Active Defense contains individual monitors that watch areas of your computer software. You can individually configure the action that each monitor takes when it detects a threats. You can configure Internet Explorer monitors, Windows Registry monitors, and Windows System monitors.
To configure Active Defense monitors:
1 Click Settings to open the Settings dialog box.
2 Click Anti-Malware and click Active Defense.
3 Select the Enable Active Defense check box, if needed.
4 In the Handling Unknown Programs area, select Customize and click Customize Settings.
5 For each area, select an option for handling unknown programs:
§ To allow unknown programs to run without notifying you, select Allow and do not notify me.
§ To allow unknown programs to run, and to notify you, select Allow and notify me.
§ To prompt you for an action each time an unknown program is detected, select Prompt me for an action.
§ To exclude a monitor from detecting unknown programs in that specific area, select Disable this monitor
6 Click OK.
The Internet Explorer Monitors watch the following areas and look for the following types of changes:
• The Internet Explorer Settings Monitor looks for changes in Internet Explorer settings, desktop wallpaper, and changes that could redirect Internet Explorer to malicious web sites.
• The Internet Explorer Security Monitor looks for any changes made to Internet Explorer settings that could cause security issues.
• The Internet Explorer Programs Monitor looks at the sites that unknown programs add to or remove from Internet Explorer security zones and looks for changes that unknown programs make to the security zone settings, trusted publishers list, and digital certificate store.
The Windows Registry Monitors watch the following areas and look for the following types of changes:
• The System Startup Programs Monitor looks for changes to system startup locations in your registry and on your hard disk.
• The System Policies Monitor looks for changes to system policy settings in the registry that could result in security problems.
• The Shell Options Monitor looks for changes in the registry that involve Windows file handling for certain types of files.
• The Windows Logon Security Monitor looks for changes in the registry that affect the Windows log on process
The Windows System Monitors watch the following areas and look for the following types of changes:
• The Active-X Installations Monitor looks at the applications that Internet Explorer downloads from websites to make sure that they do not install malicious software on your computer.
• The Configuration File Monitor looks for changes to the important Windows .ini files and changes in the locations in the registry where their information is stored.
• The Context Menu Handlers Monitor looks for changes that affect right-click menu commands and options for some Windows files and other items.
• The Internet Host Names Monitor looks for changes to the Windows HOSTS file, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS. This file translates Internet host names to their actual IP addresses. Malware can change your HOSTS file to keep you from accessing trustworthy websites or it could redirect you to a malicious website.
• The Trojan (Disguised) Files Monitor looks for signs of Trojan horse programs that pretend to be real Windows system files or that replace real Windows system files with malicious ones.
• The Running Programs Monitor looks for unknown programs or processes that are trying to run. Do not set this monitor to Allow and do not notify me. To monitor and closely control everything that your computer runs, select Prompt me for an action. However, if you do so you will see a large number of prompts.
See Also