Preventive Protection Page

On this page, you can configure Dr.Web reaction to such actions of other programs that can compromise security of your computer. You can also enable background scanning of your operating system for rootkits , i.e. malicious programs that are used for hiding changes to operating system such as running of particular processes, registry changes, modifications to files and folders.

 

For details on a certain option, click a corresponding item in the picture.  To get information on options available in other pages, click the corresponding link in the picture.

For details on a certain option, click a corresponding item in the picture.
To get information on options available in other pages, click the corresponding link in the picture.

Preventive Protection Level

In the default Minimum mode, Dr.Web disables automatic changes to system objects, modification of which explicitly signifies a malicious attempt to damage the operating system. It also blocks low-level access to disk and protects the HOSTS file from modification. Details

If there is a high risk of you computer getting infected, you can increase protection by selecting the Medium mode. In this mode, Dr.Web blocks access to the critical objects that can be potentially used by malicious software. Details

 

Note

Using this mode may lead to compatibility problems with legitimate software that uses the protected registry branches.

 

When it is required to have total control of access to critical Windows objects, you can select the Paranoid mode. In this mode, Dr.Web also provides you with interactive control over loading of drivers and automatic running of programs.Details

 

Custom Mode

This mode allows flexible configuration of Dr.Web reaction to particular events that can compromise security of your computer.

Protected object

Description

HOSTS file

The operating system uses the HOSTS file when connecting to the Internet. Changes to this file may indicate virus infection.

Low level disk access

Block applications from writing on disks by sectors avoiding the file system.

Drivers loading

Block applications from loading new or unknown drivers.

Critical Windows objects

Other options allow protection of the following registry branches from modification:

File Execution Options:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

User Drivers:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers

Winlogon registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit, Shell, UIHost, System, Taskman, GinaDLL

Winlogon notifiers:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

Windows registry startup keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, LoadAppInit_DLLs, Load, Run, IconServiceLib

Executable file associations:

HKLM\Software\Classes\.exe, .pif, .com, .bat, .cmd, .scr, .lnk (keys)
HKLM\Software\Classes\exefile, piffile, comfile, batfile, cmdfile, scrfile, lnkfile (keys)
HKLM\Software Restriction Policies (SRP)
HKLM\Software\Policies\Microsoft\Windows\Safer

Browser Helper Objects for Internet Explorer (BHO):

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Autorun of programs:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\Setup
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

Autorun of policies:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Safe mode configuration:

HKLM\SYSTEM\ControlSetXXX\Control\SafeBoot\Minimal
HKLM\SYSTEM\ControlSetXXX\Control\SafeBoot\Network

Session Manager parameters:

HKLM\System\ControlSetXXX\Control\Session Manager\SubSystems, Windows

System services:

HKLM\System\CurrentControlXXX\Services

 

If any problems occur during installation of important Microsoft updates or installation and operation of programs (including defragmentation programs), disable the corresponding options in this group.

 

 

Background Rootkit Scanning

Anti-rootkit component included in Dr.Web provide options for background scanning of the operating system for complex threats and curing of detected active infections when necessary.

If this option is enabled, Dr.Web Anti-rootkit constantly resides in memory. In contrast to on-the-fly scanning of files by SpIDer Guard, scanning for rootkits , i.e. malicious programs that are used for hiding changes to operating system such as running of particular processes, registry changes, modifications to files and folders, includes checking of autorun objects, running processes and modules, Random Access Memory (RAM), MBR/VBR disks, computer BIOS system and other system objects.

One of the key features of the Dr.Web Anti-rootkit is delicate attitude towards consumption of system resources (processor time, free RAM and others) as well as consideration of hardware capacity.

When Dr.Web Anti-rootkit detects a threat, it notifies you on detection and neutralizes the malicious activity.

 

Примечание

During background rootkit scanning, files and folders specified on Exclusion page of SpIDer Guard are excluded from scanning.

 

To enable background scanning, set the Scan computer for rootkits (recommended) checkbox.

 

 

If necessary, you can configure desktop and e-mail notifications of preventive protection actions.