Kaspersky has a world class detection engine and security network that fast tracks viruses that are found and detected.
Although world class detection is something to be proud of, the reality is that some viruses will infect a machine until it is found and removed.
Its known that part of investigation of hacks involves tracing an attackers footsteps if possible.
Seeing that Kaspersky already has a Network Monitor, why not put some resources to enhance it to be world class as well ?
Some ideas; capture traffic (and domain name) of all inbound/outbound traffic until a certain period of time for investigative purposes ?
I recall many years ago, Kaspersky had filters that would block based on Geo boundaries. If you didn’t want traffic to/from and addresses in China, it was a simple click of a radio button.
The log of all network traffic should be searchable similar to the log of events that Kaspersky keeps (ie when Application Control started, warnings, etc)
Just a thought boys (and girls).