Operation Modes

Dr.Web for UNIX File Servers can operate both in standalone mode and as a part of an anti-virus network managed by a centralized protection server. Operation in the centralized protection mode does not require installation of additional software or Dr.Web for UNIX File Servers re-installation or removal.

In Standalone mode, the protected computer is not connected to an anti-virus network and its operation is managed locally. In this mode, configuration and license key files are located on local disks and Dr.Web for UNIX File Servers is fully controlled from the protected computer. Updates to virus databases are received from Doctor Web update servers.

In the centralized protection mode (enterprise mode), protection of the computer is managed by the centralized protection server. In this mode, some functions and settings of Dr.Web for UNIX File Servers can be adjusted in accordance with the general (corporate) anti-virus protection policy implemented on the anti-virus network. The license key file used for operating in the centralized protection mode is received from the centralized protection server. The demo key file stored on the local computer, if any, is not used. Statistics on virus events together with information on Dr.Web for UNIX File Servers operation are sent to the centralized protection server. Updates to virus databases are also received from the centralized protection server.

In the mobile mode, Dr.Web for UNIX File Servers receives updates from Doctor Web update servers, but operation of the product is managed with the local settings and a license key file received from the centralized protection server. You can switch to the mobile mode only if it is allowed in the centralized protection server settings.

Centralized Protection Concept

Doctor Web solutions for centralized protection use client-server model (see the figure below).

Workstations and servers are protected from threats by local anti-virus components (herein, Dr.Web for UNIX File Servers components) installed on them, which provides for anti-virus protection of remote computers and allows connection between the workstations and the centralized protection server.

Centralized protection server

Network based on TCP, NetBIOS

Anti-virus network administrator

Management via HTTP/HTTPS

Protected local computer

Transmitting updates via HTTP

Doctor Web update server

 

 

Figure 2. Logical structure of the Anti-virus Network

Local computers are updated and configured from the centralized protection server. The stream of instructions, data and statistics in the anti-virus network goes also through the centralized protection server. The volume of traffic between protected computers and the central server can be quite sizeable, therefore solutions provide options for traffic compression. To prevent leak of sensitive data or substitution of software downloaded onto protected computers, encryption is also supported.

All necessary updates are downloaded to the centralized protection server from Doctor Web update servers.

Local anti-virus components are configured and managed from the centralized protection server according to commands received from anti-virus network administrators. Administrators manage centralized protection servers and topology of anti-virus networks (for example, validate connections to the centralized protection server from remote computers) and configure operation of local anti-virus components when necessary.

Local anti-virus components are not compatible with anti-virus products of other companies or anti-virus solutions of Dr.Web if the latter do not support operation in the centralized protection mode (for example, Dr.Web Anti-virus, version 5.0). Installation of two anti-virus programs on the same computer can cause a system crash and loss of important data.

Centralized protection mode allows exporting and saving operation reports using the centralized protection center. Reports can be exported and saved in the following formats: HTML, CSV, PDF, and XML.

Connection to the centralized protection server

Dr.Web for UNIX File Servers can be connected to the centralized protection server of an anti-virus network using the esconnect command of the Dr.Web Ctl command-line management tool.

For the verification of the centralized protection server the certificate corresponding to the unique public key of the server is used. By default, the Dr.Web ES Agent centralized protection agent will not allow you to connect to the server unless you specify the certificate file. The certificate file must first be obtained from the administrator of the anti-virus network served by the server to which you want to connect Dr.Web for UNIX File Servers.

If Dr.Web for UNIX File Servers is connected to the centralized protection server, you can switch the product into the mobile mode or switch it back into the centralized protection mode. Switching the mobile mode on or off is accomplished with the help of the MobileMode configuration parameter of the Dr.Web ES Agent component.

Dr.Web for UNIX File Servers can switch to the mobile mode only if it is allowed in the settings on the centralized protection server.

Disconnecting from an Anti-Virus Network

Dr.Web for UNIX File Servers can be disconnected from the centralized protection server of an anti-virus network using the esdisconnect command of the Dr.Web Ctl command-line management tool.