Kaspersky Lab KASPERSKY ANTI-HACKER 1.8 User Manual

KASPERSKY LAB
Kaspersky Anti-Hacker 1.8
USER GUIDE
KASPERSKY ANTI-HACKER 1.8
User Guide
© Kaspersky Lab
Revision date: July, 2005
Contents
CHAPTER 1. KASPERSKY ANTI-HACKER.................................................................. 6
1.1. What’s new in v. 1.8 .............................................................................................. 7
1.2. Distribution Kit........................................................................................................ 7
1.3. Conventions........................................................................................................... 8
1.4. Help Desk for Registered Users ........................................................................... 9
CHAPTER 2. INSTALLING AND REMOVING THE SOFTWARE.............................. 10
2.1. System Hardware and Software Requirements................................................. 10
2.2. Installing ............................................................................................................... 11
2.3. License key installation........................................................................................ 13
2.4. Removing the Program ....................................................................................... 14
CHAPTER 3. STARTING WORK .................................................................................16
CHAPTER 4. PREVENTING HACKER ATTACKS WHEN WORKING IN THE
INTERNET AND LOCAL AREA NETWORKS ......................................................... 19
4.1. Kaspersky Anti-Hacker Operating Principles ..................................................... 19
4.2. Security Levels .................................................................................................... 20
4.3. Recommended Settings...................................................................................... 21
CHAPTER 5. RUNNING THE PROGRAM .................................................................. 24
5.1. Starting the Program ...........................................................................................24
5.2. System Menu....................................................................................................... 24
5.3. Main Window ....................................................................................................... 25
5.3.1. Menus ........................................................................................................... 26
5.3.2. Toolbar .......................................................................................................... 28
5.3.3. Workspace.................................................................................................... 30
5.3.4. Status Bar ..................................................................................................... 31
4 Kaspersky Anti-Hacker
5.4. Dialog Boxes' Shortcut Menu.............................................................................. 31
5.5. Rule Wizards ....................................................................................................... 31
5.6. Changing and Saving Interface Settings ............................................................ 32
5.7. Exiting the Program............................................................................................. 34
CHAPTER 6. ENABLING THE SECURITY SYSTEM AND DEFINING ITS
SETTINGS.................................................................................................................. 35
6.1. Enabling the Security System and Selecting the Security Level ....................... 35
6.1.1. Enabling the Security System ...................................................................... 35
6.1.2. Selecting the Security Level ......................................................................... 37
6.1.3. Network Event Warning................................................................................ 38
6.1.4. Training Window (Medium Level) ................................................................ 39
6.1.5. The Executable Module Substitution Warning ............................................ 40
6.2. How the Program Responds to Attack ............................................................... 41
6.3. Customizing Application Rules ........................................................................... 43
6.3.1. Managing the Rule List................................................................................. 43
6.3.2. Adding a New Application Rule.................................................................... 46
6.3.2.1. Step 1. Customizing the Rule................................................................ 46
6.3.2.2. Step 2. Rule Conditions ......................................................................... 50
6.3.2.3. Step 3. Additional Actions...................................................................... 57
6.4. Customizing Packet Filtering Rules .................................................................... 57
6.4.1. Managing the Rule List................................................................................. 57
6.4.2. Adding a New Rule....................................................................................... 60
6.4.2.1. Step 1. Rule Conditions ......................................................................... 60
6.4.2.2. Step 2. Rule Name and Additional Actions........................................... 65
6.5. Intrusion Detection System ................................................................................. 66
6.5.1. Intrusion Detector Settings ........................................................................... 66
6.5.2. The List of Detectable Attacks...................................................................... 67
CHAPTER 7. VIEWING PERFORMANCE RESULTS................................................ 70
7.1. Viewing the Current Status ................................................................................. 70
7.1.1. Active Applications........................................................................................ 70
Contents 5
7.1.2. Established Connections.............................................................................. 73
7.1.3. Open Ports.................................................................................................... 76
7.2. Using the Logs..................................................................................................... 78
7.2.1. Displaying the Logs Window........................................................................ 79
7.2.2. The Logs Window Layout............................................................................. 79
7.2.2.1. Menus..................................................................................................... 80
7.2.2.2. Report Table .......................................................................................... 80
7.2.2.3. Tabs........................................................................................................ 81
7.2.3. Selecting the Log .......................................................................................... 81
7.2.3.1. Security Log ...........................................................................................81
7.2.3.2. Application Activity ................................................................................. 82
7.2.3.3. Packet Filtering ...................................................................................... 83
7.2.4. Defining Log Settings ................................................................................... 84
7.2.5. Saving the Log to a File................................................................................ 85
APPENDIX A. INDEX .................................................................................................... 86
APPENDIX B. FREQUENTLY ASKED QUESTIONS ................................................. 87
APPENDIX C. KASPERSKY LAB................................................................................. 88
C.1. Other Kaspersky Lab Products .......................................................................... 89
C.2. Contact Us .......................................................................................................... 94
APPENDIX D. LICENSE AGREEMENT ...................................................................... 96
CHAPTER 1. KASPERSKY ANTI-
HACKER
Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running a Windows operating system. It protects the computer against unauthorized access to its data and external hacker attacks from the Internet or an adjacent local network.
Kaspersky Anti-Hacker performs the following functions:
Monitors the TCP/IP network activity of all applications running on your machine. If it detects any suspicious actions, the program notifies you and if required, blocks the suspect application from accessing the network. This allows you to preserve confidential data on your machine. For exam­ple, if a Trojan tries to transmit any data from your computer, Kaspersky Anti-Hacker will block this malware from accessing the Internet.
The SmartStealth™ technique makes it difficult to detect your computer from outside. As a result, hackers will lose the target and all their attempts to access your computer will be doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: the program provides conventional transparency and accessibil­ity of the data.
Blocks the most common hacker network attacks by permanently filtering the incoming and outgoing traffic, and also notifies the user about any such attacks.
Monitors for attempts to scan your ports (these attempts are usually fol­lowed by attacks), and prohibits any further communication with the at­tacking machine.
Allows you to review the list of all established connections, open ports, and active network applications, and if required, lets you terminate un­wanted connections.
Allows you to secure your machine from hacker attacks without special configuration of program settings. The program allows simplified man­agement by choosing one of five security levels: Block all, High, Medium,
Kaspersky Anti-Hacker 7
Low, Allow all. By default the program starts with the Medium level, which
is a training mode that will automatically configure your security system depending on your responses to various events.
Allows flexibility of security system configuration. In particular, you can set the program to filter network operations into wanted and unwanted, and you can configure the Intrusion Detection System.
Allows you to log certain security-related network events to various spe­cial-purpose logs. If required, you can define the detail level of the log en­tries.
The program may be used as a separate software product or as an integral component of various Kaspersky Lab's solutions.
Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs that can destroy and/or corrupt your data. It is advised that you use Kaspersky Anti-Virus Personal for this purpose.
1.1. What’s new in v. 1.8
Compared to version 1.7, the new version of the program allows the user to install the license key using special tools available in main application window and from the Start Programs Kaspersky Anti-Hacker menu group.
1.2. Distribution Kit
The distribution kit includes:
A sealed envelope containing installation CD with software files for the product
This user guide
A license key included into the distribution package or written on a special
diskette
License agreement
8 Kaspersky Anti-Hacker
Before you unseal the CD envelope, be sure to review the license agreement thoroughly.
The License Agreement (LA) is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab) describing the terms on which you may employ the anti-virus product which you have purchased.
Please ensure you read all the terms of the LA!
If you do not agree to the terms of this LA, Kaspersky Lab is not willing to license the software product to you and you should return the unused product to your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope containing the CD (or diskettes) is sealed.
By unsealing the envelope containing the CD (or the diskettes) you agree to all the terms of the LA.
1.3. Conventions
In this book we use a number of conventions to emphasize various important parts of the document. The table below details the conventions used.
Bold font
Note.
Attention!
Convention Meaning
Menu titles, menu commands, window titles, dialog elements, etc.
Additional information, notes.
Critical information.
Kaspersky Anti-Hacker 9
Convention Meaning
Actions that must be taken.
To start the program, follow
these steps:
1. Step 1.
2. …
Example of a user defined task to be
Task:
Solution
accomplished using this program.
Solution of the task.
1.4. Help Desk for Registered Users
Kaspersky Lab offers a large service package enabling its registered customers to employ Kaspersky Anti-Hacker more efficiently.
If you register and purchase a subscription you will be provided with the following services for the period of your subscription:
New versions of this software product, provided free
Phone and e-mail support advising on matters related to installation, con-
figuration and management of this software product
Information about new products from Kaspersky Lab and about new com­puter viruses (for those who subscribe to the Kaspersky Lab newsletter)
Kaspersky Lab does not provide information related to management and use of your operating system, and associated technologies.
CHAPTER 2. INSTALLING AND
REMOVING THE SOFTWARE
2.1. System Hardware and Software Requirements
In order to run Kaspersky Anti-Hacker your system must meet the following hardware and software requirements:
General requirements:
computer with Microsoft Windows 98/ME/NT 4.0/2000/XP installed;
to install under Microsoft Windows NT 4.0/2000/XP, you must have ad-
ministrator's rights;
TCP/IP protocol support;
local network (Ethernet) or modem connection (standard or ADSL-
modem)
Microsoft Internet Explorer 5.0 or higher
at least 50 MB of free space for the program files and extra space for the
program logs
To run under Windows® 98/Me/NT 4.0, you must have:
Intel Pentium® processor of 133MHz or higher under Windows
98 or Windows NT 4.0
Intel Pentium® processor of 150MHz or higher under Windows Me
32 MB RAM
Installing and Removing the Software 11
Service Pack v. 6.0 or higher for Windows NT 4.0 Workstation
To run under Windows 2000, you must have:
Intel Pentium® processor of 133MHz or higher
64 MB RAM
To run under Windows XP, you must have:
Intel Pentium® processor of 300MHz or higher
128 MB RAM
2.2. Installing
In order to install the program run Setup.exe from the CD. The setup wizard operates in dialog mode. Every dialog box contains a certain set of buttons allowing management of the setup. The main buttons are:
OK – to accept actions
Cancel – to cancel action(s)
Next – to move one step forward
Back – to move one step backward
Before installing Kaspersky Anti-Hacker please quit all programs running on your computer.
Step 1. Read general information
Immediately after you the click setup.exe file, the first dialog box with information about launching the Kaspersky Anti-Hacker setup wizard will be displayed
In order to proceed with the installation, press the Next> button. Pressing the Cancel button will cancel the installation.
12 Kaspersky Anti-Hacker
Step 2. Read the license agreement
Next dialog box of the setup wizard contains the text of a License Agreement between the user and Kaspersky Lab. Read it carefully and press Yes if you agree to its terms and conditions.
Step 3. Input user information
Use this step of the program setup process is used to enter your user name and your Company name. By default the setup wizard will use information stored in the OS registry. You can then modify this information.
Press Next> to proceed with the installation process.
Step 4. License key installation
During this step of the product setup the Kaspersky Anti-Hacker license key will be installed. The License key is your personal "key" containing all service information required for the proper operation of the program, namely the license name, number and expiry date.
The program will not work without the license key.
Specify the license key file in the standard Windows Select File dialog and press the Next > button to proceed with the program setup.
If you do not have the license key by the time you are installing the program (for example, you ordered it from Kaspersky Lab via internet, but have not received it yet), you can install the license key later. Remember that without the license key you cannot start running Kaspersky Anti-Hacker.
Step 5. Selecting the destination folder
During this step Kaspersky Anti-Hacker will determine the folder in your computer where the program will be installed. The default path is: Program Files\Kaspersky Lab\Kaspersky Anti-Hacker.
If you wish to change the default path, press the Browse button, specify the destination folder in the standard Select dialog box and press the Next> button.
Installing and Removing the Software 13
After this Kaspersky Anti-Hacker program files will be copied to your computer.
Step 6. Copying files to your hard drive
The Copying files dialog box will display the process of copying files to your computer's hard drive.
Step 7. Completing the setup
The Completing Setup Wizard dialog box contains information about completing the Kaspersky Anti-Hacker setup process.
If the system needs to register some services in order to complete the program setup, you will be offered to restart your computer. This is required for the correct completion of the product installation.
In order to complete the program setup:
1. Select one of the options to complete the setup:
Yes, restart my computer now
No, I will restart my computer later
2. Press the Finish button.
2.3. License key installation
If you have not installed the license key during the Kaspersky Anti-Hacker setup, the program will not work.
In order to use the product, you must install the license key.
In order to install the license key, perform the following:
1. Select the Kaspersky Anti-Hacker group in the Start Programs menu and select the Install license key item in the group menu.
14 Kaspersky Anti-Hacker
2. Enter the filename of the license key in the window that will open. In order to do this, press the Browse button and select the license key file in the standard Windows Select File dialog box.
or
left double-click the corresponding license key file. It will be automati­cally installed.
or
copy the license key file to folder Program Files\Common Files\Kaspersky Lab
2.4. Removing the Program
To remove the Kaspersky Anti-Hacker program follow these steps:
press the Start button on the Windows taskbar and select Programs Kaspersky Anti-Hacker Remove Kaspersky Anti-Hacker.
This will open the program uninstallation wizard.
Step 1. First uninstallation wizard dialog box
This dialog box will warn you that you are about to remove Kaspersky Anti­Hacker from your computer. In order to proceed press the Next> button.
Step 2. Removing the program from your computer
This dialog box contains the indication of the path to the folder from which the program will be removed. Press the Remove button to remove Kaspersky Anti­Hacker from your computer. The process of files removal will be reflected in the uninstallation wizard dialog box.
Installing and Removing the Software 15
Step 3. Completing the removal process
The Complete removal dialog box contains information about the completion of the Kaspersky Anti-Hacker uninstallation process. In order to correctly complete this process, your computer must be restarted.
In order to complete the removal of the program,
1. Select one of the option to complete the wizard:
Yes. Restart my computer now
No. I will restart my computer later
2. Press the Finish button.
You can remove the program from the Add or Remove Programs dialog box that can be accessed via the standard Windows Control Panel.
CHAPTER 3. STARTING WORK
As soon as you install the program and restart your computer the security system is activated. In fact, from this very moment, Kaspersky Anti-Hacker is monitoring for attacks against your machine and attempts by your applications to interact via a local network or the Internet.
After you enter the system you begin to work as usual. When no network connection is established, the security system on your machine is indicated only
by the appear on your screen. In this window, you may review information about the current security level and change this level if required (for details of the program main window refer to subchapter 5.3 on page 25). By default the Medium level is enabled. This level allows you to configure your security system conversationally. In most cases you will not have to configure the system yourself: the most frequently used applications are allowed by default to establish network connections strictly according to their type. However sometimes you will have to configure your security system manually. Let’s review the corresponding example:
icon in the system tray. If you click on it, the program main window will
Task: Suppose your computer is connected to the Internet, and you start Microsoft Internet Explorer and enter www.kaspersky.com in the address field. The following message will appear on your screen: Create a rule for IEXPLORER.EXE (see fig. 1).
In the upper area of this dialog box you will see the icon for the application concerned, its name (in this case Microsoft Internet Explorer), the site address used to establish the connection. To review more details about this application, you just have to click on the underlined link (see fig. 2).
The required network connection will not be established until you select how to handle this application activity. To do this, you must respond to the message on your screen.
www.kaspersky,com, and the port to be
Starting Work 17
Fig. 1. Self-training dialog box of the security
system
Fig. 2. Information about the
connection to be established
Follow these steps:
1. Select the Allow activity of this application according to its type option button and Web browser (IE, Netscape...) from the drop-down list.
2. Press ОК.
After this, Kaspersky Anti-Hacker will allow Microsoft Internet Explorer to establish the connection. In addition, the application will be allowed to establish other connections in accordance with its type.
As you have probably noticed, there are three options in the Create a rule for IEXPLORER.EXE dialog box:
Allow activity of this application according to its type (the option you
selected in the example above) – allows only network communication that is compliant with the specified application category. Select the required category from the drop-down list below the option button. You can allow any activity of this application by selecting Allow all from the drop-down list.
18 Kaspersky Anti-Hacker
Block any network activity of this application – blocks the specified
application from any kind of network activity including the described op­eration.
Customize the rule – allows you to specify the operations that will be al- lowed for this application. If you select this option button and click ОК, the rule wizard window will appear on your screen. Use the rule wizard to de­fine requirements for the operations to be allowed for this application (for details of the rule wizard see subchapter 6.3.2 on page 46).
If you are not sure which option to select, use the Allow once or the Block once buttons at the bottom of the dialog box. Later on you will be able to monitor the application behavior and decide which option to select.
If you close the training window by pressing the right corner, the operation at issue will be blocked this time.
button in its upper-
In this way you can conversationally configure your computer security system in an appropriate way.
To review the list of defined rules, select Application rules from the
Service menu or press the
button in the main window toolbar.
We recommend that you use the Medium level for the first few weeks after program installation. This will allow the program to automatically configure your security system depending on your responses to various network events. Create the rules allowing standard network operations.
When the training period is over, you can switch the program to the High level, and secure your computer against any unauthorized network events and hacker attacks. However, remember the newly installed applications will by default be disabled from accessing the local network and/or the Internet. To teach your Kaspersky Anti-Hacker to handle these new applications you will have to switch it back to Medium or manually define the appropriate rule for these applications.
CHAPTER 4. PREVENTING
HACKER ATTACKS WHEN WORKING IN THE INTERNET AND LOCAL AREA NETWORKS
4.1. Kaspersky Anti-Hacker Operating Principles
Kaspersky Anti-Hacker protects your computer from network attacks and preserves your confidential data. To do this, Kaspersky Anti-Hacker monitors all network operations on your computer. There are two types of network operation:
Operations on the application level (high-level). At this level, Kaspersky Anti-Hacker analyses activity of network applications, including web browsers, mail programs, file transferring programs and others.
Operations on the packet level (low-level). At this level, Kaspersky Anti­Hacker analyses data packet sent/received by your netcard or modem.
You work with Kaspersky Anti-Hacker by creating special filtering rules for network operations. Some filtering is performed automatically by the Intrusion Detection System, which can detect port scanning, DoS attacks, etc., and can then block the assaulter. In addition, you can define your own filtering rules to reinforce protection of your machine.
For every type of network operation there are separate lists of Kaspersky Anti­Hacker rules.
Application rules. Here you can select the required application and allow an activity that is compliant with the application type. You can define any number of rules for every application, as required. If any network activity not meeting conditions of the rule is detected on your machine, the pro-
20 Kaspersky Anti-Hacker
gram will notify you and allow you to block the unwanted action (if Me­dium level is enabled). In order to define the simplest rule for an applica-
tion, you can simply select its type from the drop-down list (for details see subchapter 6.3.2.1 on page 46). To define a more complicated rule, you can specify the remote services and addresses allowed for this applica­tion.
Packet filtering rules allow or block network packets sent or received by your machine. These rules review the packet header (the protocol used, the port numbers, the IP addresses etc.), and take decisions on the basis of this data. These rules are applied to all network applications running on your machine. For example, if you create a rule to block a certain IP ad­dress, all network communications to this address will be prohibited.
Packet filtering rules have a higher priority than application rules, i.e. these rules are instigated first. For example, if you create a rule to block all incoming and outgoing data packets, then the program will apply no application rules while filtering data packets.
4.2. Security Levels
The program allows you to select one of the following security levels:
Allow all – disables the security system on your machine. When this level of security is selected, any network activity is allowed on your machine.
Low – allows network activity of all applications except those explicitly prohibited by user defined application rules.
Medium – notifies you about network events related to your applications and allows you to configure your security system for optimal performance. If a network application on your computer tries to connect to the local network or the Internet, the training mode will be activated. The applica­tion and the network operation details will be displayed on your screen. On the basis of this data the program will prompt you to select one of the following courses of action: to allow or to block this event once, to com­pletely block activity of this application, to allow the application activity ac­cording to its type, or to define additional network communication settings. Depending on your answer, the program will create a rule for this applica­tion that will subsequently be applied by the program automatically.
High – prohibits network activity for all applications except for those ex- plicitly allowed by user defined application rules. When this security level
Preventing Hacker Attacks 21
is enabled, the program training dialog box does not appear on your screen, and all attempts to establish connections not defined in the user rules are blocked.
Remember that all applications installed after you switch to this security level are by default disabled from accessing the Internet or the local network.
Block all – disables your computer from accessing the Internet or the lo- cal network. This level creates a situation in which all attempts to estab­lish connection via the Internet or the local network are blocked as if your computer is physically disconnected.
With the High, Medium or Low level enabled you can set the supplementary security tool – Stealth mode (see subchapter 5.3.3 on page 30). This mode allows only the network activity initiated by you, all other types of activity (remote access to your machine, checking of your machine using the ping utility and so on) are prohibited, if not explicitly allowed by the user rules. Actually it means that you computer becomes "invisible" from the external environment. Hackers lose the target and all their attempts to access your computer are doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: Kaspersky Anti-Hacker allows the network activity initiated from your machine. Attention! The intrusion detection system is enabled for all security levels except for Allow all. However, if required, you can manually disable it (see subchapter 6.5.1 on page 66).
4.3. Recommended Settings
What components of Kaspersky Anti-Hacker should be used and what security level should be selected? The answer depends on the task you want to accomplish.
Task 1. How to protect your data from external attacks via the Internet?
The following are two of the main methods used by hackers to steal or corrupt user data via the Internet: penetration into a target com­puter system using computer software errors, and infection of a target computer by Trojans.
22 Kaspersky Anti-Hacker
If you learn about an error in one of the programs installed on your machine, be sure to create a blocking rule for this application. It is advised that you create a complex blocking rule (see subchapter 6.3.2.1 on page 46) that will take into account features of this error.
Suppose your computer is infected by a Trojan via a diskette or by email, and the malicious program attempts to send some data via the Internet. Kaspersky Anti-Hacker will easily preserve your data by blocking this operation (at the High level), or by issuing an appropriate notification (at the Medium level).
Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs.
For example, a Trojan may use a standard mail program on your computer to send out your confidential data. In this case Kaspersky Anti-Hacker will not be able to prevent the action. Moreover, if your computer is infected by a virus or a malicious program, your data may simply be destroyed and the computer may become a virus source. In this case Kaspersky Anti-Hacker may only partially eliminate conse­quences of the infection. To effectively protect your system from vi­ruses and malicious programs it is advisable that you use the Kaspersky Anti-Virus Personal/Personal anti-virus program in combi­nation with Kaspersky Anti-Hacker. Also, we recommend that you create application rules allowing your computer applications to en­gage in activity strictly according to their type. It is also advisable that you use the list of application rules to assign those types of activities to the applications that strictly correspond to operations allowed for these applications. This way, the risk of unauthorized network opera­tions performed on your machine will be minimized.
Suppose, you learn that your computer is constantly attacked by a remote machine.
Task 2. How to block attacks from certain Internet addresses?
You may prohibit your computer from communication with certain remote addresses by configuring appropriate packet filtering rules. For example, in figure 3 you can see a rule blocking communication with the 111.111.111.111 address.
To prevent from such situations, it is advisable that you keep your Intrusion Detection System enabled.
Preventing Hacker Attacks 23
Fig. 3. The rule blocking communication with certain unreliable addresses
For example, you may use Kaspersky Anti-Hacker to block banner display on web pages. To do this, create a packet filtering rule to block communication with web sites from where the banners are usually downloaded (for example, linkexchange.ru).
Suppose you are afraid of attacks from the local network or want to protect your personal data from thieves.
Task 3. You must monitor operations on the local network
The computer communicates with a local network at the operating sys­tem level, therefore it is not always possible to identify the application involved. In this case you must create an appropriate packet filtering rule to secure your data.
In order to simplify configuration of the security system, Kaspersky Anti­Hacker preinstalls some packet filtering rules allowing communication via the local network. By default the local network is allowed. However, you can redefine the default packet filtering rules to completely block access to the local network, or allow it only for certain computers.
CHAPTER 5. RUNNING THE
PROGRAM
5.1. Starting the Program
Kaspersky Anti-Hacker is started automatically as soon as you enter your operating system. If you close the program, you can manually start it again.
To start Kaspersky Anti-Hacker, follow these steps:
1. Press the Start button in the bottom left corner of your Windows desktop and select Programs Kaspersky Anti-Hacker Kaspersky Anti-Hacker.
2. Left click on the and select Open Kaspersky Anti-Hacker from the program's shortcut menu.
The Kaspersky Anti-Hacker main window will appear on your screen (see subchapter 5.3 on page 25).
You may also start the program directly from its directory. To do this, open the Kaspersky Anti-Hacker folder in the Windows Explorer (the default program directory is C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker). Double-click on the KAVPF.exe file located in this directory.
icon that appears in your system tray, or right click it
5.2. System Menu
After the program is started, the icon appears in the system tray.
By right clicking this icon you can open the shortcut menu (see fig. 4). The shortcut menu includes the following commands:
Running the Program 25
Table 1
Menu item Function
Open Kaspersky Anti-Hacker…
Security level Select a security level: Block all,
About Kaspersky Anti-Hacker ...
Exit
Fig. 4. Shortcut menu
Open the main application window.
High, Medium, Low, Allow all. For details about the security levels see subchapter 4.2 on page 20.
Open a dialog box with information about the version of the program and the keys used.
Close the program.
5.3. Main Window
When the program is started, the main application window appears on your screen (see fig. 5). The Kaspersky Anti-Hacker main window allows you to select the current security level, to review the current status of your security system, to change the packet filtering settings, and to review/configure the program logs.
26 Kaspersky Anti-Hacker
Fig. 5. Kaspersky Anti-Hacker main application window
The Kaspersky Anti-Hacker main window includes the following items:
Menu
Toolbar
Workspace
Status bar
5.3.1. Menus
At the top of the main window you can see a menu bar. You can drag it with your mouse to any position within or outside the main window.
Some menu commands can also be activated using appropriate buttons in the toolbar. For details of the matching functions of toolbar buttons and menu commands see subchapter 5.3.2 on page 28.
Running the Program 27
Table 2
Menu command Function
Service Application rules Open the application rule window.
Service Packet filtering rules Open the packet filtering rule window.
Service Security level Select the required security level:
Block all
High
Medium
Low
Allow all
You can also select the required security level from options in the window workspace. For details see subchapter 4.2 on page 20.
Service Settings Open a window where you can configure
your security logs, security system startup, and attack detection settings.
Service Exit Close the program.
View Toolbars Choose from the following program
graphic interface options:
Standard toolbar – displays/hides
the standard toolbar
Customize – displays a dialog box
where you can customize the pro­gram graphic interface
View Status Bar Display / hide the status bar.
28 Kaspersky Anti-Hacker
Menu command Function
View Logs Open the log window for:
Security
Application activity
Packet filtering
View Show Open information boxes with system
details.
Active applications is the list of
active network applications
Open ports is the list of open ports
on your machine
Established connections is the
list of established connections
Help Contents ... Open Help topics.
Help About Kaspersky Anti­Hacker...
Help Kaspersky Anti-Hacker on the Web
Help Install license key… Add a new license key for Kaspersky Anti-
Open an information box with program details and information about the keys used.
Open the Kaspersky Lab's web site
Hacker.
5.3.2. Toolbar
The program toolbar is located under the menu bar. If required, you can drag it with your mouse to any position within or outside the main window.
Running the Program 29
The toolbar includes buttons. By pressing them you can initiate various commands. You can also hide and display the toolbar by selecting the Standard command from the Toolbars submenu of the View menu.
You can add or remove buttons from the toolbar (see subchapter 5.6 on page 32).
Table 3
Button Menu Command Function
(The button allows you to)
Service
Service Application rules
Service Packet filtering rules
View Security
View Active applications
Security level Select the required security level:
Block all
High
Medium
Low
Allow all
For details see subchapter 4.2 on page 20.
Logs
Show
Open the application rule window.
Open the packet filtering rule window.
Open the log window for Security Log.
Show the list of active network applications.
View Open ports
Show
Show the list of open ports on your machine.
30 Kaspersky Anti-Hacker
Button Menu Command Function
(The button allows you to)
View Established connections
Service
Help
Show
Settings Open a window where you can
Contents ... Open the Help topics.
Show the list of established connections.
configure your security logs, security system startup, and attack detection settings.
5.3.3. Workspace
The main window workspace includes the security scale and information about the current status of your security system.
The security scale allows you to select one of the following security levels:
Block all
High
Medium
Low
Allow all
You can switch to another security level by dragging the slider along the scale. If you do this, a detailed description of the new current security level will appear to the right of the new slider position (for details see subchapter 4.2 on page 20). and the new mode will be applied immediately.
With the High, Medium or Low level enabled you can set the supplementary security tool – Stealth mode (see subchapter 4.2 on page 20).
Loading...
+ 71 hidden pages