Protect: protecting the browser against malware

Restriction. Browser protection against malicious applications only works in Windows.

The Protect system has a security plugin that blocks programs from performing actions that present a threat to your browser. The security plugin warns you if a program tries to change the browser settings, embed malicious code in its files or uninstall the browser without your permission.

Attention. A security plugin for a browser does not replace antivirus software and only protects the browser, while the antivirus protects the whole computer. Furthermore, the plugin protects your computer against threats that antivirus programs do not block, for example, malicious extensions. We recommend using both for full protection.
  1. Protected objects
  2. The plugin protects against the following threats
  3. How this protection works
  4. Settings for the trusted application list
  5. Where to view the list of blocked actions
  6. Settings for the list of protected objects
  7. Enabling, disabling and removing plugins

Protected objects

  • Browser files
  • Browser settings
  • Extensions
  • User data (bank card numbers, PIN codes, bookmarks, browsing history)
  • Confidential information (passwords entered using the keyboard, screen content, etc.)
  • Other browser resources that impact security
  • Operating system settings that affect browser security

The plugin protects against the following threats

  • Changes to browser files and extensions made by third-party apps (which may include malicious code)
  • Theft of user data (passwords, bank card numbers, bookmarks, browsing history)
  • Interception or replacement of files that are in the process of being downloaded or sent (MITM attack)
  • Unauthorized changes to browser settings, for example, default search or security settings
  • Taking screenshots using apps (in order to collect user information)
  • using keyloggers (used to steal passwords);
  • Unauthorized deletion of the browser or its security plugin by third-party apps.

How this protection works

The security plugin is installed along with the browser, but it is a separate application. It takes up a small amount of virtual memory, protects all browser users' data, and works even when the browser is closed.

The plugin uses HIPS technology. It tracks potentially dangerous program activities and warns your operating system about them. If an application performs an action that threatens browser integrity, the security plugin blocks the action and reports it.

Similar actions by the application will also be blocked in future. However, if you think the protection has blocked an application by mistake, you can add the application to the trusted list.

To avoid distracting you from work, the browser does not report blocked actions if there are too many security events or if it recently displayed the same message. A complete event list is stored in the log.

Settings for the trusted application list

Trusted applications are programs that the security plugin will not block. You can add an app to the list while you are blocking it (in the dialog box) or wait till later (in the event log).

Attention. Only add apps to the trusted list if you are sure of it is safe. Malicious codes can infect your computer or give hackers access to your personal information and electronic payments.
  1. Click the link More details.
  2. Click the Trust this application button. The application will be added to the Trusted applications list and records of blocking this program will be deleted from the log.

To delete an application from the trusted list:

  1. Open the event log.
  2. Go to the Trusted applications bookmark.
  3. Hover over the application you want and click the Delete from list button.

Where to view the list of blocked actions

The security plugin blocks the actions of applications that threaten browser integrity. All blocked actions are added to the event log, which periodically gets sent to the Yandex server for the purpose of collecting statistics and running analysis.

More about security events
Security eventsPotential danger
Changing browser filesThe application tries to change Yandex.Browser files. Malicious code may be embedded in them as a result.
Changing the operating system registryThe app tries to change the system registry. This may result in malicious extensions being installed, the default search engine being changed, etc.
Changing the browser iconThe application tries to change the browser icon. As a result, pages with ads may open when you start the browser.
Changing operating system settingsThe application tries to change operating system settings. This may cause the browser to crash, open phishing pages and so on.
Changing network settingsThe application tries to change network settings. As a result, data being downloaded and sent may be intercepted or replaced (MITM attack).
Access to the user profile in the browserThe application tries to get access to the user profile in the browser where password information, autofill data, bookmarks, open tabs, etc, may be stored. This could result in theft of your data.
Access to data entered from the keyboardThe application tries to get access to data you enter from the keyboard. This could result in theft of your personal and payment information.
ScreenshotThe application tries to take screenshots. This can used to collect data about your browsing activity.
Interference with Yandex.BrowserThe application tries to make changes in the browser’s memory or processes. The result could be theft of your data or interference with the browser.
Viewing the event log
  1. Tap  → Settings.
  2. Go to the Security tab at the top of the page.
  3. Open the Event log section.
  4. To get information about a blocked action, hold your cursor over it and click More. In the dialog box that opens, you can also:
    • Disable notifications about blocked apps (by clicking Disable notifications). The Protect system will continue to work but will not show you notifications.
    • To add an application to the trusted list, click Trust this a application.
  5. Click OK.
Clearing the log
Note. When clearing the log, only entries about blocked actions are deleted from the event log. The applications themselves are neither removed nor added to the trusted list.

To delete an individual event from the log:

  1. Open the event log.
  2. Put the cursor on an event.
  3. Click  on the right half of the bar.

To completely clear the event log:

  1. Open the event log.
  2. Click Clear log.

Settings for the list of protected objects

You can select which application actions the security plugin will block:

  1. Tap  → Settings.
  2. Go to the Security tab at the top of the page.
  3. Open the Protection settings section.
  4. Deselect unwanted options.
More about security settings
OptionIf you disable the option
Yandex.Browser files and settingsThe browser will not prevent applications from changing browser files and settings. This makes infection by malicious code more likely.
Yandex.Browser profilesThe browser will not prevent apps from recording and using information found in user profiles.
Operating system settingsThe browser will not prevent applications from changing operating system settings such as the hosts file that are associated with the browser or the process of browsing on the internet.
Screen and keyboardThe browser will not prevent applications from taking screenshots and recording keystroke sequences. Spyware may get access to your personal information.
Yandex.Browser memory and processesThe browser will not prevent applications from interfering in its processes. As a result, ads on web pages could be replaced or malicious scripts could be embedded.
Show notifications about blocked actionsPop-up notifications about actions blocked by the security plugin will not appear.
Always show the security icon on the taskbarThe security plugin icon will not be shown on the Windows taskbar.

Enabling, disabling and removing plugins

The security plugin is enabled immediately after it is installed (which happens when you install or update the browser).

Disabling the module
Attention. We don't recommend disabling the browser security module.
  1. Tap  → Settings.
  2. Go to the Security tab at the top of the page.
  3. Open the Protection settings section.
  4. Click the Disable browser protection button.
  5. Enter how long you want it to be disabled: For 30 minutes, Until computer restarts or Until manually enabled.
  6. Click the Disable button.
Removing the module
Attention. We do not recommend removing the browser security plugin.
  1. Click the Start button.
  2. Click Control panel in the right half of the menu that opens.
  3. Go to Programs → Programs and Features → Uninstall a program.
  4. In the Uninstall or change program window, select the program Yandex.Browser security components.
  5. Click the Uninstall button at the top of the list.