Configuring SpIDer Guard

Note

To access the SpIDer Guard settings, you are prompted to enter the password if you enabled the Protect Dr.Web settings with a password option in the Settings window.

The default settings are optimal for most cases. Do not change them unnecessarily.

Figure 29. SpIDer Guard settings

Scan options

By default, SpIDer Guard checks files that are opened, changed or launched on removable media such as CD/DVD, flash drives, and so on. This option helps to protect your computer from viruses transmitted via removable media. When these options are disabled, the objects on removable media are not checked for viruses.

Note

If any problem occurs during installation with the autorun option, it is recommended to temporary disable the Block autoruns from removable media option.

Actions

On this page, you can configure reactions of SpIDer Guard to detection of infected or suspicious files and malware.

For different types of compromised objects, actions are assigned separately from the respective drop-down lists:

Infected—objects infected with a known and (supposedly) curable virus.

Suspicious—objects supposedly infected with a virus or containing a malicious object.

Various potentially dangerous objects (riskware). To expand the entire list of objects, click the Advanced settings link.

Separate reaction of SpIDer Guard to detection of each object type. Set of actions available for the selection depends on the threat type.

By default, SpIDer Guard attempts to cure infected and supposedly curable files, moves other most dangerous objects to Quarantine, and ignores minor threats such as jokes, hacktools, and riskware. The reactions of SpIDer Guard are similar to those of Dr.Web Scanner.Details

Scan mode

In this group, you can set up what actions with objects require scanning “on-the-fly” with SpIDer Guard.

Option

Description

Optimal (recommended)

This scan mode is used by default.

In this mode, SpIDer Guard scans objects only when one of the following actions is traced:

For objects on hard drives, an attempt to execute a file, create a new file, or add a record to an existing file or boot sector.

For objects on removable media, an attempt to access file or boot sectors in any way (write, read, execute).

Paranoid

In this mode, SpIDer Guard scans files and boot sectors on hard or network drives and removable media at any attempt to access them (create, write, read, execute).

Note

When running in the Optimal mode, SpIDer Guard does not terminate execution of an EICAR test file and the file is not processed as malicious since it does not pose any actual threat to your system. However, if you copy or create such a file in your system, it will be detected by SpIDer Guard and moved to Quarantine by default.

Details and recommendations

Advanced settings

The settings of this group allow to specify parameters for scanning objects on-the-fly and are always applied regardless of the selected SpIDer Guard operation mode. You can enable:

Use of heuristic analysis;

scan of programs and modules to download;

scan of installation packages;

scan of files on network drives (not recommended);

scan of a computer for the presence of rootkits (recommended);

scan of scripts executed with Windows Script Host and PowerShell (for Windows Server 2016).

Heuristic analysis

By default, SpIDer Guard performs scan using heuristic analysis. If this option is disabled, SpIDer Guard will use signature analysis only.

Background rootkit scanning

Anti-rootkit component included in Dr.Web provides options for background scanning of the operating system for complex threats and curing of detected active infections when necessary.

If this option is enabled, Dr.Web Anti-rootkit constantly resides in memory. In contrast to the on-the-fly scanning of files by SpIDer Guard, scanning for rootkits  i.e. malicious programs that are used for hiding changes in the operating system such as running of particular processes, registry changes, modifications of files and folders includes checking of autorun objects, running processes and modules, Random Access Memory (RAM), MBR/VBR disks, computer BIOS system, and other system objects.

One of the key features of Dr.Web Anti-rootkit is delicate attitude towards consumption of system resources (processor time, free RAM, and others) as well as consideration of hardware capacity.

When Dr.Web Anti-rootkit detects a threat, it notifies you on the detection and neutralizes the malicious activity.

Note

During background rootkit scanning, files and folders specified on the Excluded files page are excluded from scanning.

Background rootkit scanning is enabled by default.

Note

Disabling of SpIDer Guard does not affect background scanning. If the option is enabled, background scanning is performed regardless of whether SpIDer Guard is running or not.