On this page, you can configure Dr.Web reaction to such actions of other programs that can compromise security of your computer.You can also protect your important data from unwanted changes.
For details on a certain option, click the corresponding item in the picture.
To get information on options available on other pages, click the corresponding item in the picture.
Preventive Protection Level
In the default Minimum mode, Dr.Web disables automatic changes to system objects, modification of which explicitly signifies a malicious attempt to harm the operating system. It also blocks low-level access to disk and protects the HOSTS file from modification. 
Details
|
If there is a high risk of you computer getting infected, you can increase protection by selecting the Medium mode. In this mode, access to the critical objects, which can be potentially used by malicious software, is blocked. Details
|
|
Using this mode may lead to compatibility problems with legitimate software that uses the protected registry branches. |
When required to have total control of access to critical Windows objects, you can select the Paranoid mode. In this mode, Dr.Web also provides you with interactive control over loading of drivers and automatic running of programs. Details
|
Protected object |
Description |
Integrity of running applications |
This option allows detection of processes that inject their code into running applications. It indicates that the process may compromise computer security. Processes that are added to the exclusion list of SpIDer Guard are not monitored. |
Integrity of user files |
This option allows detection of processes that modify user files with the known algorithm which indicates that the process may compromise computer security. Processes that are added to the exclusion list of SpIDer Guard are not monitored.To protect your data from modification, you can enable creation of protected copies that contain important data. |
HOSTS file |
The operating system uses the HOSTS file when connecting to the Internet. Changes to this file may indicate virus infection. |
Low level disk access |
Block applications from writing on disks by sectors avoiding the file system. |
Drivers loading |
Block applications from loading new or unknown drivers. |
Critical Windows objects |
Other options allow protection of the following registry branches from modification (in the system profile as well as in all user profiles). File Execution Options: •Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options User Drivers: •Software\Microsoft\Windows NT\CurrentVersion\Drivers32 •Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers Winlogon registry keys: •Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit, Shell, UIHost, System, Taskman, GinaDLL Winlogon notifiers: •Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Windows registry startup keys: •Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, LoadAppInit_DLLs, Load, Run, IconServiceLib Executable file associations: •Software\Classes\.exe, .pif, .com, .bat, .cmd, .scr, .lnk (keys) •Software\Classes\exefile, piffile, comfile, batfile, cmdfile, scrfile, lnkfile (keys) Software Restriction Policies (SRP): •Software\Policies\Microsoft\Windows\Safer Browser Helper Objects for Internet Explorer (BHO): •Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Autorun of programs: •Software\Microsoft\Windows\CurrentVersion\Run •Software\Microsoft\Windows\CurrentVersion\RunOnce •Software\Microsoft\Windows\CurrentVersion\RunOnceEx •Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup •Software\Microsoft\Windows\CurrentVersion\RunOnceEx\Setup •Software\Microsoft\Windows\CurrentVersion\RunServices •Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Autorun of policies: •Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Safe mode configuration: •SYSTEM\ControlSetXXX\Control\SafeBoot\Minimal •SYSTEM\ControlSetXXX\Control\SafeBoot\Network Session Manager parameters: •System\ControlSetXXX\Control\Session Manager\SubSystems, Windows System services: •System\CurrentControlXXX\Services |
|
If any problems occur during installation of important Microsoft updates or installation and operation of programs (including defragmentation programs), disable the corresponding options in this group. |
|
If necessary, you can configure desktop and email notifications on preventive protection actions. |
To protect important files from modification by malware, you can enable Data loss prevention. This option allows copying of files that reside in the specified folders.
To configure creation of file copies, click Change. In the open window, select Enable data loss prevention. Click Add to specify folders which content is to be copied. You can add a new folder at any time. You can also specify the disk to store the file copies and frequency of their creation. After the specified period, Dr.Web checks whether the files in the specified folders were modified. If so, a new copy is created.
Moreover, you can delete the copies if it is required to clear space on the disk (at that, deletion cannot affect the original files) as well as disable creation of protected copies while on Battery mode.
If your files were corrupted, you can restore their copies created by the certain date. For that purpose, click Restore. In the open window, select the required date and all copies that were available for the date will be restored to the specified folder.
To start creation of protected copies manually, click Create in the main window and configure settings for the new copy.
|
At least 5 GB of free space is required on the disk that is selected for storing protected copies. |