Dr.Web can operate in the centralized protection mode in a network managed by Dr.Web Control Center. Centralized protection helps automate and simplify configuring and managing information security of computers within logical structures (for example, company computers that access each other from both inside and outside of company's local networks). Protected computers are united in one anti-virus network, which security is monitored and managed from central server (Dr.Web Control Center) by administrators. Connection to centralized anti-virus systems guarantees high level of protection while requiring minimum efforts from end-users.
In case Dr.Web is delivered as a part of the anti-virus network of the Enterprise Security Suite 11.0 or later, plug-in can be configured from Dr.Web Security Control Center. Plug-in configuring procedures using the Dr.Web Security Control Center are described in Enterprise Security Suite administrator manual. The statistics of the plug-in functioning in the centralized protection mode is transferred to the Dr.Web Server.
Logical structure of anti-virus networks
Solutions for centralized protection from Doctor Web use client-server model (see Figure 22).
Workstations and servers are protected by local anti-virus components (clients; herein, Dr.Web) installed on them, which provides for anti-virus protection of remote computers and ensures easy connection to centralized protection server.
Local computers are updated and configured from central server. The stream of instructions, data and statistics in the anti-virus network goes also through the centralized protection server. The volume of traffic between protected computers and the central server can be quite sizeable, therefore solutions provide options for traffic compression. To prevent leak of sensitive data or substitution of software downloaded onto protected computers, encryption is also supported.
|
Centralized protection server |
|
Network based on TCP, NetBIOS |
|
Anti-virus network administrator |
|
Management via HTTP/HTTPS |
|
Protected local computer |
|
Transmitting updates via HTTP |
|
Doctor Web update server |
|
|
Figure 22. Logical structure of anti-virus network
All necessary updates are downloaded to centralized protection server from Dr.Web update servers.
Local anti-virus components are configured and managed from centralized protection server according to commands from anti-virus network administrators. Administrators manage centralized protection servers and topology of anti-virus networks (for example, validate connections to centralized protection server from remote computers) and configure operation of local anti-virus components when necessary.
Operation of Dr.Web in Centralized Protection Mode
For operation of Dr.Web in centralized protection mode, Dr.Web Agent has to be installed and has to operate correctly on the same operating system.
|
The version 12.0 of Dr.Web is compatible only with Dr.Web Agent of version 12.0 and later.
If Dr.Web Agent was installed after Dr.Web, do the following: 1.Enable Doctor Web for Exchange Update Task in Windows Task Scheduler. 2.In Dr.Web CMS Web Console, change the licensing mode—select use of a license from the centralized protection server (see Changing Licensing Mode). Next, execute update from console on the centralized protection server and make sure that update has been performed successfully. |
Licensing
License key file for Dr.Web that is registered at the anti-virus network is used in centralized protection mode. If option of using license from the centralized protection server was selected during the installation, the license key file for the station in the anti-virus network will be used on the start of Microsoft Exchange Server with the installed plug-in Dr.Web. If this key is invalid, the anti-virus check is not performed. If during the installation another licensing mode was selected, it is necessary to change it in Dr.Web CMS Web Console (1).
Update
Virus databases and anti-virus engine updates from Dr.Web Control Center repositories. This action allow disabling the standard updater of Dr.Web, which starts by default according to a schedule. In this case components update starts from Dr.Web Control Center repositories according to its schedule.
Actions after removing Dr.Web Agent
If Dr.Web Agent was removed, to ensure that Dr.Web will work properly, do the following:
1.In Windows Task Scheduler add the task for Dr.Web update:
•Open Windows Task Scheduler.
•Create a task named Doctor Web for Exchange Update Task.
•On the General tab of the New Task Wizard, select the Run whether user is logged on or not radio button Run with highest privileges check box. Select Windows Server 2003, Windows XP or Windows 2000 option in the Configure for list.
•On the Triggers tab, set periodicity of task execution.
•On the Actions tab, create the Start a program action and specify the program <path to Dr.Web installation folder>\drwupsrv.bat.
•Clear all default check boxes on the Conditions tab.
2.Change license mode. It is necessary to select licensing by getting the key file (0).