About Product

Dr.Web Enterprise Security Suite is designed for implementation and management of integrated and secure complex anti-virus protection for either local company network (mobile devices included) or home computers of employees.

A sum of computers and mobile devices with Dr.Web Enterprise Security Suite cooperating components installed represents a single anti-virus network.

scheme-structure-intro

scheme-icon-server

Dr.Web Server

scheme-icon-proto-http

HTTP/HTTPS

scheme-icon-scc

Dr.Web Security Control Center

scheme-icon-proto-tcp

TCP/IP network

scheme-icon-mcc

Dr.Web Mobile Control Center

scheme-icon-proto-updates

Updates delivered via HTTP/HTTPS

scheme-icon-station-intro

Protected station

scheme-icon-gus

Dr.Web GUS

The logical structure of the anti-virus network

Dr.Web Enterprise Security Suite anti-virus network has a client-server architecture. Its components are installed on computers and mobile devices of users and administrators, as well as computers functioning as LAN servers. Anti-virus network components exchange information via TCP/IP network protocols. Anti-virus software can be installed (and managed afterwards) onto protected stations either via LAN, or the internet.

Central Protection Server

Central protection Server (Dr.Web Server) is installed on a computer in anti-virus network. The installation can be performed on any computer, not necessarily the one functioning as a LAN server. General requirements to such computer are given in the System Requirements section.

Cross-platform nature of the Dr.Web Server software allows using a computer under any of the following operating systems as a Dr.Web Server:

Windows OS,

UNIX system-based OS (Linux, FreeBSD).

Central protection Server stores distribution kits of anti-virus packages for different operating systems on protected computers, updates for virus databases and anti-virus packages, license keys and anti-virus package settings for protected computers. Dr.Web Server receives updates of anti-virus protection components and virus databases via the internet from Dr.Web Global Update System and propagates the updates to protected stations.

Several Dr.Web Servers can be combined into a hierarchical structure to take care of protected stations in anti-virus network.

Dr.Web Server features the backup of critical data (such as databases, configuration files, etc.)

Dr.Web Server keeps a consolidated log of anti-virus network events.

Single Database

The single database is connected to the central protection Server and stores statistics about anti-virus network events, Dr.Web Server settings, parameters of protected stations and anti-virus components installed on protected stations.

You can use the following types of databases:

Embedded database. SQLite3 database comes embedded in the central protection Server directly.

External database. Inbuilt drivers for connecting the following databases are provided:

MySQL,

Oracle,

PostgreSQL (including Postgres Pro),

ODBC driver to connect other databases, such as Microsoft SQL Server/Microsoft SQL Server Express.

You can use any database that corresponds to your demands. Your choice should be based on the needs to be satisfied by the data store, such as capability to service the anti-virus network of a corresponding size, database software maintenance needs, administration capabilities provided by the database itself and, also requirements and standards which are accepted for use in your company.

Central Protection Control Center

Central protection Control Center is automatically installed with Dr.Web Server and provides a web interface for remote managing of Dr.Web Server and the anti-virus network by means of editing the settings of Dr.Web Server and protected computers settings stored on Dr.Web Server and protected computers.

The Control Center can be opened on any computer with a network access to Dr.Web Server. The Control Center can be used almost under any operating system with full use in the following web browsers:

Windows Internet Explorer,

Microsoft Edge,

Mozilla Firefox,

Google Chrome.

The list of possible variants of use is given in the System Requirements section.

Central protection Control Center provides the following features:

Straightforward Anti-virus installation on protected stations, including remote installation on workstations with preliminary scanning of the network to search computers; creation of distribution files with unique identifiers and Dr.Web Server connection parameters, which allows to facilitate Anti-virus installation process by an administrator or to let station users install the Anti-virus on their own.

Streamlined administration based on grouping of anti-virus network workstations (see detailed information in the Groups section).

Centralized control over anti-virus packages on stations, including uninstallation of either separate components or the entire Anti-virus on stations under Windows OS; configuring parameters of anti-virus package components; assigning permissions to set up and manage the anti-virus packages for protected computer users (see detailed information in the Chapter 8: Administration of Workstations section).

Centralized control over anti-virus check on workstations, including remote launch of anti-virus check either based on a specified schedule or by administrator's direct request from the Control Center; centralized configuration of anti-virus check parameters and transmitting them to workstations to launch the local check with these parameters (see detailed information in the Anti-Virus Scanning of Stations section).

Receiving statistics about the state of protected stations, viral statistics, installed anti-virus software state, state of running anti-virus components, as well as a list of hardware and software on protected station (see detailed information in the Viewing Workstation Statistics section).

Versatile Dr.Web Server and anti-virus network administration system based on possible permission delimiting for different administrators and possibility to connect administrators via external authorization systems such as Active Directory, LDAP, RADIUS, PAM (see detailed information in the Chapter 6: Anti-Virus Network Administrators section).

Licensing management for workstation anti-virus protection, with branched system of assigning licenses to stations and groups of stations, as well as granting licenses between several Dr.Web Servers in multiserver configuration of anti-virus network (see detailed information in the License Manager section).

Wide range of settings to configure Dr.Web Server and its separate components, including the Dr.Web Server maintenance schedule; addition of user hooks; flexible configuration of update system for all anti-virus network components using the GUS and further propagation of updates onto stations; configuring the administrator notification system about anti-virus network events with different possible methods of notification delivering; setting up interserver connections to configure multiserver anti-virus network (see detailed information in the Chapter 10: Configuring Dr.Web Server section).

info

Detailed information about anti-virus protection installation options is given in the Installation Manual.

The Web server is one of the Control Center parts that is automatically installed with Dr.Web Server. The main purpose of the Web server is to ensure operation of the Control Center web pages and client network connections.

Central Protection Mobile Control Center

Dr.Web Mobile Control Center is available as a separate component for mobile devices under iOS and Android. Basic requirements for devices to run the application are given in the System Requirements section.

The Mobile Control Center connects to Dr.Web Server over encrypted protocol using the anti-virus network administrator credentials. Mobile Control Center supports the base set of the Control Center features:

1.Managing anti-virus components installed on anti-virus network stations:

launch fast or full scan either for selected stations or for all stations in selected groups;

set up Dr.Web Scanner's reaction on detected malware;

view and manage files in the Quarantine either for selected stations or for all stations in the selected group.

2.Displaying statistics about anti-virus network state:

number of stations registered at Dr.Web Server and their current state (online/offline);

viral statistics for protected stations.

3.Managing stations and groups:

view properties;

view and manage components of anti-virus package;

delete stations and groups;

send custom messages to stations;

reboot stations under Windows OS;

add stations and groups to favorites for quick access.

4.Viewing and managing messages about major events in anti-virus network in form of interactive push notifications:

display all notifications at Dr.Web Server;

set reactions on notification events;

search a notification by specified filter parameters;

delete notifications;

prevent notifications from getting lost as a result of automatic deletion.

5.Managing new stations, which await connection to Dr.Web Server:

approve access;

reject stations.

6.Managing the stations, in which anti-virus software update got failed:

display failed stations;

update components on failed stations.

7.Manage Dr.Web Server repository:

view product state in the repository;

launch repository update from Dr.Web Global Update System.

8.Search for specific anti-virus network stations and groups by name, address, or ID.

You can download Dr.Web Mobile Control Center from the Control Center or from App Store and Google Play directly.

Protection of Network Stations

Protected computers and mobile devices in the network have control module (Agent) and anti-virus package installed for corresponding operating system.

Cross-platform nature of the software ensures that anti-virus protection of computers and mobile devices is provided under the following operating systems:

Windows OS,

UNIX system-based OS,

macOS,

Android OS.

Protected stations can include both user computers and LAN servers. Anti-virus protection of the Microsoft Outlook mail system is supported as well.

The control module updates anti-virus components and virus databases regularly by downloading them from Dr.Web Server. It also sends information about virus events on protected computer to Dr.Web Server.

If the central protection Server is not accessible, virus databases on protected stations can be updated from the Global Update System via the internet.

Depending on an operating system of the station, the following protection functions are provided:

Stations under Windows OS

Anti-virus check

Scans a computer on user demand and based on a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

File monitor

Constant file system protection in real time. Checks all launched processes, as well as any files created on hard drives and files opened on removable media.

Mail monitor

Checks all incoming and outgoing mail messages when using mail clients.

The spam filter is available as well (as long as the license permits using it).

Web monitor

Checks all calls to websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (e.g. in sent and received files) and restricts access to suspicious or incorrect resources.

Office Control

Controls access to local and global network resources, in particular, limits access to websites. Allows to control integrity of important files to prevent accidental change or infection with viruses. It also limits access to unwanted information for employees.

Firewall

Protects computers from unauthorized external access and prevents leak of vital data via the internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Quarantine

Isolates malware and suspicious objects in specific folder.

Self-protection

Protects files and folders of Dr.Web Enterprise Security Suite from unauthorized or accidental removal and modification by user or malicious software. If self-protection is enabled, access to files and folders of Dr.Web Enterprise Security Suite is granted to Dr.Web processes only.

Preventive protection

Prevents from potential security threats. Controls access to critical objects of operating system, controls driver loading, program autorun and system service operation. It also monitors running processes and blocks them in case if any viral activity is detected.

Application control

Monitors activity of all processes on stations. Allows anti-virus network administrator to control which applications to allow and which ones to prevent from launching on protected stations.

Stations under UNIX system-based OS

Anti-virus check

Scanning engine. Provides the anti-virus scanning service (contents of files and disk boot records and other data received from other components of Dr.Web for UNIX). It queues files that are waiting to be scanned. Cures the files that can be cured.

Anti-virus check, Quarantine management

The component, which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX components. Checks file system directories according to a received task, transmits files for scanning to the scanning engine. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.

Used by components that scan file system objects, such as SpIDer Guard (for Linux, SMB, NSS).

Web traffic check

ICAP server analyzing requests and traffic, which goes via HTTP proxy servers. It also prevents transmitting infected files and access to network hosts belonging to the internet resource categories and to black lists, created by system administrator.

File monitor for GNU/Linux system-based OS

The Linux file system monitor. It operates in the background and monitors file operations (creating, opening, closing, and running a file) in the GNU/Linux file systems. It sends tasks to scan new, modified or executable files upon a program startup to the file check component.

File monitor for Samba directories

Monitor of Samba shared file system directories. It operates in the background and monitors file operations (creating, opening, closing, reading or writing operations) in directories used by SMB file server Samba. It sends contents of new and modified files to the file check component for checking.

NSS file monitor

NSS volume monitor (Novell Storage Services). It operates in the background and monitors file operations (creating, opening, closing and writing operations) on NSS volumes mounted in a specified file system point. It sends contents of new and modified files to the file check component for checking.

Internet connections check

Network traffic and URL monitoring component. It is designed to check for threats any data downloaded from global network to local host and transmitted from it to external network. The component also prevents connections to any network hosts included either to unwanted categories of web resources or to black lists created by system administrator.

Mail monitor

Email scanning component. Analyzes messages transferred over email protocols, sorts out emails and prepares them for scanning for threats. It can operate in one of two modes:

1.As a filter for mail servers (Sendmail, Postfix, etc.) connected via the Milter, Spamd or Rspamd interface.

2.As a transparent proxy of mail protocols (SMTP, POP3, IMAP). In this mode, it uses SpIDer Gate.

Stations under macOS

Anti-virus check

Scans a computer on user demand and based on a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

File monitor

Constant file system protection in real time. Checks all launched processes, as well as any files created on hard drives and files opened on removable media.

Web monitor

Checks all calls to websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (e.g. in sent and received files) and restricts access to suspicious or incorrect resources.

Quarantine

Isolates malware and suspicious objects in specific folder.

Mobile devices under Android OS

Anti-virus check

Scans a mobile device on user demand and based on a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

File monitor

Constant file system protection in real time. Checks all files as they are saved in device memory.

Calls and SMS filter

Filters incoming phone calls and SMS's, while allowing to block any undesired messages and calls, such as advertisements or messages and calls from unknown numbers.

Anti-theft

Detects device location or locks its functions in case it has been lost or stolen.

Restricting internet access

URL filter that allows protecting a mobile device user from unsolicited websites.

Firewall

Protects a mobile device from unauthorized external access and prevents leak of vital data via the internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Security troubleshooting

Diagnostics and analysis of mobile device security and resolving of any detected problems and vulnerabilities.

Application launch control

Blocks applications from launching on a mobile device, unless they are included in the list of allowed applications by an administrator.

Providing Connection between Anti-virus Network Components

To provide stable and secure connection between anti-virus network components, the following features are presented:

Dr.Web Proxy Server

Proxy Server can be optionally included in an anti-virus network. The main function of the Proxy Server is to provide connection between Dr.Web Server and protected stations in cases when direct connection is impossible.

The Proxy Server allows using any computer included in an anti-virus network for the following purposes:

As update relay center to reduce network load on Dr.Web Server and on connection between Dr.Web Server and the Proxy Server, as well as to reduce the time required for protected stations to get updates by using the caching function.

As a distribution center of virus events sent from protected stations to Dr.Web Server, which also reduces network load and allows keeping up with cases when, for example, a group of stations is located in a network segment isolated from the segment Dr.Web Server is in.

Traffic compression

To reduce network traffic to minimum, special compression algorithms come into effect when anti-virus network components exchange the data.

Traffic encryption

Data transferred between anti-virus network components can be encrypted to provide additional security level.

Additional Features

NAP Validator

NAP Validator is provided as a separate component and allows to use Microsoft Network Access Protection (NAP) technology to check health of protected stations software. The resulting security is achieved through implementation of requirements for performance of network stations.

Repository loader

Dr.Web Repository loader is provided as a separate utility and allows to download products of Dr.Web Enterprise Security Suite from Dr.Web Global Update System. It can be used for downloading of Dr.Web Enterprise Security Suite products updates and placing them on a Dr.Web Server, which is not connected to the internet.
 

Dr.Web Scanning Server

Dr.Web Scanning Server is provided as a separate component. It is designed for operating in virtual environments, The Scanning Server is installed on a separate virtual machine and processes anti-virus scanning requests from other virtual machines.