Using patterns of dangerous activity (BSS)

Patterns of dangerous activity (BSS – Behavior Stream Signatures) contain sequences of actions typical of applications classified as dangerous. If an application’s activity match a pattern of dangerous activity, Kaspersky Internet Security performs the specified action.

When Kaspersky Internet Security is updated, patterns of activity used by Activity monitor are supplied with new ones on-the-fly for up-to-date and reliable protection.

By default, when Kaspersky Internet Security runs in automatic mode, if an application’s activity matches a pattern of dangerous activity, System Watcher moves this application to Quarantine. When running in interactive mode, System Watcher prompts the user for action. You can specify the action that the component should perform when an application’s activity matches a pattern of dangerous activity.

In addition to exact matching between applications’ activities and patterns of dangerous activity, System Watcher also detects actions that partly match patterns of dangerous activity, being considered suspicious based on the heuristic analysis. If suspicious activity is detected, System Watcher prompts the user for action regardless of the operation mode.

To select the action that the component should perform if an application’s activity matches a pattern of dangerous activity:

  1. Open the application settings window.
  2. In the left part of the window, in the Protection Center section, select the System Watcher component.
  3. In the right part of the window, in the Heuristic analysis section, check the Internet Security mark fs Using patterns of dangerous activity (BSS) Use updatable patterns of dangerous activity (BSS) box.
  4. Click Select action and then specify the required action on the dropdown list.

Internet Security arr Using patterns of dangerous activity (BSS)Page top

Using patterns of dangerous activity (BSS)