Operation Modes

Dr.Web Security Space can operate either in standalone mode or as a part of a corporate or private anti-virus network managed by a centralized protection server. Such operation mode is called a centralized protection mode. Using this mode does not require installation of additional software or Dr.Web Security Space re-installation or uninstallation.

•In standalone mode, a protected computer is not connected to the anti-virus network and its operation is managed locally. In this mode, configuration and license key files are located on local disks and Dr.Web Security Space is fully managed by the protected computer. Updates for virus databases are received from Doctor Web update servers.

•In centralized protection mode, protection of the computer is managed by the centralized protection server. In this mode, some functions and settings of Dr.Web Security Space can be adjusted in accordance with the general (corporate) anti-virus protection policy implemented on the anti-virus network. The license key file used for operating in centralized protection mode is received from the centralized protection server to which Dr.Web Security Space is connected. The license or demo key file stored on the local computer, if any, is not used. Statistics on threat events together with information on Dr.Web Security Space operation are sent to the centralized protection server. Updates for virus databases are also received from the centralized protection server.

•In mobile mode, Dr.Web Security Space receives updates from Doctor Web update servers, but uses settings stored locally and a custom license key file that were received from the centralized protection server.

When Dr.Web Security Space operates in centralized protection mode or mobile mode, the following options are blocked:

A possibility of configuring the settings of the SpIDer Guard file system monitor as well as enabling or disabling it while Dr.Web Security Space is controlled by the centralized protection server are dependent on permissions specified on the server.

Scheduled scanning is unavailable in centralized protection mode.

If starting scanning on user demand is prohibited on the centralized protection server, the page for starting scanning and the Scanner button on the Dr.Web Security Space window will be disabled.

Doctor Web solutions for managing centralized protection use a client-server model (see the figure below).

Corporate computers or computers of clients of an IT service provider are protected by local anti-virus components (in this case, by Dr.Web Security Space), which ensure anti-virus protection and maintain connection to the centralized protection server.

	Centralized protection server		TCP, NetBIOS network
	Anti-virus network administrator		Management via HTTP/HTTPS
	Protected local computer		Transmitting updates via HTTP
	Doctor Web update server

Local components are updated and configured from the centralized protection server. The entire stream of instructions, data and statistics in the anti-virus network also passes the centralized protection server. The volume of traffic between protected computers and the centralized protection server can be significant, therefore an option for traffic compression is provided. Using encryption while sending data prevents a leak of sensitive data or substitution of software downloaded onto protected computers.

All necessary updates are downloaded to the centralized protection server from Doctor Web update servers.

Changes in the configuration of local anti-virus components and command transfer are performed by anti-virus network administrators using the centralized protection server. The administrators manage configuration of the centralized protection server and topology of the anti-virus network (for example, they validate connection of a local station to the network) and configure operation of individual local anti-virus components when necessary.

Local anti-virus components are incompatible with anti-virus products of other companies or Dr.Web anti-virus solutions if the latter do not support operation in the centralized protection mode (for example, Dr.Web for Linux version 5.0). Installation of two anti-virus programs on the same computer can cause a system crash or a loss of important data.

The centralized protection mode allows exporting and saving Dr.Web Security Space operation reports using the centralized protection server. Reports can be exported and saved in the following formats: HTML, CSV, PDF and XML.

Dr.Web Security Space can be connected to the centralized protection server of the anti-virus network in one of the following ways:

For the verification of the centralized protection server the certificate corresponding to the unique public key of the server is used. By default, the Dr.Web ES Agent centralized protection agent will not allow you to connect to the server unless you specify a certificate file. The certificate file must first be obtained from the administrator of the anti-virus network served by the server to which you want to connect Dr.Web Security Space.

If Dr.Web Security Space is connected to the centralized protection server, you can switch the product into the mobile mode or switch it back into the centralized protection mode. Switching the mobile mode on or off is accomplished with the help of the MobileMode configuration parameter of the Dr.Web ES Agent component.

Dr.Web Security Space can switch to the mobile mode only if this is allowed by the settings of the centralized protection server.

Dr.Web Security Space can be disconnected from the centralized protection server of the anti-virus network in one of the following ways:

•using the esdisconnect command of the drweb-ctl command-line management tool.