SpIDer Guard: Real-Time Protection
SpIDer Guard is enabled automatically after you accept the License Agreement. The component keeps protecting the file system even if you close the application. If SpIDer Guard is enabled, the Dr.Web icon is displayed on the Android status bar. On some devices, the Dr.Web icon may not show when the app is functioning in the background. It happens because the device firmware optimizes background processes to save power or improve performance. To pin the Dr.Web icon to the Android status bar, remove background app restrictions: check your device settings and the built-in app manager settings. The settings may vary by device. Oftentimes all you need to do is tap the lock icon next to the Dr.Web app in Recent apps. SpIDer Guard protects the file system even if the Dr.Web icon is not displayed on the Android status bar. If you install a malicious app, the component reacts and shows a notification about the threat. You can test SpIDer Guard by using the EICAR test file. If SpIDer Guard detects a suspicious change in the system area or a threat, the following items appear on the screen: •An icon on the Android status bar in the top-left screen corner: ▫ on Android 4.4, ▫ on Android 5.0–11.0, ▫ on Android 12.0 or later. •A pop-up notification about detection of a threat (see Picture 13). •The (on Android 11.0 or earlier) or (on Android 12.0 or later) icon on the notification bar. •A message with a red indicator on the status bar. To open check results, tap the () icon or the status bar message.
To disable or re-enable SpIDer Guard 1.On the Dr.Web main screen, tap and select . 2.On the screen, tap .
To open SpIDer Guard settings 1.On the Dr.Web main screen, tap and select . 2.On the screen, tap . Files in archives To enable scanning of files in archives, select the check box.
Built-in SD card and removable media To enable scanning of the built-in SD card and removable media on each mounting, select the check box. If the setting is enabled, the scan starts every time SpIDer Guard is enabled. You will see the corresponding notification. System area To monitor changes in the system area, select the check box. If the setting is enabled, SpIDer Guard monitors changes (addition, change, and deletion of files) and notifies only on deletion of any files as well as addition and change of executable files: .jar, .odex, .so, APK, ELF files, etc. Recheck system area To run a recheck of the system area, tap . SpIDer Guard will check the previously ignored changes in the system area again. Notifications about system area To enable notifications on changes of any files in the system area (not only executables), select the check box. Additional options To enable detection of adware and riskware (including hacktools and jokes), tap , then select the and check boxes respectively. The application registers events related to the operation of SpIDer Guard: enabling/disabling of SpIDer Guard, threat detections, and check results of the device storage and installed applications. SpIDer Guard statistics appear in the section of the tab and are sorted by date (see Statistics). You can test SpIDer Guard by using the EICAR test file. The file is usually used to: •Check if the anti-virus software is installed correctly. •Show the anti-virus reaction if a threat is detected. •Check the corporate procedures if a threat is detected. The file is not a virus. It does not contain any fragments of a viral code. Thus, it is absolutely safe for your device. Dr.Web detects the file as “EICAR Test File (NOT a Virus!)”. You can download it from the internet or create it by yourself: 1.In any text editor, create a new file which includes only the string:
2.Save the file with the .com extension. As soon as you save the EICAR file on your device, a warning message from SpIDer Guard appears (see Figure 13). Figure 13. EICAR test file detection on Android 10.0 (left) and Android 12.0 (right) |