Dr.Web Security Space can operate both in standalone mode and as a part of a corporate or private anti-virus network managed by a centralized protection server. Such operation mode is called a centralized protection mode. Using this mode does not require installation of additional software or Dr.Web Security Space re-installation or uninstallation.
•In standalone mode, a protected computer is not connected to the anti-virus network and its operation is managed locally. In this mode, configuration and license key files are located on local disks and Dr.Web Security Space is fully managed by the protected computer. Updates of virus databases are received from Doctor Web update servers.
•In centralized protection mode, the protection of the computer is managed by a centralized protection server. In this mode, some functions and settings of Dr.Web Security Space can be adjusted or locked according to a general (corporate) anti-virus protection policy implemented in the anti-virus network. A custom license key file received from the selected centralized protection server to which Dr.Web Security Space is connected is used on the computer in this mode. A license or demo key file stored on the local computer, if any, is not used. The information about Dr.Web Security Space operation, including statistics on threat events, is sent to the centralized protection server. Updates of virus databases are also received from the centralized protection server.
•In mobile mode, Dr.Web Security Space receives updates from Doctor Web update servers, but uses settings stored locally and a custom license key file that were received from the centralized protection server.
When Dr.Web Security Space operates in centralized protection mode or mobile mode, the following options are blocked:
•deletion of a license key file in License Manager;
•manual start of an update process and adjustment of update settings;
•configuration of file system scanning parameters.
A possibility of configuring the settings of the SpIDer Guard file system monitor as well as enabling or disabling it while Dr.Web Security Space is controlled by the centralized protection server are dependent on permissions specified on the server.
|
A scheduled scan is unavailable in centralized protection mode.
If starting scanning on user demand is prohibited on the centralized protection server, the page for starting scanning and the Scanner button on the Dr.Web Security Space window will be disabled. |
Centralized Protection Concept
Doctor Web solutions for managing centralized protection use a client-server model (see the figure below).
Corporate computers or computers of clients of an IT service provider are protected by local anti-virus components (in this case, by Dr.Web Security Space), which ensure anti-virus protection and maintain connection to the centralized protection server.
|
Figure 1. Logical structure of the anti-virus network
Local components are updated and configured from the centralized protection server. The entire stream of instructions, data and statistics in the anti-virus network also passes the centralized protection server. The volume of traffic between protected computers and the centralized protection server can be significant, therefore an option for traffic compression is provided. Using encryption while sending data prevents a leak of sensitive data or substitution of software downloaded onto protected computers.
All necessary updates are downloaded to the centralized protection server from Doctor Web update servers.
Changes in the configuration of local anti-virus components and command transfer are performed by anti-virus network administrators using the centralized protection server. The administrators manage configuration of the centralized protection server and topology of the anti-virus network (for example, they validate connection of a local station to the network) and configure operation of individual local anti-virus components when necessary.
|
Local anti-virus components are incompatible with anti-virus products of other companies or Dr.Web anti-virus solutions if the latter do not support operation in the centralized protection mode (for example, Dr.Web for Linux version 5.0). Installation of two anti-virus programs on the same computer can cause a system crash or a loss of important data. |
The centralized protection mode allows exporting and saving Dr.Web Security Space operation reports using the centralized protection server. Reports can be exported and saved in the following formats: HTML, CSV, PDF and XML.
Connecting to the Anti-Virus Network
Dr.Web Security Space can be connected to the anti-virus network in one of the following ways:
•on the Mode tab of the Dr.Web Security Space configuration page;
•using the esconnect command of the drweb-ctl command-line management tool.
Disconnecting From the Anti-Virus Network
Dr.Web Security Space can be disconnected from the anti-virus network in one of the following ways:
•on the Mode tab of the Dr.Web Security Space configuration page;
•using the esdisconnect command of the drweb-ctl command-line management tool.