Protect: protecting the browser against malware

The Protect security system has an embedded security plug-in that blocks the actions of computer programs if these actions threaten browser security. The security plug-in warns you if a program tries to change the browser settings, embed malicious code in its files or uninstall the browser without your permission.

Attention. A security plug-in for a browser does not replace antivirus software and only protects the browser, while the antivirus protects the whole computer. However, the plug-in protects the computer against threats that antivirus programs do not block, for example, malicious extensions. Therefore, we recommend using both for full protection.

Protected objects

  • browser files;
  • browser settings;
  • extensions;
  • user data (bank card numbers, PIN numbers, bookmarks, browsing history);
  • confidential information (passwords entered from the keyboard, screen content, etc.);
  • other browser resources that affect its security;
  • operating system settings that affect browser security.

The plug-in protects against the following threats

  • changes in browser files and extensions by third-party apps (may have malicious code embedded);
  • stealing user data (passwords, bank card numbers, bookmarks, browsing history);
  • intercepting or replacing files being downloaded and sent (MITM attack);
  • unauthorized change of browser settings, for example, default search or security settings;
  • taking screenshots with apps (used to collect user information);
  • using keyloggers (used to steal passwords);
  • unauthorized uninstallation of the browser or its security plug-in.

How this protection works

The security plug-in for the browser is installed together with the browser but is a separate application. It takes up a small amount of virtual memory, is set immediately for all users and runs even when the browser is closed.

The plug-in is based on HIPS technology, which tracks and warns of potentially dangerous activity of programs in the operating system. If an application performs an action that threatens browser integrity, the security plug-in blocks the action and reports it.

Similar actions by the application will also be blocked in future. However, if you think the protection has blocked an application by mistake, you can add the application to the trusted list.

To avoid distracting you from work, the browser does not report blocked actions if there are too many security events or if it recently displayed the same message. A complete event list is stored in the event log.

Settings for the trusted application list

Trusted applications are programs that the security plug-in will not block. You can add applications to this list in the blocking dialog or the event log.

Attention. Add an application to the trusted list only if you are sure of its trustworthiness. Malicious codes can infect your computer or give hackers access to your personal information and electronic payments.
  1. Click the link More details.
  2. Click the Trust this application button. The application will be added to the Trusted applications list and records of blocking this program will be deleted from the log.

To delete an application from the trusted list:

  1. Open the event log.
  2. Go to the Trusted applications bookmark.
  3. Hover over the application you want and click the Delete from list button.

Where to view the list of blocked actions

The security plug-in blocks the actions of applications that threaten browser integrity. All blocked actions are entered in the event log. Similar actions will also be blocked in future.

The event log is sent to the Yandex server to collect statistics and for analysis.

More about security events
Security events Potential danger
Changing browser files The application tries to change Yandex.Browser files. Malicious code may be embedded in them as a result.
Changing the operating system registry The application tries to change the system registry. This may cause installation of malicious extensions, changes in default search and so on.
Changing the browser icon The application tries to change the browser icon. As a result, pages with ads may open when you start the browser.
Changing operating system settings The application tries to change operating system settings. This may cause the browser to crash, open phishing pages and so on.
Changing network settings The application tries to change network settings. As a result, data being downloaded and sent may be intercepted or replaced (MITM attack).
Access to the user profile in the browser The application tries to get access to the user profile in the browser where password information, autofill data, bookmarks, open tabs, etc, may be stored. This could result in theft of your data.
Access to data entered from the keyboard The application tries to get access to data you enter from the keyboard. This could result in theft of your personal and payment information.
Taking screenshots The application tries to take screenshots. This can used to collect data about your browsing activity.
Interference with Yandex.Browser The application tries to make changes in the browser’s memory or processes. The result could be theft of your data or interference with the browser.
Viewing the event log
  1. Click   → Settings.
  2. Go to the Protect tab in the top half of the page.
  3. Open the Event log section.
  4. Hover over the blocked action about which you want more detailed information. Click the Details button.
  5. If necessary, go to the application files or add the application to the trusted list:
    • To open the folder with executable files of a blocked application, click the Go to file button.
    • To add an application to the trusted list click the Trust this application button.
  6. Click ОК.
Clearing the log
Note. Only records of blocks are deleted when the event log is cleared. The applications themselves are neither removed nor added to the trusted list.

To delete an individual event from the log:

  1. Open the event log.
  2. Hover over the event bar.
  3. Click  on the right half of the bar.

To clear the log completely:

  1. Open the event log.
  2. Click the Clear the log button.

Settings for the list of protected objects

You can select which application actions the security plug-in will block:

  1. Click   → Settings.
  2. Go to the Protect tab in the top half of the page.
  3. Open the Protection settings section.
  4. Deselect unwanted options.
More about security settings
Option If you disable the option
Yandex.Browser files and settings The browser will not prevent applications from changing browser files and settings. This makes infection by malicious code more likely.
User profiles in Yandex.Browser The browser will not prevent applications from writing information into user profiles or reading information from them.
Operating system settings The browser will not prevent applications from changing operating system settings associated with the browser and browsing the Internet, such as the hosts file.
Screen and keyboard The browser will not prevent applications from taking screenshots and recording keystroke sequences. Spyware may get access to your personal information.
Yandex.Browser memory and processes The browser will not prevent applications from interfering in its processes. As a result, ads on web pages could be replaced or malicious scripts could be embedded.
Show notifications about blocked actions Pop-up notifications about actions blocked by the security plug-in will not appear.
Always show the security icon on the taskbar The security plug-in icon will not be shown on the Windows taskbar.

Enabling, disabling and removing plug-ins

The security plug-in is enabled immediately after installation, which happens simultaneously with installing or updating the browser.

Disabling the plug-in
Attention. We do not recommend disabling the browser security plug-in.
  1. Click   → Settings.
  2. Go to the Protect tab in the top half of the page.
  3. Open the Protection settings section.
  4. Click the Disable browser protection button.
  5. Specify the off period: For 30 minutes, Until the computer is restarted or Until manual enabling.
  6. Click the Disable button.
Removing a plug-in
Attention. We do not recommend removing the browser security plug-in.
  1. Click the Start button.
  2. Click Control panel in the right half of the menu that opens.
  3. Go to Programs → Programs and Features → Uninstall a program.
  4. In the Install or uninstall a program window, select the program Security components of Yandex.Browser.
  5. Click the Uninstall button at the top of the list.