Activating the application
The application activation procedure consists of entering an activation code and obtaining a key which allows the application to determine if the user has sufficient rights to use it, and to find out the license expiration date.
The license currently used for the operation of a Kaspersky Lab application. The license defines the expiration date for full functionality and the license policy for the application. The application cannot have more than one license with the active status.
A license that has been added for the operation of Kaspersky Lab application but has not been activated. The additional license enters into effect when the active license expires.
Administration server certificate
Certificate which allows Administration server authentication when connecting the Administration console to it and when exchanging data with users’ computers. Administration server certificate is created at the installation of the Administration server, and is stored in thesubfolder of the application installation folder.
Alternate NTFS streams
NTFS data streams (alternate data streams) designed to contain additional attributes or file information.
Each file in an NTFS file system is a set of streams. One of them contains the file content that one is be able to view after opening the file, other streams (called alternate) are designed to contain meta information and ensure, for example, NTFS compatibility with other systems, such as an older file system by Macintosh called Hierarchical File System (HFS). Streams can be created, deleted, stored apart, renamed, and even run as a process.
Alternate streams can be used by intruders to transfer data secretly, or to steal them from a computer.
Files included in the Kaspersky Lab installation package responsible for performing its main tasks. A particular executable module corresponds to each type of the task performed by the application (real-time protection, on-demand scan, updates). By running a full scan of your computer from the main window, you initiate the execution of this task’s module.
Application settings which are common for all task types, regulating the application’s operation as a whole, such as application performance settings, report settings, backup storage settings.
File “containing” one or several other objects which may also be archives.
A set of updates for Kaspersky Lab application modules including critical updates accumulated over a certain period of time and changes to the application’s architecture.
Base of suspicious web addresses
List of web addresses, whose content can be considered to be potentially dangerous. The list is created by Kaspersky Lab specialists. It is regularly updated and is included in the Kaspersky Lab application package.
Black list of key files
A database containing information on blacklisted Kaspersky Lab key files. Black list file content is updated together with the product databases.
Blocking the object
Denying access to an object from external applications. A blocked object cannot be read, executed, changed, or deleted.
A virus that infects the boot sectors of a computer’s hard drive. The virus forces the system to load it into memory during reboot and to direct control to the virus code instead of the original boot loader code.
An archive file that contains a decompression program and instructions for the operating system for executing.
Object containing a virus. You are advised not to access these objects, because it may result in an infection of your computer. Once an infected object is detected, we recommend that you disinfect it using one of Kaspersky Lab’s applications, or delete it if disinfection is not possible.
Database of phishing web addresses
List of web addresses, which are defined as phishing by Kaspersky Lab specialists. The database is regularly updated and part of the Kaspersky Lab application.
One of the functions performed by a Kaspersky Lab application that enables it to keep protection current. In doing so, the databases are downloaded from the Kaspersky Lab update servers onto the computer and are automatically connected to the application.
Databases created by Kaspersky Lab’s experts and containing a detailed description of all current threats to computer security as well as methods used for their detection and disinfection. These databases are constantly updated by Kaspersky Lab as new threats appear. In order to achieve a higher quality of threat detection we recommend that you copy databases from Kaspersky Lab’s update servers on a regular basis.
Deleting an object
The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder, network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot be disinfected.
Disinfecting objects on restart
A method of processing infected objects that are being used by other applications at the moment of disinfection. Consists of creating a copy of the infected object, disinfecting the copy created, and replacing the original, infected object with the disinfected copy after the next system restart.
Disk boot sector
A boot sector is a particular area on a computer’s hard drive, floppy, or other data storage device. It contains information on the disc’s file system and a boot loader program that is responsible for starting the operating system.
There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The Kaspersky Lab application allows scanning boot sectors for viruses and disinfecting them if an infection is found.
Domain name service (DNS)
Distributed system for converting the name of a host (a computer or other network device) to an IP address. DNS functions in TCP/IP networks. Particularly, DNS can also store and process reverse requests, by determining the name of a host by its IP address (PTR record). Resolution of DNS names is usually carried out by network applications, not by users.
Computer equipped with two network adapters (each of which is connected to different networks) transferring data from one network to the other.
Event severity level
Description of the event, logged during the operation of the Kaspersky Lab application. There exist four severity levels:
Events of the same type may have different severity levels, depending on the situation when the event occurred.
Exclusion is an object excluded from the scan by Kaspersky Lab application. You can exclude files of certain formats, file masks, a certain area (for example, a folder or a program), application processes, or objects by threat type, according to the Virus Encyclopedia classification from the scan. Each task can be assigned a set of exclusions.
Situation when Kaspersky Lab’s application considers a non-infected object as infected due to its code similar to that of a virus.
Representation of a file name and extension using wildcards. The two standard wildcards used in file masks are * and , where represents any number of characters and ? stands for any single character. Using these wildcards, you can represent any file. Note that the name and extension are always separated by a period.
Socket on a hardware component of a computer in which a cable or a plug can be connected (LPT port, serial port, USB port).
The information in the beginning of a file or a message, which is comprised of low-level data on file (or message) status and processing. In particular, the email message header contains such data as information about the sender and recipient, and the date.
Threat detection technology for threats that cannot be detected using Anti-Virus databases. It allows detecting objects suspected of being infected with an unknown virus or a new modification of known viruses.
The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to false positives.
Files detected by the heuristic analyzer are considered suspicious.
iChecker is a technology that increases the speed of anti-virus scans by excluding objects that have remained unchanged since their last scan, provided that the scan parameters (the anti-virus database and settings) have not changed. The information for each file is stored in a special database. This technology is used in both real-time protection and on-demand scan modes.
For example, you have an archive scanned by Kaspersky Lab application and assigned the not infected status. The next time the application will skip this archive, unless it has been altered or the scan settings have been changed. If you altered the archive content by adding a new object to it, modified the scan settings or updated the anti-virus database, the archive is re-scanned.
Limitations of technology:
An antivirus application from a third-party developer or a Kaspersky Lab application that does not support management through Kaspersky Internet Security.
An object which, due to its structure or format, can be used by intruders as a “container” to store and distribute a malicious object. As a rule, they are executable files, for example, files with the .com, .exe, .dll extensions, etc. The risk of activating malicious code in such files is fairly high.
Object containing a malicious code. It is detected when a section of the object’s code completely matches a section of the code of a known threat. Kaspersky Lab does not recommend using such objects since they may infect your computer.
Serves in processors (such as Intel) for exchanging data with hardware components. The input/output port is associated with a certain hardware component, and allows applications to address it for data exchange.
Installation with a startup scenario
Method of remote installation of Kaspersky Lab’s applications which allows assigning the startup of remote installation task to an individual user account (or to several user accounts). Registering a user in a domain leads to an attempt to install the application on the client computer on which the user has been registered. This method is recommended for installing the applications on computers running under Microsoft Windows 98 / Me operating systems.
Subcomponent of the application responsible for scanning specific types of email. The set of interceptors specific to your installation depends on what role or what combination of roles the application is being deployed for.
Internet Protocol (IP)
The basic protocol for the Internet, used without change since the time of its development in 1974. It performs basic operations in transmitting data from one computer to another and serves as the foundation for higher-level protocols like TCP and UDP. It manages connection and error processing. Technologies such as NAT and masking make it possible to hide a large number of private networks using a small number of IP addresses (or even one address), which make it possible to respond to the demands of the constantly growing Internet using the relatively restricted IPv4 address space.
Kaspersky Lab’s update servers
A list of Kaspersky Lab’s HTTP and FTP servers from which the application downloads databases and module updates to your computer.
Kaspersky Security Network
Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Knowledge Base of Kaspersky Lab which contains information about reputation of files, web resources, and software. Using data from Kaspersky Security Network ensures an increased response time of Kaspersky Internet Security when encountering new types of threats, improves performance of some protection components, and reduces risk of false positives.
File with the .key extension, which is your personal “key”, necessary for working with the Kaspersky Lab application. A key file is included with the product if you purchased it from Kaspersky Lab distributors or is emailed to you if you purchased the product online.
License validity period
Period of time during which you are able to use all features of your Kaspersky Lab application. The license validity period generally runs for one calendar year from the date of installation. After the license expires, the application has reduced functionality. You will not be able to update the application databases.
List of allowed URLs
List of masks and addresses of web resources, the accessing of which is not block
List of allowed senders
(as well as “White” list of addresses)
The list of email addresses which send the messages that should not be scanned by Kaspersky Lab application.
List of blocked URLs
List of masks and addresses of web resources, access to which is blocked by the Kaspersky Lab application. The list of addresses is created by the user during application settings configuration.
List of blocked senders
(also “Black” list of addresses)
The list of email addresses which send messages that should be blocked by the Kaspersky Lab application, regardless of their content.
List of checked web addresses
List of masks and addresses of web resources, which are mandatorily scanned for malicious objects by the Kaspersky Lab application.
Databases containing emails in a special format and saved on your computer. Each incoming/outgoing email is placed in the mail database after it is received/sent. These databases are scanned during a full computer scan.
Incoming and outgoing emails at the time that they are sent and received are analyzed for viruses in real time if real-time protection is enabled.
Method of processing an email message that contains spam signs, at which the message is physically removed. It is advised to apply this method to messages which unambiguously contain spam. Before deleting a message, a copy of it is saved in the backup (unless this option is disabled).
A file transferred via HTTP, FTP, or SMTP protocols across the firewall and sent to a Kaspersky Lab application to be scanned.
Moving objects to quarantine
A method of processing a potentially infected object by blocking access to the file and moving it from its original location to the Quarantine folder, where the object is saved in encrypted form, which rules out the threat of infection.
TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host over a network and makes it possible for various programs running on a single host to receive data independently of each other. Each program processes data received via a certain port (this is sometimes referred to as the program “listening” to that port).
For some common network protocols, there are usually standard port numbers (for example, web servers usually receive HTTP requests on TCP port 80); however, generally, a program can use any protocol on any port. Possible values: 1 to 65535.
Template based on which a notification of infected objects detected by the scan, is generated. Notification template includes a combination of settings regulating the mode of notification, the way of spreading, and the text of messages to be sent.
The method used for processing infected objects that results in complete or partial recovery of data, or the decision that the objects cannot be disinfected. Objects are disinfected using the database records. Part of the data may be lost during disinfection.
Email message containing offensive language.
An attached object or an object embedded into another file. Kaspersky Lab application allows scanning OLE objects for viruses. For example, if you insert a Microsoft Office Excel table into a Microsoft Office Word document, the table is scanned as an OLE object.
Kind of Internet fraud which consists in sending email messages with the purpose of stealing confidential information – as a rule, various financial data.
Potentially infected object
An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Potentially infected files are detected using heuristic analyzer.
The current status of protection, summarizing the degree of security of the computer.
Clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known protocols and the services associated with them include HTTP (WWW), FTP, and NNTP (news).
Computer network service which allows users to make indirect requests to other network services. First, a user connects to a proxy server and requests a resource (e.g., a file) located on another server. Then, the proxy server either connects to the specified server and obtains the resource from it, or returns the resource from its own cache (in case if the proxy has its own cache). In some cases, a user’s request or a server’s response can be modified by the proxy server for certain purposes.
A certain folder, where all possibly infected objects are placed, which were detected during scans or by real-time protection.
The application’s operating mode under which objects are scanned for the presence of malicious code in real time.
The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats. Uninfected objects are passed on to the user; objects containing threats or suspected of containing them are processed pursuant to the task settings (they are disinfected, deleted or quarantined).
Level of security based on application settings recommended by Kaspersky Lab experts to provide the optimal level of protection for your computer. This level is set to be used by default.
Moving an original object from Quarantine or Backup to the folder where it was originally found before being moved to Quarantine, disinfected, or deleted, or to a different folder specified by the user.
Proxy server protocol that allows establishing a point-to-point connection between computers in the internal and external networks.
A small computer program or an independent part of a program (function) which, as a rule, has been developed to execute a small specific task. It is most often used with programs embedded into hypertext. Scripts are run, for example, when you open a certain website.
If real-time protection is enabled, the application tracks the scripts launching, intercepts and scans them for viruses. Depending on the results of the scan, you may block or allow the execution of a script.
The security level is defined as a pre-set component configuration.
Unsolicited mass email mailings, most often including advertising messages.
The set of programs needed to start and correctly operate the operating system and software installed on your computer. These objects ar
Subnet mask (also known as netmask) and network address determine the addresses of computers on a network.
Message that cannot be unambiguously considered spam, but it seems suspicious when scanned (e.g., certain types of mailings and advertising messages).
An object that contains modified code of a known virus or code that resembles code of a virus, but is not yet known to Kaspersky Lab. Suspicious objects are detected using the heuristic analyzer.
Functions performed by Kaspersky Lab’s application are implemented as tasks, such as: Real-time file protection, Full computer scan, Database Update.
Application settings which are specific for each task type.
Rate of how dangerous an application is for the operating system. The rating is calculated based on heuristic analysis; it allows you to detect activity typical of malware. The lower the threat rating is, the more actions the application will be allowed to perform in the system.
A real-time scan using information from the latest version of the databases for objects transmitted via all protocols (for example, HTTP, FTP, etc.).
Application process whose file operations are not monitored by Kaspersky Lab’s application in real-time protection mode. In other words, no objects run, open, or saved by the trusted process are scanned.
A new virus about which there is no information in the databases. Generally unknown viruses are detected by the application in objects using the heuristic analyzer, and those objects are classified as potentially infected.
The procedure of replacing/adding new files (databases or application modules) retrieved from the Kaspersky Lab update servers.
File package for updating the software. It is downloaded from the Internet and installed on your computer.
Critical updates to Kaspersky Lab application modules.
Virus activity threshold
The maximum permissible level of a specific type of event over a limited time period that, when exceeded, is considered to be excessive virus activity and a threat of a virus outbreak. This feature is significant during virus outbreaks and enables an administrator to react in a timely fashion to threats of virus outbreaks that arise.
A series of deliberate attempts to infect a computer with a virus.
Virus outbreak counter
Template based on which a notification of virus outbreak threat is generated. Virus outbreak counter includes a combination of settings which determine the virus activity threshold, the way of spreading, and the text in messages to be sent.