTAL 2.0
319 | 7 4 6
The Safe Run shared folder will open in the standard window of Microsoft Windows.
Clearing Safe Run for Applications
If you need to delete data saved when working in the safe application launch environment, and
restore the modified settings, you can clear Safe Run for Applications.
The clearing is carried out from the main Kaspersky PURE 2.0 window on the main desktop
and only if the Safe Run for Applications mode is disabled.
Prior to emptying make sure that all data that may be needed for further work were saved in
the Safe Run shared folder. Otherwise, the data is deleted without any possibility to
restore them.
To clear Safe Run data, perform the following actions:
1. Open the main application window.
2. Click on the Safe Run button.
3. Click the arrow next to the Go to Safe Run for Applications button. From the drop-
down menu select Clear Safe Run for Applications.
Kaspersky CRYSTAL 2.0
320 | 7 4 6
4. Confirm clearing and, if necessary, check the contents of the Shared Folder once
again.
What is Safe Run for Websites
Kaspersky CRYSTAL 2.0
321 | 7 4 6
Safe Run for Websites is a Kaspersky PURE 2.0 module which opens web pages without a
risk of infection with malicious software. When you use Safe Run for Websites all websites
open in a virtual environment without affecting the operating system.
The Safe Run for Websites is mainly designed for accessing online banking systems and
other websites processing confidential data.
You can start Safe Run for Websites on your own or configure the application settings so that
the application would offer to switch to Safe Run for Websites automatically when definite
conditions are met.
For example, you can:
► Enable controlled access to online banking services. Upon an attempt to open a
service that provides access to your finances, the application will offer you to switch
to safe run for websites.
► Create your own list of websites that process confidential data. Upon an attempt to
open such sites, the application will offer you to switch to safe run for websites.
► Enable control when transferring to potentially dangerous web sites. Upon an
attempt to open such sites, the application will offer you to switch to safe run for
websites to secure the system from a risk of infection.
When you use Safe Run for Websites, all changes (saved cookies, log of visited websites,
etc.) remain in the safe environment and do not affect the operating system, which means that
they cannot be exploited by intruders. If necessary, you can clear all changes made to the safe
browser and restore the default settings.
Starting Safe Run for Websites
When starting Safe Run for Websites, the default browser opens in Safe Run mode: only for
Microsoft Internet Explorer, Mozilla Firefox or Google Chrome. In other cases, Microsoft
Internet Explorer opens in Safe Run for Websites mode.
You can manually select a browser which will be launched as a safe browser in the Safe Run
for Websites settings.
You can launch the Safe Run for Websites manually either from the Kaspersky PURE 2.0
main window or using an existing shortcut.
To launch the Safe Run from Websites from the Kaspersky PURE 2.0 main window, perform
the following actions:
1. Open the main application window.
2. Click on the Safe Run button.
Kaspersky CRYSTAL 2.0
322 | 7 4 6
3. In the Safe Run for Applications window click the Start Safe Run for Websites
button. A default browser will be launched.
Kaspersky CRYSTAL 2.0
323 | 7 4 6
In order to select a safe browser, perform the following actions:
1. In the Safe Run for Applications window click on the arrow next to the Start Safe Run
for Websites button.
2. In the drop-down menu select Configure.
Kaspersky CRYSTAL 2.0
324 | 7 4 6
3. In the Safe Run for Website settings window in the drop-down list of the browsers
installed on your computer select a browser which should be used to safely browse
websites.
Kaspersky CRYSTAL 2.0
325 | 7 4 6
4. Click on the Save button.
Kaspersky CRYSTAL 2.0
326 | 7 4 6
Now when you click the Start Safe Run for Websites button, the selected browser will be
launched in the Safe Run for Websites window.
The browser which runs in Safe Run for Websites mode is highlighted with a green frame
around the application window.
In order to launch safe run for websites using a shortcut, perform the following actions:
1. Open the main applications window.
2. Click on the Safe Run button.
3. Click on the arrow next to the Start Safe Run for Websites button. In the drop-down
menu select Create desktop shortcut.
Kaspersky CRYSTAL 2.0
327 | 7 4 6
The Safe Run for Websites shortcut will appear on the desktop. To launch a safe browser,
double-click the shortcut.
Using a shared folder
Shared folder of Safe Run is designed to share files between the main operating system and
safe environment. All files saved in this folder when working in safe environment are available
from the standard desktop. Shared folder is created when the application is being installed.
Location of the shared folder may vary depending on the operating system:
► for Microsoft Windows XP:
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\SandboxShared.
► for Microsoft Windows Vista and Microsoft Windows 7:
C:\ProgramData\Kaspersky Lab\SandboxShared.
The folders Application Data in Microsoft Windows XP and ProgramData in Microsoft
Windows Vista and Microsoft Windows 7 are hidden by default. Read the article KB3580
Kaspersky CRYSTAL 2.0
328 | 7 4 6
(http://support.kaspersky.com/faq/?qid=208281592) in Kaspersky Lab Knowledge Base, to
know how to enable display of hidden folders.
Location of the shared folder cannot be changed.
The safe environment shared folder can be opened in two ways:
► using a shortcut;
► с помощью ссылки в главном окне программы.
Depending on the application settings specified by developers, the shortcut may be located in
the (My) Computer section or the (My) Documents section of Microsoft Windows Explorer.
To open the shared folder from the main window of Kaspersky PURE 2.0, perform the following
actions:
1. Open the main application window.
2. Click on the Safe Run button.
3. In the Safe Run for Applications window click on the Open shared folder button.
Kaspersky CRYSTAL 2.0
329 | 7 4 6
4. The Safe Run shared folder will open in the standard window of Microsoft Windows.
Clearing Safe Run for Websites
If necessary, you can configure the mode to automatically delete the data, saved during safe
run for websites. Or, on the contrary, you can configure Safe Run for Websites to save the
entered confidential data.
In order to do this, perform the following actions:
1. Open the main application window.
2. Click on the Safe Run button.
Kaspersky CRYSTAL 2.0
330 | 7 4 6
3. In the Safe Run for Applications window click on the arrow button next to Start Safe
Run for Websites. From the drop-down menu, select Configure.
Kaspersky CRYSTAL 2.0
331 | 7 4 6
4. In the Safe Run for Websites settings window enable or disable automatic clearing of
data.
Kaspersky CRYSTAL 2.0
332 | 7 4 6
► If you select Enable automatic clearing of data, all confidential data (for example,
passwords), entered during work in the safe browser, will be deleted when the
browser is closed. This is the safest mode for work.
► If you select Disable automatic clearing of data, all entered confidential data can
be saved in the safe browser and used during the next working session. However, in
this operational mode the working security is decreased.
Click on the Save button.
Kaspersky CRYSTAL 2.0
333 | 7 4 6
You can manually delete data saved during work with the safe browser. In order to do this,
perform the following actions:
1. In the Safe Run for Applications window click on the arrow button next to Start Safe
Run for Websites. Select Clear Safe Run for Websites from the drop-down menu.
Kaspersky CRYSTAL 2.0
334 | 7 4 6
2. In the Clear Safe Run for Websites window click on the Clear button to confirm data
deletion.
Kaspersky CRYSTAL 2.0
335 | 7 4 6
Chapter 11. Data Encryption
Data Encryption is designed for protecting confidential information against unauthorized
access. To protect your personal data, the mechanism of encryption is used. It means that data
is stored in an encrypted form in a special container.
Container is an encrypted object created by the user with the Data encryption function. After
the container is created and connected you can work with it as with a virtual logical drive.
Containers can be copied, burnt onto CD and DVD-disks, sent by e-mail, relocated onto
another computer on which Kaspersky PURE 2.0 is installed.
To work with data in a container, it is required to decrypt them. On decryption Kaspersky PURE
2.0 will ask to enter your password. After entering the password, the container will be displayed
in the system as a virtual removable device which can be used to move or copy data to.
Creating an encrypted container
In order to store encrypted data, it is required to create a container. A container can be created
on a local disk or removable devices.
During a container creation, you will be required to specify its name, size, access password
and path to store the file.
You can also connect an earlier created container if it is not accessible on the computer (for
example, after operating system re-installation). In this case the container will appear in the list
of containers, but access to the container will be blocked until you enter the password to the
container.
In order to create a container, perform the following actions:
1. Open the main application window.
2. Click on the Data Encryption button.
Kaspersky CRYSTAL 2.0
336 | 7 4 6
3. In the Data Encryption window click on the Create container button.
Kaspersky CRYSTAL 2.0
337 | 7 4 6
4. In the Create encrypted container window, specify the main settings for the container:
► Name;
► Password;
► Size;
► Container file location;
► Virtual drive letter.
Kaspersky CRYSTAL 2.0
338 | 7 4 6
Encrypting data
Once the container is created, you can see the container information in the lower part of the
window.
Kaspersky CRYSTAL 2.0
339 | 7 4 6
You can view data stored in the container by clicking on the Open container button. The
container will be open in the Microsoft Windows Explorer. Copy to the container data you wish
to encrypt.
In order to encrypt data, click on the Encrypt data button in the Data Encryption window of
Kaspersky PURE 2.0.
Connecting an earlier created container
In order to connect an earlier created container (for example, created on another computer with
installed Kaspersky PURE 2.0), perform the following actions:
1. Open the main application window.
2. Click on the Data Encryption button.
3. In the Data Encryption window click on the Connect container link.
Kaspersky CRYSTAL 2.0
340 | 7 4 6
4. Select the container file and press on the Open button.
Kaspersky CRYSTAL 2.0
341 | 7 4 6
Decrypting data. Configuring container
In order to access data stored in a container, perform the following actions:
1. Open the main application window.
2. Click on the Data Encryption button.
3. Select the required container from the list and click on the Decrypt data button in the
container section.
4. Enter the password to the container in the open window.
5. Click on the OK button. The container opens in the Microsoft Windows Explorer window.
Kaspersky CRYSTAL 2.0
342 | 7 4 6
You can change the password of name of the container. Also you can create a shortcut to the
container or delete the container.
In order to configure the container settings, perform the following actions:
1. In the section of the created container click on the Settings button.
Kaspersky CRYSTAL 2.0
343 | 7 4 6
2. Enter the password to access the container:
3. In the <Container name> window you can change the name of the container, change
password or create a desktop shortcut.
Kaspersky CRYSTAL 2.0
344 | 7 4 6
4. To change the password to the container click on the Change password link. In the
open window enter your current password in the old password field and your new
password in the New password and Confirm password fields. Click on the OK button.
5. In order to create a shortcut to the container, click on the Create desktop shortcut link.
Click OK in the open window.
Kaspersky CRYSTAL 2.0
345 | 7 4 6
The shortcut to the container will appear on the desktop:
Deleting container
In order to delete a container, perform the following actions:
1. In the Data Encryption window click on the arrow button next the Settings window.
2. Select Delete from the open menu.
Kaspersky CRYSTAL 2.0
346 | 7 4 6
3. In the open window enter the password to the container:
4. In the Confirm deletion window click on the OK button.
Kaspersky CRYSTAL 2.0
347 | 7 4 6
Kaspersky CRYSTAL 2.0
348 | 7 4 6
Chapter 12. Password Manager
What is Password Manager
Using passwords is the most common authorization method, and frequently a password is the
only obstacle for intruders who try to get access to your personal data.
Password Manager is an indispensable tool for the active Internet user. It fully automates the
process of entering passwords and other data into websites and saves the user going to the
trouble of creating and remembering multiple passwords. When you use Password Manager
to log in, you can rest assured that your data is safe. The software creates exceptionally strong
passwords and prevents your login information from being stolen. All confidential data is
encrypted and kept in a dedicated database on your computer.
From the Password Manager window you can:
► Open the password database;
► Open the settings window;
► Add a new account or identity;
► Create portable version on a USB-drive;
► Launch Password Generator;
► Open frequently used accounts.
The Password Manager interface includes the following components:
► Password Manager window;
► Icon in the taskbar notification area;
► Context menu;
► Settings window;
► Password database window;
► Pointer;
► Caption button.
Main features of Password Manager
One-click authorization
Password Manager saves the parameters you use to access web resources (login and
password). With each subsequent visit to the site the program will insert your credentials
automatically. Password Manager also works with applications which require authorization
(Skype, ICQ, Outlook and etc.).
Secure protection of your passwords
Password Manager stores your passwords and other personal information in a secure, encrypted database on your computer. The passwords which have been saved can only be decrypted using a master password or another method of authentication specified by the user, which ensures security and prevents your information from being stolen by cybercriminals.
Password Manager inserts information directly into web resources and applications without
using the keyboard and effectively protects your passwords against keyloggers (a keylogger is
Kaspersky CRYSTAL 2.0
349 | 7 4 6
a malicious program that tracks the sequence of keystrokes on the keyboard in order to record
a user’s personal information, such as passwords).
Password Manager effectively combats phishing attacks as it verifies the authenticity of web
addresses and the software version before any passwords are inserted.
Accounts
You can use several user accounts for one website (application), or one account for several
websites (applications).
Identification cards
Password Manager allows long registration forms to be completed automatically based on
identification cards containing personal data which the user creates in advance. Several cards
can be used to store business and personal information separately (e.g. first and last name,
year of birth, sex, email address, telephone number, country of residence, etc.).
Secure memos
Password Manager enables you not only to securely store logins and passwords but also
personal records which you would like to remain confidential such as: SIM card PIN codes,
software keys, passport details, etc. It is possible to use templates with standard data types
when creating a secure memo.
Secure exchange of account details
Sometimes we need to share our login and password to a certain resource with family and
friends. To avoid sending your confidential information openly, take advantage of the new
option included in Password Manager that allows the exchange of encrypted login
information. After a predetermined period of time, the product will remind you that the account
information has been shared with another user and you will be able to modify the access
parameters to ensure security.
Various authentication methods
You can decrypt you password databases in Password Manager using a Master Password,
removable USB or Bluetooth device (for example, using your mobile device).
Password generator
The generator included in Password Manager will help you to create strong passwords that
would be difficult for cybercriminals to crack.
One database for all passwords
You can import your passwords and personal data stored in web browsers and other
applications to Password Manager. You can also unite different password databases into just
one (for example, databases on different computers).
Portable version
Kaspersky CRYSTAL 2.0
350 | 7 4 6
A portable version of the program enables you to use the password database on any computer
without installing Password Manager. The version can be launched from various external
memory devices, e.g. a USB or a flash drive. When the removable media is disconnected,
Password Manager will automatically close and your data will be removed from the computer.
Starting Password Manager
What is Master Password
Password Manager includes different protection methods against unauthorized access to your
password database. One of these protection methods is Master Password.
Master Password is your personal key to access your password database containing your
passwords and other personal data. Without Master Password it is impossible to access the
password database. Keep it in secret.
When creating your Master Password, it is recommended to follow the following
recommendations:
► a password can contain digits, Latin characters, space and special characters («.»,
«,», «?», «!», «<», «>», «‖», etc.);
► You must not use in the password:
words found in a dictionary or set expressions;
any easy-to-guess sequence like: qwerty, 123456789, qazxsw etc.;
personal data: first and last names, addresses, passport numbers, social security
numbers etc.;
it is strongly advised not to reuse the passwords which you use to run other
programs (e-mail, databases, etc).
Creating Master Password
The Password Manager Configuration Wizard will start automatically at first Password
Manager launch. To start working with Password Manager go through configuration steps:
1. In the Password Manager window click on the Start Password Manager button.
Kaspersky CRYSTAL 2.0
351 | 7 4 6
2. On the Master Password step, enter your master password in the Master Password
and Confirm Master Password fields. Read carefully information about the importance
of Master Password and then check the corresponding box and click Next. (See above
recommendations on how to create a strong master password).
Kaspersky CRYSTAL 2.0
352 | 7 4 6
3. On the Access control step, select the required authorization method from the drop-
down menu and click Next.
To access the password database you can select one of the following authentication methods:
Kaspersky CRYSTAL 2.0
353 | 7 4 6
► Password protection. The password will be used to access the password
database.
► USB device. An USB device will be used to access the password database. If the
USB device is not connected, password database will be inaccessible.
► Bluetooth device. A Bluetooth device will be used to access the password
database. If the Bluetooth device is not connected, password database will be
inaccessible.
► No authorization. The password database will not be protected.
By default, the Password protection option is selected. It allows you to remember only one
password to access the password database.
Master Password is the main access method to the password database. If authorization with
a device is selected and the device is inaccessible (for example, it was lost), you can use your
master password to access the password database and your personal data.
4. On the Locking timeout step, from the drop-down menu select the time when
Password Manager will be automatically locked and check the box Request Master
Password when Password Manager starts. Click Next.
5. Select browsers in which special plug-ins of Password Manager will be installed. Close
all windows of selected web browsers and click on the Next button.
Kaspersky CRYSTAL 2.0
354 | 7 4 6
6. Configuration of Password Manager completed. Click Finish to start working with
Password Manager
Kaspersky CRYSTAL 2.0
355 | 7 4 6
Locking Password Manager
By default, Password Manager locks the database at first start and after the specified locking
time.
You can lock/unlock the database with the following methods:
► From the Password Manager window;
► Using USB or Bluetooth device — only for authorization methods by USB or
Bluetooth device;
► From the context menu;
► By key combination CTRL + ALT + L.
In order to enter a password, you can a special tool Virtual Keyboard.
You can lock/unlock Password Manager with the following methods:
► From the main application window;
► From the context menu.
In order to lock Password Manager from the main application window, perform the following
actions:
1. In the lower part of the main application window, click on the Password Manager
button.
2. In the Password Manager window, click on the Lock Password Manager.
Kaspersky CRYSTAL 2.0
356 | 7 4 6
In order to lock Password Manager from the context menu, perform the following actions:
1. Right-click the Kaspersky PURE 2.0 icon in the Taskbar notification area.
2. From the open context menu select Lock Password Manager.
Kaspersky CRYSTAL 2.0
357 | 7 4 6
In order to unlock Password Manager from the main application window, perform the following
actions:
1. In the lower part of the main application window, click on the Password Manager
button.
2. In the Password Manager window, click on the Unlock Password Manager.
3. Enter your Master Password for Password Manager and click on the Unlock button.
In order to unlock Password Manager from the context menu, perform the following actions:
Kaspersky CRYSTAL 2.0
358 | 7 4 6
1. Right-click on the Kaspersky PURE 2.0 icon in the Taskbar notification area.
2. Select Unlock Password Manager.
3. Enter your Master Password for Password Manager and click on the Unlock button.
Password Manager Settings window
The settings window can be opened from the Password Manager window. The settings
window contains the list of the component functions and the list of settings for the specified
function.
Kaspersky CRYSTAL 2.0
359 | 7 4 6
Password database window
The password database window can be opened from the Password Manager window. The
password database contains all your accounts to web-sites and applications, personal notes
and identities.
Kaspersky CRYSTAL 2.0
360 | 7 4 6
Caption button of Password Manager
The caption button is displayed in the top part of the browser (application). If Password
Manager is locked, the Caption Button is inactive. With the Caption Button you can perform
the following actions:
► Add an account (identity) to the database;
► Add a bookmark;
► Edit exiting accounts (identities);
► Open the Password generator and passwords history;
► Quickly authorize on a website (in an application) using an existing account
(identity);
► Quickly open a website for which an account exists;
► Open Password Manager.
Kaspersky CRYSTAL 2.0
361 | 7 4 6
Adding account to Password database
Adding website account to Password database
In order to add a website account to the password database, perform the following actions:
1. Open the authorization page of the required website (for example,
http://facebook.com).
2. Enter your login and password in the corresponding fields.
When you click the button to continue authorization, the Password Manager window
will ask you whether you wish to add a new account to the Password database.
3. Click on the Add Account button.
Kaspersky CRYSTAL 2.0
362 | 7 4 6
To log in a website using Password Manager, perform the following actions:
1. In the browser open the authorization page on the required website
The Caption Button appears in all browsers supported by Password Manager (it
normally resides in the top part of the window).
2. Click the Caption Button and in the drop-down menu select the required account to log
in.
Password Manager will automatically sign you in.
You can also manually add a website account to the Password database. In order to do this,
perform the following actions:
► Using the caption button. Click on the Caption Button and select Web Accounts
-> Add Account.
Kaspersky CRYSTAL 2.0
363 | 7 4 6
► From the application context menu. Click on the Kaspersky PURE 2.0 icon
located in the Taskbar notification area and select Add -> Web Account from the
open menu.
► From the main window of Password Manager.
In order to add a new website account from the main window of Password Manager,
perform the following actions:
Kaspersky CRYSTAL 2.0
364 | 7 4 6
1. Open the main application window of Kaspersky PURE 2.0.
2. In the lower part of the window, click on the Password Manager button.
3. In the Password Manager window click on the Add Password or Password
Database button.
4. If you have selected Password Database, in the upper part of the open window,
click on the Add Account button.
Kaspersky CRYSTAL 2.0
365 | 7 4 6
If you have selected the Add Password item, the Add Account window will appear.
5. Enter or edit data in the Name, Link, Login and Password fields.
Kaspersky CRYSTAL 2.0
366 | 7 4 6
If you click on the Add description button next the Login field, the Description field to
enter your login description information will appear.
Kaspersky CRYSTAL 2.0
367 | 7 4 6
If you wish Password Manager automatically fills in the authorization fields of the
website and signs in, check the Automatic authorization box.
Kaspersky CRYSTAL 2.0
368 | 7 4 6
If you want to add a date when the password for the account expires, perform the
following actions:
a) Click on the Password never expires link. From the open menu select
Password expires.
b) In the appeared date field, enter the required date when the password
expires.
Kaspersky CRYSTAL 2.0
369 | 7 4 6
Click on the Password Generator button to automatically create a strong password.
Using Password Generator you can create strong password by specified conditions
(special characters, numbers and symbols use).
You can find detailed description of Password Generator in the Password
Generator section.
By clicking on the Show additional fields button you can specify the default browser
where the account opens (at Password Manager start), link the account to a specific
web page, manually configure the login form and add comments to the account.
Kaspersky CRYSTAL 2.0
370 | 7 4 6
Click on the Configure manually link in the Login form line to manually configure
authorization fields. In the Manual form editing window you can configure field
correspondence with entered data. In the description column you can find action to
be performed with the field.
In order to save the changes, click on the OK button.
6. To add the created web account to the Password Database click on the Add button in the lower part of the window.
Kaspersky CRYSTAL 2.0
371 | 7 4 6
The web account has been added to the Password Database.
Adding account for application to Password database
The Caption button is located on the upper part of application window. Using the button you
can quickly add an account to the password database and authorize in an application.
In order to add your account for an application to the password database using the Caption
button, perform the following actions:
1. Launch an application (for example, gtalk)
2. Click on the Caption Button and select Add Account.
3. In the open window specify your login and password in the Login and Password fields.
4. Click on the Add Account button.
Kaspersky CRYSTAL 2.0
372 | 7 4 6
The account has been added to the Password database.
In order to sign in using Password Manager, perform the following actions:
1. Open the authorization window of the application (for example, gtalk).
2. Click on the Caption Button and select the required user to sign in from the drop-down
menu (for example, user).
Password Manager will automatically sign the user in.
You can also manually add an account for an application to the password database of
Password Manager. You can open the window of adding accounts with the following methods:
► From the context menu of Kaspersky PURE 2.0 —
To do this, perform the following actions:
1. In the Taskbar notification area right-click the Kaspersky PURE 2.0 icon and
select Add.
2. From the open menu select App Account.
Kaspersky CRYSTAL 2.0
373 | 7 4 6
► From the Password Manager window.
In order to add a new account for an application from the Password Manager
window, perform the following actions:
1. Open the main application window.
2. In the lower part of the window click on the Password Manager window.
3. In the Password Manager window click on the Password Database button.
Kaspersky CRYSTAL 2.0
374 | 7 4 6
4. In the left part of the window select App Accounts and click on the Add Account button.
Kaspersky CRYSTAL 2.0
375 | 7 4 6
5. In the Add App Account select the application to create the account for. You can do this with the following methods:
► Drag the pointer icon to the open window of the application.
► Select the application by clicking on the Browse button.
6. In the upper part of the window enter the required name for the account.
Kaspersky CRYSTAL 2.0
376 | 7 4 6
7. Enter your login in the Login field. If you click on the Add description button the Description field will appear. You can enter the required description of the account.
Kaspersky CRYSTAL 2.0
377 | 7 4 6
If you want Password Manager automatically enters your authentication data in
the application and signs you in, check the Automatic authorization box.
8. You can also specify a date when the account password expires. In order to do
this, perform the following actions:
a. Click on the Password never expires link and select Password expires from
the drop-down menu.
b. In the open field specify the required date when the password expires.
9. Click on the Password Generator button to automatically create a strong
password. Using Password Generator you can create strong password by specified
conditions (special characters, numbers and symbols use).
You can find detailed description of Password Generator in the Password
Generator section.
10. Click on the Show additional fields button to open additional settings.
Kaspersky CRYSTAL 2.0
378 | 7 4 6
11. You can link the account to:
► particular window,
► window caption,
► application,
► application and caption.
12. You can configure the authorization form filling in manually and specify some
comments.
Kaspersky CRYSTAL 2.0
379 | 7 4 6
Click on the Configure manually link. In the open window you can configure
automatic form authorization filling in. The Description column contains information
on actions to be performed with the corresponding field.
13. Click on the Add button to complete account creation.
The account for the application has been added to the password database of
Password Manager.
Adding and using Identities
Password Manager can fill in web-forms for registration or online banking using existing
identities with your personal information (for example, full name, birth date, e-mail addresses,
phone numbers, country of living, bank accounts information).
You can add an identity with the following methods:
Kaspersky CRYSTAL 2.0
380 | 7 4 6
► Using the Caption Button. To do this, click on the Caption Button and select
Identities -> Add Identity.
► From the context menu of Kaspersky PURE 2.0. To do this, right-click the
Kaspersky PURE 2.0 icon in the Taskbar notification area and select Add -> Identity
from the open menu.
► From the Password Manager window.
In order to add an Identity from the Password Manager window, perform the following
actions:
1. Open the Password Manager window.
Kaspersky CRYSTAL 2.0
381 | 7 4 6
2. Click on the Add Identity button.
3. In the left part of the open window select Identities.
Kaspersky CRYSTAL 2.0
382 | 7 4 6
4. In the upper part of the window enter the required type of the Identity (for example,
Work).
5. Fill in the required fields in the Personal section. Password Manager can store
several credit cards data in one identity.
6. In order to add an additional credit card (bank account), click on the Add button and
select Credit card (Bank account).
Kaspersky CRYSTAL 2.0
383 | 7 4 6
7. Click on the Save button to save the changes.
In order to apply an Identity, perform the following actions:
1. Open the required page with identity fields.
2. Click on the Caption Button and from the open menu select Identities -> <name of
the identity>.
Password Manager automatically fills in identity fields.
Kaspersky CRYSTAL 2.0
384 | 7 4 6
Adding and using bookmarks
In Password Manager you can add and manage bookmarks for web pages. You can add
bookmarks with the following methods:
► Form the context menu of Kaspersky PURE 2.0
► Using Caption Button (normally the button is located in the upper right hand part of
the browser).
► From the Password Manager window.
In order to add a bookmark from the context menu of Kaspersky PURE 2.0, perform the
following actions:
1. Right-click the Kaspersky PURE 2.0 icon the Taskbar notification area.
2. Select the Add item.
3. Select Bookmark from the open menu.
In order to add a bookmark using the Caption Button (it normally resides in the upper right
hand part of the browser), click on the Caption Button and select Bookmarks -> Bookmark
this web page from the open menu.
Kaspersky CRYSTAL 2.0
385 | 7 4 6
In order to add a bookmark from the Password Manager window, perform the following
actions:
1. In the Password Manager window click on the Password Database button.
2. In the left part of the open window select Bookmarks and then click on the Add
Bookmark in the right part of the window.
Kaspersky CRYSTAL 2.0
386 | 7 4 6
3. Enter the name of the bookmark in the Name field and address to the web page in the
Link field.
In order to open a web page using the corresponding bookmark click on the Caption Button
and select Bookmarks -> <name of the bookmark>.
Kaspersky CRYSTAL 2.0
387 | 7 4 6
Adding Secure memos
Password Manager enables you not only to securely store logins and passwords but also
personal records which you would like to remain confidential such as: SIM card PIN codes,
software keys, passport details, etc. It is possible to use templates with standard data types
when creating a secure memo.
You can edit secure memos settings after adding them.
You can create a secure memo with the following methods:
► From the Kaspersky PURE 2.0 context menu
In order to do this, perform the following actions:
1. Right-click on the Kaspersky PURE 2.0 icon in the Taskbar notification area,
2. Select Add -> Secure Memo.
► From the Password Manager window.
In order to create a secure memo from the Password Manager window, perform the
following actions:
1. Open the Password Manager window.
2. In the left part of the window click on the Password Database button.
Kaspersky CRYSTAL 2.0
388 | 7 4 6
3. In the left part of the open window select Secure Memos. In the right part of
the window click on the Add Secure Memo button.
Kaspersky CRYSTAL 2.0
389 | 7 4 6
4. In the upper part of the window enter the memo name in the empty field.
Kaspersky CRYSTAL 2.0
390 | 7 4 6
5. Click on the button to select a type of the memo. Otherwise, the
Default memo type will be selected.
Each memo type has its own icon. When you select a specific memo type, you
will be able to identify your secure memos by icons.
Kaspersky CRYSTAL 2.0
391 | 7 4 6
6. You can select a specific memo template. Each memo template contains
already added fields to fill in.
Kaspersky PURE 2.0 provides the following templates:
► Software license;
► Credit card;
► Bank account;
► ID card;
► Driver’s license;
► Passport;
► Travel viza;
► Voter card;
► Student card;
► Internet settings.
In order to select the required template, click on the Template button and select
the required template from the open menu.
Kaspersky CRYSTAL 2.0
392 | 7 4 6
7. You can also create your own templates. In order to do this, enter the required
data in the entry field and then click on the Template button and select Save as
template from the open menu.
Kaspersky CRYSTAL 2.0
393 | 7 4 6
In the open window enter the template’s name.
8. Enter the required data in the text editor field.
9. Click on the Add button to save the created secure memo.
Kaspersky CRYSTAL 2.0
394 | 7 4 6
Password database managing
Importing/exporting password database
Password Manager can import and export your password databases. You can import both
passwords from other password management applications (e.g. Internet Explorer, Mozilla
Firefox, Google Chrome), and passwords from other password management applications (for
example, KeePass). Passwords are imported from the files with the xml, ini formats.
You can also save the Password Database on the computer. Passwords are exported to .xml,
.html and .txt files. Export is convenient for opening general access passwords, printing the
Password Database, or saving a backup copy of the Password Database to a file in a
different format (different from the Password Manager format).
Importing Password Database
In order to import a password database to the database of Password Manager, perform the
following actions:
1. Open the Password Manager window.
2. In the left part of the window click on the Password Database button.
3. In the bottom part of the window click on the Import link.
Kaspersky CRYSTAL 2.0
395 | 7 4 6
4. In the Import passwords window select the required application to import passwords
from and then click on the Import passwords button.
Kaspersky CRYSTAL 2.0
396 | 7 4 6
5. In the open window select the required extension of files to be displayed (xml or pws),
select the database to import and click on the Open button.
Kaspersky CRYSTAL 2.0
397 | 7 4 6
6. Perform one of the following actions:
If you wish to delete the current password database and use the imported one, click
on the Overwrite button.
In the window informing that Password Database has been successfully imported
from file click on the OK button.
Kaspersky CRYSTAL 2.0
398 | 7 4 6
Passwords import has been completed.
If you wish to add passwords from the selected database to the current password
database, click on the Merge button.
In the Import passwords window check boxes next to required accounts to be
imported. In order to import all accounts for a specific application/web page check the
box next to the required application/web page and then click on the Import button.
Kaspersky CRYSTAL 2.0
399 | 7 4 6
Passwords import has been completed.
Exporting Password Database
In order to export the password database to a file, perform the following actions:
1. Open the Password Manager window.
2. In the left part of the window click on the Password Database button.
3. In the bottom part of the open window click on the Export data link.
Kaspersky CRYSTAL 2.0
400 | 7 4 6
4. On the Export type step in the Password Manager – Data Export Wizard window
select Export the entire database.
Kaspersky CRYSTAL 2.0
401 | 7 4 6
If you want to export specific data, select the Select data to be exported manually
option and click Next. On the Select Data step, check the boxes to the required data
to be exported and click on the Next button.
You can exclude login and password data from information to be exported. In order
to do this, check the box Exclude login information from exported accounts.
Click on the Next to proceed.
Kaspersky CRYSTAL 2.0
402 | 7 4 6
5. On the Export Settings step, select Secure export (recommended). Click on the Next button.
Kaspersky CRYSTAL 2.0
403 | 7 4 6
To password-protect the data enter your password in the Password and Confirm password fields.
If you have selected the option Exclude login information from exported accounts
the option Specify password expiration date on the step will not be available. In order
to return to the previous step, click on the Back button.
If you the option Exclude login information from exported accounts has not been
selected, you can specify the password expiration date. Click on the Next button to
proceed with data export.
Kaspersky CRYSTAL 2.0
404 | 746
Not encrypted files containing exported data are not protected. If you want to select an It
is recommended to encrypt the file which will contain your personal data.
In order to encrypt the exported file, select Secure export (recommended).
extension of the file which will contain your data, select Export without encryption and
then select the required file extension from the drop-down menu.
In order to proceed with data export, click on the Next button.
In the open window informing that data will not be encrypted click on the OK button.
6. On the Destination folder step, select Destination folder and file name for the
exported data.
Kaspersky CRYSTAL 2.0
405 | 746
You can also send the created file by email. In order to do this, select the Send by
email option. The option is available only if an email client is installed on the computer
(for example, Microsoft Outlook).
Click on the Next button.
7. On the Summary step, check whether the specified parameters are correct. Click on the
Export button.
Kaspersky CRYSTAL 2.0
406 | 746
Your data have been exported to the file.
8. Click on the Finish button to exit from the Wizard.
Kaspersky CRYSTAL 2.0
407 | 746
Backup copies of Password Database
Each time you edit the password database Password Manager creates backup copies of the
database. Files of backup copies are encrypted.
In the Password Manager interface backup copies of the password database are displayed in
the list sorted out by backup time. Files are provided with the following additional data:
► Current folder;
► Backup date and time;
► Performed changes.
Restoring data from backup copies
You can use backup copies for the following purposes:
► To restore the password database;
► To delete old versions of backup copies;
► To change the store folder.
You can restore the password database if:
► You need to cancel last changes;
► The password database was deleted or overwritten;
► The current password database is not damaged or corrupted after system failures.
In order to restore the password database from a backup copy, perform the following actions:
1. Open the main application window.
2. In the bottom part of the window click on the Password Manager button.
3. In the Password Manager window click on the Password Database button.
4. In the bottom part of the window click on the Restore data link.
Kaspersky CRYSTAL 2.0
408 | 746
5. The path to the folder to store backup copies is specified by default. You can change the
default folder by clicking on the button in the upper part of the Restore window.
Kaspersky CRYSTAL 2.0
409 | 746
6. Select the required backup copy from the list and click on the Restore button.
Kaspersky CRYSTAL 2.0
410 | 746
7. In the open window confirm restoration by clicking on the OK button.
Deleting old backup copies
In order to delete unneeded backup copies of the password database, perform the following
actions:
1. Open the main application window.
2. In the lower part of the window click on the Password Manager.
3. In the Password Manager window click on the Password Database button.
4. In the bottom part of the window click on the Restore data link.
5. In the Restore window select backup copies to delete. To select several backup copies
keep the Ctrl key pressed and select them in the list.
Kaspersky CRYSTAL 2.0
411 | 746
6. Click on the Delete button.
7. In the open window click on the OK button to confirm deletion.
Configuring Password Manager
You can configure settings of Password Manager by clicking on the Settings button in the
Password Manager window.
In order to open the Settings window of Password Manager, perform the following actions:
1. In the main application window click on the Password Manager window.
2. In the left part of the Password Manager window click on the Settings button.
Kaspersky CRYSTAL 2.0
412 | 746
3. In the left part of the Password Manager Settings window select the required item.
You can select one of the following options:
► General. Here you can:
Enable/disable automatic start of Password Manager on Kaspersky PURE 2.0
startup;
Select action to be performed on the Password Manager icon double-click;
Enable asking for confirmation of paste from clipboard;
Specify time to store password in the clipboard.
Kaspersky CRYSTAL 2.0
413 | 746
► Ignored web addresses. In this section you can add addresses of web-sites for which
you want to disable Password Manager. You can add, edit or delete an address
from the list.
Kaspersky CRYSTAL 2.0
414 | 746
► Trusted web addresses. In this section you can add trusted web addresses which
you trust. Password Manager protects personal data from phishing attacks.
Sometimes there are situations when after signing in you are redirected to another web
page. Password Manager detects redirection and blocks it. In order Password Manager
trusts a web page to which you are redirected, you can add the web page to the list of
trusted web addresses. In this case Password Manager will not block redirection. Please,
make sure the web page is safe before adding it to the list of trusted web addresses.
You can add, edit or delete an address from the list.
Kaspersky CRYSTAL 2.0
415 | 746
► Ignored applications. In this section you can add applications for which you want to
disable Password Manager. You can add or delete an application from the list.
Kaspersky CRYSTAL 2.0
416 | 746
► Security. In this section you can:
Change your Master Password;
Change authorization method (password protection, USB device, Bluetooth
device, no authorization)
Enable automatic locking of Password Manager.
Kaspersky CRYSTAL 2.0
417 | 746
► My passwords. In this section you can:
Specify a folder to store your password database;
Create a new password database;
Specify a folder to store backup copies;
Specify a number of backup copies to store;
Specify time period to store a backup copy;
Change the database encryption algorithm.
Kaspersky CRYSTAL 2.0
418 | 746
► Hot keys. In this section you can set hot keys for Password Manager actions. You
can specify key combinations for the following actions:
Locking/unlocking Password Manager;
Password entering;
Quick launch box opening.
Kaspersky CRYSTAL 2.0
419 | 746
► Caption Button. In this section you can:
Change the Caption Button location;
Enable/disable the Caption Button display if Password Manager is locked;
Enable/disable the Caption Button display in web browsers.
Kaspersky CRYSTAL 2.0
420 | 746
► Supported browsers. This section contains the list of supported browsers. You can
install the Password Manager plug-in to a browser.
Kaspersky CRYSTAL 2.0
421 | 746
► Manage templates. In this section you can add, edit or delete templates for secure
memos.
Kaspersky CRYSTAL 2.0
422 | 746
► Miscellaneous. In this section you can configure the Password Manager and
browser notifications.
Kaspersky CRYSTAL 2.0
423 | 746
Portable version of Password Manager
With portable version created you can connect a removable device to any computer and use
your password database. As soon as a removable device is disabled, Password Manager
automatically closes and removes all of your data from the public computer.
To create a portable version of Password Manager, perform the following actions:
1. Connect the removable device to the computer.
2. Open the Password Manager window.
3. In the left part of the Password Manager window click Portable Version.
Kaspersky CRYSTAL 2.0
424 | 746
4. In the list of available devices select the device to install the portable version of
Password Manager on it. Click on the Next button.
Kaspersky CRYSTAL 2.0
425 | 746
5. If the required device is connected to the computer but missing from the list of available
devices, check the box Show additional drives.
6. Specify the required settings (check boxes for the required options).
Kaspersky CRYSTAL 2.0
426 | 746
7. Click on the Execute button.
8. In the window informing that Installation/Synchronization completed successfully
click on the Finish button.
Now you can use the portable version of Password Manager .
Virtual Keyboard
When working on your computer, the cases frequently occur when it is required to enter your
personal data, or username and password. For instance, when registering on Internet sites,
using online stores etc.
There is a danger that this personal information will be intercepted using hardware keyboard
interceptors or keyloggers, which are programs that register keystrokes.
Virtual Keyboard prevents the interception of data entered at the keyboard.
Virtual Keyboard cannot protect your personal data if the website, that required entering such
data, has been hacked, since in this case the information will be obtained directly by the
intruders.
Many of the applications classified as spyware have the functions of making screenshots which
then are transferred to an intruder for further analysis and for stealing the user's personal data.
Virtual Keyboard prevents the personal data being entered, from being intercepted with the use
of screenshots.
Before using Virtual Keyboard, see its working peculiarities:
► Before you enter your data with the virtual keyboard, make sure the cursor is set in
the correct field.
Kaspersky CRYSTAL 2.0
427 | 746
► Press the button on the virtual keyboard using the mouse.
► Unlike on real keyboard, on the virtual keyboard you cannot press two keys
simultaneously. That is why if you need to use the combinations of keys (for
example, ALT+F4), you need to press the first key (ALT), then the next (F4) and
then press the first one again. Repetitive pressing substitutes release of a key on a
real keyboard.
► You can switch the language for the virtual keyboard using the key combination Ctrl
+ right-clicking Shift, or Ctrl + right-clicking Left Alt, depending on the settings
selected.
You can start virtual keyboard with the following methods:
► From the Password Manager window;
► From the context menu of Kaspersky PURE 2.0;
► From the browser Microsoft Internet Explorer, Mozilla Firefox and Google
Chrome;
► Using the keys combination CTRL+ALT+SHIFT+P.
In order to open Virtual Keyboard from the Password Manager window, click on the Virtual
Keyboard button.
Kaspersky CRYSTAL 2.0
428 | 746
In order to open Virtual Keyboard from the Kaspersky PURE 2.0 context menu, right-click on
the Kaspersky PURE 2.0 icon in the Taskbar notification area and select Tools -> Virtual
Keyboard from the open menu.
Kaspersky CRYSTAL 2.0
429 | 746
In order to open Virtual Keyboard from a browser, click on the Keyboard icon in the upper
part of the browser.
Password Generator
What is Password Generator
During an account creation you need to specify a new account. A special tool for automatic
password creation – Password Generator – is embedded into Password Manager. Using
Password Generator you can create unique and strong passwords (with lower- and upper-
case letter, digits and special symbols).
Creating password for account
In order to create a password for web or app account, perform the following actions:
1. Open the Password Manager window.
2. In the lower part of the window click on the Password Generator.
Kaspersky CRYSTAL 2.0
430 | 746
3. In the Password Generator window in the Password length field specify the number
of symbols in the password (not less than 8 symbols are recommended).
Kaspersky CRYSTAL 2.0
431 | 746
4. In the Advanced settings section check the boxes for the required settings (use of A-Z,
a-z, numbers 0-9 and special symbols). You can disable use of similar symbols by
checking the box Exclude repeating characters. The more boxes are checked, the
stronger password will be created.
5. Click on the Generate button.
6. In the Strength section Password Generator shows how your password is strong
according to the specified parameters.
Kaspersky CRYSTAL 2.0
432 | 746
The generated password appears in the empty field.
7. To view the password click on the button in the password field. The password is
displayed while you keep the button pressed.
8. Click on the Copy to clipboard button. Clipboard is a special storage designed to store
copied data and transfer it between applications.
9. Paste the password to the authorization field by pressing the key combination Ctrl + V.
Kaspersky CRYSTAL 2.0
433 | 746
10. To view history of created password, in the Password Generator window go to the
Passwords History tab. You can copy a password from the list to Clipboard or clear
the history by clicking on the corresponding buttons.
Kaspersky CRYSTAL 2.0
434 | 746
Chapter 13. Settings. Protection
The section provides detailed information about all application components, describing the
operational algorithm and settings of each component.
To start advanced application setting, open the settings window with one of the following
methods:
► Click the Settings link in the top part of the main application window.
► Select the Settings item from the context menu of the application icon.
Kaspersky CRYSTAL 2.0
435 | 746
In the top left part of the Settings window select Protection:
Kaspersky CRYSTAL 2.0
436 | 746
General protection settings
In the application settings window, in the General Settings subsection of the Protection
Center section, you can perform the following operations:
► enable/disable all protection components;
► select the interactive or automatic protection mode;
► disable or enable automatic launch of the application at the startup of the operating
system;
► enable a custom key combination to display the virtual keyboard on the screen.
Enabling and disabling protection
By default, Kaspersky PURE 2.0 is started automatically at computer startup and protects your
computer during its operational session. After the application is started, all the application
components are enabled.
You can partially or entirely disable protection in Kaspersky PURE 2.0.
Kaspersky Lab experts strongly recommend not to disable protection as it may lead to your
computer infection and data loss. If you need to disable protection, you are recommended to
pause protection for the required period (see below).
Kaspersky CRYSTAL 2.0
437 | 746
When the protection is disabled, work of all protection components is disabled.
There are the following indications of disabled protection:
► Grey Kaspersky icon in the Taskbar notification area.
► Red banner in the main application window.
In this case, the protection is regarded as the set of protection components. Disabling or
pausing protection components does not affect the performance of virus scan tasks and
Kaspersky PURE 2.0 updates.
You can fully enable or disable protection from the application settings window.
To disable or enable protection, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select the General
Settings subsection.
3. Uncheck the Enable protection box if you need to disable protection. Check the box, if
you need to enable protection.
Kaspersky CRYSTAL 2.0
438 | 746
To disable or enable a protection component from the settings window, perform the following
actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select a component you
need to enable or disable.
3. In the right part of the window uncheck the box Enable <component name>, if you
need to disable the component. Check the box, if you need to enable the component.
Pausing and resuming protection
Protection pausing means disabling all application components for a specific time.
There are the following indications of protection pause:
Kaspersky CRYSTAL 2.0
439 | 746
► Grey Kaspersky icon in the Taskbar notification area.
► Red central part in the main application window.
In this case, the protection is regarded as the set of protection components. Disabling or
pausing protection components does not affect the performance of virus scan tasks and
Kaspersky PURE 2.0 updates.
Network connections established at the moment of protection pause will be terminated and a
corresponding notification will be displayed on the screen.
To pause computer protection, perform the following actions:
1. Select the Pause protection item from the context menu of the application.
Kaspersky CRYSTAL 2.0
440 | 746
2. In the Pause protection window select the required variant:
► Pause for the specified time — protection is automatically enabled after a specified
time interval.
► Pause until reboot — protection is enabled after the application is restarted or the
operating system is rebooted (if automatic startup of the application is enabled).
► Pause — protection is enabled only when you decide to resume it.
In order to resume protection, select the Resume protection item from the context menu of
the application icon.
Kaspersky CRYSTAL 2.0
441 | 746
You can resume protection this way (by selecting the Resume protection item from the
context menu of the application icon) irrespective of the ―pause protection‖ variant you have
selected: should it be the Pause, Pause until reboot or Pause for the specified time variant.
Selecting protection mode
By default, Kaspersky PURE 2.0 runs in automatic protection mode. In this mode the
application automatically applies actions recommended by Kaspersky Lab experts in
response to dangerous events. If you wish Kaspersky PURE 2.0 to notify you of all hazardous
and suspicious events in the system and to allow to decide which of the actions offered by the
application should be applied, you can enable interactive protection mode.
To select a protection mode, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select General Settings.
3. In the Interactive protection section uncheck or check the boxes you need:
► to enable interactive protection mode, uncheck the Select action automatically box;
► to enable automatic protection mode, check the Select action automatically box.
To prevent Kaspersky PURE 2.0 from deleting suspicious objects in automatic mode, check
the Do not delete possibly infected objects box.
Kaspersky CRYSTAL 2.0
442 | 746
Enabling and disabling autorun
Automatic launch of the application means that Kaspersky PURE 2.0 launches after the
operating system startup. This is the default start mode.
In order to enable or disable the application autorun, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select General Settings.
3. To disable the application autorun, in the right part of the window in the Autorun section
uncheck the Launch Kaspersky PURE 2.0 at computer startup box. To enable the
application autorun, check the box.
Kaspersky CRYSTAL 2.0
443 | 746
Virtual keyboard
The Virtual Keyboard tool prevents the interception of data entered via the keyboard.
To open the Virtual Keyboard using the computer keyboard, use the following key
combination: CTRL + ALT + SHIFT + P. By default, the option to start the virtual keyboard
using the hot keys is enabled.
To cancel launch of the virtual keyboard using the hot keys, perform the following actions:
1. Open the application settings window.
2. In the left part of the window in the Protection Center section select General Settings.
3. To cancel launch of the virtual keyboard using the hot keys, in the right part of the
window in the Virtual Keyboard section uncheck the Open Virtual Keyboard on
“CTRL+ALT+SHIFT+P” box.
Kaspersky CRYSTAL 2.0
444 | 746
Kaspersky CRYSTAL 2.0
445 | 746
Self-Defense
Kaspersky PURE 2.0 protects a computer from malware. Therefore, malware which penetrate
into the computer tries to block work of Kaspersky PURE 2.0 or remove the application from
the computer. Stable computer protection system is provided by the self-defense and disabling
external service control technologies of Kaspersky PURE 2.0.
Self-Defense of Kaspersky PURE 2.0 blocks outside attempts to modify or delete the
application files, memory processes and system registry records. The Disable external service
control option blocks all attempts to control services remotely.
On computers working under 64-bit operating systems and Microsoft Windows Vista only self-
defense from attempts to modify or delete the application files, memory processes and system
registry entries is available.
Enabling and disabling self-defense
By default, Self-Defense of Kaspersky PURE 2.0 is enabled. If you need you can disable self-
defense.
In order to enable or disable self-defense of Kaspersky PURE 2.0, perform the following
actions:
1. Open the main application window.
2. In the top part of the window click Settings.
3. In the left part of the window select Self-Defense in the Protection Center section.
4. In the right part of the window clear the Enable Self-Defense box if you need to disable
the application self-defense. Check the box if you need to enable self-defense.
Kaspersky CRYSTAL 2.0
446 | 746
Protection from external control
By default, the Disable external service control option is enabled. You can disable it if you
need.
In some cases, when the option of remote control block is enabled, you may need to use a
remote control program (for example, RemoteAdmin). In order to provide proper work of such
programs, it is required to add them to the list of trusted application (HERE WILL BE A LINK)
and enable the parameter Do not monitor application activity.
In order to disable remote control block, perform the following actions:
1. Open the main application window.
2. In the top part of the window click Settings.
3. In the left part of the window select Self-Defense in the Protection Center section.
4. In the right part of the window in the External control section clear the Disable
external service control box.
Kaspersky CRYSTAL 2.0
447 | 746
Kaspersky CRYSTAL 2.0
448 | 746
File Anti-Virus
What is File Anti-Virus
The file system may contain viruses and other malicious programs. Such malware may reside
in your file system for several years having once intruded your computer and not reveal
themselves. However once you open an infected file or, for example, try to copy it on the disk,
the virus will reveal itself.
The File Anti-Virus component monitors the computer file system and prevents infection of the
computer's file system. The component starts upon startup of the operating system,
continuously remains in the computer's RAM, and scans all files being opened, saved, or
launched on your computer and all connected drives.
Enabling/Disabling File Anti-Virus
To enable/disable File Anti-Virus, perform the following actions:
1. Open the application settings window.
2. In the Settings window in the Protection Center section select File Anti-Virus from the
list of components.
3. In the right part of the window perform the following actions:
► To enable the component, check the Enable File Anti-Virus box.
► To disable the component, uncheck the Enable File Anti-Virus box.
Kaspersky CRYSTAL 2.0
449 | 746
4. In the Settings window click the Apply button.
Operating algorithm of File Anti-Virus
By default, File Anti-Virus operates according to the following algorithm:
File Anti-Virus scans iChecker and iSwift databases (you can read about these technologies
in the documentation to this video – a download link is available under the video window) or
information about the intercepted file, and determines if it should scan the file, based on the
information retrieved.
The file is scanned for viruses. Based on the analysis, File Anti-Virus performs one of the
following actions:
► If malicious code is detected in the file, File Anti-Virus blocks the file, creates a
backup copy and attempts to perform disinfection. If the file is successfully
disinfected, it becomes available again. If disinfection fails, the file is deleted.
► If potentially malicious code is detected in the file, the file proceeds to disinfection
and then is sent to the special storage area called Quarantine.
► If no malicious code is discovered in the file, it is immediately restored.
Kaspersky CRYSTAL 2.0
450 | 746
Security levels of File Anti-Virus
The security level is defined as a preset configuration of the File Anti-Virus component
settings which provide a protection level to files and system memory. Kaspersky Lab
specialists distinguish three security levels. The decision of which level to select should be
made by the user based on the current situation.
► High. Set this level if you suspect that your computer has a high chance of being
infected.
► Recommended. This level provides an optimum balance between the efficiency and
security and is suitable for most cases.
► Low. If you work in a protected environment (for example, in a corporate network
with centralized security management), the low security level may be suitable.
To change the security level, perform the following actions:
1. In the right part of the Settings window of the File Anti-Virus component set a security
level by dragging the vertical slider to the required position.
2. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
451 | 746
Actions to be performed by File Anti-Virus on detected threats
Default actions
By default program chooses the actions on detected objects itself.
If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined. Quarantine is a special storage, which contains objects that can be
infected viruses. Objects in the quarantine cannot harm your computer.
If as a result of the scan object is given the status of malicious software, File Anti-Virus will try
to disinfect it. If the disinfection is impossible, the object is deleted.
Before disinfecting or deleting of the object Kaspersky PURE 2.0 creates its backup in case
there is necessity to restore the object or in case the way to disinfect the object turns up. The
storage period for a backup copy makes 30 days.
Actions set by the user
You can set the action to be performed on detected threats by yourself. File Anti-Virus can
perform the following actions on detected threats:
► Disinfect;
► Delete;
► Delete if disinfection fails (appears if Disinfect option is enabled).
Kaspersky CRYSTAL 2.0
452 | 746
If the Disinfect variant is selected, the program functions the following way:
► If the object can be disinfected, it will be disinfected and will return to the user.
► If as a result of scan the program failed to define whether the object is infected or
not, the object is quarantined. If the option to scan quarantined files after each
database update is enabled, then when a new disinfection signature is received the
quarantined object can be disinfected and returned to the user.
► If the virus status is assigned to the object and its disinfection is impossible, the
object is blocked and is added to the report about detected threats. If you want
infected objects which cannot be disinfected would be deleted check the Delete if
disinfection fails box (the box appears if the Disinfect option is enabled).
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.
Kaspersky CRYSTAL 2.0
453 | 746
In order to select the necessary action, check the box next to the action and click the Apply
button to save the changes.
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect
► Delete if disinfection fails
In this case the program will perform the following actions over an object:
► Disinfect, if disinfection is possible. After disinfection you can continue your work
with the object.
► Quarantine, if the program failed to define if the object is infected or not. If the option
to scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and
returned to the user.
► Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions for each object
You can also specify File Anti-Virus actions for every detected object individually. For this
enable interactive mode the following way:
1. In the left of the Settings window go to the Protection tab. In the left part of the window
select the General Settings subsection.
2. In the Interactive protection section, uncheck the Select action automatically box.
Kaspersky CRYSTAL 2.0
454 | 746
3. In the Settings window click the Apply button.
Interactive mode is enabled for the entire application. That is why when interactive mode is
enabled you will have to define an action for each object detected by any Kaspersky PURE 2.0
component.
How to specify action on detected threats
To specify an action on detected threats, please do the following:
1. In the left part of the Settings window select the File Anti-Virus component.
2. Make sure the Enable File Anti-Virus box is enabled in the right part of the window.
3. In the Action on threat detection section select an action on detected threats:
Prompt for action.
Select action: o Disinfect. o Delete (Delete if disinfection fails).
4. In the Settings click the Apply button.
If you have selected the Select action variant and have not selected any action, File Anti-
Virus will block dangerous objects and quarantine then, notifying the user of its actions.
Kaspersky CRYSTAL 2.0
455 | 746
The Delete if disinfection fails box appears only if the Disinfect box is enabled.
Customizing security level in File Anti-Virus
Kaspersky CRYSTAL 2.0
456 | 746
To fine-tune the File Anti-Virus settings, in the Security level section click the Settings
button.
The File Anti-Virus window will open.
Selecting file types scanned by File Anti-Virus
In the File Anti-Virus window on the General tab you can set/ select file types to be scanned
by File Anti-Virus. By default File Anti-Virus scans only potentially infected files (files into
which a virus can penetrate), started on all hard, removable and network drives.
You can select on your own the file types which should be scanned by File Anti-Virus for
viruses.
Kaspersky CRYSTAL 2.0
457 | 746
The following file types can be set for scan:
► All files — File Anti-Virus analyzes all files irrespective of their name (for example,
―press-release‖) or extension (for example, «.doc»).
► Files scanned by format — File Anti-Virus scans the internal header of a file to
determine the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file
format cannot be infected, the file is not scanned and is returned to the user. If a file
format is infectable, such file is scanned for viruses;
► Files scanned by extension — File Anti-Virus scans files respective of their
extension (for example, files with the extensions .com, .exe, .sys, .bat, .dll and etc).
The file format is determined based on its extension. A file extension helps the user
and software define the type of data in the file.
When selecting the file type scanned by File Anti-Virus, consider the following peculiarities.
For example, the cyber criminal can send a virus to your computer with a txt extension, though
in reality such file can be executable, renamed into a txt-file.
If the Files scanned by extension option is selected, then during scan such file will be
skipped.
If the Files scanned by format option is selected, then in spite of the extension File Anti-
Virus will analyze the file header. In the result of scan it will become clear that the file has an
exe-format. Such file will be scanned for viruses.
Kaspersky CRYSTAL 2.0
458 | 746
Selecting location of files scanned by File Anti-Virus
You can also specify location of the scanned files in the Protection scope section. In order to
add a new object to the scan scope, perform the following actions:
1. In the File Anti-Virus window click the Add link.
2. In the Select object to scan window select an object and click the Add button.
3. Once you have added all the necessary objects, in the Select object to scan window
click the OK button.
4. In the File Anti-Virus window click the OK button.
Kaspersky CRYSTAL 2.0
459 | 746
Scan methods of File Anti-Virus
By default, File Anti-Virus scans objects using signature analysis (bases with the description
of known threats and their disinfection methods). The component compares the object under
scan with the records in the base and defines whether the object is malicious. Since new
malicious objects appear daily, there is always some malware which are not described in the
databases, and which can only be detected using heuristic analysis. This method presumes
the analysis of the actions an object performs within the system. If its actions are typical of
malicious objects, the object is likely to be classed as malicious or suspicious.
In order to configure heuristic analysis, perform the following actions:
1. In the File Anti-Virus window go to the Performance tab.
2. In the Heuristic Analyzer section specify the detail level10 for scan moving the
horizontal slider to the necessary position.
3. Click the OK button.
Optimization of files scan
To reduce the scan time and accelerate the application operation, you can configure scan of
only new and recently changed files, which were modified after the previous scan. For this,
perform the following actions:
1. In the File Anti-Virus window go to the Performance tab.
2. In the Scan optimization section check the Scan only new and changed files box.
10
The higher the detail level is, the more resources and time are needed for scan, however the more thorough the analysis will be.
Kaspersky CRYSTAL 2.0
460 | 746
3. Click the OK button.
Setting scan of compound files
A compound file is structured storage for several other files. Examples of compound files are
archives and OLE-objects. A common method of concealing viruses is to embed them into
compound files (archives). To detect viruses that are hidden in this way a compound file should
be unpacked, which can significantly lower the scan speed.
To enable scan of archives, perform the following actions:
1. In the File Anti-Virus window go to the Performance tab.
2. In the Scan of compound files section, check the Scan archives box.
Kaspersky CRYSTAL 2.0
461 | 746
3. Click the OK button.
Installer packages (files to install software) and files containing OLE objects (objects (images,
texts, tables, drawings) created in one program but which can be opened using other
programs) are executed when they are opened, which makes them more dangerous than
archives.
To enable scan of installer packages and embedded OLE-objects, perform the following
actions:
1. In the File Anti-Virus window on the Performance tab in the Scan of compound files
section, check the corresponding boxes.
Kaspersky CRYSTAL 2.0
462 | 746
2. Click the OK button.
When large compound files are scanned, their preliminary unpacking may take a long period of
time. This period can be reduced by enabling unpacking of compound files in background
mode (while the user is working with other programs). If a malicious object is detected when
processing such a file, File Anti-Virus will notify you of this.
To scan compound files in background mode, perform the following actions:
1. In the File Anti-Virus window on the Performance tab in the Scan of compound files
section, click the Additional button.
Kaspersky CRYSTAL 2.0
463 | 746
2. In the Compound files window check the Extract compound files in the background
box.
3. In the Minimum file size field specify the minimum file size to be scanned in the
background. Files of smaller size are scanned in the normal mode.
To reduce access time to compound files, you can disable extracting of files whose size
exceeds the specified value. For this, perform the following actions:
1. In the Size limit section specify the maximum file size to be scanned. The setting is not
applied to scan of files extracted from archives.
Kaspersky CRYSTAL 2.0
464 | 746
2. Click the OK button.
Scan modes of File Anti-Virus
You can select one of four scan modes in File Anti-Virus:
► Smart mode.
► On access and modification (the application scans objects when they are opened
or modified).
► On access (the application scans objects only when they are attempted to open).
► On execution (the application scans objects only when they are attempted to run).
By default, Kaspersky PURE 2.0 uses smart mode, which determines if the object is subject to
scan, based on the actions performed on it. For example, when working with a Microsoft
Office document, File Anti-Virus scans the file when it is first opened and last closed.
Intermediate operations that overwrite the file do not cause it to be scanned.
To set a scan mode, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Scan mode section select the required scan mode.
Kaspersky CRYSTAL 2.0
465 | 746
3. Click the OK button.
iSwift и iChecker scan technologies
Intellectual technologies iChecker and iSwift allow accelerating work of File Anti-Virus.
Technologies achieve the highest efficiency sometime after installation of the product. These
technologies add to each other thus accelerating anti-virus scan of various objects in different
file and operating systems.
During the first scan with iChecker technology the check sum of an object is saved. Check
sum is a unique digital signature of an object (file) that allows identifying this object (file).
Check sum changes every time the object is modified. This information is saved in a special
table. During the next scan of an object the previous and current check sums are compared. If
the check sum is different the object should be scanned for a malicious code once again, if the
check sum is the same, the object is not scanned.
The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf,
sys, com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker
to scan the whole file, than to calculate its check sums.
The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier
is given to each object. This NTFS-identifier is compared with the values in the special iSwift
database. This algorithm considers the previous scan date. If from the moment of the first scan
to the last scan the same period or more passed then the object will be re-scanned. The object
will be also scanned in the case of the object settings were changed to stricter ones.
The technology is connected to a definite file location in the file system. If the file was
copied/relocated then it is scanned again.
In order to enable the use of iSwift and iChecker technologies, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Scan technologies section check the boxes iSwift technology and iChecker
technology.
Kaspersky CRYSTAL 2.0
466 | 746
3. Click the OK button.
Pausing File Anti-Virus
When carrying out resource-intensive works, you can pause File Anti-Virus. To reduce
workload and ensure quick access to objects, you can configure automatic pausing of the
component at a specified time. For this, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Pause task section check the By schedule box.
3. Click the Schedule button.
Kaspersky CRYSTAL 2.0
467 | 746
4. In the Pausing the task window in the fields Pause and Resume task at define the
time interval during which the component will remain inactive.
5. Click the OK button.
6. In the File Anti-Virus window click the OK button.
Additionally to disabling File Anti-Virus on schedule, you can configure disabling File Anti-
Virus when handling specified programs. For this, perform the following actions:
1. In the File Anti-Virus window go to the Additional tab.
2. In the Pause task section check the At application startup box.
3. Click the Select button.
Kaspersky CRYSTAL 2.0
468 | 746
4. In the Applications window click the Add link. Next, perform the following actions:
► Select an application from the Applications list;
or
► Click Browse and select an application using the browser window.
5. Having created the list of applications, click the OK button in the Applications window.
6. In the File Anti-Virus window click the OK button.
Rollback to default settings of File Anti-Virus
You can always roll back to default File Anti-Virus settings. For this perform the following
actions:
1. Close the File Anti-Virus window.
2. In the Settings window in the Security level section click the Default level button.
Kaspersky CRYSTAL 2.0
469 | 746
3. Click the OK button to save the made changes.
Kaspersky CRYSTAL 2.0
470 | 746
Mail Anti-Virus
What is Mail Anti-Virus
Mail Anti-Virus from Protection Center of Kaspersky PURE 2.0 scans incoming and outgoing
messages for the presence of malicious objects.
The component scans all email sent or received on the POP3, SMTP, IMAP, MAPI and NNTP
protocols, as well as on secure connections (SSL) for POP3 and IMAP.11
Enabling/disabling Mail Anti-Virus
By default the Mail Anti-Virus component is enabled. You can disable Mail Anti-Virus, if
necessary.
To enable or disable Mail Anti-Virus, do the following:
1. Open the main application window.
2. In the top right part of the window click the Settings button.
3. In the left part of the Settings window under Protection select Mail Anti-Virus.
4. In the right part of the Settings window:
► Uncheck the Enable Mail Anti-Virus box, to disable the component.
► Check the Enable Mail Anti-Virus box, to enable the component
11
POP3, SMTP, IMAP, MAPI and NNTP are protocols intended for creation, receiving and transfer of e-mail. SSL protocol provides secure transfer (encryption) of data by other protocols (example, POP3 and IMAP).
Kaspersky CRYSTAL 2.0
471 | 746
5. In the Settings window click the Apply button.
Operation algorithm of Mail Anti-Virus
By default the mail protection functions according to the following algorithm:
1. Mail Anti-Virus intercepts each message the user sends or receives.
2. A mail message is parsed into basic components: message header (part of an e-mail
message which contains technical information and shows its route since its sending to
the receiving by the recipient’s server), body (the text of the message itself),
attachments (files attached to the message).
3. Message body and attachments (including attached OLE objects 12 are scanned for the
presence of threats. Recognition of the malicious objects is performed based on the
application databases13, and the heuristic analysis14. The databases include the
12 In this case OLE-objects are understood as graphic information implemented into the body of a message. For example, images, Excel tables and graphs in the text (not in the mail attachment). 13 Databases are anti-virus databases which contain records about threats and network attacks, as well methods to fight them. Protection components use these records when searching for dangerous objects on the computer and disinfecting them.
Kaspersky CRYSTAL 2.0
472 | 746
description of all known malicious programs and the disinfection methods. Heuristic
analysis allows to detect new viruses whose description is not added to the virus
database yet.
4. If a threat is detected, Kaspersky PURE 2.0 assigns one of the following statuses to the
found object:
► malicious program (such as a virus or Trojan);
► potentially infected (suspicious) status if the scan cannot determine whether the
object is infected or not. The file may contain a sequence of code appropriate for
viruses, or modified code from a known virus.
The application blocks a message, displays a notification about the detected threat and
performs the assigned action.
Changing Mail Anti-Virus actions to be performed on detected threats
By default the program itself defines an action to be performed over an infected object. If as a
result of scan the program failed to define whether the object is infected or not, the object is
quarantined.
If as a result of a scan Kaspersky PURE 2.0 assigns the status of a malicious program to the
object, Mail Anti-Virus will try to disinfect an infected object. If disinfection is impossible, the
object is deleted.
Before attempting to disinfect or delete an infected object, Kaspersky PURE 2.0 creates a
backup copy of it to allow later restoration or disinfection.
To make sure, Mail Anti-Virus performs default actions upon threat detection, do the following:
1. In the left part of the Settings window select Mail Anti-Virus.
2. In the right part of the window in the Action on threat detection section the Select
action automatically option should be enabled.
You can also define an action to be performed for detected threats. In this case the following
actions upon threat detection can be defined for Mail Anti-Virus:
► Prompt user for action
► Disinfect
► Delete
► Delete, if disinfection fails (this option appears if you checked the Disinfect box).
14 Heuristic analysis is the analysis of the objects activity in the system. If such activity is typical for malicious objects in this case an object under analysis will be recognized as suspicious or malicious. Analysis of the object activity allows to detect a virus even if it has not been defined by virus analysts.
Kaspersky CRYSTAL 2.0
473 | 746
The Prompt for action option becomes available only when the interactive mode is enabled.
When interactive protection mode is set, Kaspersky PURE 2.0 will notify you of all dangerous
or suspicious events in the system and will prompt for an allowing or blocking actions.
You can find how to enable the interactive protection mode in the Advanced application
settings chapter, from the video Main protection settings.
If the Disinfect variant is selected, the program functions the following way:
► If the object can be disinfected, it will be disinfected and will return to the user.
► If as a result of scan the program failed to define whether the object is infected or
not, the object is quarantined. If the option to scan quarantined files after each
database update is enabled, then when a new disinfection signature is received the
quarantined object can be disinfected and returned to the user.
► If the status of a virus is assigned to the object and its disinfection is impossible, the
object is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.
Kaspersky CRYSTAL 2.0
474 | 746
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect;
► Delete if disinfection fails.
In this case the program will perform the following actions over an object:
► Disinfect, if disinfection is possible. After disinfection you can continue your work with
the object.
► Quarantine, if the program failed to define if the object is infected or not. If the option
to scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and
returned to the user.
► Delete, if the virus status is assigned to the object and its disinfection is impossible.
If the Select action variant is chosen, but not action is enabled, then Mail Anti-Virus will block
dangerous objects and move them to quarantine notifying the user of its actions.
The Delete if disinfection fails variant appears only after the Disinfect option is enabled.
Security levels of Mail Anti-Virus
Different sets of the protection parameters (security levels) suit different working conditions. A
user can manually change these settings. Kaspersky Lab specialists distinguish three security
levels.
► When set at the high security level Mail Anti-Virus maximally scans e-mail
messages. If you work in a non-secure environment, the maximum security level will
suit you the best. An example of such environment is a connection to a free email
service, from a network that is not guarded by centralized email protection.
► Recommended. This level provides an optimum balance between the efficiency and
security and is suitable for most cases. This is also the default setting.
► Low. If you work in a well secured environment, low security level can be used. An
example of such an environment might be a corporate network with centralized email
security.
Kaspersky CRYSTAL 2.0
475 | 746
To change the security level, perform the following actions:
1. In the left part of the Settings window select the Mail Anti-Virus component.
2. Make sure, in the right part of the Settings window the Enable Mail Anti-Virus box is
checked.
3. In the Security level section configure the necessary security level.
4. In the Settings window click the Apply button.
If you are not satisfied with any preset security levels you can independently configure Mail
Anti-Virus settings. In this case when the settings are modified in the Settings window in the
Mail Anti-Virus section the security level changes to Custom.
You can roll back to the recommended security level at any moment, set by default, by clicking
the Default level button.
Customizing security level
By default, Mail Anti-Virus works with the settings recommended by Kaspersky Lab experts
for the optimal protection of your mail. However, you can customize the security level of Mail
Anti-Virus the following way:
Kaspersky CRYSTAL 2.0
476 | 746
1. In the Settings window select the Mail Anti-Virus component.
2. Make sure that Mail Anti-Virus is enabled (the Enable Mail Anti-Virus box is checked).
3. In the right part of the Settings window in the Security level section click the Settings
button.
The Mail Anti-Virus window will open.
Creating protection scope
By default, Kaspersky PURE 2.0 scans both incoming and outgoing mails.
If you are sure that outgoing mails are not infected, in this case you can configure scan of
incoming messages only.
Before you disable scan of outgoing mails you are advised to scan your computer for viruses,
because it is likely that there are mail worms on your computer which will propagate
themselves via email.
Kaspersky CRYSTAL 2.0
477 | 746
To disable scan of outgoing emails, please do the following:
1. In the Mail Anti-Virus window on the General tab in the Protection scope section
check the Incoming email only box.
2. In the bottom right corner of the window click the OK button.
3. In the Settings window click the Apply button.
Heuristic analysis
During Mail Anti-Virus operation, signature analysis is always used: Kaspersky PURE 2.0
compares the object found with the database records.
Additionally to the analysis based on the refilled anti-virus databases, heuristic analysis is
added to Mail Anti-Virus.
Essentially, the heuristic method analyzes the object's activities in the system. If those
actions are typical of malicious objects, the object is likely to be classed as malicious or
suspicious. This allows new threats to be detected before they have been analyzed by virus
analysts.
You can select one of the three scanning levels of the heuristic analysis: light scan, medium
scan and deep scan. If you select deep scan mode the probability of threat detection is higher
but scanning takes longer. With the light scan enabled scanning is faster but the probability of
threat detection in that mode is somewhat lower. Only the medium scan mode provides
optimal combination of the detail level and scanning time.
By default, heuristic analysis is enabled. To enable or disable heuristic analysis in Mail Anti-
Virus, please do the following:
1. In the Mail Anti-Virus window on the General tab, in the Scan methods section make
sure the Heuristic Analysis box is checked. If you do not want to use this technology,
uncheck the box correspondingly.
Kaspersky CRYSTAL 2.0
478 | 746
2. Move the slider bar to select the scan method: light, medium, deep.
3. In the Mail Anti-Virus window click the OK button.
4. In the Settings window click the Apply button.
Scan of compound files
Compound files are a set of files and folders placed into one file (archive).
By default Kaspersky PURE 2.0 scans all compound files. However you should remember, that
the selection of compound files scan mode affects the performance of the computer.
You can enable or disable the scan of attached archives and limit the maximum size of
archives to be scanned in Mail Anti-Virus.
To configure Mail Anti-Virus scan settings, perform the following actions:
1. In the Mail Anti-Virus window on the General tab In the Scan of compound files
section check/uncheck the following boxes:
► Skip attached archives;
► Do not process archives larger than (limit the maximum size).
Kaspersky CRYSTAL 2.0
479 | 746
2. In the Mail Anti-Virus window click the OK button.
3. In the Settings window click the Apply button.
Filtering attachments
Malware is most often distributed in mail as objects attached to messages. Files of various
formats can be attached to a message. To protect your computer, for example, from automatic
launch of attached files, you can enable filtering of attachments, which can automatically
rename or delete files of specified types. Thus you can configure filtering of objects attached to
an email message using Mai Anti-Virus and to prevent penetration of malicious software onto
your computer.
If you access the Internet directly without a proxy server or a firewall, you are advised not to
disable scanning of attached archives.
To configure filtering of attached objects in Mail Anti-Virus, please do the following:
1. In the Mail Anti-Virus window go to the Attachment filter tab.
2. Select the filtering mode for attachments:
► Disable filtering
► Rename selected attachment types
► Delete selected attachment types
When you select the modes Rename or Delete attachments, select the necessary file types
(extensions) in the list or add a mask to select a new type. To add a new type of mask, click
the Add link. In the Input file name mask window enter the mask and click the OK button.
Kaspersky CRYSTAL 2.0
480 | 746
3. In the Mail Anti-Virus window click the OK button.
4. In the Settings window click the Apply button.
Configuring embedded plug-ins for Microsoft Office Outlook and The Bat!
Integration of Mail Anti-Virus into the system allows the application plug-ins to embed into the
mail clients Microsoft Office Outlook and The Bat!.
Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2003/2007
When installing Kaspersky PURE 2.0, a special plug-in is installed in Microsoft Office
Outlook. It allows you to configure Mail Anti-Virus settings quickly, and determine when email
messages will be scanned for dangerous objects. The plug-in comes in the form of Email
protection tab. To go to the tab in the mail client, do the following:
1. Open the main window of Microsoft Office Outlook.
2. In the main application menu select Tools -> Options.
Kaspersky CRYSTAL 2.0
481 | 746
3. In the Options window go to the Email protection tab and specify the necessary scan
mode.
► Scan upon receiving;
► Scan when read;
► Scan upon sending;
4. Click the OK button to save the made changes.
Kaspersky CRYSTAL 2.0
482 | 746
Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2010
To go to the Mail Anti-Virus tab from Microsoft Office Outlook 2010, perform the following
actions:
1. Open the main window of Microsoft Office Outlook.
2. Go to the File menu.
3. In the File menu select the Options item.
4. In the Outlook Options window go to the Add-ins section.
5. In the right part of the Outlook Options window in the Add-in Options section click the
Add-in Options button.
Kaspersky CRYSTAL 2.0
483 | 746
6. In the Add-in Options window on the Email protection tab specify the necessary scan
mode:
► Scan upon receiving;
► Scan when read;
► Scan upon sending;
7. Save the made the changes by clicking the OK button.
Installing Mail Anti-Virus plug-in in The Bat!
If The Bat! Is installed as a mail client on the computer, then actions on infected email objects
in The Bat! are defined using the application's own tools. Mail Anti-Virus settings extend to
the scanning of attached archives only.
Note that incoming email messages are first scanned by Mail Anti-Virus and only after that –
by the plug-in of The Bat!. If you select the Disinfect (Delete) action upon detection of a
malicious object, actions aimed at eliminating the threat will be performed by Mail Anti-Virus.
If you select the Ignore option, the object will be disinfected by the plug-in of The Bat!
When sending email messages, they are first scanned by The Bat plug-in and then - by Mail
Anti-Virus.
To set up email protection rules in The Bat!, do the following:
1. Open the main The Bat! Window.
2. In the Options menu select Preferences.
Kaspersky CRYSTAL 2.0
484 | 746
3. In the settings tree select Anti-Virus. In the right part of the window specify the
necessary settings of mail scan.
Disabling embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Outlook or The Bat!
To disable embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Office
Outlook or The Bat!, do the following:
1. Open the main window of Kaspersky PURE 2.0.
2. In the top right corner of the window click the Settings button.
3. In the left part of the Settings window on the Protection tab select the Mail Anti-Virus
component.
4. In the right part of the window in the Security level section click the Settings button.
Kaspersky CRYSTAL 2.0
485 | 746
5. In the Mail Anti-Virus window go to the Additional tab.
6. Clear the box:
► Microsoft Office Outlook plug-in, if you are using Microsoft Office Outlook.
► The Bat! Plug-in, if you are using The Bat!.
Kaspersky CRYSTAL 2.0
486 | 746
7. In the Mail Anti-Virus window click the OK button.
8. In the Settings window click the Apply button.
Scan of SMTP, POP3, NNTP, IMAP mail traffic
By default, Mail Anti-Virus in Kaspersky PURE 2.0 scans a stream of mail messages using
protocols SMTP, POP3, NNTP, IMAP in the ―real-time‖ mode, i.e. while receiving them. If you
disable protocol scan, mail will only be scanned after it is received (after it is loaded from the
server onto your computer).
Kaspersky CRYSTAL 2.0
487 | 746
To disable traffic scan of these protocols by Mail Anti-Virus in the ―real-time‖ mode, perform
the following actions:
1. In the right part of the Settings window in the Security level section of the Mail Anti-
Virus component click the Settings button.
2. In the Mail Anti-Virus window go to the Additional tab.
3. On the Additional tab uncheck the box POP3/SMTP/NNTP/IMAP traffic.
Kaspersky CRYSTAL 2.0
488 | 746
4. In the bottom right corner of the window click the OK button.
5. In the Settings window click the Apply button.
Working features with Microsoft Outlook and Mozilla Thunderbird version 1.5 and above
Microsoft Office Outlook
IMAP4 is a standard protocol to access your e-mail. With IMAP4 email is stored on the IMAP
mail server and can be accessed from any email client on the network. The mail client gets
access to the user’s email on the server and works with this mail as if it were stored on the
user’s computer. E-mail messages can be managed from the user’s computer and files with
the full content of the message are not constantly sent to server and back.
In Kaspersky CRYSTAL when the mail is scanned by the protocol IMAP4 in Microsoft Office
Outlook by default before scan all messages are downloaded on the computer locally as a
result the Internet traffic may increase.
In order Mail Anti-Virus would not scan these messages on delivery but would scan them only
on read, do the following:
1. Open the mail client Outlook MS Office.
2. In the upper menu select Tools -> Options.
3. In the Options window go to the Email protection tab.
4. Uncheck the Scan upon receiving box.
5. Check the Scan when read box.
Kaspersky CRYSTAL 2.0
489 | 746
6. Click the OK button.
Mozilla Thunderbird version 1.5 and above
If a mail client Mozilla Thunderbird version 1.5 or above is installed, then a default filter is
embedded into the mail which allows to receive messages by IMAP protocol by chunks. For
the mail to be scanned correctly by Mail Anti-Virus from Kaspersky PURE 2.0 a message
should be received as a whole.
For the mail to be received as a whole it is recommended to specify the following parameters in
Mozilla Thunderbird version 1.5 or above, perform the following actions:
1. Open Mozilla Thunderbird.
2. In the upper menu Tools -> Options.
3. In the Options window click the Advanced button.
4. On the General tab click the Config Editor button.
5. In the about:config window click the I’ll be careful, I promise! button.
6. In the Filter field enter CHUNK.
7. Right-click the filter mail.server.default.fetch_by_chunks.
8. In the context menu select Toggle.
9. Make sure the Value field has changed from True to False.
10. Right-click the filter mail.imap.chunk_add.
Kaspersky CRYSTAL 2.0
490 | 746
11. In the context menu select Change.
12. Change the value to "0".
13. Click the OK button.
14. Click OK to close the Options window.
Note that when working with Mozilla Thunderbird mail client, email messages transferred via
IMAP will not be scanned for viruses if any filters moving messages from the Inbox folder are
used.
Kaspersky CRYSTAL 2.0
491 | 746
Web Anti-Virus
What is Web Anti-Virus
Surfing the Internet you may be at risk of getting a virus infection. Such malicious programs
can penetrate your computer during download of free programs or while browsing the
information on the knowingly safe sites which have undergone a hacker attack before your
visit. More than that network worms can penetrate your computer even before you open a web-
page or download a file – directly during the connection establishment.
Web Anti-Virus has been specially designed to prevent such infections. This component
protects the information which gets onto your computer by HTTP, HTTPS and FTP protocols
and also prevents dangerous scripts execution.
Enabling/disabling Web Anti-Virus
The Web Anti-Virus component is enabled by default.
To enable or temporarily disable Web Anti-Virus, perform the following actions:
1. Open the main application window.
2. In the top right corner of the window click the Settings button.
3. In the left part of the Settings window under Protection select Web Anti-Virus.
4. In the right part of the Settings window:
► Uncheck the Enable Web Anti-Virus box, to disable the component.
► Check the Enable Web Anti-Virus box, to enable the component.
Kaspersky CRYSTAL 2.0
492 | 746
5. In the Settings window click the Apply button.
Working algorithm of Web Anti-Virus
Web Anti-Virus has the following working algorithm:
1. Each web-page or file, the user/program addresses to, is intercepted and analyzed by
Web Anti-Virus. Recognition of malicious objects is based on the anti-virus bases and
the heuristic analyzer.
2. If a web page or an object to each the user addresses contains a malicious code then
access to the page/object is blocked. A corresponding notification message explaining
that the required object or page is infected is displayed on the screen.
Kaspersky CRYSTAL 2.0
493 | 746
In automatic mode In interactive mode
If a file or a web page does not contain a malicious code such objects/pages are immediately
returned to the user.
Scripts are scanned by the following algorithm:
1. Each executable script is intercepted by Web Anti-Virus and analyzed for a malicious
code.
2. If the script contains any malicious code, then Web Anti-Virus blocks the script and
notifies the user of it with a special message.
3. If no malicious code is detected in the script, such script is executed.
Web Anti-Virus only intercepts the scripts based on Microsoft Windows Script Host
technology.
Security levels of Web Anti-Virus
Web Anti-Virus can work in several modes – security levels. A security level is a set of
predefined parameters of Web Anti-Virus which provides a level of data security that are
received and transferred by HTTP, HTTPS and FTP protocols.
Kaspersky Lab experts have developed three security levels:
► If no HTTP security tools – firewall or proxy-server – are installed on your computer,
use High security level.
Kaspersky CRYSTAL 2.0
494 | 746
► If you work in the protected environment (for example, a firewall is installed on your
computer and you connect to the Internet via a corporate proxy-server), then set a
Low security level.
► Recommended is the optimal security level as it rationally uses system resources
and provides secure protection. This security level suits most cases.
Select a security level which best suits your situation.
In order to change the security level, simply drag the vertical slider to the needed position.
If you have already added some changes to the predefined settings you can always roll back to
the default Web Anti-Virus settings by clicking the Default level button.
Customizing security level
Checking suspicious and phishing URLs by Web Anti-Virus
Web Anti-Virus scans web traffic for viruses and checks if the links are included in the list of
suspicious web-address and to the list of phishing15 web addresses.
15
Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an
almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the criminal to use the details to obtain money.
Kaspersky CRYSTAL 2.0
495 | 746
To make sure the settings are active, in the Web Anti-Virus window click the Settings button
and see that on the General tab under Kaspersky URL Advisor the following boxes are
checked:
► Check if URLs are listed in the database of malicious URLs.
This box enables/disables the option to check whether links are included in the list of
suspicious web addresses from the black list. The list is created by Kaspersky Lab's
specialists.
► Check web page for phishing.
The lists of phishing addresses are included in to Kaspersky PURE 2.0 distribution
kit. Since the link to a phishing site may be received not only in an email message
but in any other way, for example, in the text of an ICQ message, Web Anti-Virus
component traces the attempts of accessing a phishing site at the level of HTTP
traffic scan, and blocks them.
Additionally to the analysis based on the refilled phishing databases, heuristic analysis is
added to Web Anti-Virus. Heuristic Analysis allows to evaluate the information about an
internet resource, for example presence of signs typical of phishing resources in the URL
addresses. As a result, if these signs are detected, the resource is defined as phishing and
access to it is blocked, even if the resource is not yet added to the phishing database.
To enable the heuristic analysis for scan of web pages for phishing, click the Additional button
in the Heuristic Analysis section, check the corresponding box and set the required detail
level of scan.
Kaspersky CRYSTAL 2.0
496 | 746
Heuristic Analyzer
Heuristic Analysis allows to trace activity of an objects in the system. If the tool finds the
activity suspicious, then most probably the objects will be defined as malicious or suspicious,
even if its malicious code is not known to virus analysts.
Upon detection of a suspicious object, Kaspersky PURE 2.0 will notify you of it and offer to
apply a corresponding action to the detected object.
You can select one of the three scanning levels of the heuristic analysis:
► light scan
► medium scan
► deep scan
The higher the detail level, the more resources and time the scan takes, and the higher is the
probability of threat detection.
By default, heuristic analysis is enabled and the detail level is set to medium.
To enable heuristic analyzer, on the General tab in the Heuristic Analysis section check the
Use Heuristic Analysis box. In the field below specify the required level by moving the
horizontal slider to the necessary position. Uncheck the Use Heuristic Analysis box, if you do
not want to use this method.
Kaspersky CRYSTAL 2.0
497 | 746
Blocking dangerous scripts
Web Anti-Virus will scan all scripts processed in Microsoft Internet Explorer, as well as any
other WSH scripts (JavaScript, Visual Basic Script, etc.) launched when the user works on the
computer, including the Internet. Execution of any dangerous script will be blocked.
If you want Web Anti-Virus to scan and block dangerous scripts, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button.
4. In the Web Anti-Virus window on the General tab in the Additional section check the
Block dangerous scripts in Microsoft Internet Explorer box.
Kaspersky CRYSTAL 2.0
498 | 746
5. Click OK to save the made changes.
Scan optimization
To detect malicious code more efficiently, Web Anti-Virus buffers fragments of objects
downloaded from the Internet.
When Web Anti-Virus scans objects downloaded by HTTP and FTP traffic, the user may
experience a delay while accessing the file. This delay is caused by the operational algorithm
of Web Anti-Virus: first, all fragments are saved into cache memory, then are analyzed for
viruses and then depending on the analysis result are either returned to the user or blocked.
To accelerate access to the object, we suggest limiting the caching time for web object
fragments downloaded from the Internet. When the specified time expires each downloaded
fragment of a file is given to the user not scanned, and the object is scanned by Web Anti-
Virus, when it is fully copied.
Disabling limitation of the caching time leads to enhanced efficiency of the anti-virus scan but
at the same time slows down access to the object.
To limit traffic caching time or to disable this limitation, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
opens.
4. To set the restriction, on the General tab in the Additional section check the Limit
traffic caching time to 1 sec to optimize scan box. If you need to disable restriction,
uncheck the box.
Kaspersky CRYSTAL 2.0
499 | 746
Kaspersky URL Advisor
Web Anti-Virus in Kaspersky PURE 2.0 includes Kaspersky URL Advisor.
This module checks if links located on the webpage belong to the list of suspicious and
phishing web addresses. You can
► create a list of web addresses whose content will not be checked for the presence of
suspicious or phishing URLs;
► create a list of web sites whose content must be scanned;
► completely exclude scan of URLs.
The best improvements of Kaspersky URL Advisor implemented in Kaspersky PURE 2.0 are
the following:
1. Providing users with the additional information about the web resources thus helping to
make the right decision on whether to visit a web resource or not.
2. Storing a considerable amount of information about web resources in the ―cloud‖. This
information helps to define more exactly malicious and phishing sites.
Kaspersky PURE 2.0 features expanded URL Advisor compatibility with browsers. The
following browsers are now fully supported:
► Internet Explorer 6, 7, 8 and 9;
► Mozilla FireFox 2.x – 11.x;
► Google Chrome 8.x – 17.x.
To create a list of websites whose content will not be scanned for the presence of suspicious or
phishing URLs, on the Safe Surf tab in the Kaspersky URL Advisor section uncheck the
Check URLs box.
Kaspersky CRYSTAL 2.0
500 | 746
The URL Advisor module can function in two modes: check links on all web sites except the
sites added to exclusions, or check only web sites specified in the list.
In order Kaspersky URL Advisor would check all web sites, except those added to
exclusions, perform the following actions:
1. In the Web Anti-Virus window in the Kaspersky URL Advisor section check the
Check URLs box.
2. Select the All but the exclusions variant and click the Exclusions button.
Kaspersky CRYSTAL 2.0
501 | 746
3. In the Exclusions window create the list of web addresses whose contents should not
scanned for suspicious or phishing links.
4. Click the OK button in the Exclusions window.
For Kaspersky URL Advisor to scan only the sites specified by you, perform the following
actions:
1. On the Safe Surf tab in the Kaspersky URL Advisor section check the Only web sites
from the list box and click the Specify button.
Kaspersky CRYSTAL 2.0
502 | 746
2. In the Checked URLs window create the list of web addresses whose content should
be scanned for suspicious or phishing links.
3. Click the OK button in the Checked URLs window.
4. In the Web Anti-Virus window click the OK button to save the made changes.
The Kaspersky URL Advisor options mentioned above can be set either in the Web Anti-
Virus window or in the module settings widow opened in the web browser. To open the module
settings window from the web browser window, click the button with the Kaspersky PURE 2.0
icon from the tool panel of the browser.
Kaspersky CRYSTAL 2.0
503 | 746
Blocking access to dangerous sites
You can block access to websites which have been defined suspicious or phishing by
Kaspersky URL Advisor.
If Web Anti-Virus cannot draw a clear conclusion on the safety of the website to which a link
leads, you will be prompted to load this website in Safe Run (only in Microsoft Internet
Explorer, Mozilla Firefox and Google Chrome). When activated in Safe Run, malicious objects
do not pose any threat to your computer.
To block access to dangerous web sites, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
will open.
4. In the Web Anti-Virus window on the Safe Surf tab in the Blocking Dangerous
Websites section check the Block dangerous websites box.
5. Click the OK button, to save the made changes.
Kaspersky CRYSTAL 2.0
504 | 746
Controlling access to regional web domains
Depending on the user's choice, Web Anti-Virus in Geo Filter mode can block or allow access
to websites on the grounds of their belonging to regional web domains. This allows you, for
example, to block access to websites which belong to regional domains with a high risk of
infection.
To allow or block access to web sites which belong to specified domains, perform the following
actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
will open.
4. On the Geo Filter tab check the Enable filtering by regional domains box and specify
in the list of controlled domains below which domains should be allowed or blocked, and
for which ones the application should request access permission using a notification.
For this:
► Select a domain which should be allowed, blocked or prompted for action.
► Click the button Allow, Block or Prompt. The corresponding icon will appear in the
Access column.
By default, access is allowed for regional domains that match your location. Access
permission request is set for other domains by default.
5. Click the OK button.
Kaspersky CRYSTAL 2.0
505 | 746
Creating the list of trusted URLs
You can create a list of web addresses whose content you trust unconditionally. In this case
Web Anti-Virus will not analyze information from these URL addresses for dangerous objects.
You can use this option, for example, if Web Anti-Virus prevents download of a file from a
known web site.
To create the list of trusted URLs, perform the following actions:
1. In the right part of the Web Anti-Virus settings window click the Settings button.
2. On the Trusted URLs tab check the Do not scan web traffic from trusted URLs box
and create the list of trusted addresses whose content you trust. For this:
► Click the Add button.
► In the Address mask (URL) window enter an address, whose content you trust. For
example, kaspersky.com.
► Click the OK button.
If you want to exclude an address from the trusted list, you do not have to delete an
address from the list, unchecking an address will be sufficient.
Kaspersky CRYSTAL 2.0
506 | 746
3. In the Web Anti-Virus window click the OK button.
Controlling access to online banking services
When working with online banking, your computer needs an especially reliable protection,
since leakages of confidential information may lead to financial losses. Web Anti-Virus
automatically determines which web resources are online banking services. For guaranteed
identification of a web resource as online banking service, you can specify its URL in the list of
banking websites.
To configure control of access to online banking services, perform the following actions:
1. In the right part of the Web Anti-Virus settings window click the Settings button.
2. In the Web Anti-Virus window on the Online Banking tab check the Enable control
box.
Kaspersky CRYSTAL 2.0
507 | 746
3. You will be prompted to start the Certificate Installation Wizard that you can use to
install a Kaspersky Lab certificate for scanning encrypted connections. Click Next, to
continue.
4. In the Security Warning window click the Yes button.
5. Wait till work of the wizard is over and click the Finish button.
Kaspersky CRYSTAL 2.0
508 | 746
6. If necessary, create a list of resources that Kaspersky PURE 2.0 should identify as
online banking services. For this:
► Click the Add button.
► In the Address mask (URL) window enter an address that should be identified as
online banking service.
► Click the OK button.
If you want to exclude an address from the trusted list, you do not have to delete an
address from the list, unchecking an address will be sufficient.
Kaspersky CRYSTAL 2.0
509 | 746
7. In the Web Anti-Virus window click the OK button.
8. In the Settings window click the OK button.
Web Anti-Virus actions on detected threats
The Action on threat detection section allows you to select an action to be performed by
Web Anti-Virus if scanning web traffic reveals that it contains malicious code. By default the
section contains the following options:
► If automatic protection mode is enabled the application decides on its own what
action to perform upon a threat detection. In this case, check the Select action
automatically box. Kaspersky PURE 2.0 will automatically apply an action
recommended by Kaspersky Lab.
Kaspersky CRYSTAL 2.0
510 | 746
► If interactive protection mode is enabled, then you can decide yourself what action
the application should perform upon a detected threat. In this case, check the
Prompt for action box. Kaspersky PURE 2.0 will inform you of all dangerous or
suspicious events in the system and will prompt for an allowing or blocking action.
Kaspersky CRYSTAL 2.0
511 | 746
► Block download (Web Anti-Virus blocks access to the object and displays a
message on the screen informing that the required object is infected).
► Allow download (Web Anti-Virus allows you to download the object. Once the
object is downloaded onto your computer, it will be scanned by File Anti-Virus and
Proactive Defense).
To modify an action that Web Anti-Virus should perform upon threat detection:
1. If the automatic protection mode is set, in the right part of the component settings
window in the Action on threat detection section select an action:
► Select action automatically
► Block download
► Allow download
2. If the interactive protection mode is set, in the right part of the component settings
window in the Action on threat detection section select an action:
► Prompt for action
► Block download
► Allow download
3. Click the OK button, to save the made changes.
Kaspersky CRYSTAL 2.0
512 | 746
IM Anti-Virus
What is IM Anti-Virus
IM Anti-Virus is designed to provide secure work with the instant messaging clients (hereafter
Internet pagers) such as ICQ, AIM, Jabber, Google Talk and etc.
IM messages may contain links to suspicious web sites and to the web sites deliberately used
by hackers to organize phishing attacks16. Malicious programs use IM clients to send spam
messages and links to the programs (or the programs themselves), which steal users' ID
numbers and passwords.
Enabling/Disabling IM Anti-Virus
In order to enable or disable the IM Anti-Virus component, do the following:
1. Open the application settings window.
2. In the left part of the window under Protection select the IM Anti-Virus component.
3. In the right part of the Settings window perform the following actions:
► If you want to disable the component, uncheck the Enable IM Anti-Virus box.
► If you want to enable the component, check the Enable IM Anti-Virus box.
16
Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the criminal to use the details to obtain money.
Kaspersky CRYSTAL 2.0
513 | 746
4. In the Settings window click the Apply button.
Operation algorithm of IM Anti-Virus
By default the protection of traffic of the Internet-pagers is performed according to the following
algorithm:
1. Each incoming and outgoing message is intercepted by the component.
2. IM Anti-Virus checks each message for the presence of dangerous objects or URLs
included to the databases of suspicious or phishing web-addresses.
3. If a threat is detected in a message, IM Anti-Virus substitutes this message with a
warning message for the user. If no security threats are detected in the message, such
message becomes available for the user.
Traffic is scanned based on a certain combination of settings. Your IM traffic protection level is
determined by a group of settings. The settings can be broken down into the following groups:
► Settings creating the protection scope;
► Settings determining the scan methods.
Creating a protection scope of IM Anti-Virus
Kaspersky CRYSTAL 2.0
514 | 746
Protection scope is understood as the type of messages (incoming and outgoing) to be
scanned.
If you select the Incoming and outgoing messages option, IM Anti-Virus will scan all
incoming and outgoing messages.
If you are sure that messages sent by you cannot contain any dangerous objects, you may
disable the scan of outgoing traffic by selecting the Incoming messages only option. In this
case IM Anti-Virus will scan incoming messages only.
In order to create a protection scope of IM Anti-Virus, do the following:
1. In the Protection scope block select one of the options:
► Incoming and outgoing messages.
► Incoming messages only.
2. Click the Apply button.
Selecting the scan methods of IM Anti-Virus
Kaspersky CRYSTAL 2.0
515 | 746
For more efficient work with the Internet pages the following scan methods are implemented in
the IM Anti-Virus component:
► Check if URLs are listed in the base of malicious URLs. IM Anti-Virus will scan
the links inside the messages to identify if they are included in the black list (this list
is supplemented by Kaspersky Lab experts).
► Check if URLs are listed in the base of phishing URLs. The databases include all
the sites currently known to be used for phishing attacks. Your local copy of this list
is updated when you update databases.
► Heuristic Analysis. The technology analyzes activity that an object performs in the
system. When using heuristic analysis, any script 17 included in an IM client's
message is executed in a protected environment.
You can select one of the three scanning levels of the heuristic analysis: light scan, medium
scan and deep scan.
► If you select deep scan mode the probability of threat detection is higher but
scanning takes longer.
► With the light scan enabled scanning is faster but the probability of threat detection
in that mode is somewhat lower.
► Only the medium scan mode provides optimal combination of the detail level and
scanning time.
In order to use the described options, do the following:
1. In the settings window of the IM Anti-Virus component, in the Scan methods section
check the boxes:
► Check if URLs are listed in the base of malicious URLs;
► Check if URLs are listed in the base of phishing URLs;
► Heuristic Analysis (below set the detail level for scans dragging the bar).
17
Script is a small computer program or an independent part of the program (function) written to execute a specific task. Scripts are often included to the web pages to enhance their possibilities and are executed when the web page is opened by the Internet browser.
Kaspersky CRYSTAL 2.0
516 | 746
2. Click the Apply button.
Kaspersky CRYSTAL 2.0
517 | 746
Application Control
What is Application Control
Kaspersky PURE 2.0 prevents applications from performing actions that may be dangerous for
the system, and ensures control of access to operating system resources and your identity
data with the help of the following tools:
► Application Control. The component tracks actions in the system performed by
applications installed on the computer, and regulates them based on the rules of
Application Control. These rules regulate potentially dangerous activity, including
applications' access to protected resources.
► Protection of identity data and operating system resources. Application control
monitors the rights of applications to perform actions with user’s identity data.
Identity data include files, folders and registry keys, containing operational settings
and important data of the most frequently used applications, as well as the user files
(the My Documents folder, cookies files, data about the user activity).
Operational algorithm of Application Control
At the first startup of an application on the computer, the Application Control component
verifies its safety and includes it into one of the trust groups. The trust group defines the rules
that Kaspersky PURE 2.0 should apply to control the activity of this application. Rules of
Application Control is a set of rights of access to the computer resources and restrictions
posed on various actions being performed by applications on the computer.
When calculating the threat rating Application Control can also use the Kaspersky Security
Network (KSN) database. The data received witht the help of KSN allow more accurately to
define an application to this or that trusted group and apply optimal application control rules.
Application Control has been revamped in Kaspersky PURE 2.0: the application now checks
the reputation of not only executable files but also application components (for example,
dynamic libraries – DLL files).
When the application is restarted, Application Control checks its integrity. If the application has
not been changed, the component applies the current rule to it. If the application has been
modified, Application Control re-scans it as at the first startup.
Enabling/disabling Application Control
By default, Application Control is enabled, functioning in the mode developed by Kaspersky
Lab specialists. However, you can disable it, if required.
To enable or disable Application Control, perform the following actions:
1. Open the main application window.
2. In the top right corner of the window click the Settings link.
3. In the left part of the window under Protection select the Application Control
component.
4. In the right part of the window perform the following actions:
► If you need to disable the component, uncheck the Enable Application Control box.
► If you need to enable the component, check the Enable Application Control box.
Kaspersky CRYSTAL 2.0
518 | 746
5. In the Settings window click the Apply button.
Loading rules from Kaspersky Security Network (KSN)
By default, for the applications found in the Kaspersky Security Network database the
component applies rules loaded from the KSN database.
If at the first application launch the application’s entry was not added to the Kaspersky Security
Network database but the entry was added later, Kaspersky PURE 2.0 will automatically
update the application control rules.
To make sure that loading of rules from Kaspersky Security Network is enabled, perform the
following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the Restrict applications section make sure the Load rules for
applications from Kaspersky Security Network (KSN) box is checked.
You can see if update of Kaspersky Security Network rules for previously unknown
applications is also enabled in the right part of the window in the Restrict applications
Kaspersky CRYSTAL 2.0
519 | 746
section the Update rules for previously unknown applications from KSN box should
be checked.
Placing applications into groups
At the first startup of an application on the computer, the Application Control component
verifies its safety and searches the internal database of known applications for a matching
entry, and then sends a request to the Kaspersky Security Network database or having a
digital signature18.
After search Application Control places the application into one of the following trusted
groups:
► Trusted. Applications with digital signatures of trusted vendors and applications
signatures of those are included to the trusted applications database. Applications of
that group are allowed to perform any network activity. Activities of such
applications are monitored by Proactive Defense and File Anti-Virus.
18
Digital signature is an electronic security mark which carries the information about the software vendor and shows if the software was changed after the signing (i.e. after release). If software is signed by its vendor and the signature authenticity is verified by the certificate center, then you can be sure that the software is authentic and was not modified.
Kaspersky CRYSTAL 2.0
520 | 746
► Low Restricted. Applications are without digital signatures of trusted vendors and
are not included to the trusted applications database. Nevertheless, the low risk
rating19 is assigned to such applications. Applications of that group are allowed to
perform some operations, to manage the system, hidden access to the network.
Most operations require user authorization.
► High Restricted. Applications without digital signatures and which are not included
to the trusted applications database. The high risk rating is assigned to such
applications. Applications of this group require user authorization for most activities
in the system; some actions, however, are restricted for these applications.
► Untrusted. Applications without digital signatures and which are not included to the
trusted applications database. Very high risk rating is assigned to such applications.
Application Control blocks any activity of such applications.
Applications with the digital signature of trusted vendors and applications whose records are
added to the database of trusted applications are automatically included into the Trusted
group.
To disable the automatic inclusion of applications into the Trusted group, perform the following
actions:
1. In the right part of the settings window of the Application Control component in the
Restrict applications section, uncheck the Trust applications with digital signature
box.
19
Risk rating is an indicator of the application danger for the system. The risk rating is calculated based on definite criteria.
Kaspersky CRYSTAL 2.0
521 | 746
2. In the Settings window click the Apply button.
If an application record is not included into Kaspersky Security Network database and the
application does not have a digital signature, then Kaspersky PURE 2.0 uses the heuristic
analysis20. The analysis helps defining the threat rating of the application based on which it is
included into a group.
To use the heuristic analysis for distributing unknown applications by groups, perform the
following actions:
1. In the Restrict applications section select the Use heuristic analysis to determine
group21 option.
2. In the Settings window click the Apply button.
20
Heuristic analysis is analysis of objects activity in the system. If the activity is typical of malicious objects in this case the object under analysis will be defined as suspicious or malicious. Analysis of the object activity allows to detect a virus even if it has not been defined by virus analysts.
21 By default, the heuristic analysis is enabled.
Kaspersky CRYSTAL 2.0
522 | 746
Instead of using the heuristic analysis, you can specify a group into which Kaspersky PURE
2.0 should automatically include all unknown applications. For this, perform the following
actions:
1. In the Restrict applications section select the Move to the following group
automatically option and in the drop-down menu select the necessary group:
► Low Restricted;
► High Restricted;
► Untrusted.
2. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
523 | 746
By default, Application Control analyzes an application for 30 seconds. If this time interval
turns out to be insufficient for defining the threat rating, the application is included into the Low
restricted group, while defining the threat rating continues in background mode. After that, the
application is finally included into another group. If you are sure that all applications started on
your computer do not pose any threat to its security, you can decrease the time spent on
analysis. If, on the contrary, you are installing the software and are not sure that this is safe,
you are advised to increase the time for analysis.
To change the time allowed for calculation of the application group, perform the following
actions:
1. In the right part of the settings window of the Application Control component in the
Restrict applications section edit the value of the Maximum time to determine the
application group setting.
Kaspersky CRYSTAL 2.0
524 | 746
2. In the Settings window click the Apply button.
Application control rules
Rules of Application Control is a set of rights of access to the computer resources and
restrictions posed on various actions being performed by applications on the computer.
The following component reactions are possible:
► Inherit. Application or group inherits the reaction from the parent group. This is a
default reaction.
► Allow. Application is allowed to perform an action with the resource.
► Deny. Application is not allowed to perform an action with the resource.
► Prompt for action. Application Control prompts the user for granting access to the
resource for an application.
► Log events. In addition to the specified reaction, Application Control records in the
report information about the application's attempts to access the resource. Adding
information to a report can be used in combination with any other action of the
component
Kaspersky CRYSTAL 2.0
525 | 746
Editing the group rule
By default, optimal access rights to computer resources are set for different trust groups in
Kaspersky PURE 2.0. However you can edit preset rules for each group of application.
To change the preset group rule, do the following:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the necessary group from the list and click the Edit
button in the top part of the window.
Kaspersky CRYSTAL 2.0
526 | 746
5. In the Group rules window go to the tab which corresponds the necessary category of
resources (Files and System registry, Rights).
Kaspersky CRYSTAL 2.0
527 | 746
6. Select the required resource and right-click the corresponding action, in the context
menu of an action set the necessary value (Allow, Block or Prompt for action).
Kaspersky CRYSTAL 2.0
528 | 746
7. Click the OK button, to save the changes.
Editing rules for an individual application
Application Control logs actions performed by each application in the system, and manages
its activity based on the group it belongs to. When an application accesses a resource, the
component checks if an application has the required access rights, and performs the action
determined by the rule.
To edit rules for an individual application, perform the following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the necessary group from the list and click the Edit
button in the top part of the window.
Kaspersky CRYSTAL 2.0
529 | 746
5. In the Group rules window go to the tab which corresponds the necessary category of
resources (Files and System registry, Rights).
6. Select the required resource and right-click the corresponding action, in the context
menu of an action set the necessary value (Allow, Block or Prompt for action).
Kaspersky CRYSTAL 2.0
530 | 746
7. Click the OK button, to save the changes.
You can disable application of group rules to control access to selected categories of protected
resources. Application access to such resources will be regulated by the application rules.
To disable inheritance of group rules to access resources, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the necessary group from the list and click the Edit
button in the top part of the window.
5. In the Group rules window go to the tab which corresponds the necessary category of
resources (Files and System registry, Rights).
6. Select the required resource and right-click the corresponding action, in the context
menu of an action select the Inherit item.
7. Click the OK button, to save the changes.
Application rules have a higher priority than group rules.
For example, if an application rule allows the Internet access, and in the rules of the group, into
which the application is included, the Internet access is denied, in this case the application will
get access to the system resources.
Kaspersky CRYSTAL 2.0
531 | 746
Setting exclusions
You can also exclude some actions form the application rules. Kaspersky PURE 2.0 will not
control actions added to the application exclusions.
To add exclusion to the application rule, perform the following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window click the Applications button.
4. In the Applications window select the application from the list and click the Edit button
in the top part of the window.
5. In the Application rules window go to the Exclusions tab.
6. Check the actions which should not be controlled.
7. Click the OK button, to save the changes.
When excluding network traffic of the application you can configure additional exclusion
settings, such as remote IP-addresses or network ports.
Inheriting restrictions of the parent process
Application startup may be initiated either by the user or by another application running. If the
startup is initiated by another application, it creates a startup procedure including parent and
child applications.
A parent application is an application which initiated startup of another application.
A child application is an application whose startup was initiated by another application.
Kaspersky CRYSTAL 2.0
532 | 746
When an application attempts to obtain access to a protected resource, Application Control
analyzes the rights of all parent processes of this application, and compares them to the rights
required to access this resource.
Access right priority:
► Allow. An application or group is allowed to perform an action with the resource.
Access right data has the highest priority.
► Prompt for action.
► Block. An application or group is blocked from performing any actions with the
resource. Access right data has the lowest priority.
You should modify the rights of a parent process only if you are absolutely certain that the
process' activities do not threaten the security of the system.
To disable inheritance of restrictions from the parent process, perform the following steps:
1. Open the Settings window.
2. In the left part of the window, in the Protection Center section, select the Application
Control component.
3. In the right part of the window, click the Applications button.
4. In the Applications window, select the required application from the list.
Kaspersky CRYSTAL 2.0
533 | 746
5. Click the Edit button.
6. In the Application rules window go to the Exclusions tab.
7. Check the Do not inherit restrictions from the parent process (application) box.
Kaspersky CRYSTAL 2.0
534 | 746
Modifying the storage time for rules
By default, the rules for applications which have not been started for the 60 days are deleted
automatically.
You can modify the storage time for rules for unused applications, or disable rules' automatic
removal.
To set the storage tie for rules, perform the following actions:
1. Open the Settings window.
2. In the left part of the window under Protection select the Application Control
component.
3. In the right part of the window in the Additional section check the Delete rules for
applications that are not started for more than box and enter the number of days.
4. In the Settings window click the Apply button.
To disable automatic deletion of rules for unused applications, in the right part of the Settings
window in the Additional section, uncheck the Delete rules for applications that are not
started for more than box.
Identity protection
Kaspersky CRYSTAL 2.0
535 | 746
Application Control manages the applications' rights to take actions on various resource
categories. Two categories of resources were distinguished in Kaspersky PURE 2.0: the
operating system and identity data.
The Operating system category includes the following system resources:
► registry keys with autorun parameters;
► registry keys with parameters of work on the Internet;
► registry keys which influence system security;
► system files and folders;
► autorun folders.
Registry is a hierarchical settings database in most Microsoft Windows operating systems.
The Identity data category includes the following resources:
► user’s files (the folder My Documents, files cookies, data about user’s activity);
► files, folders and registry keys which contain working parameters and important data
of the most frequently used applications: Internet-browser, file managers, mail
clients, Internet-pagers and electronic purses.
Cookies files are files saved on the user’s computer. These files store personal data of the
user (for example, password and login) used during the visit of various sites or when returning
to the site after some time. Each site has its own cookie file.
You cannot delete this list. However, you can disable their protection by unchecking a box next
to a category.
You can also expand this list by adding user categories and / or individual resources.
To expand the list of system resources for the Operating system category, perform the
following actions:
1. Open the Settings window.
2. In the left part of the window in the Protection section select the Application Control
component.
3. In the right part of the window click the Identity protection button.
Kaspersky CRYSTAL 2.0
536 | 746
4. In the Digital identity protection window on the Operating system tab from the drop-
down list in the Category section, select a category.
Kaspersky CRYSTAL 2.0
537 | 746
5. In the top left part of the window click the Add link to add an additional resource to the
selected category. Select the resource type (File or folder or Registry key).
6. In the User resource window click the Browse button.
7. In the Select file or folder window select a resource and click the OK button.
8. In the User resource window click the OK button.
9. The added resource will be displayed in the Digital identity protection window.
Kaspersky CRYSTAL 2.0
538 | 746
After you add a resource, you can edit or remove it using the respective buttons in the
top part of the tab. To disable the control of a resource or category, uncheck the box
next to it.
10. In the Digital identity protection window click the OK button.
11. In the Settings window click the Apply button.
To expand the list of system resources for the Identity Data category, perform the following
actions:
1. Open the Settings window.
2. In the left part of the window in the Protection section select the Application Control
component.
3. In the right part of the window click the Identity protection button.
Kaspersky CRYSTAL 2.0
539 | 746
4. In the Digital identity protection window on the Identity data tab select a category
from the drop-down menu in the Category section.
Kaspersky CRYSTAL 2.0
540 | 746
5. In the top left part of the window click the Add category button to add a new category of
resources.
6. In the Identity data category window enter the name of a new group and click the OK
button.
7. In the Digital identity protection window click the Add button to add an additional
resource to the selected or added category.
Kaspersky CRYSTAL 2.0
541 | 746
8. In the User resource window click the Browse button.
9. In the Select file or folder window select a resource and click the OK button.
10. In the User resource window click the OK button.
11. A newly added resource will be displayed in the Digital Identity Protection window.
After you add a resource, you can edit or remove it using the respective buttons in the
top part of the tab. To disable the control of a resource or category, uncheck the box
next to it.
12. In the Digital identity protection window click the OK button.
13. In the Settings window click the OK button.
Kaspersky CRYSTAL 2.0
542 | 746
System Watcher
System Watcher in Kaspersky PURE 2.0 collects data about applications actions on your
computer and provides information to other components for improved protection.
In Kaspersky PURE 2.0 you can configure the System Watcher settings to perform a specified
action when the application’s activity matches with the pattern of dangerous activity.
System Watcher also allows you to roll back actions performed by malicious programs.
Enabling/disabling System Watcher
By default, System Watcher is enabled, running in a mode that depends on the current mode
of Kaspersky PURE 2.0 — automatic or interactive.
You are advised to avoid disabling the component, except for emergency cases, since this
inevitably impacts efficiency of Proactive Defense and other protection components operation
that may request the data collected by System Watcher in order to identify the potential threat
detected.
To disable System Watcher, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select System Watcher.
3. In the right part of the window
► uncheck the Enable System Watcher box, if you want to disable the component.
► check the Enable System Watcher box, if you want to enable the component.
Kaspersky CRYSTAL 2.0
543 | 746
4. Click the Apply button.
Using patterns of dangerous behavior (BSS)
Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of
actions typical of applications classified as dangerous. In addition to exact matching between
applications' activities and patterns of dangerous activity, System Watcher also detects
actions that partly match patterns of dangerous activity, being considered suspicious based on
the heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for
action regardless of the operation mode.
Upon detection of a new virus or new modification of already known malware the application
does not update the entire System Watcher component, but simply adds a new template to
the database of heuristics and updates it together with the Kaspersky Lab databases.
To select the action that the component should perform if an application's activity matches a
pattern of dangerous activity, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select System Watcher.
Kaspersky CRYSTAL 2.0
544 | 746
3. In the right part of the component settings in the Heuristic Analysis section check the
Use behavior stream signatures (BSS) box.
4. In the On detecting malware activity section perform the following actions:
► Select the Select action automatically variant (if the automatic protection mode is
enabled). In this case System Watcher will automatically apply an action
recommended by Kaspersky Lab specialists.
► Select the Prompt for action variant (if the interactive protection mode is enabled).
In this case System Watcher will notify you of any suspicious activity detected in the
system and will prompt for action: allow or block activity.
► Choose the Select action variant:
► Move file to Quarantine (malicious application will be moved to Quarantine).
► Terminate the malicious application (all processes of the malicious application
will be terminated).
► Ignore (System Watcher takes no actions on the application).
5. Click the Apply button.
Rolling back actions performed by malware
Kaspersky CRYSTAL 2.0
545 | 746
You can use the product feature for rolling back the actions performed by malware in the
system. To enable a roll-back, System Watcher should log the history of program activity.
By default, Kaspersky PURE 2.0 rolls back relevant operations automatically when the
protection components detect malicious activity (rolling back actions after malicious activity is
detected in the system can be initiated either by the System Watcher component based on
patterns of dangerous activity, or by Proactive Defense, and during virus scan task run or File
Anti-Virus operation).
When running in interactive mode, System Watcher prompts the user for action. You can
specify the operation which should be performed whenever malicious activity is detected. The
procedure of rolling back malware operations affects a strictly defined set of data. It causes no
negative consequences for the operating system or data integrity on your computer.
To configure rollback of malware operations, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select System Watcher.
3. In the right part of the component settings in the Rollback of malware action s section
specify actions that System Watcher should perform if it has a possibility to roll back
changes made by a malicious program:
► Select the Select action automatically variant (if the automatic protection mode is
enabled). In this case System Watcher will automatically apply an action
recommended by Kaspersky Lab specialists.
► Select the Prompt for action variant (if the interactive protection mode is enabled).
In this case System Watcher will notify you that rollback is necessary and will
prompt for action: perform or cancel rollback.
► Select action
If you choose the Select action variant, select an action from the drop-down list:
► Roll back
► Do not roll back
Kaspersky CRYSTAL 2.0
546 | 746
Pay attention, you can limit the amount of data stored for rollback by clicking the corresponding
box in the Limit data to be stored for rollback section.
Kaspersky CRYSTAL 2.0
547 | 746
Firewall
What is Firewall
Today computers have become quite vulnerable when on the Internet. They are subjected not
only to virus infections but other types of attacks as well that take advantage of vulnerabilities
in operating systems and software.
Kaspersky PURE 2.0 contains a special component – Firewall - to ensure your security on
local networks and the Internet. Firewall applies rules to all network connections.
A Firewall rule is either an allowing or blocking action performed by Firewall once it detects a
connection attempt.
Protection against various types of attacks is performed on two levels: network and
application.
Protection on the network level is performed by using global packet filtration rules where
network activity is allowed or blocked based on analyzing settings such as:
► packet direction;
► the data packet transfer protocol;
► and the outbound packet port.
A network package is a block of information transferred in the network. As a rule the package
consists of the header (package information, such as the creation date, size, recipient and etc),
the body (the transferred information itself) and the ending (checking information which
guarantees that the package was not changed during the transfer).
Protection on the application level is applying application rules for using network resources
to the applications installed on your computer. Like the network protection level, the application
protection level is built on analyzing data packets for direction, transfer protocol, and what ports
they use. However, on the application level, both data packet traits and the specific application
that sends and receives the packet are taken into account. Using application rules helps you to
configure more specific protection when, for example, a certain connection type is banned for
some applications but not for others.
Enabling/disabling Firewall
By default, Firewall is enabled. You can disable Firewall if needed.
To enable or disable Firewall, perform the following actions:
1. Open the main application window.
2. In the top right corner click the Settings button.
3. In the left part of the window in the Protection section select the Firewall component.
4. In the right part of the window perform the following:
► uncheck the Enable Firewall box, if you need to disable the component.
► check the Enable Firewall box, if you need to enable the component.
Kaspersky CRYSTAL 2.0
548 | 746
5. In the Settings window click the Apply button.
Changing the network status
To ease configuration and application of network rules, all network space in Kaspersky PURE
2.0 is divided into security zones. Frequently, these security zones coincide with the
subnetworks into which the computer is included. You can specify manually the status to each
zone. The policy of rules application and control of network activity in this zone are defined
based on the assigned status:
► Public network (Internet). We recommend that you select this status for networks
not protected by any anti-virus applications, firewalls or filters (for example, for
Internet cafe filters). Users of such networks are not allowed to access to files and
printers located on or connected to your computer. Even if you have created a
shared folder, the information in it will not be available to users from networks with
this status. If you allowed remote access to the desktop, users of this network will not
be able to obtain it. Filtering of the network activity for each application is performed
according to the rules for this application. By default, this status is assigned to
Internet.
► Local network. We recommend that you assign this status to networks to which
users you wish to grant access to files and printers on your computer (for example,
for your internal corporate network or home network).
Kaspersky CRYSTAL 2.0
549 | 746
► Trusted network. This status is only recommended for areas that you consider
absolutely safe within which your computer will not be subjected to attacks or
unauthorized attempts to gain access to your data. If you select this status, all
network activity is allowed within this network.
You can specify manually the status of a new network in the notification window which appears
once a new network is detected.
In order to change the network connection status, perform the following actions:
1. In the settings window of the Firewall component in the Networks section right-click the
required connection.
2. From the context menu select the necessary network status (Public, Local or Trusted
network).
3. Click the Apply button.
Firewall rules
There are two Firewall rule types, used to control network connections:
► Packet rules are used to create general restrictions on network activity, regardless
of the applications installed. Example: if you create a packet rule that blocks inbound
connections on port 21, no applications that use that port (an ftp server, for example)
will be accessible from the outside.
Kaspersky CRYSTAL 2.0
550 | 746
► Rules for applications are used to create restrictions on network activity for specific
applications. Example: If connections on port 80 are blocked for each application,
you can create a rule that allows connections on that port for Firefox only.
Packet rules have higher priority than application rules. If both packet rules and rules for
applications are applied to the same type of network activity, this network activity is processed
using the packet rules.
Creating a packet rule
All network connections on your computer are monitored by Firewall. Firewall assigns a
specific status to each connection and applies various rules for filtering of network activity
depending on that status, thus, it allows or blocks a network activity.
Packet rules are used in order to restrict packets transferring regardless applications.
You can specify an action performed by Firewall if it detects the network activity:
► Allow
► Block
► By application rules. The packet rule is not used, but the rule for the application is
used.
The Allow or Block rules can be logged. In order to do this, check the Log events box in the
Action section.
To create a packet rule, for example, to allow remote access to your computer desktop, please
do the following:
1. In the right part of the Firewall settings window in the Network rules section, click the
Settings button.
Kaspersky CRYSTAL 2.0
551 | 746
2. In the Firewall window go to the Packet rules tab.
3. Click the Add button. In the Network rule window that opens specify the settings for a
rule.
Kaspersky CRYSTAL 2.0
552 | 746
4. In the Network rule window in the Action section select the Allow variant.
5. In the Name section click an arrow next to the input field and select the Remote
Desktop item.
Kaspersky CRYSTAL 2.0
553 | 746
6. In the Address section select Any address.
7. Check the Log events box if you want to log actions performed according to the rule.
8. In the Network rule window click the OK button. The created rule appears in the list of
packet rules on the Packet rule tab.
Kaspersky CRYSTAL 2.0
554 | 746
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button.
Now any user has remote access to your desktop.
Kaspersky CRYSTAL 2.0
555 | 746
Editing packet rules
All packet rules (default or created by the user) can be edited. For example, if you want to
block remote access to your computer desktop, then edit the Remote Desktop packet rule:
1. In the right part of the Settings window of the Firewall component in the Network rules
section click the Settings button.
2. In the Firewall window go to the Packet rules tab.
3. In the list of packet rules select the Remote Desktop rule.
Kaspersky CRYSTAL 2.0
556 | 746
4. Click the Edit button. In the Network rule window that opens you can edit the settings
of the selected rule.
5. In the Action section change the Allow variant to Block.
6. In the Address section select the Subnet address variant and choose the Public
networks item from the displayed list.
Kaspersky CRYSTAL 2.0
557 | 746
7. In the Network rule window click the OK button.
8. The made changes are displayed in the Firewall window on the Packet rules tab in the
list of packet rules: for the Remote Desktop rule the network type in the Address
column will change to Public networks, and an allowing icon in the Permission column
will change to a blocking icon.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button.
Now only users of local and trusted networks have access to your computer desktop
Creating application rules
You can create applications22 rules for more subtle filtering of the network activity, edit rules for
a group of applications or for an individual application in a group.
Custom rules for individual applications have a higher priority than the rules inherited from a
group.
When creating an application rule, you can define an action to be performed by Firewall upon
detection of this type of the network activity when working with an application:
► Allow;
► Block;
► Prompt (user) for action.
An allowing or blocking action of a rule can be displayed in a report, for this during the rule
creation in the Action section, check the Log events box.
22
Application rules monitor connections only by TCP and UDP protocols.
Kaspersky CRYSTAL 2.0
558 | 746
To create a rule for an individual application, for example a rule blocking the QIP internet pager
any network activity outside your local and trusted networks, perform the following actions:
1. In the right part of the Settings window in the Network rules section click the Settings
button.
2. In the Firewall window on the Application rules tab select QIP 2012.
3. Click the Edit button.
4. In the Application rules window that opens, go to the Network rules tab.
5. At the top of the window click the Add button.
Kaspersky CRYSTAL 2.0
559 | 746
6. In the Network rule window perform the following actions:
► In the Action section select the Block action;
► In the Name section select the Any network activity service;
► In the Address section select the Subnet address variant and in the displayed list
select Public networks;
► Check the Log events box if you want to log actions performed according to the rule;
► Click the OK button.
Kaspersky CRYSTAL 2.0
560 | 746
7. The created rule will appear in the Application rules window on the Network rules tab
in the list of rules for QIP 2012.
Kaspersky CRYSTAL 2.0
561 | 746
8. Click the OK button in the Application rules window.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button
Editing an application rule
For the default network rules created by Kaspersky PURE 2.0 you can edit only an action
(such rules cannot be deleted). For this, perform the following actions:
1. In the right part of the Settings window in the Network rules section click the Settings
button.
2. In the Firewall window on the Application rules tab select a required application.
3. Click the Edit button. In the Application rules window that opens, go to the Network
rules tab.
4. From the list of rules for an application, select a rule whose action you want to change.
5. In the Permission column for the selected rule right-click the action icon.
6. From the context menu select the required action:
► Allow
► Block
► Prompt for action
7. In the Application rules window click the OK button.
8. In the Firewall window click the OK button.
9. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
562 | 746
For a network rule created by the user you can edit all earlier created settings. For this,
perform the following actions:
1. In the right part of the Settings window in the Network rules section click the Settings
button.
2. In the Firewall window on the Application rules tab select an application whose rule
you want to edit.
3. Click the Edit button. In the Application rules window that opens, go to the Network
rules tab.
4. From the list of rules select a rule you want to edit.
5. Click the Edit button.
6. In the Network rule window change the required settings.
Kaspersky CRYSTAL 2.0
563 | 746
7. In the Network rule window click the OK button.
8. In the Application rules window click the OK button.
9. In the Firewall window click the OK button.
10. In the Settings window click the Apply button.
Configuring network service
When creating any network rule you should specify the network service. Settings
characterizing the activity of the network for which a rule is created are described by the
network service.
You can select type of the network activity from the list or create a new type.
Network service includes the following parameters:
► Name. Preferably use the names which would explicitly describe the rule. For
example, DNS over TCP.
Kaspersky CRYSTAL 2.0
564 | 746
► Protocol. Firewall restricts connections via TCP, UDP, ICMP, ICMPv6, IGMP and
GRE 23 protocols. If protocol ICMP or ICMPv6 was selected as the protocol, you can
specify the type and the code of the ICMP packet.
► Direction. Firewall controls connections with the following directions:
► Inbound. A rule is applied to data packets received by your computer.
23
TCP, UDP, ICMP, ICMPv6, IGMP, GRE are protocols (sets of rules) of the data transfer in the network.
ICMP-packet —is a packet which contains the error message about the error or any other exceptional situation which occurred during the data transfer. The fields code and type of the ICMP-packet correspondingly contain the type and code of the occurred situation.
Kaspersky CRYSTAL 2.0
565 | 746
► Inbound (stream). The rule is for network connections created from another
computer.
► Inbound/Outbound. The rule is for inbound and outbound data packets and data
streams regardless the direction.
► Outbound. A rule is applied to data packets transferred from your computer.
► Outbound (stream). The rule is only for network connections created by your
computer.
► Remote and Local ports. You can specify ports which are used by your and remote
computers for TCP and UDP protocols. These ports will be controlled by Firewall.
Allocating range of IP-addresses
While creating the rule's conditions you can specify the network service and the network
address. You can use an IP address as the network address or specify the network status. In
the latter case the addresses will be copied from all networks that are connected and have the
specified status at this moment.
You can select one of the following statuses:
Kaspersky CRYSTAL 2.0
566 | 746
► Any address – the rule will be applied to any IP address;
► Subnetwork addresses with status – the rule will be applied to IP addresses of all
networks that are connected and have the specified status at the moment:
► Trusted networks
► Local networks
► Public networks
► Addresses from group – the rule will be applied to IP addresses included into the
specified range. Select one of the existing groups of addresses. If no range of IP
addresses in any group satisfies you, create a new one.
Kaspersky CRYSTAL 2.0
567 | 746
For this perform the following steps:
1. At the bottom part of the section click on the Add link.
2. In the IP address or DNS name window specify the addresses from the group.
3. Click the OK button.
4. In the Network rule window click the OK button.
A method to allocate IP-addresses using Classless Inter-Domain Routing (CIDR) 24 has
been implemented in Kaspersky PURE 2.0.
CIDR uses Variable Length Subnet Mask (VLSM) whereas in Class Inter-Domain Routing
the mask length is strictly set by 0, 1, 2 or 3 bytes.
For example, let’s take a record of the range of IP-addresses as 10.96.0.0/11. In this case the
subnet mask will look as 11111111 11100000 00000000 00000000, or as 255.224.0.0 in a
decimal view. 11 bits of the IP-address are allocated to the number of network; the other 21
24
CIDR (Classless InterDomain Routing, CIDR) is the method of IP-addressing which allows managing the range of IP-address flexibly, without rigid frames of the Class Inter-Domain Routing. CIDR allows using the end resource of IP-addresses economically, thus enhancing efficiency of KSOS 2.
Kaspersky CRYSTAL 2.0
568 | 746
bits (32-11= 21) of the full address are allocated to the local address in the network. To sum
up, 10.96.0.0/11 is a range of addresses from 10.96.0.1 to 10.127.255.255.
Remember, when defining CIDR-addressing in the networks of the IP-protocol version 4 (IPv4)
in any case the rule will be applied to the whole network.
To convert IP-addresses into CIDR Kaspersky Lab experts recommend using any web site
which provides free service of converting IP-addresses to CIDR-addressing (for example, the
web site http://ip2cidr.com/).
Extending the range of IP addresses
Each network matches one or more ranges of IP address. If you connect to a network, access
to subnetwork of which is performed via a router, you can manually add subnetworks
accessible through it.
Example: You are connecting to the network in an office of your company and wish to use the
same filtering rules for the office where you are connected directly and for the offices
accessible over the network.
Obtain network address ranges for those offices from the network administrator and add them.
To extend the range of network address, please perform the following:
1. In the right part of the Firewall settings window in the Networks section select an active
connection and click the Edit button.
Kaspersky CRYSTAL 2.0
569 | 746
2. In the Network connection window on the Properties tab in the Additional
subnetworks section click the Add link.
3. In the IP address window specify an IP address or address masks.
4. Click the OK button.
5. In the Network connection window click the OK button.
6. In the Settings window click the Apply button.
Changing the rule for a group of applications
Firewall analyzes the activity of each application running on your computer. Depending on the
threat rating, every application is included to one of the following groups:
► Trusted 25. Trusted applications are applications with digital signatures of trusted
vendors and applications signatures of those are included to the trusted applications
database. Activities of such applications are monitored by Proactive Defense and
File Anti-Virus.
25
Applications of that group are allowed to perform any network activity irrespectively of the network status.
Kaspersky CRYSTAL 2.0
570 | 746
► Low Restricted26. Low restricted applications are applications which are without
digital signatures of trusted vendors and which are not included to the trusted
applications database. Nevertheless, the low risk rating is assigned to such
applications.
► High Restricted27. High restricted applications are applications without digital
signatures and which are not included to the trusted applications database. The high
risk rating is assigned to such applications.
► Untrusted28. Untrusted applications are applications without digital signatures and
which are not included to the trusted applications database. Very high risk rating is
assigned to such applications.
You can modify rules for a whole group.
Custom rules for individual applications have a higher priority than the rules inherited
from a group. If you create an allowed rule for a whole group of applications and a prohibited
rule for a certain application from this group, then any network activity of a certain application
will be restricted according to a rule for this application, because it has a higher priority level.
In order to change rules for a group of applications, for example, if you want that low restricted
programs would have unrestricted rights to the network activity within the local networks,
perform the following actions:
1. In the right part of the settings window of the Firewall component in the Network rules
section click the Settings button.
26
Applications of that group are allowed to perform any network activity in non-interactive mode. If you are using the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection, or create an application rule using the Wizard. 27 Applications of that group are not allowed to perform network activity in non-interactive mode. If you are using the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection, or create an application rule using the Wizard. 28
Any network activity is prohibited for the applications of that group.
Kaspersky CRYSTAL 2.0
571 | 746
2. In the Firewall window go to the Application rules tab.
3. Select the Low restricted group of applications.
4. Click the Edit button.
Kaspersky CRYSTAL 2.0
572 | 746
5. In the Group rules window go to the Network rules tab and click the Add button.
6. In the Network rule window in the Action section select Allow, and in the Name
section select Any network activity and click the OK button.
Kaspersky CRYSTAL 2.0
573 | 746
7. In the Network rule window click the OK button.
8. In the Firewall window click the OK button.
9. In the Settings window click the OK button.
Now all applications of the Low Restricted group have unrestricted right to the network
activity.
Changing the rule priority
The priority of a rule is determined by its position on the list of rules. The first rule on the list
has the highest priority. Each packet rule created manually will be added to the end of the list
of packet rules.
Application groups are integrated by the name of the program and rule priority applies to a
definite group only.
Manually created rules for applications have a higher priority, than the rules inherited from the
group.
To change the rule priority, please perform the following actions:
1. In the right part of the settings window of the Firewall component in the Network rules
section click the Settings button.
2. In the Firewall window go to the Application rules tab select the required application.
3. Click the Edit button.
4. The Application rules window opens. Go to the Network rules tab.
5. Select a rule and move it to the required place in the list by clicking the Move up and
Move down button.
Kaspersky CRYSTAL 2.0
574 | 746
6. In the Application rules window click the OK button.
7. In the Firewall window click the OK button.
8. In the Settings window click the Apply button.
Configuring notifications of changes in the network
Network connection settings can be changed during the work. You can receive notifications of
the following modifications in the settings:
► When network connection is established.
► When the correspondence between MAC address and IP address is changed. The
notification will appear if IP address of a network computer was changed.
► When new MAC address appears. The notification appears if a new computer was
added to the network.
Pay attention, that notifications about changes in the work can be configured only for the
networks with the status Local or Trusted network.
Kaspersky CRYSTAL 2.0
575 | 746
To enable notification about changes to network connection settings, please perform the
following:
1. In the right part of the Firewall settings window in the Networks section select an active
connection and click the Edit button.
2. In the Network connection window go to the Additional tab.
3. Check the boxes next to the events whose notifications you want to receive.
Kaspersky CRYSTAL 2.0
576 | 746
4. In the Network connection window click the OK button.
5. In the Settings window click the Apply button.
Advanced Firewall settings
You can specify additional settings of the Firewall operation:
► Allow active FTP mode. Active mode suggests that to ensure connection between
the server on the client computer a port to which the server will connect will be
opened on the client computer (unlike the passive mode when the client connects to
the server). The mode allows to control which exactly port will be opened. The
mechanism works even if a blocking rule was created. By default, active FTP mode
is allowed.
► Block connections if there is no possibility to prompt for action (application
interface is not loaded). This setting allows to avoid disruption of the Firewall
operation when the interface of Kaspersky PURE 2.0 is not loaded. This is the
default action.
► Do not disable Firewall until the system totally stops. This setting allows to avoid
disruption of the Firewall operation until the system is completely stopped. This is
the default action.
By default all settings are enabled.
To modify advanced Firewall settings, please perform the following:
1. In the right part of the Firewall settings window in the Network rules section click the
Settings button.
Kaspersky CRYSTAL 2.0
577 | 746
2. In the Firewall window go to the Packet rules tab and click the Additional button.
Kaspersky CRYSTAL 2.0
578 | 746
3. In the Additional window check or uncheck the boxes next to the required settings and
click the OK button.
4. In the Firewall window click the OK button.
5. In the Settings window click the Apply button.
Firewall working features
When working with the Firewall component you should remember about the following
peculiarities:
► Firewall rules do not influence Network Attack Blocker;
► For the zone Local network ICMP packages are always allowed.
Kaspersky CRYSTAL 2.0
579 | 746
Proactive Defense
What is Proactive defense
To protect your computer both from already known and new threats, whose information is not
included into the anti-virus databases, the Proactive Defense module has been added to
Kaspersky PURE 2.0. The component controls and analyzes all types of activities on the
computer using the set of heuristics – templates of the applications’ suspicious behavior.
If, as a result of activity analysis, the sequence of an application's actions arouses suspicion,
Proactive Defense blocks the activity of this application.
However, you can create a group of trusted applications, whose activity will not be controlled
by Proactive Defense.
In order to increase the response time to new threats a special functionally – support of
updatable heuristics – is embedded into Kaspersky PURE 2.0, additionally to the static sets
of heuristics.
Updatable heuristics are a regularly updated set of templates (signatures) of the programs'
dangerous behavior. Unlike previous product version upon detection of a new virus or new
modification of the already known malware the new technology allows updating not the whole
module of Proactive Defense, but adding a new signature to the heuristics database and
updating it together with the anti-virus databases of the product.
Besides, the possibility of regular update, the heuristics database also supports trial behavior
templates. If Proactive Defense according to one of these templates detects the application
behavior as suspicious, then a special report is sent to Kaspersky Lab via Kaspersky Security
Network (KSN) (in case the user confirmed to participate in KSN).
Enabling/disabling Proactive Defense
By default, Proactive Defense is enabled. To pause or disable Proactive Defense, perform
the following actions:
1. Open the main application window.
2. In the top right corner of the window click the Settings button.
3. In the left part of the window, in the Protection section, select the Proactive Defense
component.
4. In the right part of the window, perform the following actions:
► Uncheck the Enable Proactive Defense box, if you want to disable the component.
► Check the box, if you want to enable the component.
5. In the bottom right corner of the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
580 | 746
Configuring Proactive defense settings
Creating group of trusted applications excluded from Proactive Defense scan
You can create a group of trusted applications exerting activity that should not be controlled by
Proactive Defense. By default, the list of trusted applications includes applications with
verified digital signatures and applications that are trusted in the Kaspersky Security Network
database.
To change the settings of the trusted applications group, perform the following actions:
1. In the right part of the window, in the Trusted applications section, perform the
following check the boxes:
► Applications with digital signature;
► Trusted in Kaspersky Security Network database.
Kaspersky CRYSTAL 2.0
581 | 746
2. In the bottom right corner of the Settings window click the Apply button.
You can also create your own list of applications, whose activity will not be controlled by
Proactive Defense. For this, perform the following actions:
1. In the Settings window select Protection.
2. In the left part of the window select the Threats and Exclusions section.
3. In the right part of the Settings window in the Exclusions section click the Settings
button.
Kaspersky CRYSTAL 2.0
582 | 746
4. In the Trusted zone window go to the Exclusion rules tab and click the Add button.
Kaspersky CRYSTAL 2.0
583 | 746
5. In the Exclusion rule window in the Properties section check the Object box, in the
Rule description section click the Select object link.
6. In the Object name window perform the following actions:
► Click the Browse button and add a file of an application whose activity will not be
monitored by Proactive Defense
► Check the Include subfolders box if a rule is created for several and more files
► Click the OK button.
Kaspersky CRYSTAL 2.0
584 | 746
7. In the Exclusion rule window in the Rule description section in the Protection
components line click the any link, then click the specified: select components link.
8. In the Protection components window check the Proactive Defense component and
click the OK button.
9. In the Exclusion rule window click the OK button.
Following these steps, create a list of applications excluded from Proactive defense scan.
Kaspersky CRYSTAL 2.0
585 | 746
Modifying rules of Proactive defense
The Proactive Defense component controls and analyzes behavior of all applications installed
on the computer. Based on the performed actions Kaspersky PURE 2.0 decides whether an
application is dangerous or not.
The following activity can be referred to as dangerous or malicious software behavior:
► Activity typical of P2P-worms;
► Activity typical of Trojan programs;
► key-loggers;
► hidden installation of a driver;
► modifying kernel of the operating system;
► hidden object;
► hidden process (with a negative identifier);
► activity typical of worms;
► redirection of input-output.
If necessary, you can disable control of any activity.
Each suspicious activity (event), executed by an application in the operating system, has a rule
according to which Proactive Defense acts. You can define how Proactive Defense will act
upon detection of this or that activity:
► Prompt user for action;
► Move an object to quarantine;
► Terminate
► Allow a process.
To configure the Proactive Defense rules, perform the following actions:
1. In the right part of the component settings window click the Settings button.
Kaspersky CRYSTAL 2.0
586 | 746
2. In the Proactive Defense window in the Event column check the events which
Proactive Defense will treat as suspicious.
3. To select a specific rule, select an event from the list.
4. In the Rule description section select an action for Proactive Defense to perform upon
detection of the activity type:
► Click the link in the Action line.
► In the Select action window select the required action and click the OK button.
Kaspersky CRYSTAL 2.0
587 | 746
► Define a time interval (for activity of hidden objects and processes only) at which
Proactive Defense will check the operating system for hidden processes and
objects:
► Click a link in the Period line.
► In the Hidden processes detection window set a time interval and click the OK
button.
5. Enable or disable report creation on the operation execution by clicking the On or Off
link in the Report line. In the Proactive Defense window click the OK button.
6. In the Settings window, click the OK button to save the changes.
To view a report on the Proactive Defense operation, perform the following actions:
1. Open the main application window.
2. In the top right corner of the window click the Reports button.
3. In the Reports window click the Detailed report button.
4. In the left part of the Detailed report window select the Proactive Defense item.
5. A report about the component operation will be displayed in the right part of the window.
Kaspersky CRYSTAL 2.0
588 | 746
Network Attack Blocker
What is Network Attack Blocker
The Network Attack Blocker from Kaspersky PURE 2.0 loads during the operating system
launch, and scans incoming network traffic for activities characteristic of network attacks.
Network attack is a network activity aimed to remotely perform (usually malicious) actions on
the computer. Vulnerabilities in the operating systems and/or installed programs are used for
network attacks.
As soon as an attempt to attack the computer is detected, Network Attack Blocker blocks any
network activity of the attacking computer towards your computer with Kaspersky PURE 2.0
installed.
A notification will appear on the screen that a network attack has been attempted, with specific
information about the computer that attacked you.
Descriptions of currently known network attacks and methods to fight them are provided in
application databases and are updated upon update of databases.
Enabling/Disabling Network Attack Blocker
By default, Network Attack Blocker is enabled and functions in the optimal mode. You can
disable Network Attack Blocker if necessary the following way:
1. Open the application settings window.
2. In left part of the window in the Protection section select the Network Attack Blocker
component.
3. In the right part of the window perform the following actions:
► If you need to disable the component, uncheck the Enable Network Attack Blocker
box.
► If you need to enable the component, check the Enable Network Attack Blocker
box.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
589 | 746
Changing blocking settings
By default, Network Attack Blocker blocks the activity of a computer making an attack for one
hour. You can cancel blockage of the selected computer or change the time of blockage.
To change the time for which the attacking computer will be blocked:
1. In the right part of the Settings window check the Add attacking computer to list of
blocked computers for box and enter the blocking time.
2. Click the Apply button.
Kaspersky CRYSTAL 2.0
590 | 746
To unblock an attacking computer, perform the following actions:
1. Open the application main window.
2. Select the Computer Protection section.
Kaspersky CRYSTAL 2.0
591 | 746
3. In the bottom left corner of the Protection Center window click the Network Monitor
window.
Kaspersky CRYSTAL 2.0
592 | 746
4. In the Network Monitor window on the Blocked computers tab select a blocked
computer and unblock it using the Unblock link.
Kaspersky CRYSTAL 2.0
593 | 746
Anti-Spam
What is Anti-Spam
The Anti-Spam component filters all incoming mail for unwanted mail (spam) and sorts it
according to the settings configured by the user.
Enabling/Disabling Anti-Spam
By default, the Anti-Spam component is enabled and functions in the optimal mode.
In order to enable or disable Anti-Spam in Kaspersky PURE 2.0, perform the following actions:
1. Open the main application window.
2. In the top right corner of the widow click the Settings button.
3. In the left part of the window in the Protection section select the Anti-Spam
component.
4. In the right part of the window in the Anti-Spam section perform the following actions:
► If you want to enable the component, check the Enable Anti-Spam box.
► If you want to disable the component, uncheck the Enable Anti-Spam box.
5. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
594 | 746
Security levels of Anti-Spam
The Anti-Spam component uses two methods to fight spam. Using the first (―exact‖) method,
Anti-Spam defines a message as unwanted by typical phrases, unwanted senders (whose
addresses are already added to the Anti-Spam database), malicious or phishing links. The
second (―expert‖) method allows to evaluate probability of spam, based on the analysis of the
text in the message and its service information.
A security level is a set of predefined Anti-Spam settings which provide a scan level of
incoming and outgoing messages.
Kaspersky Lab specialists distinguish three security levels:
► High. This security level should be used if you receive spam frequently; for example,
while using free mail services. When you select this level, the frequency of false
positives rises: that is, useful mail is more often recognized as spam. When
analyzing a message for spam the Anti-Spam component calculates the potential
rating: if the rating exceeds 50 but does not reach 80, the message is considered to
be potential spam. If the rating exceeds 80, then such message is labeled as
spam.
► Recommended. This security level should be used in most cases. When analyzing
a message for spam the Anti-Spam component calculates the potential rating: if the
rating exceeds 60 but does not reach 90, the message is considered to be potential
spam. If the rating exceeds 90, then such message is labeled as spam.
► Low. This security level should be used if you rarely receive spam, for example, if
you are working in a protected corporate email environment. When this level is
selected, spam and potential spam messages are less frequently recognized. When
analyzing a message for spam the Anti-Spam component calculates the potential
rating: if the rating exceeds 80 but does not reach 90, the message is considered to
be potential spam. If the rating exceeds 99 out of 100, then such message is
labeled as spam.
To modify the security level in Anti-Spam, perform the following actions:
1. In the component settings window in the Security level section drag the vertical slider
to the necessary position.
2. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
595 | 746
Customizing security level
To customize the security level of the Anti-Spam component, click the Settings button.
Kaspersky CRYSTAL 2.0
596 | 746
Exact methods
On the Exact methods tab you can enable/disable filters which Anti-Spam will use to scan a
message.
Kaspersky CRYSTAL 2.0
597 | 746
You can specify the range within which Anti-Spam will recognize messages as spam:
► If it contains phishing elements
► If it contains URLs from the database of malicious URLs
Anti-Spam can compare links in mail messages with the list of suspicious and phishing
web addresses. These lists are included in the distribution kit of Kaspersky PURE 2.0. If
a phishing or suspicious link is detected in a message, or if a message contains any
phishing element, such message is recognized as spam.
Clicking the Additional button next to the If it contains phishing elements box allows
to enable heuristic analysis when scanning emails for phishing and to set the necessary
detail level of analysis.
► If it is not addressed to me
In order to create a list of your addresses, perform the following actions:
1. In the Anti-Spam window on the Exact methods tab check the If it is not
addressed to me box.
2. Click the My addresses button.
Kaspersky CRYSTAL 2.0
598 | 746
3. In the My Email Addresses window click the Add link.
4. In the Email address mask window enter an email address (for example,
usekaspersky@kaspersky.com) and click OK.
Mask is a template string that a phrase or an address is compared against.
Certain symbols in a mask are used to represent others: * substitutes any sequence of
characters, ? – any single character. If a mask uses such wildcards, it can match several
phrases or addresses.
If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be
preceded with the \ character to ensure that Anti-Spam recognizes it correctly. Thus, instead
of the * character you should use in masks the \* combination, the ? character should be
represented as \? (e.g., What's the time\?).
Sample phrase masks:
Visit our * – this mask corresponds to a message that begins with the words Visit our and
continues with any text.
Examples of address masks:
► admin@test.com – the mask only matches the address admin@test.com. ► admin@* – the mask matches the sender address with the admin name, for example,
admin@test.com, admin@example.org. ► *@test* – the mask matches the address of any message sender from a domain beginning
with test, for example: admin@test.com, info@test.org. ► info.*@test.??? – this mask corresponds to the address of any sender whose name begins
with info. and whose mail domain name begins with test. and ends with any three characters, for example: info.product@test.com, info.company@test.org, not info.product@test.ru.
5. In order to quickly configure Anti-Spam on another computer, save the list of your
email addresses to a file by clicking the Export button and saving the file to a
specified location. At the next stage copy the file on any computer with Kaspersky
PURE 2.0 installed, open the My Email Addresses window, click the Import link
and specify the path to the address file.
Kaspersky CRYSTAL 2.0
599 | 746
6. To edit/delete a record, highlight the record and click Edit/Delete.
7. When the list is created, in the My Email Addresses window click the OK button.
► If it is from a blocked sender
To create the list of blocked senders, perform the following actions:
1. On the Exact methods tab check If it is from a blocked sender box.
2. Next to the If it is from a blocked sender box click the Select button.
3. In the Blocked senders window click the Add link.
4. In the Email address mask window enter an email address (for example,
usekaspersky@kaspersky.com) and click OK.
5. When the list is created, in the Blocked senders window click the OK button.
Kaspersky CRYSTAL 2.0
600 | 746
► If it contains blocked phrases
To create the list of blocked phrases, perform the following actions:
1. In the Anti-Spam window on the Exact methods tab check If it contains blocked
phrases box.
2. Next to the If it contains blocked phrases box click the Select button.
3. In the Blocked phrases window check the boxes next to the listed phrases. All
phrases in the list are selected by default.
4. To add a new phrase, click the Add link
5. In the Blocked phrase window enter a phrase (for example, viagra) or a phrase
mask (for example, *viagra*). Specify the weighting coefficient for the entered phrase
and click OK.
6. When the list is created, click the OK button in the Blocked phrase window
You do not have to delete a mask to stop using it; unchecking the corresponding box
next to it will be sufficient.
Kaspersky CRYSTAL 2.0
601 | 746
Kaspersky Lab experts have compiled the list of obscene words included in the
distribution package of Kaspersky PURE 2.0. The list contains obscene words that
indicate with a high probability that the message is spam if present. You can supplement
the list by adding complete phrases and their masks to it.
For this perform the following actions:
1. In the Blocked phrases window check the Block if contains obscene words box.
Click the obscene words link to open the Explicit language window.
Before opening the Explicit language window you have to confirm you are of age.
Kaspersky CRYSTAL 2.0
602 | 746
2. Click the Add link and open the Blocked phrase window.
3. Enter an entire phrase or a phrase mask, specify the weighting coefficient and click
the OK button.
You do not have to delete a mask to stop using it; unchecking the corresponding box
next to it will be sufficient.
You can also configure to give the useful status (which does not refer to the Spam and
Probable Spam categories) to the following emails:
► If it is from an allowed sender
In order to create a list of allowed senders, perform the following actions:
1. On the Exact methods tab check the If it is from an allowed sender box.
Kaspersky CRYSTAL 2.0
603 | 746
2. Next to the checked box click the Select button.
3. In the Allowed senders window check the boxes next to allowed senders. If no
sender has been added to the list, the list will be empty. To add a sender to the list,
go to the next step.
4. To add a new sender:
► Click the Add link;
► In the Email address mask window enter email address (for example,
usekaspersky@kaspersky.com) and click the OK button.
In Kaspersky PURE 2.0 all information about operation of the Anti-Spam
component is received from the ―cloud‖ which already contains the database of
sample spam messages. However, you can additionally configure loading
addresses from the list of Allowed senders. For this, in the Allowed senders
window check the Add allowed senders’ addresses when training Anti-Spam
box. If you want to disable the option, uncheck the box.
5. In the Allowed senders window click the OK button.
► If it contains allowed phrases
To create the list of allowed phrases, which would not be considered by Anti-Spam as
spam, perform the following actions:
1. On the Exact methods tab check the If it contains allowed phrases box.
2. Next to the checked box click the Select button.
3. In the Allowed phrases window check the boxes next to the listed phrases. If no
phrase has been added, the list will be empty. To add a new phrase, go to the next
step.
4. To add a new phrase:
► Click the Add link;
► In the Allowed phrase window enter a phrase (for example, kaspersky.com) and
click the OK button.
Kaspersky CRYSTAL 2.0
604 | 746
5. When the list is ready, in the Allowed phrases window click the OK button.
Expert methods
Anti-Spam can add appropriate labels to the message recognized after analysis as spam or
potential spam. This value is called a spam factor.
Having processed a message, Anti-Spam assigns one of the following statuses to it:
► Spam
► Probable spam
► Useful email
On the Expert methods tab you can specify the maximum and the minimum values for the
Spam and Probable spam rate, by changing the Anti-Spam security level.
Kaspersky CRYSTAL 2.0
605 | 746
In order to change the values of the spam rate, upon whose exceeding a status
Spam/Probable Spam will be assigned to the message, move the corresponding horizontal
sliders or specify a value using the arrow-buttons.
In order to configure additional settings to define a spam factor in a message, perform the
following actions:
1. In the Anti-Spam window on the Experts methods tab click the Additional button.
Kaspersky CRYSTAL 2.0
606 | 746
2. In the Additional window enable/disable the settings which influence the spam rate by
checking/unchecking them.
3. Click the OK button.
In the Recognition algorithms section check/uncheck the boxes:
Kaspersky CRYSTAL 2.0
607 | 746
► Image recognition (GSG Technology)
GSG technology allows to identify an image containing a text to further define if the text
in the image is spam. A text is recognized irrespective if it was modified, angled on an
image, or underwent any other trick of spammers.
► Analysis of attachments in RTF format
Anti-Spam analyzes documents in the RTF format for spam presence. Documents in
the RTF format attached to email messages are most frequently used for spam delivery.
Heuristic analysis is always used. A technology is designed for detecting threats that cannot
be identified using the application databases. It allows detection of objects suspected of being
infected with an unknown virus or a new modification of known viruses. The use of heuristic
analyzer detects up to 92% of threats.
Additional
On the Additional tab you can:
► Change the component actions performed on messages recognized as
spam/probable spam.
► Configure display of the component plug-in in different mail clients (Microsoft Office
Outlook, Microsoft Outlook Express (Windows Mail), Thunderbird, The Bat!).
► Enable/disable training on outgoing messages.
► Enable/disable scan of Microsoft Exchange Server messages.
To enable/disable additional settings, check/uncheck boxes next to the corresponding options
and in the Anti-Spam window click OK.
Kaspersky CRYSTAL 2.0
608 | 746
Rollback to Anti-Spam default settings
You can roll back to the default settings at any moment, after you have changed the Anti-
Spam parameters. For this, perform the following steps:
1. In the settings window of the Anti-Spam component in the Security level section click
the Default level button.
2. In the Settings windows click the Apply button.
Kaspersky CRYSTAL 2.0
609 | 746
Training Anti-Spam
Previous versions of Kaspersky PURE 2.0 required users to train the Anti-Spam module with a
certain number of messages before it could begin operation. In Kaspersky PURE 2.0, the Anti-
Spam module does not require training because it has access to a ―cloud‖ database of
sample spam message.
Kaspersky CRYSTAL 2.0
610 | 746
Anti-Banner
What is Anti-Banner
Anti-Banner is a protection component designed to block banners on web pages, whose
addresses are added to the anti-virus databases of Kaspersky PURE 2.0.
Ads on banners may distract you from your business activity while banner downloads increase
the amount of inbound traffic.
Enabling/disabling Anti-Banner
By default, the Anti-Banner component in Kaspersky PURE 2.0 is disabled.
To enable Anti-Banner, perform the following actions:
1. Open the application settings window, by clicking the Settings button in the top right
corner of the window.
2. In the left part of the Settings window select the Protection section,
3. Select the Anti-Banner component.
4. In the right part of the window, check the Enable Anti-Banner box.
5. Click the Apply button.
Kaspersky CRYSTAL 2.0
611 | 746
Selecting the scan method
Anti-Banner may use various methods to scan addresses from which banner can be
downloaded:
► Use common banner list. The lists of URL masks from which most common ads
banners are downloaded are compiled by the Kaspersky Lab experts and are
added to the product distribution kit. With the scan method enabled Anti-Banner
blocks ads banners from the addresses which correspond to the masks in the list. If
the scan method is disabled, then Anti-Banner does not block banners from the
addresses in the list.
By default, this scan method is enabled.
► Resolve IP-addresses to domain names. This box enables / disables automatic
resolution of IP addresses to URLs on the lists of allowed / blocked banner
addresses.
This box is unchecked by default.
► Use heuristic analysis. This technology detects threats which cannot be detected
with the Kaspersky PURE 2.0 databases and allows to find objects suspicious for
infection with an unknown virus or with a new modification of a known virus.
Kaspersky CRYSTAL 2.0
612 | 746
Heuristic analysis detects up to 92% of new threats. This mechanism is quite effective
and has very rarely false detections.
Files which are found by heuristics analyzer are considered to be suspicious.
If the scan method is enabled, then Anti-Banner scans banners whose addresses are
not added to the list of Kaspersky PURE 2.0 distribution package. Anti-Banner
evaluates the downloaded images by the presence of identifier typical for banners.
Based on such analysis Anti-Banner identifies the image as a banner and blocks it.
By default, this scan method is disabled.
You can specify which methods should be used by Anti-Banner. For this, perform the
following actions:
1. In the right part of the window, in the Scan methods group, check the boxes next to the
names of the methods that should be used.
2. Click the Apply button.
Creating the list of blocked and allowed banner addresses
Additionally to the scan methods Anti-Banner checks the banner addresses with the masks
from the list of blocked or allowed addresses if they are used.
Kaspersky CRYSTAL 2.0
613 | 746
Using the lists of blocked and allowed banners addresses, you can allow banners to be
downloaded for a specified group of addresses and block them for another group. Create a list
of blocked address masks to let Anti-Banner block download and display of banners from the
addresses that correspond to those masks. Create a list of allowed address masks to let Anti-
Banner download and display banners from the addresses that correspond to those masks.
To create a list of blocked addresses, do the following:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, check the Use the list of blocked URLs box.
2. Click the Settings button.
3. Click the Add button, to add a new mask.
4. In the Address mask (URL) window enter a blocked banner mask and click the OK
button.
Kaspersky CRYSTAL 2.0
614 | 746
5. When all the necessary masks are added, in the Blocked URLs window click the OK
button.
6. In the Settings window click the Apply button.
You do not have to delete a mask to stop using it, unchecking the corresponding box next to it
will be sufficient for the purpose.
To create and use the list of allowed addresses, perform the following actions:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, check the Use the list of allowed URLs box.
2. Click the Settings button.
Kaspersky CRYSTAL 2.0
615 | 746
3. Click the Add button, to add a new mask.
4. In the Address mask (URL) window enter an allowed banner mask and click the OK
button.
5. When all the necessary masks are added, in the Allowed URLs window click the OK
button.
Kaspersky CRYSTAL 2.0
616 | 746
6. In the Settings window click the Apply button.
To exclude a mask from the list of allowed URLs, uncheck the corresponding box next to the
address mask.
Exporting and importing the lists of addresses
After you have created the lists of allowed or blocked banner addresses, you can use them
repeatedly: for example, export banner addresses to a similar list on another computer with
Kaspersky PURE 2.0 installed on it.
To do this:
1. Make export – copy records from the list into a file.
2. Move the file you have saved to another computer (for example, send it by email or use
a removable data medium).
3. Make import – add the records from the file to the list of the same type on another
computer.
While exporting the list, you can copy either the selected list element only, or the entire list.
While importing the list, you can add the new elements to the existing list, or replace the
existing list with the one being imported.
Kaspersky CRYSTAL 2.0
617 | 746
To export banner addresses from the list of allowed or blocked URLs, perform the following
steps:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, click the Settings button located in the line with the name of the list
from which you should copy addresses into a file (list of blocked or allowed URLs).
2. In the window that opens, check the boxes next to the addresses that you need to
include in the file.
3. Click the Export button.
4. In the window, take one of the following actions:
► click the Yes button if you need to include only selected addresses in the file;
► click the No button if you need to include the entire list in the file.
Kaspersky CRYSTAL 2.0
618 | 746
5. In the Save as window, enter a name for the file you want to save and click the Save
button.
To import banner addresses from a file to the list of allowed or blocked URLs, perform the
following actions:
1. In the right part of the Settings window of the Anti-Banner component, in the
Additional section, click the Settings button located in the line with the name of the list
into which you need to add addresses from a file (list of allowed or blocked URLs).
2. In the window that opens, click the Import button.
3. If the list is not empty, a window opens offering you to add items to be imported. In this
window, take one of the following actions:
► click the Yes button if you want to add records from the file into the list;
► click the No button if you want to replace the existing records with the list from the
file.
4. In the Open file window, select the file with the list of records that you want to import
and click the Open button.
5. Click the OK button.
6. In the Settings window click the OK button.
Kaspersky CRYSTAL 2.0
619 | 746
Threats and exclusions
Detecting definite types of threats
Kaspersky PURE 2.0 can detect hundreds thousands of malware programs that may reside on
your computer. Some of these programs impose a greater threat for your computer, others are
only dangerous when certain conditions are met. After the application detects a malware
application, it classifies it and assigns to it a danger level (high or medium).
Kaspersky Lab's virus analysts distinguish three main categories:
► Malware programs (Malware) are created with the purpose to damage a computer
and its user, for example, to steal, block, modify or erase information, disrupt
operation of a computer or a computer network. Malware programs are divided into
three subcategories:
► Viruses and worms (Viruses\Worms) can create copies of themselves which are,
in turn, capable of creating their own copies. Some of them run without user's
knowledge or participation, others require actions on the user's part to be run. These
programs perform their malicious actions when run.
► Trojan programs (Trojan programs) do not create copies of themselves, unlike
worms and viruses. They sneak into a computer, for example, via e-mail or using a
web browser when the user visits an "infected" website. To be launched they require
user's actions and start performing their malicious actions as they run.
► Malware utilities (Malicious tools) are created specifically to inflict damage.
However, unlike other malware programs, they do not perform malicious actions
immediately as they are run and can be safely stored and run on the user's
computer. Such programs have functions used to create viruses, worms and Trojan
programs, arrange network attacks on remote servers, hacking computers or other
malicious actions.
► Potentially unwanted programs (PUPs), unlike malware programs, are not
intended solely to inflict damage. Potentially unwanted programs include adware,
auto-dialers and other potentially unwanted programs.
► Adware display advertising information to the user.
► Auto-Dialers do not harm the system directly but in case of careless use may lead
to considerable financial loses of the owner of the phone number from which dialing
to a paid resource is performed.
► Other Riskware – more often than not they are useful programs used by many
computer users. However, if an intruder obtains access to these programs or install
them to the user's computer, such intruder can use their functionality to breach the
security.
► Compressed files. Such files exclude detecting malicious actions and make them
difficult to be analyzed by heuristic methods.
Potentially unwanted programs are installed using one of the following methods:
► They are installed by the user, individually or along with another program (for
example, software developers include adware programs into freeware or shareware
programs).
► They are also installed by intruders, for example they include such programs into
packages with other malware programs, use "vulnerabilities" of the web browser or
Trojan downloaders and droppers, when the user visits an "infected" website.
Kaspersky CRYSTAL 2.0
620 | 746
By default the following types of threats are detected in Kaspersky PURE 2.0:
► Viruses and worms (their detection cannot be disabled)
► Trojan programs (their detection cannot be disabled)
► Malicious tools
► Adware
► Auto-dialers
► Unknown packagers
► Multi-packed objects
In order to enable/disable detection of some types of threats, perform the following actions:
1. In the upper part of the Settings window under Protection select the Threats and
Exclusions subsection.
2. In the right part of the window in the Detection of the following threat types is
enabled section click the Settings button.
3. In the Threats window check/clear the box(es) for the types of threats which should
be\should not be detected.
Kaspersky CRYSTAL 2.0
621 | 746
4. In the bottom right corner of the window click OK.
5. In the Settings window click the Apply button.
Exclusions
Trusted zone is a list of objects created by the user whose work is not controlled by the
program. Namely, it is a set of exclusions from Kaspersky PURE 2.0 protection.
Trusted zone is created based on the list of trusted applications and exclusion rules
depending on the peculiarities of objects you are working with and programs installed on this
computer. You may need to add objects to trusted zone, for example if Kaspersky PURE 2.0
blocks access to an object or program, while you are sure that this object/ program is
harmless.
For example, you consider that the objects used by the standard Microsoft Windows Notepad
are secure and do not have to be scanned. In other words, you trust this application. To
exclude the objects used by this process, add the application Notepad into the list of trusted
applications.
Some actions classified as dangerous can be normal indeed depending on application
functions.
For example, hooking the text being typed is a normal action for automatic keyboard layout
switch programs (Punto Switcher, etc.). It is recommended to add such specific applications to
the list of trusted applications to disable monitoring of their activity.
When a program is added to the list of trusted, its file and network activity (including suspicious
activity) and queries to the system registry are not monitored. At the same time an executable
file and the process of a trusted program are still scanned for viruses. In order to fully exclude a
program from scan, you should use exclusion rules.
Excluding trusted applications from scan is a way to solve possible compatibility issues
between Kaspersky PURE 2.0 and other software (for example, network traffic from another
PC which has already been scanned by antivirus software). It also allows to increase
performance of a computer, which is essential when using software for servers.
Kaspersky CRYSTAL 2.0
622 | 746
In their turn, exclusion rules of trusted zone allow to work with legal software which can be
used by invaders to corrupt your computer or user’s data. Such programs do not have
malicious functionality, but can be used as an auxiliary component of a malicious program. The
list of such potentially dangerous software includes remote administrating programs, IRC-
clients, FTP-servers, various tools to stop processes or hide their work, key loggers, password
breaking programs, auto-dialers and etc. As a result of work of Kaspersky PURE 2.0 such
programs can be blocked. In order to avoid blocking, configure rules excluding such programs
from scan.
Exclusion rules are sets of conditions that Kaspersky PURE 2.0 uses to verify if it can skip an
object during the scan. In all other cases an object will be scanned by protection components
according to the protection settings configured for them.
Exclusion rules of trusted zone can be used by some application components. For example, by
File Anti-Virus, Mail Anti-Virus, Web Anti-Virus, and during scan for viruses tasks.
Creating the list of trusted applications
By default, Kaspersky PURE 2.0 scans objects opened, started or saved by any system
process as well as controls activity of all programs and the created network traffic. Upon
adding applications to the list of trusted applications, Kaspersky PURE 2.0 excludes them from
scan.
In order to add a program to the list of trusted, perform the following actions:
1. In the upper part of the Settings window select Protection > Threats and Exclusions.
2. In the right part of the window in the Exclusions section, click the Settings button.
Kaspersky CRYSTAL 2.0
623 | 746
3. In the open window on the Trusted applications tab click the Add link to open the
menu. In the menu select one of the items:
► Browse. Selecting this item opens the standard browse window. In this window, you
can select the executable file of an application.
► Applications. Selecting this item opens the Select application window with a list of
applications currently running. You can select the required application from the list.
Kaspersky CRYSTAL 2.0
624 | 746
4. In the opened window Exclusions for application check the boxes for activities which
should not be monitored.
You can modify the program scan settings or delete the program from the list using the
corresponding links in the lower part of the list. In order to exclude a program from the
list without deletion, clear the box next to the program name.
Kaspersky CRYSTAL 2.0
625 | 746
Creating exclusion rules
If you use in your work programs classified by Kaspersky PURE 2.0 as illegal and which can
be used by cyber criminals to harm either your computer or user’s data, you are recommended
to configure exclusion rules for such programs.
Exclusion rules are sets of conditions that Kaspersky PURE 2.0 uses to verify if it can skip an
object during the scan.
In Kaspersky PURE 2.0 you can create exclusion rules only for the following components:
► File Anti-Virus
► Mail Anti-Virus
► Web Anti-Virus
► Application Control
► Proactive Defense
► Scan.
Exclusion rules allow adding exclusions by:
► Object - exclusion of a certain object, directory, or files that match a certain mask /
format from scans.
► Threat type - exclude objects according the Virus Encyclopedia threat type
classification.
The following parameters can be configured/ modified for the Object type:
► Define file, folder or mask excluded from scan
► Define exclusions for subfolders, if a definite folder is given as an exclusion
► Define component(s) and tasks for which the exclusion will work
For the Threat type you can define the name / mask of the threat type classification according
to the Kaspersky Lab Virus Encyclopedia.
Kaspersky CRYSTAL 2.0
626 | 746
You can also define component(s) and tasks for which the exclusion will work.
In order to create an Exclusion rule, perform the following actions:
1. In the upper part of the Settings window under Protection select Threats and
Exclusions.
2. In the right part of the window in the Exclusions section click the Settings button.
3. In the open window on the Exclusion rules tab, click the Add link.
4. In the Exclusion rule window specify the rule’s properties by checking the boxes in the
Properties section:
► Object
► Threat type
Kaspersky CRYSTAL 2.0
627 | 746
5. In the Rule description section click the select object link.
6. In the Object name window click the Browse button and select the file for which you
are creating the rule. Select the necessary folder with the file or enter the full path to the
file.
7. Check the option Include subfolders if the rule is created for more than one file.
8. In the Object name window, click OK.
9. If you have checked Threats type, then next to the Threat type option, click on the
enter threat name... link, if you want to exclude a threat type.
Kaspersky CRYSTAL 2.0
628 | 746
10. In the Threat type window, enter the classification type according to the Virus
Encyclopedia.
11. In the Threat type window, click OK.
12. In the Exclusion rule window in the Rule description section in the Protection
components string click the specified: select components link.
Kaspersky CRYSTAL 2.0
629 | 746
13. In the Protection components window, define the components for which the exclusion
rule will be applied.
Kaspersky CRYSTAL 2.0
630 | 746
14. Click OK.
15. In the Exclusion rule window, click on the OK button.
16. In the Trusted zone window click the OK button.
17. In the bottom right corner of the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
631 | 746
Settings. Scan
General settings
Background scan
Kaspersky PURE 2.0 allows you to start scan tasks (scan of the system memory, system
partition, and startup objects) and automatic update of anti-virus databases when your
computer is idle or when screensaver is enabled.
In order to configure background scan, perform the following actions:
1. In the application settings window select Scan.
2. In the left menu select General Settings.
3. In the Background scan section check Perform Idle Scan and Perform regular
rootkit29 scan, if necessary.
29
Rootkits are sets of tools that can hide malicious programs in your operating system. These utilities are injected into the system, hiding their presence and the presence of processes, folders and the registry keys of other malicious programs installed with the rootkit, described in the rootkit configuration.
Kaspersky CRYSTAL 2.0
632 | 746
If your computer works from a battery, Kaspersky PURE 2.0 does not perform tasks while the
computer is idle.
A click upon the icon , takes you to the Kaspersky Lab Technical Support site, to the
page with an article which describes how to enable scan task while your computer is idle.
Scanning removable drives on connection
Nowadays, malicious objects using operating systems' vulnerabilities to replicate via networks
and removable media have become increasingly widespread. Kaspersky PURE 2.0 allows to
scan removable drives when connecting them to the computer.
To configure scanning of removable media at connection, perform the following actions:
1. In the application settings window select Scan.
2. In the left menu select General Settings.
3. In the Scan removable drives on connection section select an action and define the
maximum size of a drive to scan, if necessary.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
633 | 746
Starting scan using a shortcut
You can start full scan, critical areas scan and vulnerabilities scan tasks using a shortcut.
A shortcut allows to start a scan task without opening an application window. To create a
shortcut for a scan task, perform the following actions:
1. In the application settings window select Scan.
2. In the left menu select General Settings.
3. In the right part of the window in the Scan tasks quick run section click the Create
shortcut button next to the required task: Full Scan, Critical Areas Scan,
Vulnerability Scan.
4. In the Save as window specify the path for saving the shortcut and its name. By default,
the shortcut is created with the name of the task in the Desktop folder of the current
computer user
Kaspersky CRYSTAL 2.0
634 | 746
5. In the Settings window click the OK button.
6. On the Desktop find the created shortcut and double-click it to start a task.
Kaspersky CRYSTAL 2.0
635 | 746
Full Scan
Security levels
A security level is a set of predefined scan settings.
Kaspersky Lab specialists distinguish three security levels. You can set one of the following
security levels:
► High. Use this level is the probability of computer infection is very high;
► Recommended. This is the optimal level for most cases and is recommended by
Kaspersky Lab;
► Low. If you are using applications requiring considerable RAM resources, select the
Low security level because the list of files under scan is reduced on this level.
To select a security level, perform the following actions:
1. In the application settings window select Scan.
2. In the menu select the required task - Full Scan.
3. For the selected task in the Security level section select the required security level.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
636 | 746
If none of the predefined security levels satisfies your needs, configure scan settings on your
own. As a result of your actions the security level changes to Custom.
When configuring scan task settings, you can always restore the recommended ones. They are
considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended
security level.
To restore the default scan settings, perform the following actions:
1. For the selected scan task in the Settings window in the Security level section click the
Default level button.
2. In the Settings window click the Apply button.
Modifying type of scanned objects
You can define on your own files of what format and size should be scanned during a selected
scan task.
To change the type of scanned objects, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
Kaspersky CRYSTAL 2.0
637 | 746
2. On the Scope tab in the File types section select the required variant.
Kaspersky CRYSTAL 2.0
638 | 746
► All files. Kaspersky PURE 2.0 scans files of all formats and extensions.
► Files scanned by format. If you select this option, Kaspersky PURE 2.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. Before
searching for viruses an inner header of an object is analyzed for the file format (txt,
doc, exe and etc). The file extension is also considered during scan.
► Files scanned by extension. In this case, Kaspersky PURE 2.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. At this, the file
format is defined by its extension.
Files without extensions are always scanned!
When selecting file types please remember the following:
► Probability of penetration of malicious code into several file formats (such as .txt)
and its further activation is quite low. At the same time, there are formats that contain
or may contain an executable code (such as .exe, .dll, .doc). The risk of penetrating
and activating malicious code in such files is quite high.
► The intruder can send a virus to your computer in an executable file renamed as txt
file. If you have selected the scan of files by extension, such a file is skipped by the
scan. If the scan of files by format is selected, then, regardless of the extension, File
Anti-Virus will analyze the file header, and reveal that the file is an .exe file. Such a
file would be thoroughly scanned for viruses.
3. Click OK.
Kaspersky CRYSTAL 2.0
639 | 746
4. In the Settings window click the Apply button.
Scan optimization
You can shorten the scan time and speed up Kaspersky PURE 2.0. This can be achieved by
scanning only new files and those files that have altered since the last time they were scanned.
This mode applies both to simple and compound files.
You can also set a restriction on scan duration for an object. When the specified time interval
expires, the object will be excluded from the current scan (except for archives and files
comprised of several objects).
To optimize scan, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan optimization section set the required settings:
► To scan only new and changed files, check the Scan only new and changed files
box;
► To set restriction on scan duration for one object, check the Skip objects scanned
longer than box and specify scan duration for one object.
3. Click the OK button.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
640 | 746
Scan of compound files
A common method of concealing viruses is to embed them into compound files: archives,
databases, etc. To detect viruses that are hidden this way a compound file should be
unpacked, which can significantly lower the scan speed.
To modify the list of scanned compound files, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan of compound files section select types of the scanned
compound files.
For each type of compound file, you can select to scan either all files or only new ones.
To make your selection, click the link next to the name of the object. It changes its value
when you left-click it. If you select the scan new and changed files only scan mode,
you will not be able to select the links allowing you to scan all or new only files.
Kaspersky CRYSTAL 2.0
641 | 746
You can restrict the maximum size of the compound file being scanned. Compound files
larger than the specified value will not be scanned. For this in the Scan of compound
files section, click the Additional button. In the Compound files window check the Do
not unpack large compound files box and specify the maximum size of scanned files.
3. Click the OK button.
4. In the Settings window click the Apply button.
When large files are extracted from archives, they will be scanned even if the Do not unpack
large compound files box is checked.
Kaspersky CRYSTAL 2.0
642 | 746
Selecting scan method
Kaspersky PURE 2.0 uses various scan methods:
► Signature analysis. When performing signature analysis, Kaspersky PURE 2.0
uses databases that contain descriptions of known threats and ways of neutralizing
them. Protection using signature analysis provides a minimal level of security.
► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file
whose operations allow to draw a conclusion about the nature of a file with a certain
probability. The advantage of the method is that new threats are detected even
before they are known to virus analysts.
Additionally you can set the detail level for scans: light scan, medium scan, or deep
scan.
► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the
operating system. These tools penetrate the system and mask their presence and
the presence of processes, folders, registry keys of other malicious programs,
described in the rootkit configuration.
If you are scanning for viruses, you can enable the deep scan for rootkits by checking
the Detailed scan box, which will scan carefully for these programs by analyzing a large
number of various objects. These checkboxes are deselected by default, since this
mode requires significant operating system resources.
The Signature analysis method is always enabled. To enhance the scan efficiency you can
enable other scan methods. For this, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan methods select the necessary scan methods.
Kaspersky CRYSTAL 2.0
643 | 746
3. Click the OK button.
4. In the Settings window click the Apply button.
Selecting scan technology
In addition to the scan methods you can use special technologies:
► iChecker is a technology that increases scan speed by excluding certain objects
from the scan. An object is excluded from the scan with a special algorithm that uses
the release date of Computer Protection databases, the date of the object's last
scan, and any changes in the scan settings.
There are limitations to iChecker: it does not work with large files and applies only to the
objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,
.inf, .sys, .com, .chm, .zip, .rar).
► iSwift is a technology that builds on iChecker technology for computers using NTFS.
There are limitations to iSwift: it is bound to a specific file's location in the file system
and can apply only to objects in NTFS.
The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the
files that have not been modified since they were last scanned. By default, both technologies
are used. To change the set of scan technologies, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan technologies section select the required values.
3. Click the OK button.
Kaspersky CRYSTAL 2.0
644 | 746
4. In the Settings window click the Apply button.
Creating scan schedule
In Kaspersky PURE 2.0 you can choose whether to start the full scan task manually or by
schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you.
The scan process takes some time to be completed and you cannot use some applications
installed on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the full scan task.
If you select this variant, you can set the scan task frequency. In the schedule settings you can
select one of the following frequencies: minutes, hours, days, every week, at a specified time,
every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
In order to schedule a scan task, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Run mode tab in the Schedule section select the required values.
3. Select By schedule and create a task launch schedule with the frequency and a definite
time interval to start a scan task.
Kaspersky CRYSTAL 2.0
645 | 746
You can configure the program to automatically start a skipped scan task as soon as it
becomes possible. For example, the computer was not on at that time when a full scan
task was scheduled. In this case the scan will start as soon as computer is enabled. To
do so, in the Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled
scan when screensaver is inactive or computer is unlocked. This functionality
postpones the task launch until the user has finished working on the computer. So, the
scan task will not take up system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Starting scan under a different account
By default scan tasks are started under an account you registered in the system. If your
account does not have enough rights, you can specify a different account under whose rights
each scan task will be started.
To specify an account, perform the following steps:
1. In the top part of the Settings window select Scan.
2. In the left menu select Full Scan.
3. In the right part of the window click the Run mode button.
4. On the Run mode tab in the User account section check the Run task as box. In the
fields below specify the user name and password.
Kaspersky CRYSTAL 2.0
646 | 746
5. Click the OK button.
6. In the Settings window click the Apply button.
Actions over detected treats
If infected or potentially infectious objects are detected, the application performs the specified
action. Depending on your current preferences you can configure virus scan settings or allow
the program to select an action.
Default actions
By default program chooses the actions on detected objects itself.
If as a result of scan the program failed to define whether the object is infected or not, the
object is quarantined.
If an object gets an infected status, the application will try to disinfect such object. If disinfection
fails, such object will be deleted.
Before an object disinfection or deletion Kaspersky PURE 2.0 creates its backup copy in case
you want to restore the object or the application can neutralize the threat.
Kaspersky CRYSTAL 2.0
647 | 746
Actions defined by the user
You can also define an action to be performed for detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.
If the Disinfect objects if possible variant is selected, the program functions the following
way:
► If the object can be disinfected, it will be disinfected and will return to the user.
► If as a result of scan the program failed to define whether the object is infected or
not, the object is quarantined. If the option to scan quarantined files after each
database update is enabled, then when a new disinfection signature is received the
quarantined object can be disinfected and returned to the user.
► If the status of a virus is assigned to the object and its disinfection is impossible, the
object is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.
Kaspersky CRYSTAL 2.0
648 | 746
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
649 | 746
In this case the program performs the following actions over an object:
► Disinfect, if disinfection is possible. After disinfection you can continue your work
with the object.
► Quarantine, if the program failed to define if the object is infected or not. If the option
to scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and
returned to the user.
► Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions for every detected object
You can also specify actions for every detected object individually. For this enable Kaspersky
PURE 2.0 interactive mode:
1. In the top part of the Settings window select the Protection section.
2. In the left menu select General Settings.
3. In the Interactive protection section, uncheck the Select action automatically box.
Kaspersky CRYSTAL 2.0
650 | 746
4. Click the Apply button.
Interactive mode can only be enabled for the whole program. When the mode is enabled
you will have to select an action for every object detected by any Kaspersky PURE 2.0
component.
To specify an action over detected threats, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select the required task.
3. For the selected task in the Action on threat detection section specify the necessary
action:
► Prompt when the scan is complete;
► Prompt on detection;
► Select action:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
651 | 746
4. In the Settings window click the Apply button.
If the Select action option is enabled but no action is chosen, the application will block
dangerous objects and quarantine them notifying the user about the quarantined objects.
Kaspersky CRYSTAL 2.0
652 | 746
The Delete, if disinfection fails options appears only if the Disinfect objects if possible box
is checked.
Run mode and scan scope
Run mode
In Kaspersky PURE 2.0 you can choose whether to start the full scan task manually or by
schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you.
The scan process takes some time to be completed and you cannot use some applications
installed on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the full scan task.
If you select this variant, you can set the scan task frequency. In the schedule settings you can
select one of the following frequencies: minutes, hours, days, every week, at a specified time,
every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
Kaspersky CRYSTAL 2.0
653 | 746
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
In order to schedule a scan task, perform the following actions:
1. In the right part of the settings window of the selected task in the Run mode and scan
scope section click the Run mode button.
2. On the Run mode tab in the Schedule section select the necessary values.
3. Select By schedule and create a task launch schedule with the frequency and a definite
time interval to start a scan task.
You can configure the program to automatically start a skipped scan task as soon as it
becomes possible. For example, the computer was not on at that time when a full scan
task was scheduled. In this case the scan will start as soon as computer is enabled. To
do so, in the Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled
scan when screensaver is inactive or computer is unlocked. This functionality
postpones the task launch until the user has finished working on the computer. So, the
scan task will not take up system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
654 | 746
Creating list of objects to scan
You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For
example, if you do not want to scan the whole system and all applications installed on your
computer you can create your own list of applications, network and logical drives to scan.
In order to add, modify or delete objects from the scan scope, perform the following actions:
1. In the right part of the settings window of the selected task in the Run mode and scan
scope section click the Scan scope button.
2. In the Scan scope window you can modify the list of objects to scan. To add a new
object, click the Add link, to change or delete an existing object – Edit or Delete
correspondingly.
Kaspersky CRYSTAL 2.0
655 | 746
Note, that objects which appear in the list by default (System memory, Autostart objects,
System backup storage, My mail, All hard drives, All removable drives and All network
drives) cannot be edited or deleted.
3. You can also enable scan of subfolders. For this, in the Select object to scan window
check the Include subfolders box, when adding or editing an object.
4. In the lower part of the Select object to scan window click the OK button.
5. In the Settings window click the OK button.
Kaspersky CRYSTAL 2.0
656 | 746
Critical Areas Scan
Security levels
A security level is a set of predefined scan settings.
Kaspersky Lab specialists distinguish three security levels. You can set one of the following
security levels:
► High. Use this level is the probability of computer infection is very high;
► Recommended. This is the optimal level for most cases and is recommended by
Kaspersky Lab;
► Low. If you are using applications requiring considerable RAM resources, select the
Low security level because the list of files under scan is reduced on this level.
To select a security level, perform the following actions:
1. In the left part of the Settings window select the Scan section.
2. In the menu select the required task - Critical Areas Scan.
3. For the selected task in the Security level section select the required security level.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
657 | 746
If none of the predefined security levels satisfies your needs, configure scan settings on your
own. As a result of your actions the security level changes to Custom.
When configuring scan task settings, you can always restore the recommended ones. They are
considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended
security level.
To restore the default scan settings, perform the following actions:
1. For the selected scan task in the Settings window in the Security level section click the
Default level button.
2. In the Settings window click the Apply button.
Modifying type of scanned objects
You can define files of what format and size should be scanned by the selected scan task.
To change the type of scanned objects, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
Kaspersky CRYSTAL 2.0
658 | 746
2. On the Scope tab in the File types section select the required variant.
Kaspersky CRYSTAL 2.0
659 | 746
► All files. Kaspersky PURE 2.0 scans files of all formats and extensions.
► Files scanned by format. If you select this option, Kaspersky PURE 2.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. Before
searching for viruses an inner header of an object is analyzed for the file format (txt,
doc, exe and etc). the file extension is also considered during scan.
► Files scanned by extension. In this case, Kaspersky PURE 2.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. At this, the file
format is defined by its extension.
Files without extensions are always scanned!
When selecting file types please remember the following:
► Probability of penetration of malicious code into several file formats (such as .txt)
and its further activation is quite low. At the same time, there are formats that contain
or may contain an executable code (such as .exe, .dll, .doc). The risk of penetrating
and activating malicious code in such files is quite high.
► The intruder can send a virus to your computer in an executable file renamed as txt
file. If you have selected the scan of files by extension, such a file is skipped by the
scan. If the scan of files by format is selected, then, regardless of the extension, File
Anti-Virus will analyze the file header, and reveal that the file is an .exe file. Such a
file would be thoroughly scanned for viruses.
3. Click the OK button.
Kaspersky CRYSTAL 2.0
660 | 746
4. In the Settings window click the Apply button.
Scan optimization
You can shorten the scan time and speed up Kaspersky PURE 2.0. This can be achieved by
scanning only new files and those files that have altered since the last time they were scanned.
This mode applies both to simple and compound files.
You can also set a restriction on scan duration for an object. When the specified time interval
expires, the object will be excluded from the current scan (except for archives and files
comprised of several objects).
To optimize scan, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan optimization section set the required settings:
► To scan only new and changed files, check the Scan only new and changed files
box;
► To set restriction on scan duration for one object, check the Skip objects scanned
longer than box and specify scan duration for one object.
3. Click the OK button.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
661 | 746
Scan of compound files
A common method of concealing viruses is to embed them into compound files: archives,
databases, etc. To detect viruses that are hidden this way a compound file should be
unpacked, which can significantly lower the scan speed.
To modify the list of scanned compound files, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan of compound files section select types of the scanned
compound files.
For each type of compound file, you can select to scan either all files or only new ones.
To make your selection, click the link next to the name of the object. It changes its value
when you left-click it. If you select the scan new and changed files only scan mode,
you will not be able to select the links allowing you to scan all or new only files.
Kaspersky CRYSTAL 2.0
662 | 746
You can restrict the maximum size of the compound file being scanned. Compound files
larger than the specified value will not be scanned. For this in the Scan of compound
files section, click the Additional button. In the Compound files window check the Do
not unpack large compound files box and specify the maximum size of scanned files.
3. Click the OK button.
4. In the Settings window click the Apply button.
When large files are extracted from archives, they will be scanned even if the Do not unpack
large compound files box is checked.
Kaspersky CRYSTAL 2.0
663 | 746
Selecting scan method
Kaspersky PURE 2.0 uses various scan methods:
► Signature analysis. When performing signature analysis, Kaspersky PURE 2.0
uses databases that contain descriptions of known threats and ways of neutralizing
them. Protection using signature analysis provides a minimal level of security.
► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file
whose operations allow to draw a conclusion about the nature of a file with a certain
probability. The advantage of the method is that new threats are detected even
before they are known to virus analysts.
Additionally you can set the detail level for scans: light scan, medium scan, or deep
scan.
► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the
operating system. These tools penetrate the system and mask their presence and
the presence of processes, folders, registry keys of other malicious programs,
described in the rootkit configuration.
► If you are scanning for viruses, you can enable the deep scan for rootkits by
checking the Detailed scan box, which will scan carefully for these programs by
analyzing a large number of various objects. These checkboxes are deselected by
default, since this mode requires significant operating system resources.
The Signature analysis method is always enabled. To enhance the scan efficiency you can
enable other scan methods. For this, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan methods select the necessary scan methods.
3. Click the OK button.
Kaspersky CRYSTAL 2.0
664 | 746
4. In the Settings window click the Apply button.
Selecting scan technology
In addition to the scan methods you can use special technologies:
► iChecker is a technology that increases scan speed by excluding certain objects
from the scan. An object is excluded from the scan with a special algorithm that uses
the release date of Kaspersky PURE 2.0 databases, the date of the object's last
scan, and any changes in the scan settings.
There are limitations to iChecker: it does not work with large files and applies only to the
objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,
.inf, .sys, .com, .chm, .zip, .rar).
► iSwift is a technology that builds on iChecker technology for computers using NTFS.
There are limitations to iSwift: it is bound to a specific file's location in the file system
and can apply only to objects in NTFS.
The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the
files that have not been modified since they were last scanned. By default, both technologies
are used.
To change the set of scan technologies, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan technologies section select the required values.
Kaspersky CRYSTAL 2.0
665 | 746
3. Click the OK button.
4. In the Settings window click the Apply button.
Creating scan schedule
In Kaspersky PURE 2.0 you can choose whether to start the vulnerability scan task manually
or by schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you.
The scan process takes some time to be completed and you cannot use some applications
installed on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the vulnerability
scan task. If you select this variant, you can set the vulnerability scan task frequency. In the
schedule settings you can select one of the following frequencies: minutes, hours, days, every
week, at a specified time, every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
In order to schedule a scan task, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Run mode tab in the Schedule section select the necessary values.
Kaspersky CRYSTAL 2.0
666 | 746
3. If you select By schedule, create a task launch schedule with the frequency and a
definite time interval to start a scan task
You can configure the program to automatically start a skipped scan task as soon as it
becomes possible. For example, the computer was not on at that time when a full scan
task was scheduled. In this case the scan will start as soon as computer is enabled. To
do so, in the Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled
scan when screensaver is inactive or computer is unlocked. This functionality postpones
the task launch until the user has finished working on the computer. So, the scan task
will not take up system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Starting Critical Areas Scan under a different account
By default critical areas scan tasks are started under an account you registered in the system.
If your account does not have enough rights, you can specify a different account under whose
rights each scan task will be started. To specify an account, perform the following steps:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Critical Areas Scan.
3. В правой части окна нажмите на кнопку Режим запуска.
Kaspersky CRYSTAL 2.0
667 | 746
4. In the Run mode and scan scope section click the Run mode button.
5. Click the OK button.
6. In the Settings window click the Apply button.
Actions upon threat detection
If infected or potentially infectious objects are detected, the application performs the specified
action. Depending on your current preferences you can configure virus scan settings or allow
the program to select an action.
Default actions
By default, the application defines an action upon a detected object on its own. If in the result
of scan the application failed to define whether the object is infected or not, such object is
placed to quarantine.
If an object gets an infected status, the application will try to disinfect such object. If disinfection
fails, such object will be deleted.
Before an object disinfection or deletion Kaspersky PURE 2.0 creates its backup copy in case
you want to restore the object or the application can neutralize the threat.
Kaspersky CRYSTAL 2.0
668 | 746
Actions defined by the user
You can also define an action to be performed for detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
669 | 746
If the Disinfect objects if possible variant is selected, the program functions the following
way:
► If the object can be disinfected, it will be disinfected and will return to the user.
► If as a result of scan the program failed to define whether the object is infected or
not, the object is quarantined. If the option to scan quarantined files after each
database update is enabled, then when a new disinfection signature is received the
quarantined object can be disinfected and returned to the user.
► If the status of a virus is assigned to the object and its disinfection is impossible, the
object is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.
Kaspersky CRYSTAL 2.0
670 | 746
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
671 | 746
In this case the program performs the following actions over an object:
► Disinfect, if disinfection is possible. After disinfection you can continue your work with
the object.
► Quarantine, if the program failed to define if the object is infected or not. If the option
to scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and
returned to the user.
► Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions specified for every detected object
You can also specify actions for every detected object individually. For this enable Kaspersky
PURE 2.0 interactive mode:
1. In the top part of the Settings window select the Protection section.
2. In the left menu select General Settings.
3. In the Interactive protection section, uncheck the Select action automatically box.
4. Click the Apply button.
Kaspersky CRYSTAL 2.0
672 | 746
Interactive mode can only be enabled for the whole program. When the mode is enabled
you will have to select an action for every object detected by any Kaspersky PURE 2.0
component.
To specify an action over detected threats, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the menu select the necessary task.
3. For the selected task in the Action on threat detection section specify the necessary
action:
► Prompt when the scan is complete;
► Prompt on detection;
► Select action:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
673 | 746
4. In the Settings window click the Apply button.
If the Select action option is enabled but no action is chosen, the application will block
dangerous objects and quarantine them notifying the user about the quarantined objects.
Kaspersky CRYSTAL 2.0
674 | 746
Kaspersky CRYSTAL 2.0
675 | 746
The Delete, if disinfection fails options appears only if the Disinfect objects if possible box is
checked.
Run mode and scan scope
Run mode
In Kaspersky PURE 2.0 you can choose whether to start the full scan task manually or by
schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you.
The scan process takes some time to be completed and you cannot use some applications
installed on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the full scan task.
If you select this variant, you can set the scan task frequency. In the schedule settings you can
select one of the following frequencies: minutes, hours, days, every week, at a specified time,
every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
To protect your computer, it would be optimal to perform full computer scan not less than one
time a week.
Kaspersky CRYSTAL 2.0
676 | 746
In order to schedule a scan task, perform the following actions:
1. In the right part of the settings window of the selected task in the Run mode and scan
scope section click the Run mode button.
2. On the Run mode tab in the Schedule section select the required value.
3. If you select By schedule, create a task launch schedule with the frequency and a
definite time interval to start a scan task.
You can configure the program to automatically start a skipped scan task as soon as it
becomes possible. For example, the computer was not on at that time when a full scan
task was scheduled. In this case the scan will start as soon as computer is enabled. To
do so, in the Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can pause scheduled
scan when screensaver is inactive or computer is unlocked. This functionality
postpones the task launch until the user has finished working on the computer. So, the
scan task will not take up system resources during the work.
4. Click the OK button.
5. In the Settings window click the Apply button.
Creating a scan scope
You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For
example, if you do not want to scan the whole system and all applications installed on your
computer you can create your own list of applications, network and logical drives to scan.
Kaspersky CRYSTAL 2.0
677 | 746
In order to add, modify or delete objects from the scan scope, perform the following actions:
1. In the right part of the Settings window of the selected task in the Run mode and scan
scope section click the Scan scope button.
2. In the Scan scope window you can modify the list of objects to scan. To add a new
object, click the Add link, to change or delete an existing object – Edit or Delete
correspondingly.
Kaspersky CRYSTAL 2.0
678 | 746
Note, that objects which appear in the list by default (System memory, Autostart objects,
System backup storage, My mail, All hard drives, All removable drives and All network
drives) cannot be edited or deleted.
3. You can also enable scan of subfolders. For this, in the Select object to scan window
check the Include subfolders box, when adding or editing an object.
4. In the lower part of the Select object to scan window click the OK button.
5. In the Settings window click the OK button.
Kaspersky CRYSTAL 2.0
679 | 746
Custom Scan
Security levels
A security level is a set of predefined scan settings.
Kaspersky Lab specialists distinguish three security levels. You can set one of the following
security levels:
► High. Use this level is the probability of computer infection is very high;
► Recommended. This is the optimal level for most cases and is recommended by
Kaspersky Lab;
► Low. If you are using applications requiring considerable RAM resources, select the
Low security level because the list of files under scan is reduced on this level.
To select a security level, perform the following actions:
1. In the left part of the Settings window select Scan.
2. In the menu select the required task - Custom Scan.
3. For the selected task in the Security level section select the required security level.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
680 | 746
If none of the predefined security levels satisfies your needs, configure scan settings on your
own. As a result of your actions the security level changes to Custom.
When configuring scan task settings, you can always restore the recommended ones. They are
considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended
security level.
To restore the default scan settings, perform the following actions:
1. For the selected scan task in the Settings window in the Security level section click the
Default level button.
2. In the Settings window click the Apply button.
Modifying type of scanned objects
You can define files of what format and size should be scanned by the selected scan task.
To change the type of scanned objects, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
Kaspersky CRYSTAL 2.0
681 | 746
2. On the Scope tab in the File types section select the required variant.
Kaspersky CRYSTAL 2.0
682 | 746
► All files. Kaspersky PURE 2.0 scans files of all formats and extensions.
► Files scanned by format. If you select this option, Kaspersky PURE 2.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. Before
searching for viruses an inner header of an object is analyzed for the file format (txt,
doc, exe and etc). the file extension is also considered during scan.
► Files scanned by extension. In this case, Kaspersky PURE 2.0 only scans
potentially infectious files – i.e. files into which a virus may penetrate. At this, the file
format is defined by its extension.
Files without extensions are always scanned!
When selecting file types please remember the following:
► Probability of penetration of malicious code into several file formats (such as .txt)
and its further activation is quite low. At the same time, there are formats that contain
or may contain an executable code (such as .exe, .dll, .doc). The risk of penetrating
and activating malicious code in such files is quite high.
► The intruder can send a virus to your computer in an executable file renamed as txt
file. If you have selected the scan of files by extension, such a file is skipped by the
scan. If the scan of files by format is selected, then, regardless of the extension, File
Anti-Virus will analyze the file header, and reveal that the file is an .exe file. Such a
file would be thoroughly scanned for viruses.
3. Click the OK button.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
683 | 746
Scan optimization
You can shorten the scan time and speed up Kaspersky PURE 2.0. This can be achieved by
scanning only new files and those files that have altered since the last time they were scanned.
This mode applies both to simple and compound files.
You can also set a restriction on scan duration for an object. When the specified time interval
expires, the object will be excluded from the current scan (except for archives and files
comprised of several objects).
To optimize scan, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Scope tab in the Scan optimization section set the required settings:
► To scan only new and changed files, check the Scan only new and changed files
box;
► To set restriction on scan duration for one object, check the Skip objects scanned
longer than box and specify scan duration for one object.
3. Click the OK button.
4. In the Settings window click the Apply button.
Scan of compound files
A common method of concealing viruses is to embed them into compound files: archives,
databases, etc. To detect viruses that are hidden this way a compound file should be
unpacked, which can significantly lower the scan speed.
To modify the list of scanned compound files, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
Kaspersky CRYSTAL 2.0
684 | 746
2. On the Scope tab in the Scan of compound files section select types of the scanned
compound files.
For each type of compound file, you can select to scan either all files or only new ones.
To make your selection, click the link next to the name of the object. It changes its value
when you left-click it. If you select the scan new and changed files only scan mode,
you will not be able to select the links allowing you to scan all or new only files.
Kaspersky CRYSTAL 2.0
685 | 746
You can restrict the maximum size of the compound file being scanned. Compound files
larger than the specified value will not be scanned. For this in the Scan of compound
files section, click the Additional button. In the Compound files window check the Do
not unpack large compound files box and specify the maximum size of scanned files.
3. Click the OK button.
4. In the Settings window click the Apply button.
When large files are extracted from archives, they will be scanned even if the Do not unpack
large compound files box is checked.
Kaspersky CRYSTAL 2.0
686 | 746
Selecting scan method
Kaspersky PURE 2.0 uses various scan methods:
► Signature analysis. When performing signature analysis, Kaspersky PURE 2.0
uses databases that contain descriptions of known threats and ways of neutralizing
them. Protection using signature analysis provides a minimal level of security.
► Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file
whose operations allow to draw a conclusion about the nature of a file with a certain
probability. The advantage of the method is that new threats are detected even
before they are known to virus analysts.
Additionally you can set the detail level for scans: light scan, medium scan, or deep
scan.
► Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the
operating system. These tools penetrate the system and mask their presence and
the presence of processes, folders, registry keys of other malicious programs,
described in the rootkit configuration.
► If you are scanning for viruses, you can enable the deep scan for rootkits by
checking the Detailed scan box, which will scan carefully for these programs by
analyzing a large number of various objects. These checkboxes are deselected by
default, since this mode requires significant operating system resources.
The Signature analysis method is always enabled. To enhance the scan efficiency you can
enable other scan methods. For this, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan methods select the necessary scan methods.
3. Click the OK button.
Kaspersky CRYSTAL 2.0
687 | 746
4. In the Settings window click the Apply button.
Selecting scan technology
In addition to the scan methods you can use special technologies:
► iChecker is a technology that increases scan speed by excluding certain objects
from the scan. An object is excluded from the scan with a special algorithm that uses
the release date of Kaspersky PURE 2.0 databases, the date of the object's last
scan, and any changes in the scan settings.
There are limitations to iChecker: it does not work with large files and applies only to the
objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf,
.inf, .sys, .com, .chm, .zip, .rar).
► iSwift is a technology that builds on iChecker technology for computers using NTFS.
There are limitations to iSwift: it is bound to a specific file's location in the file system
and can apply only to objects in NTFS.
The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the
files that have not been modified since they were last scanned. By default, both technologies
are used.
To change the set of scan technologies, perform the following actions:
1. For the selected task in the Security level section click the Settings button.
2. On the Additional tab in the Scan technologies section select the required values.
3. Click the OK button.
4. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
688 | 746
Actions over detected threats
If infected or potentially infectious objects are detected, the application performs the specified
action. Depending on your current preferences you can configure virus scan settings or allow
the program to select an action.
Default actions
By default, the application defines an action upon a detected object on its own. If in the result
of scan the application failed to define whether the object is infected or not, such object is
placed to quarantine.
If an object gets an infected status, the application will try to disinfect such object. If disinfection
fails, such object will be deleted.
Before an object disinfection or deletion Kaspersky PURE 2.0 creates its backup copy in case
you want to restore the object or the application can neutralize the threat.
Actions defined by the user
You can also define an action to be performed for detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
689 | 746
If the Disinfect objects if possible variant is selected, the program functions the following
way:
► If the object can be disinfected, it will be disinfected and will return to the user.
► If as a result of scan the program failed to define whether the object is infected or
not, the object is quarantined. If the option to scan quarantined files after each
database update is enabled, then when a new disinfection signature is received the
quarantined object can be disinfected and returned to the user.
► If the status of a virus is assigned to the object and its disinfection is impossible, the
object is blocked and is added to the report about detected threats.
You can select only the Delete variant, but in this case all objects will be deleted, even if they
could be available for the user after disinfection.
Kaspersky CRYSTAL 2.0
690 | 746
Kaspersky Lab specialists recommend to select the following actions for the detected threats:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
691 | 746
In this case the program performs the following actions over an object:
► Disinfect, if disinfection is possible. After disinfection you can continue your work
with the object.
► Quarantine, if the program failed to define if the object is infected or not. If the option
to scan quarantined files after each database update is enabled, then when a new
disinfection signature is received the quarantined object can be disinfected and
returned to the user.
► Delete, if the virus status is assigned to the object and its disinfection is impossible.
Actions specified for every detected object
You can also specify actions for every detected object individually. For this enable Kaspersky
PURE 2.0 interactive mode:
1. In the top part of the Settings window select the Protection section.
2. In the left menu select General Settings.
3. In the Interactive protection section, uncheck the Select action automatically box.
4. Click the Apply button.
Kaspersky CRYSTAL 2.0
692 | 746
Interactive mode can only be enabled for the whole program. When the mode is enabled
you will have to select an action for every object detected by any Kaspersky PURE 2.0
component.
To specify an action over detected threats, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select the required task.
3. For the selected task in the Action on threat detection section specify the necessary
action:
► Prompt when the scan is complete;
► Prompt on detection;
► Select action:
► Disinfect objects if possible;
► Delete if disinfection fails.
Kaspersky CRYSTAL 2.0
693 | 746
4. In the Settings window click the Apply button.
If the Select action option is enabled but no action is chosen, the application will block
dangerous objects and quarantine them notifying the user about the quarantined objects.
Kaspersky CRYSTAL 2.0
694 | 746
The Delete, if disinfection fails options appears only if the Disinfect objects if possible box
is checked.
Kaspersky CRYSTAL 2.0
695 | 746
Vulnerability scan
Vulnerability scan performs the diagnostics of operating system and detects software
features that can be used by intruders to spread malicious objects and obtain access to
personal information.
Starting vulnerability scan with an existing shortcut
Vulnerability scan can be started:
► From the main application window (from the Protection section);
► Using an already existing shortcut.
To create a task shortcut, perform the following actions:
1. In the left menu select General Settings.
2. In the right part of the window in the Scan tasks quick run section click the Create
shortcut next to the Vulnerability Scan task.
Kaspersky CRYSTAL 2.0
696 | 746
3. In the Save as window browse the path to save the shortcut and its name. By default
the shortcut is created with a name of a task on the Desktop of the current computer
user.
4. Click the OK button.
A shortcut for vulnerability scan will appear in the specified location.
Run mode
In Kaspersky PURE 2.0 you can choose whether to start the vulnerability scan task manually
or by schedule (automatically).
If you select the Manually variant, then you can start the task at any time convenient for you.
The scan process takes some time to be completed and you cannot use some applications
installed on your computer during the scan process.
Selecting the By schedule variant allows to configure the automatic start of the vulnerability
scan task. If you select this variant, you can set the vulnerability scan task frequency. In the
schedule settings you can select one of the following frequencies: minutes, hours, days, every
week, at a specified time, every month, after application startup, after every update.
For every frequency you can specify the interval. For example, if you select Every month you
can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).
In order to schedule a scan task, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Vulnerability Scan.
3. In the right part of the window click the Run mode button.
Kaspersky CRYSTAL 2.0
697 | 746
4. On the Run mode tab in the Schedule section select By schedule and create a task
launch schedule with the frequency and a definite time interval to start a scan task.
Kaspersky CRYSTAL 2.0
698 | 746
You can configure the program to automatically start a skipped scan task as soon as it
becomes possible. For example, the computer was not on at that time when a full scan
task was scheduled. In this case the scan will start as soon as computer is enabled. To
do so, in the Schedule section check the Run skipped tasks box.
Scheduled tasks feature additional functionality, for example, you can Pause scheduled
scan when screensaver is inactive or computer is unlocked. This functionality
postpones the task launch until the user has finished working on the computer. So, the
scan task will not take up system resources during the work.
5. Click the OK button.
6. In the Settings window click the Apply button.
7.
Starting vulnerability scan task under different account
By default scant tasks are started under an account you registered in the system. If your
account does not have enough rights, you can specify a different account under whose rights
each scan task will be started.
To specify an account, perform the following steps:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Vulnerability Scan.
Kaspersky CRYSTAL 2.0
699 | 746
3. In the right part of the window click the Run mode button.
4. On the Run mode tab in the User account section check the Run task as box. In the
fields below specify the user name and password.
5. Click the OK button.
6. In the Settings window click the Apply button.
Creating a scan scope for vulnerability scan
You can create your own list of objects for the Vulnerabilities Scan task.
By default, the applications already installed on the computer are selected as scan objects.
You cannot modify or delete an object from this list.
In order to add, modify or delete objects from the scan scope, perform the following actions:
1. In the top part of the Settings window select the Scan section.
2. In the left menu select Vulnerability Scan.
3. In the right part of the window click the Scan scope button.
Kaspersky CRYSTAL 2.0
700 | 746
4. In the Scan scope window you can change the list of scanned objects. To add a new
object, click the Add link, to change or delete an existing object – Edit or Delete
correspondingly.
5. You can also enable scan of subfolders. For this, in the Select object to scan window
check the Include subfolders box, when adding or editing an object.
Kaspersky CRYSTAL 2.0
701 | 746
6. In the lower part of the Select object to scan window click the OK button.
7. In the Settings window click the Apply button.
Kaspersky CRYSTAL 2.0
702 | 746
Settings. Update
Update task’s run modes
In Kaspersky PURE 2.0 the update task can be launched using one of the following modes:
► Automatically. Kaspersky PURE 2.0 checks the update source for updates at
specified intervals. Scanning frequency can be increased during anti-virus outbreaks
and decreased when there are none. Having discovered new updates, the program
downloads and installs them on the computer.
► Manually. If you select this option, you will run Kaspersky PURE 2.0 updates on
your own.
► By schedule (time interval changes depending on settings). Updates will run
automatically according to the schedule created.
In order to configure the update run mode, perform the following actions:
1. Open the program settings window.
2. In the top part of the window select Update and then select Update Settings.
3. In the right part of the window click the Run mode button.
Kaspersky CRYSTAL 2.0
703 | 746
4. In the Update window on the Run mode tab in the Schedule section select the required
update run mode.
If you have selected the By schedule variant and an update was skipped for any
reason (for example, the computer was not on at that time), you can configure the task
to start automatically as soon as it becomes possible. To do so, check the Run skipped
tasks box.
You can also postpone automatic start of the task after the application startup. For this,
in the Postpone running after application startup for field specify the time. A
scheduled task will be run only when the specified time has expired after Kaspersky
PURE 2.0 startup.
5. Click the OK button, to save the made changes.
Running update under a different user account
By default, the update procedure is run under your system account. However, Kaspersky
PURE 2.0 can update from a source for which you have no access rights (for example, from a
network folder containing updates) or authorized proxy user credentials. You can run
Kaspersky PURE 2.0 updates on behalf of the user account that has such rights.
To start the update under a different user's account, perform the following actions:
1. Open the application settings window.
2. In the top part of the window select Update, and then select Update Settings.
Kaspersky CRYSTAL 2.0
704 | 746
3. In the right part of the window click the Run mode button.
4. In the Update window on the Run mode tab in the User account section check the
Run task as box. In the fields below specify the user name and password.
5. Click the OK button, to save the made changes.
Selecting an update source
Update source is a resource containing updates for databases and application modules of
Kaspersky PURE 2.0. Update sources can be HTTP or FTP servers, or local or network
folders.
The main update sources are Kaspersky Lab update servers where database updates and
application module updates for all Kaspersky Lab products are stored.
If you do not have access to Kaspersky Lab's update servers (for example, the access to the
Internet is restricted), you can call the Kaspersky Lab headquarters
(http://www.kaspersky.com/contacts) to request contact information of Kaspersky Lab
partners who can provide you with updates on removable media.
When ordering updates on removable drives, specify if you need updates for application
modules.
Kaspersky CRYSTAL 2.0
705 | 746
By default, the list of update sources contains only Kaspersky Lab's update servers. If several
resources are selected as update sources, Kaspersky PURE 2.0 tries to connect to them one
after another, starting from the top of the list, and retrieves the updates from the first available
source.
If you select a resource outside the LAN as an update source, you must have an Internet
connection to update.
Both Kaspersky Lab’s update servers and a local folder can be an update source. I.e. the
update process is the following: all updates from the Kaspersky Lab’s servers are
downloaded onto one computer in the network; next other computers download updates in the
LAN.
In order to select an update source, perform the following actions:
1. Open the application settings window.
2. In the top part of the window select Update and then select Update Settings.
3. In the right part of the window click the Update source button.
4. In the Update window on the Source tab open the selection window by clicking the Add
button.
Kaspersky CRYSTAL 2.0
706 | 746
5. In the Select update source window that opens, select the folder that contains the
updates, or enter an address in the Source field to specify the server from which the
updates should be downloaded.
Selecting the update server region
If you use Kaspersky Lab servers as the update source, you can select the optimal server
location when downloading updates. Kaspersky Lab servers are located in several countries.
Using the closest Kaspersky Lab update server allows you to reduce the time period required
for receiving updates and increase the operation performance speed. By default, the
application uses information about the current region from the operating system's registry. You
can select the region manually.
To select the server region, perform the following actions:
1. In the Update settings window click the Update source button.
2. In the Update window on the Source tab in the Regional settings section, select the
Select from the list option, and then select the country nearest to your current location
from the dropdown list.
Kaspersky CRYSTAL 2.0
707 | 746
Using proxy server
Your computer should be connected to the Internet for successful downloading of updates from
our servers. By default, Kaspersky PURE 2.0 automatically determines, if you use a proxy
server, to connect to the Internet.
If you use a proxy-server to connect to the Internet, then after the application installation, then
in Kaspersky PURE 2.0 settings the Use proxy server, Automatically detect the proxy
server settings mode is set automatically, and if authentication is used on the proxy-server,
then the fields User name and Password are filled out too. As a result you will only have to
check the settings and if they are not correct, enter the right settings.
If you do not know proxy-server settings, contact your Internet provider.
To make the changes in the proxy-server settings, perform the following actions:
1. In the Update settings window click the Update source button.
2. In the Update window on the Source tab click the Proxy-server button.
Kaspersky CRYSTAL 2.0
708 | 746
3. In the Proxy server settings window check the Use proxy server box and specify its
settings.
► For the program to automatically detect settings of the proxy-server, check the
Automatically detect the proxy server settings box. If a connection attempt fails,
specify the correct proxy server settings.
► If you work in the LAN, and need to authorize on a proxy server every time you try to
connect, then check the Use proxy server authentication box and fill out the User
name and Password fields.
Kaspersky CRYSTAL 2.0
709 | 746
► To bypass proxy server when connecting to local addresses, check the Bypass
proxy-server for local addresses box. If the box is unchecked, work with the local
addresses is performed through a proxy server, thus increasing your internet traffic.
Scanning quarantine after update
If the application has scanned an object and has not found out what malicious programs have
infected it (because the anti-virus databases have no records about this malicious code), the
object is quarantined. After the next database update, the product may be able to recognize
the threat unambiguously and neutralize it. You can enable the auto scan for quarantined
objects after each update.
Kaspersky Lab experts recommend that you periodically view quarantined files. Update may
change their status. Some files can then be restored to their previous locations, and you will be
able to continue working with them.
If after download of new anti-virus databases the object is found uninfected, a message
appears offering to restore an object from the quarantine. If the object is found infected, it
remains quarantined and the corresponding information is added to the application report. You
can delete a malicious object from the Quarantine on your own or restore it; as a result the
object may either be disinfected or deleted by the application itself.
To enable scanning quarantined files after update, perform the following actions:
1. Open the program settings window.
2. In the top part of the window select Update and then select Update Settings.
3. In the right part of the window, in the Additional section, check the Rescan Quarantine
after update box.
Kaspersky CRYSTAL 2.0
710 | 746
4. Click the OK button, to save the made changes.
Notifications on updates or new versions releases
The program can notify you when updates and new program versions are released. If you want
to see such notifications, perform the following actions:
1. Open the program settings window.
2. In the top part of the window select Update and then select Update Settings.
3. In the right part of the window in the Additional section check the Notify when updates
and new versions are available box. Clear the box, if you do not want to receive
notifications.
The box is checked by default.
Updating from a shared (local) folder
Kaspersky CRYSTAL 2.0
711 | 746
If two or more computers with Kaspersky PURE 2.0 are installed in the LAN, then you can
configure retrieval of anti-virus databases and application modules to a local source (folder on
a disk, shared source). I.e. one computer will download anti-virus databases from the
Kaspersky Lab’s update servers, and the second computer (or all other computers) will
update from the local folder of the first computer. Thus, to organize update of anti-virus
databases from a local folder you need at least one computer with the Internet connection.
Such update method can considerably decrease the Internet traffic, especially if your LAN
includes a lot of computers.
Configuring one computer to retrieve updates from Kaspersky Lab’s update servers
To enable the mode of update copying, perform the following actions:
1. Open the application settings window.
2. In the top part of the window select Update and in the left part select Update settings.
3. In the Additional section, check the Copy updates to folder box and in the field below
specify the path to a shared folder where the downloaded updates are saved. You can
also select a folder by clicking the Browse button.
Kaspersky CRYSTAL 2.0
712 | 746
Configuring shared access to local folder with update files
To make the updates, downloaded by the first computer from the Kaspersky Lab’s servers,
available for other computers in the LAN, share a local source with the updates.
By default, Kaspersky PURE 2.0 uses the following folder to save updates:
► For Windows XP:
\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Update
distribution.
► For Windows Vista/7:
\ProgramData\Kaspersky Lab\AVP12\Update distribution.
By default the folder is hidden. If you want to copy updates into this folder, then you should
enable the option Show hidden files and folders. To know how to enable display of hidden files
and folders, read KB3580 (http://support.kaspersky.com/faq/?qid=208281592).
You can also create a new or specify a different folder to save updates. Irrespective of the
selected folder, access to a folder should be shared.
Configuring update of network computers from a local folder
To update a computer from a specified shared folder, perform the following actions:
1. Open the application settings window.
Kaspersky CRYSTAL 2.0
713 | 746
2. In the top part of the window select Update and in the left part select Update settings.
3. In the right part of the window click the Update source button.
4. In the Update window on the Source tab open a selection window by clicking the Add
button.
5. In the Select update source window select a folder or enter the full path to the folder in
the Source field.
Kaspersky CRYSTAL 2.0
714 | 746
6. On the Source tab clear the Kaspersky Lab update servers box.
Kaspersky CRYSTAL 2.0
715 | 746
Now when update of anti-virus databases is started on the LAN computers, updates are copied
from a local folder.
Kaspersky CRYSTAL 2.0
716 | 746
Settings. Password
Restricting access to PURE
A computer may be used by several users with various levels of computer literacy. Unrestricted
access to Kaspersky PURE 2.0 and its settings granted to users may lead to reduced level of
computer protection.
To restrict access to the application, you can set a password and specify which actions should
require entering the password:
► Configuring the application settings;
► Managing Backup;
► Using Home Network Control;
► Managing Parental Control;
► Exiting the application;
► Removing the application.
Be aware of using a password to restrict access to the application removal. If you lose the
password, it will be complicated to remove the application from the computer.
To password-protect Kaspersky PURE 2.0, perform the following actions:
1. Open the program settings window.
2. In the top part of the window select Password and then select General Settings.
3. In the right part of the window check the Enable password protection box and specify
the password. If you have already a password, first, enter your old password and then
enter a new password twice.
4. In the Apply password to section define a password scope.
Kaspersky CRYSTAL 2.0
717 | 746
Kaspersky CRYSTAL 2.0
718 | 746
Settings. Additional
Battery Saving
Virus scan and update may sometimes take a significant amount of resources and time. You
can enable battery saving mode on a portable computer. In this mode, virus scan tasks are
postponed.
For this, perform the following actions:
1. In the Additional section select Battery Saving.
2. In the right part of the window check the Disable scheduled scan tasks while running on
battery power box.
3. In the bottom right corner of the window click Apply.
If necessary, you can update Kaspersky PURE 2.0 or run a virus scan at will.
This box is checked by default.
Compatability
You can configure Kaspersky PURE 2.0 compatibility with other applications to avoid conflicts
and performance slowdown.
Kaspersky CRYSTAL 2.0
719 | 746
Today's malicious programs can invade the lowest levels of an operating system which makes
them practically impossible to delete. Advanced disinfection procedure in Kaspersky PURE 2.0
disinfects the system of malicious programs which already started their processes in the RAM
and would not let the anti-virus delete them.
If a malicious activity is detected within the system, Kaspersky PURE 2.0 will offer you to
perform a special advanced disinfection procedure which will allow to eliminate the threat and
delete it from the computer. It is not recommended to launch new processes or to edit
Windows registry during the advanced disinfection procedure.
Once the advanced disinfection procedure is over the computer is mandatory rebooted and the
user is recommended to save results of his/her work and to close all programs as soon as
active infection is detected. Kaspersky PURE 2.0 deletes malicious software immediately after
the computer restart.
After restarting your computer, you are advised to run the full virus scan.
The technology uses considerable computer resources and may slow down your system.
To enable the advanced disinfection procedure, perform the following actions:
1. In the Additional section select Compatibility.
2. In the right part of the window check the Enable Advanced Disinfection technology
box.
Kaspersky CRYSTAL 2.0
720 | 746
3. In the bottom right corner of the window click Apply.
Executing scan tasks increases the load on the CPU and disk subsystems, thus slowing down
other applications. By default, if such a situation arises, Kaspersky PURE 2.0 will pause virus
scan tasks and release system resources for the user's applications.
However, there is a number of applications which will start immediately when CPU resources
become available, and will run in the background. For the scan not to depend on the
performance of those applications, system resources should not be conceded to them. For this:
1. In the Additional section select Compatibility.
2. In the right part of the window check the Concede resources to other applications box.
3. In the bottom right corner of the window click Apply.
The checkbox enables / disables the option that pauses virus scan tasks. It can be used to limit
the load on the CPU and disk subsystems.
This check box is cleared by default.
Network
Monitored ports
Kaspersky CRYSTAL 2.0
721 | 746
In the Monitored ports section you can choose the port monitoring mode which Mail Anti-
Virus, Anti-Spam and Web Anti-Virus use to scan data streams.
If you select Monitor all network ports, then in this port monitoring mode, such protection
components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus monitor all open ports of the
computer.
If you select Monitor selected ports only, then in this port monitoring mode, such protection
components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus the selected ports of the
computer.
A list of ports that are normally used for transmitting email and web traffic is included in the
application distribution kit.
To create your own list of monitored ports, perform the following actions:
1. In the Monitored ports section select Monitor selected ports only and click Select.
2. In the Network ports window you can create the list of monitored ports as well as
applications for which Kaspersky PURE 2.0 would monitor all ports.
Kaspersky CRYSTAL 2.0
722 | 746
This mode is selected by default.
Encrypted connections scan
Kaspersky CRYSTAL 2.0
723 | 746
In the Encrypted connections scan section you can enable / disable scanning for encrypted
connections by using the SSL protocol.
Connecting using the SSL/TLS protocols protects data exchange channel on the Internet. The
SSL protocols allow identifying the parties exchanging data using electronic certificates,
encoding the data being transferred, and ensuring their integrity during the transfer.
The Scan encrypted connections checkbox enables / disables scanning of secure
connections through installation of a Kaspersky Lab certificate. If the checkbox is selected,
Kaspersky PURE 2.0 always uses the installed certificate of Kaspersky Lab to verify
connection security. If Kaspersky PURE 2.0 detects an invalid certificate (for example, when it
has been spoofed by an intruder) during a connection to server, Kaspersky PURE 2.0 shows a
notification prompting you to accept or reject the certificate or just view the certificate details. If
Kaspersky PURE 2.0 is operating in automatic protection mode, it terminates the connection
that uses an invalid certificate automatically without notification.
When you select the checkbox for the first time, the Certificate Installation Wizard launches
automatically.
Kaspersky CRYSTAL 2.0
724 | 746
The certificate is installed automatically only for Internet Explorer, Mozilla Firefox and Google
Chrome. To scan encrypted connections in Opera, you should install the Kaspersky Lab's
certificate manually.
If the checkbox is cleared, Kaspersky PURE 2.0 does not scan SSL traffic and the Install
button is unavailable.
This check box is cleared by default.
Proxy server
In the Proxy server section you can configure connection to a proxy server used to access the
Internet.
Kaspersky CRYSTAL 2.0
725 | 746
In order to specify proxy server connection settings, click the Proxy server settings button
and specify the required settings.
Kaspersky CRYSTAL 2.0
726 | 746
Notifications
Notifications allow you to receive timely information about computer security an react quickly to
important events.
The Enable events notifications checkbox enables/disables notification of events.
If the checkbox is cleared, Kaspersky PURE 2.0 does not notify you of events that occur during
its operation but logs information about them in a report.
Notifications can be implemented using the following methods:
► pop-up messages over the Kaspersky PURE 2.0 icon in the taskbar notification area;
► audio notifications;
► email messages.
This box is checked by default.
You can select types of events you wish to be notified about, and the notification method.
For this, perform the following actions:
1. Click the Settings button under Enable event notifications.
2. In the Notifications window select events type and notification method.
Kaspersky CRYSTAL 2.0
727 | 746
To make the Email column active, in the Email notifications section configure email
notification settings. For this:
1. Check the Enable email notifications checkbox in the Email notifications section.
Kaspersky CRYSTAL 2.0
728 | 746
2. Click the Settings button under the checkbox.
3. In the Email notification settings window enter the email notification settings.
Kaspersky CRYSTAL 2.0
729 | 746
In the Sound notifications section you can edit the sound settings of notifications.
The Enable audio notifications checkbox enables/disables sound notifications.
By default, all notifications are accompanied by a sound signal.
If the Use Windows Default sound scheme checkbox is selected, sounds from the standard
sound scheme of Microsoft Windows are used for audio notifications.
If the checkbox is cleared, the sound scheme from the earlier versions of Kaspersky PURE 2.0
is used for audio notifications.
Reports and Storages
You can enable logging of non-critical events, delete information from selected reports, and
also specify settings for storage of reports and of items in Quarantine and Backup.
Kaspersky CRYSTAL 2.0
730 | 746
The Log non-critical events checkbox enables / disables the logging of information about all
Kaspersky PURE 2.0 events.
This checkbox is cleared by default.
In the Storing reports section you can configure the settings for report creation and storage.
Kaspersky CRYSTAL 2.0
731 | 746
► Store reports no longer than
This checkbox enables / disables the option that defines the maximum storage term for
event reports. Storage duration is defined in days.
If the checkbox is selected, reports are stored no longer than 30 days, by default. When
this time interval expires, Kaspersky PURE 2.0 remove entries from reports.
If the checkbox is cleared, storage duration for reports is unlimited.
This box is checked by default.
► Maximum file size
This checkbox enables / disables the option that defines the maximum size for report
files. Maximum file size is specified in megabytes.
If the checkbox is selected, the maximum report size is 1024 MB by default. When the
maximum size is exceeded, the oldest records are removed from the file, while new
ones are added.
If the checkbox is cleared, the report file size is not limited.
This box is checked by default.
In the Clear reports section you can configure data deletion from the selected reports. For
this:
Kaspersky CRYSTAL 2.0
732 | 746
1. Click the Clear button.
2. In the Clearing reports window select reports to delete.
By default, Kaspersky PURE 2.0 deletes the reports of scan tasks, update task, reports on
application of Firewall rules, and reports of Parental Control, Backup and System Watcher.
You can change the list of reports to be deleted by checking the corresponding boxes.
Kaspersky CRYSTAL 2.0
733 | 746
In the Storing Quarantine and Backup objects section you can configure the settings for
Quarantine and Backup storage.
► Store objects no longer than
The checkbox enables / disables the option that defines the maximum storage duration
for quarantined objects and object copies in Backup. Storage duration is defined in
days.
If the checkbox is selected, the default storage duration is 30 days. When this period
elapses, Kaspersky PURE 2.0 deletes the stored objects.
If the checkbox is cleared, the storage term for objects is unlimited.
This box is checked by default.
► Maximum size
This checkbox enables / disables the option that defines the maximum data storage
size. Storage size is specified in megabytes.
If the checkbox is selected, the default maximum storage size is 100 MB. When the
maximum size is exceeded, the oldest objects are removed from the storage, while new
ones are added.
If the checkbox is cleared, storage size is unlimited.
This checkbox is cleared by default.
Kaspersky CRYSTAL 2.0
734 | 746
Feedback
With rapid development of information technologies and further spread of the Internet into
masses number of threats, to which computer users are subjected to, grows proportionally.
The former mechanisms of replenishing databases of malicious objects do not allow to timely
prevent such threats, that is why new methods to provide security are needed. One of such
methods is Kaspersky Security Network (KSN), whose aim is to decrease the time
necessary to detect and block new types of threats. This system collects the information about
files run on the user’s computer and thus traces presence of malicious objects and their
distribution channels.
The use of the Kaspersky Security Network involves sending the following information to
Kaspersky Lab:
► A unique identifier assigned to your computer by Kaspersky PURE 2.0 which
characterizes the hardware settings of your computer and does not contain any
personal user information.
► Information about threats detected by application's components. The information's
structure and contents depend on the type of the threat detected.
► Information about the system: operating system's version, installed service packs,
services and drivers being started, versions of browsers and mail clients, browser
extensions, version number of the Kaspersky Lab's application installed.
Kaspersky Security Network also gathers extended statistics, including information about:
► executable files and signed applications downloaded on your computer;
► applications run on your computer.
Kaspersky Lab guarantees that no gathering and distribution of users' personal data is
performed within Kaspersky Security Network.
To confirm/refuse your participation in Kaspersky Security Network after Kaspersky PURE
2.0 has been installed on your computer, do the following:
1. In the Additional section select Feedback.
2. In the right part of the window check/clear the I agree to participate in Kaspersky
Security Network box, to confirm/refuse participation in Kaspersky Security Network.
3. In the bottom right corner of the window click Apply.
Kaspersky CRYSTAL 2.0
735 | 746
Gaming Profile
Gaming Profile is designed for gaming applications running in full-screen mode. It allows you to
simultaneously modify the settings of all components of Kaspersky PURE 2.0 when switching
your gaming applications to full-screen mode, and roll back the changes made when exiting the
mode.
The Use Gaming Profile checkbox enables / disables the use of Gaming Profile. This
checkbox is cleared by default.
In the Profile options section you can edit the Kaspersky PURE 2.0 settings when the Gaming
Profile is enabled. This section is available if the Use Gaming Profile checkbox is selected.
Kaspersky CRYSTAL 2.0
736 | 746
Each option below prevents gaming applications from slowing down in full-screen mode.
► Select action on threat detect automatically
If the checkbox is selected, Kaspersky PURE 2.0 switches to automatic protection mode
and does not display any notifications on the screen while gaming applications run in
full-screen mode.
► Do not run updates
This checkbox enables / disables the option, which pauses scheduled updating of
Kaspersky PURE 2.0.
► Do not run scheduled scan tasks
This checkbox enables / disables the option, which pauses the launch of scheduled
scans.
► Pause manually run scan tasks
This checkbox enables / disables the option, which pauses scans started manually.
► Do not run scheduled backup tasks
This check box enables / disables the option which pauses the startup of scheduled
backup tasks.
Kaspersky CRYSTAL 2.0
737 | 746
Appearance
Kaspersky PURE 2.0 allows to configure display settings for active elements of the interface
(application icon on the Microsoft Windows taskbar and pop-up notifications).
The Animate taskbar icon when executing tasks checkbox in the Icon in the taskbar notification area section enables / disables Kaspersky PURE 2.0 icon animation.
If the checkbox is selected, the icon in the Windows taskbar notification area changes
depending on the operation that Kaspersky PURE 2.0 is currently performing.
For example, if Kaspersky PURE 2.0 is downloading updates, the icon displays a revolving
miniature globe or:
a mail message is being scanned;
web-traffic is being scanned;
Kaspersky CRYSTAL 2.0
738 | 746
computer need be restarted to apply updates;
a failure occurred in the work of a program component.
If the checkbox is cleared, the animation is disabled. In this case, the Kaspersky PURE 2.0
icon shows only the protection status of the computer:
(colored icon) — all or some protection components are enabled;
(grey icon) — all protection components are disabled.
This box is checked by default.
Notification windows of the application may appear over the Kaspersky PURE 2.0 icon in the
Windows taskbar notification area.
If the Enable semi-transparent windows checkbox is selected, the notification windows are
semi-transparent; hence the area of the screen under them is still visible. The notification
window becomes solid when the cursor is over it.
If the checkbox is cleared, the notification windows are solid.
This check box is cleared by default.
The Show “Protected by Kaspersky Lab” on Microsoft Windows logon screen checkbox
enables / disables the showing of the product logo in the upper right corner of the screen when
Kaspersky PURE 2.0 starts. This indicator informs you that protection of your computer is
enabled.
If the application is installed on a computer running under Microsoft Windows Vista or Microsoft
Windows 7, this option is unavailable.
This box is checked by default.
The Enable news notifications checkbox enables/disables display of news from Kaspersky
Lab and notifications of them. This box is checked by default.
Manage Settings
Kaspersky CRYSTAL 2.0
739 | 746
You can save your Kaspersky PURE 2.0 settings to a file and use them in future for express
product configuration on another computer or after undesirable settings modification. You can
also return settings to the default at any time.
In order to save Kaspersky PURE 2.0 settings to a configuration file, perform the following
actions:
1. Click the Save button.
2. In the opened window Please specify a configuration file enter a file name where
Kaspersky PURE 2.0 settings will be saved and select a folder for the file.
Kaspersky CRYSTAL 2.0
740 | 746
3. Click the Save button.
If you already have a configuration file and want to import Kaspersky PURE 2.0 settings,
perform the following actions:
1. In the Load settings section, click the Load button.
2. In the Please specify a configuration file window, select a configuration file which
should be applied to Kaspersky PURE 2.0.
3. Click the Open button.
Kaspersky CRYSTAL 2.0
741 | 746
In the Restore default settings section, you can restore the default settings of Kaspersky
PURE 2.0.
Clicking the Restore button opens the Kaspersky PURE 2.0 Configuration Wizard window.
In the Restore settings window of the Configuration Wizard, you can restore the
recommended settings of Kaspersky PURE 2.0.
See Restoring default Kaspersky PURE 2.0 settings, to know more about the Wizard’s
steps.
Kaspersky CRYSTAL 2.0
742 | 746
Restoring default Kaspersky PURE 2.0 settings
You can always return to the default or recommended Kaspersky PURE 2.0 settings. They are
considered optimal, and are recommended by Kaspersky Lab.
Application Configuration Wizard restores default settings. The Wizard will help you to
restore settings that differ from the default values, either because they have been modified by
the user, or through accumulated training by Kaspersky PURE 2.0 (Firewall or Anti-Spam).
If special settings have been created for any of the components, they will also be shown on the
list. Examples of special settings would be:
► white and black lists of phrases and addresses used by Anti-Spam,
► lists of trusted addresses and trusted ISP telephone numbers,
► exclusion rules created for application components,
► Firewall's packet and application filtering rules.
Creating lists with individual tasks and security requirements may take a long time, so you are
advised to save them before restoring the application's default settings.
After you are finished with the Configuration Wizard, the Recommended security level will be
set for all components, except for the settings that you have decided to keep customized when
restoring. In addition, the settings that you have specified when working with the Wizard will
also be applied.
In order to restore the default (recommended) Kaspersky PURE 2.0 settings, perform the
following actions:
1. Open the Kaspersky PURE 2.0 main window.
2. In the top right corner of the window click the Settings link.
3. Next, the restore process can be started the following ways:
► In the bottom left corner click the Restore link.
Kaspersky CRYSTAL 2.0
743 | 746
► Select the Additional section. In the left menu select Manage Settings and click the
Restore button.
Kaspersky CRYSTAL 2.0
744 | 746
4. In the Kaspersky PURE 2.0 Configuration Wizard window click the Next button.
Kaspersky CRYSTAL 2.0
745 | 746
5. Check the settings to restore and click the Next button.
6. Wait till the work of the Configuration Wizard is over and click Finish.
Kaspersky CRYSTAL 2.0
746 | 746
7. In the Settings window click OK.
8. Close the main program window.
Recommended