Preventive Protection

On this page, you can configure Dr.Web reaction to such actions of other programs that can compromise security of your computer.

In the default Optimal mode, Dr.Web disables automatic changes to system objects, modification of which explicitly signifies a malicious attempt to harm the operating system. It also blocks low-level access to disk and protects the HOSTS file from modification.

If there is a high risk of you computer getting infected, you can increase protection by selecting the Medium mode.In this mode, access to the critical objects, which can be potentially used by malicious software, is blocked.

When required to have total control of access to critical Windows objects, you can select the Paranoid mode. In this mode, Dr.Web also provides you with interactive control over loading of drivers and automatic running of programs.

With the User-defined mode, you can set a custom protection level for for various objects.

Protected object	Description
Integrity of running applications	This option allows detection of processes that inject their code into running applications. It indicates that the process may compromise computer security. Processes that are added to the exclusion list of SpIDer Guard are not monitored.
Integrity of user files	This option allows detection of processes that modify user files with the known algorithm which indicates that the process may compromise computer security. Processes that are added to the exclusion list of SpIDer Guard are not monitored.To protect your data from modification, you can enable creation of protected copies that contain important data.
HOSTS file	The operating system uses the HOSTS file when connecting to the Internet. Changes to this file may indicate virus infection.
Low level disk access	Block applications from writing on disks by sectors avoiding the file system.
Drivers loading	Block applications from loading new or unknown drivers.
Critical Windows objects	Other options allow protection of the following registry branches from modification (in the system profile as well as in all user profiles). File Execution Options: •Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options User Drivers: •Software\Microsoft\Windows NT\CurrentVersion\Drivers32 •Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers Winlogon registry keys: •Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit, Shell, UIHost, System, Taskman, GinaDLL Winlogon notifiers: •Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Windows registry startup keys: •Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, LoadAppInit_DLLs, Load, Run, IconServiceLib Executable file associations: •Software\Classes\.exe, .pif, .com, .bat, .cmd, .scr, .lnk (keys) •Software\Classes\exefile, piffile, comfile, batfile, cmdfile, scrfile, lnkfile (keys) Software Restriction Policies (SRP): •Software\Policies\Microsoft\Windows\Safer Browser Helper Objects for Internet Explorer (BHO): •Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Autorun of programs: •Software\Microsoft\Windows\CurrentVersion\Run •Software\Microsoft\Windows\CurrentVersion\RunOnce •Software\Microsoft\Windows\CurrentVersion\RunOnceEx •Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup •Software\Microsoft\Windows\CurrentVersion\RunOnceEx\Setup •Software\Microsoft\Windows\CurrentVersion\RunServices •Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Autorun of policies: •Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Safe mode configuration: •SYSTEM\ControlSetXXX\Control\SafeBoot\Minimal •SYSTEM\ControlSetXXX\Control\SafeBoot\Network Session Manager parameters: •System\ControlSetXXX\Control\Session Manager\SubSystems, Windows System services: •System\CurrentControlXXX\Services