Main Functions

1.Detection and neutralization of threats. Searches for malicious programs (for example, viruses, including those that infect mail files and boot records, Trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers). To find more information on computer threat types, refer to Appendix A. Types of Computer Threats.

•Heuristic analysis , which allows detection of threats that are not present in virus databases

•Dr.Web Cloud service that collects up-to-date information about recent threats and sends it to Dr.Web products.

Note that the heuristic analyzer may raise false positive detections. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you choose to quarantine such files and send them for analysis to Doctor Web anti-virus laboratory. For details on methods used to neutralize threats, refer to Appendix B. Neutralizing Computer Threats.

When scanning the file system on the user's request, it is possible of either full scan of all the file system objects available to user, or selective scan of the specified objects only (separate directories or files that meet the specified criterias). In addition, it is possible to perform separate checks of boot records of volumes and executable files which support currently active processes in the system. In the latter case, when a threat is detected, it is not only neutralized the malicious executable file, but all processes running from it are forcibly terminated. In systems that implement a mandatory model of access to files with a set of different access levels, the scanning of files that are not available at the current access level can be done in special autonomous copy mode .

The Dr.Web Ctl command-line management tool included in the product allows to scan for threats file systems of remote network hosts, that provide remote terminal access via SSH.

The remote scanning can be used only for detection of malicious and suspicious files on a remote host. To eliminate detected threats on the remote host, it is necessary to use administration tools provided directly by this host. For example, for routers and other “smart” devices, a mechanism for a firmware update can be used; for computing machines, it can be done via a connection to them (as an option, using a remote terminal mode) and respective operations in their file system (removal or moving of files, etc.), or via running an anti-virus software installed on them.

•File system in the OS. Monitors file events and attempts to run executables. This feature allows to detect and neutralize malware at an attempt to infect the server’s file system.

Note that volume monitoring function is available only for operating systems of GNU/Linux family. For other supported operating systems the component which provides this feature is not in the package.

•Samba shared directories. Read and write operations of local and remote users of the file server are monitored. This feature allows to detect and neutralize malware at an attempt to save a malicious program to the file storage, which prevents its distribution over the network.

•NSS (Novell Storage Services) volumes. Monitors write operations of the NSS file storage users. This feature allows to detect and neutralize malware at an attempt to save the malicious program to NSS storage, which prevents its distribution over the network.

Note that the Novell Storage Services volume monitoring function is available only for Novell Open Enterprise Server SP2 SUSE Linux Enterprise Server operating system 10 SP3 or later. For other supported operating systems the component which provides this feature is not in the package.

3.Reliable isolation of infected or suspicious objects. Such objects detected in the server's file system are moved to a special storage, quarantine, to prevent any harm to the system. When moved to quarantine, objects are renamed according to special rules and, if necessary, they can be restored to their original location only on demand.

4.Automatic update of the anti-virus engine, virus databases for the maintenance of the high level of protection against malware.

5.Collection of statistics on virus events, logging threat detection events. Notification on detected threats over SNMP to external monitoring systems and to the central protection server (if the product operates in central protection mode).

6.Operation in central protection mode (when connected to the central protection server, such as Dr.Web Enterprise Server or as a part of Dr.Web AV-Desk service). This mode allows implementation of a unified security policy on computers within the protected network. It can be a corporate network, a private network (VPN), or a network of a service provider (for example, a provider of Internet service).