Rolling back a malicious program’s actions
You can use the product feature for rolling back the actions performed by malware in the system. To enable a roll-back, System Watcher the history of program activity.
When rolling back activity, Proactive Defense performs actions on the following types of applications’ activity:
- File activity.
Proactive Defense deletes files and folders created by a malicious program and stored on any media, except for network ones.
Proactive Defense deletes files created by an application into which a malicious program had penetrated.
Proactive Defense does not restore changed and / or deleted files.
- Registry activity.
Proactive Defense deletes the registry key and value created by a malicious program.
Proactive Defense does not restore the registry key and value if they have been changed and / or deleted.
- System activity.
Proactive Defense closes processes initiated by a malicious program;
Proactive Defense closes processes into which a malicious program has penetrated.
Proactive Defense does not resume processes halted by a malicious program.
- Network activity.
Proactive Defense blocks network activity of a malicious program.
Proactive Defense blocks network activity of processes into which a malicious program has penetrated.
By default, Kaspersky Anti-Virus automatically rolls back actions when protection components detect malicious activity. When running in interactive mode, System Watcher prompts the user for action. You can specify the operation which should be performed whenever malicious activity is detected.
The procedure of rolling back malware operations affects a strictly defined set of data. It causes no negative consequences for the operating system or data integrity on your computer.
When rolling back activity, Proactive Defense performs actions on the following types of applications’ activity:
- File activity.
Proactive Defense deletes files and folders created by a malicious program and stored on any media, except for network ones.
Proactive Defense deletes files created by an application into which a malicious program had penetrated.
Proactive Defense does not restore changed and / or deleted files.
- Registry activity.
Proactive Defense deletes the registry key and value created by a malicious program.
Proactive Defense does not restore the registry key and value if they have been changed and / or deleted.
- System activity.
Proactive Defense closes processes initiated by a malicious program;
Proactive Defense closes processes into which a malicious program has penetrated.
Proactive Defense does not resume processes halted by a malicious program.
- Network activity.
Proactive Defense blocks network activity of a malicious program.
Proactive Defense blocks network activity of processes into which a malicious program has penetrated.
To configure rollback of malware operations, perform the following steps:
- Open the application settings window.
- In the left part of the window, in the Protection Center section, select the System Watcher component.
- In the right part of the window, in the Applications activity log section check the box.
- Click Select action and then specify the required action on the dropdown list.