Kaspersky Lab KASPERSKY ANTI-HACKER 1.8 User Manual

KASPERSKY LAB

Kaspersky Anti-Hacker 1.8

USER GUIDE

KASPERSKY ANTI-HACKER 1.8

User Guide

http://www.kaspersky.com

Revision date: July, 2005

Contents

CHAPTER 1. KASPERSKY ANTI-HACKER.................................................................. 6

1.1. What’s new in v. 1.8 .............................................................................................. 7

1.2. Distribution Kit........................................................................................................ 7

1.3. Conventions........................................................................................................... 8

1.4. Help Desk for Registered Users ........................................................................... 9

CHAPTER 2. INSTALLING AND REMOVING THE SOFTWARE.............................. 10

2.1. System Hardware and Software Requirements................................................. 10

2.2. Installing ............................................................................................................... 11

2.3. License key installation........................................................................................ 13

2.4. Removing the Program ....................................................................................... 14

CHAPTER 3. STARTING WORK .................................................................................16

CHAPTER 4. PREVENTING HACKER ATTACKS WHEN WORKING IN THE

INTERNET AND LOCAL AREA NETWORKS ......................................................... 19

4.1. Kaspersky Anti-Hacker Operating Principles ..................................................... 19

4.2. Security Levels .................................................................................................... 20

4.3. Recommended Settings...................................................................................... 21

CHAPTER 5. RUNNING THE PROGRAM .................................................................. 24

5.1. Starting the Program ...........................................................................................24

5.2. System Menu....................................................................................................... 24

5.3. Main Window ....................................................................................................... 25

5.3.1. Menus ........................................................................................................... 26

5.3.2. Toolbar .......................................................................................................... 28

5.3.3. Workspace.................................................................................................... 30

5.3.4. Status Bar ..................................................................................................... 31

4 Kaspersky Anti-Hacker

5.4. Dialog Boxes' Shortcut Menu.............................................................................. 31

5.5. Rule Wizards ....................................................................................................... 31

5.6. Changing and Saving Interface Settings ............................................................ 32

5.7. Exiting the Program............................................................................................. 34

CHAPTER 6. ENABLING THE SECURITY SYSTEM AND DEFINING ITS

SETTINGS.................................................................................................................. 35

6.1. Enabling the Security System and Selecting the Security Level ....................... 35

6.1.1. Enabling the Security System ...................................................................... 35

6.1.2. Selecting the Security Level ......................................................................... 37

6.1.3. Network Event Warning................................................................................ 38

6.1.4. Training Window (Medium Level) ................................................................ 39

6.1.5. The Executable Module Substitution Warning ............................................ 40

6.2. How the Program Responds to Attack ............................................................... 41

6.3. Customizing Application Rules ........................................................................... 43

6.3.1. Managing the Rule List................................................................................. 43

6.3.2. Adding a New Application Rule.................................................................... 46

6.3.2.1. Step 1. Customizing the Rule................................................................ 46

6.3.2.2. Step 2. Rule Conditions ......................................................................... 50

6.3.2.3. Step 3. Additional Actions...................................................................... 57

6.4. Customizing Packet Filtering Rules .................................................................... 57

6.4.1. Managing the Rule List................................................................................. 57

6.4.2. Adding a New Rule....................................................................................... 60

6.4.2.1. Step 1. Rule Conditions ......................................................................... 60

6.4.2.2. Step 2. Rule Name and Additional Actions........................................... 65

6.5. Intrusion Detection System ................................................................................. 66

6.5.1. Intrusion Detector Settings ........................................................................... 66

6.5.2. The List of Detectable Attacks...................................................................... 67

CHAPTER 7. VIEWING PERFORMANCE RESULTS................................................ 70

7.1. Viewing the Current Status ................................................................................. 70

7.1.1. Active Applications........................................................................................ 70

Contents 5

7.1.2. Established Connections.............................................................................. 73

7.1.3. Open Ports.................................................................................................... 76

7.2. Using the Logs..................................................................................................... 78

7.2.1. Displaying the Logs Window........................................................................ 79

7.2.2. The Logs Window Layout............................................................................. 79

7.2.2.1. Menus..................................................................................................... 80

7.2.2.2. Report Table .......................................................................................... 80

7.2.2.3. Tabs........................................................................................................ 81

7.2.3. Selecting the Log .......................................................................................... 81

7.2.3.1. Security Log ...........................................................................................81

7.2.3.2. Application Activity ................................................................................. 82

7.2.3.3. Packet Filtering ...................................................................................... 83

7.2.4. Defining Log Settings ................................................................................... 84

7.2.5. Saving the Log to a File................................................................................ 85

APPENDIX A. INDEX .................................................................................................... 86

APPENDIX B. FREQUENTLY ASKED QUESTIONS ................................................. 87

APPENDIX C. KASPERSKY LAB................................................................................. 88

C.1. Other Kaspersky Lab Products .......................................................................... 89

C.2. Contact Us .......................................................................................................... 94

APPENDIX D. LICENSE AGREEMENT ...................................................................... 96

CHAPTER 1. KASPERSKY ANTI-

HACKER

Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running a Windows operating system. It protects the computer against unauthorized access to its data and external hacker attacks from the Internet or an adjacent local network.

Kaspersky Anti-Hacker performs the following functions:

• Monitors the TCP/IP network activity of all applications running on your machine. If it detects any suspicious actions, the program notifies you and if required, blocks the suspect application from accessing the network. This allows you to preserve confidential data on your machine. For example, if a Trojan tries to transmit any data from your computer, Kaspersky Anti-Hacker will block this malware from accessing the Internet.

• The SmartStealth™ technique makes it difficult to detect your computer from outside. As a result, hackers will lose the target and all their attempts to access your computer will be doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: the program provides conventional transparency and accessibility of the data.

• Blocks the most common hacker network attacks by permanently filtering the incoming and outgoing traffic, and also notifies the user about any such attacks.

• Monitors for attempts to scan your ports (these attempts are usually followed by attacks), and prohibits any further communication with the attacking machine.

• Allows you to review the list of all established connections, open ports, and active network applications, and if required, lets you terminate unwanted connections.

• Allows you to secure your machine from hacker attacks without special configuration of program settings. The program allows simplified management by choosing one of five security levels: Block all, High, Medium,

Kaspersky Anti-Hacker 7

Low, Allow all. By default the program starts with the Medium level, which

is a training mode that will automatically configure your security system depending on your responses to various events.

• Allows flexibility of security system configuration. In particular, you can set the program to filter network operations into wanted and unwanted, and you can configure the Intrusion Detection System.

• Allows you to log certain security-related network events to various special-purpose logs. If required, you can define the detail level of the log entries.

The program may be used as a separate software product or as an integral component of various Kaspersky Lab's solutions.

Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs that can destroy and/or corrupt your data. It is advised that you use Kaspersky Anti-Virus Personal for this purpose.

1.1. What’s new in v. 1.8

Compared to version 1.7, the new version of the program allows the user to install the license key using special tools available in main application window and from the Start → Programs → Kaspersky Anti-Hacker menu group.

1.2. Distribution Kit

The distribution kit includes:

• A sealed envelope containing installation CD with software files for the product

• This user guide

• A license key included into the distribution package or written on a special

diskette

• License agreement

8 Kaspersky Anti-Hacker

Before you unseal the CD envelope, be sure to review the license agreement thoroughly.

The License Agreement (LA) is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab) describing the terms on which you may employ the anti-virus product which you have purchased.

Please ensure you read all the terms of the LA!

If you do not agree to the terms of this LA, Kaspersky Lab is not willing to license the software product to you and you should return the unused product to your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope containing the CD (or diskettes) is sealed.

By unsealing the envelope containing the CD (or the diskettes) you agree to all the terms of the LA.

1.3. Conventions

In this book we use a number of conventions to emphasize various important parts of the document. The table below details the conventions used.

Bold font

Note.

Attention!

Convention Meaning

Menu titles, menu commands, window titles, dialog elements, etc.

Additional information, notes.

Critical information.

Kaspersky Anti-Hacker 9

Convention Meaning

Actions that must be taken.

To start the program, follow

these steps:

1. Step 1.

2. …

Example of a user defined task to be

Task:

Solution

accomplished using this program.

Solution of the task.

1.4. Help Desk for Registered Users

Kaspersky Lab offers a large service package enabling its registered customers to employ Kaspersky Anti-Hacker more efficiently.

If you register and purchase a subscription you will be provided with the following services for the period of your subscription:

• New versions of this software product, provided free

• Phone and e-mail support advising on matters related to installation, con-

figuration and management of this software product

• Information about new products from Kaspersky Lab and about new computer viruses (for those who subscribe to the Kaspersky Lab newsletter)

Kaspersky Lab does not provide information related to management and use of your operating system, and associated technologies.

CHAPTER 2. INSTALLING AND

REMOVING THE SOFTWARE

2.1. System Hardware and Software Requirements

In order to run Kaspersky Anti-Hacker your system must meet the following hardware and software requirements:

General requirements:

• computer with Microsoft Windows 98/ME/NT 4.0/2000/XP installed;

• to install under Microsoft Windows NT 4.0/2000/XP, you must have ad-

ministrator's rights;

• TCP/IP protocol support;

• local network (Ethernet) or modem connection (standard or ADSL-

modem)

• Microsoft Internet Explorer 5.0 or higher

• at least 50 MB of free space for the program files and extra space for the

program logs

• To run under Windows® 98/Me/NT 4.0, you must have:

• Intel Pentium® processor of 133MHz or higher under Windows

98 or Windows NT 4.0

• Intel Pentium® processor of 150MHz or higher under Windows Me

• 32 MB RAM

Installing and Removing the Software 11

• Service Pack v. 6.0 or higher for Windows NT 4.0 Workstation

• To run under Windows 2000, you must have:

• Intel Pentium® processor of 133MHz or higher

• 64 MB RAM

• To run under Windows XP, you must have:

• Intel Pentium® processor of 300MHz or higher

• 128 MB RAM

2.2. Installing

In order to install the program run Setup.exe from the CD. The setup wizard operates in dialog mode. Every dialog box contains a certain set of buttons allowing management of the setup. The main buttons are:

• OK – to accept actions

• Cancel – to cancel action(s)

• Next – to move one step forward

• Back – to move one step backward

Before installing Kaspersky Anti-Hacker please quit all programs running on your computer.

Step 1. Read general information

Immediately after you the click setup.exe file, the first dialog box with information about launching the Kaspersky Anti-Hacker setup wizard will be displayed

In order to proceed with the installation, press the Next> button. Pressing the Cancel button will cancel the installation.

12 Kaspersky Anti-Hacker

Step 2. Read the license agreement

Next dialog box of the setup wizard contains the text of a License Agreement between the user and Kaspersky Lab. Read it carefully and press Yes if you agree to its terms and conditions.

Step 3. Input user information

Use this step of the program setup process is used to enter your user name and your Company name. By default the setup wizard will use information stored in the OS registry. You can then modify this information.

Press Next> to proceed with the installation process.

Step 4. License key installation

During this step of the product setup the Kaspersky Anti-Hacker license key will be installed. The License key is your personal "key" containing all service information required for the proper operation of the program, namely the license name, number and expiry date.

The program will not work without the license key.

Specify the license key file in the standard Windows Select File dialog and press the Next > button to proceed with the program setup.

If you do not have the license key by the time you are installing the program (for example, you ordered it from Kaspersky Lab via internet, but have not received it yet), you can install the license key later. Remember that without the license key you cannot start running Kaspersky Anti-Hacker.

Step 5. Selecting the destination folder

During this step Kaspersky Anti-Hacker will determine the folder in your computer where the program will be installed. The default path is: Program Files\Kaspersky Lab\Kaspersky Anti-Hacker.

If you wish to change the default path, press the Browse button, specify the destination folder in the standard Select dialog box and press the Next> button.

Installing and Removing the Software 13

After this Kaspersky Anti-Hacker program files will be copied to your computer.

Step 6. Copying files to your hard drive

The Copying files dialog box will display the process of copying files to your computer's hard drive.

Step 7. Completing the setup

The Completing Setup Wizard dialog box contains information about completing the Kaspersky Anti-Hacker setup process.

If the system needs to register some services in order to complete the program setup, you will be offered to restart your computer. This is required for the correct completion of the product installation.

In order to complete the program setup:

1. Select one of the options to complete the setup:

Yes, restart my computer now

No, I will restart my computer later

2. Press the Finish button.

2.3. License key installation

If you have not installed the license key during the Kaspersky Anti-Hacker setup, the program will not work.

In order to use the product, you must install the license key.

In order to install the license key, perform the following:

1. Select the Kaspersky Anti-Hacker group in the Start → Programs menu and select the Install license key item in the group menu.

14 Kaspersky Anti-Hacker

2. Enter the filename of the license key in the window that will open. In order to do this, press the Browse button and select the license key file in the standard Windows Select File dialog box.

left double-click the corresponding license key file. It will be automatically installed.

copy the license key file to folder Program Files\Common Files\Kaspersky Lab

2.4. Removing the Program

To remove the Kaspersky Anti-Hacker program follow these steps:

press the Start button on the Windows taskbar and select Programs  Kaspersky Anti-Hacker  Remove Kaspersky Anti-Hacker.

This will open the program uninstallation wizard.

Step 1. First uninstallation wizard dialog box

This dialog box will warn you that you are about to remove Kaspersky AntiHacker from your computer. In order to proceed press the Next> button.

Step 2. Removing the program from your computer

This dialog box contains the indication of the path to the folder from which the program will be removed. Press the Remove button to remove Kaspersky AntiHacker from your computer. The process of files removal will be reflected in the uninstallation wizard dialog box.

Installing and Removing the Software 15

Step 3. Completing the removal process

The Complete removal dialog box contains information about the completion of the Kaspersky Anti-Hacker uninstallation process. In order to correctly complete this process, your computer must be restarted.

In order to complete the removal of the program,

1. Select one of the option to complete the wizard:

Yes. Restart my computer now

No. I will restart my computer later

2. Press the Finish button.

You can remove the program from the Add or Remove Programs dialog box that can be accessed via the standard Windows Control Panel.

CHAPTER 3. STARTING WORK

As soon as you install the program and restart your computer the security system is activated. In fact, from this very moment, Kaspersky Anti-Hacker is monitoring for attacks against your machine and attempts by your applications to interact via a local network or the Internet.

After you enter the system you begin to work as usual. When no network connection is established, the security system on your machine is indicated only

by the appear on your screen. In this window, you may review information about the current security level and change this level if required (for details of the program main window refer to subchapter 5.3 on page 25). By default the Medium level is enabled. This level allows you to configure your security system conversationally. In most cases you will not have to configure the system yourself: the most frequently used applications are allowed by default to establish network connections strictly according to their type. However sometimes you will have to configure your security system manually. Let’s review the corresponding example:

icon in the system tray. If you click on it, the program main window will

Task: Suppose your computer is connected to the Internet, and you start Microsoft Internet Explorer and enter www.kaspersky.com in the address field. The following message will appear on your screen: Create a rule for IEXPLORER.EXE (see fig. 1).

In the upper area of this dialog box you will see the icon for the application concerned, its name (in this case Microsoft Internet Explorer), the site address used to establish the connection. To review more details about this application, you just have to click on the underlined link (see fig. 2).

The required network connection will not be established until you select how to handle this application activity. To do this, you must respond to the message on your screen.

www.kaspersky,com, and the port to be

Starting Work 17

Fig. 1. Self-training dialog box of the security

system

Fig. 2. Information about the

connection to be established

Follow these steps:

1. Select the Allow activity of this application according to its type option button and Web browser (IE, Netscape...) from the drop-down list.

2. Press ОК.

After this, Kaspersky Anti-Hacker will allow Microsoft Internet Explorer to establish the connection. In addition, the application will be allowed to establish other connections in accordance with its type.

As you have probably noticed, there are three options in the Create a rule for IEXPLORER.EXE dialog box:

• Allow activity of this application according to its type (the option you

selected in the example above) – allows only network communication that is compliant with the specified application category. Select the required category from the drop-down list below the option button. You can allow any activity of this application by selecting Allow all from the drop-down list.

18 Kaspersky Anti-Hacker

• Block any network activity of this application – blocks the specified

application from any kind of network activity including the described operation.

• Customize the rule – allows you to specify the operations that will be al- lowed for this application. If you select this option button and click ОК, the rule wizard window will appear on your screen. Use the rule wizard to define requirements for the operations to be allowed for this application (for details of the rule wizard see subchapter 6.3.2 on page 46).

If you are not sure which option to select, use the Allow once or the Block once buttons at the bottom of the dialog box. Later on you will be able to monitor the application behavior and decide which option to select.

If you close the training window by pressing the right corner, the operation at issue will be blocked this time.

button in its upper-

In this way you can conversationally configure your computer security system in an appropriate way.

To review the list of defined rules, select Application rules from the

Service menu or press the

button in the main window toolbar.

We recommend that you use the Medium level for the first few weeks after program installation. This will allow the program to automatically configure your security system depending on your responses to various network events. Create the rules allowing standard network operations.

When the training period is over, you can switch the program to the High level, and secure your computer against any unauthorized network events and hacker attacks. However, remember the newly installed applications will by default be disabled from accessing the local network and/or the Internet. To teach your Kaspersky Anti-Hacker to handle these new applications you will have to switch it back to Medium or manually define the appropriate rule for these applications.

CHAPTER 4. PREVENTING

HACKER ATTACKS WHEN WORKING IN THE INTERNET AND LOCAL AREA NETWORKS

4.1. Kaspersky Anti-Hacker Operating Principles

Kaspersky Anti-Hacker protects your computer from network attacks and preserves your confidential data. To do this, Kaspersky Anti-Hacker monitors all network operations on your computer. There are two types of network operation:

• Operations on the application level (high-level). At this level, Kaspersky Anti-Hacker analyses activity of network applications, including web browsers, mail programs, file transferring programs and others.

• Operations on the packet level (low-level). At this level, Kaspersky AntiHacker analyses data packet sent/received by your netcard or modem.

You work with Kaspersky Anti-Hacker by creating special filtering rules for network operations. Some filtering is performed automatically by the Intrusion Detection System, which can detect port scanning, DoS attacks, etc., and can then block the assaulter. In addition, you can define your own filtering rules to reinforce protection of your machine.

For every type of network operation there are separate lists of Kaspersky AntiHacker rules.

• Application rules. Here you can select the required application and allow an activity that is compliant with the application type. You can define any number of rules for every application, as required. If any network activity not meeting conditions of the rule is detected on your machine, the pro-

20 Kaspersky Anti-Hacker

gram will notify you and allow you to block the unwanted action (if Medium level is enabled). In order to define the simplest rule for an applica-

tion, you can simply select its type from the drop-down list (for details see subchapter 6.3.2.1 on page 46). To define a more complicated rule, you can specify the remote services and addresses allowed for this application.

• Packet filtering rules allow or block network packets sent or received by your machine. These rules review the packet header (the protocol used, the port numbers, the IP addresses etc.), and take decisions on the basis of this data. These rules are applied to all network applications running on your machine. For example, if you create a rule to block a certain IP address, all network communications to this address will be prohibited.

Packet filtering rules have a higher priority than application rules, i.e. these rules are instigated first. For example, if you create a rule to block all incoming and outgoing data packets, then the program will apply no application rules while filtering data packets.

4.2. Security Levels

The program allows you to select one of the following security levels:

• Allow all – disables the security system on your machine. When this level of security is selected, any network activity is allowed on your machine.

• Low – allows network activity of all applications except those explicitly prohibited by user defined application rules.

• Medium – notifies you about network events related to your applications and allows you to configure your security system for optimal performance. If a network application on your computer tries to connect to the local network or the Internet, the training mode will be activated. The application and the network operation details will be displayed on your screen. On the basis of this data the program will prompt you to select one of the following courses of action: to allow or to block this event once, to completely block activity of this application, to allow the application activity according to its type, or to define additional network communication settings. Depending on your answer, the program will create a rule for this application that will subsequently be applied by the program automatically.

• High – prohibits network activity for all applications except for those ex- plicitly allowed by user defined application rules. When this security level

Preventing Hacker Attacks 21

is enabled, the program training dialog box does not appear on your screen, and all attempts to establish connections not defined in the user rules are blocked.

Remember that all applications installed after you switch to this security level are by default disabled from accessing the Internet or the local network.

• Block all – disables your computer from accessing the Internet or the lo- cal network. This level creates a situation in which all attempts to establish connection via the Internet or the local network are blocked as if your computer is physically disconnected.

With the High, Medium or Low level enabled you can set the supplementary security tool – Stealth mode (see subchapter 5.3.3 on page 30). This mode allows only the network activity initiated by you, all other types of activity (remote access to your machine, checking of your machine using the ping utility and so on) are prohibited, if not explicitly allowed by the user rules. Actually it means that you computer becomes "invisible" from the external environment. Hackers lose the target and all their attempts to access your computer are doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: Kaspersky Anti-Hacker allows the network activity initiated from your machine. Attention! The intrusion detection system is enabled for all security levels except for Allow all. However, if required, you can manually disable it (see subchapter 6.5.1 on page 66).

4.3. Recommended Settings

What components of Kaspersky Anti-Hacker should be used and what security level should be selected? The answer depends on the task you want to accomplish.

Task 1. How to protect your data from external attacks via the Internet?

The following are two of the main methods used by hackers to steal or corrupt user data via the Internet: penetration into a target computer system using computer software errors, and infection of a target computer by Trojans.

22 Kaspersky Anti-Hacker

If you learn about an error in one of the programs installed on your machine, be sure to create a blocking rule for this application. It is advised that you create a complex blocking rule (see subchapter 6.3.2.1 on page 46) that will take into account features of this error.

Suppose your computer is infected by a Trojan via a diskette or by email, and the malicious program attempts to send some data via the Internet. Kaspersky Anti-Hacker will easily preserve your data by blocking this operation (at the High level), or by issuing an appropriate notification (at the Medium level).

Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs.

For example, a Trojan may use a standard mail program on your computer to send out your confidential data. In this case Kaspersky Anti-Hacker will not be able to prevent the action. Moreover, if your computer is infected by a virus or a malicious program, your data may simply be destroyed and the computer may become a virus source. In this case Kaspersky Anti-Hacker may only partially eliminate consequences of the infection. To effectively protect your system from viruses and malicious programs it is advisable that you use the Kaspersky Anti-Virus Personal/Personal anti-virus program in combination with Kaspersky Anti-Hacker. Also, we recommend that you create application rules allowing your computer applications to engage in activity strictly according to their type. It is also advisable that you use the list of application rules to assign those types of activities to the applications that strictly correspond to operations allowed for these applications. This way, the risk of unauthorized network operations performed on your machine will be minimized.

Suppose, you learn that your computer is constantly attacked by a remote machine.

Task 2. How to block attacks from certain Internet addresses?

You may prohibit your computer from communication with certain remote addresses by configuring appropriate packet filtering rules. For example, in figure 3 you can see a rule blocking communication with the 111.111.111.111 address.

To prevent from such situations, it is advisable that you keep your Intrusion Detection System enabled.

Preventing Hacker Attacks 23

Fig. 3. The rule blocking communication with certain unreliable addresses

For example, you may use Kaspersky Anti-Hacker to block banner display on web pages. To do this, create a packet filtering rule to block communication with web sites from where the banners are usually downloaded (for example, linkexchange.ru).

Suppose you are afraid of attacks from the local network or want to protect your personal data from thieves.

Task 3. You must monitor operations on the local network

The computer communicates with a local network at the operating system level, therefore it is not always possible to identify the application involved. In this case you must create an appropriate packet filtering rule to secure your data.

In order to simplify configuration of the security system, Kaspersky AntiHacker preinstalls some packet filtering rules allowing communication via the local network. By default the local network is allowed. However, you can redefine the default packet filtering rules to completely block access to the local network, or allow it only for certain computers.

CHAPTER 5. RUNNING THE

PROGRAM

5.1. Starting the Program

Kaspersky Anti-Hacker is started automatically as soon as you enter your operating system. If you close the program, you can manually start it again.

To start Kaspersky Anti-Hacker, follow these steps:

1. Press the Start button in the bottom left corner of your Windows desktop and select Programs  Kaspersky Anti-Hacker  Kaspersky  Anti-Hacker.

2. Left click on the and select Open Kaspersky Anti-Hacker from the program's shortcut menu.

The Kaspersky Anti-Hacker main window will appear on your screen (see subchapter 5.3 on page 25).

You may also start the program directly from its directory. To do this, open the Kaspersky Anti-Hacker folder in the Windows Explorer (the default program directory is C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker). Double-click on the KAVPF.exe file located in this directory.

icon that appears in your system tray, or right click it

5.2. System Menu

After the program is started, the icon appears in the system tray.

By right clicking this icon you can open the shortcut menu (see fig. 4). The shortcut menu includes the following commands:

Running the Program 25

Table 1

Menu item Function

Open Kaspersky Anti-Hacker…

Security level Select a security level: Block all,

About Kaspersky Anti-Hacker ...

Exit

Fig. 4. Shortcut menu

Open the main application window.

High, Medium, Low, Allow all. For details about the security levels see subchapter 4.2 on page 20.

Open a dialog box with information about the version of the program and the keys used.

Close the program.

5.3. Main Window

When the program is started, the main application window appears on your screen (see fig. 5). The Kaspersky Anti-Hacker main window allows you to select the current security level, to review the current status of your security system, to change the packet filtering settings, and to review/configure the program logs.

26 Kaspersky Anti-Hacker

Fig. 5. Kaspersky Anti-Hacker main application window

The Kaspersky Anti-Hacker main window includes the following items:

• Menu

• Toolbar

• Workspace

• Status bar

5.3.1. Menus

At the top of the main window you can see a menu bar. You can drag it with your mouse to any position within or outside the main window.

Some menu commands can also be activated using appropriate buttons in the toolbar. For details of the matching functions of toolbar buttons and menu commands see subchapter 5.3.2 on page 28.

Running the Program 27

Table 2

Menu command Function

Service Application rules Open the application rule window.

Service Packet filtering rules Open the packet filtering rule window.

Service Security level Select the required security level:

• Block all

• High

• Medium

• Low

• Allow all

You can also select the required security level from options in the window workspace. For details see subchapter 4.2 on page 20.

Service Settings Open a window where you can configure

your security logs, security system startup, and attack detection settings.

Service Exit Close the program.

View Toolbars Choose from the following program

graphic interface options:

• Standard toolbar – displays/hides

the standard toolbar

• Customize – displays a dialog box

where you can customize the program graphic interface

View Status Bar Display / hide the status bar.

28 Kaspersky Anti-Hacker

Menu command Function

View Logs Open the log window for:

• Security

• Application activity

• Packet filtering

View Show Open information boxes with system

details.

• Active applications is the list of

active network applications

• Open ports is the list of open ports

on your machine

• Established connections is the

list of established connections

Help Contents ... Open Help topics.

Help About Kaspersky AntiHacker...

Help Kaspersky Anti-Hacker on the Web

Help Install license key… Add a new license key for Kaspersky Anti-

Open an information box with program details and information about the keys used.

Open the Kaspersky Lab's web site

Hacker.

5.3.2. Toolbar

The program toolbar is located under the menu bar. If required, you can drag it with your mouse to any position within or outside the main window.

Running the Program 29

The toolbar includes buttons. By pressing them you can initiate various commands. You can also hide and display the toolbar by selecting the Standard command from the Toolbars submenu of the View menu.

You can add or remove buttons from the toolbar (see subchapter 5.6 on page 32).

Table 3

Button Menu  Command Function

(The button allows you to)

Service

Service Application rules

Service Packet filtering rules

View Security

View Active applications

Security level Select the required security level:

• Block all

• High

• Medium

• Low

• Allow all

For details see subchapter 4.2 on page 20.

Logs

Show

Open the application rule window.

Open the packet filtering rule window.

Open the log window for Security Log.

Show the list of active network applications.

View Open ports

Show

Show the list of open ports on your machine.

30 Kaspersky Anti-Hacker

Button Menu  Command Function

(The button allows you to)

View Established connections

Service

Help

Show

Settings Open a window where you can

Contents ... Open the Help topics.

Show the list of established connections.

configure your security logs, security system startup, and attack detection settings.

5.3.3. Workspace

The main window workspace includes the security scale and information about the current status of your security system.

The security scale allows you to select one of the following security levels:

• Block all

• High

• Medium

• Low

• Allow all

You can switch to another security level by dragging the slider along the scale. If you do this, a detailed description of the new current security level will appear to the right of the new slider position (for details see subchapter 4.2 on page 20). and the new mode will be applied immediately.

With the High, Medium or Low level enabled you can set the supplementary security tool – Stealth mode (see subchapter 4.2 on page 20).

+ 71 hidden pages

Kaspersky Lab KASPERSKY ANTI-HACKER 1.8 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual