Preventive Protection |
On the tab, you can configure Dr.Web reaction to actions of other programs that can compromise workstation security. Also, you can select a level of protection against exploits. At that, you can configure a separate protection mode for particular applications or configure a general mode whose settings will be applied to all other processes. Exploit Prevention In the section, you can configure the blocking of malicious programs that use vulnerabilities of well-known applications. From the corresponding drop-down list, select the required level of protection.
Level of Suspicious Activity Blocking In the section, you can configure a general protection mode whose settings will be applied to all the processes if the personal mode from the section below is not specified. You can also protect user data from unwanted changes. Select one of protection levels that anti-virus provides: •—maximal protection level when you need total control of access to critical Windows objects.
•—protection level at high risk of computer getting infected. In this mode, the access to the critical objects that can be potentially used by malicious software is additionally blocked. •—protection level that disables automatic changes of system objects, modification of which explicitly signifies a malicious attempt to damage the operating system. •—protection level that is set by a user (Dr.Web Server administrator) and based on settings specified in the table below. To specify custom settings of preventive protection level, select the check boxes in the table of this section to one of the following positions: a)—always allow actions with this object or from this object. b)—prompt the dialog box for setting necessary action by the user for the specific object. c)—always deny actions with this object or from this object. If you change table settings when one of the preinstalled levels in the section is set, it automatically changes to . You can create several independent user-defined profiles. To add a new user-defined profile, click . In the opened window, specify the name of a new profile and click . To delete user-defined profile that you had created, select it in the blocking list and click . You are not allowed to delete predefined profiles. Protected objects Preventive protection settings allow monitoring the following objects: •—detect processes that inject their code into running applications that may compromise computer security. Processes that are added to the exclusion list of the SpIDer Guard component are not monitored. •—detect processes that modify user files with the known algorithm which indicates that the process may compromise computer security. Processes that are added to the exclusion list of the SpIDer Guard component are not monitored. •—the operating system uses this file for simplifying access to the internet. Changes to this file may indicate virus infection or other malicious program. •—block applications from writing on disks by sectors avoiding the file system. •—block applications from loading new or unknown drivers. Other options control access to critical Windows objects and allow protection of the following registry branches from modification (in the system profile as well as in all user profiles). Protected registry branches
In the section, you can configure the separate protection mode for particular applications. To all other processes, the settings specified in the section above will be applied. To Edit a Rule 1.To add one more rule, click . a)To configure the added rule, click next to this rule. b)In the opened window, specify the path to the application executable file on a protected workstation. You can enter the full path to the file or folder in the field or use a mask. A mask denotes the common part of object names, at that: ▫the asterisk (*) character replaces any, possibly empty, sequence of characters; ▫the question mark (?) replaces any character (one); ▫other mask characters do not replace anything and mean that the name must contain a particular character in this place. c)Look through default settings and, if necessary, edit them. d)Click . 2.To edit an existing rule, click to the necessary rule and perform the steps from the units 1.a)–1.d). 3.To delete an existing rule, click next to the necessary rule. |