System Watcher collects data about applications actions on your computer and provides information to other components for improved protection.
If saving applications’ activity logs is enabled, System Watcher allows you to roll back actions performed by malicious programs. Rolling back actions after malicious activity is detected in the system can be initiated either by the System Watcher component based on patterns of dangerous activity, or by Proactive Defense, and during the virus scan task run or File Anti-Virus operation.
The component’s response to matching between applications’ actions and patterns of dangerous activity and rollback of malicious programs’ actions depend on Kaspersky Internet Security’s mode of operation.
If suspicious actions are detected in the system, Kaspersky Internet Security protection components can request Activity monitor for additional information. When Kaspersky Internet Security runs in interactive mode, you can view the event data collected by the System Watcher component in a dangerous activity report, which helps you make a decision when selecting actions in the notification window. When the component detects a potentially dangerous program, the link to the Activity monitor’s report is displayed in the top part of the notification window, prompting for action.