About Product

Dr.Web Enterprise Security Suite is designed for implementation and management of integrated and secure complex anti-virus protection for either local company network (mobile devices included) or home computers of employees.

A sum of computers and mobile devices with Dr.Web Enterprise Security Suite cooperating components installed represents a single anti-virus network.

	Dr.Web Server		HTTP/HTTPS
	Dr.Web Security Control Center		TCP/IP network
	Dr.Web Mobile Control Center		Updates delivered via HTTP/HTTPS
	Protected station		Dr.Web GUS

Dr.Web Enterprise Security Suite anti-virus network has a client-server architecture. Its components are installed on computers and mobile devices of users and administrators, as well as computers functioning as LAN servers. Anti-virus network components exchange information via TCP/IP network protocols. Anti-virus software can be installed (and managed afterwards) onto protected stations either via LAN, or the internet.

Central protection Server (Dr.Web Server) is installed on a computer in anti-virus network. The installation can be performed on any computer, not necessarily the one functioning as a LAN server. General requirements to such computer are given in the System Requirements section.

Cross-platform nature of the Dr.Web Server software allows using a computer under any of the following operating systems as a Dr.Web Server:

Central protection Server stores distribution kits of anti-virus packages for different operating systems on protected computers, updates for virus databases and anti-virus packages, license keys and anti-virus package settings for protected computers. Dr.Web Server receives updates of anti-virus protection components and virus databases via the internet from Dr.Web Global Update System and propagates the updates to protected stations.

Several Dr.Web Servers can be combined into a hierarchical structure to take care of protected stations in anti-virus network.

Dr.Web Server features the backup of critical data (such as databases, configuration files, etc.)

The single database is connected to the central protection Server and stores statistics about anti-virus network events, Dr.Web Server settings, parameters of protected stations and anti-virus components installed on protected stations.

Embedded database. SQLite3 database comes embedded in the central protection Server directly.

External database. Inbuilt drivers for connecting the following databases are provided:

•ODBC driver to connect other databases, such as Microsoft SQL Server/Microsoft SQL Server Express.

You can use any database that corresponds to your demands. Your choice should be based on the needs to be satisfied by the data store, such as capability to service the anti-virus network of a corresponding size, database software maintenance needs, administration capabilities provided by the database itself and, also requirements and standards which are accepted for use in your company.

Central protection Control Center is automatically installed with Dr.Web Server and provides a web interface for remote managing of Dr.Web Server and the anti-virus network by means of editing the settings of Dr.Web Server and protected computers settings stored on Dr.Web Server and protected computers.

The Control Center can be opened on any computer with a network access to Dr.Web Server. The Control Center can be used almost under any operating system with full use in the following web browsers:

The list of possible variants of use is given in the System Requirements section.

•Straightforward Anti-virus installation on protected stations, including remote installation on workstations with preliminary scanning of the network to search computers; creation of distribution files with unique identifiers and Dr.Web Server connection parameters, which allows to facilitate Anti-virus installation process by an administrator or to let station users install the Anti-virus on their own (see detailed information in the Installing Dr.Web Agent section).

•Streamlined administration based on grouping of anti-virus network workstations.

•Centralized control over anti-virus packages on stations, including uninstallation of either separate components or the entire Anti-virus on stations under Windows OS; configuring parameters of anti-virus package components; assigning permissions to set up and manage the anti-virus packages for protected computer users.

•Centralized control over anti-virus check on workstations, including remote launch of anti-virus check either based on a specified schedule or by administrator's direct request from the Control Center; centralized configuration of anti-virus check parameters and transmitting them to workstations to launch the local check with these parameters.

•Receiving statistics about the state of protected stations, viral statistics, installed anti-virus software state, state of running anti-virus components, as well as a list of hardware and software on protected station.

•Versatile Dr.Web Server and anti-virus network administration system based on possible permission delimiting for different administrators and possibility to connect administrators via external authorization systems such as Active Directory, LDAP, RADIUS, PAM.

•Licensing management for workstation anti-virus protection, with branched system of assigning licenses to stations and groups of stations, as well as granting licenses between several Dr.Web Servers in multiserver configuration of anti-virus network.

•Wide range of settings to configure Dr.Web Server and its separate components, including the Dr.Web Server maintenance schedule; addition of user hooks; flexible configuration of update system for all anti-virus network components using the GUS and further propagation of updates onto stations; configuring the administrator notification system about anti-virus network events with different possible methods of notification delivering; setting up interserver connections to configure multiserver anti-virus network.

The Web server is one of the Control Center parts that is automatically installed with Dr.Web Server. The main purpose of the Web server is to ensure operation of the Control Center web pages and client network connections.

Dr.Web Mobile Control Center is available as a separate component for mobile devices under iOS and Android. Basic requirements for devices to run the application are given in the System Requirements section.

The Mobile Control Center connects to Dr.Web Server over encrypted protocol using the anti-virus network administrator credentials. Mobile Control Center supports the base set of the Control Center features:

•launch fast or full scan either for selected stations or for all stations in selected groups;

•view and manage files in the Quarantine either for selected stations or for all stations in the selected group.

•number of stations registered at Dr.Web Server and their current state (online/offline);

4.Viewing and managing messages about major events in anti-virus network in form of interactive push notifications:

8.Search for specific anti-virus network stations and groups by name, address, or ID.

You can download Dr.Web Mobile Control Center from the Control Center or from App Store and Google Play directly.

Protected computers and mobile devices in the network have control module (Agent) and anti-virus package installed for corresponding operating system.

Cross-platform nature of the software ensures that anti-virus protection of computers and mobile devices is provided under the following operating systems:

Protected stations can include both user computers and LAN servers. Anti-virus protection of the Microsoft Outlook mail system is supported as well.

The control module updates anti-virus components and virus databases regularly by downloading them from Dr.Web Server. It also sends information about virus events on protected computer to Dr.Web Server.

If the central protection Server is not accessible, virus databases on protected stations can be updated from the Global Update System via the internet.

Depending on an operating system of the station, the following protection functions are provided:

Scans a computer on user demand and based on a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

Constant file system protection in real time. Checks all launched processes, as well as any files created on hard drives and files opened on removable media.

Checks all calls to websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (e.g. in sent and received files) and restricts access to suspicious or incorrect resources.

Controls access to local and global network resources, in particular, limits access to websites. Allows to control integrity of important files to prevent accidental change or infection with viruses. It also limits access to unwanted information for employees.

Protects computers from unauthorized external access and prevents leak of vital data via the internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Protects files and folders of Dr.Web Enterprise Security Suite from unauthorized or accidental removal and modification by user or malicious software. If self-protection is enabled, access to files and folders of Dr.Web Enterprise Security Suite is granted to Dr.Web processes only.

Prevents from potential security threats. Controls access to critical objects of operating system, controls driver loading, program autorun and system service operation. It also monitors running processes and blocks them in case if any viral activity is detected.

Monitors activity of all processes on stations. Allows anti-virus network administrator to control which applications to allow and which ones to prevent from launching on protected stations.

Scanning engine. Provides the anti-virus scanning service (contents of files and disk boot records and other data received from other components of Dr.Web for UNIX). It queues files that are waiting to be scanned. Cures the files that can be cured.

The component, which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX components. Checks file system directories according to a received task, transmits files for scanning to the scanning engine. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.

Used by components that scan file system objects, such as SpIDer Guard (for Linux, SMB, NSS).

ICAP server analyzing requests and traffic, which goes via HTTP proxy servers. It also prevents transmitting infected files and access to network hosts belonging to the internet resource categories and to black lists, created by system administrator.

The Linux file system monitor. It operates in the background and monitors file operations (creating, opening, closing, and running a file) in the GNU/Linux file systems. It sends tasks to scan new, modified or executable files upon a program startup to the file check component.

Monitor of Samba shared file system directories. It operates in the background and monitors file operations (creating, opening, closing, reading or writing operations) in directories used by SMB file server Samba. It sends contents of new and modified files to the file check component for checking.

NSS volume monitor (Novell Storage Services). It operates in the background and monitors file operations (creating, opening, closing and writing operations) on NSS volumes mounted in a specified file system point. It sends contents of new and modified files to the file check component for checking.

Network traffic and URL monitoring component. It is designed to check for threats any data downloaded from global network to local host and transmitted from it to external network. The component also prevents connections to any network hosts included either to unwanted categories of web resources or to black lists created by system administrator.

Email scanning component. Analyzes messages transferred over email protocols, sorts out emails and prepares them for scanning for threats. It can operate in one of two modes:

1.As a filter for mail servers (Sendmail, Postfix, etc.) connected via the Milter, Spamd or Rspamd interface.

2.As a transparent proxy of mail protocols (SMTP, POP3, IMAP). In this mode, it uses SpIDer Gate.

Scans a computer on user demand and based on a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

Constant file system protection in real time. Checks all launched processes, as well as any files created on hard drives and files opened on removable media.

Checks all calls to websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (e.g. in sent and received files) and restricts access to suspicious or incorrect resources.

Scans a mobile device on user demand and based on a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

Constant file system protection in real time. Checks all files as they are saved in device memory.

Filters incoming phone calls and SMS's, while allowing to block any undesired messages and calls, such as advertisements or messages and calls from unknown numbers.

Detects device location or locks its functions in case it has been lost or stolen.

URL filter that allows protecting a mobile device user from unsolicited websites.

Protects a mobile device from unauthorized external access and prevents leak of vital data via the internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Diagnostics and analysis of mobile device security and resolving of any detected problems and vulnerabilities.

Blocks applications from launching on a mobile device, unless they are included in the list of allowed applications by an administrator.

To provide stable and secure connection between anti-virus network components, the following features are presented:

Proxy Server can be optionally included in an anti-virus network. The main function of the Proxy Server is to provide connection between Dr.Web Server and protected stations in cases when direct connection is impossible.

The Proxy Server allows using any computer included in an anti-virus network for the following purposes:

•As update relay center to reduce network load on Dr.Web Server and on connection between Dr.Web Server and the Proxy Server, as well as to reduce the time required for protected stations to get updates by using the caching function.

•As a distribution center of virus events sent from protected stations to Dr.Web Server, which also reduces network load and allows keeping up with cases when, for example, a group of stations is located in a network segment isolated from the segment Dr.Web Server is in.

To reduce network traffic to minimum, special compression algorithms come into effect when anti-virus network components exchange the data.

Data transferred between anti-virus network components can be encrypted to provide additional security level.

NAP Validator is provided as a separate component and allows to use Microsoft Network Access Protection (NAP) technology to check health of protected stations software. The resulting security is achieved through implementation of requirements for performance of network stations.

Dr.Web Repository loader is provided as a separate utility and allows to download products of Dr.Web Enterprise Security Suite from Dr.Web Global Update System. It can be used for downloading of Dr.Web Enterprise Security Suite products updates and placing them on a Dr.Web Server, which is not connected to the internet.

Dr.Web Scanning Server is provided as a separate component. It is designed for operating in virtual environments, The Scanning Server is installed on a separate virtual machine and processes anti-virus scanning requests from other virtual machines.