Using patterns of dangerous activity (BSS)
Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of actions typical of applications classified as dangerous. If an application’s activity matches a pattern of dangerous activity, Kaspersky Anti-Virus performs the specified action.
When Kaspersky Anti-Virus is updated, patterns of activity used by System Watcher are supplied with new ones on-the-fly for up-to-date and reliable protection.
By default, when Kaspersky Anti-Virus runs in automatic mode, if an application’s activity matches a pattern of dangerous activity, System Watcher moves this application to Quarantine. When running in interactive mode, System Watcher prompts the user for action. You can specify the action that the component should perform when an application’s activity matches a pattern of dangerous activity.
In addition to exact matching between applications’ activities and patterns of dangerous activity, System Watcher also detects actions that partly match patterns of dangerous activity, being considered suspicious based on the heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for action regardless of the operation mode.
To select the action that the component should perform if an application’s activity matches a pattern of dangerous activity:
- Open the application settings window.
- In the left part of the window, in the Protection Center section, select the System Watcher component.
- In the right part of the window, in the Heuristic analysis section, check the Use updatable patterns of dangerous activity (BSS) box.
- Click Select action and then specify the required action on the dropdown list.