SpIDer Guard: Real-Time Protection

SpIDer Guard is enabled automatically after you accept the License Agreement. The component keeps protecting the file system even if you close the application. If SpIDer Guard is enabled, the Dr.Web icon shieldicon is displayed on the Android status bar.

On some devices, the Dr.Web icon may not be shown when the app is in the background. It happens because the device firmware optimizes background processes to save power or improve performance. To pin the Dr.Web icon to the Android status bar, remove background app restrictions: check your device settings and build-in app manager settings. Settings varies by device. Often all you have to do is to tap the lock icon near the Dr.Web app in recent apps.

SpIDer Guard protects file system even if the Dr.Web icon is not displayed on the Android status bar. If you install a malicious app, the component reacts and shows a notification about the threat. You can test SpIDer Guard by using EICAR test file.

If SpIDer Guard detects a suspicious change in system area or a threat, the following items appear on the screen:

The threatsicon icon (on Android 4.4—threat_detected_icon) on the Android status bar in the top left-hand screen corner.

A pop-up notification at the bottom part of the screen (see Figure 13).

The notif_monitor_threats icon on the notification bar.

A message with red indicator on the status bar.

To open check results, tap the notif_monitor_threats icon or the status bar message.

warning_green

SpIDer Guard stops working when the internal device memory is cleared using the default Task Manager. To restore real-time anti-virus protection, reopen Dr.Web.

To disable or re-enable SpIDer Guard

1.On the main app screen, tap Menu men and select Settings.

2.On the Settings screen, tap SpIDer Guard.

SpIDer Guard settings

warning_green

In the central protection mode, some features and settings of SpIDer Guard may be modified and blocked for compliance with the company security policy or according to the list of purchased services.

To open SpIDer Guard settings

1.On the main app screen, tap Menu men and select Settings.

2.On the Settings screen, tap SpIDer Guard.

Files in archives

To enable scan of files in archives, select the Files in archives check box.

warning_green

By default, scanning of the archives is disabled. Enabling the scanning may influence the system performance and increase power consumption. Disabling the scanning does not decrease the protection level because SpIDer Guard checks installation APK files even if the Files in archives option is off.

Built-in SD card and removable media

To enable scan of built-in SD card and removable media on each mounting, select the Built-in SD card and removable media check box. If the setting is enabled, the scan starts at every enabling of SpIDer Guard.

System area

To monitor changes in system area, select the System area check box. If the setting is enabled, SpIDer Guard monitors changes (addition, change, and deletion of files) and notifies only on deletion of any files as well as addition and change of executable files: APK, files of format ELF, JAR, ODEX, SO, etc.

Recheck system area

To run a recheck of system area, tap Recheck system area. SpIDer Guard will check previously ignored changes in system area again.

Notifications about system area

To enable notifications on changes of any files in system area (not only executable), select the Notifications about system area check box.

Additional options

To enable detection of adware and riskware (including hacktools and jokes), tap Additional options, then select the Adware and Riskware check boxes respectively.

Statistics

The application registers the events related to the SpIDer Guard operation: enabling/disabling SpIDer Guard, threat detections, and check results of the device storage and installed applications. SpIDer Guard statistics appear in the Actions section of the Statistics tab and are sorted by date (see Statistics section).

Testing SpIDer Guard

You can test SpIDer Guard by using EICAR test file. The file is usually used to:

Check if the anti-virus software is installed correctly.

Show the anti-virus reaction if a threat is detected.

Check the corporate procedures if a threat is detected.

The file is not a virus. It does not contain any fragments of viral code. Thus it is absolutely safe for your device. Dr.Web detects the file as “EICAR Test File (NOT a Virus!)”.

You can download it from the Internet or create it by yourself:

1.In any text editor, create a new file, which includes the only string:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2.Save the file with extension .com.

As soon as you save EICAR file on your device, a warning message appears: “Threat detected! EICAR Test File (NOT a Virus!)” (see Figure 13).

eicar_zoom50

Figure 13. EICAR test file detection