Sie sind auf Seite 1von 747

Kaspersky PURE 2.

Documentation for the online video course on Kaspersky PURE 2.0

Kaspersky PURE 2.0

Content
CONTENT GLOSSARY CHAPTER 1. INTRODUCTION
What is Kaspersky PURE 2.0 Key functions and advantages Whats new in Kaspersky PURE 2.0 Whats new in Kaspersky PURE 2.0 Whats improved in Kaspersky PURE 2.0 Interface of Kaspersky PURE 2.0 Application icon in the Microsoft Windows taskbar notification area Main window of Kaspersky PURE 2.0 Notification windows and pop-up messages The program settings window

1 10 12
12 12 13 13 13 15 15 20 23 25

CHAPTER 2. COMPARISON OF KASPERSKY PURE 2.0 WITH OTHER KASPERSKY LAB PRODUCTS CHAPTER 3. INSTALLATION OF KASPERSKY PURE 2.0
System requirements for Kaspersky PURE 2.0 General requirements Supported operating systems System requirements for netbooks Installation procedure of Kaspersky PURE 2.0 Express installation of Kaspersky PURE 2.0 Custom installation of Kaspersky PURE 2.0 Uninstalling third-party software or earlier versions of Kaspersky Lab products List of applications incompatible with Kaspersky PURE 2.0 Upgrade from other Kaspersky Lab products to Kaspersky PURE 2.0

27 29
29 29 29 30 30 30 34 41 45 46

CHAPTER 4. LICENSE MANAGEMENT AND MIGRATION TO NEW PRODUCT VERSION


License management About license agreement About license About activation code Purchasing license after the product installation About activation procedure Activation during the application installation Activation after the application installation Activation issues of Kaspersky Lab products Viewing license information License renewal procedure Licensing window

47
47 47 47 48 50 52 52 54 58 58 60 62

1|746

Kaspersky PURE 2.0

Migration policy from Kaspersky Lab products to Kaspersky PURE 2.0

65

CHAPTER 5. COMPUTER PROTECTION


Cloud protection (The Kaspersky Security Network service) Protection Center Scan Scan for viruses Starting scan for viruses Starting scan from the main application window Starting scan from the Computer Protection window Full Scan Critical Areas Scan Custom Scan Vulnerability Scan Update Quarantine Working with quarantined objects Working with objects in Backup Network Monitor Network Activity Open ports Network traffic Blocked computers Applications activity Changing trusted group for an individual application Editing rules for an individual application Reports

66
67 71 75 76 76 76 78 79 82 84 88 98 101 102 109 110 112 116 118 121 122 124 126 126

CHAPTER 6. BACKUP AND RESTORE


Creating a backup task Selecting data category for backing up Creating a storage Setting schedule for automatic launch of a backup task Summary Starting, editing and deleting backup tasks Starting a backup task Editing and deleting a backup task Restoring data from backup Managing backup storages Connecting a storage Editing storage settings Clearing a storage Deleting a storage Viewing backup reports

131
131 131 151 165 169 170 170 175 178 186 186 188 191 193 197

2|746

Kaspersky PURE 2.0

CHAPTER 7. PARENTAL CONTROL


Starting work with Parental Control Control levels Configuring Parental Control settings Account settings Control over computer usage Computer Usage Application Usage Reports Control over Internet usage Internet Usage Web Browsing File Downloads Reports Instant Messaging Control messaging over instant messengers Control over social networking Controlling or restricting sending private data Control over word usage Reports

202
202 208 214 215 217 217 218 222 223 223 224 229 230 231 231 235 238 240 241

CHAPTER 8. HOME NETWORK CONTROL


Protecting access with an administrator password Search for computers Setting group update Group launch of update and virus scan How to start group scan for viruses How to start group update Detailed protection setting of networked computers Information Parental Control Scan Update Backup and Restore

242
242 244 245 248 248 249 251 252 255 256 257 262

CHAPTER 9. ADDITIONAL TOOLS


Browser Configuration Running Browser Configuration Wizard Rolling back wizard actions which resulted in problems when working on the Internet Kaspersky Rescue Disk Creating Kaspersky Rescue Disk Starting the computer from the rescue disk Microsoft Windows Troubleshooting What is Microsoft Windows Troubleshooting?

264
264 264 269 270 271 282 285 285

3|746

Kaspersky PURE 2.0

Running Microsoft Windows Troubleshooting Wizard File Shredder What is File Shredder? Data deletion methods Permanent data deletion procedure Privacy Cleaner Privacy Cleaner Wizard Unused Data Cleaner Unused Data Cleaning Wizard

286 290 290 291 291 296 297 301 301

CHAPTER 10. SAFE RUN


What is Safe Run Running applications in the Safe Run for Applications mode Running an application in Safe Run Starting Safe Run for Applications Closing Safe Run for Applications Switching between the main desktop and Safe Run for Applications Using a shared folder Clearing Safe Run for Applications What is Safe Run for Websites Starting Safe Run for Websites Using a shared folder Clearing Safe Run for Websites

308
308 308 308 310 314 316 317 319 320 321 327 329

CHAPTER 11. DATA ENCRYPTION


Creating an encrypted container Encrypting data Connecting an earlier created container Decrypting data. Configuring container Deleting container

335
335 338 339 341 345

CHAPTER 12. PASSWORD MANAGER


What is Password Manager Main features of Password Manager Starting Password Manager What is Master Password Creating Master Password Locking Password Manager Password Manager Settings window Password database window Caption button of Password Manager

348
348 348 350 350 350 355 358 359 360

4|746

Kaspersky PURE 2.0

Adding account to Password database Adding website account to Password database Adding account for application to Password database Adding and using Identities Adding and using bookmarks Adding Secure memos Password database managing Importing/exporting password database Importing Password Database Exporting Password Database Backup copies of Password Database Restoring data from backup copies Deleting old backup copies Configuring Password Manager Portable version of Password Manager Virtual Keyboard Password Generator What is Password Generator Creating password for account

361 361 371 379 384 387 394 394 394 399 407 407 410 411 423 426 429 429 429

CHAPTER 13. SETTINGS. PROTECTION


General protection settings Enabling and disabling protection Selecting protection mode Enabling and disabling autorun Virtual keyboard Self-Defense Enabling and disabling self-defense Protection from external control File Anti-Virus What is File Anti-Virus Enabling/Disabling File Anti-Virus Operating algorithm of File Anti-Virus Security levels of File Anti-Virus Actions to be performed by File Anti-Virus on detected threats Default actions Actions set by the user Actions for each object How to specify action on detected threats Customizing security level in File Anti-Virus Selecting file types scanned by File Anti-Virus Selecting location of files scanned by File Anti-Virus Scan methods of File Anti-Virus Optimization of files scan Setting scan of compound files Scan modes of File Anti-Virus iSwift iChecker scan technologies Pausing File Anti-Virus Rollback to default settings of File Anti-Virus Mail Anti-Virus

434
436 436 441 442 443 445 445 446 448 448 448 449 450 451 451 451 453 454 455 456 458 459 459 460 464 465 466 468 470

5|746

Kaspersky PURE 2.0

What is Mail Anti-Virus Enabling/disabling Mail Anti-Virus Operation algorithm of Mail Anti-Virus Changing Mail Anti-Virus actions to be performed on detected threats Security levels of Mail Anti-Virus Customizing security level Creating protection scope Heuristic analysis Scan of compound files Filtering attachments Configuring embedded plug-ins for Microsoft Office Outlook and The Bat! Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2003/2007 Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2010 Installing Mail Anti-Virus plug-in in The Bat! Disabling embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Outlook or The Bat! Scan of SMTP, POP3, NNTP, IMAP mail traffic Working features with Microsoft Outlook and Mozilla Thunderbird version 1.5 and above Web Anti-Virus What is Web Anti-Virus Enabling/disabling Web Anti-Virus Working algorithm of Web Anti-Virus Security levels of Web Anti-Virus Customizing security level Checking suspicious and phishing URLs by Web Anti-Virus Heuristic Analyzer Blocking dangerous scripts Scan optimization Kaspersky URL Advisor Blocking access to dangerous sites Controlling access to regional web domains Creating the list of trusted URLs Controlling access to online banking services Web Anti-Virus actions on detected threats IM Anti-Virus What is IM Anti-Virus Enabling/Disabling IM Anti-Virus Operation algorithm of IM Anti-Virus Creating a protection scope of IM Anti-Virus Selecting the scan methods of IM Anti-Virus Application Control What is Application Control Operational algorithm of Application Control Enabling/disabling Application Control Loading rules from Kaspersky Security Network (KSN) Placing applications into groups Application control rules Editing the group rule Editing rules for an individual application Setting exclusions Inheriting restrictions of the parent process Modifying the storage time for rules Identity protection System Watcher Enabling/disabling System Watcher Using patterns of dangerous behavior (BSS) Rolling back actions performed by malware

470 470 471 472 474 475 476 477 478 479 480 480 482 483 484 486 488 491 491 491 492 493 494 494 496 497 498 499 503 504 505 506 509 512 512 512 513 513 514 517 517 517 517 518 519 524 525 528 531 531 534 534 542 542 543 544

6|746

Kaspersky PURE 2.0

Firewall What is Firewall Enabling/disabling Firewall Changing the network status Firewall rules Creating a packet rule Editing packet rules Creating application rules Editing an application rule Configuring network service Allocating range of IP-addresses Extending the range of IP addresses Changing the rule for a group of applications Changing the rule priority Configuring notifications of changes in the network Advanced Firewall settings Firewall working features Proactive Defense What is Proactive defense Enabling/disabling Proactive Defense Configuring Proactive defense settings Creating group of trusted applications excluded from Proactive Defense scan Modifying rules of Proactive defense Network Attack Blocker What is Network Attack Blocker Enabling/Disabling Network Attack Blocker Changing blocking settings Anti-Spam What is Anti-Spam Enabling/Disabling Anti-Spam Security levels of Anti-Spam Customizing security level Exact methods Expert methods Additional Rollback to Anti-Spam default settings Training Anti-Spam Anti-Banner What is Anti-Banner Enabling/disabling Anti-Banner Selecting the scan method Creating the list of blocked and allowed banner addresses Exporting and importing the lists of addresses Threats and exclusions Detecting definite types of threats Exclusions Creating the list of trusted applications Creating exclusion rules

547 547 547 548 549 550 555 557 561 563 565 568 569 573 574 576 578 579 579 579 580 580 585 588 588 588 589 593 593 593 594 595 596 604 607 608 609 610 610 610 611 612 616 619 619 621 622 625

SETTINGS. SCAN
General settings Background scan Scanning removable drives on connection

631
631 631 632

7|746

Kaspersky PURE 2.0

Starting scan using a shortcut Full Scan Security levels Modifying type of scanned objects Scan optimization Scan of compound files Selecting scan method Selecting scan technology Creating scan schedule Starting scan under a different account Actions over detected treats Default actions Actions defined by the user Actions for every detected object Run mode and scan scope Run mode Creating list of objects to scan Critical Areas Scan Security levels Modifying type of scanned objects Scan optimization Scan of compound files Selecting scan method Selecting scan technology Creating scan schedule Starting Critical Areas Scan under a different account Actions upon threat detection Default actions Actions defined by the user Actions specified for every detected object Run mode and scan scope Run mode Creating a scan scope Custom Scan Security levels Modifying type of scanned objects Scan optimization Scan of compound files Selecting scan method Selecting scan technology Actions over detected threats Default actions Actions defined by the user Actions specified for every detected object Vulnerability scan Starting vulnerability scan with an existing shortcut Run mode Starting vulnerability scan task under different account Creating a scan scope for vulnerability scan

633 635 635 636 639 640 642 643 644 645 646 646 647 649 652 652 654 656 656 657 660 661 663 664 665 666 667 667 668 671 675 675 676 679 679 680 683 683 686 687 688 688 688 691 695 695 696 698 699

SETTINGS. UPDATE
Update tasks run modes Running update under a different user account

702
702 703

8|746

Kaspersky PURE 2.0

Selecting an update source Selecting the update server region Using proxy server Scanning quarantine after update Notifications on updates or new versions releases Updating from a shared (local) folder

704 706 707 709 710 710

SETTINGS. PASSWORD
Restricting access to PURE

716
716

SETTINGS. ADDITIONAL
Battery Saving Compatability Network Monitored ports Encrypted connections scan Proxy server Notifications Reports and Storages Feedback Gaming Profile Appearance Manage Settings

718
718 718 720 720 722 724 726 729 734 735 737 738

RESTORING DEFAULT KASPERSKY PURE 2.0 SETTINGS

742

9|746

Kaspersky PURE 2.0

Glossary
KSN, Kaspersky Security Network is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab, which contains information about the reputation of files, web resources, and software. Using data from the Kaspersky Security Network ensures a faster response time for Kaspersky PURE 2.0 when encountering new types of threats, improves performance of some protection components, and reduces the risk of false positives. Phishing is a specific form of cybercrime. Phishing attacks are created the following way: the criminal creates an almost 100 percent perfect replica of a chosen financial institutions website, then attempts to trick the user in to disclosing their personal details username, password, PIN etc. via a form on the fake website, allowing the criminal to use the details to obtain money. Script is a computer program or a part of a program (function), created to perform a specific small task. Scripts are usually inserted as parts of web pages to provide extended web page functionality and they are executed when the web page is loaded. Network Attack is network activity aimed to perform some actions (mostly malicious) on the remote computer. POP3, SMTP, IMAP, MAPI NNTP are network protocols designed to create, receive and send E-mail. TCP, UDP, ICMP, ICMPv6, IGMP, GRE are network protocols (sets of rules) designed for data transfer on the network. VLSM is Variable Length Subnet Mask. FTP (File Transfer Protocol) is a protocol, designed to transfer files on the network. HTTP is Hypertext Transfer Protocol. HTTPS (Hypertext Transfer Protocol Secure) is an HTTP-protocol extension with encryption support. IMAP4 is a standard protocol designed to access E-mail. SSL is a protocol designed for safe transfer (encryption) of data of other protocols (ex. POP3 or IMAP). ICMP-packet is a packet containing a report about an error or an exception occurred during data transfer. ICMP-packet includes segments called Type and Code that contain info about type and code of occurred error.

10 | 7 4 6

Kaspersky PURE 2.0

Classless InterDomain Routing, CIDR is a methodology of allocating IP addresses and routing Internet Protocol packets without rigid class addressing. This methodology allows economical use of finite amount of IP-addresses and therefore performance increase in Kaspersky PURE 2.0. Databases contain records about threats and network attacks, as well as methods used for their disinfection. Protection components use them for searching for dangerous objects on a computer and further disinfection. Registry is a hierarchical database that stores configuration settings of most Microsoft Windows OS. Cookies are small text files with data created by a web server and stored on a user's computer. They are sent to a web server each time a user accesses that server. Cookies are used for authenticating (ex. login, password), remembering specific information about users, such as site preferences, and for gathering statistic. Every website matches its own cookie file. ompound file is a structured storage of files. Examples of compound files include archives and OLE-objects. Often malefactors hide malicious objects by inserting them into compound files (archives). Rootkit is a program kit that hides the presence of malware in the system. Rootkits penetrate into the system and hide their presence. Moreover rootkits can hide the presence of particular processes, folders, files and registry keys. Keylogger is a malicious program that tracks the sequence of keystrokes on the keyboard in order to record a users personal information, such as passwords. Clipboard is a software facility can be used for short-term data storage and/or data transfer between documents or applications, via copy and paste operations.

11 | 7 4 6

Kaspersky PURE 2.0

Chapter 1. Introduction
What is Kaspersky PURE 2.0
Kaspersky PURE 2.0 is an optimal solution for comprehensive protection of computers within your home network. The product provides real-time protection against modern Internet threats irrespective whether you are working, using web banking, shopping, chatting or playing in the network.

Key functions and advantages Kaspersky PURE 2.0 ensures protection of your computer against all types of information threats in real time, secures your personal data from loss and unauthorized use, protects children and teenagers from threats related to computer and Internet usage, and manages the security of all computers within your home network from any single computer. Advanced anti-virus technology of Kaspersky PURE 2.0 provides protection against such modern-day data threats as viruses, trojans, worms, rootkits, bootkits, botnets, and other illegal methods of controlling computers remotely, theft of logins, passwords, and other personal data stored on a computer, spam and phishing, hacker attacks, and unwanted web content. Proactive Defense technology of Kaspersky PURE 2.0 provides protection against new threats by using behavior stream signature analysis to monitor and prevent suspicious or dangerous behavior of computer applications. Application Control monitors the activity of applications running on the computer and restricts their access to important areas of the operating system and personal data. Applications are grouped as Trusted, Low Restricted, High Restricted, and Untrusted, based on the data of Kaspersky Lab reputation services. The group to which an application has been assigned defines restrictions imposed on its activity. Depending on the selected functionality, unique Sandbox technologies called Safe Browser, and Safe Run employ virtualization techniques on a lesser or greater scale to create a safe environment for running applications. Safe Run mode allows users to try out new software in isolation, thereby protecting the operating system against any modifications. An unlimited number of web browsers and other applications can be run in Safe Run mode at the same time. The personal data protection toolkit automatically denies user access to known phishing sites and blocks key loggers from stealing passwords and access codes. Anti-Spam technology employs exact and expert methods to reduce the flow of unsolicited emails considerably. The exact methods apply strict email filtering rules that help identify a message as spam beyond any doubt. The expert methods are used to analyze the email messages that have passed filtering by exact methods. Backup provides storage and protection of important user data (documents, pictures, and music files) against loss and damage by malware, accidental deletion, or hard drive failure. In the event of loss, data can be restored quickly from backups saved in special storages on a user-selected drive.

12 | 7 4 6

Kaspersky PURE 2.0

Parental Control protects children and teenagers against threats inherent in computer and Internet usage. Parental Control allows setting flexible user-level access restrictions for resources and applications based on user age and experience and lets you view statistical reports on user activity. Cutting-edge transparent encryption technology provides reliable protection of user data against unauthorized access or theft by creating special data storages called container files. Once mounted, a container file operates as a secure virtual drive. Kaspersky PURE 2.0 ensures that encrypted information remains confidential in case of a virus attack, loss or theft of a USB drive, or when a mobile computer is used on an unsecured Wi-Fi network. Password Manager securely stores passwords and other user account data as well as ensures confidential completion of various login forms. Password Manager links passwords and accounts to web pages or Microsoft Windows applications. When a web page or application is loaded, user names and passwords are filled in automatically. Home Network Control lets you run virus scan and update tasks for all or some computers on the network, manage data backup, and customize Parental Control settings for any computer on the network directly from the users workstation. This allows remote security management of any computer on the home network.

Whats new in Kaspersky PURE 2.0 Kaspersky PURE 2.0 is a versatile tool for protecting data on the home network against all kinds of information threats. The application ensures protection against viruses and malware, unknown threats and fraud, it lets you control user access to the computer and the Internet, back up data, and create encrypted containers for confidential information, and manage computer security on the home network from the administrator workstation. This comprehensive protection covers all channels that are used to receive and transfer data. Flexible customization of every protection component makes Kaspersky PURE 2.0 adaptable to specific user requirements. Whats new in Kaspersky PURE 2.0 Users can now check an application's reputation, threat rating, and statistics of usage on other computers before starting it. Backup compression feature has been added for more efficient use of backup storage space. Parental Control now supports quick access to reports and control settings and offers improved control of user communication via social networks. One encrypted container now comes by default. The account creation procedure in Password Manager is adapted to the account type selected. Rescue Disk has been improved and can now be written to a USB drive. Whats improved in Kaspersky PURE 2.0 More application operations can now be undone if the application is recognized as malware.

13 | 7 4 6

Kaspersky PURE 2.0

The application threat rating technology has been improved to protect the computer and personal data based on analysis of application behavior reported by other users of Kaspersky Lab products. Cloud-enabled protection has been enhanced considerably. The cloud technology in combination with conventional signature-based methods provides a high level of security for computers, whether or not they have a permanent Internet connection. Enhanced protection against rootkits: improved technology to prevent malware from hijacking the boot process of the operating system. Backup tasks take less time. Preset options have simplified the creation of backup tasks. Initial configuration of Parental Control has been simplified significantly through the added option of user control level selection. The creation of encrypted containers for important files has been simplified. Virtual Keyboard has been redesigned. Centralized remote management of security, Parental Control, backup, and licensing on the home network has been simplified. Application interface has been improved considerably to provide ease of use for people with different levels of computer literacy.

14 | 7 4 6

Kaspersky PURE 2.0

Interface of Kaspersky PURE 2.0


The interface of the main application window in Kaspersky PURE 2.0 has been considerably improved. The modern animated design eases perception of the information and allows to simplify operational process of the product. Now in the main window you can see all the necessary information about the computer protection status, activity of the protection components, up-to-dateness of the anti-virus databases and the license expiry date.

Lets view the following main elements of Kaspersky PURE 2.0 in detail: Application icon in the Microsoft Windows taskbar notification area Main window of Kaspersky PURE 2.0 Kaspersky Security Network (KSN) service Notification windows and pop-up messages Application settings window News agent of Kaspersky PURE 2.0 Application icon in the Microsoft Windows taskbar notification area Immediately after installation of Kaspersky PURE 2.0, the application icon appears in the Microsoft Windows taskbar notification area.

15 | 7 4 6

Kaspersky PURE 2.0

In Microsoft Windows 7 the application icon is hidden by default, you can display the icon to work with the application (see documentation to the operating system).

The icon performs the following functions: is an indicator of the application's operation; provides access to the context menu, the main application window and the news window. This icon serves as an indicator of the application's operation. It also indicates the protection status and displays the basic functions currently being performed by the application: scanning an email message; scanning web traffic; updating databases and application modules;

computer needs to be restarted to apply updates;

a failure occurred in the operation of an application component. The icon is animated by default. For example, during the email message scan, a tiny letter symbol blinks in front of the application icon; when the update is in progress, you see a revolving globe. You can disable the animation the following way: 1. Open the main application window and in top right corner of the window click the Settings link.

16 | 7 4 6

Kaspersky PURE 2.0

2. In the top part of the Settings window select the Additional tab and the Appearance subsection. 3. In the Icon in the taskbar notification area section uncheck the Animate taskbar icon when executing tasks box.

17 | 7 4 6

Kaspersky PURE 2.0

4. Click the OK button, to save the made changes. When the animation is disabled, the icon can take the following form:

(colored symbol) all or certain protection components are activated; (black-and-white symbol) all protection components are disabled. Using the icon, you can open the context menu and the main application window. To open the context menu, hover the cursor over the icon and right-click the area. To open the main application window, hover the cursor over the icon and leftclick the area. Using the context menu, you can quickly take various actions on the application.

18 | 7 4 6

Kaspersky PURE 2.0

The Kaspersky PURE 2.0 menu contains the following items: Scan Tasks opens the Scan Tasks window where you can view the list of scan tasks which were performed or are being performed at the moment. Update runs the update of application databases and modules. Tools opens a submenu containing the following items: Virtual Keyboard displays the Virtual Keyboard. Safe Run for Applications runs a safe desktop designed for handling applications that you suppose to be unsafe. When working with Safe Run for Applications, this menu item is named Return to the main desktop and is used for switching to the main desktop Applications Activity opens the Applications Activity window.

Network Monitor opens the Network Monitor window. Kaspersky PURE 2.0 opens the main program window. Enable Parental Control enables/disables Parental Control for the current account. Pause protection temporarily disables / enables real-time protection components. This menu item does not affect the application's updates or the execution of virus scan. Settings opens the application settings window. About opens a window containing information about the application. Exit closes Kaspersky PURE 2.0 (when this item is selected, the application is unloaded from the computers RAM). If a virus scan or update task is running at the moment that you open the context menu, its name as well as its progress status (percentage complete) is displayed in the context menu. When you select a menu item with the name of a task, you can switch to the main window with a report of current task run results.

19 | 7 4 6

Kaspersky PURE 2.0

Main window of Kaspersky PURE 2.0 The main application window contains interface elements that provide access to all the main features of the application. You can open the main application window one of the following ways: By left-clicking the application icon in the Microsoft Windows taskbar notification area. In Microsoft Windows 7 the application icon is hidden by default. You can display the program icon to work with the program (see the documentation to the operating system).

By selecting Kaspersky PURE 2.0 from the context menu of the application icon in the Microsoft Window taskbar notification area.

20 | 7 4 6

Kaspersky PURE 2.0

The main window can be divided into three parts: The top part of the window provides information about the current protection status of your computer. Three protection statuses are predefined and each status is color-coded. Green color means your protection is on the due level; yellow and red warn about various security threats. Malicious programs, old program databases, some disabled components, minimal protection settings and etc. refer to threats.

The central part of the window allows quickly launch one of the computer scan types, launch update of anti-virus databases, and go to the Backup and Restore, Parental Control and Computer Protection modules. The Computer Protection module lets you quickly go to the list of all protection components of Kaspersky PURE 2.0.

The bottom part of the window allows to access additional program modules which provide enhanced protection and optimize the system work: Additional Tools optimizes system work and offers tools for advanced protection of your data.

21 | 7 4 6

Kaspersky PURE 2.0

Safe Run launches safe desktop to work with the programs which you find unsafe. If safe desktop is already started, you are returned to the main desktop. Home Network Control remote management of Kaspersky PURE 2.0. Data Encryption prevents from unauthorized access to private information. Password Manager protects personal data, such as: passwords, user names, numbers of internet pagers, contact data and etc.

When you select a module in the central or bottom part of the window, a window for the corresponding module opens. You can return by clicking the Back button in the bottom right corner of the window or by clicking the arrow in the upper left corner of the window.

You can also use the following buttons and links from the main program window: News to switch to viewing news in the News Agent window. This link is displayed after the application receives a piece of news.

22 | 7 4 6

Kaspersky PURE 2.0

Settings to open the application settings window. Help to view the Kaspersky PURE 2.0 help system. My Kaspersky Account to enter the user's personal account on the Technical Support Service website. Support to open the window containing information about the system and links to Kaspersky Lab information resources (Technical Support Service website, forum). License to go to Kaspersky PURE 2.0 activation and license renewal.

Notification windows and pop-up messages Kaspersky PURE 2.0 notifies you of important events occurring during its operation using notification windows and pop-up messages that appear over the application icon in the taskbar notification area. Notification windows are displayed by Kaspersky PURE 2.0 when various actions can be taken in connection with an event: for example, if a malicious object is detected, you can block access to it, delete it, or try to disinfect it. The application prompts you to select one of the available actions. A notification window only disappears from the screen if you select one of the actions.

23 | 7 4 6

Kaspersky PURE 2.0

Pop-up messages are displayed by Kaspersky PURE 2.0 in order to inform you of events that do not require you to select an action. Some pop-up messages contain links that you can use to take an action offered by the application: for example, run a database update or initiate activation of the application). Pop-up messages automatically disappear from the screen soon after they appear.

Notifications and pop-up messages are divided into three types: Critical notifications inform you of events that have a critical importance for the computer's security, such as detection of a malicious object or a dangerous activity in the system. Windows of critical notifications and pop-up messages are red-colored. Important notifications inform you of events that are potentially important for the computer's security, such as detection of a potentially infected object or a suspicious activity in the system. Windows of important notifications and pop-up messages are yellow-colored. Information notifications inform you of events that do not have critical importance for the computer's security. Windows of information notifications and pop-up messages are green-colored. To know how to configure notification settings, read the chapter Settings - Additional.

24 | 7 4 6

Kaspersky PURE 2.0

The program settings window The Kaspersky PURE 2.0 settings window is designed for configuring the entire application and separate protection components, scanning and update tasks. To open the settings window, click the Settings link in the top part of the main application window or select the Settings item from the application context menu in the Windows taskbar notification area.

The program settings window consists of three parts.

25 | 7 4 6

Kaspersky PURE 2.0

In the top left part of the window you can choose the section that should be configured: In the left part of the window you can choose the application component, task or another item that should be configured; The right part of the window contains the controls that you can use to configure the item selected in the left part of the window.

26 | 7 4 6

Kaspersky PURE 2.0

Chapter 2. Comparison of Kaspersky PURE 2.0 with other Kaspersky Lab products
Kaspersky PURE 2.0 is an optimal solution for comprehensive protection of computers within your home network. The product provides real-time protection against modern Internet threats irrespective whether you are working, using web banking, shopping, chatting or playing in the network. Kaspersky PURE 2.0 provides real-time protection against all types of data threats, prevents loss and unauthorized use of user data, protects children and teenagers from threats inherent in computer and Internet usage, and lets you manage the security of all computers on the home network from any networked computer. Use the table below to compare Kaspersky PURE 2.0 with Kaspersky PURE R2, as well as with Kaspersky Internet Security 2012 (KIS 2012) and Kaspersky Anti-Virus (KAV 2012). A greyed cell in the table means the described option is present in the product. A white cell means the option is missing from the product. Pay attention to new functionality and possibilities of Kaspersky PURE 2.0. For your convenience they are red-framed and their short description is given below.
KIS 2012 File Anti-Virus Mail Anti-Virus Web Anti-Virus IM Anti-Virus System Watcher Proactive Defense Network Attack Blocker Anti-Spam1 Need to train AntiSpam Protection from spam with cloud technologies Anti-Banner Task Manager Safe Run Application Control Firewall Parental Control Kaspersky URL Advisor2 Expanded compatibility of the URL Advisor module with web browsers Block dangerous websites 3
1

KAV 2012

PURE R2

PURE 2.0

To protect you from spam alongside with the traditional methods (analysis of a text, images and etc.) Kaspersky PURE 2.0 uses state of the art cloud technologies and heuristic analyzer thus considerably enhancing efficiency of spam recognition.
2

The Kaspersky URL Advisor in Kaspersky PURE 2.0 is embedded into the toolbar for web browsers. It highlights links that may take you to infected or phishing resources, with a color indicator.
3

Using Kaspersky PURE 2.0 you can block access to web sites which were detected as phishing as a result of work of the block dangerous sites module. If the program cannot make unequivocal decision about the

27 | 7 4 6

Kaspersky PURE 2.0

Geo Filter Trusted URLs Online Banking File Advisor4 Data collection on behavioral patterns of programs Virtual Desktop Virtual Keyboard Safe Browser5 Browser Configuration Kaspersky Rescue Disk Microsoft Windows Troubleshooting Privacy Cleaner6 Vulnerability Scan7 Identity Protection Backup and Restore Password Manager Data Encryption File Shredder Unused Data Cleaner Intellectual system of downloading updates8 Rollback of malware actions Home Network Control Anti-Phishing
To protect you from spam alongside with the traditional methods (analysis of a text, images and etc.) Kaspersky PURE 2.0 uses state of the art cloud technologies and heuristic analyzer thus considerably enhancing efficiency of spam recognition. site safety, you will be offered to load in the safe browser mode (only compatible with the web browsers Microsoft Internet Explorer, Mozilla Firefox and Google Chrome). When started in Safe Browser malicious objects cannot harm your computer.
4

Now Kaspersky PURE 2.0 has the option to find out the reputation of any file in Kaspersky Security Network. For example, you downloaded a program from the Internet, but doubt its safety and want to quickly check its reputation. You will get detailed information about the file/program and other users' level of trust.
5

Safe Browser is a new module in Kaspersky PURE 2.0, which allows to open any web pages without a risk of infection with malware. In Safe Browser web sites are opened in virtual environment which does not let out possible threats penetrate the operating system.
6

Privacy Cleaner Wizard clears logs and browser cache, deletes the data (cookies, temporary and installation files) stored on your computer after browsing the net and thus keeps your user activity private.
7

Vulnerability Scan is a special tool which helps to search and eliminate security vulnerabilities of applications, installed on your computer, and in operating system settings. All the problems detected at the system analysis stage will be grouped based on the degree of danger it poses. Kaspersky Lab specialists offer a set of actions for each group of problems which help to eliminate vulnerabilities and weak points in the system's settings.
8

Kaspersky PURE 2.0 downloads updates only for active components of the application, which helps to minimize the number of updates and the time needed to download them. For example, if you have disabled Anti-Spam, Kaspersky PURE 2.0 will not download updates for this component. On activating a function/component, the application immediately starts downloading the relevant updates. This ensures up-to-date protection. Furthermore, in automatic update mode Kaspersky PURE 2.0 only runs update tasks 15 minutes after the computer has come out of sleep mode so as not to slow down the process of restoring the operating system.

28 | 7 4 6

Kaspersky PURE 2.0

Chapter 3. Installation of Kaspersky PURE 2.0


System requirements for Kaspersky PURE 2.0
General requirements 600 MB free hard drive space. CD-ROM (for installing Kaspersky PURE 2.0 from the setup CD). Microsoft Internet Explorer 6.0 or later (to update the application modules and databases via the Internet). Microsoft Windows Installer 2.0 Internet access to activate the application and update the databases Mouse

Supported operating systems Microsoft Windows XP:

Home Edition (Service Pack 3 or later). Professional (Service Pack 3 or later). Professional x64* Edition (Service Pack 2 or later). Intel Pentium 800 MHz processor or faster (or compatible equivalent)

RAM: 512 MB Microsoft Windows Vista 32/64* Bit (Service Pack 2 or later): Home Basic Home Premium Business Enterprise Ultimate Intel Pentium 1 GHz 32-bit (x86)/ 64-bit (x64) processor or faster (or compatible equivalent)

RAM: 1 GB Microsoft Windows 7 32/64* Bit Starter Home Basic Home Premium Professional Ultimate Intel Pentium 1 GHz 32-bit (x86)/ 64-bit (x64) processor or faster (or compatible equivalent) RAM: 1 GB (32-bit OS) or 2 GB (64-bit OS)

*Limitations for 64-bit operating systems:

29 | 7 4 6

Kaspersky PURE 2.0

Safe Browser and Safe Run Mode cannot be run under Windows XP x64, and run in limited mode under Windows Vista x64 and Windows 7 x64 (running applications cannot create COM objects). Safe Desktop cannot be run under all x64 systems. Password Manager cannot be run with x64 applications under all 64-bit operating systems.

System requirements for netbooks Intel Atom 1.6 GHz (Z520) processor (or a compatible equivalent) RAM: 1 GB Graphics: Intel GMA950, RAM: 64 MB minimum (or a compatible equivalent) Display: 10.1", resolution 1024x600 or higher

Installation procedure of Kaspersky PURE 2.0


If third-party anti-virus software is installed on your computer, go to the chapter Removing third-party products. You can know the list of applications incompatible with Kaspersky PURE 2.0 from the chapter Products incompatible with Kaspersky PURE 2.0. If an earlier version of Kaspersky PURE 2.0 is installed on your computer, go to the chapter Migration to Kaspersky PURE 2.0 from other Kaspersky Lab products. If you install Kaspersky PURE 2.0 on your computer from the scratch, then you can select one of the two installation variants: Express installation. If you choose this option, the application will be fully installed on your computer with the protection settings recommended by Kaspersky Lab experts. During the installation process you will be offered to activate the product. Custom installation. In this case (the Change installation settings box is checked), you will be asked to specify the destination folder into which the application should be installed, activate the application and configure using a special wizard. Express installation of Kaspersky PURE 2.0 Step 1. Selecting the type of the installation. If you purchased Kaspersky PURE 2.0 on a CD, then the installation starts automatically after you have inserted your CD in the CD-ROM drive. If an executable installer file from the CD is not started automatically, then it should be run manually. For this, open the CD and the Install folder via Windows Explorer and double-click an executable file (with the exe. extension). If you purchased Kaspersky PURE 2.0 in the eStore in this case you get a download link to an executable installer file which you have to run manually (by double-clicking the file). The Setup Wizard will be launched. To start express installation, click the Next box.

30 | 7 4 6

Kaspersky PURE 2.0

Step 2. Accepting the License Agreement. Read the License Agreement concluded by you and Kaspersky Lab. Read the agreement carefully, and if you accept each of its terms, click the I agree button. The application installation will go on. To cancel the application installation, click the Cancel button.

Step 3. Participating in the Kaspersky Security Network program. At this step, you will be invited to participate in the Kaspersky Security Network. Participation in the program involves sending information about new threats detected on

31 | 7 4 6

Kaspersky PURE 2.0

your computer, running applications, and downloaded signed applications to Kaspersky Lab, along with the unique ID assigned to your copy of Kaspersky PURE 2.0 and your system information. We guarantee that none of your personal data will be sent. Review the Kaspersky Security Network Data Collection Statement. If you agree with all points of the statement, check the I accept the terms of participation in Kaspersky Security Network box. To continue the installation, click the Install button.

Step 4. Searching for incompatible software. On this step the wizard searches for applications installed on your computer, incompatible with Kaspersky PURE 2.0. If such applications are not found, the wizard goes to the next step automatically. Upon detection incompatible software is listed and you are offered to delete such software from your computer. Applications which Kaspersky PURE 2.0 cannot delete automatically should be removed manually. During removal of incompatible software, the system reboots. After reboot installation of Kaspersky PURE 2.0 continues automatically. You can find more information about removal of incompatible software from the chapter List of applications incompatible with Kaspersky PURE 2.0. Step 5. Installation. Installation of the application can take some time. Wait for it to finish. Once the installation is complete, the Wizard will automatically proceed to the next step. If an installation error occurs, which may be due to malicious programs that prevent antivirus applications from being installed on your computer, the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool, a special utility for neutralizing an infection. You can read about the utility in the KB6219. If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers, after which installation of the utility starts automatically. If the Wizard cannot

32 | 7 4 6

Kaspersky PURE 2.0

download the utility, you will be asked to download it on your own by clicking the link provided. After you finish working with the utility, you should delete it and restart the installation of Kaspersky PURE 2.0. Step 6. Finishing the installation. After the program files have been copied and the modules have been registered, the Wizard informs you of successful completion of the application installation. If you want to launch Kaspersky PURE 2.0, check the Run Kaspersky PURE 2.0 box and click the Finish button.

During the first application launch, you will be offered to activate Kaspersky PURE 2.0.

33 | 7 4 6

Kaspersky PURE 2.0

If you have an activation code, select the Activate commercial version option and enter an activation code of 20 characters. An Internet access is required to activate the application. If you do not have an activation code, you can activate trial version. In this case the Configuration Wizard will download and install a trial key valid for 30 days. An Internet access is required to activate the application. The difference between trial and commercial versions, and the activation procedure are described in detail in the License management chapter.

Custom installation of Kaspersky PURE 2.0 Step 1. Selecting the type of the installation. After installation start in the bottom left corner of the Wizard window check the Change installation settings box and click Next.

34 | 7 4 6

Kaspersky PURE 2.0

Step 2. Accepting the License Agreement. Read the License Agreement concluded by you and Kaspersky Lab. Read the agreement carefully, and if you accept each of its terms, click the I agree button. The application installation will go on. To cancel the application installation, click the Cancel button.

Step 3. Participating in the Kaspersky Security Network program. At this step, you will be invited to participate in the Kaspersky Security Network. Participation in the program involves sending information about new threats detected on your computer, running applications, and downloaded signed applications to Kaspersky

35 | 7 4 6

Kaspersky PURE 2.0

Lab, along with the unique ID assigned to your copy of Kaspersky PURE 2.0 and your system information. We guarantee that none of your personal data will be sent. Review the Kaspersky Security Network Data Collection Statement. If you agree with all points of the statement, check the I accept the terms of participation in Kaspersky Security Network box. To continue the installation, click the Install button.

Step 4. Searching for incompatible software. On this step the wizard searches for applications installed on your computer, incompatible with Kaspersky PURE 2.0. If such applications are not found, the wizard goes to the next step automatically. Upon detection incompatible software is listed and you are offered to delete such software from your computer. Applications which Kaspersky PURE 2.0 cannot delete automatically should be removed manually. During removal of incompatible software, the system reboots. After reboot installation of Kaspersky PURE 2.0 continues automatically. You can find more information about removal of incompatible software from the chapter List of applications incompatible with Kaspersky PURE 2.0. Step 5. Selecting a destination folder. At this stage you can select the folder in which to install Kaspersky PURE 2.0. The following path is set by default: For 32-bit systems: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0. For 64-bit systems: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0. To select a different folder, perorm the following actions: 1. In the Destination folder window click the Browse button.

36 | 7 4 6

Kaspersky PURE 2.0

2. In the Select current destination folder window select a folder. 3. Click the OK button.

4. Click the Next button to continue installation.

37 | 7 4 6

Kaspersky PURE 2.0

To find out if there is enough disk space on your computer to install the application, click the Disk Usage button. In the window that opens you can view the disk space information. To close the window, click OK.

Keep in mind the following restrictions:


The application cannot be installed on network or removable drives, or on virtual drives (those created using the SUBST command). We recommend that you avoid installing the application in a folder that already contains files or other folders, because that folder will then become inaccessible for editing. The path to the installation folder cannot be longer than 160 characters or contain the special characters /, ?, :, *, ", >, < or |.

Step 6. Preparing for installation. During custom installation you are recommended not to uncheck the Protect the installation process box. If any errors occur during the application installation, the enabled protection will help to perform correct rollback procedure of the installation. During the following installation (for example, after removal of incompatible software) you are advised to uncheck the box. When performing remote installation using Windows Remote Desktop you are advised to uncheck this box if the application cannot be installed. Enabled protection may be the reason. To proceed with the installation, click the Install button.

38 | 7 4 6

Kaspersky PURE 2.0

Step 7. Installation. Installation of the application can take some time. Wait for it to finish. Once the installation is complete, the Wizard will automatically proceed to the next step. If an installation error occurs, which may be due to malicious programs that prevent antivirus applications from being installed on your computer, the Setup Wizard will prompt you to download Kaspersky Virus Removal Tool, a special utility for neutralizing an infection. If you agree to install the utility, the Setup Wizard downloads it from the Kaspersky Lab servers, after which installation of the utility starts automatically. If the Wizard cannot download the utility, you will be asked to download it on your own by clicking the link provided. After you finish working with the utility, you should delete it and restart the installation of Kaspersky PURE 2.0. Step 8. Finishing the installation. After the program files have been copied and the modules have been registered, the Wizard informs you of successful completion of the application installation. If you want to launch Kaspersky PURE 2.0, check the Run Kaspersky PURE 2.0 box and click the Finish button.

39 | 7 4 6

Kaspersky PURE 2.0

During the first application launch you will be offered to activate Kaspersky PURE 2.0.

If you have an activation code, select the Activate commercial license option and enter an activation code of 20 characters. An Internet access is required to activate the application. If you do not have an activation code, you can activate a trial version. In this case the Wizard will download and install a trial key valid for 30 days. An Internet access is required to activate the application. The difference between a trial and commercial license, and the activation procedure are described in detail in the License management chapter.

40 | 7 4 6

Kaspersky PURE 2.0

Uninstalling third-party software or earlier versions of Kaspersky Lab products


Before installation of Kaspersky PURE 2.0 all earlier versions of Kaspersky Lab products or third-party anti-virus software need to have been uninstalled. If such third-party anti-virus software has not been removed, during installation it is detected by the wizard and is deleted automatically. In case third-party software cannot be deleted automatically, you will be offered to delete such software manually. You can use standard Windows means, to uninstall anti-virus software:

For users of Windows XP: 1. In the bottom left corner of the screen click the Start button. 2. Select the Control Panel item.

3. In the Control Panel window select the Add or Remove Programs section.

41 | 7 4 6

Kaspersky PURE 2.0

4. In the Add or Remove Programs window select a program you need to remove. 1. Click the Change/Remove button. 2. Anti-virus software will be deleted from your computer. For users of Windows Vista/7: 1. In the bottom left corner of the screen click the Start button. 2. Select the Control Panel item.

42 | 7 4 6

Kaspersky PURE 2.0

3. In Control Panel window select the Programs section.

4. In the Programs window select the Programs and Features section.

43 | 7 4 6

Kaspersky PURE 2.0

5. In the Programs and Features window select an application you need to remove.

6. Double-click the applications name. 7. Anti-virus software will be deleted from your computer. Some folders and files of previously installed anti-virus applications may still remain in the Program Files folder after removal with the Windows standard means. If the folder contains folders and files of other anti-virus applications, delete them. Sometimes after removal of anti-virus software with the standard means and the computer restart some records may still remain in the system registry and prevent Kaspersky PURE 2.0 from installation. You will know about the records of the previous anti-virus software in the registry during the product installation. Before the files are copied onto a hard disk the Setup Wizard scans the disk for software incompatible with Kaspersky PURE 2.0. Records in the system registry are recognized by the Setup Wizard as fully installed software, even though the product was removed and is no longer installed on the PC. As a result Kaspersky Lab Setup Wizard asks to delete the detected incompatible software manually and terminates the installation process. To resolve the situation, use the links to the special removal utilities that will fully remove a product from your computer.

44 | 7 4 6

Kaspersky PURE 2.0

Removing Norton products

Removing McAfee products

Removing TrendMicro products

Removing BitDefender products

Removing Avast products

Removing F-Secure products

Removing AVG products

Removing ESET products

Removing Agnitum Outpost products

How to remove Norton products Removal tool to uninstall Norton products (NORTON REMOVAL TOOL () Symantec Corporation. Distributed under the terms of the NORTON Software Tool Usage Agreement) How to remove McAfee products Removal tool to uninstall McAfee products (MCPR (C) McAfee, Inc) How to remove TrendMicro products Removal tool to uninstall Trend Micro products (TISSUPRT (C) Trend Micro, Inc) How to remove BitDefender products Removal tool to uninstall BitDefender products (BITDEFENDER UNINSTALL TOOL (C) BITDEFENDER) How to uninstall Avast products. Removal tool to uninstall Avast products (ASWCLEAR5 () ALWIL Software) How to uninstall F-Secure products Removal tool to uninstall F-Secure products (UNINSTALLATION TOOL (C) F-Secure Corporation. Distributed under the terms of the F-Secure License Terms) How to uninstall AVG products. Removal tools to uninstall AVG anti-virus (AVGREMOVER (C) AVG Technologies): For 32-bit systems. For 64-bit systems. How to uninstall ESET products. Removal tool to uninstall ESET Nod32 (ESET UNINSTALLER (C) ESET, LLC). How to uninstall Agnitum Outpost products. Removal tools to uninstall Agnitum Outpost (for Outpost 2008/2009) (CLEAN (C) Agnitum Ltd): For 32-bit systems. For 64-bit systems. How to uninstall Norman Virus Control.

Removing Norman Virus Control product

Removal tool to uninstall Norman Virus Control (version 5.x) (DELNVC5 (C) Norman

ASA).

List of applications incompatible with Kaspersky PURE 2.0

45 | 7 4 6

Kaspersky PURE 2.0

During installation of any Kaspersky PURE 2.0 component, products from the list which can be found in the article from the link are always detected and automatically deleted List of applications incompatible with Kaspersky PURE 2.0.

Upgrade from other Kaspersky Lab products to Kaspersky PURE 2.0


You can install Kaspersky PURE 2.0 on top of the following Kaspersky Lab products: Kaspersky PURE Kaspersky PURE R2 KIS 2011/2012 KAV 2011/2012 In order to install Kaspersky PURE 2.0 on top of one of the mentioned programs, do the following: 1. Download the product distributive of Kaspersky PURE 2.0 from the Kaspersky Lab official site (http://www.kaspersky.com/productupdates). 2. Run the distributive of Kaspersky PURE 2.0. 3. Follow the instructions of the Setup Wizard (see chapter Express installation of Kaspersky PURE 2.0).

46 | 7 4 6

Kaspersky PURE 2.0

Chapter 4. License management and migration to new product version


License management
This chapter contains information regarding the basic concepts used in the context of the application licensing. You will also learn about the automatic renewal of the license and where to view information regarding the current license. About license agreement The End User License Agreement is an agreement between natural or legal person lawfully in possession of a copy of Kaspersky PURE 2.0 and Kaspersky Lab, ZAO. The EULA is included in each Kaspersky Lab application. It contains a detailed description of rights and Kaspersky PURE 2.0 usage restrictions. According to the EULA, when you purchase and install a Kaspersky Lab application, you get an unlimited right to own its copy.

About license License is a right to use Kaspersky PURE 2.0 and the related additional services offered by Kaspersky Lab or its partners. Each license is defined by its expiry date and a type. License term a period during which the additional services are offered: Technical support; Updating databases and application modules. The scope of provided services depends on the type of the license. The following license types are provided: 1. Trial a free license with a limited validity period, for example, 30 days, offered to become familiar with Kaspersky PURE 2.0. Trial license can only be used once and cannot be used after a commercial license! As soon as the trial license expires, all Kaspersky PURE 2.0 features become disabled. To continue using the application you should activate it with an activation code. The activation procedure will be described below. NOTE: Technical support is provided only to the customers of commercial license.

47 | 7 4 6

Kaspersky PURE 2.0

2. Commercial a commercial license with a limited validity period (for example, one year), offered upon purchase of Kaspersky PURE 2.0. One license can cover several computers. If a commercial license is activated, all application features and additional services (technical support, update of bases and application modules) are available. As soon as a commercial license expires, Kaspersky PURE 2.0 remains a fullfeatured application, but the anti-virus databases are not updated. You can still scan your computer for viruses and use the protection components, but only using the databases that you had when the license expired. Two weeks before the license expiration date, the application will notify you of this event so you can renew the license in advance. The procedure of a license renewal will be described below. Commercial with an update subscription and commercial with an update and protection subscription a paid license with flexible management. You can suspend and resume the subscription, extend its validity period in the automatic mode and cancel the subscription. A license with subscription is distributed by service providers. You can manage the subscription from the user's Personal Cabinet on the service provider's website. The validity period of a subscription can be limited (for example, to one year) or unlimited. If a subscription with a limited validity period is activated, you should renew it on your own when it expires. A subscription with an unlimited validity period is extended automatically subject to timely prepayment to the provider. If the subscription term is limited, when it expires, you will be offered a grace period for subscription renewal, during which the full functionality of the program will be maintained. If the subscription is not renewed, when grace period expires, Kaspersky PURE 2.0 ceases to update the application databases (for licenses with an update subscription) and stops performing computer protection or executing scan tasks (for licenses with a protection subscription). When using the subscription, you will not be able to use another activation code to renew the license. This is only possible after the subscription expiry date. If you already have an activated license with a limited term at the time of subscription activation, it is substituted with the subscription license. To cancel the subscription, contact the service provider from whom you purchased Kaspersky PURE 2.0.

About activation code An activation code is a unique set of Latin letters and digits that comes in four blocks of five symbols, separated by a hyphen, for example AA111-AA111-AA111-AA111. Activation code is the code supplied with a Kaspersky PURE 2.0 commercial license. This code is required for activation of the application. If you purchased a box version of the Kaspersky Lab product, the activation code can be found printed on the first page of the user manual left cover.

48 | 7 4 6

Kaspersky PURE 2.0

If you have purchased Kaspersky Lab product via E-Store, the activation code will be sent to you via e-mail you have specified when making the order. The activation code which has never been activated does not have an expiry date. An unused activation code can be activated at any time, but the license will begin to expire on the day of initial activation. In this case the Configuration Wizard will connect to the Kaspersky Lab servers and send the activation code to the servers. If the activation code is verified, the wizard receives a key file which is automatically installed to the program. The activation process is complete and is accompanied by a window with the detailed information about the purchased license. If the activation code was not verified, the corresponding message is displayed on the screen. In this case contact the company where you purchased the license.

49 | 7 4 6

Kaspersky PURE 2.0

If the number of activations with one activation code is exceeded a corresponding message will appear on the screen. The activation process will be terminated and the program will offer you to contact Kaspersky Lab Technical Support. If an activation error occurred and the activation code was not activated, contact Technical support via My Kaspersky Account service from any computer with an Internet connection. Give the following information in your request: Place where you purchased Kaspersky Lab product; Information about the owner: surname, name; Exact purchase date; Full registration number of your license (this number is written on the first page of the user manual left cover from the box version of the product or in an email (if you purchased the product via eStore); Product activation code.

Without an activation code the application will work in limited functionality. For example, you will be able to update the program only once (further updates will not be performed), some other functionalities will be unavailable.

Purchasing license after the product installation If you have installed Kaspersky PURE 2.0 without a license, you can purchase one after installation: 1. Open the main application window. 2. Click the License: not available link in the bottom right corner of the window.

50 | 7 4 6

Kaspersky PURE 2.0

3. In the Licensing window click the Buy activation code button.

The eStore web page of Kaspersky Lab opens where you can purchase a license or find the partner nearest to you.

51 | 7 4 6

Kaspersky PURE 2.0

About activation procedure Activation is the procedure of activating a license that allows you to use a fully functional version of the application until the license expires.

Activation during the application installation You can activate the commercial version of the application during the first launch of Kaspersky PURE 2.0. For this, perform the following actions: 1. In the Activation of Kaspersky PURE 2.0 window select a license type commercial or trial. See the chapter About license for the details.

If you have selected Activate commercial version, enter an activation code into the corresponding field and click the Next button. If you want to activate trial version, select the corresponding option and click the Next button. Pay attention, on this step you can purchase a commercial license by clicking the Purchase activation code button. A Kaspersky Lab web-page opens where you can purchase a license and obtain an activation code.

52 | 7 4 6

Kaspersky PURE 2.0

2. The Wizard sends a request to the activation server to obtain permission for activation of the selected version of the application.

If the request is sent successfully, the Wizard automatically proceeds to the next step. 3. This window displays information on the activation results: type of license used and license expiry date. Click the Finish button, to complete the work of the Wizard.

53 | 7 4 6

Kaspersky PURE 2.0

Activation after the application installation On the activation step during the application installation you can click the Cancel button. In this case the application will not be activated. To activate the application after the installation, perform the following actions: 1. Open the Licensing window using one of the methods below: Click the Activate link in the Kaspersky PURE 2.0 notice window which appears in the taskbar notification area.

Click the License: not available link in the bottom part of the main application window.

54 | 7 4 6

Kaspersky PURE 2.0

In the program main window click License issues or the Fix button. In the Security Problems window click the Details button next to the message about not activated application.

55 | 7 4 6

Kaspersky PURE 2.0

2. In the Licensing window click the Activate the application button in order to activate the program with a new license.

56 | 7 4 6

Kaspersky PURE 2.0

3. Select Activate commercial version/ Activate trial version. If you want to activate a commercial license, enter the activation code into the corresponding field. Click the Next button. After successful activation completion, information about the license type and the expiry date will be shown in the wizard window.

57 | 7 4 6

Kaspersky PURE 2.0

Activation issues of Kaspersky Lab products Kaspersky Lab products can be activated by activation codes purchased in the region where the product will be used. The error may appear if you try to activate your application using an activation code in one region (country), but the activation code you use is intended for use in another region (country). For example, you bought Kaspersky PURE 2.0 via E-Store in India, but you try to install and activate the application in the United Kingdom. In order to eliminate the problem, you need to install and activate your Kaspersky Lab product in the region (country), where you bought the application.

Viewing license information In order to view current license information, perform the following actions: 1. Open the main application window. 2. Click on the License link in the bottom of the window.

58 | 7 4 6

Kaspersky PURE 2.0

In the Licensing window you can view the following license information: License number (for example, 0101-010101-01010101); License status (for example, active); License type (for example, commercial for 2 computers for 365 days); Expiration date (for example,13/03/2012 11:59 PM); Remaining (for example, 364 days).

59 | 7 4 6

Kaspersky PURE 2.0

License renewal procedure To protect your computer after the license validity period, you can extend the license for the next term prematurely. To prolong the license validity period, perform the following actions: 1. Open the main application window. 2. In the bottom of the window click the License link. 3. In the Licensing window in the New activation code section: If you already have an activation code (for example, you purchased a box version), then perform the following actions: a) Click on the Enter activation code button. b) Enter your activation code in the Enter activation code window. c) Click on the Next button.

60 | 7 4 6

Kaspersky PURE 2.0

If you do not have an activation code and you want to buy a new license, then in the Licensing window perform the following actions: 1. Click on the button Buy activation code with a discount.

2. A Kaspersky Lab web-page opens where you can prolong your license validity period online in the License Renewal Center or find the partner nearest to you and then prolong your license offline.

61 | 7 4 6

Kaspersky PURE 2.0

Licensing window The section in the top part of the Licensing window provides the following information about the license: License number (for example, 0101-010101-01010101); License status (for example, active); License type (for example, commercial for 1 computer for 365 days); Expiration data (for example,13.03.2012); Remaining days (for example, 364 days).

62 | 7 4 6

Kaspersky PURE 2.0

You can delete the key which currently in use in the top part of the Licensing window. To delete the license, click the cross button next to the license number. The bottom section of the Licensing window allows to select an action over a license depending on its type and status. If a commercial license is in use, the New activation code section is available. In this section you can purchase a new activation code (by clicking the Buy activation code with a discount button) which would be automatically activated after the license in use has expired (new activation code).

If a trial license is in use, the License expires soon section is displayed. Using the buttons in this section you can: Enter activation code if you have an activation code, you can activate the application with a commercial license in the open window. Buy activation code go to a Kaspersky Lab page where you can buy a license for the product via the eStore or to know the location of the partner nearest to you.

63 | 7 4 6

Kaspersky PURE 2.0

64 | 7 4 6

Kaspersky PURE 2.0

Migration policy from Kaspersky Lab products to Kaspersky PURE 2.0


The migration terms depend on the status of the license in use. If you have an active license for the products: Kaspersky PURE, Kaspersky PURE R2 you can use your current license to migrate.

Kaspersky PURE

Kaspersky PURE R2

FREE

Kaspersky PURE 2.0

KIS 7.0, KIS 2009, KIS 2010, KIS 2011, KIS 2012 you can purchase a license renewal with a discount in E-Store.

KIS 7.0

KIS 2009

KIS 2010

KIS 2011

KIS 2012

With a discount

Kaspersky PURE 2.0

KAV 7.0, KAV 2009, KAV 2010, KAV 2011, KAV 2012 you can purchase a license renewal with a discount in E-Store.

KAV 7.0

KAV 2009

KAV 2010

KAV 2011

KAV 2012

With a discount

Kaspersky PURE 2.0

If the license for product KAV 2012/KIS 2012/KAV 2011 / KIS 2011 / KAV 2010 /KIS 2010 / KAV 2009 / KIS 2009 / KIS 7.0 / KAV 7.0 has expired, then you may purchase a license renewal for Kaspersky PURE 2.0 with a discount in E-Store or by Kaspersky Labs partners.

65 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 5. Computer Protection


Kaspersky PURE 2.0 is a versatile tool for protecting data on the home network against all kinds of information threats. The application ensures protection against viruses and malware, unknown threats and fraud, it lets you control user access to the computer and the Internet, back up data, and create encrypted containers for confidential information, and manage computer security on the home network from the administrator workstation. In order to check the current computer protection state, click on the Computer Protection module.

Computer Protection includes three main sections: Protection Center, Scan, Update. Also the Computer Protection window contains the following links: Quarantine, Network Monitor, Applications Activity. The upper part of the window contains the Cloud Protection button and the Settings and Reports links.

66 | 7 4 6

Kaspersky CRYSTAL 2.0

Cloud protection (The Kaspersky Security Network service)


To increase the efficiency of your computer's protection, Kaspersky PURE 2.0 uses data received from users from all over the world. Kaspersky Security Network is designed for collecting those data and thus provides Cloud protection. Kaspersky Security Network (KSN) is a global service of the operative threat analysis that unites millions of users all over the world. When Kaspersky PURE 2.0 detects suspicious or not scanned data on a computer of a KSN participant, it automatically sends such data to Kaspersky Lab where virus analysts analyze potential threats round the clock and release protection updates for customers in real time. User participation in Kaspersky Security Network enables Kaspersky Lab to gather realtime information about the types and sources of new threats, develop methods to neutralize them, and reduce the number of false positives. The more users participate in KSN, the safer cloud protection is for all the participants. Thus, KSN allows the user to obtain: Additional level of protection; Operative data about applications reputation; Operative data about sites reputation; On-the-fly response to appearance of new threats.

67 | 7 4 6

Kaspersky CRYSTAL 2.0

To know the current operational status of the Kaspersky Security Network service, perform the following actions: 1. In the Computer Protection window click on the Cloud protection button.

2. In the left part of the Cloud Protection window you can see the current service status Connected/Disconnected. In the right part of the window you can view the information received by the service for the time being. To get more information about the cloud protection technology of Kaspersky Security Network (KSN), click the Read more button.

68 | 7 4 6

Kaspersky CRYSTAL 2.0

User participation in Kaspersky Security Network allows Kaspersky Lab to operatively collect information about types and sources of new threats, develop disinfection methods, and decrease the number of false alerts. No privacy data are collected, processed, or stored. Participating in the Kaspersky Security Network is voluntary. You should decide whether to participate when installing Kaspersky PURE 2.0; however, you can change your decision at any time later. To participate/not participate in the Kaspersky Security Network service, perform the following actions: 1. Open the Settings window by clicking on the Settings link in the left upper corner of the main application window. 2. In the upper part of the window select Additional. 3. In the left part of the window select Feedback. 4. In the right part of the window check/clear the box I agree to participate in Kaspersky Security Network.

69 | 7 4 6

Kaspersky CRYSTAL 2.0

5. Click on the OK button, to save the changes. You can know the file reputation in only one click. In order to do this, right-click the required file and select Check reputation in KSN from the open context menu.

70 | 7 4 6

Kaspersky CRYSTAL 2.0

Protection Center
Protection Center is a Kaspersky PURE 2.0 module which provides protection of personal data against all kinds of threats. The module also protects the computer from spam and network attacks. Components of Protection Center allow to protect the computer from unknown threats and Internet-fraud, phishing; it lets you control user access to the Internet. This comprehensive protection covers all channels that are used to receive and transfer data. Protection Center lets you enable/disable protection components and go to their configuration windows. Real-time protection of your computer is provided by the following components:

File Anti-Virus monitors the computer file system and prevents infection of the computer's file system. The component starts upon startup of the operating system, continuously remains in the computer's RAM, and scans all files being opened, saved, or launched on your computer and all connected drives. Kaspersky PURE 2.0 intercepts each access to files and scan. The file will be accessible only if the file is not infected or is disinfected by the application. If the file cannot be disinfected, the file will be deleted. In this case the file copy will be saved in a backup quarantine store. Mail Anti-Virus scans incoming and outgoing messages for dangerous objects. Messages will be accessible only if contain no dangerous objects. Web Anti-Virus protects incoming web traffic and prevents dangerous scripts from running on your computer. The component also blocks access to dangerous web sites. IM Anti-Virus provides protection of your computer when you work with instant messengers. The component protects incoming data via instant messengers protocols. IM Anti-Virus provides secure work with most of internet messengers. Application Control tracks actions in the system performed by applications installed on the computer, and regulates them based on the rules of Application Control. These rules regulate potentially dangerous activity, including applications' access to protected resources. Proactive Defense allows detecting new types of threats even if they are not added to anti-virus databases. The component controls and analyzes all types of activities on the computer. If, as a result of activity analysis, the sequence of an application's actions arouses suspicion, Proactive Defense blocks the activity of this application. Thus, your computer is protected against known and new threats and malware. Firewall ensures your security on local networks and the Internet. Protection against various types of attacks is performed based on two groups of rules: packet rules and application rules. Network Attack Blocker loads during the operating system launch, and scans incoming network traffic for activities characteristic of network attacks. As soon as an attempt to attack the computer is detected, Kaspersky PURE 2.0 blocks any network activity of the attacking computer towards your computer.

71 | 7 4 6

Kaspersky CRYSTAL 2.0

Anti-Spam embeds into your mail client and filters all incoming mail for unwanted mail and sorts it according to the settings configured by the user. All emails containing spam will be marked with a special subject. You can configure work of the Anti-Spam component (automatic deleting, removing to a specified folder and etc.). Network Monitor. The component allows to view real-time network activity data. Anti-Phishing. The component is embedded to Web Anti-Virus, Anti-Spam and IM Anti-Virus. The component filters access to phishing web sites and prevents phishing attacks. Anti-Banner blocks ads and banners in your web browser and in some applications.

You can enable/disable any of the components. In order to do this, perform the following actions: 1. Select Computer Protection in the main application window.

2. In the Computer Protection window click on the List button in the Protection components section.

72 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In order to enable/disable the required component, click on the button located in the right part of the window in the section of the required component. The disabled. icon shows that a component is enabled, the icon a component is

73 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In order to go to the component configuration window click on the button . You can find detailed instructions on how to configure components in the Setting section. Also in the Computer Protection window you can find out the status of detected threats and databases status.

74 | 7 4 6

Kaspersky CRYSTAL 2.0

Anti-virus databases statuses of Kaspersky PURE 2.0: Obsolete; Out of date; Have not been updated for a long time; Update is in progress; Up to date.

Scan
Scanning the computer for viruses and vulnerabilities is one of the most important tasks in ensuring the computer's security. It is necessary to scan your computer for viruses on a regular basis in order to rule out the possibility of spreading malicious programs that have not been discovered by protection components, for example, because of a low security level set, or for other reasons. Vulnerability scan performs the diagnostics of operating system and detects software features that can be used by intruders to spread malicious objects and obtain access to personal information. Further we will study peculiarities configuring settings of the scan tasks, as well as security levels, scan methods and technologies.

75 | 7 4 6

Kaspersky CRYSTAL 2.0

Scan for viruses Kaspersky PURE 2.0 comprises the following tasks to scan for viruses:

Full Scan. A thorough scan of the entire system. The following objects are scanned by default: system memory, objects loaded on startup, system backup, email databases, hard drives, removable storage media and network drives. Critical Areas Scan. Virus scan of operating system startup objects (system memory, startup objects and bootable sectors). Custom Scan. Scan of objects selected by the user. You can create your own list by adding or excluding from scan any object of the computer's file system from the default list.

Starting scan for viruses Scan tasks can be started from the main application window or from the Computer Protection window.

Starting scan from the main application window To start a scan task from the main application window, perform the following actions:

76 | 7 4 6

Kaspersky CRYSTAL 2.0

1. Open the main application window. 2. In the bottom part of the Computer Protection section click on the Scan link.

3. Select the required scan type from the open menu.

77 | 7 4 6

Kaspersky CRYSTAL 2.0

Starting scan from the Computer Protection window In order to start a scan task from the Computer Protection window, perform the following actions: 1. In the main application window select Computer Protection. 2. In the left part of the window select Scan.

78 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the right part of the window launch the necessary task.

Full Scan

In order to start the Full Scan task, click on the icon

next to the task name.

79 | 7 4 6

Kaspersky CRYSTAL 2.0

Before the first launch of a scan task, a short description of the task is given in the Full Scan section. After the first launch of the task, the window will contain task execution time (time reference is a link to the scan report window), number of scanned objects and scan results.

During the Full Scan task performing you can specify an action for the computer to be performed when scan is complete. In order to do this, perform the following actions: 1. Click on the details link under Full Scan.

80 | 7 4 6

Kaspersky CRYSTAL 2.0

2. In the Scan Tasks window click on the link keep the computer turned on.

3. Select the required action: keep the computer turned on; shut down the computer; switch the computer to standby mode; switch the computer to sleep mode; reboot the computer.

81 | 7 4 6

Kaspersky CRYSTAL 2.0

By default, the keep the computer turned on option is selected.

You can stop the launched task by pressing on the button . In order to resume the scan task, click on the button and you will be asked to select one of the following options: Resume scan or Start new scan.

Critical Areas Scan

In order to launch the Critical Areas Scan, click on the button next to the scan name in the Computer Protection window. Before the first launch of a scan task, a short description of the task is given in the Critical Areas Scan section. After the first launch of the task, the window will contain task execution time (time reference is a link to the scan report window), number of scanned objects and scan results.

82 | 7 4 6

Kaspersky CRYSTAL 2.0

You can stop the launched task by pressing on the button

In order to resume the scan task, click on the button and you will be asked to select one of the following options: Resume scan or Start new scan.

83 | 7 4 6

Kaspersky CRYSTAL 2.0

Custom Scan Using Custom Scan you can scan individual objects on the computer. You can create your own list by adding or excluding from scan any object of the computer's file system from the default list. In comparison with custom scan, tasks of full scan and critical areas scan are specific scan tasks it is not recommended to edit scan lists for these scan types. In order to launch a custom scan task, perform the following actions: 1. Drag the required object and drop it to the Custom Scan section. You can also click on the browse link and select the object to scan.

84 | 7 4 6

Kaspersky CRYSTAL 2.0

2. The Custom Scan window contains the pre-defined list of objects to scan.

3. Check the required boxes next to the objects or select an object by pressing the Add link:

85 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Select object to scan window select the required object and click on the Add button. Perform the same actions to add all required objects to scan. Once all objects are added click on the OK button.

5. You can also check the Include subfolders box to scan all subfolders from the selected object. 6. The selected objects appears in the Custom Scan window:

86 | 7 4 6

Kaspersky CRYSTAL 2.0

7. In order to edit or delete objects in the list of objects to scan, click on the Edit or Delete links.

8. In the bottom of the Custom Scan window click on the OK button to start scan of the selected objects. 9. Once the scan task is complete the Scan Tasks window appears on the screen. In the Scan Tasks window click on the Close button.

87 | 7 4 6

Kaspersky CRYSTAL 2.0

Vulnerability Scan Vulnerability scan is a special tool which helps to search and eliminate security vulnerabilities of applications, installed on your computer, and in operating system settings. All the problems detected at the system analysis stage will be grouped based on the degree of danger it poses. Kaspersky Lab specialists offer a set of actions for each group of problems which help to eliminate vulnerabilities and weak points in the system's settings. There are three groups of problems distinguished, and, respectively, three groups of actions associated with them: Strongly recommended actions will help eliminate problems posing a serious security threat. You are advised to perform all actions of this group. Recommended actions help eliminate problems posing a potential threat. You are advised to perform all actions of this group too. Additional actions help repair system damages which do not pose a current threat but may threat the computer's security in the future. As a result of search of possible vulnerabilities in the operating system and in the applications installed on the computer direct links to critical fixes (application updates) are displayed. After the vulnerability scan task start, its progress is displayed in the Vulnerability Scan section, on the Scan tab in the Computer Protection window. Vulnerabilities detected when scanning the system and applications, are displayed in the same window, on the System vulnerabilities and Vulnerable applications tabs. When searching for threats, information on the results is logged in a Computer Protection report. By default, the applications already installed on the computer are selected as scan objects. In order to launch a Vulnerability Scan task, In the left part of the Computer Protection

window select Scan and in the right part of the window click on the button Vulnerability Scan.

next to

88 | 7 4 6

Kaspersky CRYSTAL 2.0

Before the first launch of a scan task, a short description of the task is given in the Vulnerability Scan section. After the first launch of the task, the window will contain task execution time, number of scanned objects and scan results.

You can stop the task by clicking on the button . In order to resume the task, click on the button. Once the Vulnerability Scan task is complete, click on the link displaying number of detected threats.

89 | 7 4 6

Kaspersky CRYSTAL 2.0

The scan results will be displayed in the Vulnerability Scan window in two tabs: System vulnerabilities; Vulnerable applications.

90 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to fix vulnerabilities, perform the following actions: 1. Select the System vulnerabilities tab. 2. Select the required item in the list and click on the Fix it button.

91 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In order to display fixed vulnerabilities, check the Show fixed vulnerabilities box in the bottom of the window. If you select an item on the Vulnerable applications tab: you can read the vulnerability description on the web site http://www.securelist.com, by clicking on the Details button; you can create an exclusion rule for the selected vulnerability by clicking the Add to exclusions button.

92 | 7 4 6

Kaspersky CRYSTAL 2.0

The full report contains the information about the time when the task was started, paused or finished and the list of detected vulnerabilities with the links to their description. To go to the report, click the time reference link in the bottom part of the Vulnerability Scan window.

93 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to create an exclusion rule for the vulnerability of the application, perform the following actions: 1. In the Vulnerability Scan window go to the Vulnerable applications tab.

94 | 7 4 6

Kaspersky CRYSTAL 2.0

2. Select the required application from the list of vulnerable applications. 3. Click on the Add to exclusions button.

95 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Exclusion rule window select the required Properties by checking the boxes: Object; Threat type.

96 | 7 4 6

Kaspersky CRYSTAL 2.0

5. If the Threat type box is checked, the Rule description field displays also the Threat type section (threat type name mask according to Virus Encyclopedia). 6. In the Exclusion rule window in the Protection components section of the Rule description field click on the any link and then on the select components.

7. To exclude the object from being scanned by some protection components, check the boxes next to the required components.

97 | 7 4 6

Kaspersky CRYSTAL 2.0

8. Click on the OK button. 9. In the Exclusion rule window click on the OK button. 10. In the Vulnerable Scan window click on the Close button.

Update
Updating databases and program modules of Kaspersky PURE 2.0 ensures the up-to-date protection status for your computer. New viruses, Trojans, and other types of malware appear worldwide on a daily basis. Kaspersky PURE 2.0 databases contain information about threats and ways of eliminating them, so regular application update is required for ensuring your computer's security and for timely detection of new threats. Regular update requires an active license for application usage and an Internet connection. Without a license, you will only be able to update the application once. Application update downloads and installs the following updates on your computer: Kaspersky PURE 2.0 databases. The protection of information is based on databases which contain signatures of threats and network attacks, and the methods used to fight them. Protection components use these databases to search for and disinfect dangerous objects on your computer. The databases are supplemented every hour with records of new threats. That is why it is recommended to update on a daily basis. In addition to the anti-virus databases, the network drivers that enable the application's components to intercept network traffic are also updated. Application modules. In addition to the databases of Kaspersky PURE 2.0, you can also update the program modules (i.e. some parts of the application). The update packages fix Kaspersky PURE 2.0 vulnerabilities, and supplement or improve the existing functionality. The main update source of Kaspersky PURE 2.0 are special Kaspersky Lab update servers. While updating Kaspersky PURE 2.0, you can copy database and program module updates received from Kaspersky Lab servers into a local folder, providing access to other networked computers. This saves Internet traffic. You can also run update automatically, by schedule or manually. Your computer should be connected to the Internet for successful downloading of updates from our servers. By default, the Internet connection settings are determined automatically. If you use a proxy server, you may need to adjust the connection settings.

98 | 7 4 6

Kaspersky CRYSTAL 2.0

During an update, the application modules and databases on your computer are compared with those at the update source. If the databases and modules on your computer differ from those on the update server, the application downloads only the incremental part of the updates. If the databases outdated, the update package can be large and it can cause the additional Internet traffic (up to several tens of MB). Prior to updating the databases, Kaspersky PURE 2.0 creates backup copies of them if you want to roll back to the previous version of databases. Information on the update results and events, which have occurred during the execution of the update task, is logged in a Kaspersky PURE 2.0 report. Update of anti-virus databases and application modules can be launched from the context menu or via Protection Center. To launch update from the context menu, right-click the application icon in the Windows notification area and in the context menu select the Update item.

To launch update via Protection Center, perform the following actions: 1. Open the main program window. 2. In the main window select the Computer Protection module. In the Computer Protection window select Update in the left menu.

99 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the right part of the window click the Run update button. As a result update of antivirus databases and application modules starts. The Update window displays the information about the current state of Kaspersky PURE 2.0 databases, date of the last update and the run mode. The Virus activity review link in the bottom right corner takes you to the site www.securelist.com. The Run update button allows you to update the databases, go to the update settings or roll back to the previous databases.

In the Settings you can configure an update schedule, run update under another account, if necessary or select an update source. To know more about Update settings, go to the Settings. Update chapter. The Roll back to the previous databases function allows you return to the previous databases. Update roll back feature is useful in case the new databases are damaged. The function becomes available after the first update of databases and program modules in Kaspersky PURE 2.0. 100 | 7 4 6

Kaspersky CRYSTAL 2.0

At the start of the update process, Kaspersky PURE 2.0 creates a backup copy of the current databases and application modules. If necessary, you can restore the previous databases. Update roll back feature is useful in case the new databases version contains an invalid signature that makes Kaspersky PURE 2.0 block a safe application. In the event of Kaspersky PURE 2.0 database damage it is recommended to launch update to download a valid set of databases for up-to-date protection.

Quarantine
Quarantine is a special area storing files probably infected with viruses and files that cannot be disinfected at the time when they are detected. Potentially infected objects are objects that are suspected of being infected with viruses or their modifications. Files are quarantined in the following cases: File code resembles a known but partially modified threat or has a malware-like structure, but is not registered in the database. In this case files are moved to Quarantine after heuristic analysis performed by the File Anti-Virus, Mail Anti-Virus or during an anti-virus scan. Heuristic analysis rarely causes false alarms. The sequence of operations performed by an object looks suspicious. In this case files are moved to Quarantine after analysis of their behavior by the Proactive Defense component. When you place a file in Quarantine, it is moved, not copied: the file is deleted from the disk or email and saved in the Quarantine folder. Files in Quarantine are saved in a special format and are not dangerous. Backup storage is designed for storing backup copies of files that have been deleted or modified during the disinfection process.

101 | 7 4 6

Kaspersky CRYSTAL 2.0

Backup storage may come in hand if, for example, Kaspersky PURE 2.0 disinfected an infected file, but the file was modified due to a virus and cannot be used. However, if the file is necessary or if Kaspersky PURE 2.0 failed to disinfect an object and deleted it and you still want to restore such an object, in spite of the threat the file may cause to the computer, you can find such file in the Backup storage. Working with quarantined objects The Quarantine in Kaspersky PURE 2.0 lets you perform the following operations: quarantine files that you suspect are infected; scan files in Quarantine using the current version of Kaspersky PURE 2.0 databases; restore files in original folders, from which they have been moved to Quarantine (by default); delete selected files from Quarantine; send files from Quarantine to Kaspersky Lab for research. You can use the following methods to move a file to Quarantine: using the Computer Protection module; using the context menu of an object. 102 | 7 4 6

Kaspersky CRYSTAL 2.0

To move a file to Quarantine from the main program window, perform the following actions: 1. Select the Computer Protection module in the main program window. 2. In the bottom left corner of the window click the Quarantine link.

3. On the Quarantine tab click the Move to Quarantine button.

103 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the opened window select the object you want to move to Quarantine. To move a file to Quarantine using the context menu, perform the following actions: 1. Open Microsoft Windows Explorer and go to the folder that contains the file that you want to move to Quarantine. If the file is saved on the Desktop, go to step 2. 2. Right-click to open the context menu of the file and select Move to Quarantine.

To scan a quarantined file, perform the following actions:

104 | 7 4 6

Kaspersky CRYSTAL 2.0

1. 2. 3. 4.

Select Computer Protection in the main program window. In the Computer Protection window click the Quarantine link. On the Quarantine tab, select a file that you need to scan. Right-click the object and from the context menu select the Scan button. Or use the corresponding button at the top part of the list of objects.

To restore a quarantined object, in the context menu of an object select Restore or use the corresponding button at the top part of the list of objects.

105 | 7 4 6

Kaspersky CRYSTAL 2.0

To delete a quarantined object, right-click an object and in the context menu select Delete or use the corresponding button at the top part of the list of objects.

106 | 7 4 6

Kaspersky CRYSTAL 2.0

The Open original folder function allows going to the folder where the object was originally located.

107 | 7 4 6

Kaspersky CRYSTAL 2.0

To send a quarantined object to Kaspersky Lab for analysis, on the Quarantine tab select an object you want to to send for analysis, right-click the object and in the context menu select Send for analysis.

108 | 7 4 6

Kaspersky CRYSTAL 2.0

Working with objects in Backup The Storage tab contains the list of infected objects, whose copies were moved to the Backup storage before disinfection/deletion, their status, the full path to the object and the time when the copies were moved to backup. You can perform the following actions over objects on the Storage tab: Restore restore a copy of the original file to its initial location on the hard drive. Delete delete copies of an infected object from Backup. Clear storage delete all files from Backup.

109 | 7 4 6

Kaspersky CRYSTAL 2.0

Kaspersky Lab specialists do not recommend that you restore files from Backup as they can pose threat to the security of your computer.

Network Monitor
Network Monitor is a tool in Kaspersky PURE 2.0 used to display information about network activities filtered by the Firewall component in real time as a report. The Network Monitor window can be opened from the application context menu and from the main program window. To open the Network Monitor window from the main application window, perform the following actions: 1. Right-click the Kaspersky PURE 2.0 icon in the Windows taskbar notification area. 2. In the menu select Tools > Network Monitor.

110 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to open the Network Monitor tool from the main program window, perform the following actions: 1. Select Computer Protection in the main program window. 2. In the bottom left corner of the window click the Network Monitor link.

The Network Monitor window provides the information grouped on the following tabs: Network Activity; Open ports; Network traffic;

111 | 7 4 6

Kaspersky CRYSTAL 2.0

Blocked computers. Lets study each tab in detail.

Network Activity This tab contains all active network connections currently established on your computer. The following information for each connection is displayed: name of the process (program, service, server) that initiated the connection; the connection protocol; connection settings (local and remote ports and IP addresses).; connection duration; transferred / received data volume.

Clicking the + icon in the header of the Protocol, Remote address and Bytes received/sent data column splits these columns into several smaller ones with more detailed information about the network activity of the selected process. For each connection it lists the following information: the name of an application that initiated this connection, the connection protocol, the direction of the connection (inbound or outbound),

112 | 7 4 6

Kaspersky CRYSTAL 2.0

the connection settings (local and remote ports and IP addresses). Here you can also check the lifetime of this connection and the volume of data sent/received. The bottom part of the window displays a network traffic chart that shows volumes of inbound and outbound traffic for a process selected from the list. The chart reflects traffic volume in real time. Traffic volume is displayed in kilobytes. You can use the + and - buttons to change the scale of the chart. The Rules settings button on the Network activity tab takes you to the Firewall window where you can configure network rules. According to the rule, set by Kaspersky PURE 2.0 or by the user, Firewall allows or blocks network activity to the data packet or application. Correspondingly, only activity allowed by the established network rules is displayed in the Network Monitor window on the Network activity tab. If you have configured a blocking network rule, activity which was blocked by this rule is not displayed in the Network Monitor window on the Network activity tab. To configure a packet rule, click the Rules settings button and in the drop-down menu select the All network rules item.

To configure a rule for an application, click the Rules settings button and in the drop-down menu select the Application network rules item.

113 | 7 4 6

Kaspersky CRYSTAL 2.0

Pay attention, that the Application network rules item becomes active only after a process has been selected in a list. You can find more detailed information about how to configure rules from the Firewall window in the Settings chapter. If you click the Block network traffic button, Firewall blocks network activity of any processes. If network activity is blocked, this button is designated as Unblock network traffic. If you click the Unblock network traffic button, Firewall allows network activity of any processes.

114 | 7 4 6

Kaspersky CRYSTAL 2.0

Clicking the Filter button opens a menu that contains the following items: Show connections established by Kaspersky PURE 2.0 the list displays information about connections established by Kaspersky PURE 2.0. Show local connections the list displays information about connections to other computers on the same local network.

115 | 7 4 6

Kaspersky CRYSTAL 2.0

Open ports The tab contains information about all open ports for each process.

116 | 7 4 6

Kaspersky CRYSTAL 2.0

The following information is displayed for each port: name of the process (application, service, server) which uses the port; number of the port; local IP address of the process; data transfer protocol. To configure packet rules and rules for applications click the Rules settings button. The opened menu contains the following items: All network rules opens the Firewall window, where you can configure packet rules for an application selected from the list. Application network rules opens the Application rules window, where you can configure a network rule for an application selected from the list. Pay attention, that the Application network rules item becomes active only after a process has been selected in a list.

117 | 7 4 6

Kaspersky CRYSTAL 2.0

You can find more detailed information about rules for applications and how to edit these rules in the Firewall subchapter from the Settings chapter.

Network traffic The tab contains information about all inbound and outbound connections established between your computer and other computers.

118 | 7 4 6

Kaspersky CRYSTAL 2.0

Incoming and outgoing traffic volume is displayed for each program (computer, service, server, process). Traffic volume is displayed in bytes, kilobytes and megabytes. The bottom part of the window displays a chart that shows time distribution of traffic of the selected application for the specified time interval. You can view information for a day, week, month, year or the entire period of the application operation. To set the required time interval, use the drop-down Period list. Clicking the arrow buttons in the top left part of the window allows you to view the data distribution for the previous and following time intervals. For example, if the Week interval was selected from the Period drop-down list, then using the arrows you can view the information for the last week, before the last week and etc.

119 | 7 4 6

Kaspersky CRYSTAL 2.0

The search bar is designed for quickly searching for records in the list. As the symbols are entered, the list displays only entries that contain that particular combination of character.

120 | 7 4 6

Kaspersky CRYSTAL 2.0

Pay attention, after installation of a Kaspersky Lab product onto a computer, you may notice sharp increase of incoming and outgoing traffic on this computer. The matter is Kaspersky Lab products function in the proxy-server mode and therefore scan all Internet traffic before the downloaded information gets onto your hard drive. Kaspersky Lab products include their own internal requests into the general statistics of the incoming and outgoing internet traffic. Third-party applications for statistics calculation also consider their internal traffic. This statistics differs from the traffic statistics calculated by your Internet provider and no payment is taken for the internal traffic on your computer, i.e. in reality your traffic is not spent. This can be easily proven by a request on statistics from your provider.

Blocked computers The tab contains information about the hosts for which Network Attack Blocker has forbidden all network activity aimed at your computer.

121 | 7 4 6

Kaspersky CRYSTAL 2.0

The Address column displays the IP address of a blocked host. The Time column displays the time elapsed since blocking of the host. By default, Network Attack Blocker blocks the incoming traffic of an attacking computer for one hour. Clicking the Unblock button cancels blocking of the selected computer.

Applications activity
Applications Activity tracks work of the Application Control component and displays the information about all applications installed on the computer, and about all processes running at the moment. To view applications activity, perform the following actions: 1. Select Computer Protection in the main program window. 2. In the bottom right corner of the window click the Applications Activity link. 3. In the top part of the Applications Activity window from the drop-down menu select the category of applications (All or Running).

122 | 7 4 6

Kaspersky CRYSTAL 2.0

4. If you select to display running applications, the Filter button becomes available in the Applications Activity window. Using the button you can sort out the applications according to the following criteria: Run on startup processes, run on the startup of the operating system. System processes processes, required for the operation of the operating system. Kaspersky PURE 2.0 processes processes, launched by Kaspersky PURE 2.0.

5. If you select to display all installed applications, applications filtering by status and by kind becomes available in the Applications Activity window: 123 | 7 4 6

Kaspersky CRYSTAL 2.0

A click upon green, yellow or red light sorts out applications according to the groups they belong to: Trusted, Low/High Restricted, Untrusted. A click upon the View button groups the applications by time or by vendor.

Changing trusted group for an individual application In the Application Activity window in the Status/Group column you can see the group to which an application belongs. However, Kaspersky Lab specialists recommend that you avoid moving applications from default groups. To move an application to another group, perform the following actions: 1. In the Applications Activity window select the required applications category (Running or All). 2. If necessary, set the filter: click either the Filter or View button and select the required display category. 3. Left-click the status of the required application and in the context menu select the group to which an application should be moved: Trusted; Low Restricted; High Restricted; Untrusted. 4. Wait till the status icon changes.

124 | 7 4 6

Kaspersky CRYSTAL 2.0

To restore an application to the default group, perform the following actions: 1. In the Applications Activity window select the required applications category (Running or All). 2. Left-click the status of the required application and in the context menu, select the Restore default group item. 3. In the Applications Activity window click the Close button.

125 | 7 4 6

Kaspersky CRYSTAL 2.0

Editing rules for an individual application The Application Control component registers actions performed by every application in the system, regulates the applications activity depending on the trust group of an application. Each group has a specific set of rules. According to these rules the Application Control component allows, prompts the user, or denies an action for an application. When an application accesses a resource, the component verifies its rights and performs an action set by the rule. In the Applications Activity window you can edit applications rules. For this perform the following actions: 1. Open the main application window and select Computer Protection. 2. In the bottom left corner of the window click the Applications Activity link. 3. In the Applications Activity window right-click the required application and in the context menu select Application rules.

You can find more detailed information about applications rules and how to edit them from the Applications Control chapter.

Reports

126 | 7 4 6

Kaspersky CRYSTAL 2.0

Events which occur in the work of protection components or task execution are logged in the reports. Kaspersky PURE 2.0 creates reports about work of every component as well as monitors the update processes.

In order to view a brief report, perform the following actions: 1. In the main program window select Computer Protection. 2. In the top right corner of the window click the Reports link.

127 | 7 4 6

Kaspersky CRYSTAL 2.0

The button opens the Notifications window where you can configure frequency and run time for notifications.

To view a detailed report, click the Detailed report button.

128 | 7 4 6

Kaspersky CRYSTAL 2.0

In the right part of the window select the necessary component. You can set the required time period in the Period drop-down list and select more proper view to present the information in the View drop-down list. The window provides a search string. If you need to save a report to a file, use the Save link in the bottom left corner of the window.

129 | 7 4 6

Kaspersky CRYSTAL 2.0

130 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 6. Backup and Restore


The Backup component in Kaspersky PURE 2.0 allows to quickly restore your data in case of a loss or erasing. Data stored on a computer can be lost or damaged due to various issues, such as impact of a virus, information modification or deletion by another user, etc. To avoid losing important information, you should regularly back up data. Duration of the backup process directly depends on the volume of the information you wish to save. That is why Kaspersky Lab experts recommend creating backup copies of the files and folders which contain important information (documents, photos, music and etc.). Backup copying creates backup copies of objects in a special storage on the selected device. Backup storage is a specially assigned area of disk space or a data storage media. When creating a storage area, the user performs the following actions: 1. selects the data medium; 2. specifies the name of the new storage area 3. specifies the settings for storing backup copies 4. may also password-protect stored data against unauthorized access.

Creating a backup task


During a task execution, backup copies of the selected files are created and saved into a specified storage. If necessary these copies can be restored. A task is created with the help of the wizard. The wizard consists of the following steps: 1. Selecting data category for backing up. 2. Creating and connecting the storage. 3. Setting automatic schedule for a backup task. 4. Summary.

Selecting data category for backing up In order to select a category of data for backing up, perform the following actions: 1. In the main program window select the Backup and Restore button.

131 | 7 4 6

Kaspersky CRYSTAL 2.0

2. In the Backup and Restore window click the Create a backup task button.

132 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Create backup task window select a data category you want to back up. You can select one of the following categories: My Documents and Desktop (all files from My Documents folder and from desktop); Movies and Video (all video files); Pictures and Photos (all image files); Music (all music files); Custom files. 4. Click the Next button.

133 | 7 4 6

Kaspersky CRYSTAL 2.0

If you select the Custom files variant, you can specify manually what files to back up. Click the Next button to continue.

134 | 7 4 6

Kaspersky CRYSTAL 2.0

a) In the opened window specify the files you want to back up. For this, in the right part of the window check the boxes for the categories you need or check the All files box to select all files saved on your computer. The default categories include: Audio; Documents; Images; Video; Financial documents. Each category has a list of file extensions by which the program refers a file to a specific category.

135 | 7 4 6

Kaspersky CRYSTAL 2.0

b) You can add new categories or new file extensions which refer to these categories. For this, click the Category editor link.

136 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to add a new category, in the Category Editor window click the Add category button.

137 | 7 4 6

Kaspersky CRYSTAL 2.0

In the New category window enter the name of the category and click the OK button.

To add a new extension, in the right part of the Category Editor window select a category. Click the Add extension link at the top of the window.

138 | 7 4 6

Kaspersky CRYSTAL 2.0

In the New extension window enter an extension you want to add (for example, .flv). Click the OK button.

An extension is added. Description of the extension is given in the right part next to the added extension. Using the Edit and Delete buttons you can make changes to the extension.

139 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to select or delete extensions from a category, check/uncheck the boxes next to the necessary extensions. Check/uncheck the Extension box at the top part of the window, to select/clear all extensions.

140 | 7 4 6

Kaspersky CRYSTAL 2.0

You can reject changes made in the extensions for a default category. For this, click the Default button at the top of the window.

141 | 7 4 6

Kaspersky CRYSTAL 2.0

In the Restore settings window click OK.

In the Category Editor window click the OK button. c) You can add folders where files for backing up are located. In order to add a folder, in the left part of the Create backup task window click the Add folder button.

142 | 7 4 6

Kaspersky CRYSTAL 2.0

In the Select folder window specify the path to the folder you want to add. Click the OK button.

In order to delete a folder from the list, click the icon name.

on the right of the folder

143 | 7 4 6

Kaspersky CRYSTAL 2.0

d) In order to view selected files, in the right part of the Create backup task window, click the link with the number of files next to the category.

144 | 7 4 6

Kaspersky CRYSTAL 2.0

In the View selected files window on the File categories tab you can select the data for backing up by categories.

145 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to select data for backing up by categories, select the File categories tab. In the left part of the window select the necessary category. In the right part of the window check the necessary files. Check the File name box at the top of the window, to select all files.

146 | 7 4 6

Kaspersky CRYSTAL 2.0

Select the Location of files tab to select data for backing up by location.

147 | 7 4 6

Kaspersky CRYSTAL 2.0

In the left part of the window select the necessary folder. In the right part of the window check the necessary files. Check the Name box at the top of the window, to select all files.

148 | 7 4 6

Kaspersky CRYSTAL 2.0

Click the OK button. e) By default system and hidden files are not backed up. If you want to back up these categories of files, then in the bottom right corner of the Create backup task window click the Additional link.

149 | 7 4 6

Kaspersky CRYSTAL 2.0

Select the necessary category.

150 | 7 4 6

Kaspersky CRYSTAL 2.0

Creating a storage 1. In order to create a storage, on the Storage tab click the Create or Create now button (the Create now button is available only during the first launch of backup).

151 | 7 4 6

Kaspersky CRYSTAL 2.0

2. In the Backup Storage Creation window in the left part of the Drive tab select the type of the information medium which will be used as storage.

152 | 7 4 6

Kaspersky CRYSTAL 2.0

You can select from the following drives: Removable drive any portable device (memory card, CD, etc.) connected to the computer. In order to create a storage on a removable drive, in the left part of the Drive tab select Removable drive and connect a removable drive to the computer. If you are creating a storage on a removable drive, you can record a special utility tool on it to allow extract data from the storage on any computer - even if Kaspersky PURE 2.0 is not installed on it. To do so, check the Copy Kaspersky Restore Utility to storage box.

153 | 7 4 6

Kaspersky CRYSTAL 2.0

Local drive a folder or a logical drive on the computer's hard drive. In order to create a storage on a local drive, in the left part of the Drive tab select Local drive.

154 | 7 4 6

Kaspersky CRYSTAL 2.0

Click the Browse button, to select a folder to store backup copies.

155 | 7 4 6

Kaspersky CRYSTAL 2.0

In the Select folder window select the required folder and click the OK button.

Network drive network folder. In order to create a storage on a network drive, in the left part of the Drive tab select Network drive.

156 | 7 4 6

Kaspersky CRYSTAL 2.0

Click the Browse button to specify the path to the network folder. If access to the selected folder is restricted, then you can enter account data for authorization. For this, enter your data in the User name and Password fields. Value of the User name field should be identical to an entry line <computer name>|<user name>. Example how to enter the settings of a network drive: Drive: \\Z User name: kl-12345\smith Password: ***

FTP-server server that ensures file exchange via the FTP protocol. In order to create a storage on a FTP server, in the left part of the Drive tab select FTP server.

157 | 7 4 6

Kaspersky CRYSTAL 2.0

When using an FTP server, you should also specify the following connection settings: o Server address of the server; o Port number of the port; o Folder folder on the server into which backup copies will be saved; o User name and Password account data to pass authentication on the server; o Mode server operation mode (active or passive). To ensure data security, we recommend that you create backup storages on removable disk drives If you have not been granted sufficient privileges to record data on the selected medium, you will not be able to create a storage on it.

158 | 7 4 6

Kaspersky CRYSTAL 2.0

3. After you have selected a drive, click the Next button.

159 | 7 4 6

Kaspersky CRYSTAL 2.0

4. On the Protection tab check the Enable password protection (recommended) box to protect your storage against unauthorized access. Enter your password twice. Click the Next button.

160 | 7 4 6

Kaspersky CRYSTAL 2.0

5. On the File versions tab check the box Restrict the number of file versions and restrict the number of file versions which would be simultaneously stored in the storage.

161 | 7 4 6

Kaspersky CRYSTAL 2.0

To limit the storage period of backup copies, check the box Restrict storage period of file versions and set the time period to keep old versions of files.

162 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Click the Next button. On the Summary tab enter the name of a new storage and confirm creation of a new storage with the specified settings.

163 | 7 4 6

Kaspersky CRYSTAL 2.0

7. Click the Finish button. 8. A backup storage will be successfully created. To go to the next step, click Next.

164 | 7 4 6

Kaspersky CRYSTAL 2.0

Setting schedule for automatic launch of a backup task In order to set an automatic schedule of a backup task, do the following: 1. If you want the task to be performed when a removable drive with a backup storage is connected, check the box Run task on drive connection.

165 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want the task to be started automatically at a specified time, check the box Run task by schedule.

166 | 7 4 6

Kaspersky CRYSTAL 2.0

From the drop-down menu select the task frequency (minutes, hours, days, at the specified time, every month or after application startup).

167 | 7 4 6

Kaspersky CRYSTAL 2.0

Set the task frequency and start time in the corresponding fields.

168 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want the tasks skipped due to some reasons (for example, computer restart or OS failure) to be performed, then check the box Run skipped tasks. 2. Click the Next button. Summary 1. On the Summary tab enter the name of a new task. 2. Check the box Run task when the wizard is complete, if you want to launch the task immediately after its creation. 3. Confirm the task creation with the specified settings by clicking the Finish button.

169 | 7 4 6

Kaspersky CRYSTAL 2.0

Starting, editing and deleting backup tasks


Starting a backup task Backup tasks can be started either automatically (by schedule) or manually. An automatic schedule is created during the task creation and can be changed later. In order to run a backup task manually, do the following: 1. In the main program window select Backup and Restore. 2. In the right part of the Backup and Restore window select the necessary task from the list and click the Run button.

170 | 7 4 6

Kaspersky CRYSTAL 2.0

3. Wait till the task is finished. In the line of the selected task, the time from the beginning of the task execution is displayed. As a result of the task execution, an archive of backup copies for the current date is created in the storage.

171 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to postpone the task, click the Stop button.

172 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to pause the backup task, click the arrow on the Stop button and in the drop-down list select Pause.

173 | 7 4 6

Kaspersky CRYSTAL 2.0

You can later resume the task by clicking the Resume button.

174 | 7 4 6

Kaspersky CRYSTAL 2.0

Editing and deleting a backup task All options of a created backup task can be changed. For this, do the following: 1. In the main program window select Backup and Restore. 2. In the Backup and Restore window click the arrow right of the Run button. In the dropdown menu select Edit.

175 | 7 4 6

Kaspersky CRYSTAL 2.0

Change the necessary parameters of the backup task on the corresponding tab Task type, Content, Storage, Schedule and Summary. See the chapter Creating a backup task, to know how to configure parameters of a backup task.

176 | 7 4 6

Kaspersky CRYSTAL 2.0

3. Confirm your changes by clicking the Finish button on the Summary tab. 4. In order to delete a backup task, in the Backup and Restore window click the arrow on the right of the Run button and in the drop-down menu select Delete.

177 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the Delete task window confirm the task deletion by clicking the OK button. If you want the backup copes created by the task to be deleted too, check the box Delete backup files created by this task.

Restoring data from backup


The data may be restored from the backup copies of files, if necessary. When restoring data from backup copies a restoring procedure is launched and the Kaspersky Restore Utility is used (if you are restoring data on the computer with no Kaspersky PURE 2.0 installed). Files from the backup copies can be restored either to their initial location or to a random folder. 178 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to restore data from backup, do the following: 1. In the main program window click the Backup and Restore button. 2. In the Backup and Restore window go to the Restore tab. 3. In the right part of the window select a storage where the required backup copies are stored and click the Restore data button.

4. At the top part of the Restoring data from storage window select the name of a backup task, date of the backup copies creation and the category of data. Use search to find the necessary file.

179 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the left part of the window select the folders to be restored and in the right part of the window specify what files from which folders should be restored. For this, check the required files and folders.

180 | 7 4 6

Kaspersky CRYSTAL 2.0

6. A click upon the Open button opens the latest version of a select file.

181 | 7 4 6

Kaspersky CRYSTAL 2.0

7. In order to restore a specific version of a file, in the right part of the window select a file and click the Versions button.

182 | 7 4 6

Kaspersky CRYSTAL 2.0

8. In the File versions window select the required version of a file and click the Restore file version button.

183 | 7 4 6

Kaspersky CRYSTAL 2.0

9. At the lower part of the Restoring data from storage window click the Restore data button (this step is skipped when a file version is restored).

184 | 7 4 6

Kaspersky CRYSTAL 2.0

10. In the Restore window select a location to save the restored files. By default the restored files are saved into a source folder.

185 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want to save the restored files into a specified folder, select Specified folder and click the Browse button. In the Select folder window select the specified folder. Click OK.

11. In the Restore window click the Restore button. 12. Wait till the data has been restored. In the In the Restore window click the Close button.

Managing backup storages


Connecting a storage If a backup storage created with the Backup and Restore module was moved/copied from one computer to another, such storage should first be connected via Kaspersky PURE 2.0 in order to become available. You may need to connect a storage after system reinstallation. List of storages contains only storages which are connected. You will not be able to find a storage in the list, if that storage is not connected.

186 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to connect an existing storage, do the following: 1. In the main program window select Backup and Restore. 2. In the Backup and Restore window go to the Restore tab. 3. Click the button Connect backup storage.

4. In the Connect storage window select a drive type and define the required connection settings: For a local drive specify the path; For a network drive specify the path, user name and password; For FTP server specify the server, port, folder, user name, password and mode; For a removable drive you do not have to specify additional settings; connect the drive to the computer. 5. Click the OK button.

187 | 7 4 6

Kaspersky CRYSTAL 2.0

6. If the settings were specified correctly, the storage will be added to the list.

Editing storage settings You can restrict the number of file versions and the storage period of file versions. For this, do the following: 1. In the main program window select Backup and Restore. 2. In the Backup and Restore window go to the Restore tab. 3. Select the required storage. 4. Click the arrow on the right of the Restore data button. In the drop-down menu select Edit.

188 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In order to restrict the number of file versions that should be simultaneously stored in the storage, on the File versions tab check the box Restrict the number of file versions and specify the number of stored versions. Click the Next button.

189 | 7 4 6

Kaspersky CRYSTAL 2.0

6. On the Summary tab confirm the changes by clicking the Finish button.

190 | 7 4 6

Kaspersky CRYSTAL 2.0

Clearing a storage Backup copies of the selected files are created in a special storage during the backup process. If storage volume is not sufficient for your current operations, you can delete obsolete versions and backup copies of files which have been already deleted from the computer. In order to clear the storage, please perform the following: 1. In the main program window select Backup and Restore. 2. In the Backup and Restore window go to the Restore tab. 3. Select the necessary storage. 4. Click the arrow on the right of the Restore data button. In the drop-down menu select Clear.

191 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the Clear storage window select the file versions you want to delete from the storage: If you wish to delete not all data from the storage but only file versions created before a certain date, then check the File versions created earlier than box. Use scrolling arrows or enter manually from the keyboard to set the date which should be the starting point for saving object copies. Backup copies created before the date you have specified, will be deleted. If you want to save only some file versions and to delete other versions, check the box Previous file versions. Specify the number of versions to keep, including the most current one. Use the scrolling arrows to set the value from 1 to 99 or enter the value manually using the keyboard. All backup copies above this number will be deleted. If you wish to delete the backup copies of all files that have been deleted from the computer, check the Backup copies of files deleted from the computer box.

192 | 7 4 6

Kaspersky CRYSTAL 2.0

6. To start the clearing process, click the OK button. 7. Wait until the clearing process is over and the Operation completed successfully message appears. Click the OK button.

Deleting a storage To remove a storage for backup data, you should use Storage Removal Wizard. In order to remove a storage for backup data, please do the following: 1. In the main program window select Backup and Restore. 2. In the Backup and Restore window go to the Restore tab. 3. Select the necessary storage. 4. Click the arrow on the right of the Restore data button. In the drop-down menu select Delete.

193 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the Storage Removal window on the Content tab select an action to perform on the backup copies that are located within the storage to be removed: Save; Delete. If you select the Delete variant, all data stored on the storage will be permanently deleted!

194 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Click the Next button. 7. On the Tasks tab select an action to be performed over the tasks that use the storage for backup: Do not delete (in this case tasks will be saved not related to any storage; you will have to select another storage for each task). Delete (all tasks will be deleted).

195 | 7 4 6

Kaspersky CRYSTAL 2.0

8. Click the Next button. 9. On the Summary tab confirm deletion of the storage with the specified settings by clicking the Finish button.

196 | 7 4 6

Kaspersky CRYSTAL 2.0

A storage was removed.

Viewing backup reports


Each event related to data backup and restore is displayed in the report. To get and save a report about executed backup and restore tasks, please do the following: 1. In the main program window select Backup and Restore. 2. In the Backup and Restore window click the Reports link.

197 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Report window on the Backup tab you can select the period within which you need to get a report: day, week, month, year, entire period. Use the arrows to view a report for a required time interval: for example, create a report from January 1, 2012 till May 1, 2012.

198 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Report window on the Restore tab you can select the period within which you need to get a report: day, week, month, year, entire period.

199 | 7 4 6

Kaspersky CRYSTAL 2.0

5. After you have finished working with the report, click the Close button.

200 | 7 4 6

Kaspersky CRYSTAL 2.0

201 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 7. Parental Control


The Parental Control component in Kaspersky PURE 2.0 enables you to apply restrictions on use of the computer and Internet for each user account on the computer. The Parental Control features can help protect children and teenagers from negative influences while using the computer and Internet, for example by preventing them spending long periods of time on the computer and Internet, and wasting time and money when visiting certain websites, and by limiting access to websites intended for adults. Parental Control can help you control: Use of the computer. Launch of various applications. Use of the Internet (time restriction on Internet use). Visits to websites depending on their content. Downloading of files from the Internet depending on their category. Correspondence with specified contacts through IM clients (such as ICQ, Miranda, and mIRC). Correspondence with specified contacts on social networks (Facebook, Yahoo, Twitter). Sending of personal data. Use of specified words and word combinations in correspondence through IM clients.

Starting work with Parental Control


By default after the program installation the Parental Control component is disabled. You can enable Parental Control for all users or for an individual account. You can enable Parental Control: from the main program window; from the context menu in the taskbar panel. To enable a component from the main program window, perform the following actions: 1. In the main program window select the Parental Control component.

202 | 7 4 6

Kaspersky CRYSTAL 2.0

2. In the Protect with Administrator Password window specify a password to protect the settings against modification by other users. Click Continue. The Protect with Administrator Password window appears only when Parental Control is launched for the first time.

203 | 7 4 6

Kaspersky CRYSTAL 2.0

3. To go to the administrator password settings, click the Administrator password settings link.

204 | 7 4 6

Kaspersky CRYSTAL 2.0

4. At the top part of the Administrator Password Protection Settings window check the Enable password protection box. To change a password, in the corresponding fields enter your old password, then enter a new password and confirm your new password.

205 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the Apply password to section, you can specify which features of the application management should be protected with a password. Check the boxes next a required variant: Configuring the application settings; Managing Parental Control; Exiting the application; Removing the application.

206 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Click OK to finish setting an administrator password. In order to quickly enable Parental Control for a current account, right-click the program icon in the taskbar notification area and in the context menu select Enable Parental Control.

207 | 7 4 6

Kaspersky CRYSTAL 2.0

Control levels
Kaspersky Lab specialists have developed three preset control levels (or profiles): Data collection; Child profile; Teenager profile. You can use either a preset profile or customize a control level by selecting Custom restrictions. Each profile has a set of restrictions and settings: Data collection. For this profile the program logs the statistics of the user activity on the computer and on the Internet but does not apply Parental Control restrictions. "Child" profile. The program logs the statistics of the user activity on the computer and on the Internet, and blocks file downloads and visits to websites belonging to unwanted categories. "Teenager profile. The program logs the statistics of the user activity on the compute and on the Internet, and blocks visits to websites belonging to unwanted categories. In order to set a profile for a user account registered on the computer, perform the following actions: 1. In the Parental Control window in the Computer Users section select a user account and click the Select control level button.

208 | 7 4 6

Kaspersky CRYSTAL 2.0

2. Select a profile.

209 | 7 4 6

Kaspersky CRYSTAL 2.0

3. You can set different control levels for different accounts. Once a control level is assigned to an account, the corresponding profile will be displayed on the buttons right of the account name.

210 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In order to edit a profile set for a specific account, click the Settings and reports button next to the required user.

211 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the opened window on the Settings tab you can make the necessary changes in the control level settings.

212 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Once the standard settings of the control level have been changed, the profile automatically switches to the Custom restrictions profile.

213 | 7 4 6

Kaspersky CRYSTAL 2.0

Configuring Parental Control settings


Using Parental Control you can control: Computer usage. You can restrict computer usage and control and limit running of some applications by restricting the time spent at the computer and the launch of blocked applications. Internet usage. You can enable control over the Internet usage, restrict visiting websites depending on their contents and loading files from the Internet depending on their category. Instant messaging. You can control messaging using the instant messengers (for example, ICQ, Miranda) and social network (for example, Facebook, Yahoo, Twitter), block transferring personal data (for example, passwords) and control presence of the specified words and phrases in messages.

214 | 7 4 6

Kaspersky CRYSTAL 2.0

Account settings
You can specify an alias or select another image that would be displayed in the application interface for an account. For this perform the following actions: 1. In the main program window select Parental Control. 2. Enter your administrator password in the window. Check the Save password for current session box, if you do not want to enter your password when you address Parental Control window once again (after closing it).

3. In the Computer Users window next to the required account click the Settings and reports button.

215 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the right part of the Parental Control window on the Settings tab go to the User Account Settings section. 5. Enter an alias and select an image. 6. To save the changes, click the Apply button.

216 | 7 4 6

Kaspersky CRYSTAL 2.0

Control over computer usage


In the sections Computer Usage and Applications Usage you can disable control over computer usage for a user, enable control over applications usage and create lists of allowed and blocked applications for launching.

Computer Usage If you want to limit the time which the user spends working on the computer, restrict use of the computer by time. You can also limit the overall time spent on the computer (for example, 9 hours) and specify the required time interval for every weekday (for example, from 10am to 7pm Mondays Fridays). For this, perform the following actions: 1. In the left part of the Parental Control window select the Computer Usage section. 2. In the right part of the Computer Usage section check the Enable control box. 3. Check the Limit usage on the selected days box. 4. Highlight green the time intervals on certain weekdays when the computer will be available for the user. To prohibit computer use, highlight grey the time interval on certain weekdays.

217 | 7 4 6

Kaspersky CRYSTAL 2.0

5. You can set the overall number of hours and minutes when the computer will be available to the user. For this check the box Limit daily usage time and specify the total operating time. Thus, the user will spend by the computer set number of hours at the specified time interval (highlighted green in the table).

Application Usage If you want to control applications launch by the user, you can enable control over the applications usage and create lists of allowed and blocked applications and create the list of allowed applications. For this, perform the following actions: 1. In the left part of the Parental Control window select the Applications Usage section. 2. In the right part of the Computer Usage section check the Enable control box. 3. To create the list of allowed or blocked applications, in the right part of the window in the Applications section click the Add button.

218 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Control running the application window select the application executable file by clicking the Select button: To select the software installed on the computer, click the Browse item. In the Open window find the software executable file and click the Open button. To select among running software, select the Applications item. In the Select application window select the application and click the OK button.

219 | 7 4 6

Kaspersky CRYSTAL 2.0

5. Allow or block the application launch and set the necessary restrictions: To limit the overall time of the applications usage, check the Limit usage on the selected days box. Highlight green the time intervals on certain weekdays when the application will be available for the user. Highlight grey the time interval on certain weekdays block the application usage. To set the overall number of hours and minutes when the application startup will be available to the user, check the box Limit daily usage time and specify the total operating time.

220 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Click the OK button, to add an application to the list of uncontrolled. You can edit the list of applications using the buttons Add/Block, Edit, Delete.

221 | 7 4 6

Kaspersky CRYSTAL 2.0

Reports If the control is enabled the start time and the usage time of the computer and the applications will be displayed in the report. If you want to view the report, in the Parental Control window go to the Reports tab. To view the report of the computer usage, select Computer Usage. The following information will be available to you in the right part of the window: session start time, usage time, result. To view the report of the applications startup, select Applications Usage. The following information will be available to you in the right part of the window: application, usage time and result (allowed or blocked access). You can create a report for a definite time interval, for this select the period in the corresponding drop-down list.

222 | 7 4 6

Kaspersky CRYSTAL 2.0

Control over Internet usage


In the Internet section you can configure access settings to the Internet and web sites, enable control of files loading from the Internet and the safe search mode when working with search engines.

Internet Usage If you want to limit the time which the user spends on the Internet, you can configure Internet access. You can also limit the overall time spent on the Internet (for example, 3 hours) and specify the required overall time on the Internet for every weekday (for example, from 3pm to 8pm Mondays Fridays and from 5pm to 11pm Saturdays Sundays). For this: 1. In the left part of the Parental Control window select Internet Usage. 2. In the right part of the Internet Usage section check the Enable control box. 3. Check the box Limit usage on the selected days. 4. Highlight green the time intervals on certain weekdays when the Internet will be available for the user. To prohibit Internet access, highlight grey the time interval on certain weekdays. 5. To set the overall number of hours and minutes when the Internet will be available to the user, check the box Limit daily usage time and specify the total operating time. 6. Click the Apply button, to save the changes.

223 | 7 4 6

Kaspersky CRYSTAL 2.0

Web Browsing When working with the search engines (for example, Google, Bing) the search results may display unacceptable materials (for example, web sites containing pornography).You can exclude such web sites from the search results the following way: 1. In the left part of the Parental Control window select Web Browsing. 2. In the right part of the Parental Control window check the Enable safe search box. 3. Click the Apply button.

224 | 7 4 6

Kaspersky CRYSTAL 2.0

Use the Control Web Browsing option, to restrict access for the user to a web-site. You can block or allow the access to all sites except the sites which are added to the list of allowed sites or specify the categories according to which access to a site will be granted. For example you can block web-sites from the Violence or Weapons category. To restrict access, in the right-part of the Web Browsing section make sure the control is enabled. If you want to restrict access to some web-site categories, perform the following actions: 1. In the left part of the Parental Control window select Web Browsing. 2. In the right part of the window select the Block websites from the following categories variant. 3. Check the categories you want to block or use the links Select all/Clear all. 4. Click the Apply button.

225 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want to restrict access to all sites, except sites from the Allowed list, perform the following actions: 1. In the left part of the Parental Control window select Web Browsing. 2. In the right part of the Parental Control window in the Block websites section select the Block access to all websites except websites allowed in the list of exclusions variant. 3. Click the Exclusions button to create the list of allowed websites.

226 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Exclusions window click the Add button. 5. In the Address mask (URL) window enter the address of an allowed website and click the OK button. 6. In the Exclusions window click the OK button.

227 | 7 4 6

Kaspersky CRYSTAL 2.0

You can create the list of blocked web sites the following way: 1. In the left part of the Parental Control window select Web Browsing. 2. In the right part of the Parental Control window in the Block websites section select the Block access to all websites except websites allowed in the list of exclusions variant. 3. Click the Exclusions button to create the list of blocked websites. 4. In the Exclusions window click the Add button. 5. In the Address mask (URL) window enter the address of an allowed website and click the OK button. 6. In the Address mask (URL) window enter the address of a blocked website. 7. Check the Block this URL box and click the OK button. 8. In the Exclusions window click the OK button. 9. In the Parental Control window click the Apply button.

228 | 7 4 6

Kaspersky CRYSTAL 2.0

File Downloads You can control and block downloading files depending on their category from the Internet. For this, perform the following actions: 1. In the left part of the Parental Control window select File Downloads. 2. In the right part of the Parental Control window check the Enable control box. 3. In the File categories section, select the necessary category, for example Video and click the Block button. The status will change to Blocked in the Status column.

229 | 7 4 6

Kaspersky CRYSTAL 2.0

Reports You can view the report about actions of every user for whom Parental Control is enabled, on each category of the controlled events. To view a report, go to the Reports tab in the Parental Control window and select the necessary section: To view the report of the Internet usage, select Internet Usage. The following information will be available to you in the right part of the window: start time, usage time and the result (whether Internet usage is allowed or blocked). To view the report of the access to web sites, select Web Browsing. The following information will be available to you in the right part of the window: URL, time and reason (whether access is allowed or blocked). To view the report on the file downloading, select File Downloads. The following information will be available to you in the right part of the window: file, time and reason (allowed or blocked). You can create a report for a specified time period. For this, select the corresponding period in the drop-down list.

230 | 7 4 6

Kaspersky CRYSTAL 2.0

Instant Messaging
In the Instant Messaging section you can enable control over messaging via instant messengers in social networks, as well as control sending of private data and use of unwanted words in the correspondence.

Control messaging over instant messengers If you want to restrict messaging of the user with other users via instant messengers (ICQ, Miranda), you can enable control and create lists of allowed or blocked contacts. For this in the right part of the Instant Messaging section click the Enable control box. If you want to create the list of allowed contacts, perform the following actions: 1. In the left part of the Parental Control window select Instant Messaging. 2. In the right part of the Parental Control window in the Contacts section click the Add contact button.

231 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the New contact window select the necessary contact from the list of existing contacts or click the manually link and enter an account number or contact email address. 4. In the Description field enter a proper description which will be displayed in the list of allowed contacts. Click the OK button.

232 | 7 4 6

Kaspersky CRYSTAL 2.0

5. Check the box Block messaging to/from contacts who not on the list to allow messaging only with contacts from the created list of contacts. 6. Click the Apply button, to save the changes.

233 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want to create the list of blocked contacts, perform the following actions: 1. In the left part of the Parental Control window select Instant Messaging. 2. In the right part of the Parental Control window in the Contacts section click the Add contact button. 3. In the New contact window select the necessary contact from the list of existing contacts or click the manually link and enter an account number or contact email address. 4. In the Description field enter a proper description which will be displayed in the list of allowed contacts. Click the OK button. 5. To block the contact, click the Block button. 6. Click the Apply button, to save the changes. You can view, allow/block messaging with the contact or delete the contact from the list using the View messaging, Allow/Block and Delete buttons.

234 | 7 4 6

Kaspersky CRYSTAL 2.0

Control over social networking If you want to control messaging with other users in social networks (for example, Yahoo or Facebook), you can enable control and create lists of allowed and blocked contacts. For this in the right part of the Social Networking section check the Enable control box. To create the list of allowed or blocked contacts, perform the following actions: 1. In the left part of the Parental Control window select Social Networking. 2. In the right part of the Parental Control window in the Contacts section click the Add button.

235 | 7 4 6

Kaspersky CRYSTAL 2.0

The possibility to add contacts becomes available only when an account for whom Parental Control is being configured, logs in a social network under his/her account and becomes active there (sends/receives a message). 3. In the Adding contact window select the necessary contact from the list of existing contacts. 4. Messages from the selected contact are displayed in the bottom part of the window. 5. Click the OK button.

236 | 7 4 6

Kaspersky CRYSTAL 2.0

6. To block a contact, highlight the contact and click the Block button.

237 | 7 4 6

Kaspersky CRYSTAL 2.0

7. To block messaging with the contacts not included in the list, check the Block messaging with other contacts box. 8. Save the changes by clicking the Apply button in the Parental Control window.

Controlling or restricting sending private data You can also control or restrict sending private data (for example, passwords) via instant messengers. For this create the list of records which contain confidential data (for example, home address, phone number and etc.). Any attempts to send such data will be blocked and the information about blocked messages will be added to the report. In order to enable control sending private data and create the list of data blocked for sending, perform the following actions: 1. In the left part of the Parental Control window select Private Data. 2. In the right part of the Parental Control window check the Enable control box. 3. In the Parental Control window in the Private Data section click the Add button.

238 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Private Data window in the Data field enter the data restricted for sending (for example, 12345 for Password, 1234567 for Phone number). 5. In the Description field enter a proper description which will be displayed in the data list (for example, Password, Phone number). 6. Click the OK button.

7. You can edit the list of data using the Edit and Delete buttons. 8. In the Parental Control window click the Apply button.

239 | 7 4 6

Kaspersky CRYSTAL 2.0

Control over word usage If you want to monitor use of unwanted words or phrases (for example, referring to confidential data) within the users messaging, perform the following actions: 1. In the left part of the Parental Control window select Word Usage. 2. In the right part of the Parental Control window check the Enable control box. 3. In the Parental Control window in the Key words section click the Add button.

4. In the Key word window enter a word or a phrase which will be detected in the users messaging. Click the OK button.

5. You can edit the list of data using the Edit and Delete buttons. 6. In the Parental Control window click the Apply button.

240 | 7 4 6

Kaspersky CRYSTAL 2.0

Reports If the control is enabled the text, time, recipients, messages with personal data and every key word detected in the messaging will be displayed in the report. To view a report, go to the Reports tab in the Parental Control window and select the necessary section in the left part of the window. To view the report of the instant messaging, select Instant Messaging. The following information will be available to you in the right part of the window: direction, contact, time, and the result. To view the report of the social networking, select Social Networking. The following information will be available to you in the right part of the window: direction, contact, time. To view the report of the personal data transfer, select Private Data. The following information will be available to you in the right part of the window: private data, recipient, time, result.

To view the report of the key words usage, select Word Usage. The following information will be available to you in the right part of the window: key word, recipient/sender, time. You can create a report for a specified time period. For this, select the corresponding period in the drop-down list.

241 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 8. Home Network Control


The Home Network Control functions are designed to control Kaspersky PURE 2.0 installed on home network computers remotely from the administrator's workstation. Home Network Control lets you accomplish the following home network security tasks: analyze the level of home network protection; scan of the whole network or individual computers for threats; update anti-virus databases simultaneously; configure protection settings for networked computers; monitor computer and internet usage by the users; back up the data on networked computers; view reports on security subsystems' operation.

Protecting access with an administrator password


At the first launch of Home Network Control Kaspersky PURE 2.0 will suggest that you set an administrator password to protect unauthorized access to networked computers. In order to set an administrator password, do the following: 1. Open the main application window and in the lower part of the window click the Home Network Control button.

242 | 7 4 6

Kaspersky CRYSTAL 2.0

2. If you launch Home Network Control for the first time, then the Protect with Administrator Password window will appear in the window a password in the fields Password and Confirm password. Then click the Specify password button.

3. If you have already set protection with an administrator password, then in an opened window enter your password.

243 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to change administrator password settings, click the Administrator password settings link. To know how to change settings of the administrator password, read in the chapter Settings. If you use Home Network Control to remotely manage Kaspersky PURE 2.0 via a local network, then the password for Home Network Control must be the same on all computers in the network.

Search for computers


Once Home Network Control is launched, select a network for remote management (if your computer hosts more than one network). Click the Search for computers button or click the Add computer manually button to add computers manually.

Computers found in the network are displayed as a table with a status assigned for each computer. The following computer statuses are possible: Controlled. Kaspersky PURE 2.0 is installed on the computer, and the administrator password is identical to the password set on this computer. Remote administration of Kaspersky PURE 2.0 is available. Kaspersky PURE 2.0 not installed. Kaspersky PURE 2.0 was not found on the computer. Remote management prohibited. The option to manage Kaspersky PURE 2.0 services remotely has been disabled on the computer. 244 | 7 4 6

Kaspersky CRYSTAL 2.0

Buttons at the top of the table allow to add a computer manually, delete a computer from the list or clear the entire list. Check the Hide not controlled computers box at the bottom of the window, to display only controlled computers in the table. To display the computer in the Home Network Control on each computer, the status "Trusted network" or "Local network" should be installed in the Firewall settings for your home network. Otherwise, the computer will not be found when scanning the network. To check the Firewall settings on the current computer, click the Settings link in the main program window and in the Settings window select Firewall. In the Networks section rightclick the required network and select either Local or Trusted network.

Setting group update


Via Home Network Control you can remotely manage update of Kaspersky PURE 2.0 on the networked computer. Below are the available database update modes: Update databases on the computers independently. 245 | 7 4 6

Kaspersky CRYSTAL 2.0

Load updates from a selected computer in the network. In this update scenario, one computer in the network should be assigned as an update server. Other networked computers will download updates from this computer.

By default, updates are downloaded on each computer in the network individually. In order to change an update method in the networked computers, do the following: 1. In the Home Network Control window click the Configure group update button.

2. In the Configure group update window select the required update method. 3. For the computers to update from a selected computer on the network, from the dropdown list select a computer to be the update source.

246 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the table of computers, a computer update source should have the Controlled status.

247 | 7 4 6

Kaspersky CRYSTAL 2.0

Group launch of update and virus scan


Via the Home Network Control you can start scan for viruses and update tasks remotely either for the entire network or for an individual computer.

How to start group scan for viruses In order to start a group scan for viruses, perform the following actions: 1. In the main program window click the Home Network Control button. 2. At the top of the Home Network Control window click the Scan for viruses link.

3. Select a scan type: Full Scan or Critical Areas Scan. 4. Check the computers you want to scan. Click the Run scan button.

248 | 7 4 6

Kaspersky CRYSTAL 2.0

How to start group update In order to start a group update of databases, perform the following actions: 1. In the main program window click the Home Network Control button. 2. At the top of the Home Network Control window click the Update databases link.

249 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Group start of update window select the computers you want to update. 4. Click the Run update button.

250 | 7 4 6

Kaspersky CRYSTAL 2.0

Detailed protection setting of networked computers


In order to manage protection of every computer on the network remotely, perform the following actions: 1. In the main program window click the Home Network Control button. 2. Enter your administrator password. 3. At the top part of the Home Network Control window select the necessary computer by clicking it. 4. On the corresponding tabs in the lower part of the Home Network Control window you can see information about the selected computer, configure Parental Control, scan computer for viruses, update databases, and get backup information.

251 | 7 4 6

Kaspersky CRYSTAL 2.0

Lets study each tab in detail.

Information In the Home Network Control window the Information tab displays the name of the selected computer in the local network and the program installed on it available for remote management.

252 | 7 4 6

Kaspersky CRYSTAL 2.0

Additionally, you can view the following information about a selected computer: Protection components store current operation settings of all protection components with the possibility of their remote enabling/disabling. Problems is a list of problems in the computer security and the ways of troubleshooting these problems. License the section contains information about the license in use, prolong and activation links.

253 | 7 4 6

Kaspersky CRYSTAL 2.0

Click the buttons in the right part of the window to know more.

254 | 7 4 6

Kaspersky CRYSTAL 2.0

Parental Control The Parental Control tab allows to enable or disable Parental Control remotely on a controlled computer, to change the Parental Control settings for each account and to view reports.

255 | 7 4 6

Kaspersky CRYSTAL 2.0

Scan The tab is designed to run a virus and vulnerabilities task remotely for a selected computer: Full Scan. Full system scan. The following objects are scanned by default: system memory, objects run on startup, system backup, email databases, hard drives, removable storage media and network drives. Critical Areas Scan. A quick scan of objects that are loaded with the operating system at startup. Vulnerability Scan performs the diagnostics of operating system and detects software features that can be used by intruders to spread malicious objects and obtain access to personal information.

256 | 7 4 6

Kaspersky CRYSTAL 2.0

Update The Update tab provides the information about the last update on a selected computer and the update source.

257 | 7 4 6

Kaspersky CRYSTAL 2.0

Any computer can be selected as an update server from which other computers will download updates. To assign a selected computer an update source, click the Make this computer an update source button.

258 | 7 4 6

Kaspersky CRYSTAL 2.0

In the opened window confirm that you want to make this computer an update source.

The Virus activity review link takes you to http://www.securelist.com, where you can view actual information about network threats.

259 | 7 4 6

Kaspersky CRYSTAL 2.0

To start application update on a selected computer, click the Run update button.

260 | 7 4 6

Kaspersky CRYSTAL 2.0

Click the arrow in the right part of the Run update button to configure an update schedule or roll back to the previous databases (this function becomes available after the first update).

261 | 7 4 6

Kaspersky CRYSTAL 2.0

Backup and Restore The Backup and Restore tab is designed for remote management of backup tasks. The list of tasks includes all the backup tasks created on the selected computer. You cannot create a backup task remotely. The task should be created from the main application window on the computer (the Backup and Restore module). After that a backup task will appear in the Home Network Control window of this computer. In order to run the task, click the Run button. You can pause or stop the task.

262 | 7 4 6

Kaspersky CRYSTAL 2.0

263 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 9. Additional Tools


To facilitate solving specific tasks of providing computer security, Kaspersky PURE 2.0 includes the following wizards and tools: Browser Configuration; Kaspersky Rescue Disk; Microsoft Windows Troubleshooting; File Shredder; Privacy Cleaner; Unused Data Cleaner.

Browser Configuration
The Browser Configuration Wizard analyzes Microsoft Internet Explorer settings from the perspective of security, since some settings selected by the user or set by default may cause security problems. The Wizard checks whether the latest software updates for the browser have been installed, and whether its settings contain any potential vulnerability which can be used by intruders to inflict damage on your computer. In the result of analysis the wizard will offer you to select from the list the problems you wish to eliminate. The list is divided into three groups: Additional actions. List of the least dangerous threats. Recommended actions. List of problems posing a potential threat. Strongly recommended actions. List of problems posing a serious security threat. Browser Configuration Wizard checks the following objects: Microsoft Internet Explorer cache. The cache contains confidential data, from which a history of websites visited by the user can also be obtained. Some malware objects also scan the cache while scanning the disk, and intruders can obtain, for example, the user's email addresses. You are advised to clear the cache every time you close your browser to improve the protection. Display of known file types extensions. It is useful to see the file extension. File names of many malicious objects contain combinations of symbols imitating an additional file extension before the real one. If the real file extension is not displayed, users can see just the file name part with the imitated extension. Such scheme is commonly used by cyber criminals. To improve protection, you are advised to enable the display of files of known formats. List of trusted websites. Malicious objects can add to this list links to websites created by intruders.

Running Browser Configuration Wizard In order to run Browser Configuration Wizard, perform the following: 1. Open the main program window. 264 | 7 4 6

Kaspersky CRYSTAL 2.0

2. At the lower part of the window click the Additional Tools button.

3. In the Additional Tools window in the Browser Configuration section click the Run button to configure the browser.

265 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Browser Configuration Wizard window (if launched for the first time) only one action is available Perform diagnostics for Microsoft Internet Explorer. To start the search process, click the Next button. Close all browser windows before starting the diagnostics.

266 | 7 4 6

Kaspersky CRYSTAL 2.0

When you start the Wizard next time, you will be able to select from the two options: Perform diagnostics for Microsoft Internet Explorer. Roll back changes. You can roll back changes if after the Wizard's work some problems when working on the Internet appear. 5. Wait until the system is being checked. 6. In the wizard window, check the boxes for problems to be fixed. Click the Next button.

267 | 7 4 6

Kaspersky CRYSTAL 2.0

7. In the wizard window, click the Finish button.

268 | 7 4 6

Kaspersky CRYSTAL 2.0

Rolling back wizard actions which resulted in problems when working on the Internet If the Wizard's work causes problems with the Internet, you can roll back the changes which were made by the Wizard. In order to do so, perform the following actions: 1. Start the Browser Configuration Wizard. 2. In the welcome window, select the Roll back changes option and then click the Next button.

3. In the list of made changes, select the changes for rollback and click the Next button.

269 | 7 4 6

Kaspersky CRYSTAL 2.0

4. Wait until the rollback process is completed. 5. In the wizard window, click the Finish button. Make sure problems with the Internet are eliminated.

Kaspersky Rescue Disk


Kaspersky PURE 2.0 includes a service which allows to create rescue disk designed to scan and disinfect x86-compatible computers. It is required when a computer is so damaged that the anti-virus solution or disinfection tools (for example, Kaspersky AVPTool), run under control of the operating system, fail to disinfect a computer. Efficiency of such disinfection enhances considerably as malicious programs in the system do not get control during the boot of the operating system. Rescue disk is an .iso image which includes the following: system and configuration files; a set of utilities to diagnose the system; a set of additional utilities (file manager and etc.); Kaspersky Rescue Disk files; anti-virus databases files. A computer with the damaged operating system is booted from a CD/DVD-disk or a USBmedium (a corresponding device should be installed on the computer).

270 | 7 4 6

Kaspersky CRYSTAL 2.0

Creating Kaspersky Rescue Disk You can create the disk image (an .iso file) with up-to-date anti-virus databases and configuration files. A source image can be downloaded from Kaspersky Lab servers or copied from a local source. The file created by the Wizard is saved in the path specified during the work of the Wizard. To create a Rescue Disk, perform the following actions: 1. Open the main application window. 2. At the lower part of the window click the Additional Tools button.

3. In the Additional Tools window in the Kaspersky Rescue Disk section click the Create button. 4. Kaspersky Rescue Disk is created with the help of the wizard. The Wizard consists of a series of screens (steps) navigated using the Back and Next buttons. To close the Wizard once it has completed its task, click the Finish button. To stop the Wizard at any stage, click the Cancel button. 5. The Create and record Kaspersky Rescue Disk on a CD / DVD or USB flash drive window of the Wizard contains information about the Rescue Disk that will be created by the Wizard.

271 | 7 4 6

Kaspersky CRYSTAL 2.0

If the Wizard detects an existing Rescue Disk ISO file in the dedicated folder, the Use existing disk image box will be displayed in the first window of the Wizard. Check the box to use the detected file as original ISO image and go directly to the Updating disk image step. Uncheck this box if you do not want to use the disk image that has been found.

272 | 7 4 6

Kaspersky CRYSTAL 2.0

6. The Select disk image source window is skipped if you have checked the Use existing disk image box in the first Wizard window. At this step, you should select the image file source from the list of options: Select Copy ISO image from local or network drive if you already have a Rescue Disk or an image prepared for it and stored on your computer or on a local network resource. Select the Download ISO image from Kaspersky Lab server option if you do not have an image file, and you want to download it from the Kaspersky Lab server. Make sure that the Internet connection is established on your computer. The latest version of an image is downloaded from the Kaspersky Lab server. The file size is about 200 MB. After you have selected an image source, click the Next button.

273 | 7 4 6

Kaspersky CRYSTAL 2.0

7. The Downloading disk image window is skipped if you have checked the Use existing ISO image box in the first Wizard window, If you have selected Download ISO image from Kaspersky Lab server, the disk image downloading progress is displayed immediately.

274 | 7 4 6

Kaspersky CRYSTAL 2.0

If you have selected the option to copy the image from a local source at the previous step (Copy ISO image from local or network drive), you should specify the path to the ISO file at this current step. To do this, click the Browse button. After you have specified the path to the file, click the Next button. The disk image copying progress is displayed in the Wizard window.

275 | 7 4 6

Kaspersky CRYSTAL 2.0

8. When copying or downloading the ISO image is complete, the Wizard automatically proceeds to Updating disk image. Disk update procedure includes: update of anti-virus databases; update of configuration files. Configuration files determine the possibility of starting the computer from a removable disk or CD / DVD written using a rescue disk image provided by the Wizard. When updating anti-virus databases, those distributed at the last update of Kaspersky PURE 2.0 are used. If the databases are obsolete, it is recommended to update the program and restart the Rescue Disk Creation Wizard. To begin updating of the files, click the Next button. The updating progress will be displayed in the Wizard window.

276 | 7 4 6

Kaspersky CRYSTAL 2.0

9. The Wizard informs you of a successful creation of the Rescue Disk and offers you to record it on a data medium.

277 | 7 4 6

Kaspersky CRYSTAL 2.0

Specify a data medium for recording the disk image:

Select Record to CD / DVD to record the image on a CD / DVD. You will be prompted to specify the CD / DVD on which the image should be recorded. Then, the ISO image will be recorded on this CD / DVD. The recording process may take some time so please wait until it has completed.

278 | 7 4 6

Kaspersky CRYSTAL 2.0

A special program is needed for burning. For example, Nero.

Select the Record to USB flash drive option to record the image on a removable drive. Kaspersky Lab recommends that you do not record the ISO image on devices which are not designed specifically for data storage, such as smartphones, cellphones, PDAs, and MP3 players. Recording ISO images on these devices may lead to their incorrect functioning in the future. You will be prompted to specify the removable drive on which the image should be recorded. Then, the image will be recorded on this removable drive. The recording process may take some time so please wait until it has completed.

279 | 7 4 6

Kaspersky CRYSTAL 2.0

Select Save the disk image to file on local or network drive to record the ISO image to the hard drive installed on your computer or another one that you can access over a network. You will be offered to specify the folder into which the image should be recorded, and the name of the ISO file, after which it will be recorded on the hard drive. The recording process may take some time so please wait until it has completed. Later you will have to record this file on the CD/DVD disk or a USB drive on your own.

280 | 7 4 6

Kaspersky CRYSTAL 2.0

10. To complete the Wizard, click the Finish button. You can use the disk that you have created for further booting of the computer (see Starting the computer from the rescue disk).

281 | 7 4 6

Kaspersky CRYSTAL 2.0

Creation and record of a rescue disk is completed.

Starting the computer from the rescue disk To boot the operating system from the rescue disk, you should use a CD / DVD or removable drive with a rescue disk image (.iso) file recorded on it, and start the computer. If a CD-disk cannot be inserted into the CD/DVD drive, then start up the computer and next insert the CD into the CD/DVD drive. Insert the disk quickly, otherwise the infected operating system starts booting not from a rescue disk. 1. Insert a medium drive with the recorded disk image into the corresponding slot and switch the computer. 2. If a disk cannot be inserted before computer is enabled, in this case first, switch on the computer, and then insert a disk into the disk drive. Try to insert the disk into the drive quickly so the computer would boot from the rescue disk and not from an infected system. 3. Immediately after the computer restart, press the Delete key several times to enter BIOS9. 4. In BIOS in the Advanced BIOS Features menu set CD/DVD-ROM (or USB-drive) as the first boot device (the BIOS interface may vary depending on its version). 5. Exit BIOS saving the made changes.

BIOS is a part of the system hardware designed to provide access to computer hardware and the connected devices.

282 | 7 4 6

Kaspersky CRYSTAL 2.0

6. When a screen with Kaspersky Rescue Disk 10 appears, press any key within 10 seconds, to prevent your computer to boot from the hard drive. 7. Using the keys to move the cursor in the left part of the screen, select the language of the graphic interface. Press the ENTER key. If no choice is made for some time, English is used as a default language. Next, the folders for anti-virus databases, reports, the quarantine and auxiliary files are searched (created). By default, folders of a Kaspersky Lab product, installed on an infected computer, are used (ProgramData/Kaspersky Lab/AVP12 for Microsoft Windows Vista/7, Documents and Settings/All Users/Application Data/Kaspersky Lab/AVP12 for earlier versions of Microsoft Windows). Pay attention, the folders Application Data in Microsoft Windows XP and ProgramData in Microsoft Windows Vista and Microsoft Windows 7 are hidden by default. Read KB3580(http://support.kaspersky.com/faq/?qid=208281592), to know how to enable display of hidden folders. If the applications folders are not found, an attempt is made to create them. If the folders cannot be found or created, the kl.files folder is created on one of the drives. 8. Next you are offered to select from one of the following boot modes: Kaspersky Rescue Disk. Graphic mode loads the graphic subsystem (recommended for most of the users). Kaspersky Rescue Disk. The text mode loads the user text interface provided by the console file manager Midnight Commander (MC). Boot from the Hard Disk.

283 | 7 4 6

Kaspersky CRYSTAL 2.0

9. Using the Up/Down arrows on the keyboard select Graphic mode. Press the ENTER key. Carefully read the text of a license agreement for Kaspersky Rescue Disk 10 and if you agree with its conditions, press the C key on the keyboard. When the operating system has booted you can start working with Kaspersky Rescue Disk 10. If the operating system of the booting computer is in the sleep mode or its work was finished incorrectly, you will be suggested to mount the file system for usage (prepare the file system tor usage in the operating system) or restart the computer. In this case select one of the three variants: Continue. If you click the Continue button, Kaspersky Rescue Disk 10 continues mounting the file system but the file system can be damaged. Skip. If you click the Skip button, Kaspersky Rescue Disk 10 skips mounting of the file system. In this case you can only scan boot sectors and startup elements for viruses. However, some file systems can be mounted. Restart computer. In this scenario you can boot from a hard drive and finish work of the operating system correctly. Kaspersky Rescue Disk 10 allows the user to perform the following actions: 1. Scan objects for viruses and configure scan settings, including: modify the security level;

284 | 7 4 6

Kaspersky CRYSTAL 2.0

2.

3.

4. 5.

change an action performed upon a threat detection; create the list of objects to scan; change type of scanned objects; restrict scan duration; specify scan settings of compound files; change the scan method; restore default scan settings. Start update of anti-virus databases and configure the update settings: select an update source; configure proxy-server settings; specify regional settings; if necessary, roll the latest update back. Configure additional settings: specify the category of the detected threats; create the trusted zone; configure notification settings; set the storage time for report files; configure settings of storing objects on quarantine and backup. Create a report for scan and update tasks. View statistics of the application operation.

You can find more detailed information about the features of the rescue disk in the help system of Kaspersky Rescue Disk.

Microsoft Windows Troubleshooting


What is Microsoft Windows Troubleshooting? The Microsoft Windows Troubleshooting Wizard allows to neutralize the consequences of malicious activity in the system. Kaspersky Lab recommends that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by infections have been fixed. You can also use the Wizard if you suspect that your computer is infected. The Wizard checks whether there are any changes to the system, such as the following: access to the network being blocked (for example, it is impossible to address other computers in the LAN); known file format extensions have been changed; the toolbar is locked (as a result applications cannot be deleted) and etc. Such damage can have various causes: the activity of malicious programs; system failures; incorrect operation of system optimization applications.

285 | 7 4 6

Kaspersky CRYSTAL 2.0

Running Microsoft Windows Troubleshooting Wizard To start the Wizard, perform the following actions: 1. Open the main application window. 2. At the lower part of the main window click the Additional Tools button.

3. In the Additional Tools window in the Microsoft Windows Troubleshooting section click the Run button.

286 | 7 4 6

Kaspersky CRYSTAL 2.0

4. The Microsoft Windows Troubleshooting Wizard will be started. The Wizard consists of a series of screens (steps) navigated using the Next buttons. To stop the Wizard at any stage, click the Cancel button. If the wizard is started for the first time, then only the option Search for problems caused by malware activity will be available. If the wizard was started earlier and some changes were made, then you will also be able to select the Roll back changes option. Click the Next button to continue.

287 | 7 4 6

Kaspersky CRYSTAL 2.0

5. All damage found during the previous step is grouped on the basis of the type of danger it poses. For each damage group, Kaspersky Lab recommends a sequence of actions to repair the damage. There are three groups of actions: Strongly recommended actions eliminate problems posing a serious security threat. Recommended actions eliminate problems presenting a potential threat. Additional actions list the least dangerous problems. Check the boxes for the problems to be fixed. Click the Next button.

288 | 7 4 6

Kaspersky CRYSTAL 2.0

6. To close the Wizard, click the Finish button.

289 | 7 4 6

Kaspersky CRYSTAL 2.0

File Shredder
What is File Shredder? In some cases (for example, when you want to sell your computer) you may need to permanently delete your personal data which are stored on your computer. Deleting data with the standard Microsoft Windows tools (sending them to the Recycle Bin and then emptying the Recycle Bin) cannot ensure safety and prevent possible restoration. Files may be restored using any high-performance software tools. Formatting data storage media (such as hard disk drives, flash cards, or USB cards) cannot guarantee total data deletion either. In order to protect your confidential data from unauthorized restoration, Kaspersky PURE 2.0 includes the File Shredder option. Data deletion is based on rewriting deleted information with ones, zeroes, or random symbols. In Kaspersky PURE 2.0 algorithms of re-recording symbol chains (methods for permanent deletion of personal data) are standardized. Rewriting cycles and number of them may vary depending on the selected method for permanent deletion. The wizard supports data deletion from the following information carrier: Local drives. Deletion is possible if the user has the rights required for recording and deleting information. Removable drives or other devices that are recognized as removable drives (such as floppy disks, flash memory cards, USB disks, or cell phones). Data can be deleted from a flash memory card if its mechanical protection from rewriting is disabled.

290 | 7 4 6

Kaspersky CRYSTAL 2.0

Before permanently deleting data from a medium, the program finds out whether deletion from a selected drive is available. The deleting procedure will be performed only of the selected drive supports data deletion. Otherwise the data cannot be permanently deleted from a drive. You can delete the data that you can access under your personal account. Before deleting data, make sure that it is not used by running applications. Such objects as a file or a folder can be deleted. To prevent accidental deletion of important files at a time you can select only one object for deletion (a selected folder may contain several files or sub-folders). Deletion of system files and folders may cause operating system malfunctions. If you select system files or folders for deletion, the application will request additional confirmation of their deletion. Methods for permanent deletion of personal data are standardized. They are all based on overwriting deleted information with ones, zeros, or random characters multiple times. Deletion speed and quality may vary depending on the number of overwrite cycles. Data deletion methods Sure methods are methods when data rewriting contains three or more cycles. In the File Shredder Tool from Kaspersky PURE 2.0 you are offered to select one of the following data deletion standards: Quick delete (Recommended). Deletion process consists of two cycles of data rewriting: writing zeroes and pseudorandom numbers. The main advantage of this algorithm is performance speed. Two cycles are enough to complicate the operations of data restoration tools. Even if the file itself will be restored, the data will turn out to be annihilated. GOST state standard P 50739-95, Russian Federation. The algorithm carries out one rewriting cycle using pseudorandom numbers and protects the data from restoration with common tools. This algorithm corresponds to protection class 2 out of 6 total, according to the State Technical Commission classification. VSITR standard, Germany. The algorithm carries out seven rewriting cycles. The algorithm is considered reliable but it requires more time for execution. Bruce Schneier algorithm. The process consists of seven rewriting cycles. The method differs from VSITR by its rewriting sequence. This enhanced method of data deletion is considered the most reliable. NAVSO P-5239-26 (MFM) standard, USA and NAVSO P-5239-26 (RLL) standard, USA. The algorithm carries out three rewriting cycles. The standards differ from one another by their sequences of data deletion. DoD 5250.22-M standard, USA. The algorithm carries out three rewriting cycles. It is considered a reliable method of protection against people who do not have special tools but, however, data are successfully restored in many cases. Permanent data deletion procedure In order to permanently delete data, do the following:

291 | 7 4 6

Kaspersky CRYSTAL 2.0

1. Open the main program window. 2. At the lower part of the window click the Additional Tools button.

3. In the Additional Tools window in the File Shredder section click the Open button.

292 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the File Shredder window click the Browse button. In the Select file or folder window select an object for deletion and click the OK button.

293 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the drop-down list Data deletion method, select a required deletion method.

294 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Click the Delete button.

295 | 7 4 6

Kaspersky CRYSTAL 2.0

7. In the opened window confirm deletion by clicking the OK button.

Privacy Cleaner
Many of user's actions performed on the Internet or with applications are registered in the system. The following data is saved: Histories containing information about visited websites, applications launch , search requests, opening / saving files by different applications; Microsoft Windows system log records; 296 | 7 4 6

Kaspersky CRYSTAL 2.0

Temporary files and etc.

Privacy Cleaner Wizard Privacy Cleaner Wizard allows to delete the files, including files with the user private data (for example, passwords). To start Privacy Cleaner Wizard, perform the following actions: 1. Open the main application window. 2. At the lower part of the main window click the Additional Tools button.

3. In the Additional Tools window in the Privacy Cleaner section click the Run button.

297 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Erase Your Activities History window select an action: Perform user activity traces diagnostics; Roll back changes (the option is available if the wizard was used before) 5. Click the Next button.

298 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Wait until the process is completed. 7. Select the required information about the user's actions to delete. The list contains three sections: Additional actions the list of the least dangerous problems; Recommended actions the list of potentially dangerous problems; Strongly recommended actions this group includes dangerous problems. 8. To start the process, click the Next button.

299 | 7 4 6

Kaspersky CRYSTAL 2.0

9. Wait until the deletion is completed. In order to delete some files, the wizard will suggest that you restart the system. 10. In the Activity traces cleaned successfully window, you can specify the mode that the wizard will be started automatically every time on Kaspersky PURE 2.0 exit. To do so, check the box Clean activity traces every time on Kaspersky PURE 2.0 exit. 11. To finish the wizard's work, click the Finish button.

300 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to delete some files, the wizard will suggest that you restart the system. Repeated running of the Privacy Cleaner Wizard may detect activity traces which were not cleaned up by the previous run of the Wizard. The matter is that data related to user activity in the system are accumulated constantly. Some files, for example the Microsoft Windows log file, may be in use by the system while the Wizard is attempting to delete them. In order to delete these files, the Wizard will prompt you to restart the system. However, during the restart, these files may be recreated and detected again as activity traces.

Unused Data Cleaner


The temporary files are created at the launch of any applications or operating systems. But some of them remain undeleted when closing the application or operating system. However in some cases (emergency shutdown, incorrect program installation, error in the program and etc.) temporary files are not automatically deleted. Whereas deletion of temporary and unused files will save free place on your hard drive.

Unused Data Cleaning Wizard Kaspersky PURE 2.0 includes the Unused Data Clearing Wizard to delete unused files. The wizard deletes the following: system event logs, where the names of all active applications are recorded;

301 | 7 4 6

Kaspersky CRYSTAL 2.0

event logs of various applications (such as Microsoft Office, Microsoft Visio, Macromedia Flash Player) or update utilities (such as Windows Updater, Adobe Updater); system connection logs; temporary files of Internet browsers (cookies); temporary files remaining after installation / removal of applications; Recycle Bin contents; files in the TEMP folder whose volume may grow up to several gigabytes. To start the Unused Data Clearing Wizard, please do the following: 1. Open the main application window. 2. At the lower part of the window select the Additional Tools button.

3. In the Additional Tools window in the Unused Data Cleaner section click the Run button.

302 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the welcome window of the window click Next to start the wizard.

303 | 7 4 6

Kaspersky CRYSTAL 2.0

5. Wait till the search of unused files is complete.

304 | 7 4 6

Kaspersky CRYSTAL 2.0

6. In the Searching for unused data is complete window check the boxes for the actions to be performed by the Unused Data Clearing Wizard. All actions are grouped into three categories: Additional actions; Recommended actions; Strongly recommended actions. To start the deletion process, click the Next button.

305 | 7 4 6

Kaspersky CRYSTAL 2.0

7. Wait until the deletion process is over. 8. In the Unused data deletion is complete window click the Finish button.

306 | 7 4 6

Kaspersky CRYSTAL 2.0

307 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 10. Safe Run


What is Safe Run
Safe Run is a secure environment isolated from the main operating system and designed for running applications whose safety raises doubts. When you use Safe Run, the real objects of the operating system do not undergo changes. So even if you run an infected application in Safe Run, all of its actions will be limited to the virtual environment without affecting the operating system. Suspicious objects detected while you work in the safe environment are quarantined in the normal mode. The type of safe environment and the original file locations are saved in the list of detected threats and in the full report of Kaspersky PURE 2.0. When objects are recovered from Quarantine, they are restored to the original folder. If the original folder cannot be found, Kaspersky PURE 2.0 offers you to specify a location to restore the object in the environment in which the restoration procedure has been started. The Safe Run for Applications component from Kaspersky PURE 2.0 does not work on computers running under Microsoft Windows XP x64 and work with restriction on computers running under Windows Vista x64 and Windows 7 x64.

Running applications in the Safe Run for Applications mode


It is recommended to use the safe environment for launching suspicious applications as well as trusted applications vulnerabilities of which can be exploited by criminals to access data on your computer. You can run an application in the safe environment as well as use the safe desktop. Safe Run for Applications opens in the full-screen mode and represents a copy of the main desktop with all file system objects. You can create a list of applications that will run automatically when you start Safe Run for Applications. By default, after you close Safe Run for Applications, all changes you have made during the last session will be saved and remain available at the next startup. If necessary, you can clear all changes made to the safe environment.

Running an application in Safe Run You can run applications in Safe Run, without switching to the safe desktop. You can run an application in Safe Run from the context menu of Microsoft Windows. Applications running in safe environment, are highlighted with a green frame around the application window, and have a safe run indicator in the list of applications monitored by Application Control.

308 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to run an application in safe environment from the Microsoft Windows context menu, perform the following actions: 1. Right-click to open the context menu for the selected object: shortcut or executable file of the application. 2. In the context menu select Safe Run.

To save the data from an application run in Safe Run, save them to a folder: in Microsoft Windows XP: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SandboxShared;

309 | 7 4 6

Kaspersky CRYSTAL 2.0

in Microsoft Windows Vista and Microsoft Windows 7: C:\ProgramData\Kaspersky Lab\SandboxShared. See how to use the Shared folder in Using a Shared folder.

The folders Application Data in Microsoft Windows XP and ProgramData in Microsoft Windows Vista and Microsoft Windows 7 are hidden by default. Read the article KB3580 (http://support.kaspersky.com/faq/?qid=208281592) in Kaspersky Lab Knowledge Base, to know how to enable display of hidden folders. If no data were saved to the Shared folder, then once the application is closed, all changes made during work with the application, are automatically cleared.

Starting Safe Run for Applications You can launch the safe desktop: from the Kaspersky PURE 2.0 context menu; from the Kaspersky PURE 2.0 main window; using an existing shortcut. In order to launch the safe desktop from the Kaspersky PURE 2.0 context menu, right-click the Kaspersky icon in the notification area. From the open context menu select Tools and then Safe Run for Applications.

Safe desktop opens in the full-screen mode and represents a copy of the main desktop with all file system objects. If you roll over the top of the screen with the mouse pointer, a pop-up toolbar of the Safe Run desktop appears. The perimeter of the main desktop is highlighted with a green frame.

310 | 7 4 6

Kaspersky CRYSTAL 2.0

Safe Run pop-up toolbar allows you to perform the following actions: to fix the pop-up toolbar. to switch between the main and the Safe Run desktops. to close the Safe Run desktop or switch between the main and the Safe Run desktops. To switch to the Safe Run for Applications from the main window of Kaspersky PURE 2.0, perform the following actions: 1. Open the main application window. 2. Click Safe Run.

3. In the Safe Run for Applications window click on the Go to Safe Run for Applications button.

311 | 7 4 6

Kaspersky CRYSTAL 2.0

4. A welcome window opens. Click on the Close button to start work with the Safe Run for Applications.

312 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to launch the Safe Run desktop using a desktop shortcut, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button. 3. Click the arrow next to the Go to Safe Run for Applications button. Select Create desktop shortcut from the list.

313 | 7 4 6

Kaspersky CRYSTAL 2.0

4. The Safe Run for Applications shortcut will appear on the desktop. Using the shortcut you can quickly launch Safe Run, without opening the main application window or the context menu.

Closing Safe Run for Applications You can exit from the Safe Run for Applications mode with three methods: From the Start menu: in the Start menu of your operating system select Safe Run for Applications Shut down.

314 | 7 4 6

Kaspersky CRYSTAL 2.0

From the pop-up toolbar. In order to do this, perform the following actions: 1. In the upper part of the screen in the Safe Run for Applications mode click the button on the pop-up toolbar.

2. In the Leaving Safe Run for Applications window click on the Shut down button.

Using the key combination. You can exit from the Safe Run for Applications mode by pressing the key combination CTRL+ALT+SHIFT+K.

315 | 7 4 6

Kaspersky CRYSTAL 2.0

When closing Safe Run desktop you will be offered to save the data in the running applications. After it all applications will be closed and the Safe Run work will be over.

Switching between the main desktop and Safe Run for Applications You can switch to the main desktop, without closing Safe Run, and then switch back. You can use the following methods to switch between the main desktop and the Safe Run: from the Kaspersky PURE 2.0 main window; from the Kaspersky PURE 2.0 context menu; from the pop-up toolbar. To switch to the main desktop from the main window of Kaspersky PURE 2.0, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button. 3. In the Safe Run for Applications window click on the Return to the main desktop button.

To switch to the main desktop from the context menu of Kaspersky PURE 2.0, right-click to open the context menu on the Kaspersky icon in the notification area and select Tools -> Return to the main desktop.

316 | 7 4 6

Kaspersky CRYSTAL 2.0

If you havent finished work with the Safe Run and switched to the main desktop, then when you launch the Safe Run for Applications mode with any method described in Starting Safe Run for Applications, you will find the applications running at the same stage as they were, before you switched to the main desktop.

To switch to the main desktop from the pop-up toolbar, perform the following actions: 1. Roll over the top part of the screen with the mouse pointer. The pop-up panel of Safe Run for Applications appears. 2. Click on the button .

Using a shared folder


Shared folder of Safe Run is designed to share files between the main operating system and safe environment. All files saved in this folder when working in safe environment are available from the standard desktop. Shared folder is created when the application is being installed. Location of the shared folder may vary depending on the operating system: for Microsoft Windows XP: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SandboxShared. for Microsoft Windows Vista and Microsoft Windows 7: C:\ProgramData\Kaspersky Lab\SandboxShared. The folders Application Data in Microsoft Windows XP and ProgramData in Microsoft Windows Vista and Microsoft Windows 7 are hidden by default. Read the article KB3580 (http://support.kaspersky.com/faq/?qid=208281592) in Kaspersky Lab Knowledge Base, to know how to enable display of hidden folders.

317 | 7 4 6

Kaspersky CRYSTAL 2.0

Location of the shared folder cannot be changed. The safe environment shared folder can be opened in two ways: using a shortcut; using a link in the main window of the program. Depending on the application settings specified by developers, the shortcut may be located in the (My) Computer section or the (My) Documents section of Microsoft Windows Explorer.

To open the shared folder from the main window of Kaspersky PURE 2.0, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button. 3. In the Safe Run for Applications window click on the Open shared folder button.

318 | 7 4 6

Kaspersky CRYSTAL 2.0

The Safe Run shared folder will open in the standard window of Microsoft Windows.

Clearing Safe Run for Applications


If you need to delete data saved when working in the safe application launch environment, and restore the modified settings, you can clear Safe Run for Applications. The clearing is carried out from the main Kaspersky PURE 2.0 window on the main desktop and only if the Safe Run for Applications mode is disabled. Prior to emptying make sure that all data that may be needed for further work were saved in the Safe Run shared folder. Otherwise, the data is deleted without any possibility to restore them. To clear Safe Run data, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button. 3. Click the arrow next to the Go to Safe Run for Applications button. From the dropdown menu select Clear Safe Run for Applications.

319 | 7 4 6

Kaspersky CRYSTAL 2.0

4. Confirm clearing and, if necessary, check the contents of the Shared Folder once again.

What is Safe Run for Websites

320 | 7 4 6

Kaspersky CRYSTAL 2.0

Safe Run for Websites is a Kaspersky PURE 2.0 module which opens web pages without a risk of infection with malicious software. When you use Safe Run for Websites all websites open in a virtual environment without affecting the operating system. The Safe Run for Websites is mainly designed for accessing online banking systems and other websites processing confidential data. You can start Safe Run for Websites on your own or configure the application settings so that the application would offer to switch to Safe Run for Websites automatically when definite conditions are met. For example, you can: Enable controlled access to online banking services. Upon an attempt to open a service that provides access to your finances, the application will offer you to switch to safe run for websites. Create your own list of websites that process confidential data. Upon an attempt to open such sites, the application will offer you to switch to safe run for websites. Enable control when transferring to potentially dangerous web sites. Upon an attempt to open such sites, the application will offer you to switch to safe run for websites to secure the system from a risk of infection. When you use Safe Run for Websites, all changes (saved cookies, log of visited websites, etc.) remain in the safe environment and do not affect the operating system, which means that they cannot be exploited by intruders. If necessary, you can clear all changes made to the safe browser and restore the default settings.

Starting Safe Run for Websites When starting Safe Run for Websites, the default browser opens in Safe Run mode: only for Microsoft Internet Explorer, Mozilla Firefox or Google Chrome. In other cases, Microsoft Internet Explorer opens in Safe Run for Websites mode. You can manually select a browser which will be launched as a safe browser in the Safe Run for Websites settings. You can launch the Safe Run for Websites manually either from the Kaspersky PURE 2.0 main window or using an existing shortcut. To launch the Safe Run from Websites from the Kaspersky PURE 2.0 main window, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button.

321 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Safe Run for Applications window click the Start Safe Run for Websites button. A default browser will be launched.

322 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to select a safe browser, perform the following actions: 1. In the Safe Run for Applications window click on the arrow next to the Start Safe Run for Websites button. 2. In the drop-down menu select Configure.

323 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Safe Run for Website settings window in the drop-down list of the browsers installed on your computer select a browser which should be used to safely browse websites.

324 | 7 4 6

Kaspersky CRYSTAL 2.0

4. Click on the Save button.

325 | 7 4 6

Kaspersky CRYSTAL 2.0

Now when you click the Start Safe Run for Websites button, the selected browser will be launched in the Safe Run for Websites window. The browser which runs in Safe Run for Websites mode is highlighted with a green frame around the application window.

In order to launch safe run for websites using a shortcut, perform the following actions: 1. Open the main applications window. 2. Click on the Safe Run button. 3. Click on the arrow next to the Start Safe Run for Websites button. In the drop-down menu select Create desktop shortcut.

326 | 7 4 6

Kaspersky CRYSTAL 2.0

The Safe Run for Websites shortcut will appear on the desktop. To launch a safe browser, double-click the shortcut.

Using a shared folder Shared folder of Safe Run is designed to share files between the main operating system and safe environment. All files saved in this folder when working in safe environment are available from the standard desktop. Shared folder is created when the application is being installed. Location of the shared folder may vary depending on the operating system: for Microsoft Windows XP: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SandboxShared. for Microsoft Windows Vista and Microsoft Windows 7: C:\ProgramData\Kaspersky Lab\SandboxShared. The folders Application Data in Microsoft Windows XP and ProgramData in Microsoft Windows Vista and Microsoft Windows 7 are hidden by default. Read the article KB3580

327 | 7 4 6

Kaspersky CRYSTAL 2.0

(http://support.kaspersky.com/faq/?qid=208281592) in Kaspersky Lab Knowledge Base, to know how to enable display of hidden folders. Location of the shared folder cannot be changed. The safe environment shared folder can be opened in two ways: using a shortcut; . Depending on the application settings specified by developers, the shortcut may be located in the (My) Computer section or the (My) Documents section of Microsoft Windows Explorer.

To open the shared folder from the main window of Kaspersky PURE 2.0, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button. 3. In the Safe Run for Applications window click on the Open shared folder button.

328 | 7 4 6

Kaspersky CRYSTAL 2.0

4. The Safe Run shared folder will open in the standard window of Microsoft Windows.

Clearing Safe Run for Websites If necessary, you can configure the mode to automatically delete the data, saved during safe run for websites. Or, on the contrary, you can configure Safe Run for Websites to save the entered confidential data. In order to do this, perform the following actions: 1. Open the main application window. 2. Click on the Safe Run button.

329 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Safe Run for Applications window click on the arrow button next to Start Safe Run for Websites. From the drop-down menu, select Configure.

330 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Safe Run for Websites settings window enable or disable automatic clearing of data.

331 | 7 4 6

Kaspersky CRYSTAL 2.0

If you select Enable automatic clearing of data, all confidential data (for example, passwords), entered during work in the safe browser, will be deleted when the browser is closed. This is the safest mode for work. If you select Disable automatic clearing of data, all entered confidential data can be saved in the safe browser and used during the next working session. However, in this operational mode the working security is decreased. Click on the Save button.

332 | 7 4 6

Kaspersky CRYSTAL 2.0

You can manually delete data saved during work with the safe browser. In order to do this, perform the following actions: 1. In the Safe Run for Applications window click on the arrow button next to Start Safe Run for Websites. Select Clear Safe Run for Websites from the drop-down menu.

333 | 7 4 6

Kaspersky CRYSTAL 2.0

2. In the Clear Safe Run for Websites window click on the Clear button to confirm data deletion.

334 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 11. Data Encryption


Data Encryption is designed for protecting confidential information against unauthorized access. To protect your personal data, the mechanism of encryption is used. It means that data is stored in an encrypted form in a special container. Container is an encrypted object created by the user with the Data encryption function. After the container is created and connected you can work with it as with a virtual logical drive. Containers can be copied, burnt onto CD and DVD-disks, sent by e-mail, relocated onto another computer on which Kaspersky PURE 2.0 is installed. To work with data in a container, it is required to decrypt them. On decryption Kaspersky PURE 2.0 will ask to enter your password. After entering the password, the container will be displayed in the system as a virtual removable device which can be used to move or copy data to.

Creating an encrypted container


In order to store encrypted data, it is required to create a container. A container can be created on a local disk or removable devices. During a container creation, you will be required to specify its name, size, access password and path to store the file. You can also connect an earlier created container if it is not accessible on the computer (for example, after operating system re-installation). In this case the container will appear in the list of containers, but access to the container will be blocked until you enter the password to the container. In order to create a container, perform the following actions: 1. Open the main application window. 2. Click on the Data Encryption button.

335 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the Data Encryption window click on the Create container button.

336 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Create encrypted container window, specify the main settings for the container: Name; Password; Size; Container file location; Virtual drive letter.

337 | 7 4 6

Kaspersky CRYSTAL 2.0

Encrypting data
Once the container is created, you can see the container information in the lower part of the window.

338 | 7 4 6

Kaspersky CRYSTAL 2.0

You can view data stored in the container by clicking on the Open container button. The container will be open in the Microsoft Windows Explorer. Copy to the container data you wish to encrypt. In order to encrypt data, click on the Encrypt data button in the Data Encryption window of Kaspersky PURE 2.0.

Connecting an earlier created container


In order to connect an earlier created container (for example, created on another computer with installed Kaspersky PURE 2.0), perform the following actions: 1. Open the main application window. 2. Click on the Data Encryption button. 3. In the Data Encryption window click on the Connect container link.

339 | 7 4 6

Kaspersky CRYSTAL 2.0

4. Select the container file and press on the Open button.

340 | 7 4 6

Kaspersky CRYSTAL 2.0

Decrypting data. Configuring container


In order to access data stored in a container, perform the following actions: 1. Open the main application window. 2. Click on the Data Encryption button. 3. Select the required container from the list and click on the Decrypt data button in the container section.

4. Enter the password to the container in the open window.

5. Click on the OK button. The container opens in the Microsoft Windows Explorer window. 341 | 7 4 6

Kaspersky CRYSTAL 2.0

You can change the password of name of the container. Also you can create a shortcut to the container or delete the container. In order to configure the container settings, perform the following actions: 1. In the section of the created container click on the Settings button.

342 | 7 4 6

Kaspersky CRYSTAL 2.0

2. Enter the password to access the container:

3. In the <Container name> window you can change the name of the container, change password or create a desktop shortcut.

343 | 7 4 6

Kaspersky CRYSTAL 2.0

4. To change the password to the container click on the Change password link. In the open window enter your current password in the old password field and your new password in the New password and Confirm password fields. Click on the OK button.

5. In order to create a shortcut to the container, click on the Create desktop shortcut link. Click OK in the open window.

344 | 7 4 6

Kaspersky CRYSTAL 2.0

The shortcut to the container will appear on the desktop:

Deleting container
In order to delete a container, perform the following actions: 1. In the Data Encryption window click on the arrow button next the Settings window. 2. Select Delete from the open menu.

345 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the open window enter the password to the container:

4. In the Confirm deletion window click on the OK button.

346 | 7 4 6

Kaspersky CRYSTAL 2.0

347 | 7 4 6

Kaspersky CRYSTAL 2.0

Chapter 12. Password Manager


What is Password Manager
Using passwords is the most common authorization method, and frequently a password is the only obstacle for intruders who try to get access to your personal data. Password Manager is an indispensable tool for the active Internet user. It fully automates the process of entering passwords and other data into websites and saves the user going to the trouble of creating and remembering multiple passwords. When you use Password Manager to log in, you can rest assured that your data is safe. The software creates exceptionally strong passwords and prevents your login information from being stolen. All confidential data is encrypted and kept in a dedicated database on your computer. From the Password Manager window you can: Open the password database; Open the settings window; Add a new account or identity; Create portable version on a USB-drive; Launch Password Generator; Open frequently used accounts. The Password Manager interface includes the following components: Password Manager window; Icon in the taskbar notification area; Context menu; Settings window; Password database window; Pointer; Caption button.

Main features of Password Manager


One-click authorization Password Manager saves the parameters you use to access web resources (login and password). With each subsequent visit to the site the program will insert your credentials automatically. Password Manager also works with applications which require authorization (Skype, ICQ, Outlook and etc.). Secure protection of your passwords Password Manager stores your passwords and other personal information in a secure, encrypted database on your computer. The passwords which have been saved can only be decrypted using a master password or another method of authentication specified by the user, which ensures security and prevents your information from being stolen by cybercriminals. Password Manager inserts information directly into web resources and applications without using the keyboard and effectively protects your passwords against keyloggers (a keylogger is

348 | 7 4 6

Kaspersky CRYSTAL 2.0

a malicious program that tracks the sequence of keystrokes on the keyboard in order to record a users personal information, such as passwords). Password Manager effectively combats phishing attacks as it verifies the authenticity of web addresses and the software version before any passwords are inserted. Accounts You can use several user accounts for one website (application), or one account for several websites (applications). Identification cards Password Manager allows long registration forms to be completed automatically based on identification cards containing personal data which the user creates in advance. Several cards can be used to store business and personal information separately (e.g. first and last name, year of birth, sex, email address, telephone number, country of residence, etc.). Secure memos Password Manager enables you not only to securely store logins and passwords but also personal records which you would like to remain confidential such as: SIM card PIN codes, software keys, passport details, etc. It is possible to use templates with standard data types when creating a secure memo. Secure exchange of account details Sometimes we need to share our login and password to a certain resource with family and friends. To avoid sending your confidential information openly, take advantage of the new option included in Password Manager that allows the exchange of encrypted login information. After a predetermined period of time, the product will remind you that the account information has been shared with another user and you will be able to modify the access parameters to ensure security. Various authentication methods You can decrypt you password databases in Password Manager using a Master Password, removable USB or Bluetooth device (for example, using your mobile device). Password generator The generator included in Password Manager will help you to create strong passwords that would be difficult for cybercriminals to crack. One database for all passwords You can import your passwords and personal data stored in web browsers and other applications to Password Manager. You can also unite different password databases into just one (for example, databases on different computers). Portable version

349 | 7 4 6

Kaspersky CRYSTAL 2.0

A portable version of the program enables you to use the password database on any computer without installing Password Manager. The version can be launched from various external memory devices, e.g. a USB or a flash drive. When the removable media is disconnected, Password Manager will automatically close and your data will be removed from the computer.

Starting Password Manager


What is Master Password Password Manager includes different protection methods against unauthorized access to your password database. One of these protection methods is Master Password. Master Password is your personal key to access your password database containing your passwords and other personal data. Without Master Password it is impossible to access the password database. Keep it in secret. When creating your Master Password, it is recommended to follow the following recommendations: a password can contain digits, Latin characters, space and special characters (., ,, ?, !, <, >, , etc.); You must not use in the password: words found in a dictionary or set expressions; any easy-to-guess sequence like: qwerty, 123456789, qazxsw etc.; personal data: first and last names, addresses, passport numbers, social security numbers etc.; it is strongly advised not to reuse the passwords which you use to run other programs (e-mail, databases, etc). Creating Master Password The Password Manager Configuration Wizard will start automatically at first Password Manager launch. To start working with Password Manager go through configuration steps: 1. In the Password Manager window click on the Start Password Manager button.

350 | 7 4 6

Kaspersky CRYSTAL 2.0

2. On the Master Password step, enter your master password in the Master Password and Confirm Master Password fields. Read carefully information about the importance of Master Password and then check the corresponding box and click Next. (See above recommendations on how to create a strong master password).

351 | 7 4 6

Kaspersky CRYSTAL 2.0

3. On the Access control step, select the required authorization method from the dropdown menu and click Next.

To access the password database you can select one of the following authentication methods: 352 | 7 4 6

Kaspersky CRYSTAL 2.0

Password protection. The password will be used to access the password database. USB device. An USB device will be used to access the password database. If the USB device is not connected, password database will be inaccessible. Bluetooth device. A Bluetooth device will be used to access the password database. If the Bluetooth device is not connected, password database will be inaccessible. No authorization. The password database will not be protected.

By default, the Password protection option is selected. It allows you to remember only one password to access the password database. Master Password is the main access method to the password database. If authorization with a device is selected and the device is inaccessible (for example, it was lost), you can use your master password to access the password database and your personal data. 4. On the Locking timeout step, from the drop-down menu select the time when Password Manager will be automatically locked and check the box Request Master Password when Password Manager starts. Click Next.

5. Select browsers in which special plug-ins of Password Manager will be installed. Close all windows of selected web browsers and click on the Next button.

353 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Configuration of Password Manager completed. Click Finish to start working with Password Manager

354 | 7 4 6

Kaspersky CRYSTAL 2.0

Locking Password Manager By default, Password Manager locks the database at first start and after the specified locking time. You can lock/unlock the database with the following methods: From the Password Manager window; Using USB or Bluetooth device only for authorization methods by USB or Bluetooth device; From the context menu; By key combination CTRL + ALT + L. In order to enter a password, you can a special tool Virtual Keyboard. You can lock/unlock Password Manager with the following methods: From the main application window; From the context menu. In order to lock Password Manager from the main application window, perform the following actions: 1. In the lower part of the main application window, click on the Password Manager button.

2. In the Password Manager window, click on the Lock Password Manager.

355 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to lock Password Manager from the context menu, perform the following actions: 1. Right-click the Kaspersky PURE 2.0 icon in the Taskbar notification area. 2. From the open context menu select Lock Password Manager.

356 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to unlock Password Manager from the main application window, perform the following actions: 1. In the lower part of the main application window, click on the Password Manager button. 2. In the Password Manager window, click on the Unlock Password Manager.

3. Enter your Master Password for Password Manager and click on the Unlock button.

In order to unlock Password Manager from the context menu, perform the following actions:

357 | 7 4 6

Kaspersky CRYSTAL 2.0

1. Right-click on the Kaspersky PURE 2.0 icon in the Taskbar notification area. 2. Select Unlock Password Manager.

3. Enter your Master Password for Password Manager and click on the Unlock button.

Password Manager Settings window The settings window can be opened from the Password Manager window. The settings window contains the list of the component functions and the list of settings for the specified function.

358 | 7 4 6

Kaspersky CRYSTAL 2.0

Password database window The password database window can be opened from the Password Manager window. The password database contains all your accounts to web-sites and applications, personal notes and identities.

359 | 7 4 6

Kaspersky CRYSTAL 2.0

Caption button of Password Manager The caption button is displayed in the top part of the browser (application). If Password Manager is locked, the Caption Button is inactive. With the Caption Button you can perform the following actions: Add an account (identity) to the database; Add a bookmark; Edit exiting accounts (identities); Open the Password generator and passwords history; Quickly authorize on a website (in an application) using an existing account (identity); Quickly open a website for which an account exists; Open Password Manager.

360 | 7 4 6

Kaspersky CRYSTAL 2.0

Adding account to Password database


Adding website account to Password database In order to add a website account to the password database, perform the following actions: 1. Open the authorization page of the required website (for example, http://facebook.com). 2. Enter your login and password in the corresponding fields. When you click the button to continue authorization, the Password Manager window will ask you whether you wish to add a new account to the Password database. 3. Click on the Add Account button.

361 | 7 4 6

Kaspersky CRYSTAL 2.0

To log in a website using Password Manager, perform the following actions: 1. In the browser open the authorization page on the required website The Caption Button appears in all browsers supported by Password Manager (it normally resides in the top part of the window). 2. Click the Caption Button and in the drop-down menu select the required account to log in.

Password Manager will automatically sign you in. You can also manually add a website account to the Password database. In order to do this, perform the following actions: Using the caption button. Click on the Caption Button and select Web Accounts -> Add Account.

362 | 7 4 6

Kaspersky CRYSTAL 2.0

From the application context menu. Click on the Kaspersky PURE 2.0 icon located in the Taskbar notification area and select Add -> Web Account from the open menu.

From the main window of Password Manager. In order to add a new website account from the main window of Password Manager, perform the following actions:

363 | 7 4 6

Kaspersky CRYSTAL 2.0

1. Open the main application window of Kaspersky PURE 2.0. 2. In the lower part of the window, click on the Password Manager button. 3. In the Password Manager window click on the Add Password or Password Database button.

4. If you have selected Password Database, in the upper part of the open window, click on the Add Account button.

364 | 7 4 6

Kaspersky CRYSTAL 2.0

If you have selected the Add Password item, the Add Account window will appear.

5. Enter or edit data in the Name, Link, Login and Password fields. 365 | 7 4 6

Kaspersky CRYSTAL 2.0

If you click on the Add description button next the Login field, the Description field to enter your login description information will appear.

366 | 7 4 6

Kaspersky CRYSTAL 2.0

If you wish Password Manager automatically fills in the authorization fields of the website and signs in, check the Automatic authorization box.

367 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want to add a date when the password for the account expires, perform the following actions: a) Click on the Password never expires link. From the open menu select Password expires.

b) In the appeared date field, enter the required date when the password expires.

368 | 7 4 6

Kaspersky CRYSTAL 2.0

Click on the Password Generator button to automatically create a strong password. Using Password Generator you can create strong password by specified conditions (special characters, numbers and symbols use). You can find detailed description of Password Generator in the Password Generator section.

By clicking on the Show additional fields button you can specify the default browser where the account opens (at Password Manager start), link the account to a specific web page, manually configure the login form and add comments to the account.

369 | 7 4 6

Kaspersky CRYSTAL 2.0

Click on the Configure manually link in the Login form line to manually configure authorization fields. In the Manual form editing window you can configure field correspondence with entered data. In the description column you can find action to be performed with the field.

In order to save the changes, click on the OK button. 6. To add the created web account to the Password Database click on the Add button in the lower part of the window.

370 | 7 4 6

Kaspersky CRYSTAL 2.0

The web account has been added to the Password Database.

Adding account for application to Password database The Caption button is located on the upper part of application window. Using the button you can quickly add an account to the password database and authorize in an application. In order to add your account for an application to the password database using the Caption button, perform the following actions: 1. Launch an application (for example, gtalk) 2. Click on the Caption Button and select Add Account.

3. In the open window specify your login and password in the Login and Password fields. 4. Click on the Add Account button.

371 | 7 4 6

Kaspersky CRYSTAL 2.0

The account has been added to the Password database. In order to sign in using Password Manager, perform the following actions: 1. Open the authorization window of the application (for example, gtalk). 2. Click on the Caption Button and select the required user to sign in from the drop-down menu (for example, user).

Password Manager will automatically sign the user in. You can also manually add an account for an application to the password database of Password Manager. You can open the window of adding accounts with the following methods: From the context menu of Kaspersky PURE 2.0 To do this, perform the following actions: 1. In the Taskbar notification area right-click the Kaspersky PURE 2.0 icon and select Add. 2. From the open menu select App Account.

372 | 7 4 6

Kaspersky CRYSTAL 2.0

From the Password Manager window. In order to add a new account for an application from the Password Manager window, perform the following actions: 1. Open the main application window. 2. In the lower part of the window click on the Password Manager window. 3. In the Password Manager window click on the Password Database button.

373 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the left part of the window select App Accounts and click on the Add Account button.

374 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the Add App Account select the application to create the account for. You can do this with the following methods:

Drag the pointer icon to the open window of the application. Select the application by clicking on the Browse button.

6. In the upper part of the window enter the required name for the account.

375 | 7 4 6

Kaspersky CRYSTAL 2.0

7. Enter your login in the Login field. If you click on the Add description button the Description field will appear. You can enter the required description of the account.

376 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want Password Manager automatically enters your authentication data in the application and signs you in, check the Automatic authorization box. 8. You can also specify a date when the account password expires. In order to do this, perform the following actions: a. Click on the Password never expires link and select Password expires from the drop-down menu.

b. In the open field specify the required date when the password expires.

9. Click on the Password Generator button to automatically create a strong password. Using Password Generator you can create strong password by specified conditions (special characters, numbers and symbols use). You can find detailed description of Password Generator in the Password Generator section. 10. Click on the Show additional fields button to open additional settings.

377 | 7 4 6

Kaspersky CRYSTAL 2.0

11. You can link the account to: particular window, window caption, application, application and caption.

12. You can configure the authorization form filling in manually and specify some comments.

378 | 7 4 6

Kaspersky CRYSTAL 2.0

Click on the Configure manually link. In the open window you can configure automatic form authorization filling in. The Description column contains information on actions to be performed with the corresponding field.

13. Click on the Add button to complete account creation. The account for the application has been added to the password database of Password Manager.

Adding and using Identities Password Manager can fill in web-forms for registration or online banking using existing identities with your personal information (for example, full name, birth date, e-mail addresses, phone numbers, country of living, bank accounts information). You can add an identity with the following methods:

379 | 7 4 6

Kaspersky CRYSTAL 2.0

Using the Caption Button. To do this, click on the Caption Button and select Identities -> Add Identity.

From the context menu of Kaspersky PURE 2.0. To do this, right-click the Kaspersky PURE 2.0 icon in the Taskbar notification area and select Add -> Identity from the open menu.

From the Password Manager window. In order to add an Identity from the Password Manager window, perform the following actions: 1. Open the Password Manager window.

380 | 7 4 6

Kaspersky CRYSTAL 2.0

2. Click on the Add Identity button.

3. In the left part of the open window select Identities.

381 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the upper part of the window enter the required type of the Identity (for example, Work). 5. Fill in the required fields in the Personal section. Password Manager can store several credit cards data in one identity. 6. In order to add an additional credit card (bank account), click on the Add button and select Credit card (Bank account).

382 | 7 4 6

Kaspersky CRYSTAL 2.0

7. Click on the Save button to save the changes. In order to apply an Identity, perform the following actions: 1. Open the required page with identity fields. 2. Click on the Caption Button and from the open menu select Identities -> <name of the identity>.

Password Manager automatically fills in identity fields.

383 | 7 4 6

Kaspersky CRYSTAL 2.0

Adding and using bookmarks In Password Manager you can add and manage bookmarks for web pages. You can add bookmarks with the following methods: Form the context menu of Kaspersky PURE 2.0 Using Caption Button (normally the button is located in the upper right hand part of the browser). From the Password Manager window. In order to add a bookmark from the context menu of Kaspersky PURE 2.0, perform the following actions: 1. Right-click the Kaspersky PURE 2.0 icon the Taskbar notification area. 2. Select the Add item. 3. Select Bookmark from the open menu.

In order to add a bookmark using the Caption Button (it normally resides in the upper right hand part of the browser), click on the Caption Button and select Bookmarks -> Bookmark this web page from the open menu.

384 | 7 4 6

Kaspersky CRYSTAL 2.0

In order to add a bookmark from the Password Manager window, perform the following actions: 1. In the Password Manager window click on the Password Database button. 2. In the left part of the open window select Bookmarks and then click on the Add Bookmark in the right part of the window.

385 | 7 4 6

Kaspersky CRYSTAL 2.0

3. Enter the name of the bookmark in the Name field and address to the web page in the Link field.

In order to open a web page using the corresponding bookmark click on the Caption Button and select Bookmarks -> <name of the bookmark>.

386 | 7 4 6

Kaspersky CRYSTAL 2.0

Adding Secure memos Password Manager enables you not only to securely store logins and passwords but also personal records which you would like to remain confidential such as: SIM card PIN codes, software keys, passport details, etc. It is possible to use templates with standard data types when creating a secure memo. You can edit secure memos settings after adding them. You can create a secure memo with the following methods: From the Kaspersky PURE 2.0 context menu In order to do this, perform the following actions: 1. Right-click on the Kaspersky PURE 2.0 icon in the Taskbar notification area, 2. Select Add -> Secure Memo.

From the Password Manager window. In order to create a secure memo from the Password Manager window, perform the following actions: 1. Open the Password Manager window. 2. In the left part of the window click on the Password Database button.

387 | 7 4 6

Kaspersky CRYSTAL 2.0

3. In the left part of the open window select Secure Memos. In the right part of the window click on the Add Secure Memo button.

388 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the upper part of the window enter the memo name in the empty field.

389 | 7 4 6

Kaspersky CRYSTAL 2.0

5. Click on the button to select a type of the memo. Otherwise, the Default memo type will be selected.

Each memo type has its own icon. When you select a specific memo type, you will be able to identify your secure memos by icons.

390 | 7 4 6

Kaspersky CRYSTAL 2.0

6. You can select a specific memo template. Each memo template contains already added fields to fill in. Kaspersky PURE 2.0 provides the following templates: Software license; Credit card; Bank account; ID card; Drivers license; Passport; Travel viza; Voter card; Student card; Internet settings. In order to select the required template, click on the Template button and select the required template from the open menu.

391 | 7 4 6

Kaspersky CRYSTAL 2.0

7. You can also create your own templates. In order to do this, enter the required data in the entry field and then click on the Template button and select Save as template from the open menu.

392 | 7 4 6

Kaspersky CRYSTAL 2.0

In the open window enter the templates name.

8. Enter the required data in the text editor field. 9. Click on the Add button to save the created secure memo.

393 | 7 4 6

Kaspersky CRYSTAL 2.0

Password database managing


Importing/exporting password database Password Manager can import and export your password databases. You can import both passwords from other password management applications (e.g. Internet Explorer, Mozilla Firefox, Google Chrome), and passwords from other password management applications (for example, KeePass). Passwords are imported from the files with the xml, ini formats. You can also save the Password Database on the computer. Passwords are exported to .xml, .html and .txt files. Export is convenient for opening general access passwords, printing the Password Database, or saving a backup copy of the Password Database to a file in a different format (different from the Password Manager format). Importing Password Database In order to import a password database to the database of Password Manager, perform the following actions: 1. Open the Password Manager window. 2. In the left part of the window click on the Password Database button. 3. In the bottom part of the window click on the Import link.

394 | 7 4 6

Kaspersky CRYSTAL 2.0

4. In the Import passwords window select the required application to import passwords from and then click on the Import passwords button.

395 | 7 4 6

Kaspersky CRYSTAL 2.0

5. In the open window select the required extension of files to be displayed (xml or pws), select the database to import and click on the Open button.

396 | 7 4 6

Kaspersky CRYSTAL 2.0

6. Perform one of the following actions: If you wish to delete the current password database and use the imported one, click on the Overwrite button.

In the window informing that Password Database has been successfully imported from file click on the OK button.

397 | 7 4 6

Kaspersky CRYSTAL 2.0

Passwords import has been completed. If you wish to add passwords from the selected database to the current password database, click on the Merge button.

In the Import passwords window check boxes next to required accounts to be imported. In order to import all accounts for a specific application/web page check the box next to the required application/web page and then click on the Import button.

398 | 7 4 6

Kaspersky CRYSTAL 2.0

Passwords import has been completed. Exporting Password Database In order to export the password database to a file, perform the following actions: 1. Open the Password Manager window. 2. In the left part of the window click on the Password Database button. 3. In the bottom part of the open window click on the Export data link.

399 | 7 4 6

Kaspersky CRYSTAL 2.0

4. On the Export type step in the Password Manager Data Export Wizard window select Export the entire database.

400 | 7 4 6

Kaspersky CRYSTAL 2.0

If you want to export specific data, select the Select data to be exported manually option and click Next. On the Select Data step, check the boxes to the required data to be exported and click on the Next button. You can exclude login and password data from information to be exported. In order to do this, check the box Exclude login information from exported accounts. Click on the Next to proceed.

401 | 7 4 6

Kaspersky CRYSTAL 2.0

5. On the Export Settings step, select Secure export (recommended). Click on the Next button.

402 | 7 4 6

Kaspersky CRYSTAL 2.0

To password-protect the data enter your password in the Password and Confirm password fields. If you have selected the option Exclude login information from exported accounts the option Specify password expiration date on the step will not be available. In order to return to the previous step, click on the Back button. If you the option Exclude login information from exported accounts has not been selected, you can specify the password expiration date. Click on the Next button to proceed with data export.

403 | 7 4 6

Kaspersky CRYSTAL 2.0

Not encrypted files containing exported data are not protected. If you want to select an It is recommended to encrypt the file which will contain your personal data. In order to encrypt the exported file, select Secure export (recommended). extension of the file which will contain your data, select Export without encryption and then select the required file extension from the drop-down menu. In order to proceed with data export, click on the Next button.

In the open window informing that data will not be encrypted click on the OK button.

6. On the Destination folder step, select Destination folder and file name for the exported data.

404 | 746

Kaspersky CRYSTAL 2.0

You can also send the created file by email. In order to do this, select the Send by email option. The option is available only if an email client is installed on the computer (for example, Microsoft Outlook). Click on the Next button. 7. On the Summary step, check whether the specified parameters are correct. Click on the Export button.

405 | 746

Kaspersky CRYSTAL 2.0

Your data have been exported to the file. 8. Click on the Finish button to exit from the Wizard.

406 | 746

Kaspersky CRYSTAL 2.0

Backup copies of Password Database Each time you edit the password database Password Manager creates backup copies of the database. Files of backup copies are encrypted. In the Password Manager interface backup copies of the password database are displayed in the list sorted out by backup time. Files are provided with the following additional data: Current folder; Backup date and time; Performed changes. Restoring data from backup copies You can use backup copies for the following purposes: To restore the password database; To delete old versions of backup copies; To change the store folder. You can restore the password database if: You need to cancel last changes; The password database was deleted or overwritten; The current password database is not damaged or corrupted after system failures. In order to restore the password database from a backup copy, perform the following actions: 1. Open the main application window. 2. In the bottom part of the window click on the Password Manager button. 3. In the Password Manager window click on the Password Database button. 4. In the bottom part of the window click on the Restore data link.

407 | 746

Kaspersky CRYSTAL 2.0

5. The path to the folder to store backup copies is specified by default. You can change the default folder by clicking on the button in the upper part of the Restore window.

408 | 746

Kaspersky CRYSTAL 2.0

6. Select the required backup copy from the list and click on the Restore button.

409 | 746

Kaspersky CRYSTAL 2.0

7. In the open window confirm restoration by clicking on the OK button.

Deleting old backup copies In order to delete unneeded backup copies of the password database, perform the following actions: 1. Open the main application window. 2. In the lower part of the window click on the Password Manager. 3. In the Password Manager window click on the Password Database button. 4. In the bottom part of the window click on the Restore data link. 5. In the Restore window select backup copies to delete. To select several backup copies keep the Ctrl key pressed and select them in the list.

410 | 746

Kaspersky CRYSTAL 2.0

6. Click on the Delete button.

7. In the open window click on the OK button to confirm deletion.

Configuring Password Manager


You can configure settings of Password Manager by clicking on the Settings button in the Password Manager window. In order to open the Settings window of Password Manager, perform the following actions: 1. In the main application window click on the Password Manager window. 2. In the left part of the Password Manager window click on the Settings button.

411 | 746

Kaspersky CRYSTAL 2.0

3. In the left part of the Password Manager Settings window select the required item. You can select one of the following options: General. Here you can: Enable/disable automatic start of Password Manager on Kaspersky PURE 2.0 startup; Select action to be performed on the Password Manager icon double-click; Enable asking for confirmation of paste from clipboard; Specify time to store password in the clipboard.

412 | 746

Kaspersky CRYSTAL 2.0

Ignored web addresses. In this section you can add addresses of web-sites for which you want to disable Password Manager. You can add, edit or delete an address from the list.

413 | 746

Kaspersky CRYSTAL 2.0

Trusted web addresses. In this section you can add trusted web addresses which you trust. Password Manager protects personal data from phishing attacks.

Sometimes there are situations when after signing in you are redirected to another web page. Password Manager detects redirection and blocks it. In order Password Manager trusts a web page to which you are redirected, you can add the web page to the list of trusted web addresses. In this case Password Manager will not block redirection. Please, make sure the web page is safe before adding it to the list of trusted web addresses. You can add, edit or delete an address from the list.

414 | 746

Kaspersky CRYSTAL 2.0

Ignored applications. In this section you can add applications for which you want to disable Password Manager. You can add or delete an application from the list.

415 | 746

Kaspersky CRYSTAL 2.0

Security. In this section you can: Change your Master Password; Change authorization method (password protection, USB device, Bluetooth device, no authorization) Enable automatic locking of Password Manager.

416 | 746

Kaspersky CRYSTAL 2.0

My passwords. In this section you can: Specify a folder to store your password database; Create a new password database; Specify a folder to store backup copies; Specify a number of backup copies to store; Specify time period to store a backup copy; Change the database encryption algorithm.

417 | 746

Kaspersky CRYSTAL 2.0

Hot keys. In this section you can set hot keys for Password Manager actions. You can specify key combinations for the following actions: Locking/unlocking Password Manager; Password entering; Quick launch box opening.

418 | 746

Kaspersky CRYSTAL 2.0

Caption Button. In this section you can: Change the Caption Button location; Enable/disable the Caption Button display if Password Manager is locked; Enable/disable the Caption Button display in web browsers.

419 | 746

Kaspersky CRYSTAL 2.0

Supported browsers. This section contains the list of supported browsers. You can install the Password Manager plug-in to a browser.

420 | 746

Kaspersky CRYSTAL 2.0

Manage templates. In this section you can add, edit or delete templates for secure memos.

421 | 746

Kaspersky CRYSTAL 2.0

Miscellaneous. In this section you can configure the Password Manager and browser notifications.

422 | 746

Kaspersky CRYSTAL 2.0

Portable version of Password Manager


With portable version created you can connect a removable device to any computer and use your password database. As soon as a removable device is disabled, Password Manager automatically closes and removes all of your data from the public computer. To create a portable version of Password Manager, perform the following actions: 1. Connect the removable device to the computer. 2. Open the Password Manager window. 3. In the left part of the Password Manager window click Portable Version.

423 | 746

Kaspersky CRYSTAL 2.0

4. In the list of available devices select the device to install the portable version of Password Manager on it. Click on the Next button.

424 | 746

Kaspersky CRYSTAL 2.0

5. If the required device is connected to the computer but missing from the list of available devices, check the box Show additional drives. 6. Specify the required settings (check boxes for the required options).

425 | 746

Kaspersky CRYSTAL 2.0

7. Click on the Execute button. 8. In the window informing that Installation/Synchronization completed successfully click on the Finish button.

Now you can use the portable version of Password Manager .

Virtual Keyboard
When working on your computer, the cases frequently occur when it is required to enter your personal data, or username and password. For instance, when registering on Internet sites, using online stores etc. There is a danger that this personal information will be intercepted using hardware keyboard interceptors or keyloggers, which are programs that register keystrokes. Virtual Keyboard prevents the interception of data entered at the keyboard. Virtual Keyboard cannot protect your personal data if the website, that required entering such data, has been hacked, since in this case the information will be obtained directly by the intruders. Many of the applications classified as spyware have the functions of making screenshots which then are transferred to an intruder for further analysis and for stealing the user's personal data. Virtual Keyboard prevents the personal data being entered, from being intercepted with the use of screenshots. Before using Virtual Keyboard, see its working peculiarities: Before you enter your data with the virtual keyboard, make sure the cursor is set in the correct field. 426 | 746

Kaspersky CRYSTAL 2.0

Press the button on the virtual keyboard using the mouse. Unlike on real keyboard, on the virtual keyboard you cannot press two keys simultaneously. That is why if you need to use the combinations of keys (for example, ALT+F4), you need to press the first key (ALT), then the next (F4) and then press the first one again. Repetitive pressing substitutes release of a key on a real keyboard. You can switch the language for the virtual keyboard using the key combination Ctrl + right-clicking Shift, or Ctrl + right-clicking Left Alt, depending on the settings selected.

You can start virtual keyboard with the following methods: From the Password Manager window; From the context menu of Kaspersky PURE 2.0; From the browser Microsoft Internet Explorer, Mozilla Firefox and Google Chrome; Using the keys combination CTRL+ALT+SHIFT+P. In order to open Virtual Keyboard from the Password Manager window, click on the Virtual Keyboard button.

427 | 746

Kaspersky CRYSTAL 2.0

In order to open Virtual Keyboard from the Kaspersky PURE 2.0 context menu, right-click on the Kaspersky PURE 2.0 icon in the Taskbar notification area and select Tools -> Virtual Keyboard from the open menu.

428 | 746

Kaspersky CRYSTAL 2.0

In order to open Virtual Keyboard from a browser, click on the Keyboard icon in the upper part of the browser.

Password Generator
What is Password Generator During an account creation you need to specify a new account. A special tool for automatic password creation Password Generator is embedded into Password Manager. Using Password Generator you can create unique and strong passwords (with lower- and uppercase letter, digits and special symbols).

Creating password for account In order to create a password for web or app account, perform the following actions: 1. Open the Password Manager window. 2. In the lower part of the window click on the Password Generator.

429 | 746

Kaspersky CRYSTAL 2.0

3. In the Password Generator window in the Password length field specify the number of symbols in the password (not less than 8 symbols are recommended).

430 | 746

Kaspersky CRYSTAL 2.0

4. In the Advanced settings section check the boxes for the required settings (use of A-Z, a-z, numbers 0-9 and special symbols). You can disable use of similar symbols by checking the box Exclude repeating characters. The more boxes are checked, the stronger password will be created.

5. Click on the Generate button. 6. In the Strength section Password Generator shows how your password is strong according to the specified parameters.

431 | 746

Kaspersky CRYSTAL 2.0

The generated password appears in the empty field. 7. To view the password click on the button in the password field. The password is displayed while you keep the button pressed.

8. Click on the Copy to clipboard button. Clipboard is a special storage designed to store copied data and transfer it between applications.

9. Paste the password to the authorization field by pressing the key combination Ctrl + V.

432 | 746

Kaspersky CRYSTAL 2.0

10. To view history of created password, in the Password Generator window go to the Passwords History tab. You can copy a password from the list to Clipboard or clear the history by clicking on the corresponding buttons.

433 | 746

Kaspersky CRYSTAL 2.0

Chapter 13. Settings. Protection


The section provides detailed information about all application components, describing the operational algorithm and settings of each component. To start advanced application setting, open the settings window with one of the following methods: Click the Settings link in the top part of the main application window.

Select the Settings item from the context menu of the application icon.

434 | 746

Kaspersky CRYSTAL 2.0

In the top left part of the Settings window select Protection:

435 | 746

Kaspersky CRYSTAL 2.0

General protection settings

In the application settings window, in the General Settings subsection of the Protection Center section, you can perform the following operations: enable/disable all protection components; select the interactive or automatic protection mode; disable or enable automatic launch of the application at the startup of the operating system; enable a custom key combination to display the virtual keyboard on the screen.

Enabling and disabling protection By default, Kaspersky PURE 2.0 is started automatically at computer startup and protects your computer during its operational session. After the application is started, all the application components are enabled. You can partially or entirely disable protection in Kaspersky PURE 2.0. Kaspersky Lab experts strongly recommend not to disable protection as it may lead to your computer infection and data loss. If you need to disable protection, you are recommended to pause protection for the required period (see below). 436 | 746

Kaspersky CRYSTAL 2.0

When the protection is disabled, work of all protection components is disabled. There are the following indications of disabled protection: Grey Kaspersky icon in the Taskbar notification area.

Red banner in the main application window.

In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components does not affect the performance of virus scan tasks and Kaspersky PURE 2.0 updates. You can fully enable or disable protection from the application settings window. To disable or enable protection, perform the following actions: 1. Open the application settings window. 2. In the left part of the window in the Protection Center section select the General Settings subsection. 3. Uncheck the Enable protection box if you need to disable protection. Check the box, if you need to enable protection.

437 | 746

Kaspersky CRYSTAL 2.0

To disable or enable a protection component from the settings window, perform the following actions: 1. Open the application settings window. 2. In the left part of the window in the Protection Center section select a component you need to enable or disable. 3. In the right part of the window uncheck the box Enable <component name>, if you need to disable the component. Check the box, if you need to enable the component.

Pausing and resuming protection Protection pausing means disabling all application components for a specific time. There are the following indications of protection pause:

438 | 746

Kaspersky CRYSTAL 2.0

Grey Kaspersky icon in the Taskbar notification area.

Red central part in the main application window.

In this case, the protection is regarded as the set of protection components. Disabling or pausing protection components does not affect the performance of virus scan tasks and Kaspersky PURE 2.0 updates. Network connections established at the moment of protection pause will be terminated and a corresponding notification will be displayed on the screen. To pause computer protection, perform the following actions: 1. Select the Pause protection item from the context menu of the application.

439 | 746

Kaspersky CRYSTAL 2.0

2. In the Pause protection window select the required variant: Pause for the specified time protection is automatically enabled after a specified time interval. Pause until reboot protection is enabled after the application is restarted or the operating system is rebooted (if automatic startup of the application is enabled). Pause protection is enabled only when you decide to resume it.

In order to resume protection, select the Resume protection item from the context menu of the application icon.

440 | 746

Kaspersky CRYSTAL 2.0

You can resume protection this way (by selecting the Resume protection item from the context menu of the application icon) irrespective of the pause protection variant you have selected: should it be the Pause, Pause until reboot or Pause for the specified time variant.

Selecting protection mode By default, Kaspersky PURE 2.0 runs in automatic protection mode. In this mode the application automatically applies actions recommended by Kaspersky Lab experts in response to dangerous events. If you wish Kaspersky PURE 2.0 to notify you of all hazardous and suspicious events in the system and to allow to decide which of the actions offered by the application should be applied, you can enable interactive protection mode. To select a protection mode, perform the following actions: 1. Open the application settings window. 2. In the left part of the window in the Protection Center section select General Settings. 3. In the Interactive protection section uncheck or check the boxes you need: to enable interactive protection mode, uncheck the Select action automatically box; to enable automatic protection mode, check the Select action automatically box. To prevent Kaspersky PURE 2.0 from deleting suspicious objects in automatic mode, check the Do not delete possibly infected objects box.

441 | 746

Kaspersky CRYSTAL 2.0

Enabling and disabling autorun Automatic launch of the application means that Kaspersky PURE 2.0 launches after the operating system startup. This is the default start mode. In order to enable or disable the application autorun, perform the following actions: 1. Open the application settings window. 2. In the left part of the window in the Protection Center section select General Settings. 3. To disable the application autorun, in the right part of the window in the Autorun section uncheck the Launch Kaspersky PURE 2.0 at computer startup box. To enable the application autorun, check the box.

442 | 746

Kaspersky CRYSTAL 2.0

Virtual keyboard The Virtual Keyboard tool prevents the interception of data entered via the keyboard. To open the Virtual Keyboard using the computer keyboard, use the following key combination: CTRL + ALT + SHIFT + P. By default, the option to start the virtual keyboard using the hot keys is enabled. To cancel launch of the virtual keyboard using the hot keys, perform the following actions: 1. Open the application settings window. 2. In the left part of the window in the Protection Center section select General Settings. 3. To cancel launch of the virtual keyboard using the hot keys, in the right part of the window in the Virtual Keyboard section uncheck the Open Virtual Keyboard on CTRL+ALT+SHIFT+P box.

443 | 746

Kaspersky CRYSTAL 2.0

444 | 746

Kaspersky CRYSTAL 2.0

Self-Defense
Kaspersky PURE 2.0 protects a computer from malware. Therefore, malware which penetrate into the computer tries to block work of Kaspersky PURE 2.0 or remove the application from the computer. Stable computer protection system is provided by the self-defense and disabling external service control technologies of Kaspersky PURE 2.0. Self-Defense of Kaspersky PURE 2.0 blocks outside attempts to modify or delete the application files, memory processes and system registry records. The Disable external service control option blocks all attempts to control services remotely. On computers working under 64-bit operating systems and Microsoft Windows Vista only selfdefense from attempts to modify or delete the application files, memory processes and system registry entries is available.

Enabling and disabling self-defense By default, Self-Defense of Kaspersky PURE 2.0 is enabled. If you need you can disable selfdefense. In order to enable or disable self-defense of Kaspersky PURE 2.0, perform the following actions: 1. Open the main application window. 2. In the top part of the window click Settings. 3. In the left part of the window select Self-Defense in the Protection Center section. 4. In the right part of the window clear the Enable Self-Defense box if you need to disable the application self-defense. Check the box if you need to enable self-defense.

445 | 746

Kaspersky CRYSTAL 2.0

Protection from external control By default, the Disable external service control option is enabled. You can disable it if you need. In some cases, when the option of remote control block is enabled, you may need to use a remote control program (for example, RemoteAdmin). In order to provide proper work of such programs, it is required to add them to the list of trusted application (HERE WILL BE A LINK) and enable the parameter Do not monitor application activity. In order to disable remote control block, perform the following actions: 1. Open the main application window. 2. In the top part of the window click Settings. 3. In the left part of the window select Self-Defense in the Protection Center section. 4. In the right part of the window in the External control section clear the Disable external service control box.

446 | 746

Kaspersky CRYSTAL 2.0

447 | 746

Kaspersky CRYSTAL 2.0

File Anti-Virus
What is File Anti-Virus The file system may contain viruses and other malicious programs. Such malware may reside in your file system for several years having once intruded your computer and not reveal themselves. However once you open an infected file or, for example, try to copy it on the disk, the virus will reveal itself. The File Anti-Virus component monitors the computer file system and prevents infection of the computer's file system. The component starts upon startup of the operating system, continuously remains in the computer's RAM, and scans all files being opened, saved, or launched on your computer and all connected drives.

Enabling/Disabling File Anti-Virus To enable/disable File Anti-Virus, perform the following actions: 1. Open the application settings window. 2. In the Settings window in the Protection Center section select File Anti-Virus from the list of components. 3. In the right part of the window perform the following actions: To enable the component, check the Enable File Anti-Virus box. To disable the component, uncheck the Enable File Anti-Virus box.

448 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button.

Operating algorithm of File Anti-Virus By default, File Anti-Virus operates according to the following algorithm: File Anti-Virus scans iChecker and iSwift databases (you can read about these technologies in the documentation to this video a download link is available under the video window) or information about the intercepted file, and determines if it should scan the file, based on the information retrieved. The file is scanned for viruses. Based on the analysis, File Anti-Virus performs one of the following actions: If malicious code is detected in the file, File Anti-Virus blocks the file, creates a backup copy and attempts to perform disinfection. If the file is successfully disinfected, it becomes available again. If disinfection fails, the file is deleted. If potentially malicious code is detected in the file, the file proceeds to disinfection and then is sent to the special storage area called Quarantine. If no malicious code is discovered in the file, it is immediately restored.

449 | 746

Kaspersky CRYSTAL 2.0

Security levels of File Anti-Virus The security level is defined as a preset configuration of the File Anti-Virus component settings which provide a protection level to files and system memory. Kaspersky Lab specialists distinguish three security levels. The decision of which level to select should be made by the user based on the current situation. High. Set this level if you suspect that your computer has a high chance of being infected. Recommended. This level provides an optimum balance between the efficiency and security and is suitable for most cases. Low. If you work in a protected environment (for example, in a corporate network with centralized security management), the low security level may be suitable. To change the security level, perform the following actions: 1. In the right part of the Settings window of the File Anti-Virus component set a security level by dragging the vertical slider to the required position. 2. In the Settings window click the Apply button.

450 | 746

Kaspersky CRYSTAL 2.0

Actions to be performed by File Anti-Virus on detected threats Default actions By default program chooses the actions on detected objects itself. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. Quarantine is a special storage, which contains objects that can be infected viruses. Objects in the quarantine cannot harm your computer. If as a result of the scan object is given the status of malicious software, File Anti-Virus will try to disinfect it. If the disinfection is impossible, the object is deleted. Before disinfecting or deleting of the object Kaspersky PURE 2.0 creates its backup in case there is necessity to restore the object or in case the way to disinfect the object turns up. The storage period for a backup copy makes 30 days. Actions set by the user You can set the action to be performed on detected threats by yourself. File Anti-Virus can perform the following actions on detected threats: Disinfect; Delete; Delete if disinfection fails (appears if Disinfect option is enabled).

451 | 746

Kaspersky CRYSTAL 2.0

If the Disinfect variant is selected, the program functions the following way: If the object can be disinfected, it will be disinfected and will return to the user. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. If the virus status is assigned to the object and its disinfection is impossible, the object is blocked and is added to the report about detected threats. If you want infected objects which cannot be disinfected would be deleted check the Delete if disinfection fails box (the box appears if the Disinfect option is enabled). You can select only the Delete variant, but in this case all objects will be deleted, even if they could be available for the user after disinfection.

452 | 746

Kaspersky CRYSTAL 2.0

In order to select the necessary action, check the box next to the action and click the Apply button to save the changes. Kaspersky Lab specialists recommend to select the following actions for the detected threats: Disinfect Delete if disinfection fails In this case the program will perform the following actions over an object: Disinfect, if disinfection is possible. After disinfection you can continue your work with the object. Quarantine, if the program failed to define if the object is infected or not. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. Delete, if the virus status is assigned to the object and its disinfection is impossible. Actions for each object You can also specify File Anti-Virus actions for every detected object individually. For this enable interactive mode the following way: 1. In the left of the Settings window go to the Protection tab. In the left part of the window select the General Settings subsection. 2. In the Interactive protection section, uncheck the Select action automatically box.

453 | 746

Kaspersky CRYSTAL 2.0

3. In the Settings window click the Apply button. Interactive mode is enabled for the entire application. That is why when interactive mode is enabled you will have to define an action for each object detected by any Kaspersky PURE 2.0 component. How to specify action on detected threats To specify an action on detected threats, please do the following: 1. In the left part of the Settings window select the File Anti-Virus component. 2. Make sure the Enable File Anti-Virus box is enabled in the right part of the window. 3. In the Action on threat detection section select an action on detected threats: Prompt for action. Select action: o Disinfect. o Delete (Delete if disinfection fails).

4. In the Settings click the Apply button. If you have selected the Select action variant and have not selected any action, File AntiVirus will block dangerous objects and quarantine then, notifying the user of its actions.

454 | 746

Kaspersky CRYSTAL 2.0

The Delete if disinfection fails box appears only if the Disinfect box is enabled.

Customizing security level in File Anti-Virus

455 | 746

Kaspersky CRYSTAL 2.0

To fine-tune the File Anti-Virus settings, in the Security level section click the Settings button.

The File Anti-Virus window will open. Selecting file types scanned by File Anti-Virus In the File Anti-Virus window on the General tab you can set/ select file types to be scanned by File Anti-Virus. By default File Anti-Virus scans only potentially infected files (files into which a virus can penetrate), started on all hard, removable and network drives. You can select on your own the file types which should be scanned by File Anti-Virus for viruses.

456 | 746

Kaspersky CRYSTAL 2.0

The following file types can be set for scan: All files File Anti-Virus analyzes all files irrespective of their name (for example, press-release) or extension (for example, .doc). Files scanned by format File Anti-Virus scans the internal header of a file to determine the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file format cannot be infected, the file is not scanned and is returned to the user. If a file format is infectable, such file is scanned for viruses; Files scanned by extension File Anti-Virus scans files respective of their extension (for example, files with the extensions .com, .exe, .sys, .bat, .dll and etc). The file format is determined based on its extension. A file extension helps the user and software define the type of data in the file. When selecting the file type scanned by File Anti-Virus, consider the following peculiarities. For example, the cyber criminal can send a virus to your computer with a txt extension, though in reality such file can be executable, renamed into a txt-file. If the Files scanned by extension option is selected, then during scan such file will be skipped. If the Files scanned by format option is selected, then in spite of the extension File AntiVirus will analyze the file header. In the result of scan it will become clear that the file has an exe-format. Such file will be scanned for viruses.

457 | 746

Kaspersky CRYSTAL 2.0

Selecting location of files scanned by File Anti-Virus You can also specify location of the scanned files in the Protection scope section. In order to add a new object to the scan scope, perform the following actions: 1. In the File Anti-Virus window click the Add link.

2. In the Select object to scan window select an object and click the Add button.

3. Once you have added all the necessary objects, in the Select object to scan window click the OK button. 4. In the File Anti-Virus window click the OK button.

458 | 746

Kaspersky CRYSTAL 2.0

Scan methods of File Anti-Virus By default, File Anti-Virus scans objects using signature analysis (bases with the description of known threats and their disinfection methods). The component compares the object under scan with the records in the base and defines whether the object is malicious. Since new malicious objects appear daily, there is always some malware which are not described in the databases, and which can only be detected using heuristic analysis. This method presumes the analysis of the actions an object performs within the system. If its actions are typical of malicious objects, the object is likely to be classed as malicious or suspicious. In order to configure heuristic analysis, perform the following actions: 1. In the File Anti-Virus window go to the Performance tab. 2. In the Heuristic Analyzer section specify the detail level10 for scan moving the horizontal slider to the necessary position.

3. Click the OK button. Optimization of files scan To reduce the scan time and accelerate the application operation, you can configure scan of only new and recently changed files, which were modified after the previous scan. For this, perform the following actions: 1. In the File Anti-Virus window go to the Performance tab. 2. In the Scan optimization section check the Scan only new and changed files box.

10

The higher the detail level is, the more resources and time are needed for scan, however the more thorough the analysis will be.

459 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button. Setting scan of compound files A compound file is structured storage for several other files. Examples of compound files are archives and OLE-objects. A common method of concealing viruses is to embed them into compound files (archives). To detect viruses that are hidden in this way a compound file should be unpacked, which can significantly lower the scan speed. To enable scan of archives, perform the following actions: 1. In the File Anti-Virus window go to the Performance tab. 2. In the Scan of compound files section, check the Scan archives box.

460 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button. Installer packages (files to install software) and files containing OLE objects (objects (images, texts, tables, drawings) created in one program but which can be opened using other programs) are executed when they are opened, which makes them more dangerous than archives. To enable scan of installer packages and embedded OLE-objects, perform the following actions: 1. In the File Anti-Virus window on the Performance tab in the Scan of compound files section, check the corresponding boxes.

461 | 746

Kaspersky CRYSTAL 2.0

2. Click the OK button. When large compound files are scanned, their preliminary unpacking may take a long period of time. This period can be reduced by enabling unpacking of compound files in background mode (while the user is working with other programs). If a malicious object is detected when processing such a file, File Anti-Virus will notify you of this. To scan compound files in background mode, perform the following actions: 1. In the File Anti-Virus window on the Performance tab in the Scan of compound files section, click the Additional button.

462 | 746

Kaspersky CRYSTAL 2.0

2. In the Compound files window check the Extract compound files in the background box. 3. In the Minimum file size field specify the minimum file size to be scanned in the background. Files of smaller size are scanned in the normal mode.

To reduce access time to compound files, you can disable extracting of files whose size exceeds the specified value. For this, perform the following actions: 1. In the Size limit section specify the maximum file size to be scanned. The setting is not applied to scan of files extracted from archives. 463 | 746

Kaspersky CRYSTAL 2.0

2. Click the OK button.

Scan modes of File Anti-Virus You can select one of four scan modes in File Anti-Virus: Smart mode. On access and modification (the application scans objects when they are opened or modified). On access (the application scans objects only when they are attempted to open). On execution (the application scans objects only when they are attempted to run). By default, Kaspersky PURE 2.0 uses smart mode, which determines if the object is subject to scan, based on the actions performed on it. For example, when working with a Microsoft Office document, File Anti-Virus scans the file when it is first opened and last closed. Intermediate operations that overwrite the file do not cause it to be scanned. To set a scan mode, perform the following actions: 1. In the File Anti-Virus window go to the Additional tab. 2. In the Scan mode section select the required scan mode.

464 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button. iSwift iChecker scan technologies Intellectual technologies iChecker and iSwift allow accelerating work of File Anti-Virus. Technologies achieve the highest efficiency sometime after installation of the product. These technologies add to each other thus accelerating anti-virus scan of various objects in different file and operating systems. During the first scan with iChecker technology the check sum of an object is saved. Check sum is a unique digital signature of an object (file) that allows identifying this object (file). Check sum changes every time the object is modified. This information is saved in a special table. During the next scan of an object the previous and current check sums are compared. If the check sum is different the object should be scanned for a malicious code once again, if the check sum is the same, the object is not scanned. The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf, sys, com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker to scan the whole file, than to calculate its check sums. The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier is given to each object. This NTFS-identifier is compared with the values in the special iSwift database. This algorithm considers the previous scan date. If from the moment of the first scan to the last scan the same period or more passed then the object will be re-scanned. The object will be also scanned in the case of the object settings were changed to stricter ones. The technology is connected to a definite file location in the file system. If the file was copied/relocated then it is scanned again. In order to enable the use of iSwift and iChecker technologies, perform the following actions: 1. In the File Anti-Virus window go to the Additional tab. 2. In the Scan technologies section check the boxes iSwift technology and iChecker technology. 465 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button. Pausing File Anti-Virus When carrying out resource-intensive works, you can pause File Anti-Virus. To reduce workload and ensure quick access to objects, you can configure automatic pausing of the component at a specified time. For this, perform the following actions: 1. In the File Anti-Virus window go to the Additional tab. 2. In the Pause task section check the By schedule box. 3. Click the Schedule button.

466 | 746

Kaspersky CRYSTAL 2.0

4. In the Pausing the task window in the fields Pause and Resume task at define the time interval during which the component will remain inactive.

5. Click the OK button. 6. In the File Anti-Virus window click the OK button. Additionally to disabling File Anti-Virus on schedule, you can configure disabling File AntiVirus when handling specified programs. For this, perform the following actions: 1. In the File Anti-Virus window go to the Additional tab. 2. In the Pause task section check the At application startup box. 3. Click the Select button.

467 | 746

Kaspersky CRYSTAL 2.0

4. In the Applications window click the Add link. Next, perform the following actions: Select an application from the Applications list; or Click Browse and select an application using the browser window.

5. Having created the list of applications, click the OK button in the Applications window. 6. In the File Anti-Virus window click the OK button. Rollback to default settings of File Anti-Virus You can always roll back to default File Anti-Virus settings. For this perform the following actions: 1. Close the File Anti-Virus window. 2. In the Settings window in the Security level section click the Default level button.

468 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button to save the made changes.

469 | 746

Kaspersky CRYSTAL 2.0

Mail Anti-Virus
What is Mail Anti-Virus Mail Anti-Virus from Protection Center of Kaspersky PURE 2.0 scans incoming and outgoing messages for the presence of malicious objects. The component scans all email sent or received on the POP3, SMTP, IMAP, MAPI and NNTP protocols, as well as on secure connections (SSL) for POP3 and IMAP.11

Enabling/disabling Mail Anti-Virus By default the Mail Anti-Virus component is enabled. You can disable Mail Anti-Virus, if necessary. To enable or disable Mail Anti-Virus, do the following: 1. Open the main application window. 2. In the top right part of the window click the Settings button. 3. In the left part of the Settings window under Protection select Mail Anti-Virus. 4. In the right part of the Settings window: Uncheck the Enable Mail Anti-Virus box, to disable the component. Check the Enable Mail Anti-Virus box, to enable the component

11

POP3, SMTP, IMAP, MAPI and NNTP are protocols intended for creation, receiving and transfer of e-mail. SSL protocol provides secure transfer (encryption) of data by other protocols (example, POP3 and IMAP).

470 | 746

Kaspersky CRYSTAL 2.0

5. In the Settings window click the Apply button. Operation algorithm of Mail Anti-Virus By default the mail protection functions according to the following algorithm: 1. Mail Anti-Virus intercepts each message the user sends or receives. 2. A mail message is parsed into basic components: message header (part of an e-mail message which contains technical information and shows its route since its sending to the receiving by the recipients server), body (the text of the message itself), attachments (files attached to the message). 3. Message body and attachments (including attached OLE objects 12 are scanned for the presence of threats. Recognition of the malicious objects is performed based on the application databases13, and the heuristic analysis14. The databases include the

12

In this case OLE-objects are understood as graphic information implemented into the body of a message. For example, images, Excel tables and graphs in the text (not in the mail attachment).
13

Databases are anti-virus databases which contain records about threats and network attacks, as well methods to fight them. Protection components use these records when searching for dangerous objects on the computer and disinfecting them.

471 | 746

Kaspersky CRYSTAL 2.0

description of all known malicious programs and the disinfection methods. Heuristic analysis allows to detect new viruses whose description is not added to the virus database yet. 4. If a threat is detected, Kaspersky PURE 2.0 assigns one of the following statuses to the found object: malicious program (such as a virus or Trojan); potentially infected (suspicious) status if the scan cannot determine whether the object is infected or not. The file may contain a sequence of code appropriate for viruses, or modified code from a known virus. The application blocks a message, displays a notification about the detected threat and performs the assigned action.

Changing Mail Anti-Virus actions to be performed on detected threats By default the program itself defines an action to be performed over an infected object. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If as a result of a scan Kaspersky PURE 2.0 assigns the status of a malicious program to the object, Mail Anti-Virus will try to disinfect an infected object. If disinfection is impossible, the object is deleted. Before attempting to disinfect or delete an infected object, Kaspersky PURE 2.0 creates a backup copy of it to allow later restoration or disinfection. To make sure, Mail Anti-Virus performs default actions upon threat detection, do the following: 1. In the left part of the Settings window select Mail Anti-Virus. 2. In the right part of the window in the Action on threat detection section the Select action automatically option should be enabled. You can also define an action to be performed for detected threats. In this case the following actions upon threat detection can be defined for Mail Anti-Virus: Prompt user for action Disinfect Delete Delete, if disinfection fails (this option appears if you checked the Disinfect box).

14

Heuristic analysis is the analysis of the objects activity in the system. If such activity is typical for malicious objects in this case an object under analysis will be recognized as suspicious or malicious. Analysis of the object activity allows to detect a virus even if it has not been defined by virus analysts.

472 | 746

Kaspersky CRYSTAL 2.0

The Prompt for action option becomes available only when the interactive mode is enabled. When interactive protection mode is set, Kaspersky PURE 2.0 will notify you of all dangerous or suspicious events in the system and will prompt for an allowing or blocking actions. You can find how to enable the interactive protection mode in the Advanced application settings chapter, from the video Main protection settings. If the Disinfect variant is selected, the program functions the following way: If the object can be disinfected, it will be disinfected and will return to the user. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. If the status of a virus is assigned to the object and its disinfection is impossible, the object is blocked and is added to the report about detected threats. You can select only the Delete variant, but in this case all objects will be deleted, even if they could be available for the user after disinfection.

473 | 746

Kaspersky CRYSTAL 2.0

Kaspersky Lab specialists recommend to select the following actions for the detected threats: Disinfect; Delete if disinfection fails. In this case the program will perform the following actions over an object: Disinfect, if disinfection is possible. After disinfection you can continue your work with the object. Quarantine, if the program failed to define if the object is infected or not. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. Delete, if the virus status is assigned to the object and its disinfection is impossible. If the Select action variant is chosen, but not action is enabled, then Mail Anti-Virus will block dangerous objects and move them to quarantine notifying the user of its actions.

The Delete if disinfection fails variant appears only after the Disinfect option is enabled.

Security levels of Mail Anti-Virus Different sets of the protection parameters (security levels) suit different working conditions. A user can manually change these settings. Kaspersky Lab specialists distinguish three security levels. When set at the high security level Mail Anti-Virus maximally scans e-mail messages. If you work in a non-secure environment, the maximum security level will suit you the best. An example of such environment is a connection to a free email service, from a network that is not guarded by centralized email protection. Recommended. This level provides an optimum balance between the efficiency and security and is suitable for most cases. This is also the default setting. Low. If you work in a well secured environment, low security level can be used. An example of such an environment might be a corporate network with centralized email security.

474 | 746

Kaspersky CRYSTAL 2.0

To change the security level, perform the following actions: 1. In the left part of the Settings window select the Mail Anti-Virus component. 2. Make sure, in the right part of the Settings window the Enable Mail Anti-Virus box is checked. 3. In the Security level section configure the necessary security level.

4. In the Settings window click the Apply button. If you are not satisfied with any preset security levels you can independently configure Mail Anti-Virus settings. In this case when the settings are modified in the Settings window in the Mail Anti-Virus section the security level changes to Custom. You can roll back to the recommended security level at any moment, set by default, by clicking the Default level button.

Customizing security level By default, Mail Anti-Virus works with the settings recommended by Kaspersky Lab experts for the optimal protection of your mail. However, you can customize the security level of Mail Anti-Virus the following way:

475 | 746

Kaspersky CRYSTAL 2.0

1. In the Settings window select the Mail Anti-Virus component. 2. Make sure that Mail Anti-Virus is enabled (the Enable Mail Anti-Virus box is checked). 3. In the right part of the Settings window in the Security level section click the Settings button.

The Mail Anti-Virus window will open. Creating protection scope By default, Kaspersky PURE 2.0 scans both incoming and outgoing mails. If you are sure that outgoing mails are not infected, in this case you can configure scan of incoming messages only. Before you disable scan of outgoing mails you are advised to scan your computer for viruses, because it is likely that there are mail worms on your computer which will propagate themselves via email.

476 | 746

Kaspersky CRYSTAL 2.0

To disable scan of outgoing emails, please do the following: 1. In the Mail Anti-Virus window on the General tab in the Protection scope section check the Incoming email only box.

2. In the bottom right corner of the window click the OK button. 3. In the Settings window click the Apply button. Heuristic analysis During Mail Anti-Virus operation, signature analysis is always used: Kaspersky PURE 2.0 compares the object found with the database records. Additionally to the analysis based on the refilled anti-virus databases, heuristic analysis is added to Mail Anti-Virus. Essentially, the heuristic method analyzes the object's activities in the system. If those actions are typical of malicious objects, the object is likely to be classed as malicious or suspicious. This allows new threats to be detected before they have been analyzed by virus analysts. You can select one of the three scanning levels of the heuristic analysis: light scan, medium scan and deep scan. If you select deep scan mode the probability of threat detection is higher but scanning takes longer. With the light scan enabled scanning is faster but the probability of threat detection in that mode is somewhat lower. Only the medium scan mode provides optimal combination of the detail level and scanning time. By default, heuristic analysis is enabled. To enable or disable heuristic analysis in Mail AntiVirus, please do the following: 1. In the Mail Anti-Virus window on the General tab, in the Scan methods section make sure the Heuristic Analysis box is checked. If you do not want to use this technology, uncheck the box correspondingly.

477 | 746

Kaspersky CRYSTAL 2.0

2. Move the slider bar to select the scan method: light, medium, deep.

3. In the Mail Anti-Virus window click the OK button. 4. In the Settings window click the Apply button. Scan of compound files Compound files are a set of files and folders placed into one file (archive). By default Kaspersky PURE 2.0 scans all compound files. However you should remember, that the selection of compound files scan mode affects the performance of the computer. You can enable or disable the scan of attached archives and limit the maximum size of archives to be scanned in Mail Anti-Virus. To configure Mail Anti-Virus scan settings, perform the following actions: 1. In the Mail Anti-Virus window on the General tab In the Scan of compound files section check/uncheck the following boxes: Skip attached archives; Do not process archives larger than (limit the maximum size).

478 | 746

Kaspersky CRYSTAL 2.0

2. In the Mail Anti-Virus window click the OK button. 3. In the Settings window click the Apply button. Filtering attachments Malware is most often distributed in mail as objects attached to messages. Files of various formats can be attached to a message. To protect your computer, for example, from automatic launch of attached files, you can enable filtering of attachments, which can automatically rename or delete files of specified types. Thus you can configure filtering of objects attached to an email message using Mai Anti-Virus and to prevent penetration of malicious software onto your computer. If you access the Internet directly without a proxy server or a firewall, you are advised not to disable scanning of attached archives. To configure filtering of attached objects in Mail Anti-Virus, please do the following: 1. In the Mail Anti-Virus window go to the Attachment filter tab. 2. Select the filtering mode for attachments: Disable filtering Rename selected attachment types Delete selected attachment types When you select the modes Rename or Delete attachments, select the necessary file types (extensions) in the list or add a mask to select a new type. To add a new type of mask, click the Add link. In the Input file name mask window enter the mask and click the OK button.

479 | 746

Kaspersky CRYSTAL 2.0

3. In the Mail Anti-Virus window click the OK button. 4. In the Settings window click the Apply button.

Configuring embedded plug-ins for Microsoft Office Outlook and The Bat! Integration of Mail Anti-Virus into the system allows the application plug-ins to embed into the mail clients Microsoft Office Outlook and The Bat!. Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2003/2007 When installing Kaspersky PURE 2.0, a special plug-in is installed in Microsoft Office Outlook. It allows you to configure Mail Anti-Virus settings quickly, and determine when email messages will be scanned for dangerous objects. The plug-in comes in the form of Email protection tab. To go to the tab in the mail client, do the following: 1. Open the main window of Microsoft Office Outlook. 2. In the main application menu select Tools -> Options.

480 | 746

Kaspersky CRYSTAL 2.0

3. In the Options window go to the Email protection tab and specify the necessary scan mode. Scan upon receiving; Scan when read; Scan upon sending;

4. Click the OK button to save the made changes. 481 | 746

Kaspersky CRYSTAL 2.0

Installing Mail Anti-Virus plug-in in Microsoft Office Outlook 2010 To go to the Mail Anti-Virus tab from Microsoft Office Outlook 2010, perform the following actions: 1. Open the main window of Microsoft Office Outlook. 2. Go to the File menu. 3. In the File menu select the Options item.

4. In the Outlook Options window go to the Add-ins section. 5. In the right part of the Outlook Options window in the Add-in Options section click the Add-in Options button.

482 | 746

Kaspersky CRYSTAL 2.0

6. In the Add-in Options window on the Email protection tab specify the necessary scan mode: Scan upon receiving; Scan when read; Scan upon sending; 7. Save the made the changes by clicking the OK button. Installing Mail Anti-Virus plug-in in The Bat! If The Bat! Is installed as a mail client on the computer, then actions on infected email objects in The Bat! are defined using the application's own tools. Mail Anti-Virus settings extend to the scanning of attached archives only. Note that incoming email messages are first scanned by Mail Anti-Virus and only after that by the plug-in of The Bat!. If you select the Disinfect (Delete) action upon detection of a malicious object, actions aimed at eliminating the threat will be performed by Mail Anti-Virus. If you select the Ignore option, the object will be disinfected by the plug-in of The Bat! When sending email messages, they are first scanned by The Bat plug-in and then - by Mail Anti-Virus. To set up email protection rules in The Bat!, do the following: 1. Open the main The Bat! Window. 2. In the Options menu select Preferences.

483 | 746

Kaspersky CRYSTAL 2.0

3. In the settings tree select Anti-Virus. In the right part of the window specify the necessary settings of mail scan.

Disabling embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Outlook or The Bat! To disable embedding of the Mail Anti-Virus plug-in in the mail clients Microsoft Office Outlook or The Bat!, do the following: 1. Open the main window of Kaspersky PURE 2.0. 2. In the top right corner of the window click the Settings button. 3. In the left part of the Settings window on the Protection tab select the Mail Anti-Virus component. 4. In the right part of the window in the Security level section click the Settings button.

484 | 746

Kaspersky CRYSTAL 2.0

5. In the Mail Anti-Virus window go to the Additional tab. 6. Clear the box: Microsoft Office Outlook plug-in, if you are using Microsoft Office Outlook. The Bat! Plug-in, if you are using The Bat!.

485 | 746

Kaspersky CRYSTAL 2.0

7. In the Mail Anti-Virus window click the OK button. 8. In the Settings window click the Apply button. Scan of SMTP, POP3, NNTP, IMAP mail traffic By default, Mail Anti-Virus in Kaspersky PURE 2.0 scans a stream of mail messages using protocols SMTP, POP3, NNTP, IMAP in the real-time mode, i.e. while receiving them. If you disable protocol scan, mail will only be scanned after it is received (after it is loaded from the server onto your computer).

486 | 746

Kaspersky CRYSTAL 2.0

To disable traffic scan of these protocols by Mail Anti-Virus in the real-time mode, perform the following actions: 1. In the right part of the Settings window in the Security level section of the Mail AntiVirus component click the Settings button.

2. In the Mail Anti-Virus window go to the Additional tab. 3. On the Additional tab uncheck the box POP3/SMTP/NNTP/IMAP traffic.

487 | 746

Kaspersky CRYSTAL 2.0

4. In the bottom right corner of the window click the OK button. 5. In the Settings window click the Apply button. Working features with Microsoft Outlook and Mozilla Thunderbird version 1.5 and above Microsoft Office Outlook IMAP4 is a standard protocol to access your e-mail. With IMAP4 email is stored on the IMAP mail server and can be accessed from any email client on the network. The mail client gets access to the users email on the server and works with this mail as if it were stored on the users computer. E-mail messages can be managed from the users computer and files with the full content of the message are not constantly sent to server and back. In Kaspersky CRYSTAL when the mail is scanned by the protocol IMAP4 in Microsoft Office Outlook by default before scan all messages are downloaded on the computer locally as a result the Internet traffic may increase. In order Mail Anti-Virus would not scan these messages on delivery but would scan them only on read, do the following: 1. Open the mail client Outlook MS Office. 2. In the upper menu select Tools -> Options. 3. In the Options window go to the Email protection tab. 4. Uncheck the Scan upon receiving box. 5. Check the Scan when read box.

488 | 746

Kaspersky CRYSTAL 2.0

6. Click the OK button. Mozilla Thunderbird version 1.5 and above If a mail client Mozilla Thunderbird version 1.5 or above is installed, then a default filter is embedded into the mail which allows to receive messages by IMAP protocol by chunks. For the mail to be scanned correctly by Mail Anti-Virus from Kaspersky PURE 2.0 a message should be received as a whole. For the mail to be received as a whole it is recommended to specify the following parameters in Mozilla Thunderbird version 1.5 or above, perform the following actions: 1. Open Mozilla Thunderbird. 2. In the upper menu Tools -> Options. 3. In the Options window click the Advanced button. 4. On the General tab click the Config Editor button. 5. In the about:config window click the Ill be careful, I promise! button. 6. In the Filter field enter CHUNK. 7. Right-click the filter mail.server.default.fetch_by_chunks. 8. In the context menu select Toggle. 9. Make sure the Value field has changed from True to False. 10. Right-click the filter mail.imap.chunk_add.

489 | 746

Kaspersky CRYSTAL 2.0

11. In the context menu select Change. 12. Change the value to "0". 13. Click the OK button. 14. Click OK to close the Options window. Note that when working with Mozilla Thunderbird mail client, email messages transferred via IMAP will not be scanned for viruses if any filters moving messages from the Inbox folder are used.

490 | 746

Kaspersky CRYSTAL 2.0

Web Anti-Virus
What is Web Anti-Virus Surfing the Internet you may be at risk of getting a virus infection. Such malicious programs can penetrate your computer during download of free programs or while browsing the information on the knowingly safe sites which have undergone a hacker attack before your visit. More than that network worms can penetrate your computer even before you open a webpage or download a file directly during the connection establishment. Web Anti-Virus has been specially designed to prevent such infections. This component protects the information which gets onto your computer by HTTP, HTTPS and FTP protocols and also prevents dangerous scripts execution. Enabling/disabling Web Anti-Virus The Web Anti-Virus component is enabled by default. To enable or temporarily disable Web Anti-Virus, perform the following actions: 1. Open the main application window. 2. In the top right corner of the window click the Settings button. 3. In the left part of the Settings window under Protection select Web Anti-Virus. 4. In the right part of the Settings window: Uncheck the Enable Web Anti-Virus box, to disable the component. Check the Enable Web Anti-Virus box, to enable the component.

491 | 746

Kaspersky CRYSTAL 2.0

5. In the Settings window click the Apply button. Working algorithm of Web Anti-Virus Web Anti-Virus has the following working algorithm: 1. Each web-page or file, the user/program addresses to, is intercepted and analyzed by Web Anti-Virus. Recognition of malicious objects is based on the anti-virus bases and the heuristic analyzer. 2. If a web page or an object to each the user addresses contains a malicious code then access to the page/object is blocked. A corresponding notification message explaining that the required object or page is infected is displayed on the screen.

492 | 746

Kaspersky CRYSTAL 2.0

In automatic mode In interactive mode If a file or a web page does not contain a malicious code such objects/pages are immediately returned to the user. Scripts are scanned by the following algorithm: 1. Each executable script is intercepted by Web Anti-Virus and analyzed for a malicious code. 2. If the script contains any malicious code, then Web Anti-Virus blocks the script and notifies the user of it with a special message.

3. If no malicious code is detected in the script, such script is executed. Web Anti-Virus only intercepts the scripts based on Microsoft Windows Script Host technology. Security levels of Web Anti-Virus Web Anti-Virus can work in several modes security levels. A security level is a set of predefined parameters of Web Anti-Virus which provides a level of data security that are received and transferred by HTTP, HTTPS and FTP protocols. Kaspersky Lab experts have developed three security levels: If no HTTP security tools firewall or proxy-server are installed on your computer, use High security level.

493 | 746

Kaspersky CRYSTAL 2.0

If you work in the protected environment (for example, a firewall is installed on your computer and you connect to the Internet via a corporate proxy-server), then set a Low security level. Recommended is the optimal security level as it rationally uses system resources and provides secure protection. This security level suits most cases. Select a security level which best suits your situation. In order to change the security level, simply drag the vertical slider to the needed position. If you have already added some changes to the predefined settings you can always roll back to the default Web Anti-Virus settings by clicking the Default level button.

Customizing security level Checking suspicious and phishing URLs by Web Anti-Virus Web Anti-Virus scans web traffic for viruses and checks if the links are included in the list of suspicious web-address and to the list of phishing15 web addresses.
15

Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an almost 100 percent perfect replica of a chosen financial institutions website, then attempts to trick the user in to disclosing their personal details username, password, PIN etc. via a form on the fake website, allowing the criminal to use the details to obtain money.

494 | 746

Kaspersky CRYSTAL 2.0

To make sure the settings are active, in the Web Anti-Virus window click the Settings button and see that on the General tab under Kaspersky URL Advisor the following boxes are checked: Check if URLs are listed in the database of malicious URLs. This box enables/disables the option to check whether links are included in the list of suspicious web addresses from the black list. The list is created by Kaspersky Lab's specialists.

Check web page for phishing. The lists of phishing addresses are included in to Kaspersky PURE 2.0 distribution kit. Since the link to a phishing site may be received not only in an email message but in any other way, for example, in the text of an ICQ message, Web Anti-Virus component traces the attempts of accessing a phishing site at the level of HTTP traffic scan, and blocks them.

Additionally to the analysis based on the refilled phishing databases, heuristic analysis is added to Web Anti-Virus. Heuristic Analysis allows to evaluate the information about an internet resource, for example presence of signs typical of phishing resources in the URL addresses. As a result, if these signs are detected, the resource is defined as phishing and access to it is blocked, even if the resource is not yet added to the phishing database. To enable the heuristic analysis for scan of web pages for phishing, click the Additional button in the Heuristic Analysis section, check the corresponding box and set the required detail level of scan.

495 | 746

Kaspersky CRYSTAL 2.0

Heuristic Analyzer Heuristic Analysis allows to trace activity of an objects in the system. If the tool finds the activity suspicious, then most probably the objects will be defined as malicious or suspicious, even if its malicious code is not known to virus analysts. Upon detection of a suspicious object, Kaspersky PURE 2.0 will notify you of it and offer to apply a corresponding action to the detected object. You can select one of the three scanning levels of the heuristic analysis: light scan medium scan deep scan The higher the detail level, the more resources and time the scan takes, and the higher is the probability of threat detection. By default, heuristic analysis is enabled and the detail level is set to medium. To enable heuristic analyzer, on the General tab in the Heuristic Analysis section check the Use Heuristic Analysis box. In the field below specify the required level by moving the horizontal slider to the necessary position. Uncheck the Use Heuristic Analysis box, if you do not want to use this method.

496 | 746

Kaspersky CRYSTAL 2.0

Blocking dangerous scripts Web Anti-Virus will scan all scripts processed in Microsoft Internet Explorer, as well as any other WSH scripts (JavaScript, Visual Basic Script, etc.) launched when the user works on the computer, including the Internet. Execution of any dangerous script will be blocked. If you want Web Anti-Virus to scan and block dangerous scripts, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select the Web Anti-Virus component. 3. In the right part of the window click the Settings button. 4. In the Web Anti-Virus window on the General tab in the Additional section check the Block dangerous scripts in Microsoft Internet Explorer box.

497 | 746

Kaspersky CRYSTAL 2.0

5. Click OK to save the made changes. Scan optimization To detect malicious code more efficiently, Web Anti-Virus buffers fragments of objects downloaded from the Internet. When Web Anti-Virus scans objects downloaded by HTTP and FTP traffic, the user may experience a delay while accessing the file. This delay is caused by the operational algorithm of Web Anti-Virus: first, all fragments are saved into cache memory, then are analyzed for viruses and then depending on the analysis result are either returned to the user or blocked. To accelerate access to the object, we suggest limiting the caching time for web object fragments downloaded from the Internet. When the specified time expires each downloaded fragment of a file is given to the user not scanned, and the object is scanned by Web AntiVirus, when it is fully copied. Disabling limitation of the caching time leads to enhanced efficiency of the anti-virus scan but at the same time slows down access to the object. To limit traffic caching time or to disable this limitation, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select the Web Anti-Virus component. 3. In the right part of the window click the Settings button. The Web Anti-Virus window opens. 4. To set the restriction, on the General tab in the Additional section check the Limit traffic caching time to 1 sec to optimize scan box. If you need to disable restriction, uncheck the box. 498 | 746

Kaspersky CRYSTAL 2.0

Kaspersky URL Advisor Web Anti-Virus in Kaspersky PURE 2.0 includes Kaspersky URL Advisor. This module checks if links located on the webpage belong to the list of suspicious and phishing web addresses. You can create a list of web addresses whose content will not be checked for the presence of suspicious or phishing URLs; create a list of web sites whose content must be scanned; completely exclude scan of URLs. The best improvements of Kaspersky URL Advisor implemented in Kaspersky PURE 2.0 are the following: 1. Providing users with the additional information about the web resources thus helping to make the right decision on whether to visit a web resource or not. 2. Storing a considerable amount of information about web resources in the cloud. This information helps to define more exactly malicious and phishing sites. Kaspersky PURE 2.0 features expanded URL Advisor compatibility with browsers. The following browsers are now fully supported: Internet Explorer 6, 7, 8 and 9; Mozilla FireFox 2.x 11.x; Google Chrome 8.x 17.x. To create a list of websites whose content will not be scanned for the presence of suspicious or phishing URLs, on the Safe Surf tab in the Kaspersky URL Advisor section uncheck the Check URLs box. 499 | 746

Kaspersky CRYSTAL 2.0

The URL Advisor module can function in two modes: check links on all web sites except the sites added to exclusions, or check only web sites specified in the list. In order Kaspersky URL Advisor would check all web sites, except those added to exclusions, perform the following actions: 1. In the Web Anti-Virus window in the Kaspersky URL Advisor section check the Check URLs box.

2. Select the All but the exclusions variant and click the Exclusions button.

500 | 746

Kaspersky CRYSTAL 2.0

3. In the Exclusions window create the list of web addresses whose contents should not scanned for suspicious or phishing links.

4. Click the OK button in the Exclusions window. For Kaspersky URL Advisor to scan only the sites specified by you, perform the following actions: 1. On the Safe Surf tab in the Kaspersky URL Advisor section check the Only web sites from the list box and click the Specify button.

501 | 746

Kaspersky CRYSTAL 2.0

2. In the Checked URLs window create the list of web addresses whose content should be scanned for suspicious or phishing links.

3. Click the OK button in the Checked URLs window. 4. In the Web Anti-Virus window click the OK button to save the made changes. The Kaspersky URL Advisor options mentioned above can be set either in the Web AntiVirus window or in the module settings widow opened in the web browser. To open the module settings window from the web browser window, click the button with the Kaspersky PURE 2.0 icon from the tool panel of the browser.

502 | 746

Kaspersky CRYSTAL 2.0

Blocking access to dangerous sites You can block access to websites which have been defined suspicious or phishing by Kaspersky URL Advisor. If Web Anti-Virus cannot draw a clear conclusion on the safety of the website to which a link leads, you will be prompted to load this website in Safe Run (only in Microsoft Internet Explorer, Mozilla Firefox and Google Chrome). When activated in Safe Run, malicious objects do not pose any threat to your computer. To block access to dangerous web sites, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select the Web Anti-Virus component. 3. In the right part of the window click the Settings button. The Web Anti-Virus window will open. 4. In the Web Anti-Virus window on the Safe Surf tab in the Blocking Dangerous Websites section check the Block dangerous websites box.

5. Click the OK button, to save the made changes.

503 | 746

Kaspersky CRYSTAL 2.0

Controlling access to regional web domains Depending on the user's choice, Web Anti-Virus in Geo Filter mode can block or allow access to websites on the grounds of their belonging to regional web domains. This allows you, for example, to block access to websites which belong to regional domains with a high risk of infection. To allow or block access to web sites which belong to specified domains, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select the Web Anti-Virus component. 3. In the right part of the window click the Settings button. The Web Anti-Virus window will open. 4. On the Geo Filter tab check the Enable filtering by regional domains box and specify in the list of controlled domains below which domains should be allowed or blocked, and for which ones the application should request access permission using a notification. For this: Select a domain which should be allowed, blocked or prompted for action. Click the button Allow, Block or Prompt. The corresponding icon will appear in the Access column. By default, access is allowed for regional domains that match your location. Access permission request is set for other domains by default.

5. Click the OK button.

504 | 746

Kaspersky CRYSTAL 2.0

Creating the list of trusted URLs You can create a list of web addresses whose content you trust unconditionally. In this case Web Anti-Virus will not analyze information from these URL addresses for dangerous objects. You can use this option, for example, if Web Anti-Virus prevents download of a file from a known web site. To create the list of trusted URLs, perform the following actions: 1. In the right part of the Web Anti-Virus settings window click the Settings button. 2. On the Trusted URLs tab check the Do not scan web traffic from trusted URLs box and create the list of trusted addresses whose content you trust. For this: Click the Add button. In the Address mask (URL) window enter an address, whose content you trust. For example, kaspersky.com. Click the OK button.

If you want to exclude an address from the trusted list, you do not have to delete an address from the list, unchecking an address will be sufficient.

505 | 746

Kaspersky CRYSTAL 2.0

3. In the Web Anti-Virus window click the OK button. Controlling access to online banking services When working with online banking, your computer needs an especially reliable protection, since leakages of confidential information may lead to financial losses. Web Anti-Virus automatically determines which web resources are online banking services. For guaranteed identification of a web resource as online banking service, you can specify its URL in the list of banking websites. To configure control of access to online banking services, perform the following actions: 1. In the right part of the Web Anti-Virus settings window click the Settings button. 2. In the Web Anti-Virus window on the Online Banking tab check the Enable control box.

506 | 746

Kaspersky CRYSTAL 2.0

3. You will be prompted to start the Certificate Installation Wizard that you can use to install a Kaspersky Lab certificate for scanning encrypted connections. Click Next, to continue.

4. In the Security Warning window click the Yes button.

5. Wait till work of the wizard is over and click the Finish button. 507 | 746

Kaspersky CRYSTAL 2.0

6. If necessary, create a list of resources that Kaspersky PURE 2.0 should identify as online banking services. For this: Click the Add button. In the Address mask (URL) window enter an address that should be identified as online banking service. Click the OK button. If you want to exclude an address from the trusted list, you do not have to delete an address from the list, unchecking an address will be sufficient.

508 | 746

Kaspersky CRYSTAL 2.0

7. In the Web Anti-Virus window click the OK button. 8. In the Settings window click the OK button. Web Anti-Virus actions on detected threats The Action on threat detection section allows you to select an action to be performed by Web Anti-Virus if scanning web traffic reveals that it contains malicious code. By default the section contains the following options: If automatic protection mode is enabled the application decides on its own what action to perform upon a threat detection. In this case, check the Select action automatically box. Kaspersky PURE 2.0 will automatically apply an action recommended by Kaspersky Lab.

509 | 746

Kaspersky CRYSTAL 2.0

If interactive protection mode is enabled, then you can decide yourself what action the application should perform upon a detected threat. In this case, check the Prompt for action box. Kaspersky PURE 2.0 will inform you of all dangerous or suspicious events in the system and will prompt for an allowing or blocking action.

510 | 746

Kaspersky CRYSTAL 2.0

Block download (Web Anti-Virus blocks access to the object and displays a message on the screen informing that the required object is infected). Allow download (Web Anti-Virus allows you to download the object. Once the object is downloaded onto your computer, it will be scanned by File Anti-Virus and Proactive Defense). To modify an action that Web Anti-Virus should perform upon threat detection:

1. If the automatic protection mode is set, in the right part of the component settings window in the Action on threat detection section select an action: Select action automatically Block download Allow download 2. If the interactive protection mode is set, in the right part of the component settings window in the Action on threat detection section select an action: Prompt for action Block download Allow download 3. Click the OK button, to save the made changes.

511 | 746

Kaspersky CRYSTAL 2.0

IM Anti-Virus
What is IM Anti-Virus IM Anti-Virus is designed to provide secure work with the instant messaging clients (hereafter Internet pagers) such as ICQ, AIM, Jabber, Google Talk and etc. IM messages may contain links to suspicious web sites and to the web sites deliberately used by hackers to organize phishing attacks16. Malicious programs use IM clients to send spam messages and links to the programs (or the programs themselves), which steal users' ID numbers and passwords. Enabling/Disabling IM Anti-Virus In order to enable or disable the IM Anti-Virus component, do the following: 1. Open the application settings window. 2. In the left part of the window under Protection select the IM Anti-Virus component. 3. In the right part of the Settings window perform the following actions: If you want to disable the component, uncheck the Enable IM Anti-Virus box. If you want to enable the component, check the Enable IM Anti-Virus box.

16

Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an almost 100 percent perfect replica of a chosen financial institutions website, then attempts to trick the user in to disclosing their personal details username, password, PIN etc. via a form on the fake website, allowing the criminal to use the details to obtain money.

512 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. Operation algorithm of IM Anti-Virus By default the protection of traffic of the Internet-pagers is performed according to the following algorithm: 1. Each incoming and outgoing message is intercepted by the component. 2. IM Anti-Virus checks each message for the presence of dangerous objects or URLs included to the databases of suspicious or phishing web-addresses. 3. If a threat is detected in a message, IM Anti-Virus substitutes this message with a warning message for the user. If no security threats are detected in the message, such message becomes available for the user. Traffic is scanned based on a certain combination of settings. Your IM traffic protection level is determined by a group of settings. The settings can be broken down into the following groups: Settings creating the protection scope; Settings determining the scan methods. Creating a protection scope of IM Anti-Virus

513 | 746

Kaspersky CRYSTAL 2.0

Protection scope is understood as the type of messages (incoming and outgoing) to be scanned. If you select the Incoming and outgoing messages option, IM Anti-Virus will scan all incoming and outgoing messages. If you are sure that messages sent by you cannot contain any dangerous objects, you may disable the scan of outgoing traffic by selecting the Incoming messages only option. In this case IM Anti-Virus will scan incoming messages only. In order to create a protection scope of IM Anti-Virus, do the following: 1. In the Protection scope block select one of the options: Incoming and outgoing messages. Incoming messages only.

2. Click the Apply button. Selecting the scan methods of IM Anti-Virus

514 | 746

Kaspersky CRYSTAL 2.0

For more efficient work with the Internet pages the following scan methods are implemented in the IM Anti-Virus component: Check if URLs are listed in the base of malicious URLs. IM Anti-Virus will scan the links inside the messages to identify if they are included in the black list (this list is supplemented by Kaspersky Lab experts). Check if URLs are listed in the base of phishing URLs. The databases include all the sites currently known to be used for phishing attacks. Your local copy of this list is updated when you update databases. Heuristic Analysis. The technology analyzes activity that an object performs in the system. When using heuristic analysis, any script 17 included in an IM client's message is executed in a protected environment. You can select one of the three scanning levels of the heuristic analysis: light scan, medium scan and deep scan. If you select deep scan mode the probability of threat detection is higher but scanning takes longer. With the light scan enabled scanning is faster but the probability of threat detection in that mode is somewhat lower. Only the medium scan mode provides optimal combination of the detail level and scanning time. In order to use the described options, do the following: 1. In the settings window of the IM Anti-Virus component, in the Scan methods section check the boxes: Check if URLs are listed in the base of malicious URLs; Check if URLs are listed in the base of phishing URLs; Heuristic Analysis (below set the detail level for scans dragging the bar).

17

Script is a small computer program or an independent part of the program (function) written to execute a specific task. Scripts are often included to the web pages to enhance their possibilities and are executed when the web page is opened by the Internet browser.

515 | 746

Kaspersky CRYSTAL 2.0

2. Click the Apply button.

516 | 746

Kaspersky CRYSTAL 2.0

Application Control
What is Application Control Kaspersky PURE 2.0 prevents applications from performing actions that may be dangerous for the system, and ensures control of access to operating system resources and your identity data with the help of the following tools: Application Control. The component tracks actions in the system performed by applications installed on the computer, and regulates them based on the rules of Application Control. These rules regulate potentially dangerous activity, including applications' access to protected resources. Protection of identity data and operating system resources. Application control monitors the rights of applications to perform actions with users identity data. Identity data include files, folders and registry keys, containing operational settings and important data of the most frequently used applications, as well as the user files (the My Documents folder, cookies files, data about the user activity).

Operational algorithm of Application Control At the first startup of an application on the computer, the Application Control component verifies its safety and includes it into one of the trust groups. The trust group defines the rules that Kaspersky PURE 2.0 should apply to control the activity of this application. Rules of Application Control is a set of rights of access to the computer resources and restrictions posed on various actions being performed by applications on the computer. When calculating the threat rating Application Control can also use the Kaspersky Security Network (KSN) database. The data received witht the help of KSN allow more accurately to define an application to this or that trusted group and apply optimal application control rules. Application Control has been revamped in Kaspersky PURE 2.0: the application now checks the reputation of not only executable files but also application components (for example, dynamic libraries DLL files). When the application is restarted, Application Control checks its integrity. If the application has not been changed, the component applies the current rule to it. If the application has been modified, Application Control re-scans it as at the first startup.

Enabling/disabling Application Control By default, Application Control is enabled, functioning in the mode developed by Kaspersky Lab specialists. However, you can disable it, if required. To enable or disable Application Control, perform the following actions: 1. Open the main application window. 2. In the top right corner of the window click the Settings link. 3. In the left part of the window under Protection select the Application Control component. 4. In the right part of the window perform the following actions: If you need to disable the component, uncheck the Enable Application Control box. If you need to enable the component, check the Enable Application Control box.

517 | 746

Kaspersky CRYSTAL 2.0

5. In the Settings window click the Apply button.

Loading rules from Kaspersky Security Network (KSN) By default, for the applications found in the Kaspersky Security Network database the component applies rules loaded from the KSN database. If at the first application launch the applications entry was not added to the Kaspersky Security Network database but the entry was added later, Kaspersky PURE 2.0 will automatically update the application control rules. To make sure that loading of rules from Kaspersky Security Network is enabled, perform the following actions: 1. Open the Settings window. 2. In the left part of the window under Protection select the Application Control component. 3. In the right part of the Restrict applications section make sure the Load rules for applications from Kaspersky Security Network (KSN) box is checked. You can see if update of Kaspersky Security Network rules for previously unknown applications is also enabled in the right part of the window in the Restrict applications

518 | 746

Kaspersky CRYSTAL 2.0

section the Update rules for previously unknown applications from KSN box should be checked.

Placing applications into groups At the first startup of an application on the computer, the Application Control component verifies its safety and searches the internal database of known applications for a matching entry, and then sends a request to the Kaspersky Security Network database or having a digital signature18. After search Application Control places the application into one of the following trusted groups: Trusted. Applications with digital signatures of trusted vendors and applications signatures of those are included to the trusted applications database. Applications of that group are allowed to perform any network activity. Activities of such applications are monitored by Proactive Defense and File Anti-Virus.

18

Digital signature is an electronic security mark which carries the information about the software vendor and shows if the software was changed after the signing (i.e. after release). If software is signed by its vendor and the signature authenticity is verified by the certificate center, then you can be sure that the software is authentic and was not modified.

519 | 746

Kaspersky CRYSTAL 2.0

Low Restricted. Applications are without digital signatures of trusted vendors and are not included to the trusted applications database. Nevertheless, the low risk rating19 is assigned to such applications. Applications of that group are allowed to perform some operations, to manage the system, hidden access to the network. Most operations require user authorization. High Restricted. Applications without digital signatures and which are not included to the trusted applications database. The high risk rating is assigned to such applications. Applications of this group require user authorization for most activities in the system; some actions, however, are restricted for these applications. Untrusted. Applications without digital signatures and which are not included to the trusted applications database. Very high risk rating is assigned to such applications. Application Control blocks any activity of such applications. Applications with the digital signature of trusted vendors and applications whose records are added to the database of trusted applications are automatically included into the Trusted group. To disable the automatic inclusion of applications into the Trusted group, perform the following actions:

1. In the right part of the settings window of the Application Control component in the Restrict applications section, uncheck the Trust applications with digital signature box.

19

Risk rating is an indicator of the application danger for the system. The risk rating is calculated based on definite criteria.

520 | 746

Kaspersky CRYSTAL 2.0

2. In the Settings window click the Apply button. If an application record is not included into Kaspersky Security Network database and the application does not have a digital signature, then Kaspersky PURE 2.0 uses the heuristic analysis20. The analysis helps defining the threat rating of the application based on which it is included into a group. To use the heuristic analysis for distributing unknown applications by groups, perform the following actions: 1. In the Restrict applications section select the Use heuristic analysis to determine group21 option. 2. In the Settings window click the Apply button.

20

Heuristic analysis is analysis of objects activity in the system. If the activity is typical of malicious objects in this case the object under analysis will be defined as suspicious or malicious. Analysis of the object activity allows to detect a virus even if it has not been defined by virus analysts.
21

By default, the heuristic analysis is enabled.

521 | 746

Kaspersky CRYSTAL 2.0

Instead of using the heuristic analysis, you can specify a group into which Kaspersky PURE 2.0 should automatically include all unknown applications. For this, perform the following actions: 1. In the Restrict applications section select the Move to the following group automatically option and in the drop-down menu select the necessary group: Low Restricted; High Restricted; Untrusted. 2. In the Settings window click the Apply button.

522 | 746

Kaspersky CRYSTAL 2.0

By default, Application Control analyzes an application for 30 seconds. If this time interval turns out to be insufficient for defining the threat rating, the application is included into the Low restricted group, while defining the threat rating continues in background mode. After that, the application is finally included into another group. If you are sure that all applications started on your computer do not pose any threat to its security, you can decrease the time spent on analysis. If, on the contrary, you are installing the software and are not sure that this is safe, you are advised to increase the time for analysis. To change the time allowed for calculation of the application group, perform the following actions: 1. In the right part of the settings window of the Application Control component in the Restrict applications section edit the value of the Maximum time to determine the application group setting.

523 | 746

Kaspersky CRYSTAL 2.0

2. In the Settings window click the Apply button.

Application control rules Rules of Application Control is a set of rights of access to the computer resources and restrictions posed on various actions being performed by applications on the computer. The following component reactions are possible: Inherit. Application or group inherits the reaction from the parent group. This is a default reaction. Allow. Application is allowed to perform an action with the resource. Deny. Application is not allowed to perform an action with the resource. Prompt for action. Application Control prompts the user for granting access to the resource for an application. Log events. In addition to the specified reaction, Application Control records in the report information about the application's attempts to access the resource. Adding information to a report can be used in combination with any other action of the component

524 | 746

Kaspersky CRYSTAL 2.0

Editing the group rule By default, optimal access rights to computer resources are set for different trust groups in Kaspersky PURE 2.0. However you can edit preset rules for each group of application. To change the preset group rule, do the following: 1. Open the Settings window. 2. In the left part of the window under Protection select the Application Control component. 3. In the right part of the window click the Applications button.

4. In the Applications window select the necessary group from the list and click the Edit button in the top part of the window.

525 | 746

Kaspersky CRYSTAL 2.0

5. In the Group rules window go to the tab which corresponds the necessary category of resources (Files and System registry, Rights).

526 | 746

Kaspersky CRYSTAL 2.0

6. Select the required resource and right-click the corresponding action, in the context menu of an action set the necessary value (Allow, Block or Prompt for action).

527 | 746

Kaspersky CRYSTAL 2.0

7. Click the OK button, to save the changes. Editing rules for an individual application Application Control logs actions performed by each application in the system, and manages its activity based on the group it belongs to. When an application accesses a resource, the component checks if an application has the required access rights, and performs the action determined by the rule. To edit rules for an individual application, perform the following actions: 1. Open the Settings window. 2. In the left part of the window under Protection select the Application Control component. 3. In the right part of the window click the Applications button.

4. In the Applications window select the necessary group from the list and click the Edit button in the top part of the window.

528 | 746

Kaspersky CRYSTAL 2.0

5. In the Group rules window go to the tab which corresponds the necessary category of resources (Files and System registry, Rights). 6. Select the required resource and right-click the corresponding action, in the context menu of an action set the necessary value (Allow, Block or Prompt for action).

529 | 746

Kaspersky CRYSTAL 2.0

7. Click the OK button, to save the changes. You can disable application of group rules to control access to selected categories of protected resources. Application access to such resources will be regulated by the application rules. To disable inheritance of group rules to access resources, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select the Application Control component. 3. In the right part of the window click the Applications button. 4. In the Applications window select the necessary group from the list and click the Edit button in the top part of the window. 5. In the Group rules window go to the tab which corresponds the necessary category of resources (Files and System registry, Rights). 6. Select the required resource and right-click the corresponding action, in the context menu of an action select the Inherit item.

7. Click the OK button, to save the changes. Application rules have a higher priority than group rules. For example, if an application rule allows the Internet access, and in the rules of the group, into which the application is included, the Internet access is denied, in this case the application will get access to the system resources.

530 | 746

Kaspersky CRYSTAL 2.0

Setting exclusions You can also exclude some actions form the application rules. Kaspersky PURE 2.0 will not control actions added to the application exclusions. To add exclusion to the application rule, perform the following actions: 1. Open the Settings window. 2. In the left part of the window under Protection select the Application Control component. 3. In the right part of the window click the Applications button. 4. In the Applications window select the application from the list and click the Edit button in the top part of the window. 5. In the Application rules window go to the Exclusions tab. 6. Check the actions which should not be controlled.

7. Click the OK button, to save the changes. When excluding network traffic of the application you can configure additional exclusion settings, such as remote IP-addresses or network ports. Inheriting restrictions of the parent process Application startup may be initiated either by the user or by another application running. If the startup is initiated by another application, it creates a startup procedure including parent and child applications. A parent application is an application which initiated startup of another application. A child application is an application whose startup was initiated by another application. 531 | 746

Kaspersky CRYSTAL 2.0

When an application attempts to obtain access to a protected resource, Application Control analyzes the rights of all parent processes of this application, and compares them to the rights required to access this resource. Access right priority: Allow. An application or group is allowed to perform an action with the resource. Access right data has the highest priority. Prompt for action. Block. An application or group is blocked from performing any actions with the resource. Access right data has the lowest priority. You should modify the rights of a parent process only if you are absolutely certain that the process' activities do not threaten the security of the system. To disable inheritance of restrictions from the parent process, perform the following steps: 1. Open the Settings window. 2. In the left part of the window, in the Protection Center section, select the Application Control component. 3. In the right part of the window, click the Applications button.

4. In the Applications window, select the required application from the list. 532 | 746

Kaspersky CRYSTAL 2.0

5. Click the Edit button.

6. In the Application rules window go to the Exclusions tab. 7. Check the Do not inherit restrictions from the parent process (application) box.

533 | 746

Kaspersky CRYSTAL 2.0

Modifying the storage time for rules By default, the rules for applications which have not been started for the 60 days are deleted automatically. You can modify the storage time for rules for unused applications, or disable rules' automatic removal. To set the storage tie for rules, perform the following actions: 1. Open the Settings window. 2. In the left part of the window under Protection select the Application Control component. 3. In the right part of the window in the Additional section check the Delete rules for applications that are not started for more than box and enter the number of days.

4. In the Settings window click the Apply button. To disable automatic deletion of rules for unused applications, in the right part of the Settings window in the Additional section, uncheck the Delete rules for applications that are not started for more than box.

Identity protection

534 | 746

Kaspersky CRYSTAL 2.0

Application Control manages the applications' rights to take actions on various resource categories. Two categories of resources were distinguished in Kaspersky PURE 2.0: the operating system and identity data. The Operating system category includes the following system resources: registry keys with autorun parameters; registry keys with parameters of work on the Internet; registry keys which influence system security; system files and folders; autorun folders. Registry is a hierarchical settings database in most Microsoft Windows operating systems. The Identity data category includes the following resources: users files (the folder My Documents, files cookies, data about users activity); files, folders and registry keys which contain working parameters and important data of the most frequently used applications: Internet-browser, file managers, mail clients, Internet-pagers and electronic purses. Cookies files are files saved on the users computer. These files store personal data of the user (for example, password and login) used during the visit of various sites or when returning to the site after some time. Each site has its own cookie file. You cannot delete this list. However, you can disable their protection by unchecking a box next to a category. You can also expand this list by adding user categories and / or individual resources. To expand the list of system resources for the Operating system category, perform the following actions: 1. Open the Settings window. 2. In the left part of the window in the Protection section select the Application Control component. 3. In the right part of the window click the Identity protection button.

535 | 746

Kaspersky CRYSTAL 2.0

4. In the Digital identity protection window on the Operating system tab from the dropdown list in the Category section, select a category.

536 | 746

Kaspersky CRYSTAL 2.0

5. In the top left part of the window click the Add link to add an additional resource to the selected category. Select the resource type (File or folder or Registry key).

6. In the User resource window click the Browse button.

7. In the Select file or folder window select a resource and click the OK button. 8. In the User resource window click the OK button. 9. The added resource will be displayed in the Digital identity protection window.

537 | 746

Kaspersky CRYSTAL 2.0

After you add a resource, you can edit or remove it using the respective buttons in the top part of the tab. To disable the control of a resource or category, uncheck the box next to it.

10. In the Digital identity protection window click the OK button. 11. In the Settings window click the Apply button. To expand the list of system resources for the Identity Data category, perform the following actions: 1. Open the Settings window. 2. In the left part of the window in the Protection section select the Application Control component. 3. In the right part of the window click the Identity protection button.

538 | 746

Kaspersky CRYSTAL 2.0

4. In the Digital identity protection window on the Identity data tab select a category from the drop-down menu in the Category section.

539 | 746

Kaspersky CRYSTAL 2.0

5. In the top left part of the window click the Add category button to add a new category of resources.

6. In the Identity data category window enter the name of a new group and click the OK button. 7. In the Digital identity protection window click the Add button to add an additional resource to the selected or added category.

540 | 746

Kaspersky CRYSTAL 2.0

8. In the User resource window click the Browse button. 9. In the Select file or folder window select a resource and click the OK button. 10. In the User resource window click the OK button. 11. A newly added resource will be displayed in the Digital Identity Protection window. After you add a resource, you can edit or remove it using the respective buttons in the top part of the tab. To disable the control of a resource or category, uncheck the box next to it.

12. In the Digital identity protection window click the OK button. 13. In the Settings window click the OK button.

541 | 746

Kaspersky CRYSTAL 2.0

System Watcher
System Watcher in Kaspersky PURE 2.0 collects data about applications actions on your computer and provides information to other components for improved protection. In Kaspersky PURE 2.0 you can configure the System Watcher settings to perform a specified action when the applications activity matches with the pattern of dangerous activity. System Watcher also allows you to roll back actions performed by malicious programs.

Enabling/disabling System Watcher By default, System Watcher is enabled, running in a mode that depends on the current mode of Kaspersky PURE 2.0 automatic or interactive. You are advised to avoid disabling the component, except for emergency cases, since this inevitably impacts efficiency of Proactive Defense and other protection components operation that may request the data collected by System Watcher in order to identify the potential threat detected. To disable System Watcher, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select System Watcher. 3. In the right part of the window uncheck the Enable System Watcher box, if you want to disable the component. check the Enable System Watcher box, if you want to enable the component.

542 | 746

Kaspersky CRYSTAL 2.0

4. Click the Apply button.

Using patterns of dangerous behavior (BSS) Patterns of dangerous activity (BSS Behavior Stream Signatures) contain sequences of actions typical of applications classified as dangerous. In addition to exact matching between applications' activities and patterns of dangerous activity, System Watcher also detects actions that partly match patterns of dangerous activity, being considered suspicious based on the heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for action regardless of the operation mode. Upon detection of a new virus or new modification of already known malware the application does not update the entire System Watcher component, but simply adds a new template to the database of heuristics and updates it together with the Kaspersky Lab databases. To select the action that the component should perform if an application's activity matches a pattern of dangerous activity, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select System Watcher.

543 | 746

Kaspersky CRYSTAL 2.0

3. In the right part of the component settings in the Heuristic Analysis section check the Use behavior stream signatures (BSS) box. 4. In the On detecting malware activity section perform the following actions: Select the Select action automatically variant (if the automatic protection mode is enabled). In this case System Watcher will automatically apply an action recommended by Kaspersky Lab specialists. Select the Prompt for action variant (if the interactive protection mode is enabled). In this case System Watcher will notify you of any suspicious activity detected in the system and will prompt for action: allow or block activity. Choose the Select action variant: Move file to Quarantine (malicious application will be moved to Quarantine). Terminate the malicious application (all processes of the malicious application will be terminated). Ignore (System Watcher takes no actions on the application).

5. Click the Apply button.

Rolling back actions performed by malware

544 | 746

Kaspersky CRYSTAL 2.0

You can use the product feature for rolling back the actions performed by malware in the system. To enable a roll-back, System Watcher should log the history of program activity. By default, Kaspersky PURE 2.0 rolls back relevant operations automatically when the protection components detect malicious activity (rolling back actions after malicious activity is detected in the system can be initiated either by the System Watcher component based on patterns of dangerous activity, or by Proactive Defense, and during virus scan task run or File Anti-Virus operation). When running in interactive mode, System Watcher prompts the user for action. You can specify the operation which should be performed whenever malicious activity is detected. The procedure of rolling back malware operations affects a strictly defined set of data. It causes no negative consequences for the operating system or data integrity on your computer. To configure rollback of malware operations, perform the following actions: 1. Open the application settings window. 2. In the left part of the window under Protection select System Watcher. 3. In the right part of the component settings in the Rollback of malware action s section specify actions that System Watcher should perform if it has a possibility to roll back changes made by a malicious program: Select the Select action automatically variant (if the automatic protection mode is enabled). In this case System Watcher will automatically apply an action recommended by Kaspersky Lab specialists. Select the Prompt for action variant (if the interactive protection mode is enabled). In this case System Watcher will notify you that rollback is necessary and will prompt for action: perform or cancel rollback. Select action If you choose the Select action variant, select an action from the drop-down list:

Roll back Do not roll back

545 | 746

Kaspersky CRYSTAL 2.0

Pay attention, you can limit the amount of data stored for rollback by clicking the corresponding box in the Limit data to be stored for rollback section.

546 | 746

Kaspersky CRYSTAL 2.0

Firewall
What is Firewall Today computers have become quite vulnerable when on the Internet. They are subjected not only to virus infections but other types of attacks as well that take advantage of vulnerabilities in operating systems and software. Kaspersky PURE 2.0 contains a special component Firewall - to ensure your security on local networks and the Internet. Firewall applies rules to all network connections. A Firewall rule is either an allowing or blocking action performed by Firewall once it detects a connection attempt. Protection against various types of attacks is performed on two levels: network and application. Protection on the network level is performed by using global packet filtration rules where network activity is allowed or blocked based on analyzing settings such as: packet direction; the data packet transfer protocol; and the outbound packet port. A network package is a block of information transferred in the network. As a rule the package consists of the header (package information, such as the creation date, size, recipient and etc), the body (the transferred information itself) and the ending (checking information which guarantees that the package was not changed during the transfer). Protection on the application level is applying application rules for using network resources to the applications installed on your computer. Like the network protection level, the application protection level is built on analyzing data packets for direction, transfer protocol, and what ports they use. However, on the application level, both data packet traits and the specific application that sends and receives the packet are taken into account. Using application rules helps you to configure more specific protection when, for example, a certain connection type is banned for some applications but not for others.

Enabling/disabling Firewall By default, Firewall is enabled. You can disable Firewall if needed. To enable or disable Firewall, perform the following actions: 1. Open the main application window. 2. In the top right corner click the Settings button. 3. In the left part of the window in the Protection section select the Firewall component. 4. In the right part of the window perform the following: uncheck the Enable Firewall box, if you need to disable the component. check the Enable Firewall box, if you need to enable the component.

547 | 746

Kaspersky CRYSTAL 2.0

5. In the Settings window click the Apply button. Changing the network status To ease configuration and application of network rules, all network space in Kaspersky PURE 2.0 is divided into security zones. Frequently, these security zones coincide with the subnetworks into which the computer is included. You can specify manually the status to each zone. The policy of rules application and control of network activity in this zone are defined based on the assigned status: Public network (Internet). We recommend that you select this status for networks not protected by any anti-virus applications, firewalls or filters (for example, for Internet cafe filters). Users of such networks are not allowed to access to files and printers located on or connected to your computer. Even if you have created a shared folder, the information in it will not be available to users from networks with this status. If you allowed remote access to the desktop, users of this network will not be able to obtain it. Filtering of the network activity for each application is performed according to the rules for this application. By default, this status is assigned to Internet. Local network. We recommend that you assign this status to networks to which users you wish to grant access to files and printers on your computer (for example, for your internal corporate network or home network). 548 | 746

Kaspersky CRYSTAL 2.0

Trusted network. This status is only recommended for areas that you consider absolutely safe within which your computer will not be subjected to attacks or unauthorized attempts to gain access to your data. If you select this status, all network activity is allowed within this network. You can specify manually the status of a new network in the notification window which appears once a new network is detected. In order to change the network connection status, perform the following actions:

1. In the settings window of the Firewall component in the Networks section right-click the required connection. 2. From the context menu select the necessary network status (Public, Local or Trusted network).

3. Click the Apply button. Firewall rules There are two Firewall rule types, used to control network connections: Packet rules are used to create general restrictions on network activity, regardless of the applications installed. Example: if you create a packet rule that blocks inbound connections on port 21, no applications that use that port (an ftp server, for example) will be accessible from the outside. 549 | 746

Kaspersky CRYSTAL 2.0

Rules for applications are used to create restrictions on network activity for specific applications. Example: If connections on port 80 are blocked for each application, you can create a rule that allows connections on that port for Firefox only.

Packet rules have higher priority than application rules. If both packet rules and rules for applications are applied to the same type of network activity, this network activity is processed using the packet rules. Creating a packet rule All network connections on your computer are monitored by Firewall. Firewall assigns a specific status to each connection and applies various rules for filtering of network activity depending on that status, thus, it allows or blocks a network activity. Packet rules are used in order to restrict packets transferring regardless applications. You can specify an action performed by Firewall if it detects the network activity: Allow Block By application rules. The packet rule is not used, but the rule for the application is used. The Allow or Block rules can be logged. In order to do this, check the Log events box in the Action section. To create a packet rule, for example, to allow remote access to your computer desktop, please do the following: 1. In the right part of the Firewall settings window in the Network rules section, click the Settings button.

550 | 746

Kaspersky CRYSTAL 2.0

2. In the Firewall window go to the Packet rules tab. 3. Click the Add button. In the Network rule window that opens specify the settings for a rule.

551 | 746

Kaspersky CRYSTAL 2.0

4. In the Network rule window in the Action section select the Allow variant.

5. In the Name section click an arrow Desktop item.

next to the input field and select the Remote

552 | 746

Kaspersky CRYSTAL 2.0

6. In the Address section select Any address. 7. Check the Log events box if you want to log actions performed according to the rule.

8. In the Network rule window click the OK button. The created rule appears in the list of packet rules on the Packet rule tab.

553 | 746

Kaspersky CRYSTAL 2.0

9. In the Firewall window click the OK button. 10. In the Settings window click the Apply button. Now any user has remote access to your desktop.

554 | 746

Kaspersky CRYSTAL 2.0

Editing packet rules All packet rules (default or created by the user) can be edited. For example, if you want to block remote access to your computer desktop, then edit the Remote Desktop packet rule: 1. In the right part of the Settings window of the Firewall component in the Network rules section click the Settings button.

2. In the Firewall window go to the Packet rules tab. 3. In the list of packet rules select the Remote Desktop rule.

555 | 746

Kaspersky CRYSTAL 2.0

4. Click the Edit button. In the Network rule window that opens you can edit the settings of the selected rule. 5. In the Action section change the Allow variant to Block. 6. In the Address section select the Subnet address variant and choose the Public networks item from the displayed list.

556 | 746

Kaspersky CRYSTAL 2.0

7. In the Network rule window click the OK button. 8. The made changes are displayed in the Firewall window on the Packet rules tab in the list of packet rules: for the Remote Desktop rule the network type in the Address column will change to Public networks, and an allowing icon in the Permission column will change to a blocking icon.

9. In the Firewall window click the OK button. 10. In the Settings window click the Apply button. Now only users of local and trusted networks have access to your computer desktop Creating application rules You can create applications22 rules for more subtle filtering of the network activity, edit rules for a group of applications or for an individual application in a group. Custom rules for individual applications have a higher priority than the rules inherited from a group. When creating an application rule, you can define an action to be performed by Firewall upon detection of this type of the network activity when working with an application: Allow; Block; Prompt (user) for action. An allowing or blocking action of a rule can be displayed in a report, for this during the rule creation in the Action section, check the Log events box.

22

Application rules monitor connections only by TCP and UDP protocols.

557 | 746

Kaspersky CRYSTAL 2.0

To create a rule for an individual application, for example a rule blocking the QIP internet pager any network activity outside your local and trusted networks, perform the following actions: 1. In the right part of the Settings window in the Network rules section click the Settings button. 2. In the Firewall window on the Application rules tab select QIP 2012.

3. Click the Edit button. 4. In the Application rules window that opens, go to the Network rules tab. 5. At the top of the window click the Add button.

558 | 746

Kaspersky CRYSTAL 2.0

6. In the Network rule window perform the following actions: In the Action section select the Block action; In the Name section select the Any network activity service; In the Address section select the Subnet address variant and in the displayed list select Public networks; Check the Log events box if you want to log actions performed according to the rule; Click the OK button.

559 | 746

Kaspersky CRYSTAL 2.0

7. The created rule will appear in the Application rules window on the Network rules tab in the list of rules for QIP 2012.

560 | 746

Kaspersky CRYSTAL 2.0

8. Click the OK button in the Application rules window. 9. In the Firewall window click the OK button. 10. In the Settings window click the Apply button Editing an application rule For the default network rules created by Kaspersky PURE 2.0 you can edit only an action (such rules cannot be deleted). For this, perform the following actions: 1. In the right part of the Settings window in the Network rules section click the Settings button. 2. In the Firewall window on the Application rules tab select a required application. 3. Click the Edit button. In the Application rules window that opens, go to the Network rules tab. 4. From the list of rules for an application, select a rule whose action you want to change. 5. In the Permission column for the selected rule right-click the action icon. 6. From the context menu select the required action: Allow Block Prompt for action

7. In the Application rules window click the OK button. 8. In the Firewall window click the OK button. 9. In the Settings window click the Apply button. 561 | 746

Kaspersky CRYSTAL 2.0

For a network rule created by the user you can edit all earlier created settings. For this, perform the following actions: 1. In the right part of the Settings window in the Network rules section click the Settings button. 2. In the Firewall window on the Application rules tab select an application whose rule you want to edit. 3. Click the Edit button. In the Application rules window that opens, go to the Network rules tab. 4. From the list of rules select a rule you want to edit. 5. Click the Edit button.

6. In the Network rule window change the required settings.

562 | 746

Kaspersky CRYSTAL 2.0

7. In the Network rule window click the OK button. 8. In the Application rules window click the OK button. 9. In the Firewall window click the OK button. 10. In the Settings window click the Apply button. Configuring network service When creating any network rule you should specify the network service. Settings characterizing the activity of the network for which a rule is created are described by the network service. You can select type of the network activity from the list or create a new type. Network service includes the following parameters: Name. Preferably use the names which would explicitly describe the rule. For example, DNS over TCP.

563 | 746

Kaspersky CRYSTAL 2.0

Protocol. Firewall restricts connections via TCP, UDP, ICMP, ICMPv6, IGMP and GRE 23 protocols. If protocol ICMP or ICMPv6 was selected as the protocol, you can specify the type and the code of the ICMP packet.

Direction. Firewall controls connections with the following directions: Inbound. A rule is applied to data packets received by your computer.

23

TCP, UDP, ICMP, ICMPv6, IGMP, GRE are protocols (sets of rules) of the data transfer in the network. ICMP-packet is a packet which contains the error message about the error or any other exceptional situation which occurred during the data transfer. The fields code and type of the ICMP-packet correspondingly contain the type and code of the occurred situation.

564 | 746

Kaspersky CRYSTAL 2.0

Inbound (stream). The rule is for network connections created from another computer. Inbound/Outbound. The rule is for inbound and outbound data packets and data streams regardless the direction. Outbound. A rule is applied to data packets transferred from your computer. Outbound (stream). The rule is only for network connections created by your computer.

Remote and Local ports. You can specify ports which are used by your and remote computers for TCP and UDP protocols. These ports will be controlled by Firewall.

Allocating range of IP-addresses While creating the rule's conditions you can specify the network service and the network address. You can use an IP address as the network address or specify the network status. In the latter case the addresses will be copied from all networks that are connected and have the specified status at this moment. You can select one of the following statuses:

565 | 746

Kaspersky CRYSTAL 2.0

Any address the rule will be applied to any IP address; Subnetwork addresses with status the rule will be applied to IP addresses of all networks that are connected and have the specified status at the moment: Trusted networks Local networks Public networks Addresses from group the rule will be applied to IP addresses included into the specified range. Select one of the existing groups of addresses. If no range of IP addresses in any group satisfies you, create a new one.

566 | 746

Kaspersky CRYSTAL 2.0

For this perform the following steps: 1. At the bottom part of the section click on the Add link.

2. In the IP address or DNS name window specify the addresses from the group.

3. Click the OK button. 4. In the Network rule window click the OK button. A method to allocate IP-addresses using Classless Inter-Domain Routing (CIDR) 24 has been implemented in Kaspersky PURE 2.0. CIDR uses Variable Length Subnet Mask (VLSM) whereas in Class Inter-Domain Routing the mask length is strictly set by 0, 1, 2 or 3 bytes. For example, lets take a record of the range of IP-addresses as 10.96.0.0/11. In this case the subnet mask will look as 11111111 11100000 00000000 00000000, or as 255.224.0.0 in a decimal view. 11 bits of the IP-address are allocated to the number of network; the other 21

24

CIDR (Classless InterDomain Routing, CIDR) is the method of IP-addressing which allows managing the range of IP-address flexibly, without rigid frames of the Class Inter-Domain Routing. CIDR allows using the end resource of IP-addresses economically, thus enhancing efficiency of KSOS 2.

567 | 746

Kaspersky CRYSTAL 2.0

bits (32-11= 21) of the full address are allocated to the local address in the network. To sum up, 10.96.0.0/11 is a range of addresses from 10.96.0.1 to 10.127.255.255. Remember, when defining CIDR-addressing in the networks of the IP-protocol version 4 (IPv4) in any case the rule will be applied to the whole network. To convert IP-addresses into CIDR Kaspersky Lab experts recommend using any web site which provides free service of converting IP-addresses to CIDR-addressing (for example, the web site http://ip2cidr.com/). Extending the range of IP addresses Each network matches one or more ranges of IP address. If you connect to a network, access to subnetwork of which is performed via a router, you can manually add subnetworks accessible through it. Example: You are connecting to the network in an office of your company and wish to use the same filtering rules for the office where you are connected directly and for the offices accessible over the network. Obtain network address ranges for those offices from the network administrator and add them. To extend the range of network address, please perform the following: 1. In the right part of the Firewall settings window in the Networks section select an active connection and click the Edit button.

568 | 746

Kaspersky CRYSTAL 2.0

2. In the Network connection window on the Properties tab in the Additional subnetworks section click the Add link.

3. In the IP address window specify an IP address or address masks.

4. Click the OK button. 5. In the Network connection window click the OK button. 6. In the Settings window click the Apply button. Changing the rule for a group of applications Firewall analyzes the activity of each application running on your computer. Depending on the threat rating, every application is included to one of the following groups: 25 Trusted . Trusted applications are applications with digital signatures of trusted vendors and applications signatures of those are included to the trusted applications database. Activities of such applications are monitored by Proactive Defense and File Anti-Virus.

25

Applications of that group are allowed to perform any network activity irrespectively of the network status.

569 | 746

Kaspersky CRYSTAL 2.0

Low Restricted26. Low restricted applications are applications which are without digital signatures of trusted vendors and which are not included to the trusted applications database. Nevertheless, the low risk rating is assigned to such applications. 27 High Restricted . High restricted applications are applications without digital signatures and which are not included to the trusted applications database. The high risk rating is assigned to such applications. 28 Untrusted . Untrusted applications are applications without digital signatures and which are not included to the trusted applications database. Very high risk rating is assigned to such applications. You can modify rules for a whole group.

Custom rules for individual applications have a higher priority than the rules inherited from a group. If you create an allowed rule for a whole group of applications and a prohibited rule for a certain application from this group, then any network activity of a certain application will be restricted according to a rule for this application, because it has a higher priority level. In order to change rules for a group of applications, for example, if you want that low restricted programs would have unrestricted rights to the network activity within the local networks, perform the following actions: 1. In the right part of the settings window of the Firewall component in the Network rules section click the Settings button.

26

Applications of that group are allowed to perform any network activity in non-interactive mode. If you are using the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection, or create an application rule using the Wizard. 27 Applications of that group are not allowed to perform network activity in non-interactive mode. If you are using the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection, or create an application rule using the Wizard. 28 Any network activity is prohibited for the applications of that group.

570 | 746

Kaspersky CRYSTAL 2.0

2. In the Firewall window go to the Application rules tab. 3. Select the Low restricted group of applications. 4. Click the Edit button.

571 | 746

Kaspersky CRYSTAL 2.0

5. In the Group rules window go to the Network rules tab and click the Add button.

6. In the Network rule window in the Action section select Allow, and in the Name section select Any network activity and click the OK button.

572 | 746

Kaspersky CRYSTAL 2.0

7. In the Network rule window click the OK button. 8. In the Firewall window click the OK button. 9. In the Settings window click the OK button. Now all applications of the Low Restricted group have unrestricted right to the network activity. Changing the rule priority The priority of a rule is determined by its position on the list of rules. The first rule on the list has the highest priority. Each packet rule created manually will be added to the end of the list of packet rules. Application groups are integrated by the name of the program and rule priority applies to a definite group only. Manually created rules for applications have a higher priority, than the rules inherited from the group. To change the rule priority, please perform the following actions: 1. In the right part of the settings window of the Firewall component in the Network rules section click the Settings button. 2. In the Firewall window go to the Application rules tab select the required application. 3. Click the Edit button. 4. The Application rules window opens. Go to the Network rules tab. 5. Select a rule and move it to the required place in the list by clicking the Move up and Move down button.

573 | 746

Kaspersky CRYSTAL 2.0

6. In the Application rules window click the OK button. 7. In the Firewall window click the OK button. 8. In the Settings window click the Apply button. Configuring notifications of changes in the network Network connection settings can be changed during the work. You can receive notifications of the following modifications in the settings: When network connection is established. When the correspondence between MAC address and IP address is changed. The notification will appear if IP address of a network computer was changed. When new MAC address appears. The notification appears if a new computer was added to the network. Pay attention, that notifications about changes in the work can be configured only for the networks with the status Local or Trusted network.

574 | 746

Kaspersky CRYSTAL 2.0

To enable notification about changes to network connection settings, please perform the following: 1. In the right part of the Firewall settings window in the Networks section select an active connection and click the Edit button.

2. In the Network connection window go to the Additional tab. 3. Check the boxes next to the events whose notifications you want to receive.

575 | 746

Kaspersky CRYSTAL 2.0

4. In the Network connection window click the OK button. 5. In the Settings window click the Apply button. Advanced Firewall settings You can specify additional settings of the Firewall operation: Allow active FTP mode. Active mode suggests that to ensure connection between the server on the client computer a port to which the server will connect will be opened on the client computer (unlike the passive mode when the client connects to the server). The mode allows to control which exactly port will be opened. The mechanism works even if a blocking rule was created. By default, active FTP mode is allowed. Block connections if there is no possibility to prompt for action (application interface is not loaded). This setting allows to avoid disruption of the Firewall operation when the interface of Kaspersky PURE 2.0 is not loaded. This is the default action. Do not disable Firewall until the system totally stops. This setting allows to avoid disruption of the Firewall operation until the system is completely stopped. This is the default action. By default all settings are enabled. To modify advanced Firewall settings, please perform the following: 1. In the right part of the Firewall settings window in the Network rules section click the Settings button.

576 | 746

Kaspersky CRYSTAL 2.0

2. In the Firewall window go to the Packet rules tab and click the Additional button.

577 | 746

Kaspersky CRYSTAL 2.0

3. In the Additional window check or uncheck the boxes next to the required settings and click the OK button.

4. In the Firewall window click the OK button. 5. In the Settings window click the Apply button. Firewall working features When working with the Firewall component you should remember about the following peculiarities: Firewall rules do not influence Network Attack Blocker; For the zone Local network ICMP packages are always allowed.

578 | 746

Kaspersky CRYSTAL 2.0

Proactive Defense
What is Proactive defense To protect your computer both from already known and new threats, whose information is not included into the anti-virus databases, the Proactive Defense module has been added to Kaspersky PURE 2.0. The component controls and analyzes all types of activities on the computer using the set of heuristics templates of the applications suspicious behavior. If, as a result of activity analysis, the sequence of an application's actions arouses suspicion, Proactive Defense blocks the activity of this application. However, you can create a group of trusted applications, whose activity will not be controlled by Proactive Defense. In order to increase the response time to new threats a special functionally support of updatable heuristics is embedded into Kaspersky PURE 2.0, additionally to the static sets of heuristics. Updatable heuristics are a regularly updated set of templates (signatures) of the programs' dangerous behavior. Unlike previous product version upon detection of a new virus or new modification of the already known malware the new technology allows updating not the whole module of Proactive Defense, but adding a new signature to the heuristics database and updating it together with the anti-virus databases of the product. Besides, the possibility of regular update, the heuristics database also supports trial behavior templates. If Proactive Defense according to one of these templates detects the application behavior as suspicious, then a special report is sent to Kaspersky Lab via Kaspersky Security Network (KSN) (in case the user confirmed to participate in KSN).

Enabling/disabling Proactive Defense By default, Proactive Defense is enabled. To pause or disable Proactive Defense, perform the following actions: 1. Open the main application window. 2. In the top right corner of the window click the Settings button. 3. In the left part of the window, in the Protection section, select the Proactive Defense component. 4. In the right part of the window, perform the following actions: Uncheck the Enable Proactive Defense box, if you want to disable the component. Check the box, if you want to enable the component. 5. In the bottom right corner of the Settings window click the Apply button.

579 | 746

Kaspersky CRYSTAL 2.0

Configuring Proactive defense settings Creating group of trusted applications excluded from Proactive Defense scan You can create a group of trusted applications exerting activity that should not be controlled by Proactive Defense. By default, the list of trusted applications includes applications with verified digital signatures and applications that are trusted in the Kaspersky Security Network database. To change the settings of the trusted applications group, perform the following actions: 1. In the right part of the window, in the Trusted applications section, perform the following check the boxes: Applications with digital signature; Trusted in Kaspersky Security Network database.

580 | 746

Kaspersky CRYSTAL 2.0

2. In the bottom right corner of the Settings window click the Apply button. You can also create your own list of applications, whose activity will not be controlled by Proactive Defense. For this, perform the following actions: 1. In the Settings window select Protection. 2. In the left part of the window select the Threats and Exclusions section. 3. In the right part of the Settings window in the Exclusions section click the Settings button.

581 | 746

Kaspersky CRYSTAL 2.0

4. In the Trusted zone window go to the Exclusion rules tab and click the Add button.

582 | 746

Kaspersky CRYSTAL 2.0

5. In the Exclusion rule window in the Properties section check the Object box, in the Rule description section click the Select object link.

6. In the Object name window perform the following actions: Click the Browse button and add a file of an application whose activity will not be monitored by Proactive Defense Check the Include subfolders box if a rule is created for several and more files Click the OK button.

583 | 746

Kaspersky CRYSTAL 2.0

7. In the Exclusion rule window in the Rule description section in the Protection components line click the any link, then click the specified: select components link.

8. In the Protection components window check the Proactive Defense component and click the OK button.

9. In the Exclusion rule window click the OK button. Following these steps, create a list of applications excluded from Proactive defense scan.

584 | 746

Kaspersky CRYSTAL 2.0

Modifying rules of Proactive defense The Proactive Defense component controls and analyzes behavior of all applications installed on the computer. Based on the performed actions Kaspersky PURE 2.0 decides whether an application is dangerous or not. The following activity can be referred to as dangerous or malicious software behavior: Activity typical of P2P-worms; Activity typical of Trojan programs; key-loggers; hidden installation of a driver; modifying kernel of the operating system; hidden object; hidden process (with a negative identifier); activity typical of worms; redirection of input-output. If necessary, you can disable control of any activity. Each suspicious activity (event), executed by an application in the operating system, has a rule according to which Proactive Defense acts. You can define how Proactive Defense will act upon detection of this or that activity: Prompt user for action; Move an object to quarantine; Terminate Allow a process. To configure the Proactive Defense rules, perform the following actions: 1. In the right part of the component settings window click the Settings button.

585 | 746

Kaspersky CRYSTAL 2.0

2. In the Proactive Defense window in the Event column check the events which Proactive Defense will treat as suspicious. 3. To select a specific rule, select an event from the list. 4. In the Rule description section select an action for Proactive Defense to perform upon detection of the activity type: Click the link in the Action line. In the Select action window select the required action and click the OK button.

586 | 746

Kaspersky CRYSTAL 2.0

Define a time interval (for activity of hidden objects and processes only) at which Proactive Defense will check the operating system for hidden processes and objects: Click a link in the Period line. In the Hidden processes detection window set a time interval and click the OK button.

5. Enable or disable report creation on the operation execution by clicking the On or Off link in the Report line. In the Proactive Defense window click the OK button. 6. In the Settings window, click the OK button to save the changes. To view a report on the Proactive Defense operation, perform the following actions: 1. Open the main application window. 2. In the top right corner of the window click the Reports button. 3. In the Reports window click the Detailed report button. 4. In the left part of the Detailed report window select the Proactive Defense item. 5. A report about the component operation will be displayed in the right part of the window.

587 | 746

Kaspersky CRYSTAL 2.0

Network Attack Blocker


What is Network Attack Blocker The Network Attack Blocker from Kaspersky PURE 2.0 loads during the operating system launch, and scans incoming network traffic for activities characteristic of network attacks. Network attack is a network activity aimed to remotely perform (usually malicious) actions on the computer. Vulnerabilities in the operating systems and/or installed programs are used for network attacks. As soon as an attempt to attack the computer is detected, Network Attack Blocker blocks any network activity of the attacking computer towards your computer with Kaspersky PURE 2.0 installed. A notification will appear on the screen that a network attack has been attempted, with specific information about the computer that attacked you. Descriptions of currently known network attacks and methods to fight them are provided in application databases and are updated upon update of databases. Enabling/Disabling Network Attack Blocker By default, Network Attack Blocker is enabled and functions in the optimal mode. You can disable Network Attack Blocker if necessary the following way: 1. Open the application settings window. 2. In left part of the window in the Protection section select the Network Attack Blocker component. 3. In the right part of the window perform the following actions: If you need to disable the component, uncheck the Enable Network Attack Blocker box. If you need to enable the component, check the Enable Network Attack Blocker box. 4. In the Settings window click the Apply button.

588 | 746

Kaspersky CRYSTAL 2.0

Changing blocking settings By default, Network Attack Blocker blocks the activity of a computer making an attack for one hour. You can cancel blockage of the selected computer or change the time of blockage. To change the time for which the attacking computer will be blocked: 1. In the right part of the Settings window check the Add attacking computer to list of blocked computers for box and enter the blocking time. 2. Click the Apply button.

589 | 746

Kaspersky CRYSTAL 2.0

To unblock an attacking computer, perform the following actions: 1. Open the application main window. 2. Select the Computer Protection section.

590 | 746

Kaspersky CRYSTAL 2.0

3. In the bottom left corner of the Protection Center window click the Network Monitor window.

591 | 746

Kaspersky CRYSTAL 2.0

4. In the Network Monitor window on the Blocked computers tab select a blocked computer and unblock it using the Unblock link.

592 | 746

Kaspersky CRYSTAL 2.0

Anti-Spam
What is Anti-Spam The Anti-Spam component filters all incoming mail for unwanted mail (spam) and sorts it according to the settings configured by the user. Enabling/Disabling Anti-Spam By default, the Anti-Spam component is enabled and functions in the optimal mode. In order to enable or disable Anti-Spam in Kaspersky PURE 2.0, perform the following actions: 1. Open the main application window. 2. In the top right corner of the widow click the Settings button. 3. In the left part of the window in the Protection section select the Anti-Spam component. 4. In the right part of the window in the Anti-Spam section perform the following actions: If you want to enable the component, check the Enable Anti-Spam box. If you want to disable the component, uncheck the Enable Anti-Spam box.

5. In the Settings window click the Apply button.

593 | 746

Kaspersky CRYSTAL 2.0

Security levels of Anti-Spam The Anti-Spam component uses two methods to fight spam. Using the first (exact) method, Anti-Spam defines a message as unwanted by typical phrases, unwanted senders (whose addresses are already added to the Anti-Spam database), malicious or phishing links. The second (expert) method allows to evaluate probability of spam, based on the analysis of the text in the message and its service information. A security level is a set of predefined Anti-Spam settings which provide a scan level of incoming and outgoing messages. Kaspersky Lab specialists distinguish three security levels: High. This security level should be used if you receive spam frequently; for example, while using free mail services. When you select this level, the frequency of false positives rises: that is, useful mail is more often recognized as spam. When analyzing a message for spam the Anti-Spam component calculates the potential rating: if the rating exceeds 50 but does not reach 80, the message is considered to be potential spam. If the rating exceeds 80, then such message is labeled as spam. Recommended. This security level should be used in most cases. When analyzing a message for spam the Anti-Spam component calculates the potential rating: if the rating exceeds 60 but does not reach 90, the message is considered to be potential spam. If the rating exceeds 90, then such message is labeled as spam. Low. This security level should be used if you rarely receive spam, for example, if you are working in a protected corporate email environment. When this level is selected, spam and potential spam messages are less frequently recognized. When analyzing a message for spam the Anti-Spam component calculates the potential rating: if the rating exceeds 80 but does not reach 90, the message is considered to be potential spam. If the rating exceeds 99 out of 100, then such message is labeled as spam. To modify the security level in Anti-Spam, perform the following actions: 1. In the component settings window in the Security level section drag the vertical slider to the necessary position. 2. In the Settings window click the Apply button.

594 | 746

Kaspersky CRYSTAL 2.0

Customizing security level To customize the security level of the Anti-Spam component, click the Settings button.

595 | 746

Kaspersky CRYSTAL 2.0

Exact methods On the Exact methods tab you can enable/disable filters which Anti-Spam will use to scan a message.

596 | 746

Kaspersky CRYSTAL 2.0

You can specify the range within which Anti-Spam will recognize messages as spam: If it contains phishing elements If it contains URLs from the database of malicious URLs Anti-Spam can compare links in mail messages with the list of suspicious and phishing web addresses. These lists are included in the distribution kit of Kaspersky PURE 2.0. If a phishing or suspicious link is detected in a message, or if a message contains any phishing element, such message is recognized as spam. Clicking the Additional button next to the If it contains phishing elements box allows to enable heuristic analysis when scanning emails for phishing and to set the necessary detail level of analysis.

If it is not addressed to me In order to create a list of your addresses, perform the following actions: 1. In the Anti-Spam window on the Exact methods tab check the If it is not addressed to me box. 2. Click the My addresses button.

597 | 746

Kaspersky CRYSTAL 2.0

3. In the My Email Addresses window click the Add link. 4. In the Email address mask window enter an email address (for example, usekaspersky@kaspersky.com) and click OK.

Mask is a template string that a phrase or an address is compared against. Certain symbols in a mask are used to represent others: * substitutes any sequence of characters, ? any single character. If a mask uses such wildcards, it can match several phrases or addresses. If the * or ? character is a part of the sought phrase (e.g., What's the time?), it should be preceded with the \ character to ensure that Anti-Spam recognizes it correctly. Thus, instead of the * character you should use in masks the \* combination, the ? character should be represented as \? (e.g., What's the time\?). Sample phrase masks: Visit our * this mask corresponds to a message that begins with the words Visit our and continues with any text. Examples of address masks: admin@test.com the mask only matches the address admin@test.com. admin@* the mask matches the sender address with the admin name, for example, admin@test.com, admin@example.org. *@test* the mask matches the address of any message sender from a domain beginning with test, for example: admin@test.com, info@test.org. info.*@test.??? this mask corresponds to the address of any sender whose name begins with info. and whose mail domain name begins with test. and ends with any three characters, for example: info.product@test.com, info.company@test.org, not info.product@test.ru. 5. In order to quickly configure Anti-Spam on another computer, save the list of your email addresses to a file by clicking the Export button and saving the file to a specified location. At the next stage copy the file on any computer with Kaspersky PURE 2.0 installed, open the My Email Addresses window, click the Import link and specify the path to the address file.

598 | 746

Kaspersky CRYSTAL 2.0

6. To edit/delete a record, highlight the record and click Edit/Delete.

7. When the list is created, in the My Email Addresses window click the OK button. If it is from a blocked sender To create the list of blocked senders, perform the following actions: 1. On the Exact methods tab check If it is from a blocked sender box. 2. Next to the If it is from a blocked sender box click the Select button. 3. In the Blocked senders window click the Add link. 4. In the Email address mask window enter an email address (for example, usekaspersky@kaspersky.com) and click OK.

5. When the list is created, in the Blocked senders window click the OK button. 599 | 746

Kaspersky CRYSTAL 2.0

If it contains blocked phrases To create the list of blocked phrases, perform the following actions: 1. In the Anti-Spam window on the Exact methods tab check If it contains blocked phrases box. 2. Next to the If it contains blocked phrases box click the Select button. 3. In the Blocked phrases window check the boxes next to the listed phrases. All phrases in the list are selected by default. 4. To add a new phrase, click the Add link 5. In the Blocked phrase window enter a phrase (for example, viagra) or a phrase mask (for example, *viagra*). Specify the weighting coefficient for the entered phrase and click OK. 6. When the list is created, click the OK button in the Blocked phrase window

You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient.

600 | 746

Kaspersky CRYSTAL 2.0

Kaspersky Lab experts have compiled the list of obscene words included in the distribution package of Kaspersky PURE 2.0. The list contains obscene words that indicate with a high probability that the message is spam if present. You can supplement the list by adding complete phrases and their masks to it. For this perform the following actions: 1. In the Blocked phrases window check the Block if contains obscene words box. Click the obscene words link to open the Explicit language window.

Before opening the Explicit language window you have to confirm you are of age.

601 | 746

Kaspersky CRYSTAL 2.0

2. Click the Add link and open the Blocked phrase window.

3. Enter an entire phrase or a phrase mask, specify the weighting coefficient and click the OK button.

You do not have to delete a mask to stop using it; unchecking the corresponding box next to it will be sufficient. You can also configure to give the useful status (which does not refer to the Spam and Probable Spam categories) to the following emails: If it is from an allowed sender In order to create a list of allowed senders, perform the following actions: 1. On the Exact methods tab check the If it is from an allowed sender box.

602 | 746

Kaspersky CRYSTAL 2.0

2. Next to the checked box click the Select button. 3. In the Allowed senders window check the boxes next to allowed senders. If no sender has been added to the list, the list will be empty. To add a sender to the list, go to the next step. 4. To add a new sender: Click the Add link; In the Email address mask window enter email address (for example, usekaspersky@kaspersky.com) and click the OK button.

In Kaspersky PURE 2.0 all information about operation of the Anti-Spam component is received from the cloud which already contains the database of sample spam messages. However, you can additionally configure loading addresses from the list of Allowed senders. For this, in the Allowed senders window check the Add allowed senders addresses when training Anti-Spam box. If you want to disable the option, uncheck the box. 5. In the Allowed senders window click the OK button. If it contains allowed phrases To create the list of allowed phrases, which would not be considered by Anti-Spam as spam, perform the following actions: 1. On the Exact methods tab check the If it contains allowed phrases box. 2. Next to the checked box click the Select button. 3. In the Allowed phrases window check the boxes next to the listed phrases. If no phrase has been added, the list will be empty. To add a new phrase, go to the next step. 4. To add a new phrase: Click the Add link; In the Allowed phrase window enter a phrase (for example, kaspersky.com) and click the OK button. 603 | 746

Kaspersky CRYSTAL 2.0

5. When the list is ready, in the Allowed phrases window click the OK button.

Expert methods Anti-Spam can add appropriate labels to the message recognized after analysis as spam or potential spam. This value is called a spam factor. Having processed a message, Anti-Spam assigns one of the following statuses to it: Spam Probable spam Useful email On the Expert methods tab you can specify the maximum and the minimum values for the Spam and Probable spam rate, by changing the Anti-Spam security level.

604 | 746

Kaspersky CRYSTAL 2.0

In order to change the values of the spam rate, upon whose exceeding a status Spam/Probable Spam will be assigned to the message, move the corresponding horizontal sliders or specify a value using the arrow-buttons. In order to configure additional settings to define a spam factor in a message, perform the following actions: 1. In the Anti-Spam window on the Experts methods tab click the Additional button.

605 | 746

Kaspersky CRYSTAL 2.0

2. In the Additional window enable/disable the settings which influence the spam rate by checking/unchecking them.

3. Click the OK button. In the Recognition algorithms section check/uncheck the boxes:

606 | 746

Kaspersky CRYSTAL 2.0

Image recognition (GSG Technology) GSG technology allows to identify an image containing a text to further define if the text in the image is spam. A text is recognized irrespective if it was modified, angled on an image, or underwent any other trick of spammers.

Analysis of attachments in RTF format Anti-Spam analyzes documents in the RTF format for spam presence. Documents in the RTF format attached to email messages are most frequently used for spam delivery.

Heuristic analysis is always used. A technology is designed for detecting threats that cannot be identified using the application databases. It allows detection of objects suspected of being infected with an unknown virus or a new modification of known viruses. The use of heuristic analyzer detects up to 92% of threats.

Additional On the Additional tab you can: Change the component actions performed on messages recognized as spam/probable spam. Configure display of the component plug-in in different mail clients (Microsoft Office Outlook, Microsoft Outlook Express (Windows Mail), Thunderbird, The Bat!). Enable/disable training on outgoing messages. Enable/disable scan of Microsoft Exchange Server messages. To enable/disable additional settings, check/uncheck boxes next to the corresponding options and in the Anti-Spam window click OK.

607 | 746

Kaspersky CRYSTAL 2.0

Rollback to Anti-Spam default settings You can roll back to the default settings at any moment, after you have changed the AntiSpam parameters. For this, perform the following steps: 1. In the settings window of the Anti-Spam component in the Security level section click the Default level button. 2. In the Settings windows click the Apply button.

608 | 746

Kaspersky CRYSTAL 2.0

Training Anti-Spam Previous versions of Kaspersky PURE 2.0 required users to train the Anti-Spam module with a certain number of messages before it could begin operation. In Kaspersky PURE 2.0, the AntiSpam module does not require training because it has access to a cloud database of sample spam message.

609 | 746

Kaspersky CRYSTAL 2.0

Anti-Banner
What is Anti-Banner Anti-Banner is a protection component designed to block banners on web pages, whose addresses are added to the anti-virus databases of Kaspersky PURE 2.0. Ads on banners may distract you from your business activity while banner downloads increase the amount of inbound traffic.

Enabling/disabling Anti-Banner By default, the Anti-Banner component in Kaspersky PURE 2.0 is disabled. To enable Anti-Banner, perform the following actions: 1. Open the application settings window, by clicking the Settings button in the top right corner of the window. 2. In the left part of the Settings window select the Protection section, 3. Select the Anti-Banner component. 4. In the right part of the window, check the Enable Anti-Banner box. 5. Click the Apply button.

610 | 746

Kaspersky CRYSTAL 2.0

Selecting the scan method Anti-Banner may use various methods to scan addresses from which banner can be downloaded: Use common banner list. The lists of URL masks from which most common ads banners are downloaded are compiled by the Kaspersky Lab experts and are added to the product distribution kit. With the scan method enabled Anti-Banner blocks ads banners from the addresses which correspond to the masks in the list. If the scan method is disabled, then Anti-Banner does not block banners from the addresses in the list. By default, this scan method is enabled. Resolve IP-addresses to domain names. This box enables / disables automatic resolution of IP addresses to URLs on the lists of allowed / blocked banner addresses. This box is unchecked by default.

Use heuristic analysis. This technology detects threats which cannot be detected with the Kaspersky PURE 2.0 databases and allows to find objects suspicious for infection with an unknown virus or with a new modification of a known virus. 611 | 746

Kaspersky CRYSTAL 2.0

Heuristic analysis detects up to 92% of new threats. This mechanism is quite effective and has very rarely false detections. Files which are found by heuristics analyzer are considered to be suspicious. If the scan method is enabled, then Anti-Banner scans banners whose addresses are not added to the list of Kaspersky PURE 2.0 distribution package. Anti-Banner evaluates the downloaded images by the presence of identifier typical for banners. Based on such analysis Anti-Banner identifies the image as a banner and blocks it. By default, this scan method is disabled. You can specify which methods should be used by Anti-Banner. For this, perform the following actions: 1. In the right part of the window, in the Scan methods group, check the boxes next to the names of the methods that should be used.

2. Click the Apply button. Creating the list of blocked and allowed banner addresses Additionally to the scan methods Anti-Banner checks the banner addresses with the masks from the list of blocked or allowed addresses if they are used.

612 | 746

Kaspersky CRYSTAL 2.0

Using the lists of blocked and allowed banners addresses, you can allow banners to be downloaded for a specified group of addresses and block them for another group. Create a list of blocked address masks to let Anti-Banner block download and display of banners from the addresses that correspond to those masks. Create a list of allowed address masks to let AntiBanner download and display banners from the addresses that correspond to those masks. To create a list of blocked addresses, do the following: 1. In the right part of the Settings window of the Anti-Banner component, in the Additional section, check the Use the list of blocked URLs box. 2. Click the Settings button.

3. Click the Add button, to add a new mask. 4. In the Address mask (URL) window enter a blocked banner mask and click the OK button.

613 | 746

Kaspersky CRYSTAL 2.0

5. When all the necessary masks are added, in the Blocked URLs window click the OK button. 6. In the Settings window click the Apply button. You do not have to delete a mask to stop using it, unchecking the corresponding box next to it will be sufficient for the purpose. To create and use the list of allowed addresses, perform the following actions: 1. In the right part of the Settings window of the Anti-Banner component, in the Additional section, check the Use the list of allowed URLs box. 2. Click the Settings button.

614 | 746

Kaspersky CRYSTAL 2.0

3. Click the Add button, to add a new mask. 4. In the Address mask (URL) window enter an allowed banner mask and click the OK button.

5. When all the necessary masks are added, in the Allowed URLs window click the OK button.

615 | 746

Kaspersky CRYSTAL 2.0

6. In the Settings window click the Apply button. To exclude a mask from the list of allowed URLs, uncheck the corresponding box next to the address mask.

Exporting and importing the lists of addresses After you have created the lists of allowed or blocked banner addresses, you can use them repeatedly: for example, export banner addresses to a similar list on another computer with Kaspersky PURE 2.0 installed on it. To do this: 1. Make export copy records from the list into a file. 2. Move the file you have saved to another computer (for example, send it by email or use a removable data medium). 3. Make import add the records from the file to the list of the same type on another computer. While exporting the list, you can copy either the selected list element only, or the entire list. While importing the list, you can add the new elements to the existing list, or replace the existing list with the one being imported.

616 | 746

Kaspersky CRYSTAL 2.0

To export banner addresses from the list of allowed or blocked URLs, perform the following steps: 1. In the right part of the Settings window of the Anti-Banner component, in the Additional section, click the Settings button located in the line with the name of the list from which you should copy addresses into a file (list of blocked or allowed URLs).

2. In the window that opens, check the boxes next to the addresses that you need to include in the file. 3. Click the Export button. 4. In the window, take one of the following actions: click the Yes button if you need to include only selected addresses in the file; click the No button if you need to include the entire list in the file.

617 | 746

Kaspersky CRYSTAL 2.0

5. In the Save as window, enter a name for the file you want to save and click the Save button. To import banner addresses from a file to the list of allowed or blocked URLs, perform the following actions: 1. In the right part of the Settings window of the Anti-Banner component, in the Additional section, click the Settings button located in the line with the name of the list into which you need to add addresses from a file (list of allowed or blocked URLs). 2. In the window that opens, click the Import button. 3. If the list is not empty, a window opens offering you to add items to be imported. In this window, take one of the following actions: click the Yes button if you want to add records from the file into the list; click the No button if you want to replace the existing records with the list from the file.

4. In the Open file window, select the file with the list of records that you want to import and click the Open button. 5. Click the OK button. 6. In the Settings window click the OK button.

618 | 746

Kaspersky CRYSTAL 2.0

Threats and exclusions


Detecting definite types of threats Kaspersky PURE 2.0 can detect hundreds thousands of malware programs that may reside on your computer. Some of these programs impose a greater threat for your computer, others are only dangerous when certain conditions are met. After the application detects a malware application, it classifies it and assigns to it a danger level (high or medium). Kaspersky Lab's virus analysts distinguish three main categories: Malware programs (Malware) are created with the purpose to damage a computer and its user, for example, to steal, block, modify or erase information, disrupt operation of a computer or a computer network. Malware programs are divided into three subcategories: Viruses and worms (Viruses\Worms) can create copies of themselves which are, in turn, capable of creating their own copies. Some of them run without user's knowledge or participation, others require actions on the user's part to be run. These programs perform their malicious actions when run. Trojan programs (Trojan programs) do not create copies of themselves, unlike worms and viruses. They sneak into a computer, for example, via e-mail or using a web browser when the user visits an "infected" website. To be launched they require user's actions and start performing their malicious actions as they run. Malware utilities (Malicious tools) are created specifically to inflict damage. However, unlike other malware programs, they do not perform malicious actions immediately as they are run and can be safely stored and run on the user's computer. Such programs have functions used to create viruses, worms and Trojan programs, arrange network attacks on remote servers, hacking computers or other malicious actions. Potentially unwanted programs (PUPs), unlike malware programs, are not intended solely to inflict damage. Potentially unwanted programs include adware, auto-dialers and other potentially unwanted programs. Adware display advertising information to the user. Auto-Dialers do not harm the system directly but in case of careless use may lead to considerable financial loses of the owner of the phone number from which dialing to a paid resource is performed. Other Riskware more often than not they are useful programs used by many computer users. However, if an intruder obtains access to these programs or install them to the user's computer, such intruder can use their functionality to breach the security. Compressed files. Such files exclude detecting malicious actions and make them difficult to be analyzed by heuristic methods. Potentially unwanted programs are installed using one of the following methods: They are installed by the user, individually or along with another program (for example, software developers include adware programs into freeware or shareware programs). They are also installed by intruders, for example they include such programs into packages with other malware programs, use "vulnerabilities" of the web browser or Trojan downloaders and droppers, when the user visits an "infected" website. 619 | 746

Kaspersky CRYSTAL 2.0

By default the following types of threats are detected in Kaspersky PURE 2.0: Viruses and worms (their detection cannot be disabled) Trojan programs (their detection cannot be disabled) Malicious tools Adware Auto-dialers Unknown packagers Multi-packed objects In order to enable/disable detection of some types of threats, perform the following actions: 1. In the upper part of the Settings window under Protection select the Threats and Exclusions subsection. 2. In the right part of the window in the Detection of the following threat types is enabled section click the Settings button.

3. In the Threats window check/clear the box(es) for the types of threats which should be\should not be detected.

620 | 746

Kaspersky CRYSTAL 2.0

4. In the bottom right corner of the window click OK. 5. In the Settings window click the Apply button.

Exclusions Trusted zone is a list of objects created by the user whose work is not controlled by the program. Namely, it is a set of exclusions from Kaspersky PURE 2.0 protection. Trusted zone is created based on the list of trusted applications and exclusion rules depending on the peculiarities of objects you are working with and programs installed on this computer. You may need to add objects to trusted zone, for example if Kaspersky PURE 2.0 blocks access to an object or program, while you are sure that this object/ program is harmless. For example, you consider that the objects used by the standard Microsoft Windows Notepad are secure and do not have to be scanned. In other words, you trust this application. To exclude the objects used by this process, add the application Notepad into the list of trusted applications. Some actions classified as dangerous can be normal indeed depending on application functions. For example, hooking the text being typed is a normal action for automatic keyboard layout switch programs (Punto Switcher, etc.). It is recommended to add such specific applications to the list of trusted applications to disable monitoring of their activity. When a program is added to the list of trusted, its file and network activity (including suspicious activity) and queries to the system registry are not monitored. At the same time an executable file and the process of a trusted program are still scanned for viruses. In order to fully exclude a program from scan, you should use exclusion rules. Excluding trusted applications from scan is a way to solve possible compatibility issues between Kaspersky PURE 2.0 and other software (for example, network traffic from another PC which has already been scanned by antivirus software). It also allows to increase performance of a computer, which is essential when using software for servers. 621 | 746

Kaspersky CRYSTAL 2.0

In their turn, exclusion rules of trusted zone allow to work with legal software which can be used by invaders to corrupt your computer or users data. Such programs do not have malicious functionality, but can be used as an auxiliary component of a malicious program. The list of such potentially dangerous software includes remote administrating programs, IRCclients, FTP-servers, various tools to stop processes or hide their work, key loggers, password breaking programs, auto-dialers and etc. As a result of work of Kaspersky PURE 2.0 such programs can be blocked. In order to avoid blocking, configure rules excluding such programs from scan. Exclusion rules are sets of conditions that Kaspersky PURE 2.0 uses to verify if it can skip an object during the scan. In all other cases an object will be scanned by protection components according to the protection settings configured for them. Exclusion rules of trusted zone can be used by some application components. For example, by File Anti-Virus, Mail Anti-Virus, Web Anti-Virus, and during scan for viruses tasks. Creating the list of trusted applications By default, Kaspersky PURE 2.0 scans objects opened, started or saved by any system process as well as controls activity of all programs and the created network traffic. Upon adding applications to the list of trusted applications, Kaspersky PURE 2.0 excludes them from scan. In order to add a program to the list of trusted, perform the following actions: 1. In the upper part of the Settings window select Protection > Threats and Exclusions. 2. In the right part of the window in the Exclusions section, click the Settings button.

622 | 746

Kaspersky CRYSTAL 2.0

3. In the open window on the Trusted applications tab click the Add link to open the menu. In the menu select one of the items: Browse. Selecting this item opens the standard browse window. In this window, you can select the executable file of an application. Applications. Selecting this item opens the Select application window with a list of applications currently running. You can select the required application from the list.

623 | 746

Kaspersky CRYSTAL 2.0

4. In the opened window Exclusions for application check the boxes for activities which should not be monitored.

You can modify the program scan settings or delete the program from the list using the corresponding links in the lower part of the list. In order to exclude a program from the list without deletion, clear the box next to the program name.

624 | 746

Kaspersky CRYSTAL 2.0

Creating exclusion rules If you use in your work programs classified by Kaspersky PURE 2.0 as illegal and which can be used by cyber criminals to harm either your computer or users data, you are recommended to configure exclusion rules for such programs. Exclusion rules are sets of conditions that Kaspersky PURE 2.0 uses to verify if it can skip an object during the scan. In Kaspersky PURE 2.0 you can create exclusion rules only for the following components: File Anti-Virus Mail Anti-Virus Web Anti-Virus Application Control Proactive Defense Scan. Exclusion rules allow adding exclusions by: Object - exclusion of a certain object, directory, or files that match a certain mask / format from scans. Threat type - exclude objects according the Virus Encyclopedia threat type classification. The following parameters can be configured/ modified for the Object type: Define file, folder or mask excluded from scan Define exclusions for subfolders, if a definite folder is given as an exclusion Define component(s) and tasks for which the exclusion will work For the Threat type you can define the name / mask of the threat type classification according to the Kaspersky Lab Virus Encyclopedia. 625 | 746

Kaspersky CRYSTAL 2.0

You can also define component(s) and tasks for which the exclusion will work. In order to create an Exclusion rule, perform the following actions: 1. In the upper part of the Settings window under Protection select Threats and Exclusions. 2. In the right part of the window in the Exclusions section click the Settings button. 3. In the open window on the Exclusion rules tab, click the Add link.

4. In the Exclusion rule window specify the rules properties by checking the boxes in the Properties section: Object Threat type

626 | 746

Kaspersky CRYSTAL 2.0

5. In the Rule description section click the select object link. 6. In the Object name window click the Browse button and select the file for which you are creating the rule. Select the necessary folder with the file or enter the full path to the file.

7. Check the option Include subfolders if the rule is created for more than one file. 8. In the Object name window, click OK. 9. If you have checked Threats type, then next to the Threat type option, click on the enter threat name... link, if you want to exclude a threat type.

627 | 746

Kaspersky CRYSTAL 2.0

10. In the Threat type window, enter the classification type according to the Virus Encyclopedia.

11. In the Threat type window, click OK. 12. In the Exclusion rule window in the Rule description section in the Protection components string click the specified: select components link.

628 | 746

Kaspersky CRYSTAL 2.0

13. In the Protection components window, define the components for which the exclusion rule will be applied.

629 | 746

Kaspersky CRYSTAL 2.0

14. Click OK. 15. In the Exclusion rule window, click on the OK button.

16. In the Trusted zone window click the OK button. 17. In the bottom right corner of the Settings window click the Apply button.

630 | 746

Kaspersky CRYSTAL 2.0

Settings. Scan
General settings
Background scan Kaspersky PURE 2.0 allows you to start scan tasks (scan of the system memory, system partition, and startup objects) and automatic update of anti-virus databases when your computer is idle or when screensaver is enabled. In order to configure background scan, perform the following actions: 1. In the application settings window select Scan. 2. In the left menu select General Settings. 3. In the Background scan section check Perform Idle Scan and Perform regular rootkit29 scan, if necessary.

29

Rootkits are sets of tools that can hide malicious programs in your operating system. These utilities are injected into the system, hiding their presence and the presence of processes, folders and the registry keys of other malicious programs installed with the rootkit, described in the rootkit configuration.

631 | 746

Kaspersky CRYSTAL 2.0

If your computer works from a battery, Kaspersky PURE 2.0 does not perform tasks while the computer is idle. A click upon the icon , takes you to the Kaspersky Lab Technical Support site, to the page with an article which describes how to enable scan task while your computer is idle.

Scanning removable drives on connection Nowadays, malicious objects using operating systems' vulnerabilities to replicate via networks and removable media have become increasingly widespread. Kaspersky PURE 2.0 allows to scan removable drives when connecting them to the computer. To configure scanning of removable media at connection, perform the following actions: 1. In the application settings window select Scan. 2. In the left menu select General Settings. 3. In the Scan removable drives on connection section select an action and define the maximum size of a drive to scan, if necessary. 4. In the Settings window click the Apply button.

632 | 746

Kaspersky CRYSTAL 2.0

Starting scan using a shortcut You can start full scan, critical areas scan and vulnerabilities scan tasks using a shortcut. A shortcut allows to start a scan task without opening an application window. To create a shortcut for a scan task, perform the following actions: 1. In the application settings window select Scan. 2. In the left menu select General Settings. 3. In the right part of the window in the Scan tasks quick run section click the Create shortcut button next to the required task: Full Scan, Critical Areas Scan, Vulnerability Scan.

4. In the Save as window specify the path for saving the shortcut and its name. By default, the shortcut is created with the name of the task in the Desktop folder of the current computer user

633 | 746

Kaspersky CRYSTAL 2.0

5. In the Settings window click the OK button. 6. On the Desktop find the created shortcut and double-click it to start a task.

634 | 746

Kaspersky CRYSTAL 2.0

Full Scan
Security levels A security level is a set of predefined scan settings. Kaspersky Lab specialists distinguish three security levels. You can set one of the following security levels: High. Use this level is the probability of computer infection is very high; Recommended. This is the optimal level for most cases and is recommended by Kaspersky Lab; Low. If you are using applications requiring considerable RAM resources, select the Low security level because the list of files under scan is reduced on this level. To select a security level, perform the following actions: 1. In the application settings window select Scan. 2. In the menu select the required task - Full Scan.

3. For the selected task in the Security level section select the required security level. 4. In the Settings window click the Apply button.

635 | 746

Kaspersky CRYSTAL 2.0

If none of the predefined security levels satisfies your needs, configure scan settings on your own. As a result of your actions the security level changes to Custom. When configuring scan task settings, you can always restore the recommended ones. They are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To restore the default scan settings, perform the following actions: 1. For the selected scan task in the Settings window in the Security level section click the Default level button. 2. In the Settings window click the Apply button.

Modifying type of scanned objects You can define on your own files of what format and size should be scanned during a selected scan task. To change the type of scanned objects, perform the following actions: 1. For the selected task in the Security level section click the Settings button.

636 | 746

Kaspersky CRYSTAL 2.0

2. On the Scope tab in the File types section select the required variant.

637 | 746

Kaspersky CRYSTAL 2.0

All files. Kaspersky PURE 2.0 scans files of all formats and extensions. Files scanned by format. If you select this option, Kaspersky PURE 2.0 only scans potentially infectious files i.e. files into which a virus may penetrate. Before searching for viruses an inner header of an object is analyzed for the file format (txt, doc, exe and etc). The file extension is also considered during scan. Files scanned by extension. In this case, Kaspersky PURE 2.0 only scans potentially infectious files i.e. files into which a virus may penetrate. At this, the file format is defined by its extension.

Files without extensions are always scanned! When selecting file types please remember the following:

Probability of penetration of malicious code into several file formats (such as .txt) and its further activation is quite low. At the same time, there are formats that contain or may contain an executable code (such as .exe, .dll, .doc). The risk of penetrating and activating malicious code in such files is quite high. The intruder can send a virus to your computer in an executable file renamed as txt file. If you have selected the scan of files by extension, such a file is skipped by the scan. If the scan of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the file header, and reveal that the file is an .exe file. Such a file would be thoroughly scanned for viruses.

3. Click OK.

638 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. Scan optimization You can shorten the scan time and speed up Kaspersky PURE 2.0. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. This mode applies both to simple and compound files. You can also set a restriction on scan duration for an object. When the specified time interval expires, the object will be excluded from the current scan (except for archives and files comprised of several objects). To optimize scan, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Scope tab in the Scan optimization section set the required settings: To scan only new and changed files, check the Scan only new and changed files box; To set restriction on scan duration for one object, check the Skip objects scanned longer than box and specify scan duration for one object.

3. Click the OK button. 4. In the Settings window click the Apply button.

639 | 746

Kaspersky CRYSTAL 2.0

Scan of compound files A common method of concealing viruses is to embed them into compound files: archives, databases, etc. To detect viruses that are hidden this way a compound file should be unpacked, which can significantly lower the scan speed. To modify the list of scanned compound files, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Scope tab in the Scan of compound files section select types of the scanned compound files.

For each type of compound file, you can select to scan either all files or only new ones. To make your selection, click the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed files only scan mode, you will not be able to select the links allowing you to scan all or new only files.

640 | 746

Kaspersky CRYSTAL 2.0

You can restrict the maximum size of the compound file being scanned. Compound files larger than the specified value will not be scanned. For this in the Scan of compound files section, click the Additional button. In the Compound files window check the Do not unpack large compound files box and specify the maximum size of scanned files.

3. Click the OK button. 4. In the Settings window click the Apply button. When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box is checked.

641 | 746

Kaspersky CRYSTAL 2.0

Selecting scan method Kaspersky PURE 2.0 uses various scan methods: Signature analysis. When performing signature analysis, Kaspersky PURE 2.0 uses databases that contain descriptions of known threats and ways of neutralizing them. Protection using signature analysis provides a minimal level of security. Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose operations allow to draw a conclusion about the nature of a file with a certain probability. The advantage of the method is that new threats are detected even before they are known to virus analysts. Additionally you can set the detail level for scans: light scan, medium scan, or deep scan. Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating system. These tools penetrate the system and mask their presence and the presence of processes, folders, registry keys of other malicious programs, described in the rootkit configuration. If you are scanning for viruses, you can enable the deep scan for rootkits by checking the Detailed scan box, which will scan carefully for these programs by analyzing a large number of various objects. These checkboxes are deselected by default, since this mode requires significant operating system resources.

The Signature analysis method is always enabled. To enhance the scan efficiency you can enable other scan methods. For this, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Additional tab in the Scan methods select the necessary scan methods.

642 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button. 4. In the Settings window click the Apply button. Selecting scan technology In addition to the scan methods you can use special technologies: iChecker is a technology that increases scan speed by excluding certain objects from the scan. An object is excluded from the scan with a special algorithm that uses the release date of Computer Protection databases, the date of the object's last scan, and any changes in the scan settings. There are limitations to iChecker: it does not work with large files and applies only to the objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf, .inf, .sys, .com, .chm, .zip, .rar). iSwift is a technology that builds on iChecker technology for computers using NTFS. There are limitations to iSwift: it is bound to a specific file's location in the file system and can apply only to objects in NTFS. The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the files that have not been modified since they were last scanned. By default, both technologies are used. To change the set of scan technologies, perform the following actions:

1. For the selected task in the Security level section click the Settings button. 2. On the Additional tab in the Scan technologies section select the required values.

3. Click the OK button.

643 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. Creating scan schedule In Kaspersky PURE 2.0 you can choose whether to start the full scan task manually or by schedule (automatically). If you select the Manually variant, then you can start the task at any time convenient for you. The scan process takes some time to be completed and you cannot use some applications installed on your computer during the scan process. Selecting the By schedule variant allows to configure the automatic start of the full scan task. If you select this variant, you can set the scan task frequency. In the schedule settings you can select one of the following frequencies: minutes, hours, days, every week, at a specified time, every month, after application startup, after every update. For every frequency you can specify the interval. For example, if you select Every month you can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.). To protect your computer, it would be optimal to perform full computer scan not less than one time a week. In order to schedule a scan task, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Run mode tab in the Schedule section select the required values. 3. Select By schedule and create a task launch schedule with the frequency and a definite time interval to start a scan task.

644 | 746

Kaspersky CRYSTAL 2.0

You can configure the program to automatically start a skipped scan task as soon as it becomes possible. For example, the computer was not on at that time when a full scan task was scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the Schedule section check the Run skipped tasks box. Scheduled tasks feature additional functionality, for example, you can pause scheduled scan when screensaver is inactive or computer is unlocked. This functionality postpones the task launch until the user has finished working on the computer. So, the scan task will not take up system resources during the work. 4. Click the OK button. 5. In the Settings window click the Apply button. Starting scan under a different account By default scan tasks are started under an account you registered in the system. If your account does not have enough rights, you can specify a different account under whose rights each scan task will be started. To specify an account, perform the following steps: 1. In the top part of the Settings window select Scan. 2. In the left menu select Full Scan. 3. In the right part of the window click the Run mode button. 4. On the Run mode tab in the User account section check the Run task as box. In the fields below specify the user name and password.

645 | 746

Kaspersky CRYSTAL 2.0

5. Click the OK button. 6. In the Settings window click the Apply button.

Actions over detected treats If infected or potentially infectious objects are detected, the application performs the specified action. Depending on your current preferences you can configure virus scan settings or allow the program to select an action. Default actions By default program chooses the actions on detected objects itself. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If an object gets an infected status, the application will try to disinfect such object. If disinfection fails, such object will be deleted. Before an object disinfection or deletion Kaspersky PURE 2.0 creates its backup copy in case you want to restore the object or the application can neutralize the threat.

646 | 746

Kaspersky CRYSTAL 2.0

Actions defined by the user You can also define an action to be performed for detected threats: Disinfect objects if possible; Delete if disinfection fails.

If the Disinfect objects if possible variant is selected, the program functions the following way: If the object can be disinfected, it will be disinfected and will return to the user. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. If the status of a virus is assigned to the object and its disinfection is impossible, the object is blocked and is added to the report about detected threats. You can select only the Delete variant, but in this case all objects will be deleted, even if they could be available for the user after disinfection.

647 | 746

Kaspersky CRYSTAL 2.0

Kaspersky Lab specialists recommend to select the following actions for the detected threats: Disinfect objects if possible; Delete if disinfection fails.

648 | 746

Kaspersky CRYSTAL 2.0

In this case the program performs the following actions over an object: Disinfect, if disinfection is possible. After disinfection you can continue your work with the object. Quarantine, if the program failed to define if the object is infected or not. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. Delete, if the virus status is assigned to the object and its disinfection is impossible. Actions for every detected object You can also specify actions for every detected object individually. For this enable Kaspersky PURE 2.0 interactive mode: 1. In the top part of the Settings window select the Protection section. 2. In the left menu select General Settings. 3. In the Interactive protection section, uncheck the Select action automatically box.

649 | 746

Kaspersky CRYSTAL 2.0

4. Click the Apply button. Interactive mode can only be enabled for the whole program. When the mode is enabled you will have to select an action for every object detected by any Kaspersky PURE 2.0 component. To specify an action over detected threats, perform the following actions: 1. In the top part of the Settings window select the Scan section. 2. In the left menu select the required task. 3. For the selected task in the Action on threat detection section specify the necessary action: Prompt when the scan is complete; Prompt on detection; Select action: Disinfect objects if possible; Delete if disinfection fails.

650 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. If the Select action option is enabled but no action is chosen, the application will block dangerous objects and quarantine them notifying the user about the quarantined objects.

651 | 746

Kaspersky CRYSTAL 2.0

The Delete, if disinfection fails options appears only if the Disinfect objects if possible box is checked.

Run mode and scan scope Run mode In Kaspersky PURE 2.0 you can choose whether to start the full scan task manually or by schedule (automatically). If you select the Manually variant, then you can start the task at any time convenient for you. The scan process takes some time to be completed and you cannot use some applications installed on your computer during the scan process. Selecting the By schedule variant allows to configure the automatic start of the full scan task. If you select this variant, you can set the scan task frequency. In the schedule settings you can select one of the following frequencies: minutes, hours, days, every week, at a specified time, every month, after application startup, after every update. For every frequency you can specify the interval. For example, if you select Every month you can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.).

652 | 746

Kaspersky CRYSTAL 2.0

To protect your computer, it would be optimal to perform full computer scan not less than one time a week. In order to schedule a scan task, perform the following actions: 1. In the right part of the settings window of the selected task in the Run mode and scan scope section click the Run mode button. 2. On the Run mode tab in the Schedule section select the necessary values. 3. Select By schedule and create a task launch schedule with the frequency and a definite time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes possible. For example, the computer was not on at that time when a full scan task was scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the Schedule section check the Run skipped tasks box. Scheduled tasks feature additional functionality, for example, you can pause scheduled scan when screensaver is inactive or computer is unlocked. This functionality postpones the task launch until the user has finished working on the computer. So, the scan task will not take up system resources during the work. 4. Click the OK button. 5. In the Settings window click the Apply button.

653 | 746

Kaspersky CRYSTAL 2.0

Creating list of objects to scan You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For example, if you do not want to scan the whole system and all applications installed on your computer you can create your own list of applications, network and logical drives to scan. In order to add, modify or delete objects from the scan scope, perform the following actions: 1. In the right part of the settings window of the selected task in the Run mode and scan scope section click the Scan scope button.

2. In the Scan scope window you can modify the list of objects to scan. To add a new object, click the Add link, to change or delete an existing object Edit or Delete correspondingly.

654 | 746

Kaspersky CRYSTAL 2.0

Note, that objects which appear in the list by default (System memory, Autostart objects, System backup storage, My mail, All hard drives, All removable drives and All network drives) cannot be edited or deleted. 3. You can also enable scan of subfolders. For this, in the Select object to scan window check the Include subfolders box, when adding or editing an object.

4. In the lower part of the Select object to scan window click the OK button. 5. In the Settings window click the OK button.

655 | 746

Kaspersky CRYSTAL 2.0

Critical Areas Scan


Security levels A security level is a set of predefined scan settings. Kaspersky Lab specialists distinguish three security levels. You can set one of the following security levels: High. Use this level is the probability of computer infection is very high; Recommended. This is the optimal level for most cases and is recommended by Kaspersky Lab; Low. If you are using applications requiring considerable RAM resources, select the Low security level because the list of files under scan is reduced on this level. To select a security level, perform the following actions: 1. In the left part of the Settings window select the Scan section. 2. In the menu select the required task - Critical Areas Scan.

3. For the selected task in the Security level section select the required security level. 4. In the Settings window click the Apply button.

656 | 746

Kaspersky CRYSTAL 2.0

If none of the predefined security levels satisfies your needs, configure scan settings on your own. As a result of your actions the security level changes to Custom. When configuring scan task settings, you can always restore the recommended ones. They are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To restore the default scan settings, perform the following actions: 1. For the selected scan task in the Settings window in the Security level section click the Default level button. 2. In the Settings window click the Apply button.

Modifying type of scanned objects You can define files of what format and size should be scanned by the selected scan task. To change the type of scanned objects, perform the following actions: 1. For the selected task in the Security level section click the Settings button.

657 | 746

Kaspersky CRYSTAL 2.0

2. On the Scope tab in the File types section select the required variant.

658 | 746

Kaspersky CRYSTAL 2.0

All files. Kaspersky PURE 2.0 scans files of all formats and extensions. Files scanned by format. If you select this option, Kaspersky PURE 2.0 only scans potentially infectious files i.e. files into which a virus may penetrate. Before searching for viruses an inner header of an object is analyzed for the file format (txt, doc, exe and etc). the file extension is also considered during scan. Files scanned by extension. In this case, Kaspersky PURE 2.0 only scans potentially infectious files i.e. files into which a virus may penetrate. At this, the file format is defined by its extension.

Files without extensions are always scanned! When selecting file types please remember the following:

Probability of penetration of malicious code into several file formats (such as .txt) and its further activation is quite low. At the same time, there are formats that contain or may contain an executable code (such as .exe, .dll, .doc). The risk of penetrating and activating malicious code in such files is quite high. The intruder can send a virus to your computer in an executable file renamed as txt file. If you have selected the scan of files by extension, such a file is skipped by the scan. If the scan of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the file header, and reveal that the file is an .exe file. Such a file would be thoroughly scanned for viruses.

3. Click the OK button.

659 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. Scan optimization You can shorten the scan time and speed up Kaspersky PURE 2.0. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. This mode applies both to simple and compound files. You can also set a restriction on scan duration for an object. When the specified time interval expires, the object will be excluded from the current scan (except for archives and files comprised of several objects). To optimize scan, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Scope tab in the Scan optimization section set the required settings: To scan only new and changed files, check the Scan only new and changed files box; To set restriction on scan duration for one object, check the Skip objects scanned longer than box and specify scan duration for one object.

3. Click the OK button. 4. In the Settings window click the Apply button.

660 | 746

Kaspersky CRYSTAL 2.0

Scan of compound files A common method of concealing viruses is to embed them into compound files: archives, databases, etc. To detect viruses that are hidden this way a compound file should be unpacked, which can significantly lower the scan speed. To modify the list of scanned compound files, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Scope tab in the Scan of compound files section select types of the scanned compound files.

For each type of compound file, you can select to scan either all files or only new ones. To make your selection, click the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed files only scan mode, you will not be able to select the links allowing you to scan all or new only files.

661 | 746

Kaspersky CRYSTAL 2.0

You can restrict the maximum size of the compound file being scanned. Compound files larger than the specified value will not be scanned. For this in the Scan of compound files section, click the Additional button. In the Compound files window check the Do not unpack large compound files box and specify the maximum size of scanned files.

3. Click the OK button. 4. In the Settings window click the Apply button. When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box is checked.

662 | 746

Kaspersky CRYSTAL 2.0

Selecting scan method Kaspersky PURE 2.0 uses various scan methods: Signature analysis. When performing signature analysis, Kaspersky PURE 2.0 uses databases that contain descriptions of known threats and ways of neutralizing them. Protection using signature analysis provides a minimal level of security. Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose operations allow to draw a conclusion about the nature of a file with a certain probability. The advantage of the method is that new threats are detected even before they are known to virus analysts. Additionally you can set the detail level for scans: light scan, medium scan, or deep scan. Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating system. These tools penetrate the system and mask their presence and the presence of processes, folders, registry keys of other malicious programs, described in the rootkit configuration. If you are scanning for viruses, you can enable the deep scan for rootkits by checking the Detailed scan box, which will scan carefully for these programs by analyzing a large number of various objects. These checkboxes are deselected by default, since this mode requires significant operating system resources. The Signature analysis method is always enabled. To enhance the scan efficiency you can enable other scan methods. For this, perform the following actions:

1. For the selected task in the Security level section click the Settings button. 2. On the Additional tab in the Scan methods select the necessary scan methods. 3. Click the OK button.

663 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. Selecting scan technology In addition to the scan methods you can use special technologies: iChecker is a technology that increases scan speed by excluding certain objects from the scan. An object is excluded from the scan with a special algorithm that uses the release date of Kaspersky PURE 2.0 databases, the date of the object's last scan, and any changes in the scan settings. There are limitations to iChecker: it does not work with large files and applies only to the objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf, .inf, .sys, .com, .chm, .zip, .rar). iSwift is a technology that builds on iChecker technology for computers using NTFS. There are limitations to iSwift: it is bound to a specific file's location in the file system and can apply only to objects in NTFS. The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the files that have not been modified since they were last scanned. By default, both technologies are used. To change the set of scan technologies, perform the following actions:

1. For the selected task in the Security level section click the Settings button. 2. On the Additional tab in the Scan technologies section select the required values.

664 | 746

Kaspersky CRYSTAL 2.0

3. Click the OK button. 4. In the Settings window click the Apply button. Creating scan schedule In Kaspersky PURE 2.0 you can choose whether to start the vulnerability scan task manually or by schedule (automatically). If you select the Manually variant, then you can start the task at any time convenient for you. The scan process takes some time to be completed and you cannot use some applications installed on your computer during the scan process. Selecting the By schedule variant allows to configure the automatic start of the vulnerability scan task. If you select this variant, you can set the vulnerability scan task frequency. In the schedule settings you can select one of the following frequencies: minutes, hours, days, every week, at a specified time, every month, after application startup, after every update. For every frequency you can specify the interval. For example, if you select Every month you can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.). To protect your computer, it would be optimal to perform full computer scan not less than one time a week. In order to schedule a scan task, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Run mode tab in the Schedule section select the necessary values.

665 | 746

Kaspersky CRYSTAL 2.0

3. If you select By schedule, create a task launch schedule with the frequency and a definite time interval to start a scan task

You can configure the program to automatically start a skipped scan task as soon as it becomes possible. For example, the computer was not on at that time when a full scan task was scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the Schedule section check the Run skipped tasks box. Scheduled tasks feature additional functionality, for example, you can pause scheduled scan when screensaver is inactive or computer is unlocked. This functionality postpones the task launch until the user has finished working on the computer. So, the scan task will not take up system resources during the work. 4. Click the OK button. 5. In the Settings window click the Apply button. Starting Critical Areas Scan under a different account By default critical areas scan tasks are started under an account you registered in the system. If your account does not have enough rights, you can specify a different account under whose rights each scan task will be started. To specify an account, perform the following steps: 1. In the top part of the Settings window select the Scan section. 2. In the left menu select Critical Areas Scan. 3. .

666 | 746

Kaspersky CRYSTAL 2.0

4. In the Run mode and scan scope section click the Run mode button.

5. Click the OK button. 6. In the Settings window click the Apply button.

Actions upon threat detection If infected or potentially infectious objects are detected, the application performs the specified action. Depending on your current preferences you can configure virus scan settings or allow the program to select an action. Default actions By default, the application defines an action upon a detected object on its own. If in the result of scan the application failed to define whether the object is infected or not, such object is placed to quarantine. If an object gets an infected status, the application will try to disinfect such object. If disinfection fails, such object will be deleted. Before an object disinfection or deletion Kaspersky PURE 2.0 creates its backup copy in case you want to restore the object or the application can neutralize the threat.

667 | 746

Kaspersky CRYSTAL 2.0

Actions defined by the user You can also define an action to be performed for detected threats: Disinfect objects if possible; Delete if disinfection fails.

668 | 746

Kaspersky CRYSTAL 2.0

If the Disinfect objects if possible variant is selected, the program functions the following way: If the object can be disinfected, it will be disinfected and will return to the user. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. If the status of a virus is assigned to the object and its disinfection is impossible, the object is blocked and is added to the report about detected threats. You can select only the Delete variant, but in this case all objects will be deleted, even if they could be available for the user after disinfection.

669 | 746

Kaspersky CRYSTAL 2.0

Kaspersky Lab specialists recommend to select the following actions for the detected threats: Disinfect objects if possible; Delete if disinfection fails.

670 | 746

Kaspersky CRYSTAL 2.0

In this case the program performs the following actions over an object: Disinfect, if disinfection is possible. After disinfection you can continue your work with the object. Quarantine, if the program failed to define if the object is infected or not. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. Delete, if the virus status is assigned to the object and its disinfection is impossible. Actions specified for every detected object You can also specify actions for every detected object individually. For this enable Kaspersky PURE 2.0 interactive mode: 1. In the top part of the Settings window select the Protection section. 2. In the left menu select General Settings. 3. In the Interactive protection section, uncheck the Select action automatically box. 4. Click the Apply button.

671 | 746

Kaspersky CRYSTAL 2.0

Interactive mode can only be enabled for the whole program. When the mode is enabled you will have to select an action for every object detected by any Kaspersky PURE 2.0 component. To specify an action over detected threats, perform the following actions: 1. In the top part of the Settings window select the Scan section. 2. In the menu select the necessary task. 3. For the selected task in the Action on threat detection section specify the necessary action: Prompt when the scan is complete; Prompt on detection; Select action: Disinfect objects if possible; Delete if disinfection fails.

672 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. If the Select action option is enabled but no action is chosen, the application will block dangerous objects and quarantine them notifying the user about the quarantined objects.

673 | 746

Kaspersky CRYSTAL 2.0

674 | 746

Kaspersky CRYSTAL 2.0

The Delete, if disinfection fails options appears only if the Disinfect objects if possible box is checked. Run mode and scan scope Run mode In Kaspersky PURE 2.0 you can choose whether to start the full scan task manually or by schedule (automatically). If you select the Manually variant, then you can start the task at any time convenient for you. The scan process takes some time to be completed and you cannot use some applications installed on your computer during the scan process. Selecting the By schedule variant allows to configure the automatic start of the full scan task. If you select this variant, you can set the scan task frequency. In the schedule settings you can select one of the following frequencies: minutes, hours, days, every week, at a specified time, every month, after application startup, after every update. For every frequency you can specify the interval. For example, if you select Every month you can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.). To protect your computer, it would be optimal to perform full computer scan not less than one time a week.

675 | 746

Kaspersky CRYSTAL 2.0

In order to schedule a scan task, perform the following actions: 1. In the right part of the settings window of the selected task in the Run mode and scan scope section click the Run mode button. 2. On the Run mode tab in the Schedule section select the required value. 3. If you select By schedule, create a task launch schedule with the frequency and a definite time interval to start a scan task.

You can configure the program to automatically start a skipped scan task as soon as it becomes possible. For example, the computer was not on at that time when a full scan task was scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the Schedule section check the Run skipped tasks box. Scheduled tasks feature additional functionality, for example, you can pause scheduled scan when screensaver is inactive or computer is unlocked. This functionality postpones the task launch until the user has finished working on the computer. So, the scan task will not take up system resources during the work. 4. Click the OK button. 5. In the Settings window click the Apply button. Creating a scan scope You can create your own list of objects for the Full Scan and Critical Areas Scan tasks. For example, if you do not want to scan the whole system and all applications installed on your computer you can create your own list of applications, network and logical drives to scan. 676 | 746

Kaspersky CRYSTAL 2.0

In order to add, modify or delete objects from the scan scope, perform the following actions: 1. In the right part of the Settings window of the selected task in the Run mode and scan scope section click the Scan scope button.

2. In the Scan scope window you can modify the list of objects to scan. To add a new object, click the Add link, to change or delete an existing object Edit or Delete correspondingly.

677 | 746

Kaspersky CRYSTAL 2.0

Note, that objects which appear in the list by default (System memory, Autostart objects, System backup storage, My mail, All hard drives, All removable drives and All network drives) cannot be edited or deleted. 3. You can also enable scan of subfolders. For this, in the Select object to scan window check the Include subfolders box, when adding or editing an object.

4. In the lower part of the Select object to scan window click the OK button. 5. In the Settings window click the OK button.

678 | 746

Kaspersky CRYSTAL 2.0

Custom Scan
Security levels A security level is a set of predefined scan settings. Kaspersky Lab specialists distinguish three security levels. You can set one of the following security levels: High. Use this level is the probability of computer infection is very high; Recommended. This is the optimal level for most cases and is recommended by Kaspersky Lab; Low. If you are using applications requiring considerable RAM resources, select the Low security level because the list of files under scan is reduced on this level. To select a security level, perform the following actions: 1. In the left part of the Settings window select Scan. 2. In the menu select the required task - Custom Scan. 3. For the selected task in the Security level section select the required security level.

4. In the Settings window click the Apply button.

679 | 746

Kaspersky CRYSTAL 2.0

If none of the predefined security levels satisfies your needs, configure scan settings on your own. As a result of your actions the security level changes to Custom. When configuring scan task settings, you can always restore the recommended ones. They are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To restore the default scan settings, perform the following actions: 1. For the selected scan task in the Settings window in the Security level section click the Default level button. 2. In the Settings window click the Apply button.

Modifying type of scanned objects You can define files of what format and size should be scanned by the selected scan task. To change the type of scanned objects, perform the following actions: 1. For the selected task in the Security level section click the Settings button.

680 | 746

Kaspersky CRYSTAL 2.0

2. On the Scope tab in the File types section select the required variant.

681 | 746

Kaspersky CRYSTAL 2.0

All files. Kaspersky PURE 2.0 scans files of all formats and extensions. Files scanned by format. If you select this option, Kaspersky PURE 2.0 only scans potentially infectious files i.e. files into which a virus may penetrate. Before searching for viruses an inner header of an object is analyzed for the file format (txt, doc, exe and etc). the file extension is also considered during scan. Files scanned by extension. In this case, Kaspersky PURE 2.0 only scans potentially infectious files i.e. files into which a virus may penetrate. At this, the file format is defined by its extension.

Files without extensions are always scanned! When selecting file types please remember the following:

Probability of penetration of malicious code into several file formats (such as .txt) and its further activation is quite low. At the same time, there are formats that contain or may contain an executable code (such as .exe, .dll, .doc). The risk of penetrating and activating malicious code in such files is quite high. The intruder can send a virus to your computer in an executable file renamed as txt file. If you have selected the scan of files by extension, such a file is skipped by the scan. If the scan of files by format is selected, then, regardless of the extension, File Anti-Virus will analyze the file header, and reveal that the file is an .exe file. Such a file would be thoroughly scanned for viruses.

3. Click the OK button. 4. In the Settings window click the Apply button.

682 | 746

Kaspersky CRYSTAL 2.0

Scan optimization You can shorten the scan time and speed up Kaspersky PURE 2.0. This can be achieved by scanning only new files and those files that have altered since the last time they were scanned. This mode applies both to simple and compound files. You can also set a restriction on scan duration for an object. When the specified time interval expires, the object will be excluded from the current scan (except for archives and files comprised of several objects). To optimize scan, perform the following actions: 1. For the selected task in the Security level section click the Settings button. 2. On the Scope tab in the Scan optimization section set the required settings: To scan only new and changed files, check the Scan only new and changed files box; To set restriction on scan duration for one object, check the Skip objects scanned longer than box and specify scan duration for one object.

3. Click the OK button. 4. In the Settings window click the Apply button. Scan of compound files A common method of concealing viruses is to embed them into compound files: archives, databases, etc. To detect viruses that are hidden this way a compound file should be unpacked, which can significantly lower the scan speed. To modify the list of scanned compound files, perform the following actions: 1. For the selected task in the Security level section click the Settings button.

683 | 746

Kaspersky CRYSTAL 2.0

2. On the Scope tab in the Scan of compound files section select types of the scanned compound files.

For each type of compound file, you can select to scan either all files or only new ones. To make your selection, click the link next to the name of the object. It changes its value when you left-click it. If you select the scan new and changed files only scan mode, you will not be able to select the links allowing you to scan all or new only files.

684 | 746

Kaspersky CRYSTAL 2.0

You can restrict the maximum size of the compound file being scanned. Compound files larger than the specified value will not be scanned. For this in the Scan of compound files section, click the Additional button. In the Compound files window check the Do not unpack large compound files box and specify the maximum size of scanned files.

3. Click the OK button. 4. In the Settings window click the Apply button. When large files are extracted from archives, they will be scanned even if the Do not unpack large compound files box is checked.

685 | 746

Kaspersky CRYSTAL 2.0

Selecting scan method Kaspersky PURE 2.0 uses various scan methods: Signature analysis. When performing signature analysis, Kaspersky PURE 2.0 uses databases that contain descriptions of known threats and ways of neutralizing them. Protection using signature analysis provides a minimal level of security. Heuristic Analysis. Scan is based on the analysis of the typical behavior of a file whose operations allow to draw a conclusion about the nature of a file with a certain probability. The advantage of the method is that new threats are detected even before they are known to virus analysts. Additionally you can set the detail level for scans: light scan, medium scan, or deep scan. Rootkit Scan. Rootkit is a set of tools which conceal malicious programs in the operating system. These tools penetrate the system and mask their presence and the presence of processes, folders, registry keys of other malicious programs, described in the rootkit configuration. If you are scanning for viruses, you can enable the deep scan for rootkits by checking the Detailed scan box, which will scan carefully for these programs by analyzing a large number of various objects. These checkboxes are deselected by default, since this mode requires significant operating system resources. The Signature analysis method is always enabled. To enhance the scan efficiency you can enable other scan methods. For this, perform the following actions:

1. For the selected task in the Security level section click the Settings button. 2. On the Additional tab in the Scan methods select the necessary scan methods.

3. Click the OK button. 686 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. Selecting scan technology In addition to the scan methods you can use special technologies: iChecker is a technology that increases scan speed by excluding certain objects from the scan. An object is excluded from the scan with a special algorithm that uses the release date of Kaspersky PURE 2.0 databases, the date of the object's last scan, and any changes in the scan settings. There are limitations to iChecker: it does not work with large files and applies only to the objects with a structure that the application recognizes (for example, .exe, .dll, .lnk, .ttf, .inf, .sys, .com, .chm, .zip, .rar). iSwift is a technology that builds on iChecker technology for computers using NTFS. There are limitations to iSwift: it is bound to a specific file's location in the file system and can apply only to objects in NTFS. The technologies iSwift and iChecker allow to increase the virus scan speed by excluding the files that have not been modified since they were last scanned. By default, both technologies are used. To change the set of scan technologies, perform the following actions:

1. For the selected task in the Security level section click the Settings button. 2. On the Additional tab in the Scan technologies section select the required values.

3. Click the OK button. 4. In the Settings window click the Apply button.

687 | 746

Kaspersky CRYSTAL 2.0

Actions over detected threats If infected or potentially infectious objects are detected, the application performs the specified action. Depending on your current preferences you can configure virus scan settings or allow the program to select an action. Default actions By default, the application defines an action upon a detected object on its own. If in the result of scan the application failed to define whether the object is infected or not, such object is placed to quarantine. If an object gets an infected status, the application will try to disinfect such object. If disinfection fails, such object will be deleted. Before an object disinfection or deletion Kaspersky PURE 2.0 creates its backup copy in case you want to restore the object or the application can neutralize the threat.

Actions defined by the user You can also define an action to be performed for detected threats: Disinfect objects if possible; Delete if disinfection fails.

688 | 746

Kaspersky CRYSTAL 2.0

If the Disinfect objects if possible variant is selected, the program functions the following way: If the object can be disinfected, it will be disinfected and will return to the user. If as a result of scan the program failed to define whether the object is infected or not, the object is quarantined. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. If the status of a virus is assigned to the object and its disinfection is impossible, the object is blocked and is added to the report about detected threats. You can select only the Delete variant, but in this case all objects will be deleted, even if they could be available for the user after disinfection.

689 | 746

Kaspersky CRYSTAL 2.0

Kaspersky Lab specialists recommend to select the following actions for the detected threats: Disinfect objects if possible; Delete if disinfection fails.

690 | 746

Kaspersky CRYSTAL 2.0

In this case the program performs the following actions over an object: Disinfect, if disinfection is possible. After disinfection you can continue your work with the object. Quarantine, if the program failed to define if the object is infected or not. If the option to scan quarantined files after each database update is enabled, then when a new disinfection signature is received the quarantined object can be disinfected and returned to the user. Delete, if the virus status is assigned to the object and its disinfection is impossible. Actions specified for every detected object You can also specify actions for every detected object individually. For this enable Kaspersky PURE 2.0 interactive mode: 1. In the top part of the Settings window select the Protection section. 2. In the left menu select General Settings. 3. In the Interactive protection section, uncheck the Select action automatically box. 4. Click the Apply button.

691 | 746

Kaspersky CRYSTAL 2.0

Interactive mode can only be enabled for the whole program. When the mode is enabled you will have to select an action for every object detected by any Kaspersky PURE 2.0 component. To specify an action over detected threats, perform the following actions: 1. In the top part of the Settings window select the Scan section. 2. In the left menu select the required task. 3. For the selected task in the Action on threat detection section specify the necessary action: Prompt when the scan is complete; Prompt on detection; Select action: Disinfect objects if possible; Delete if disinfection fails.

692 | 746

Kaspersky CRYSTAL 2.0

4. In the Settings window click the Apply button. If the Select action option is enabled but no action is chosen, the application will block dangerous objects and quarantine them notifying the user about the quarantined objects.

693 | 746

Kaspersky CRYSTAL 2.0

The Delete, if disinfection fails options appears only if the Disinfect objects if possible box is checked.

694 | 746

Kaspersky CRYSTAL 2.0

Vulnerability scan
Vulnerability scan performs the diagnostics of operating system and detects software features that can be used by intruders to spread malicious objects and obtain access to personal information.

Starting vulnerability scan with an existing shortcut Vulnerability scan can be started: From the main application window (from the Protection section); Using an already existing shortcut. To create a task shortcut, perform the following actions: 1. In the left menu select General Settings. 2. In the right part of the window in the Scan tasks quick run section click the Create shortcut next to the Vulnerability Scan task.

695 | 746

Kaspersky CRYSTAL 2.0

3. In the Save as window browse the path to save the shortcut and its name. By default the shortcut is created with a name of a task on the Desktop of the current computer user.

4. Click the OK button. A shortcut for vulnerability scan will appear in the specified location.

Run mode In Kaspersky PURE 2.0 you can choose whether to start the vulnerability scan task manually or by schedule (automatically). If you select the Manually variant, then you can start the task at any time convenient for you. The scan process takes some time to be completed and you cannot use some applications installed on your computer during the scan process. Selecting the By schedule variant allows to configure the automatic start of the vulnerability scan task. If you select this variant, you can set the vulnerability scan task frequency. In the schedule settings you can select one of the following frequencies: minutes, hours, days, every week, at a specified time, every month, after application startup, after every update. For every frequency you can specify the interval. For example, if you select Every month you can select a particular day to start the scan task (1, 2, 3...) and set particular time (05:00 p.m.). In order to schedule a scan task, perform the following actions: 1. In the top part of the Settings window select the Scan section. 2. In the left menu select Vulnerability Scan. 3. In the right part of the window click the Run mode button.

696 | 746

Kaspersky CRYSTAL 2.0

4. On the Run mode tab in the Schedule section select By schedule and create a task launch schedule with the frequency and a definite time interval to start a scan task.

697 | 746

Kaspersky CRYSTAL 2.0

You can configure the program to automatically start a skipped scan task as soon as it becomes possible. For example, the computer was not on at that time when a full scan task was scheduled. In this case the scan will start as soon as computer is enabled. To do so, in the Schedule section check the Run skipped tasks box. Scheduled tasks feature additional functionality, for example, you can Pause scheduled scan when screensaver is inactive or computer is unlocked. This functionality postpones the task launch until the user has finished working on the computer. So, the scan task will not take up system resources during the work. 5. Click the OK button. 6. In the Settings window click the Apply button. 7. Starting vulnerability scan task under different account By default scant tasks are started under an account you registered in the system. If your account does not have enough rights, you can specify a different account under whose rights each scan task will be started. To specify an account, perform the following steps: 1. In the top part of the Settings window select the Scan section. 2. In the left menu select Vulnerability Scan.

698 | 746

Kaspersky CRYSTAL 2.0

3. In the right part of the window click the Run mode button. 4. On the Run mode tab in the User account section check the Run task as box. In the fields below specify the user name and password.

5. Click the OK button. 6. In the Settings window click the Apply button.

Creating a scan scope for vulnerability scan You can create your own list of objects for the Vulnerabilities Scan task. By default, the applications already installed on the computer are selected as scan objects. You cannot modify or delete an object from this list. In order to add, modify or delete objects from the scan scope, perform the following actions: 1. In the top part of the Settings window select the Scan section. 2. In the left menu select Vulnerability Scan. 3. In the right part of the window click the Scan scope button.

699 | 746

Kaspersky CRYSTAL 2.0

4. In the Scan scope window you can change the list of scanned objects. To add a new object, click the Add link, to change or delete an existing object Edit or Delete correspondingly.

5. You can also enable scan of subfolders. For this, in the Select object to scan window check the Include subfolders box, when adding or editing an object. 700 | 746

Kaspersky CRYSTAL 2.0

6. In the lower part of the Select object to scan window click the OK button. 7. In the Settings window click the Apply button.

701 | 746

Kaspersky CRYSTAL 2.0

Settings. Update
Update tasks run modes
In Kaspersky PURE 2.0 the update task can be launched using one of the following modes: Automatically. Kaspersky PURE 2.0 checks the update source for updates at specified intervals. Scanning frequency can be increased during anti-virus outbreaks and decreased when there are none. Having discovered new updates, the program downloads and installs them on the computer. Manually. If you select this option, you will run Kaspersky PURE 2.0 updates on your own. By schedule (time interval changes depending on settings). Updates will run automatically according to the schedule created. In order to configure the update run mode, perform the following actions: 1. Open the program settings window. 2. In the top part of the window select Update and then select Update Settings. 3. In the right part of the window click the Run mode button.

702 | 746

Kaspersky CRYSTAL 2.0

4. In the Update window on the Run mode tab in the Schedule section select the required update run mode. If you have selected the By schedule variant and an update was skipped for any reason (for example, the computer was not on at that time), you can configure the task to start automatically as soon as it becomes possible. To do so, check the Run skipped tasks box. You can also postpone automatic start of the task after the application startup. For this, in the Postpone running after application startup for field specify the time. A scheduled task will be run only when the specified time has expired after Kaspersky PURE 2.0 startup.

5. Click the OK button, to save the made changes.

Running update under a different user account


By default, the update procedure is run under your system account. However, Kaspersky PURE 2.0 can update from a source for which you have no access rights (for example, from a network folder containing updates) or authorized proxy user credentials. You can run Kaspersky PURE 2.0 updates on behalf of the user account that has such rights. To start the update under a different user's account, perform the following actions: 1. Open the application settings window. 2. In the top part of the window select Update, and then select Update Settings.

703 | 746

Kaspersky CRYSTAL 2.0

3. In the right part of the window click the Run mode button. 4. In the Update window on the Run mode tab in the User account section check the Run task as box. In the fields below specify the user name and password.

5. Click the OK button, to save the made changes.

Selecting an update source


Update source is a resource containing updates for databases and application modules of Kaspersky PURE 2.0. Update sources can be HTTP or FTP servers, or local or network folders. The main update sources are Kaspersky Lab update servers where database updates and application module updates for all Kaspersky Lab products are stored. If you do not have access to Kaspersky Lab's update servers (for example, the access to the Internet is restricted), you can call the Kaspersky Lab headquarters (http://www.kaspersky.com/contacts) to request contact information of Kaspersky Lab partners who can provide you with updates on removable media. When ordering updates on removable drives, specify if you need updates for application modules.

704 | 746

Kaspersky CRYSTAL 2.0

By default, the list of update sources contains only Kaspersky Lab's update servers. If several resources are selected as update sources, Kaspersky PURE 2.0 tries to connect to them one after another, starting from the top of the list, and retrieves the updates from the first available source. If you select a resource outside the LAN as an update source, you must have an Internet connection to update. Both Kaspersky Labs update servers and a local folder can be an update source. I.e. the update process is the following: all updates from the Kaspersky Labs servers are downloaded onto one computer in the network; next other computers download updates in the LAN. In order to select an update source, perform the following actions: 1. Open the application settings window. 2. In the top part of the window select Update and then select Update Settings. 3. In the right part of the window click the Update source button.

4. In the Update window on the Source tab open the selection window by clicking the Add button.

705 | 746

Kaspersky CRYSTAL 2.0

5. In the Select update source window that opens, select the folder that contains the updates, or enter an address in the Source field to specify the server from which the updates should be downloaded.

Selecting the update server region If you use Kaspersky Lab servers as the update source, you can select the optimal server location when downloading updates. Kaspersky Lab servers are located in several countries. Using the closest Kaspersky Lab update server allows you to reduce the time period required for receiving updates and increase the operation performance speed. By default, the application uses information about the current region from the operating system's registry. You can select the region manually. To select the server region, perform the following actions: 1. In the Update settings window click the Update source button. 2. In the Update window on the Source tab in the Regional settings section, select the Select from the list option, and then select the country nearest to your current location from the dropdown list.

706 | 746

Kaspersky CRYSTAL 2.0

Using proxy server Your computer should be connected to the Internet for successful downloading of updates from our servers. By default, Kaspersky PURE 2.0 automatically determines, if you use a proxy server, to connect to the Internet. If you use a proxy-server to connect to the Internet, then after the application installation, then in Kaspersky PURE 2.0 settings the Use proxy server, Automatically detect the proxy server settings mode is set automatically, and if authentication is used on the proxy-server, then the fields User name and Password are filled out too. As a result you will only have to check the settings and if they are not correct, enter the right settings. If you do not know proxy-server settings, contact your Internet provider. To make the changes in the proxy-server settings, perform the following actions: 1. In the Update settings window click the Update source button. 2. In the Update window on the Source tab click the Proxy-server button.

707 | 746

Kaspersky CRYSTAL 2.0

3. In the Proxy server settings window check the Use proxy server box and specify its settings.

For the program to automatically detect settings of the proxy-server, check the Automatically detect the proxy server settings box. If a connection attempt fails, specify the correct proxy server settings. If you work in the LAN, and need to authorize on a proxy server every time you try to connect, then check the Use proxy server authentication box and fill out the User name and Password fields.

708 | 746

Kaspersky CRYSTAL 2.0

To bypass proxy server when connecting to local addresses, check the Bypass proxy-server for local addresses box. If the box is unchecked, work with the local addresses is performed through a proxy server, thus increasing your internet traffic.

Scanning quarantine after update


If the application has scanned an object and has not found out what malicious programs have infected it (because the anti-virus databases have no records about this malicious code), the object is quarantined. After the next database update, the product may be able to recognize the threat unambiguously and neutralize it. You can enable the auto scan for quarantined objects after each update. Kaspersky Lab experts recommend that you periodically view quarantined files. Update may change their status. Some files can then be restored to their previous locations, and you will be able to continue working with them. If after download of new anti-virus databases the object is found uninfected, a message appears offering to restore an object from the quarantine. If the object is found infected, it remains quarantined and the corresponding information is added to the application report. You can delete a malicious object from the Quarantine on your own or restore it; as a result the object may either be disinfected or deleted by the application itself. To enable scanning quarantined files after update, perform the following actions: 1. Open the program settings window. 2. In the top part of the window select Update and then select Update Settings. 3. In the right part of the window, in the Additional section, check the Rescan Quarantine after update box.

709 | 746

Kaspersky CRYSTAL 2.0

4. Click the OK button, to save the made changes.

Notifications on updates or new versions releases


The program can notify you when updates and new program versions are released. If you want to see such notifications, perform the following actions: 1. Open the program settings window. 2. In the top part of the window select Update and then select Update Settings. 3. In the right part of the window in the Additional section check the Notify when updates and new versions are available box. Clear the box, if you do not want to receive notifications. The box is checked by default.

Updating from a shared (local) folder

710 | 746

Kaspersky CRYSTAL 2.0

If two or more computers with Kaspersky PURE 2.0 are installed in the LAN, then you can configure retrieval of anti-virus databases and application modules to a local source (folder on a disk, shared source). I.e. one computer will download anti-virus databases from the Kaspersky Labs update servers, and the second computer (or all other computers) will update from the local folder of the first computer. Thus, to organize update of anti-virus databases from a local folder you need at least one computer with the Internet connection. Such update method can considerably decrease the Internet traffic, especially if your LAN includes a lot of computers.

Configuring one computer to retrieve updates from Kaspersky Labs update servers To enable the mode of update copying, perform the following actions: 1. Open the application settings window. 2. In the top part of the window select Update and in the left part select Update settings. 3. In the Additional section, check the Copy updates to folder box and in the field below specify the path to a shared folder where the downloaded updates are saved. You can also select a folder by clicking the Browse button.

711 | 746

Kaspersky CRYSTAL 2.0

Configuring shared access to local folder with update files To make the updates, downloaded by the first computer from the Kaspersky Labs servers, available for other computers in the LAN, share a local source with the updates. By default, Kaspersky PURE 2.0 uses the following folder to save updates: For Windows XP: \Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Update distribution. For Windows Vista/7: \ProgramData\Kaspersky Lab\AVP12\Update distribution.

By default the folder is hidden. If you want to copy updates into this folder, then you should enable the option Show hidden files and folders. To know how to enable display of hidden files and folders, read KB3580 (http://support.kaspersky.com/faq/?qid=208281592). You can also create a new or specify a different folder to save updates. Irrespective of the selected folder, access to a folder should be shared. Configuring update of network computers from a local folder To update a computer from a specified shared folder, perform the following actions: 1. Open the application settings window. 712 | 746

Kaspersky CRYSTAL 2.0

2. In the top part of the window select Update and in the left part select Update settings. 3. In the right part of the window click the Update source button.

4. In the Update window on the Source tab open a selection window by clicking the Add button. 5. In the Select update source window select a folder or enter the full path to the folder in the Source field.

713 | 746

Kaspersky CRYSTAL 2.0

6. On the Source tab clear the Kaspersky Lab update servers box.

714 | 746

Kaspersky CRYSTAL 2.0

Now when update of anti-virus databases is started on the LAN computers, updates are copied from a local folder.

715 | 746

Kaspersky CRYSTAL 2.0

Settings. Password
Restricting access to PURE A computer may be used by several users with various levels of computer literacy. Unrestricted access to Kaspersky PURE 2.0 and its settings granted to users may lead to reduced level of computer protection. To restrict access to the application, you can set a password and specify which actions should require entering the password: Configuring the application settings; Managing Backup; Using Home Network Control; Managing Parental Control; Exiting the application; Removing the application. Be aware of using a password to restrict access to the application removal. If you lose the password, it will be complicated to remove the application from the computer. To password-protect Kaspersky PURE 2.0, perform the following actions: 1. Open the program settings window. 2. In the top part of the window select Password and then select General Settings. 3. In the right part of the window check the Enable password protection box and specify the password. If you have already a password, first, enter your old password and then enter a new password twice. 4. In the Apply password to section define a password scope.

716 | 746

Kaspersky CRYSTAL 2.0

717 | 746

Kaspersky CRYSTAL 2.0

Settings. Additional
Battery Saving
Virus scan and update may sometimes take a significant amount of resources and time. You can enable battery saving mode on a portable computer. In this mode, virus scan tasks are postponed. For this, perform the following actions: 1. In the Additional section select Battery Saving. 2. In the right part of the window check the Disable scheduled scan tasks while running on battery power box. 3. In the bottom right corner of the window click Apply. If necessary, you can update Kaspersky PURE 2.0 or run a virus scan at will. This box is checked by default.

Compatability
You can configure Kaspersky PURE 2.0 compatibility with other applications to avoid conflicts and performance slowdown. 718 | 746

Kaspersky CRYSTAL 2.0

Today's malicious programs can invade the lowest levels of an operating system which makes them practically impossible to delete. Advanced disinfection procedure in Kaspersky PURE 2.0 disinfects the system of malicious programs which already started their processes in the RAM and would not let the anti-virus delete them. If a malicious activity is detected within the system, Kaspersky PURE 2.0 will offer you to perform a special advanced disinfection procedure which will allow to eliminate the threat and delete it from the computer. It is not recommended to launch new processes or to edit Windows registry during the advanced disinfection procedure. Once the advanced disinfection procedure is over the computer is mandatory rebooted and the user is recommended to save results of his/her work and to close all programs as soon as active infection is detected. Kaspersky PURE 2.0 deletes malicious software immediately after the computer restart. After restarting your computer, you are advised to run the full virus scan. The technology uses considerable computer resources and may slow down your system. To enable the advanced disinfection procedure, perform the following actions: 1. In the Additional section select Compatibility. 2. In the right part of the window check the Enable Advanced Disinfection technology box. 719 | 746

Kaspersky CRYSTAL 2.0

3. In the bottom right corner of the window click Apply. Executing scan tasks increases the load on the CPU and disk subsystems, thus slowing down other applications. By default, if such a situation arises, Kaspersky PURE 2.0 will pause virus scan tasks and release system resources for the user's applications. However, there is a number of applications which will start immediately when CPU resources become available, and will run in the background. For the scan not to depend on the performance of those applications, system resources should not be conceded to them. For this: 1. In the Additional section select Compatibility. 2. In the right part of the window check the Concede resources to other applications box.

3. In the bottom right corner of the window click Apply. The checkbox enables / disables the option that pauses virus scan tasks. It can be used to limit the load on the CPU and disk subsystems. This check box is cleared by default.

Network
Monitored ports

720 | 746

Kaspersky CRYSTAL 2.0

In the Monitored ports section you can choose the port monitoring mode which Mail AntiVirus, Anti-Spam and Web Anti-Virus use to scan data streams. If you select Monitor all network ports, then in this port monitoring mode, such protection components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus monitor all open ports of the computer. If you select Monitor selected ports only, then in this port monitoring mode, such protection components as Mail Anti-Virus, Anti-Spam and Web Anti-Virus the selected ports of the computer. A list of ports that are normally used for transmitting email and web traffic is included in the application distribution kit. To create your own list of monitored ports, perform the following actions: 1. In the Monitored ports section select Monitor selected ports only and click Select. 2. In the Network ports window you can create the list of monitored ports as well as applications for which Kaspersky PURE 2.0 would monitor all ports.

721 | 746

Kaspersky CRYSTAL 2.0

This mode is selected by default.

Encrypted connections scan

722 | 746

Kaspersky CRYSTAL 2.0

In the Encrypted connections scan section you can enable / disable scanning for encrypted connections by using the SSL protocol. Connecting using the SSL/TLS protocols protects data exchange channel on the Internet. The SSL protocols allow identifying the parties exchanging data using electronic certificates, encoding the data being transferred, and ensuring their integrity during the transfer. The Scan encrypted connections checkbox enables / disables scanning of secure connections through installation of a Kaspersky Lab certificate. If the checkbox is selected, Kaspersky PURE 2.0 always uses the installed certificate of Kaspersky Lab to verify connection security. If Kaspersky PURE 2.0 detects an invalid certificate (for example, when it has been spoofed by an intruder) during a connection to server, Kaspersky PURE 2.0 shows a notification prompting you to accept or reject the certificate or just view the certificate details. If Kaspersky PURE 2.0 is operating in automatic protection mode, it terminates the connection that uses an invalid certificate automatically without notification. When you select the checkbox for the first time, the Certificate Installation Wizard launches automatically.

723 | 746

Kaspersky CRYSTAL 2.0

The certificate is installed automatically only for Internet Explorer, Mozilla Firefox and Google Chrome. To scan encrypted connections in Opera, you should install the Kaspersky Lab's certificate manually. If the checkbox is cleared, Kaspersky PURE 2.0 does not scan SSL traffic and the Install button is unavailable. This check box is cleared by default.

Proxy server In the Proxy server section you can configure connection to a proxy server used to access the Internet.

724 | 746

Kaspersky CRYSTAL 2.0

In order to specify proxy server connection settings, click the Proxy server settings button and specify the required settings.

725 | 746

Kaspersky CRYSTAL 2.0

Notifications
Notifications allow you to receive timely information about computer security an react quickly to important events.

The Enable events notifications checkbox enables/disables notification of events. If the checkbox is cleared, Kaspersky PURE 2.0 does not notify you of events that occur during its operation but logs information about them in a report. Notifications can be implemented using the following methods: pop-up messages over the Kaspersky PURE 2.0 icon in the taskbar notification area; audio notifications; email messages. This box is checked by default. You can select types of events you wish to be notified about, and the notification method. For this, perform the following actions: 1. Click the Settings button under Enable event notifications. 2. In the Notifications window select events type and notification method. 726 | 746

Kaspersky CRYSTAL 2.0

To make the Email column active, in the Email notifications section configure email notification settings. For this: 1. Check the Enable email notifications checkbox in the Email notifications section.

727 | 746

Kaspersky CRYSTAL 2.0

2. Click the Settings button under the checkbox. 3. In the Email notification settings window enter the email notification settings.

728 | 746

Kaspersky CRYSTAL 2.0

In the Sound notifications section you can edit the sound settings of notifications. The Enable audio notifications checkbox enables/disables sound notifications. By default, all notifications are accompanied by a sound signal. If the Use Windows Default sound scheme checkbox is selected, sounds from the standard sound scheme of Microsoft Windows are used for audio notifications. If the checkbox is cleared, the sound scheme from the earlier versions of Kaspersky PURE 2.0 is used for audio notifications.

Reports and Storages


You can enable logging of non-critical events, delete information from selected reports, and also specify settings for storage of reports and of items in Quarantine and Backup.

729 | 746

Kaspersky CRYSTAL 2.0

The Log non-critical events checkbox enables / disables the logging of information about all Kaspersky PURE 2.0 events. This checkbox is cleared by default. In the Storing reports section you can configure the settings for report creation and storage.

730 | 746

Kaspersky CRYSTAL 2.0

Store reports no longer than This checkbox enables / disables the option that defines the maximum storage term for event reports. Storage duration is defined in days.

If the checkbox is selected, reports are stored no longer than 30 days, by default. When this time interval expires, Kaspersky PURE 2.0 remove entries from reports. If the checkbox is cleared, storage duration for reports is unlimited. This box is checked by default. Maximum file size This checkbox enables / disables the option that defines the maximum size for report files. Maximum file size is specified in megabytes.

If the checkbox is selected, the maximum report size is 1024 MB by default. When the maximum size is exceeded, the oldest records are removed from the file, while new ones are added. If the checkbox is cleared, the report file size is not limited. This box is checked by default. In the Clear reports section you can configure data deletion from the selected reports. For this:

731 | 746

Kaspersky CRYSTAL 2.0

1. Click the Clear button.

2. In the Clearing reports window select reports to delete.

By default, Kaspersky PURE 2.0 deletes the reports of scan tasks, update task, reports on application of Firewall rules, and reports of Parental Control, Backup and System Watcher. You can change the list of reports to be deleted by checking the corresponding boxes.

732 | 746

Kaspersky CRYSTAL 2.0

In the Storing Quarantine and Backup objects section you can configure the settings for Quarantine and Backup storage.

Store objects no longer than The checkbox enables / disables the option that defines the maximum storage duration for quarantined objects and object copies in Backup. Storage duration is defined in days.

If the checkbox is selected, the default storage duration is 30 days. When this period elapses, Kaspersky PURE 2.0 deletes the stored objects. If the checkbox is cleared, the storage term for objects is unlimited. This box is checked by default. Maximum size This checkbox enables / disables the option that defines the maximum data storage size. Storage size is specified in megabytes.

If the checkbox is selected, the default maximum storage size is 100 MB. When the maximum size is exceeded, the oldest objects are removed from the storage, while new ones are added. If the checkbox is cleared, storage size is unlimited. This checkbox is cleared by default. 733 | 746

Kaspersky CRYSTAL 2.0

Feedback
With rapid development of information technologies and further spread of the Internet into masses number of threats, to which computer users are subjected to, grows proportionally. The former mechanisms of replenishing databases of malicious objects do not allow to timely prevent such threats, that is why new methods to provide security are needed. One of such methods is Kaspersky Security Network (KSN), whose aim is to decrease the time necessary to detect and block new types of threats. This system collects the information about files run on the users computer and thus traces presence of malicious objects and their distribution channels. The use of the Kaspersky Security Network involves sending the following information to Kaspersky Lab: A unique identifier assigned to your computer by Kaspersky PURE 2.0 which characterizes the hardware settings of your computer and does not contain any personal user information. Information about threats detected by application's components. The information's structure and contents depend on the type of the threat detected. Information about the system: operating system's version, installed service packs, services and drivers being started, versions of browsers and mail clients, browser extensions, version number of the Kaspersky Lab's application installed. Kaspersky Security Network also gathers extended statistics, including information about: executable files and signed applications downloaded on your computer; applications run on your computer. Kaspersky Lab guarantees that no gathering and distribution of users' personal data is performed within Kaspersky Security Network. To confirm/refuse your participation in Kaspersky Security Network after Kaspersky PURE 2.0 has been installed on your computer, do the following: 1. In the Additional section select Feedback. 2. In the right part of the window check/clear the I agree to participate in Kaspersky Security Network box, to confirm/refuse participation in Kaspersky Security Network. 3. In the bottom right corner of the window click Apply.

734 | 746

Kaspersky CRYSTAL 2.0

Gaming Profile
Gaming Profile is designed for gaming applications running in full-screen mode. It allows you to simultaneously modify the settings of all components of Kaspersky PURE 2.0 when switching your gaming applications to full-screen mode, and roll back the changes made when exiting the mode. The Use Gaming Profile checkbox enables / disables the use of Gaming Profile. This checkbox is cleared by default. In the Profile options section you can edit the Kaspersky PURE 2.0 settings when the Gaming Profile is enabled. This section is available if the Use Gaming Profile checkbox is selected.

735 | 746

Kaspersky CRYSTAL 2.0

Each option below prevents gaming applications from slowing down in full-screen mode. Select action on threat detect automatically If the checkbox is selected, Kaspersky PURE 2.0 switches to automatic protection mode and does not display any notifications on the screen while gaming applications run in full-screen mode. Do not run updates This checkbox enables / disables the option, which pauses scheduled updating of Kaspersky PURE 2.0.

Do not run scheduled scan tasks This checkbox enables / disables the option, which pauses the launch of scheduled scans.

Pause manually run scan tasks This checkbox enables / disables the option, which pauses scans started manually.

Do not run scheduled backup tasks This check box enables / disables the option which pauses the startup of scheduled backup tasks.

736 | 746

Kaspersky CRYSTAL 2.0

Appearance
Kaspersky PURE 2.0 allows to configure display settings for active elements of the interface (application icon on the Microsoft Windows taskbar and pop-up notifications).

The Animate taskbar icon when executing tasks checkbox in the Icon in the taskbar notification area section enables / disables Kaspersky PURE 2.0 icon animation. If the checkbox is selected, the icon in the Windows taskbar notification area changes depending on the operation that Kaspersky PURE 2.0 is currently performing. For example, if Kaspersky PURE 2.0 is downloading updates, the icon displays a revolving miniature globe or:

a mail message is being scanned; web-traffic is being scanned;

737 | 746

Kaspersky CRYSTAL 2.0

computer need be restarted to apply updates;

a failure occurred in the work of a program component. If the checkbox is cleared, the animation is disabled. In this case, the Kaspersky PURE 2.0 icon shows only the protection status of the computer:

(colored icon) all or some protection components are enabled; (grey icon) all protection components are disabled. This box is checked by default. Notification windows of the application may appear over the Kaspersky PURE 2.0 icon in the Windows taskbar notification area.

If the Enable semi-transparent windows checkbox is selected, the notification windows are semi-transparent; hence the area of the screen under them is still visible. The notification window becomes solid when the cursor is over it. If the checkbox is cleared, the notification windows are solid. This check box is cleared by default. The Show Protected by Kaspersky Lab on Microsoft Windows logon screen checkbox enables / disables the showing of the product logo in the upper right corner of the screen when Kaspersky PURE 2.0 starts. This indicator informs you that protection of your computer is enabled. If the application is installed on a computer running under Microsoft Windows Vista or Microsoft Windows 7, this option is unavailable. This box is checked by default. The Enable news notifications checkbox enables/disables display of news from Kaspersky Lab and notifications of them. This box is checked by default.

Manage Settings

738 | 746

Kaspersky CRYSTAL 2.0

You can save your Kaspersky PURE 2.0 settings to a file and use them in future for express product configuration on another computer or after undesirable settings modification. You can also return settings to the default at any time.

In order to save Kaspersky PURE 2.0 settings to a configuration file, perform the following actions: 1. Click the Save button. 2. In the opened window Please specify a configuration file enter a file name where Kaspersky PURE 2.0 settings will be saved and select a folder for the file.

739 | 746

Kaspersky CRYSTAL 2.0

3. Click the Save button. If you already have a configuration file and want to import Kaspersky PURE 2.0 settings, perform the following actions: 1. In the Load settings section, click the Load button. 2. In the Please specify a configuration file window, select a configuration file which should be applied to Kaspersky PURE 2.0.

3. Click the Open button.

740 | 746

Kaspersky CRYSTAL 2.0

In the Restore default settings section, you can restore the default settings of Kaspersky PURE 2.0. Clicking the Restore button opens the Kaspersky PURE 2.0 Configuration Wizard window. In the Restore settings window of the Configuration Wizard, you can restore the recommended settings of Kaspersky PURE 2.0. See Restoring default Kaspersky PURE 2.0 settings, to know more about the Wizards steps.

741 | 746

Kaspersky CRYSTAL 2.0

Restoring default Kaspersky PURE 2.0 settings


You can always return to the default or recommended Kaspersky PURE 2.0 settings. They are considered optimal, and are recommended by Kaspersky Lab. Application Configuration Wizard restores default settings. The Wizard will help you to restore settings that differ from the default values, either because they have been modified by the user, or through accumulated training by Kaspersky PURE 2.0 (Firewall or Anti-Spam). If special settings have been created for any of the components, they will also be shown on the list. Examples of special settings would be: white and black lists of phrases and addresses used by Anti-Spam, lists of trusted addresses and trusted ISP telephone numbers, exclusion rules created for application components, Firewall's packet and application filtering rules. Creating lists with individual tasks and security requirements may take a long time, so you are advised to save them before restoring the application's default settings. After you are finished with the Configuration Wizard, the Recommended security level will be set for all components, except for the settings that you have decided to keep customized when restoring. In addition, the settings that you have specified when working with the Wizard will also be applied. In order to restore the default (recommended) Kaspersky PURE 2.0 settings, perform the following actions: 1. Open the Kaspersky PURE 2.0 main window. 2. In the top right corner of the window click the Settings link. 3. Next, the restore process can be started the following ways: In the bottom left corner click the Restore link.

742 | 746

Kaspersky CRYSTAL 2.0

Select the Additional section. In the left menu select Manage Settings and click the Restore button.

743 | 746

Kaspersky CRYSTAL 2.0

4. In the Kaspersky PURE 2.0 Configuration Wizard window click the Next button.

744 | 746

Kaspersky CRYSTAL 2.0

5. Check the settings to restore and click the Next button.

6. Wait till the work of the Configuration Wizard is over and click Finish.

745 | 746

Kaspersky CRYSTAL 2.0

7. In the Settings window click OK. 8. Close the main program window.

746 | 746