Operation in Central Protection Mode

Dr.Web can operate in the central protection mode in a network managed by Dr.Web Control Center. Central protection helps automate and simplify configuring and managing information security of computers within logical structures (for example, company computers that access each other from both inside and outside of company's local networks). Protected computers are united in one anti-virus network, which security is monitored and managed from central server (Dr.Web Control Center) by administrators. Connection to centralized anti-virus systems guarantees high level of protection while requiring minimum efforts from end-users.

In case Dr.Web is delivered as a part of the anti-virus network of the Enterprise Security Suite 11.0 software, plug-in can be configured from Dr.Web Security Control Center. Plug-in configuring procedures using the Dr.Web Security Control Center are described in Enterprise Security Suite administrator manual. The statistics of the plug-in functioning in the central protection mode is transferred to the Dr.Web Server.

Logical Structure of Anti-virus Networks

Solutions for central protection from Doctor Web use client-server model (see Figure 19).

Workstations and servers are protected by local anti-virus components (clients; herein, Dr.Web) installed on them, which provides for anti-virus protection of remote computers and ensures easy connection to central protection server.

Local computers are updated and configured from central server. The stream of instructions, data and statistics in the anti-virus network goes also through the central protection server. The volume of traffic between protected computers and the central server can be quite sizeable, therefore solutions provide options for traffic compression. To prevent leak of sensitive data or substitution of software downloaded onto protected computers, encryption is also supported.

logical_structure

drweb-server

Central protection server

simple_line_green

Network based on TCP, NetBIOS

control_center

Anti-virus network administrator

dashed_line_blue

Management via HTTP/HTTPS

protected_computer

Protected local computer

simple_line_blue

Transmitting updates via HTTP

worldwide_network_updates

Doctor Web update server

 

 

Figure 19. Logical structure of anti-virus network.

All necessary updates are downloaded to central protection server from Dr.Web update servers.

Local anti-virus components are configured and managed from central protection server according to commands from anti-virus network administrators. Administrators manage central protection servers and topology of anti-virus networks (for example, validate connections to central protection server from remote computers) and configure operation of local anti-virus components when necessary.

Operation of Dr.Web in Central Protection Mode

For operation of Dr.Web in central protection mode, Dr.Web Agent has to be installed and has to operate correctly on the same operating system.

Внимание!

The version 11.5 of Dr.Web is not compatible with Dr.Web Agent version 6 and previous.

 

If Dr.Web Agent was installed after Dr.Web, do the following:

1.Enable Doctor Web for Exchange Update Task in Windows Task Scheduler.

2.In Dr.Web CMS Web Console, change the licensing mode – select use of a license from the central protection server (see Changing Licensing Mode).

Next, execute update from console on the central protection server and make sure that update has been performed successfully.

Licensing

License key file for Dr.Web that is registered at the anti-virus network is used in central protection mode. If option of using license from the central protection server was selected during the installation, the license key file for the station in the anti-virus network will be used on the start of Microsoft Exchange Server with the installed plug-in Dr.Web. If this key is invalid, the anti-virus check is not performed. If during the installation another licensing mode was selected, it is necessary to change it in Dr.Web CMS Web Console (1).

Update

Virus databases and  anti-virus engine updates from Dr.Web Control Center repositories. This action allow disabling the standard updater of Dr.Web, which starts by default according to a schedule. In this case components update starts from Dr.Web Control Center repositories according to its schedule.

Actions after removing Dr.Web Agent

If Dr.Web Agent was removed, to ensure that Dr.Web will work properly, do the following:

1.In Windows Task Scheduler add the task for Dr.Web update:

Open Windows Task Scheduler.

Create a task named Doctor Web for Exchange Update Task.

On the General tab of the New Task Wizard, select the Run whether user is logged on or not radio button Run with highest privileges check box. Select Windows Server 2003, Windows XP or Windows 2000 option in the Configure for list.

On the Triggers tab, set periodicity of task execution.

On the Actions tab, create the Start a program action and specify the program <path to Dr.Web installation folder>\drwupsrv.bat.

Clear all default check boxes on the Conditions tab.

2.Change license mode. It is necessary to select licensing by getting the key file (0).