web anti-virus: security levels - doczine
TRANSCRIPT
Kaspersky PURE 2.0
Web Anti-Virus:
security levels
Kaspersky PURE 2.0
1 | 1 8
Content
Security levels of Web Anti-Virus ............................................................................................... 2
Security levels ........................................................................................................................ 2
Customizing security level ...................................................................................................... 3 Checking suspicious and phishing URLs by Web Anti-Virus ............................................... 3 Heuristic Analyzer ............................................................................................................... 5 Blocking dangerous scripts ................................................................................................. 5 Scan optimization ................................................................................................................ 6 Kaspersky URL Advisor ...................................................................................................... 7 Blocking access to dangerous sites .................................................................................. 11 Controlling access to regional web domains ..................................................................... 12 Creating the list of trusted URLs ....................................................................................... 13 Controlling access to online banking services ................................................................... 14
Kaspersky PURE 2.0
2 | 1 8
Security levels of Web Anti-Virus
Security levels
Web Anti-Virus can work in several modes – security levels. A security level is a set of
predefined parameters of Web Anti-Virus which provides a level of data security that are
received and transferred by HTTP, HTTPS and FTP protocols.
Kaspersky Lab experts have developed three security levels:
► If no HTTP security tools – firewall or proxy-server – are installed on your computer,
use High security level.
► If you work in the protected environment (for example, a firewall is installed on your
computer and you connect to the Internet via a corporate proxy-server), then set a
Low security level.
► Recommended is the optimal security level as it rationally uses system resources
and provides secure protection. This security level suits most cases.
Select a security level which best suits your situation.
In order to change the security level, simply drag the vertical slider to the needed position.
If you have already added some changes to the predefined settings you can always roll back to
the default Web Anti-Virus settings by clicking the Default level button.
Kaspersky PURE 2.0
3 | 1 8
Customizing security level
Checking suspicious and phishing URLs by Web Anti-Virus
Web Anti-Virus scans web traffic for viruses and checks if the links are included in the list of
suspicious web-address and to the list of phishing1 web addresses.
To make sure the settings are active, in the Web Anti-Virus window click the Settings button
and see that on the General tab under Kaspersky URL Advisor the following boxes are
checked:
► Check if URLs are listed in the database of malicious URLs.
This box enables/disables the option to check whether links are included in the list of
suspicious web addresses from the black list. The list is created by Kaspersky Lab's
specialists.
► Check web page for phishing.
1
Phishing is a specific form of cybercrime. Phishing attacks are made the following way: the criminal creates an
almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to disclosing their personal details – username, password, PIN etc. – via a form on the fake website, allowing the criminal to use the details to obtain money.
Kaspersky PURE 2.0
4 | 1 8
The lists of phishing addresses are included in to Kaspersky PURE distribution kit.
Since the link to a phishing site may be received not only in an email message but in
any other way, for example, in the text of an ICQ message, Web Anti-Virus
component traces the attempts of accessing a phishing site at the level of HTTP
traffic scan, and blocks them.
Additionally to the analysis based on the refilled phishing databases, heuristic analysis is
added to Web Anti-Virus. Heuristic Analysis allows to evaluate the information about an
internet resource, for example presence of signs typical of phishing resources in the URL
addresses. As a result, if these signs are detected, the resource is defined as phishing and
access to it is blocked, even if the resource is not yet added to the phishing database.
To enable the heuristic analysis for scan of web pages for phishing, click the Additional button
in the Heuristic Analysis section, check the corresponding box and set the required detail
level of scan.
Kaspersky PURE 2.0
5 | 1 8
Heuristic Analyzer
Heuristic Analysis allows to trace activity of an objects in the system. If the tool finds the
activity suspicious, then most probably the objects will be defined as malicious or suspicious,
even if its malicious code is not known to virus analysts.
Upon detection of a suspicious object, Kaspersky PURE will notify you of it and offer to apply a
corresponding action to the detected object.
You can select one of the three scanning levels of the heuristic analysis:
► light scan
► medium scan
► deep scan
The higher the detail level, the more resources and time the scan takes, and the higher is the
probability of threat detection.
By default, heuristic analysis is enabled and the detail level is set to medium.
To enable heuristic analyzer, on the General tab in the Heuristic Analysis section check the
Use Heuristic Analysis box. In the field below specify the required level by moving the
horizontal slider to the necessary position.
Uncheck the Use Heuristic Analysis box, if you do not want to use this method.
Blocking dangerous scripts
Web Anti-Virus will scan all scripts processed in Microsoft Internet Explorer, as well as any
other WSH scripts (JavaScript, Visual Basic Script, etc.) launched when the user works on the
computer, including the Internet. Execution of any dangerous script will be blocked.
Kaspersky PURE 2.0
6 | 1 8
If you want Web Anti-Virus to scan and block dangerous scripts, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button.
4. In the Web Anti-Virus window on the General tab in the Additional section check the
Block dangerous scripts in Microsoft Internet Explorer box.
5. Click OK to save the made changes.
Scan optimization
To detect malicious code more efficiently, Web Anti-Virus buffers fragments of objects
downloaded from the Internet.
When Web Anti-Virus scans objects downloaded by HTTP and FTP traffic, the user may
experience a delay while accessing the file. This delay is caused by the operational algorithm
of Web Anti-Virus: first, all fragments are saved into cache memory, then are analyzed for
viruses and then depending on the analysis result are either returned to the user or blocked.
To accelerate access to the object, we suggest limiting the caching time for web object
fragments downloaded from the Internet. When the specified time expires each downloaded
fragment of a file is given to the user not scanned, and the object is scanned by Web Anti-
Virus, when it is fully copied.
Disabling limitation of the caching time leads to enhanced efficiency of the anti-virus scan but
at the same time slows down access to the object.
Kaspersky PURE 2.0
7 | 1 8
To limit traffic caching time or to disable this limitation, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
opens.
4. To set the restriction, on the General tab in the Additional section check the Limit
traffic caching time to 1 sec to optimize scan box. If you need to disable restriction,
uncheck the box.
Kaspersky URL Advisor
Web Anti-Virus in Kaspersky PURE includes Kaspersky URL Advisor.
This module checks if links located on the webpage belong to the list of suspicious and
phishing web addresses. You can
► create a list of web addresses whose content will not be checked for the presence of
suspicious or phishing URLs;
► create a list of web sites whose content must be scanned;
► completely exclude scan of URLs.
The best improvements of Kaspersky URL Advisor implemented in Kaspersky PURE are the
following:
1. Providing users with the additional information about the web resources thus helping to
make the right decision on whether to visit a web resource or not.
Kaspersky PURE 2.0
8 | 1 8
2. Storing a considerable amount of information about web resources in the “cloud”. This
information helps to define more exactly malicious and phishing sites.
Kaspersky PURE features expanded URL Advisor compatibility with browsers. The following
browsers are now fully supported:
► Internet Explorer 6, 7, 8 and 9;
► Mozilla FireFox 2.x – 11.x;
► Google Chrome 8.x – 17.x.
To create a list of websites whose content will not be scanned for the presence of suspicious or
phishing URLs, on the Safe Surf tab in the Kaspersky URL Advisor section uncheck the
Check URLs box.
The URL Advisor module can function in two modes: check links on all web sites except the
sites added to exclusions, or check only web sites specified in the list.
In order Kaspersky URL Advisor would check all web sites, except those added to
exclusions, perform the following actions:
1. In the Web Anti-Virus window in the Kaspersky URL Advisor section check the
Check URLs box.
2. Select the All but the exclusions variant and click the Exclusions button.
Kaspersky PURE 2.0
9 | 1 8
3. In the Exclusions window create the list of web addresses whose contents should not
scanned for suspicious or phishing links.
4. Click the OK button in the Exclusions window.
For Kaspersky URL Advisor to scan only the sites specified by you, perform the following
actions:
1. On the Safe Surf tab in the Kaspersky URL Advisor section check the Only websites
from the list box and click the Specify button.
Kaspersky PURE 2.0
10 | 1 8
2. In the Checked URLs window create the list of web addresses whose content should
be scanned for suspicious or phishing links.
3. Click the OK button in the Checked URLs window.
4. In the Web Anti-Virus window click the OK button to save the made changes.
The Kaspersky URL Advisor options mentioned above can be set either in the Web Anti-
Virus window or in the module settings widow opened in the web browser. To open the module
settings window from the web browser window, click the button with the Kaspersky PURE icon
from the tool panel of the browser.
Kaspersky PURE 2.0
11 | 1 8
Blocking access to dangerous sites
You can block access to websites which have been defined suspicious or phishing by
Kaspersky URL Advisor.
If Web Anti-Virus cannot draw a clear conclusion on the safety of the website to which a link
leads, you will be prompted to load this website in Safe Run (only in Microsoft Internet
Explorer, Mozilla Firefox and Google Chrome). When activated in Safe Run, malicious objects
do not pose any threat to your computer.
To block access to dangerous web sites, perform the following actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
will open.
4. In the Web Anti-Virus window on the Safe Surf tab in the Blocking Dangerous
Websites section check the Block dangerous websites box.
Kaspersky PURE 2.0
12 | 1 8
5. Click the OK button, to save the made changes.
Controlling access to regional web domains
Depending on the user's choice, Web Anti-Virus in Geo Filter mode can block or allow
access to websites on the grounds of their belonging to regional web domains. This allows you,
for example, to block access to websites which belong to regional domains with a high risk of
infection.
To allow or block access to web sites which belong to specified domains, perform the following
actions:
1. Open the application settings window.
2. In the left part of the window under Protection select the Web Anti-Virus component.
3. In the right part of the window click the Settings button. The Web Anti-Virus window
will open.
4. On the Geo Filter tab check the Enable filtering by regional domains box and specify
in the list of controlled domains below which domains should be allowed or blocked, and
for which ones the application should request access permission using a notification.
For this:
► Select a domain which should be allowed, blocked or prompted for action.
► Click the button Allow, Block or Prompt. The corresponding icon will appear in the
Access column.
By default, access is allowed for regional domains that match your location. Access
permission request is set for other domains by default.
Kaspersky PURE 2.0
13 | 1 8
5. Click the OK button.
Creating the list of trusted URLs
You can create a list of web addresses whose content you trust unconditionally. In this case
Web Anti-Virus will not analyze information from these URL addresses for dangerous objects.
You can use this option, for example, if Web Anti-Virus prevents download of a file from a
known web site.
To create the list of trusted URLs, perform the following actions:
1. In the right part of the Web Anti-Virus settings window click the Settings button.
2. On the Trusted URLs tab check the Do not scan web traffic from trusted URLs box
and create the list of trusted addresses whose content you trust. For this:
► Click the Add button.
► In the Address mask (URL) window enter an address, whose content you trust. For
example, kaspersky.com.
► Click the OK button.
Kaspersky PURE 2.0
14 | 1 8
If you want to exclude an address from the trusted list, you do not have to delete an
address from the list, unchecking an address will be sufficient.
3. In the Web Anti-Virus window click the OK button.
Controlling access to online banking services
When working with online banking, your computer needs an especially reliable protection,
since leakages of confidential information may lead to financial losses. Web Anti-Virus
automatically determines which web resources are online banking services. For guaranteed
identification of a web resource as online banking service, you can specify its URL in the list of
banking websites.
Kaspersky PURE 2.0
15 | 1 8
To configure control of access to online banking services, perform the following actions:
1. In the right part of the Web Anti-Virus settings window click the Settings button.
2. In the Web Anti-Virus window on the Online Banking tab check the Enable control
box.
3. You will be prompted to start the Certificate Installation Wizard that you can use to
install a Kaspersky Lab certificate for scanning encrypted connections. Click Next, to
continue.
Kaspersky PURE 2.0
16 | 1 8
4. In the Security Warning window click the Yes button.
5. Wait till work of the wizard is over and click the Finish button.
Kaspersky PURE 2.0
17 | 1 8
6. If necessary, create a list of resources that Kaspersky PURE should identify as online
banking services. For this:
► Click the Add button.
► In the Address mask (URL) window enter an address that should be identified as
online banking service.
► Click the OK button.
If you want to exclude an address from the trusted list, you do not have to delete an
address from the list, unchecking an address will be sufficient.
Kaspersky PURE 2.0
18 | 1 8
7. In the Web Anti-Virus window click the OK button.
8. In the Settings window click the OK button.