Activating the application

The application activation procedure consists of entering an activation code and obtaining a key which allows the application to determine if the user has sufficient rights to use it, and to find out the license expiration date.

Active license

The license currently used for the operation of a Kaspersky Lab application. The license defines the expiration date for full functionality and the license policy for the application. The application cannot have more than one license with the active status.

Additional license

A license that has been added for the operation of Kaspersky Lab application but has not been activated. The additional license enters into effect when the active license expires.

Administration server certificate

Certificate which allows Administration server authentication when connecting the Administration console to it and when exchanging data with users’ computers. Administration server certificate is created at the installation of the Administration server, and is stored in the Cert subfolder of the application installation folder.

Alternate NTFS streams

NTFS data streams (alternate data streams) designed to contain additional attributes or file information.

Each file in an NTFS file system is a set of streams. One of them contains the file content that one is be able to view after opening the file, other streams (called alternate) are designed to contain meta information and ensure, for example, NTFS compatibility with other systems, such as an older file system by Macintosh called Hierarchical File System (HFS). Streams can be created, deleted, stored apart, renamed, and even run as a process.

Alternate streams can be used by intruders to transfer data secretly, or to steal them from a computer.

Application modules

Files included in the Kaspersky Lab installation package responsible for performing its main tasks. A particular executable module corresponds to each type of the task performed by the application (real-time protection, on-demand scan, updates). By running a full scan of your computer from the main window, you initiate the execution of this task’s module.

Application settings

Application settings which are common for all task types, regulating the application’s operation as a whole, such as application performance settings, report settings, backup storage settings.


File “containing” one or several other objects which may also be archives.

Available updates

A set of updates for Kaspersky Lab application modules including critical updates accumulated over a certain period of time and changes to the application’s architecture.

Base of suspicious web addresses

List of web addresses, whose content can be considered to be potentially dangerous. The list is created by Kaspersky Lab specialists. It is regularly updated and is included in the Kaspersky Lab application package.

Black list of key files

A database containing information on blacklisted Kaspersky Lab key files. Black list file content is updated together with the product databases.

Blocking the object

Denying access to an object from external applications. A blocked object cannot be read, executed, changed, or deleted.


A virus that infects the boot sectors of a computer’s hard drive. The virus forces the system to load it into memory during reboot and to direct control to the virus code instead of the original boot loader code.

Compressed file

An archive file that contains a decompression program and instructions for the operating system for executing.

Dangerous object

Object containing a virus. You are advised not to access these objects, because it may result in an infection of your computer. Once an infected object is detected, we recommend that you disinfect it using one of Kaspersky Lab’s applications, or delete it if disinfection is not possible.

Database of phishing web addresses

List of web addresses, which are defined as phishing by Kaspersky Lab specialists. The database is regularly updated and part of the Kaspersky Lab application.

Database updates

One of the functions performed by a Kaspersky Lab application that enables it to keep protection current. In doing so, the databases are downloaded from the Kaspersky Lab update servers onto the computer and are automatically connected to the application.


Databases created by Kaspersky Lab’s experts and containing a detailed description of all current threats to computer security as well as methods used for their detection and disinfection. These databases are constantly updated by Kaspersky Lab as new threats appear. In order to achieve a higher quality of threat detection we recommend that you copy databases from Kaspersky Lab’s update servers on a regular basis.

Deleting an object

The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder, network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot be disinfected.

Disinfecting objects on restart

A method of processing infected objects that are being used by other applications at the moment of disinfection. Consists of creating a copy of the infected object, disinfecting the copy created, and replacing the original, infected object with the disinfected copy after the next system restart.

Disk boot sector

A boot sector is a particular area on a computer’s hard drive, floppy, or other data storage device. It contains information on the disc’s file system and a boot loader program that is responsible for starting the operating system.

There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The Kaspersky Lab application allows scanning boot sectors for viruses and disinfecting them if an infection is found.

Domain name service (DNS)

Distributed system for converting the name of a host (a computer or other network device) to an IP address. DNS functions in TCP/IP networks. Particularly, DNS can also store and process reverse requests, by determining the name of a host by its IP address (PTR record). Resolution of DNS names is usually carried out by network applications, not by users.

Dual-homed gateway

Computer equipped with two network adapters (each of which is connected to different networks) transferring data from one network to the other.

Event severity level

Description of the event, logged during the operation of the Kaspersky Lab application. There exist four severity levels:

  • Critical event.
  • Functional failure.
  • Warning.
  • Information message.

Events of the same type may have different severity levels, depending on the situation when the event occurred.


Exclusion is an object excluded from the scan by Kaspersky Lab application. You can exclude files of certain formats, file masks, a certain area (for example, a folder or a program), application processes, or objects by threat type, according to the Virus Encyclopedia classification from the scan. Each task can be assigned a set of exclusions.

False alarm

Situation when Kaspersky Lab’s application considers a non-infected object as infected due to its code similar to that of a virus.

File mask

Representation of a file name and extension using wildcards. The two standard wildcards used in file masks are * and ?, where * represents any number of characters and ? stands for any single character. Using these wildcards, you can represent any file. Note that the name and extension are always separated by a period.

Hardware port

Socket on a hardware component of a computer in which a cable or a plug can be connected (LPT port, serial port, USB port).


The information in the beginning of a file or a message, which is comprised of low-level data on file (or message) status and processing. In particular, the email message header contains such data as information about the sender and recipient, and the date.

Heuristic analyzer

Threat detection technology for threats that cannot be detected using Anti-Virus databases. It allows detecting objects suspected of being infected with an unknown virus or a new modification of known viruses.

The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to false positives.

Files detected by the heuristic analyzer are considered suspicious.

iChecker technology

iChecker is a technology that increases the speed of anti-virus scans by excluding objects that have remained unchanged since their last scan, provided that the scan parameters (the anti-virus database and settings) have not changed. The information for each file is stored in a special database. This technology is used in both real-time protection and on-demand scan modes.

For example, you have an archive scanned by Kaspersky Lab application and assigned the not infected status. The next time the application will skip this archive, unless it has been altered or the scan settings have been changed. If you altered the archive content by adding a new object to it, modified the scan settings or updated the anti-virus database, the archive is re-scanned.

Limitations of iChecker technology:

  • this technology does not work with large-size files, since it is faster to scan a file than check whether it was modified since it was last scanned;
  • the technology supports a limited number of formats (exe, dll, lnk, ttf, inf, sys, com, chm, zip, rar).

Incompatible application

An antivirus application from a third-party developer or a Kaspersky Lab application that does not support management through Kaspersky Internet Security.

Infectable object

An object which, due to its structure or format, can be used by intruders as a “container” to store and distribute a malicious object. As a rule, they are executable files, for example, files with the .com, .exe, .dll extensions, etc. The risk of activating malicious code in such files is fairly high.

Infected object

Object containing a malicious code. It is detected when a section of the object’s code completely matches a section of the code of a known threat. Kaspersky Lab does not recommend using such objects since they may infect your computer.

Input/output port

Serves in processors (such as Intel) for exchanging data with hardware components. The input/output port is associated with a certain hardware component, and allows applications to address it for data exchange.

Installation with a startup scenario

Method of remote installation of Kaspersky Lab’s applications which allows assigning the startup of remote installation task to an individual user account (or to several user accounts). Registering a user in a domain leads to an attempt to install the application on the client computer on which the user has been registered. This method is recommended for installing the applications on computers running under Microsoft Windows 98 / Me operating systems.


Subcomponent of the application responsible for scanning specific types of email. The set of interceptors specific to your installation depends on what role or what combination of roles the application is being deployed for.

Internet Protocol (IP)

The basic protocol for the Internet, used without change since the time of its development in 1974. It performs basic operations in transmitting data from one computer to another and serves as the foundation for higher-level protocols like TCP and UDP. It manages connection and error processing. Technologies such as NAT and masking make it possible to hide a large number of private networks using a small number of IP addresses (or even one address), which make it possible to respond to the demands of the constantly growing Internet using the relatively restricted IPv4 address space.

Kaspersky Lab’s update servers

A list of Kaspersky Lab’s HTTP and FTP servers from which the application downloads databases and module updates to your computer.

Kaspersky Security Network

Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab which contains information about reputation of files, web resources, and software. Using data from Kaspersky Security Network ensures an increased response time of Kaspersky Internet Security when encountering new types of threats, improves performance of some protection components, and reduces risk of false positives.

Key file

File with the .key extension, which is your personal “key”, necessary for working with the Kaspersky Lab application. A key file is included with the product if you purchased it from Kaspersky Lab distributors or is emailed to you if you purchased the product online.

License validity period

Period of time during which you are able to use all features of your Kaspersky Lab application. The license validity period generally runs for one calendar year from the date of installation. After the license expires, the application has reduced functionality. You will not be able to update the application databases.

List of allowed URLs

List of masks and addresses of web resources, the accessing of which is not block
ed by the Kaspersky Lab application. The list of addresses is created by the user during application settings configuration.

List of allowed senders

(as well as “White” list of addresses)

The list of email addresses which send the messages that should not be scanned by Kaspersky Lab application.

List of blocked URLs

List of masks and addresses of web resources, access to which is blocked by the Kaspersky Lab application. The list of addresses is created by the user during application settings configuration.

List of blocked senders

(also “Black” list of addresses)

The list of email addresses which send messages that should be blocked by the Kaspersky Lab application, regardless of their content.

List of checked web addresses

List of masks and addresses of web resources, which are mandatorily scanned for malicious objects by the Kaspersky Lab application.

Mail databases

Databases containing emails in a special format and saved on your computer. Each incoming/outgoing email is placed in the mail database after it is received/sent. These databases are scanned during a full computer scan.

Incoming and outgoing emails at the time that they are sent and received are analyzed for viruses in real time if real-time protection is enabled.

Message deletion

Method of processing an email message that contains spam signs, at which the message is physically removed. It is advised to apply this method to messages which unambiguously contain spam. Before deleting a message, a copy of it is saved in the backup (unless this option is disabled).

Monitored object

A file transferred via HTTP, FTP, or SMTP protocols across the firewall and sent to a Kaspersky Lab application to be scanned.

Moving objects to quarantine

A method of processing a potentially infected object by blocking access to the file and moving it from its original location to the Quarantine folder, where the object is saved in encrypted form, which rules out the threat of infection.

Network port

TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host over a network and makes it possible for various programs running on a single host to receive data independently of each other. Each program processes data received via a certain port (this is sometimes referred to as the program “listening” to that port).

For some common network protocols, there are usually standard port numbers (for example, web servers usually receive HTTP requests on TCP port 80); however, generally, a program can use any protocol on any port. Possible values: 1 to 65535.

Notification template

Template based on which a notification of infected objects detected by the scan, is generated. Notification template includes a combination of settings regulating the mode of notification, the way of spreading, and the text of messages to be sent.

Object disinfection

The method used for processing infected objects that results in complete or partial recovery of data, or the decision that the objects cannot be disinfected. Objects are disinfected using the database records. Part of the data may be lost during disinfection.

Obscene message

Email message containing offensive language.

OLE object

An attached object or an object embedded into another file. Kaspersky Lab application allows scanning OLE objects for viruses. For example, if you insert a Microsoft Office Excel table into a Microsoft Office Word document, the table is scanned as an OLE object.


Kind of Internet fraud which consists in sending email messages with the purpose of stealing confidential information – as a rule, various financial data.

Potentially infected object

An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Potentially infected files are detected using heuristic analyzer.

Protection status

The current status of protection, summarizing the degree of security of the computer.


Clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known protocols and the services associated with them include HTTP (WWW), FTP, and NNTP (news).

Proxy server

Computer network service which allows users to make indirect requests to other network services. First, a user connects to a proxy server and requests a resource (e.g., a file) located on another server. Then, the proxy server either connects to the specified server and obtains the resource from it, or returns the resource from its own cache (in case if the proxy has its own cache). In some cases, a user’s request or a server’s response can be modified by the proxy server for certain purposes.


A certain folder, where all possibly infected objects are placed, which were detected during scans or by real-time protection.

Real-time protection

The application’s operating mode under which objects are scanned for the presence of malicious code in real time.

The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats. Uninfected objects are passed on to the user; objects containing threats or suspected of containing them are processed pursuant to the task settings (they are disinfected, deleted or quarantined).

Recommended level

Level of security based on application settings recommended by Kaspersky Lab experts to provide the optimal level of protection for your computer. This level is set to be used by default.


Moving an original object from Quarantine or Backup to the folder where it was originally found before being moved to Quarantine, disinfected, or deleted, or to a different folder specified by the user.


Proxy server protocol that allows establishing a point-to-point connection between computers in the internal and external networks.


A small computer program or an independent part of a program (function) which, as a rule, has been developed to execute a small specific task. It is most often used with programs embedded into hypertext. Scripts are run, for example, when you open a certain website.

If real-time protection is enabled, the application tracks the scripts launching, intercepts and scans them for viruses. Depending on the results of the scan, you may block or allow the execution of a script.

Security level

The security level is defined as a pre-set component configuration.


Unsolicited mass email mailings, most often including advertising messages.

Startup objects

The set of programs needed to start and correctly operate the operating system and software installed on your computer. These objects ar
e executed every time the operating system is started. There are viruses capable of infecting such objects specifically, which may lead to, for example, blocking your access to the operating system.

Subnet mask

Subnet mask (also known as netmask) and network address determine the addresses of computers on a network.

Suspicious message

Message that cannot be unambiguously considered spam, but it seems suspicious when scanned (e.g., certain types of mailings and advertising messages).

Suspicious object

An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Suspicious objects are detected using the heuristic analyzer.


Functions performed by Kaspersky Lab’s application are implemented as tasks, such as: Real-time file protection, Full computer scan, Database Update.

Task settings

Application settings which are specific for each task type.

Threat rating

Rate of how dangerous an application is for the operating system. The rating is calculated based on heuristic analysis; it allows you to detect activity typical of malware. The lower the threat rating is, the more actions the application will be allowed to perform in the system.

Traffic scan

A real-time scan using information from the latest version of the databases for objects transmitted via all protocols (for example, HTTP, FTP, etc.).

Trusted process

Application process whose file operations are not monitored by Kaspersky Lab’s application in real-time protection mode. In other words, no objects run, open, or saved by the trusted process are scanned.

Unknown virus

A new virus about which there is no information in the databases. Generally unknown viruses are detected by the application in objects using the heuristic analyzer, and those objects are classified as potentially infected.


The procedure of replacing/adding new files (databases or application modules) retrieved from the Kaspersky Lab update servers.

Update package

File package for updating the software. It is downloaded from the Internet and installed on your computer.

Urgent updates

Critical updates to Kaspersky Lab application modules.

Virus activity threshold

The maximum permissible level of a specific type of event over a limited time period that, when exceeded, is considered to be excessive virus activity and a threat of a virus outbreak. This feature is significant during virus outbreaks and enables an administrator to react in a timely fashion to threats of virus outbreaks that arise.

Virus outbreak

A series of deliberate attempts to infect a computer with a virus.

Virus outbreak counter

Template based on which a notification of virus outbreak threat is generated. Virus outbreak counter includes a combination of settings which determine the virus activity threshold, the way of spreading, and the text in messages to be sent.

Internet Security arr GlossaryPage top