Real-Time File System Protection |
The file system monitor SpIDer Guard protects your computer in real time and prevents infecting of your computer. SpIDer Guard automatically launches upon Windows startup and scans file when they are opened, run, or edited. SpIDer Guard also monitors actions of launched processes. To enable or disable the file system monitor 1.Open Dr.Web menu , then select . 2.In the open window, click tile. 3.Enable or disable the file system monitor SpIDer Guard by using the switcher . Figure 39. Enabling/Disabling SpIDer Guard In this section: •SpIDer Guard operation peculiarities •Selecting the scan mode by SpIDer Guard See also •Excluding files and folders from scanning •Excluding applications from scanning SpIDer Guard operation peculiarities With the default settings, SpIDer Guard performs on-access scans of files that are being created or changed on the hard drives and all files that are opened on removable media. Moreover, SpIDer Guard constantly monitors all running processes and blocks malicious processes.
By default, SpIDer Guard loads automatically when Windows starts and cannot be unloaded during the current Windows session. SpIDer Guard file system monitor parameters If infected objects are detected, SpIDer Guard applies actions according to the specified parameters. The default settings are optimal for most cases. Do not change them unnecessarily. To open SpIDer Guard parameters 1.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock . 2.Click the tile. A component parameters window opens. Figure 40. The file system monitor parameters By default, SpIDer Guard performs on-access scans of files that are being created or changed on the hard drives and all files that are opened on removable media, as well as blocking the automatic startup of their active content. This method prevents your computer from getting infected through removable media, as SpIDer Guard monitors your file system accesses in the real-time mode and blocks the execution of malicious code.
You can enable or disable the and options by using the switcher in the setting group.
In this group, you can configure actions that Dr.Web will apply to threats detected by the file system monitor SpIDer Guard. Figure 41. Configuring actions applied to threats The actions are set separately for each type of malicious and suspicious objects. These actions vary for different object types. The recommended actions are set by default for each type of objects. Copies of all processed objects are stored in Quarantine.
To access this and following sections, click the link. In this setting group, you can select the file scan mode of the SpIDer Guard monitor.
The settings of this group allow you to specify parameters for scanning objects on-the-fly and are always applied regardless of the selected SpIDer Guard operation mode. You can enable: •Use of heuristic analysis •Scan of programs and modules to download •Scan of containers •Scan of files on network drives (not recommended) •Scan of a computer for the presence of rootkits (recommended) •Scan of scripts executed with Windows Script Host and PowerShell (for Windows 10, Windows 11) Heuristic analysis By default, SpIDer Guard performs scan using heuristic analysis. If this option is disabled, SpIDer Guard will use signature analysis only. Background rootkit scanning Anti-rootkit component included in Dr.Web provides options for background scanning of the operating system for complex threats and curing of detected active infections when necessary. If this option is enabled, Dr.Web Anti-rootkit constantly resides in memory. In contrast to the on-the-fly scanning of files by SpIDer Guard, scanning for rootkits includes checking of autorun objects, running processes and modules, Random Access Memory (RAM), MBR/VBR disks, computer BIOS system, and other system objects. One of the key features of Dr.Web Anti-rootkit is delicate attitude towards consumption of system resources (processor time, free RAM, and others) as well as consideration of hardware capacity. When Dr.Web Anti-rootkit detects a threat, it notifies you on the detection and neutralizes the malicious activity.
Background rootkit scanning is enabled by default. |