In this window, you can configure Dr.Web KATANA reaction to such actions of other programs, which can compromise security of a station, and select a level of protection against exploits.
Figure 2. Protection settings
At that, you can configure a separate protection mode for particular applications or configure a general mode whose settings will apply to all other processes.
To configure the general mode of preventive protection, select it from the Operation mode list or click Change parameters of suspicious activity blocking. As a result of the second action, a window opens providing you with mode settings and editing options. All changes are saved in the User-defined mode. In this window, you can also create a new profile for saving necessary settings.
Preventive Protection Level
In the Optimal mode, Dr.Web disables automatic changes of system objects whose modification explicitly signifies a malicious attempt to harm the operating system. It also blocks low-level access to the disk and protects the HOSTS file from modification.
If there is a high risk of your computer getting infected, you can increase protection by selecting the Medium mode. In this mode, access to the critical objects, which can be potentially used by malicious software, is blocked.
|
Using this mode may lead to compatibility problems with a third-party software that uses the protected registry branches. |
When total control of access to critical Windows objects is required, you can select the Paranoid mode. In this mode, Dr.Web also provides you with interactive control over loading of drivers and automatic running of programs.
The User-defined mode allows you to set a custom protection level for various objects.
Protected object |
Description |
|---|---|
Integrity of running applications |
This option allows detection of processes that inject their code into running applications. It indicates that the process may compromise computer security. |
Integrity of users files |
This option allows detection of processes that modify user files with the known algorithm, which indicates that the process may compromise computer security. |
HOSTS file |
The operating system uses the HOSTS file when connecting to the Internet. Changes to this file may indicate virus infection. |
Low level disk access |
Block applications from writing on disks by sectors while avoiding the file system. |
Drivers loading |
Block applications from loading new or unknown drivers. |
Critical Windows objects |
Other options allow protection of the following registry branches from modification (in the system profile as well as in all user profiles). Image File Execution Options: •Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options User Drivers: •Software\Microsoft\Windows NT\CurrentVersion\Drivers32 •Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers Winlogon registry keys: •Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit, Shell, UIHost, System, Taskman, GinaDLL Winlogon notifiers: •Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Windows registry startup keys: •Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, LoadAppInit_DLLs, Load, Run, IconServiceLib Executable file associations: •Software\Classes\.exe, .pif, .com, .bat, .cmd, .scr, .lnk (keys) •Software\Classes\exefile, piffile, comfile, batfile, cmdfile, scrfile, lnkfile (keys) Software Restriction Policies (SRP): •Software\Policies\Microsoft\Windows\Safer Browser Helper Objects for Internet Explorer (BHO): •Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Autorun of programs: •Software\Microsoft\Windows\CurrentVersion\Run •Software\Microsoft\Windows\CurrentVersion\RunOnce •Software\Microsoft\Windows\CurrentVersion\RunOnceEx •Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup •Software\Microsoft\Windows\CurrentVersion\RunOnceEx\Setup •Software\Microsoft\Windows\CurrentVersion\RunServices •Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Autorun of policies: •Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Safe mode configuration: •SYSTEM\ControlSetXXX\Control\SafeBoot\Minimal •SYSTEM\ControlSetXXX\Control\SafeBoot\Network Session Manager parameters: •System\ControlSetXXX\Control\Session Manager\SubSystems, Windows System services: •System\CurrentControlXXX\Services |
|
If any problems occur during installation of important Microsoft updates or during installation and operation of programs (including defragmentation programs), temporarily disable Preventive Protection. |
Exploit prevention
This option allows to block malicious programs that use vulnerabilities of well-known applications. From the corresponding drop-down list, select the required level of protection.
Protection level |
Description |
Prevent unauthorized code from being executed |
If an attempt of a malicious object to exploit software vulnerabilities to get access to critical regions of the operating system is detected, it will be blocked automatically. |
Interactive mode |
If an attempt of a malicious object to exploit software vulnerabilities to get access to critical regions of the operating system is detected, Dr.Web will display an appropriate message. Read the information and select a suitable action. |
Allow unauthorized code to be executed |
An attempt of a malicious object to exploit software vulnerabilities to get access to critical areas of the operating system will be allowed automatically. |