The file system monitor SpIDer Guard protects your computer in real time and prevents infecting of your computer. SpIDer Guard automatically launches upon Windows startup and scans file when they are opened, run, or edited. SpIDer Guard also monitors actions of launched processes.
To enable or disable the file system monitor
1.Open Dr.Web , then select .
2.In the open window, click tile.
3.Enable or disable the file system monitor SpIDer Guard by using the switcher .
Figure 39. Enabling/Disabling SpIDer Guard
In this section:
With the default settings, SpIDer Guard performs on-access scans of files that are being created or changed on the hard drives and all files that are opened on removable media. Moreover, SpIDer Guard constantly monitors running processes for virus-like activity and, if such is detected, blocks malicious processes.
By default, SpIDer Guard loads automatically when Windows starts and cannot be unloaded during the current Windows session.
SpIDer Guard file system monitor parameters
If infected objects are detected, SpIDer Guard applies actions according to the specified parameters. The default settings are optimal for most cases. Do not change them unnecessarily.
To open SpIDer Guard parameters
1.Make sure Dr.Web operates in (the lock at the bottom of the program window is open ). Otherwise, click the lock .
2.Click the tile. A component parameters window opens.
Figure 40. The file system monitor parameters
By default, SpIDer Guard scans files that are opened, changed or launched on removable media such as CD/DVD, flash memory, and so on. This option helps you to protect the computer from viruses transmitted via removable media.
You can enable or disable the and options by using the switcher in the setting group.
In this group, you can configure actions that Dr.Web will apply to threats detected by the file system monitor SpIDer Guard.
Figure 41. Configuring actions applied to threats
The actions are set separately for each type of malicious and suspicious objects. These actions vary for different object types. The recommended actions are set by default for each type of objects. Copies of all processed objects are stored in .
To access this and following sections, click the link.
In this setting group, you can select the file scan mode of the SpIDer Guard monitor.
The settings of this group allow you to specify parameters for scanning objects on-the-fly and are always applied regardless of the selected SpIDer Guard operation mode. You can enable:
•Use of heuristic analysis
•Scan of programs and modules to download
•Scan of installation packages
•Scan of files on network drives (not recommended)
•Scan of a computer for the presence of rootkits (recommended)
•Scan of scripts executed with Windows Script Host and PowerShell (for Windows 10)
By default, SpIDer Guard performs scan using . If this option is disabled, SpIDer Guard will use signature analysis only.
Background rootkit scanning
Anti-rootkit component included in Dr.Web provides options for background scanning of the operating system for complex threats and curing of detected active infections when necessary.
If this option is enabled, Dr.Web Anti-rootkit constantly resides in memory. In contrast to the on-the-fly scanning of files by SpIDer Guard, scanning for rootkits includes checking of autorun objects, running processes and modules, Random Access Memory (RAM), MBR/VBR disks, computer BIOS system, and other system objects.
One of the key features of Dr.Web Anti-rootkit is delicate attitude towards consumption of system resources (processor time, free RAM, and others) as well as consideration of hardware capacity.
When Dr.Web Anti-rootkit detects a threat, it notifies you on the detection and neutralizes the malicious activity.
Background rootkit scanning is enabled by default.