SpIDer Guard for NSS operates as a daemon (usually it is started by configuration daemon Dr.Web ConfigD on system startup). This monitor controls only the volumes which are specified in the settings (NssVolumesMountDir and ProtectedVolumes parameters). The monitor does not detect automatically, when a new NSS file system volume is mounted or unmounted. When a new or modified file is found on a volume, the monitor instructs Dr.Web Scanning Engine core component to scan the file. Another feature of this monitor is that it manages its own, separate, quarantine for threats detected on NSS volumes. The monitor operation scheme is shown in the picture below.
Picture 38. Component operation scheme
|
NSS volumes monitor has the following feature: if a threat is detected in a file upon its copying (to a protected volume or within an NSS volume), SpIDer Guard for NSS marks only the copy of the infected file. The threat in the original file will not be detected. This file will be considered safe until an attempt to access this (original) file is performed or until it is modified if the file resides on an NSS volume. If Quarantine action is specified for some threat type in NSS volumes monitor settings, the object containing a threat of this type will be placed to quarantine again on attempt to restore this object from quarantine to an NSS volume. For example, the following default settings NSS.OnKnownVirus = Cure NSS.OnIncurable = Quarantine move all incurable objects to quarantine. At that, when any incurable object is restored from quarantine to an NSS volume, this object is automatically returned to quarantine. |
If required, you can disable SpIDer Guard for NSS monitoring of certain files or directories. It can be useful when, for example, files in some directory are frequently modified, which results in constant repeated scanning of these files and, thus, can increase system load. If it is known with certainty that frequent modification of files in a directory is not caused by a virus but is due to operation of a trusted program, you can add the path to this directory or these files to the list of exclusions. In this case, the NSS volume monitor SpIDer Guard for NSS stops responding to modification of these objects.