Glossary
November 30, 2021
ID 90
Activating the application
Switching the application to fully functional mode. Application activation is performed by the user during or after installation of the application. To activate the application, the user must have an activation code.
Anti-virus databases
Databases that contain information about computer security threats known to Kaspersky as of when the anti-virus databases are released. Entries in anti-virus databases allow detecting malicious code in scanned objects. Anti-virus databases are created by Kaspersky specialists and updated hourly.
Application modules
Files included in the Kaspersky installation package that are responsible for performing the main tasks of the corresponding application. A particular application module corresponds to each type of task performed by the application (protection, scan, updates of databases and application modules).
Backup and Restore
Creates backup copies of data stored on the computer. Backup copies are created to prevent data loss as a result of theft, hardware malfunctions, or hacker attacks.
Blocking an object
Denying access to an object from third-party applications. A blocked object cannot be read, executed, modified, or deleted.
Compressed file
A compressed executable file that contains a decompression program and instructions for the operating system to execute it.
Data vault
A data vault is a special data storage in which files are stored in encrypted form. A password is needed to access such files. Data vaults are meant to prevent unauthorized access to user data.
Database of malicious web addresses
A list of web addresses whose content may be considered to be dangerous. Created by Kaspersky specialists, the list is regularly updated and is included in the Kaspersky application package.
Database of phishing web addresses
List of web addresses which have been defined as phishing web addresses by Kaspersky specialists. The databases are regularly updated and are part of the Kaspersky application package.
Digital signature
An encrypted block of data embedded in a document or application. A digital signature is used to identify the author of the document or application. To create a digital signature, the document or application author must have a digital certificate proving the author's identity.
A digital signature lets you verify the data source and data integrity and protect yourself against counterfeits.
Disk boot sector
A boot sector is a special area on a computer's hard drive, floppy disk, or other data storage device. It contains information on the disk's file system and a boot loader program, which is responsible for starting the operating system.
There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The Kaspersky application allows scanning boot sectors for viruses and disinfecting them if an infection is found.
Exploit
A software code that uses a vulnerability in the system or software. Exploits are often used to install malware on the computer without user's knowledge.
False positive
A situation when a Kaspersky application considers a non-infected object to be infected because the object's code is similar to that of a virus.
File mask
Representation of a file name using wildcards. The standard wildcards used in file masks are * and ?, where * represents any number of any characters and ? stands for any single character.
Heuristic analyzer
A technology for detecting threats about which information has not yet been added to Kaspersky databases. The heuristic analyzer detects objects whose behavior in the operating system may pose a security threat. Objects detected by the heuristic analyzer are considered to be probably infected. For example, an object may be considered probably infected if it contains sequences of commands that are typical of malicious objects (open file, write to file).
Hypervisor
An application supporting the parallel operation of several operating systems on one computer.
iChecker Technology
A technology that allows increasing the speed of anti-virus scanning by excluding objects that have remained unchanged since their last scan, provided that the scan parameters (the databases and the settings) have not been altered. The information for each file is stored in a special database. This technology is used in both real-time protection and on-demand scan modes.
For example, you have an archive file that was scanned by a Kaspersky application and assigned not infected status. Next time, the application will skip this archive unless the archive has been altered or the scan settings have been changed. If you have changed the archive content by adding a new object to it, modified the scan settings, or updated the application databases, the archive will be re-scanned.
Limitations of iChecker technology:
- This technology does not work with large files, since it is faster to scan a file than to check whether the file has been modified since it was last scanned.
- The technology supports a limited number of formats.
Incompatible application
An anti-virus application from a third-party developer or a Kaspersky application that does not support management through Kaspersky Security Cloud.
Infected object
An object a portion of whose code completely matches part of the code of known malware. Kaspersky does not recommend accessing such objects.
Kaspersky Security Network (KSN)
The cloud-based knowledge base of Kaspersky containing information about the reputation of applications and websites. Use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives.
Kaspersky update servers
Kaspersky HTTP servers from which updates of databases and software modules are downloaded.
Keylogger
A program designed for hidden logging of information about keys pressed by the user. Keyloggers function as keystroke interceptors.
Phishing
A type of Internet fraud aimed at obtaining unauthorized access to users' confidential data.
Probable spam
A message that cannot be unambiguously considered spam, but has several spam attributes (for example, certain types of mailings and advertising messages).
Probably infected object
An object whose code contains portions of modified code from a known threat, or an object whose behavior is similar to that of a threat.
Protected Browser
A dedicated operation mode of a standard browser designed for financial activities and online shopping. Using Protected Browser ensures the safety of confidential data that you enter on the websites of banks and payment systems such as bank card numbers or passwords used for online banking, and also prevents theft of payment assets when making online payments.
Protection components
Integral parts of Kaspersky Security Cloud intended for protection against specific types of threats (for example, Anti-Spam and Anti-Phishing). Each of the components is relatively independent of the other ones and can be disabled or configured individually.
Protocol
A clearly defined and standardized set of rules governing the interaction between a client and a server. Well-known protocols and the services associated with them include HTTP, FTP, and NNTP.
Quarantine
A dedicated storage in which the application places backup copies of files that have been modified or deleted during disinfection. Copies of files are stored in a special format that is not dangerous for the computer.
Rootkit
A program or a set of programs for hiding traces of an intruder or malware in the operating system.
On Windows-based operating systems, a rootkit usually refers to a program that penetrates the operating system and intercepts system functions (Windows APIs). Interception and modification of low-level API functions are the main methods that allow these programs to make their presence in the operating system quite stealthy. A rootkit can usually also mask the presence of any processes, folders, and files that are stored on a disk drive, in addition to registry keys, if they are described in the configuration of the rootkit. Many rootkits install their own drivers and services on the operating system (these also are "invisible").
Script
A small computer program or an independent part of a program (function) which, as a rule, has been developed to execute a specific task. It is most often used with programs that are embedded in hypertext. Scripts are run, for example, when you open some websites.
If real-time protection is enabled, the application tracks the execution of scripts, intercepts them, and scans them for viruses. Depending on the results of scanning, you may block or allow the execution of a script.
Security level
The security level is defined as a predefined collection of settings for an application component.
Spam
Unsolicited mass email mailings, most often including advertisements.
Startup objects
The set of programs needed to start and correctly operate the operating system and software installed on your computer. These objects are executed every time the operating system is started. There are viruses capable of infecting autorun objects specifically, which may lead, for example, to blocking of operating system startup.
Task
The functions of the Kaspersky application are implemented in the form of tasks, such as: Full Scan task or Update task.
Task settings
Application settings that are specific for each task type.
Threat level
An index showing the probability that an application poses a threat to the operating system. The threat level is calculated using heuristic analysis based on two types of criteria:
- Static (such as information about the executable file of an application: size, creation date, etc.)
- Dynamic, which are used while simulating the application's operation in a virtual environment (analysis of the application's system calls)
Threat level allows detecting behavior typical of malware. The lower the threat level is, the more actions the application is allowed to perform in the operating system.
Traces
Running the application in debugging mode; after each command is executed, the application is stopped, and the result of this step is displayed.
Traffic scanning
Real-time scanning that uses information from the current (latest) version of the databases for objects transferred over all protocols (for example, HTTP, FTP, and other protocols).
Trust group
A group to which Kaspersky Security Cloud assigns an application or a process depending on the following criteria: presence of a digital signature, reputation on Kaspersky Security Network, trust level of the application source, and the potential danger of actions performed by the application or process. Based on the trust group to which an application belongs, Kaspersky Security Cloud can restrict the actions that the application may perform in the operating system.
In Kaspersky Security Cloud, applications belong to one of the following trust groups: Trusted, Low Restricted, High Restricted, or Untrusted.
Trusted process
A software process whose file operations are not restricted by the Kaspersky application in real-time protection mode. When suspicious activity is detected in a trusted process, Kaspersky Security Cloud removes the process from the list of trusted processes and blocks its actions.
Unknown virus
A new virus about which there is no information in the databases. Generally, unknown viruses are detected by the application in objects by using the heuristic analyzer. These objects are classified as probably infected.
Update
The procedure of replacing / adding new files (databases or application modules) retrieved from the Kaspersky update servers.
Update package
A file package designed for updating databases and application modules. The Kaspersky application copies update packages from Kaspersky update servers and automatically installs and applies them.
Virus
A program that infects other programs, by adding its code to them in order to gain control when infected files are run. This simple definition allows identifying the main action performed by any virus: infection.
Vulnerability
A flaw in an operating system or an application that may be exploited by malware makers to penetrate the operating system or application and corrupt its integrity. Presence of a large number of vulnerabilities in an operating system makes it unreliable, because viruses that penetrate the operating system may cause disruptions in the operating system itself and in installed applications.