Configuring SpIDer Guard

To access the SpIDer Guard settings, you are prompted to enter the password if you enabled Protect Dr.Web settings by password option on the Settings window.

The default settings are optimal for most uses. Do not change them unnecessarily.

Scan options

Heuristic analysis

By default SpIDer Guard performs scan using heuristic analysis. If this option is disabled, SpIDer Guard will use signature analysis only.

Background Rootkit Scanning

Anti-rootkit component included in Doctor Web provides options for background scanning of the operating system for complex threats and curing of detected active infections when necessary.

If this option is enabled, Dr.Web Anti-rootkit constantly resides in memory. In contrast to on-the-fly scanning of files by SpIDer Guard, scanning for rootkits , i.e. malicious programs that are used for hiding changes to operating system such as running of particular processes, registry changes, modifications to files and folders, includes checking of autorun objects, running processes and modules, Random Access Memory (RAM), MBR/VBR disks, computer BIOS system and other system objects.

One of the key features of the Dr.Web Anti-rootkit is delicate attitude towards consumption of system resources (processor time, free RAM and others) as well as consideration of hardware capacity.

When Dr.Web Anti-rootkit detects a threat, it notifies you on that and neutralizes the malicious activity.

During background rootkit scanning, files and folders specified on Excluded files page of SpIDer Guard are excluded from scanning.

To enable background scanning, enable the Scan computer for rootkits (recommended) option.

Disabling of SpIDer Guard does not affect background scanning. If the check box is set, background scanning is performed regardless of whether SpIDer Guard is enabled or disabled.

Actions

On this page, you can configure reactions of SpIDer Guard to detection of infected or suspicious files and malware.

For different types of compromised objects, actions are assigned separately from the respective drop-down lists:

•Objects infected with a known and (supposedly) curable virus

•Supposedly infected (suspicious) objects

•Objects that pose potential threat (riskware)

Reaction of SpIDer Guard to detection of various malicious software is also set separately. Set of actions available for selection depend on the type of the virus event.

By default, SpIDer Guard attempts to cure the infected and supposedly curable files, moves other most dangerous objects to Quarantine, and ignores minor threats such as jokes, hacktools, and riskware. By default, SpIDer Guard ignores minor threats such as jokes, hacktools, and riskware.The SpIDer Guard reactions are similar to those of Dr.Web Scanner. Details

You can select one of the following actions for detected virus threats:

Action	Description
Cure, move to quarantine if not cured	Instructs to restore the original state of an object before infection. If the object is incurable, or the attempt of curing fails, this object is moved to quarantine. The action is available only for objects infected with a known virus that can be cured except for Trojan programs and files within complex objects such as archives, mailboxes or file containers.
Cure, delete if not cured	Instructs to restore the original state of an object before infection. If the object is incurable, or the attempt of curing fails, the action set for incurable viruses is applied. The action is available only for objects infected with a known virus that can be cured except for Trojan programs and files within complex objects such as archives, mailboxes or file containers.
Delete	Instructs to delete the object. This action is not available for boot sectors. No action is performed on malicious objects for which you selected this action, if they are detected in a boot sector.
Move to Quarantine	Instructs to move the object to a specific folder of Quarantine. No action is performed on malicious objects for which you selected this action, if they are detected in a boot sector.
Ignore	Instructs to skip the object without performing any action or displaying a notification. The action is available only for potentially dangerous files: adware, dialers, jokes, hacktools and riskware.

SpIDer Guard does not check complex objects such as archives, mailboxes or file containers. No action is performed on such objects or files within them.

Copies of all processed objects are stored in Quarantine.

Scan Mode

In this group, you can set up what actions with objects require scanning "on-the-fly" with SpIDer Guard.

Option

Description

Optimal (recommended)

This scan mode is used by default.

In this mode, SpIDer Guard scans objects only when one of the following actions is traced:

•For objects on hard drives, an attempt to execute a file, create a new file or add a record to an existing file or boot sector.

•For objects on removable devices, an attempt to access file or boot sectors in any way (write, read, execute).

Paranoid

In this mode, SpIDer Guard scans files and boot sectors on hard or network drives and portable data storages at any attempt to access them (create, write, read, execute).

When running in the Optimal mode, SpIDer Guard does not terminate execution of an EICAR test file and the file is not processed as malicious since it does not pose any actual threat to your system. However, if you copy or create such a file in your system, it will be detected by SpIDer Guard and moved to Quarantine by default.

Details and recommendations

The Optimal mode is recommended for use after a scan of all hard drives by Dr.Web Scanner. With this mode activated, SpIDer Guard prevents penetration of new viruses and other malicious objects via removable devices into your computer while preserving performance by omitting knowingly clean objects from repeated scans.

The Paranoid mode ensures maximum protection, but considerably reduces computer performance.

In any mode, objects on removable media and network drives are scanned only if the corresponding check boxes in the Additional tasks group are selected.

Operating system may register some removable devices as hard drives (e.g. portable USB hard drives). Scan such devices with Dr.Web Scanner when you connect them to the computer.

By default, files within archives and mailboxes are not checked. This does not affect security of your computer when it is constantly protected by SpIDer Guard, only delays the moment of detection. If a file within an archive or email attachment is infected, the malicious object will be detected and neutralized by SpIDer Guard immediately when you try to extract the archived files or download the attachment.

Additional Tasks

The settings of this group allow to specify parameters for scanning objects "on-the-fly" and are always applied regardless of the selected SpIDer Guard operation mode.

In this group, you can configure SpIDer Guard parameters to check the following objects:

•Executables of running processes regardless of their location (this option is enabled by default)

•Installation files

•Files on network drives

•Files and boot sectors on removable devices (this option is enabled by default)

By default SpIDer Guard blocks autoplay option for portable data storages such as CD/DVD, flash memory, and so on. This option helps to protect you computer from viruses transmitted via removable media.

If any problem occur during installation with autorun option, it is recommended to temporary disable Block autoruns from removable media option.