Lists of frequently asked questions

Prior to the installation, we strongly recommend doing the following:

• Install all the critical updates released by Microsoft for your operating system (updates can be downloaded from the Microsoft update site);
• Use system tools to check the file system and fix problems, if any;
• Close other running applications.

To run the installation in normal mode, use one of the following:

• If the installation kit is a single executable file, launch the file.
• If the installation kit is furnished on a branded disk, insert the disk into your optical drive. If autorun is enabled, the installation procedure will start automatically. If autorun is disabled, launch the autorun.exe file located on the disk. The autorun window will appear.

Then proceed with the following steps:

• Press Install.

Follow the installation wizard instructions. At any installation step before file copying process is started you can use the two buttons:

• Press Back to return to the previous step;
• Press Next to move to the next step;
• Press Cancel to cancel the installation.

In order to check the version number, right-click on the Dr.Web icon in the notifications area and select About. In the next window, you will see the Dr.Web version number and all the modules versions as well.

Before you start installing Dr.Web Security Space, review the system requirements (see system requirements for version 12.0). In addition, we recommend that you:

• install all critical updates released by Microsoft for your operating system (read more about the Windows updating process);
• if the manufacturer has discontinued support for your operating system, it is recommended that you upgrade to the latest version of the operating system;
• use system tools to check the file system and fix discovered problems;
• remove any other anti-virus programs to prevent their components from possibly conflicting with Dr.Web’s components;
• if you are going to install Dr.Web Firewall, you need to remove other firewalls from your system;
• close all running applications.

The installation instructions for standard mode (using both the installation file and the Dr.Web CD) can be found in the documentation here.

1. Replace your license key for free to be able to use all the features of Dr.Web Security Space.

   ! A Dr.Web Anti-virus license key can also be used for Dr.Web Security Space, however the components included in Dr.Web Security Space but absent in Dr.Web Anti-virus will not work with the Dr.Web Anti-virus license key.

   The list of these components:

   • Spider Gate
   • Device access rules
   • Parental Control
   • Data Loss Prevention

   To replace your key, sign in to your My Dr.Web Portal for home (from the program or via the site), and in the active license's area of the License section—Active, click on Upgrade to Dr.Web Security Space free of charge.

   An email containing your new serial number and key file will be sent to your address. Read it.

   ! Free key replacement is only possible for Dr.Web Anti-virus licenses or Dr.Web Anti-virus + cryptographer licenses that are active (valid) at the moment of replacement.

   ! If you have a license that has not yet been activated, just register it—you'll be given a Dr.Web Security Space license immediately and you won't need to replace it.

   ! Once your license is replaced, your old license will be blocked in 30 days.

   
   

2. Install Dr.Web Security Space. To do this:

   Download the Dr.Web Security Space distribution file. To do this, in your license's area of My Dr.Web Portal, click on "Download".

   

   Place the license key file in the same folder with the Dr.Web Security Space distribution file.

   Uninstall Dr.Web Anti-virus for Windows; to do this, open:

   • Windows 10
     Click on "Start" - "Parameters" - "Applications".
   • Windows 8 / 8.1
     Press "Win" + "X". In the newly appeared list, select "Programs and components".
   • Windows Vista / Windows 7
     Go to "Start" - "Control panel" - "Remove Programs".
   • Windows XP
     Go to "Start" - "Control panel" - "Add and Remove Programs".

   Find Dr.Web Anti-virus for Windows on the application list; select it, and click on "Uninstall".

   To transfer custom Dr.Web component settings to Dr.Web Security Space, do not clear the box "Dr.Web Anti-virus for Windows settings" in the "Parameters to save" window.

   

   Click on "Next".

   

   Enter the CAPTCHA code and choose to uninstall the application.

   Wait for the Dr.Web Anti-virus uninstall process to complete and make sure that you restart the computer.

   

   Install Dr.Web Security Space. To do this, open the distribution file.

   Confirm the system prompt to elevate privileges to administrator ones.

   

   If you want to change the list of components to be installed, for example, to add the Firewall, which is not installed by default, click on "Installation parameters".

   

   Click on "Next".

   The license file will be found automatically if it is located in the same folder with the distribution file.

   

   Otherwise, click on "Browse" and specify the file's location.

   Click on "Install" and wait for Dr.Web to finish installing to Dr.Web Security Space.

   Once installation is complete, restart the computer.

When purchasing our anti-virus, you obtain a certificate indicating which product the license you have bought is applied to. So, you need to install the product indicated.

There are two ways to do it:

1. Disable anti-virus self-protection (right-click on the Dr.Web icon in the notifications area, select Disable self-protection, enter digits from the CAPTCHA and press Disable self-protection), then copy the drweb32.key key file from C:\Program Files\DrWeb (or the anti-virus installation folder) to a removable media. After that, locate the drweb32.key file path during the anti-virus installation the new OS.
2. Download the latest Dr.Web version from our website and launch the installation. During the installation, enter your serial number; the key will be downloaded and installed automatically.

In this case, you need to download the latest anti-virus distribution file from our website and install it.

In default installation, all the anti-virus package components are automatically installed into C:\Program Files\DrWeb\ folder.

In custom installation, you can specify the list of components to be installed (e.g. you may choose not to install a firewall if you don’t need it), select installation folder and configure update server.

To have this error fixed, you need to download and install an update for Windows, and then restart anti-virus installation.

It is not allowed to install several anti-virus programs on one PC at a time — they will conflict with each other that may considerably slow down you PC or make it completely non-operational. If you have an anti-virus software already installed on your PC, but intend to install a new product from another vendor, then you need to remove the anti-virus program you have, prior to the installation.

If you wish to install another anti-virus program, you do it at your own risk, and become responsible for all the consequences because the consequences of such installation might be unpredictable including inability of your OS to boot as a result of two or more anti-viruses installed on your PC.

After you install any vendor’s anti-virus, Windows Defender is not disabled; it switches to the passive mode. This option is regulated by Windows; no anti-virus installed in your system (including Dr.Web) can affect Windows Defender's operation. This is one of Microsoft's requirements.

Instructions on how to disable Windows Defender can be found here. If you face problems while disabling Windows Defender manually, please contact our technical support service.

The utility is not designed to be used as a main Dr.Web software uninstallation tool. Dr.Web Remover utility is a damaged Dr.Web version emergency removal tool. The anti-virus is recommended to be uninstalled with the standard Windows tools.

If the installed version of Dr.Web Anti-virus was damaged for some reasons and cannot be removed in a regular way — please use the Dr.Web Remover emergency removal utility. Run Dr.Web Remover, enter the code from the CAPTCHA (it is necessary in order to confirm that is the user, not application, who attempts to remove antivirus) and press Remove.

Like any other program, Dr.Web Anti-virus can be removed with standard operating system tools:

• In Windows 2000/XP: From Menu–>Control Panel–>Add/Remove programs.
• In Windows Vista/7: From Menu–>Control Panel–>Programs and Features.

If you were unable to remove the anti-virus in such a way, please use a special Dr.Web Remover utility, which can be downloaded here.

Dr.Web Remover is intended to be used to delete the results of incorrect/damaged installations of Dr.Web for Windows. The supported versions are 4.33, 4.44, 5.0, 6.0, 7.0, and 8.0. The utility can also be used with the same versions of Dr.Web Enterprise Suite client software when standard removal tools are not available or do not work.

If you are finding it impossible to uninstall Dr.Web using standard Windows tools, use the Dr.Web Remover emergency removal utility, which can be downloaded here:
https://download.geo.drweb.com/pub/drweb/tools/drw_remover.exe.

Run the downloaded file. Enter the CAPTCHA code (this is necessary in order for Dr.Web self-protection to be disabled) and click on Remove. After the process is complete, you need to restart your PC.

If the uninstallation fails after using Dr.Web Remover, please submit a request to our technical support service.

The Dr.Web Remover utility is not designed to be used as the main Dr.Web software uninstallation tool. This utility is an emergency removal tool used for a damaged Dr.Web version. It is recommended that the anti-virus be uninstalled with the standard Windows tools.

Dr.Web Remover is intended for removing incorrect/damaged installations of Dr.Web for Windows. The supported versions are 4.33 — 12.0. The utility can also be used with Dr.Web Enterprise Security Suite client software of the same versions in cases when standard removal tools are not available or won't work.

Doctor Web monitors new threats as they arise and promptly updates its products to ensure that they can protect against those threats. Many malicious programs try to hide deep in the bowels of the operating system at the driver level and launch while a system boots up in order to prevent security tools, including anti-viruses, from detecting them. To neutralise threats of this kind, Dr.Web’s drivers are installed on a layer below the system drivers and thus thwart all malware attempts to penetrate the system.

Windows is designed in such a way that a system restart is required to update a driver.

For detection routines to be updated or urgent updates that provide protection from brand new threats to be applied, a system must be restarted because new Dr.Web interception drivers can only be installed after the reboot.

The WannaCry outbreak is a good example of how a threat can be neutralised while it is being downloaded even on Windows PCs whose security loopholes are unpatched. The trojan wasn't able to exploit vulnerabilities because the anti-virus intercepted the malicious code on Dr.Web-protected machines.

IMPORTANT! Starting with Windows 8.0, turning off a PC and turning it back on is no longer enough—it is imperative that a system be restarted! This is critical because often after installing updates, users merely power off their computers for the night and power them on again in the morning. The update prompt pops up again, and users regard it as an error. In reality, Windows 8.0 and later versions behave differently—when Windows starts, it creates a system image and later on restores itself from the image whenever the computer is turned on. This significantly reduces a PC’s start-up time because the drivers (including those of the anti-virus) don't need to be loaded all over again.

Click on the anti-virus icon in the system tray: select the second menu item from the bottom — Update. The standard status is "Update is not required". There is also a button for a manual update (Update).

The Exclusions section lets you launch legitimate applications whose ability to work could be hindered by the anti-virus as well as open websites that interest you but may be on the list of non-recommended sites.

You should not add Windows system directories, temp folders, torrent-tracker sites, file catalogues, or sites hosting illegal software and video content.

Any option can be changed, and any restriction can be removed.

Important! The more exceptions you add in the anti-virus settings and the fewer restrictions you set for applications and websites, the lower the system security will be.

You should be very attentive to the danger notifications displayed by the anti-virus since any initially reliable sources can be compromised (hacked, forged, etc.).

If you would like to report a false positive, please use the form at this link.

Under normal circumstances, you should never do that. Disabling Dr.Web components can be very dangerous: while SpIDer Gate is disabled, the anti-virus isn't scanning traffic.

Go to Security Center → Exclusions → Website, and add the URL to the list.

The main scenarios for using masks when configuring exclusions are:

• Adding to the exclusion list sites that fall under a specified general condition (in this case, the matching part of the domain name). For more information, refer to the current documentation (examples of using masks are available in the section "To add domain names to the list" when you click on the "Details" link).
• Adding files and folders of a specific kind to the exclusion list. For more information, refer to the current documentation (examples of using masks are available in the section "To add files and folders to the exclusion list" when you click on the link "More about masks").
• Adding applications of a specific kind to the exclusion list. For more information refer to the current documentation (examples of using masks are available in the section "To add applications to the list" when you click on the link "More about masks").

1. Make sure that you are using the latest version of your anti-virus (How do I check the version? ).
2. Make sure that the requirements for the system on which the anti-virus is installed are being met.
3. Contact our technical support. Attach to the request a report from the system in which the anti-virus is installed. To do this, right-click on the Dr.Web icon in the system tray, open Security Center -> Support , click on "Go to Report Wizard", and then click on "Create report". Wait for the report-generation process to complete. A file with a .zip extension is generated—attach it to your request.

The Dr.Web Report Wizard (the dwsysinfo application) is a special Dr.Web utility for collecting system information. The utility generates a zip archive containing event logs, XML documents, the HOSTS file, and other information. The full list of data available in the report can be found here.

There are non-malicious programs that, due to their specifics, require additional configuration to operate in a system that has a running anti-virus (a well-known example is Steam). Check the documentation to see whether such limitations exist for the program with which the problem has occurred.

If necessary, you can add the program to the exclusion list.

Please note that the decision to add any program to the exclusions is at your own risk.

Right-click on the Dr.Web icon in the system tray, and select Security Center. Go to the Statistics tab, and select Detailed Report. In the newly opened window, click on the event you are interested in. Look through the list to find information about the site or program being blocked. Add the URL or file/application to the exception list being used by the component that has been blocking it.

• If the problem persists, please contact our technical support service. Attach to the request a report from the system in which the anti-virus is installed. To do this, right-click on the Dr.Web icon in the system tray, open Security Center -> Support , click on "Go to Report Wizard", and then click on "Create report". Wait for the report-generation process to complete. A file with a .zip extension is generated—attach it to your request. Specify the approximate time the blocked program was launched.
  The Dr.Web Report Wizard (the dwsysinfo application) is a special Dr.Web utility for collecting system information. The utility generates a zip archive containing event logs, XML documents, the HOSTS file, and other information. The full list of data available in the report can be found here.

Go on Doctor Web’s site to find out more about the threat that’s been detected, and check whether the troubleshooting section in the application's documentation contains any mention of possible issues related to the anti-virus software. Then allow the application to be launched or block its launch. If you can't decide what to do, you should contact our support service.

Access to the site will be denied, and the block page will be displayed.

In the system tray, click on the Dr.Web icon, and select Security Center. Go to the Statistics tab, and select Detailed report.

Exceptions are defined separately for each component. To access the settings, go to Security Center → Exclusions. Some options can be changed in the component settings (Devices and Personal Data, Parental Control, Preventive Protection).

Go to Security Center → Exclusions; specify the application as an exception for all the components, or define the application's parameters in the Preventive Protection settings.

Both are aimed at keeping the anti-virus current to protect a computer against any and all threats, including the latest ones. The difference is that when only the virus databases are updated, you don’t need to reboot the system, but when the anti-virus components are updated, rebooting may often be necessary. We strongly recommend that you act on Dr.Web reboot notifications related to component updates because out-of-sequence updating may lead to a weakening of protection.

Rebooting is needed so that the updated Dr.Web drivers work properly with the operating system. Our competitors’ anti-virus solutions are updated in the same manner.

Doctor Web strives to release Dr.Web component updates, especially critical ones, as quickly as possible. After all, the reliability of the protection directly depends on the anti-virus’s ability to intercept and cure the latest threats and still operate error free. Experience shows that for each individual product, updates that require a reboot are being released no more than once or twice a month, the only exception to this being recently released program versions and those under active development.

In the window that notifies users that a reboot is required, you can choose when you want the system rebooted. You can choose to do it now or postpone it until a time convenient for you.

Just one Dr.Web database entry can lead to the detection of tens, or hundreds, or sometimes even thousands of similar viruses.

Moreover, the presence of Origins Tracing™ and structural entropy analysis in the Dr.Web anti-virus makes it possible to detect malicious programs that are so new they have yet to undergo analysis in the Doctor Web anti-virus laboratory.

The smaller number of virus entries (compared to some other anti-virus programs) even makes it possible to detect unknown viruses (i.e., those not in the virus database) with a high degree of certainty. These are viruses that will be created on the basis of existing viruses.

How do users benefit from the small size of the virus database and the fewer number of entries in it?

• Hard drive space is conserved
• RAM is conserved
• Less Internet traffic is used when updates are downloaded
• The virus database can be downloaded at high speed, and it can operate quickly when analysing viruses
• Future viruses, those that will be created in the future by modifying existing viruses, can be detected

Thus, the fundamental difference between the Dr.Web virus databases and the virus databases of other anti-virus programs is that with its fewer number of database entries, the Dr.Web database allows as many (or even more) viruses and malicious programs to be detected.

Virus databases do indeed get larger with each update. But Dr.Web solutions use the most cutting-edge anti-virus database format so that as the virus databases get bigger, scan speed is not reduced.

Moreover, because the latest technologies are applied to Dr.Web solutions, the size of the virus databases can be reduced. This is because they exclude entries containing information about malicious programs that are automatically detected with the help of the newest technologies.

When an Internet connection is present, the anti-virus updates every 30 minutes by default (this is the most optimal setting).

When required, you can change this setting by doing the following: right-click on the Dr.Web icon located in the bottom-right corner of the system tray. Then, in the context menu, select Tools → Settings and go to the Updating tab.

Alternatively, you can update the anti-virus manually by right-clicking on the Dr.Web icon in the bottom-right corner of the system tray, and then selecting Updating in the context menu.

No, that’s not true. When you buy the anti-virus, you are paying not only for the program itself, but also for the right to get anti-virus database and module updates as well as the opportunity to contact the technical support service while your license is valid. Nobody will ever come after you for additional money! Proof of this can be found in the Dr.Web license agreement which you are invited to read before you install the anti-virus. Doctor Web assumes a number of obligations and guarantees the following:

‘Throughout the entire software usage period, the User is granted the right to receive through the Internet virus database updates as well as upgrades of the software modules as they are made available by the Rights Holder’.

The Dr.Web license agreement is a legal document that guarantees your rights as a consumer.

Hundreds of thousands of new viruses appear DAILY — and correspondingly, tens of thousands appear every hour. The overwhelming majority of them are modifications—brothers and sisters of existing viruses. Yes, the Dr.Web heuristic analyser and the Dr.Web behavioural analyser really do make it possible to detect with a high degree of probability that a file has been infected or is a Trojan itself. But “probably infected” does not mean “infected for sure”! This file will be declared a virus only after its virus signature has been added to the Dr.Web virus database.

But no anti-virus software vendor will ever guarantee you that today won’t be the day that somebody writes a brand new virus that can’t be detected by even the most perfect heuristic analyser.

As a rule, malicious programs reach their victims at the same time they reach the Doctor Web anti-virus laboratory for analysis, and in the case of the newest malicious programs (those not yet detected by any available mechanism), anti-virus analysts need time to develop and test a “cure”. Frequent updating makes it possible to minimise the time it takes for potential victims of criminal attacks to get hold of updates. Often ‘cures’ for malicious files are available, but have not yet been downloaded.

Unlike its competitors, Doctor Web’s principled position is to release updates as frequently as possible so as to minimise the time period during which new threats can pose a danger.

That is why the anti-virus databases need to be updated every time the computer is connected to the Internet or as frequently as possible if the connection is continuous.

First do the following:

• Make sure that your computer is connected to the Internet.
• If you are using a firewall, go into its settings and allow the drwupsrv.exe update module, located in the folder containing the installed Dr.Web software, to access the Internet.
• If you access the Internet through a proxy server that requires authentication with a username and password, go to the settings and specify the proxy server’s address and port, and the username and password for it. To do this, right-click on the Dr.Web icon in the notification area, and select Tools –> Settings. In the next window, go to the Proxy server tab and configure the proxy server settings.

If after trying the above, you are still experiencing difficulties, please contact the Doctor Web technical support service and describe in detail how your computer connects to the Internet (note: if a proxy server is involved, please specify whether authentication is required, and whether your browser or Dr.Web update module is configured to be used via the proxy server).

Anti-virus update downloads can include updated anti-virus databases as well as application files. In the latter case, a system restart may be required to apply the update. And in this case, the corresponding notification will appear.

The user can restart the system immediately—by closing all the running applications and pressing the Restart now button. They can also make the anti-virus show the notification later or schedule a system restart. To use either of the two latter options, first select Remind me later.

You can set the reboot time to occur within the next 24 hours.

Users are also able to restart the system on their own whenever they want. For example, go to Start → Shut down or sign out→ Restart/Shut down.

Important! Selecting the option to enter sleep mode or switching user accounts won't restart the system so that the pending updates are applied.

Important! Pressing the power button on a tablet or laptop will make the device enter sleep mode. To apply updates, restart the system using any of the available methods (including the restart option in the anti-virus notification pop-up).

Dr.Web Scanner can detect viruses in some mailboxes, but SpIDer Mail has a number of advantages:

• Not all popular mailbox formats are supported by Dr.Web Scanner, and if you use SpIDer Mail, infected emails do not even reach mailboxes;
• Dr.Web Scanner scans mailboxes, but only at the user's request or on a schedule, and not while a mail client is retrieving emails; and this action is very resource consuming and takes a considerable amount of time.

Thus, when all the Dr.Web components are configured with their default settings, SpIDer Mail is the first to detect viruses and prevent them and suspicious objects spread via email from reaching your computer. Its operation is highly advantageous in terms of computing resources; the remaining components don’t need to be used to scan email files.

There are several ways to start the scanner.

• On the desktop, find the icon with the spider on a green background — Dr.Web Scanner. Double-click the scanner to run it.
• Open the Dr.Web menu (right-click on the Dr.Web icon in the system tray) and select Security Center. Next, select Files and Network, and then Scanner. Select the desired scanning mode: express, full, or custom.
• To scan a specific object (file or folder), right-click on it. In the context menu, select Scan with Dr.Web (the icon with the black spider on a grey background). The Scanner will start immediately, and the file will be scanned.

SpIDer Mail will scan both incoming and outgoing mail on your computer, regardless of which mail client you use.

The Move action for suspicious and incurable objects means the file is moved to a special quarantine folder. After having been moved, the file loses its extension. This means the virus has literally been disarmed and rendered non-operational and, therefore, harmless. Later, you can open the Quarantine Manager (Security Center → Tools → Quarantine Manager) and delete the files if you do not need them.

The Dr.Web anti-virus is a set of programs (modules), each of which is responsible for protecting its own section of your computer. Removing (making unavailable) or disabling at least one component greatly reduces the overall reliability of the anti-virus protection, so we strongly advise you not to disable any of its modules unless absolutely necessary.

The Automatic Updating Utility and the Scheduler included in the comprehensive anti-virus are subsidiary programs.

To answer this question, you need to understand the difference between an object infected by viruses and malicious software.

Typically, a virus adds (appends its code) to an infected file so it incorporates its own code and the virus's code. Together, they represent a virus-infected file. Most of these files can be cured (and are cured) by Dr.Web anti-virus. Here we are speaking about curing files of viruses rather than curing viruses.

Malicious software in itself operates as a separate computer program, so it cannot be cured but only removed. In some cases, we can speak about curing a system (but not malicious software). This includes removing the detected threat and restoring the compromised objects.

Dr.Web for Windows 11.5:

1. Click on the Dr.Web icon in the notification area (in the lower-right corner of the screen).
2. Click on the padlock icon (Administrative mode) to allow the application to launch.
3. Click on the gear icon (Settings), and then click on General → Self-protection.
4. Toggle off the Block user activity emulation option.

Dr.Web for Windows 12:

1. Click on the Dr.Web icon in the notification area (in the lower-right corner of the screen).
2. Select Security Center, and click on the padlock icon (Administrative mode) to allow the settings to be changed.
3. Click on the gear icon (Settings) in the top-right corner of the installer window, and then click on Self-protection.
4. Toggle off the Block user activity emulation option.

You can also toggle off this option during the anti-virus installation process in the Installation parameters section — in the Advanced options tab.

To enter the safe mode when your PC is booting, press F8 at the moment the computer vendor picture disappears, before Windows logo is displayed. If you can see the Windows logo then you failed to press the button in time. In this case, you need to wait for the Windows system login window to appear, shut down and reboot your PC.

If you managed to press F8 key in time, you will see the Windows boot menu on the screen.

Use arrow keys to select a boot mode you need, and press Enter.

To check the date, roll the mouse cursor over the clock icon in the notification area. The system date will be displayed in the pop-up hint. To change the date, do the following: right-click on the clock icon in the notifications area and select Date/time settings in the open menu. In the next window, set the current date and press Ok.

Press Start–>All programs–>Standard–>Service–>Data archving. The archiving window appears. Press Next, check the Archive files and parameters in the next window and press Next. In the next window, select Allow choosing objects to be archived and press Next. Now, open My computer in the left-hand part of the window, check System State box and press Next. Specify archive file save path and name. Verify the data displayed and press Ready. When the operation is completed, you may close the archiver window.

Locate the C:\WINDOWS\inf\mstask.inf file right-click it and select Install item. During installation, you might need an OS installation disk. Your PC may need to reboot.

press Start–>Run and enter the the following command in the open line

reg export "tree" file name

For example, you need to export the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control tree into the C:\result.reg file

reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" c:\result.reg

Press Start–>Run and enter the winver command in the open line.

To reset Internet connection settings, press Start–>Run and enter the following command in the open line:

netsh winsock reset

And press Ok.

Note: to restore your previous settings, export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 registry tree prior to reset.

If the system recovery is enabled on your PC then roll back the system to a checkpoint when this problem did not exist.

If this measure was useless or the system recovery is disabled then try to use a utility located at plstfix.exe.

Try to use a utility located at plstfix.exe

A ticket is a virtual document keeping technical support calls and dialogs between an engineer an user.

It is a file checksum required to confirm data integrity and authenticity. To get the checksum, use the Hash program or visit forum.drweb.com/hash. When linking, select the file you need with the Browse button and press Compute. When the analysis is over, you will be provided with all the file information, including md5.

It is not allowed to install several anti-virus programs on one PC at a time — they will conflict with each other that may considerably slow down you PC or make it completely non-operational. If you have an anti-virus software already installed on your PC, but intend to install a new product from another vendor, then you need to remove the anti-virus program you have, prior to the installation.

If you wish to install another anti-virus program, you do it at your own risk, and become responsible for all the consequences because the consequences of such installation might be unpredictable including inability of your OS to boot as a result of two or more anti-viruses installed on your PC.

Dr.Web technologies are designed to prevent user data, including passwords, from being obtained by hackers. The password is not stored in plain text, so it cannot be recovered.

In addition, Doctor Web does not collect the personal data of Dr.Web users, and, therefore, passwords cannot be recovered by contacting our technical support service.

You have to reinstall the product you are using so that you can gain access to the anti-virus’s settings. Once you do this, all the settings you previously configured, including your password, will be lost.

1. Save the Dr.Web key file (this file has the .key extension and contains information about your license). The file can be found in the directory C:\Program Files\DrWeb. For example, put it on your desktop.
2. To reinstall Dr.Web, you will need its distribution. Download it in the Download Wizard. Enter your serial number or your key file—the file with the extension .key that contains information about your license (you can find it in the directory C:\Program Files\DrWeb)—and your registered email address, and then click on the Download button. In the newly appeared window, the download option for Windows and Android is already selected, so you can just click on the Send button. In the next dialogue box, select the download version:
   • 11.5 if you are already using Windows XP;
   • 12 if you are using Windows Vista and later versions.

   Dr.Web does not support versions below Windows XP.

   Download the Dr.Web distribution.

3. Remove the anti-virus.

   Go to the Control Panel, and select Start → Search → Control Panel. After this, depending on the type of Control Panel you have — Programs and Features or Remove program.

   In the list of programs, select Dr.Web Anti-virus or Dr.Web Security Space. Click on Remove, and follow the Removal Wizard's instructions.

   

   In the Parameters to save window, clear the checkbox next to Settings.

   

4. After you remove the solution, restart the computer, and reinstall Dr.Web. Your key file will be downloaded automatically.

   If the key file is not downloaded automatically during the installation, enter it manually. To do this, in the anti-virus's menu, select Licenses. In the License Manager window, click on the Buy or activate new license button. Then click on the text or specify the key file, and select the previously saved key file — the desktop file that begins with SL and has the .key extension.

Yes, you need to specify the proxy server you are using in the Dr.Web Security Space settings.

1. Click on the Dr.Web icon in the notification area (in the lower-right corner of your screen).
2. Select "Dr.Web Security Center" and then the padlock icon (Administrative mode) in the lower-left corner of the window; to ensure the settings can be accessed, allow the launch of the application.
3. If you set a password to access the settings — enter it.
4. The icon in the lower-left corner of the window will change to .
5. Click on the gear icon (Settings) in the top-right corner of the window, and click on Network.
6. After clicking, toggle the switch Use proxy server to the On position. If the proxy server settings were not previously set up, the Proxy server parameters 6. window will automatically open. Otherwise, click on Change.
7. Specify the connection parameters

No, for security reasons. If no restrictions are placed on accessing the settings, cybercriminals could change the anti-virus’s settings to block its operation.

Click on the Dr.Web icon in the notification area (in the lower-right corner of your screen). If the icon is not displayed in the tray, click on the “up arrow” button

and in the newly opened panel, click on the Dr.Web icon .

! The appearance of the “up arrow” may vary depending on the OS version and its settings. For example, it may look like or .

Click on “Security Center”

If the button is not displayed (it can be hidden by your network administrator), contact your system administrator or use the “Start” button to launch the Security Center.

The “Security Center” window will open. The list of contents may vary depending on your product version.

The list of available options may vary depending on your product version and the settings configured by your network administrator.

By default, the changing of settings is disabled. To change them, click on the padlock icon (Administrative mode) in the lower-left corner of the window. If you set a password to access the settings — enter it.

The icon in the lower-left corner of the window will change to .

Dr.Web Anti-virus can not only detect known malicious programs but also block the actions of the latest tools used by hackers. Dr.Web Preventive Protection monitors the requests all running programs make of various system resources and, with the help of special rules, identifies actions that are atypical of legitimate programs. In this case, the message indicates that an attempt was made to inject some code into a running process — legitimate programs rarely act in such a way.

Thus, Dr.Web Anti-virus has blocked hackers from using the computer’s unclosed vulnerability.

To avoid such situations, you need to install all the security updates released by Microsoft to date in the system where the malicious action is being detected. After this, reboot your PC.

You must also ensure that the Dr.Web components are up to date and that the virus databases show today’s date.

To detect threats, in the Dr.Web Preventive Protection settings, select Ask as the action for the option Integrity of running applications, and also enable exploit protection interactive mode.

Contact our technical support. Attach to the request a report from the system in which the anti-virus is installed. To do this, right-click on the Dr.Web icon in the system tray, open Security Center -> Support , click on "Go to Report Wizard", and then click on "Create report". Wait for the report-generation process to complete. A file with a .zip extension is generated—attach it to your request.

The Dr.Web Report Wizard (the dwsysinfo application) is a special Dr.Web utility for collecting system information. The utility generates a zip archive containing event logs, XML documents, the HOSTS file, and other information. The full list of data available in the report can be found here.

Try running SpIDer Gate with the -dbg: 2 parameter. To do this, click Start-> Run, type in the string provided below:

"C:\Program Files\DrWeb\spidergate.exe" –dbg:2

Click Ok.
If the problem persists, please contact the technical support service.

No, SpIDer Gate is an HTTP-monitor. It performs the following tasks:

• Scan incoming and outgoing HTTP-traffic
• Intercept all HTTP-connections
• Filter Data
• Block loading infected pages automatically in any browser
• Scan archived files
• Protect from phishing and other dangerous online resources.

At the same time the firewall protects your PC or network from unauthorized access.

Thus, SpIDer Gate and the firewall must operate simultaneously on your computer to protect your system against viruses and network attacks.

No. SpIDer Gate operates independently of the programs that use the Internet (including browsers).

Dr.Web anti-virus engine is so fast that SpIDer Gate won’t delay loading of web-pages or slow-down file transfers.

For version 5.0:

1. Increase log file size up to 5 Megabytes. Right-click on the Dr.Web icon in the notifications area, select SpIDer Gate–>Settings, in the next window proceed to the Log tab and modify the File size limit field value.
2. Right-click on the Dr.Web icon in the notifications area and select SpIDer Gate ->Disable.
3. Press Start–>Run, copy one of the strings below to the Run field and launch SpIDer Gate:
   • "C:\Program Files\DrWeb\spidergate.exe" -dbg — enable verbose logging,
   • "C:\Program Files\DrWeb\spidergate.exe" -dbg -dbg — debug logging.

Version 6.0

Right-click on the Dr.Web icon in the notifications area and select SpIDer Gate–>Settings from the list (if this item is unavailable, you should first switch to the Administrator mode). In the next window, open the Log section and use the slider to set the Extended mode. Press Ok to confirm the changes made.

Further, if required, you can reproduce the problem that must be analysed using the extended report. Please keep in mind that the Debug log is not always required because redundant information might complicate troubleshooting.

It is not recommended to disable the SpIDer Gate HTTP monitor because nowadays a lot of malware is distributed via infected websites. There are many script viruses and exploits that can cause harm to the system before they are saved to your hard drive and, consequently, detected by the SpIDer Guard® file monitor.

If disabling HTTP monitor is still necessary, right-click on the Dr.Web icon and in the next menu, select SpIDer Gate –> Disable. When anti-virus self-protection screen appears, type digits from the picture into the string and click Disable SpIDer Gate.

Right-click on the Dr.Web icon in the system tray and select SpIDer Gate-> Disable in the context menu.

Caution! It is not recommended to disable the HTTP-monitor SpIDer Gate because nowadays a lot of malware is distributed via infected web sites. There are many script viruses and exploits that can harm the system before they are saved to your hard drive and, consequently, detected by the file monitor SpIDer Guard.

Since SpIDer Gate utilizes the Dr.Web engine and databases, it is updated automatically along with other anti-virus modules.

As other modules of the program Dr.Web, SpIDer Gate features the same anti-virus engine and uses the same virus databases and therefore is updated along with other modules.

The red icon indicates that SpIDer Gate is disabled. To activate it, right click on the Dr.Web icon in the notification area. In the menu, hover over the SpIDer Gate item and in the drop-down list select Enable.

If the icon remains red, you have two options:

• Application error – in this case you need to contact the Technical support service.
• Your license does not cover SpIDer Gate. In this case, it is recommended to remove the component: Go to Start-> Settings-> Control Panel-> Add and Remove Programs, find the Dr.Web anti-virus on the list, click Modify and follow the wizard's instructions to disable this component.

The unique Dr.Web anti-virus engine allows SpIDer Gate to scan traffic so quickly that you will never notice any delay when viewing web pages and downloading files from the Internet.

If you believe that SpIDer Gate has mistakenly blocked a respected site, please let us know through the form on our website.

If you need to access a suspicious site, right click on the Dr.Web icon in the system tray and in the context menu select SpIDer Gate-> Settings. Clear the Block known source check box and press Ok.

Caution! Disabling this option is not recommended, because pages from all sites, including potentially dangerous ones will be loaded without a corresponding warning.

SpIDer Gate's log file name is spidergate.log. The file is located in the C:\Documents and Settings\Your_user_name\DoctorWeb folder.

SpIDer Gate is compatible with all web-browsers.

Dr.Web anti-virus engine is so fast that SpIDer Gate won’t delay loading of web-pages or slow-down file transfers.

The Speed balance option allows you to adjust the amount of CPU time utilized to scan Internet traffic. The higher the scanning priority, the more CPU resources it will use, but it will help maintain high speed connectivity. Low priority results in low CPU load and slower network communication speed. Changing the default value usually is not required.

In fact, the component does not consume traffic. The component checks it while passing it through itself. It processes as much traffic as is generated by the applications that have accessed the Internet and the data that has been received/sent over the network.

Technically, it looks like this:

On its own initiative, the dwnetfilter component does not connect to the Internet, it only intercepts connections from other applications.

To exclude the false effect that the dwnetfilter component is consuming traffic, you need to exclude it from your traffic control program, if this option is available. It makes no sense to track application traffic separately or their total traffic via the proxy (dwnetfilter).

One of SpIDer Gate’s tasks is to inform users that visiting some websites is dangerous or undesirable, for reasons that include the presence of “pirated” content. Dr.Web informs users about such websites because they are accompanied by malicious programs. Websites are included in the so-called Dr.Web “anti-piracy” database only on the basis of allegations made by content copyright holders. Each allegation is verified by Doctor Web’s lawyers before the decision is made to include the corresponding URL in the database. When users receive SpIDer Gate notifications concerning the undesirability of visiting pirated websites, they are getting objective, legally considered information about intellectual property infringement. Thus, Doctor Web helps users of its products:

• avoid becoming the victims of criminals, who for their own selfish ends use others’ works and trademarks, and the fruits of others’ intellectual labours, for illegal purposes;
• avoid potential criminal indictment for downloading, using, and further distributing pirated content;
• protect PCs against infections occurring as a result of downloading unlicensed content that is accompanied by malicious programs.

Users make their own decisions as to whether it is worth visiting the websites they have been notified about. The SpIDer Gate component can be enabled or disabled at their discretion.

Click on the Dr.Web icon in the system tray.

Open the Dr.Web Security Center.

Windows administrator permissions are required for changes to be made to Dr.Web’s settings. Click on the padlock icon to provide them.

Confirm the system prompt to elevate privileges to those of an administrator.

Click on "Exclusions".

Click on "Websites".

Add the URLs to which you want to allow access. After entering a site address, click on the "+" button.

To add a specific site to the list, enter its address (for example, www.example.com). Access to all the resources located on this site, will be allowed.

To allow access to sites whose address contains a specific text, type the following text in the field. Example: if you enter the text "example", access to example.com, example.test.com, test.com/example, test.example222.ru, etc., will be allowed;

To allow access to a specific domain, specify the domain name with the symbol ".". In this case, access to all the resources on that domain will be allowed. If you use the symbol "/" when specifying a domain, the part of the substring to the left of the character "/" will be considered the domain name, and the part to the right of the symbol—the part of the allowed address on this domain. Example: if you enter the text example.com/test, the following addresses will be allowed: example.com/test11, template.example.com/test22, etc .;

To exclude certain sites from scanning, enter the corresponding mask. Masks are added in the format: mask://...

The mask specifies the name pattern:

• the symbol "*" replaces any, possibly empty, sequence of characters;
• the symbol "?" replaces any, including empty, but only one symbol.

Examples:

mask://*.ru/ — all sites in the .ru zone will open;

mask://mail — all sites containing the word "mail" will open;

mask://???.ru/ — all sites in the .ru zone whose names consist of 3 or more characters will open.

When added onto the list, an entered string can be converted to the universal form. For example, http://www.example.com will be converted to www.example.com.

• Click on the spider image in the system tray.
• Click on the closed padlock icon—the system will request elevated privileges.
• Agree, and, if necessary, enter the administrator account password. The closed padlock is now open.
• Click on the gear icon.
• In the Dr.Web settings window, open the Parental Control tab.
• In the section on the right, select the user account for which you want to set restrictions.
• Click on Change in the Internet section.
• In the drop-down list, select Block by categories.
• Select the categories of the sites you want to block.

Doctor Web specialists are continuously adding sites to the list for each category. How they do this is described in this Moscow News article.

Find out more

• Non-recommended sites
• Dangerous sites

• Go to the Parental Control tab.
• In the section on the right, select the user account for which you want to set restrictions.
• Click on Change in the Internet section.
• Select Block by categories
• Click on the button Whitelists and blacklists.
• To make sure that access to a certain site is not blocked, add its address to the whitelist.
• To add a site to the list of unwanted sites, add its address to the blacklist.
• If you want the user to access only specific sites, add the site addresses to the whitelist and choose the option Block all except websites from the whitelist.

Popular search engines, such as Google and Yandex, offer a safe search option that enables links to sites containing dangerous or unwanted content to be excluded from search results. So that the browser toggles on the safe search option automatically, enable the corresponding Parental Control feature.

Find out more

• Non-recommended sites
• Dangerous sites

• Open the Files and Folders tab, and click on the switch.
• Add the paths to the files and folders to the list, and select an access mode.

If you choose Read-only, your child will be able to view files and folder contents but won't be able to change or delete them.

The Blocked option will mean that the files and folders will be inaccessible.

• Select Start → Settings.
• Go to the Accounts section.
• Click on Family and other users.
• Make sure the user accounts for which you have imposed the restrictions do not have administrator privileges.
• If necessary, change their account type from Administrator to Standard.
• Also make sure that a reliable password is specified for your Administrator account. If no password is specified, press Alt + Ctrl + Delete, and click Change password. Enter the new password in the New password and Confirm new password fields. Then press OK.

• Open the Time tab.
• Use the time grid to create an access schedule.
• Instead of using the calendar, you may choose the option Interval time limit.

Add the site's address onto the white list, or if you are sure that the site is blocked by mistake, report the false positive to Doctor Web.

Send links to web-site mistakenly rated by the module as undesirable to Doctor Web's laboratory via the web-form on our website.

Right-click on the Dr.Web icon in the notification area and select Parental Control → Settings. Enter the password and select Allow access to all sites. In the Local Access tab, select Allow and Unlimited in the corresponding sections. Click Apply to save the changes.

Caution! Disabling Parental control will allow access to all resources on the Internet, LAN and the PC.

There is no way to recover a Parental control access password. The only solution is to import a new password into the registry from a special file.

1. Use the download link to obtain the file
2. Disable the anti-virus's self-protection
3. Double-click on the downloaded file and agree to modify the registry
4. Enable self-protection
5. Now your password is "drweb" (without the quotes), do not forget to change it in the Parental control settings.

Right-click on the Dr.Web icon in the notification area and select Parental Control → Settings. If this is the first launch of the Parental control module, you will need to set a password for it. Then in the subsequent window select what you want to block and then click Apply.

If the password for parental control is not specified, each time you open parental control settings, you will be prompted to set a password. It is Recommended that you set a password right away to prevent unauthorized access to these settings. If no password is required, click Cancel.

If upon activating the Parental control you receive the message "Unable to find a key file", it means that your license does not cover the Parental control. In this case, it is recommended to remove the component: Go to Start–> Settings–> Control Panel–> Add and Remove Programs, find the Dr.Web anti-virus on the list, click Modify and follow the wizard's instructions to disable this component.

Use the local access settings to restrict access to resources on your computer - files and folders. In addition, it is possible to prohibit the use of removable storage media and access to the LAN. By restricting access to such resources you can avoid damaging or removing sensitive data by a third party and prevent unauthorized access to confidential information.

The Parental control module allows you to restrict users' access to certain sites on the Internet, local files and folders, local network resources. An administrator can manually configure a list of banned sites or take advantage of the constantly updated thematic lists provided by Doctor Web.

Local access protection and the URL filter are parental control features disabled by default. You need to activate them manually by setting the parental control operation mode and access password in its settings.

The Parental control module can restrict acces to any specific sites or web-pages, as well as to all known sites containing information on certain subjects (such as sites about drugs or weapons, sites of paid on-line games, etc.). A list of specific websites to be blocked is set up by the user; both individual addresses and keywords found in URLs can be specified in this block list. Blocking websites by subject is carried out automatically using the lists, updated regularly by Doctor Web.

If you set a password for accessing the Parental Control, only the computer's administrator will be able to do so after entering the password. If no password is set, then any user with administrative privileges will be able to change the settings.

If Dr.Web has detected a malicious program, one of the following actions can be applied to it:

• Cure — Dr.Web can try to restore the infected file to its original state.
  In most cases, the "Cure" option will be unavailable. This action is only available for files infected with known, curable viruses. Trojans and compromised files found in other objects (archives, email files and file containers) cannot be cured.

• Remove — a malicious object (file, script, email attachment, etc.) is permanently deleted.

• Move to quarantine — if for some reason you want to save a file (for example, to send it to Doctor Web’s virus laboratory), you can move it to the secure quarantine folder where it will not be able to harm your PC.

• Ignore — no action is taken. Choose this option only if you are completely sure that the threat is in fact a false positive.

New threats are emerging every day, and it is quite possible for a trojan to get into your system undetected since no corresponding definition yet exists in the virus database and the malware has not done anything suspicious to expose itself. As a result, the file monitor SpIDer Guard, which scans files, whenever they are being opened, launched, or modified, and watches over running processes, cannot detect it.

Dr.Web recommends

Schedule regular system scans to occur at least once a week. You can set up the scans to be run at the most convenient time for you—for example, when you are not using your PC.

Dr.Web scanner for Windows either scans files at the user’s command or on the schedule specified in the Scheduler. Not all the files are checked, but only those specified in the scanner settings instead. By default, files are checked by format — i.e., files in archives, packed and e-mail files, and RAM and all the autorun objects as well. You may choose to scan disks, folders, scan by file types, by preset mask, or scan all the files. To view current scanner settings, go to the program main window menu bar and select Settings–>Modify settings.

Quick scan of the critical system objects with the anti-virus scanner is launched automatically as the program starts. It is required to find out if any viruses exist in the system. After the scan is complete, two right windows indicate numbers. The left one shows the number of viruses found on your PC, while the right one — the number of RAM objects and files scanned with the anti-virus scanner.

In order to launch full scan, please use the Task scheduler.

Open the Windows task scheduler (Start->Control panel->Assigned tasks). Find the Dr.Web Daily Scan task pre-installed during installation and open it to edit. In the Task tab, check Enabled. In the Schedule tab, specify scan frequency and time you need. Press Ok to apply the settings. Enter user name and password upon the operating system request.

In order to edit a task pre-installed during the anti-virus installation, right-click on the Dr.Web icon in the notifications area and select Tools->Scheduler. In the next window, select the Drweb Daily Scan task, which is disabled by default. You should enable it (by right-clicking the task and selecting Enable option). In the Triggers tab, edit launch time and frequency.

The Move action in respect to infected and incurable objects means the following: an object is moved to a special directory specified in the Move to field (by default, it is the infected.!!! subdirectory of the Dr.Web installation directory) and accessible even after the scan is over. Furthermore, after having been moved, the file loses its extension. Such actions mean that the virus is actually “disarmed”, rendered incapable and, therefore, absolutely safe.

To have all the messages marked with Dr.Web spam filter automatically moved to a specific folder — let's call it Spam, for example, — follow the below steps:

1. Right-click on the Dr.Web icon in the notifications area and select SpIDer Mail–>Settings. Go to the Anti-spam tab, and check the box next to Add a prefix to the Subject field of e-mails containing spam. In the field below, enter any word or letter combination you like — that's what will be a prefix Dr.Web spam filter will add to the subjects of messages specified to be a spam.
2. In your e-mail client, create a folder for spam filtering and configure rule for it so that messages having a prefix you have entered to the Add a prefix to the Subject field of e-mails containing spam be placed into it automatically.

Below are detailed steps on how to set up rules for various e-mail clients. It is assumed that the Anti-spam is configured to mark an incoming spam with the [SPAM] prefix. If you chose an alternative prefix, use it in accordance with this manual...

Microsoft Outlook Express 6

1. Create a new folder into which spam will be moved:
   • right-click on the account name, and in the context menu select "New Folder...";
   • enter the Spam folder name, and click "OK".
2. Set a filter rule for messages marked as spam:
   • in the menu, select "Tools" - "Rules for messages" - "Mail ...";
   • in the first list, check the "Search for messages containing specific words in the "Subject" field;
   • in the second list, check the "Move to a specified folder";
   • in the "Rule description", click on the "containing specific words";
   • enter the [SPAM] key word, and press "Add", then "OK";
   • in the "Rule description", click on the "specified";
   • select the "Spam" folder created in step 1, and press "OK";
   • in the "Rule name", type "Spam filtering", and press "OK" twice.

Microsoft Office Outlook 2003:

1. Create a new folder into which spam will be moved:
   • right-click on the account name, and in the context menu select "New Folder...";
   • enter the Spam folder name, and click "OK".
2. Set a filter rule for messages marked as spam:
   • in the menu, select "Service" - "Rules and alerts...";
   • Go to the "E-mail rules" tab;
   • click on "New...";
   • select "Create a new rule";
   • in Step 1, select the "Check messages upon receipt", then click "Next";
   • in Step 1, select "containing in the "Subject" field;
   • in Step 2, click on "";
   • in the upper field, enter [SPAM], and press "Add", then "OK" and "Next";
   • in Step 1, select "move them to the folder";
   • in Step 2, click on "";
   • select the "Spam" folder created in step 1, and press "OK", then "Next" twice;
   • in Step 1, specify the "Spam Filtering" rule name, and click "Finish", then "OK".

Microsoft Office Outlook 2007:

1. Create a new folder into which spam will be moved:
   • right-click on the account name, and in the context menu select "New Folder...";
   • enter the "Spam" folder name, then in the "Folder content" list, select "elements such as Mail"; in the "Place folder into..." tree, choose a location where the "Spam" folder will be stored.
2. Set a filter rule for messages marked as spam:
   • in the menu, select "Service" - "Rules and alerts...";
   • Go to the "E-mail rules" tab;
   • click on "New...";
   • select "Move all messages containing specific words in the subject field to folder", and click "Next";
   • in Step 1, select "containing in the "Subject" field";
   • in Step 2, click on "";
   • in the upper field, enter [SPAM], and press "Add", then "OK" and "Next";
   • in Step 1, select "move them to the folder";
   • in Step 2, click on "";
   • select the "Spam" folder created in step 1, and press "OK", then "Next" twice;
   • in Step 1, specify the "Spam Filtering" rule name, and click "Finish", then "OK".

Windows Mail 6 (Windows Vista):

1. Create a new folder into which spam will be moved:
   • right-click on the account name, and in the context menu select "New Folder...";
   • enter the "Spam" folder name; in the "Select the folder in which a new folder will be created" tree, select a location where the "Spam" folder wil be stored.
2. Set a filter rule for messages marked as spam:
   • in the menu, select "Service" - "Message rules " - "Mail...";
   • click on "New...";
   • in the "1. Select conditions for this rule" list , flag the "Search for messages containing specific words in the "Subject" field";
   • in the "2. Select actions for this rule" list, flag the "Move to the specified folder";
   • in the "3. Rule Description" field, click on "containing specific words";
   • in the "Enter the keywords" dialog box, type [SPAM] in the "Enter keywords or sentence and click" Add"" field, press "Add", then "OK";
   • in the "3. Rule Description" field, click on "specified";
   • in the next "Move" window, select the "Spam" folder created in step 1, and press "OK";
   • in the "4. Rule name" field, type "Spam Filtering" and click "OK" twice.

Ritlabs The Bat! 4

1. Create a new folder into which spam will be moved:
   • right-click on the account name, and in the context menu select "New" - "New Folder...";
   • enter the Spam folder name, and click "OK".
2. Set a filter rule for messages marked by anti-spam as spam:
   • right-click on the account name, and in the context menu select "Inbox Assistant settings...";
   • right-click on the "Incoming mail", and in the context menu, select "New rule";
   • in the "Name" field, enter "Spam filter";
   • click on "Sender" and choose the "Subject" line from the drop-down list;
   • enter [SPAM] into the field after the word "containing"
   • under the "Actions" list, click "Add";
   • in the drop-down list, select the "Move message to folder";
   • in the folder tree, select the "Spam" folder created in step 1, and click "OK" twice.

Mozilla Thunderbird 2.0

1. Create a new folder into which spam will be moved:
   • right-click on the account name, and in the context menu select "New Folder...";
   • enter the Spam folder name, and click "OK".
2. Set a filter rule for messages marked by anti-spam as spam:
   • select the account name in the tree of accounts and folders;
   • in the menu, select "Tools" - "Message Filters...";
   • press "Create...";
   • in the "Filter name" field, enter "Spam filter";
   • in the list below, sequentially select "Subject", then "contains" from the drop-down lists; in the right-hand field, enter [SPAM];
   • from the drop-down lists in the list far below, sequentially select "Move message to...", and in the next box, select the "Spam" folder created in step 1, then press "OK";
   • close the "Message filters" window.

• To make it short, let’s apply “spam” name to all unsolicited e-mails. The bulk of it comprises advertisements offering different goods and services.
• The most dangerous among spam messages are phishing, pharming and scamming ones. Nigerian scams, lottery and casino scams, fraudulent messages from banks and credit organizations are characteristic of them.
• Next come black political and economic PR scams and the so-called “letters of happiness”.
• There is also a technical spam, or bounce messages, generated by mail servers in reply to undelivered message, whether you did send one or not. Such e-mails might emerge as a result of mail server poor work or virus activity, of some e-mail worm, for instance.

Incoming mail filtering is processed by SpIDer Mail, one of Dr.Web modules. The following steps describe how to activate the spam filter:

• In SpIDer Mail menu on the Windows Task Panel choose “Settings” – the SpIDer Mail “Settings” window will appear.
• In the “Scan” pane of the SpIDer Mail “Settings” window enable the “Check for the spam” checkbox and press OK to save the changes made; then close SpIDer Mail “Settings” window.

After you’ve activated your spam filter, SpIDer Mail with Vade Retro anti-spam engine integrated into it starts filtering all your incoming mail on POP3 and IMAP4 protocols.

To move automatically all messages marked as spam by Dr.Web Anti-spam into definite mail folder in your mail client, do the following.

1. In SpIDer Mail menu on the Windows Task Panel choose “Settings” – the SpIDer Mail “Settings” window will appear. Press the “Advanced…” button. The “SpIDer Mail® Spam Settings” window will open. Check the “Add prefix to the subjects of the spam messages” box. Input any word or combination of symbols in the field below it. This will be the prefix Dr.Web Anti-spam will add to subjects of messages marked as spam.
2. In the mail client you use, make a new folder for spam. Make the rule for this folder so that all the spam messages with the prefix you specified in the “Add prefix to the subjects of the spam messages” filed are placed there automatically.

Whitelists and Blacklists contain mail addresses you either trust or not.

• If the sender’s e-mail address is added to the Whitelist, these messages are not filtered. However, if the sender and the receiver share the same domain name e-mail addresses and this domain name is enlisted in the Whitelist with the “*” symbol, it is filtered for spam.
• All messages enlisted in Blacklist are marked as spam without additional analysis.

Both lists settings should be fill in one after another, parted by “;”. The “*” sign can be used as a part of e-mail address. For example, *@domain.org passes for all addresses with “domain.org” domain name.

In case some messages are falsely filtered, they should be forwarded as attachments to special addresses for analysis and correction of spam-filtering techniques.

• Messages, falsely marked as spam , should be forwarded as attachments to nonspam@drweb.com
• Messages, falsely marked as non-spam , should be forwarded as attachments to spam@drweb.com.

At first all spam messages were of Latin origin and spam-filters’ developers, represented for the most part by Western companies, were aimed at filtering these ones only. Later on spammers switched into Cyrillic, too. But since the bulk of spam is still in Latin, there are some difficulties to filter Cyrillic spam.

To save your Cyrillic correspondence from being filtered as spam without a prior analysis, check the “Allow Cyrillic texts” box. Otherwise such e-mails are likely to be marked as spam. “Allow Chinese, Japanese, Korean text” option works the same way.

Right-click on the Dr.Web icon in the notification area. In the menu, hover over the Firewall item and in the drop-down list, select Settings. Click the Application tab.

To create an application rule, click Create. In the opened window, specify the path to the executable file for the program for which you are creating the rule, and select

1. the rule type for launching network applications:
   • Allow — to allow the application to launch processes.
   • Block — to block the application from launching processes.
   • Not configured — to customize the selected firewall operating mode for this application.
2. and the rule type for accessing network resources:
   • Allow all — the application will be permitted to access the network.
   • Block all — the application will be blocked from accessing the network.
   • Custom — access will be determined by the parameters specified.
   • Not configured — to customize the selected firewall operating mode for this application.

You do not need to configure rules manually if the firewall is operating in the training mode — it is easier to configure access for each application right from the firewall notification window when it attempts to connect to the network for the first time.

Dr.Web Firewall has four operating modes:

• Allow unknown connections — all unknown connections are allowed. Protection is not active.
• Training mode (create rules for known applications automatically) — learning mode. Rules for known applications are created automatically. The user will be prompted to choose what action to take with all unknown connections.
• Interactive mode — learning mode. When the operating system or an application attempts to connect to a network, the firewall will prompt the user to choose an action.
• Block unknown connections — all unknown connections will be blocked without prompting the user.

If you install a Dr.Web package that includes the firewall, you will be prompted to deactivate the Windows firewall. The Windows firewall must be disabled, doing otherwise will result in numerous conflicts that can cause errors or an OS crash.

Neither it is recommended to enable the Windows firewall while the Dr.Web firewall is working.

You can't disable automatic startup for the firewall with standard tools available in the system.. However, you can disable temporarily various anti-virus modules including the firewall at any moment. Right click on the Dr.Web icon in the system tray and select Firewall-> Disable in the context menu.

Note: If the Disable item is not available in the menu, switch to the Administrative mode.

Dr.Web Firewall in the real time mode creates rules for applications running in the system but are not on its list. Therefore, you must create rules for such applications when they attempt to connect to the network for the first time. A connection request is issued for specific ports and protocols utilized by the application. You can allow all the requested connections, a connection only for a specific protocol and port, or block the connection. Once the rule is created, the firewall handles requests according to the rule and no longer gives out messages regarding application's network activity to the user.

The predefined database contains rules for the most popular programs, as well as all Windows system services and applications. The database is updated on a regular basis.

For more information see the video tutorial on configuring the Dr.Web firewall.

The firewall is a program that controls the exchange of data between your PC and the rest of the network. The firewall's main job is to monitor application-generated network activity and prevent hackers or malicious programs from trying to send information from your PC to the network or, vice versa, to accept it from a remote source without authorisation.

In this mode, the firewall can be trained to respond to attempts made by programs to access the Internet.

Upon detecting programs making attempts to access network resources, Dr.Web Firewall checks whether filtering rules have been set for those programs. If the rules haven’t been specified, the user is prompted to either choose a single action for the firewall or create a rule that will be used in the future to process such an application's network activity.

If the firewall is blocking your ability to work with the network, you need to do the following:

1. To reset the settings, click on the Dr.Web icon in the system tray, and in the Dr.Web menu, select Security Center. Click on the icon in the lower-left corner of the window, and then on — in the upper-right corner. In the Manage settings section, select Change → Restore defaults, and click on OK.

   

   Important! This action will reset all of the user settings for all the Dr.Web components, and you will need to configure them again.

   After that, when you try to access the Internet, you may see requests from the firewall (to create a rule, to block once, to allow once). Create allow rules for selected applications by clicking on the button Create rule → Allow → OK.

   For more on how to train the firewall, refer to the documentation

2. Please contact our technical support service. Attach the report created by the DwSysInfo utility to your request.

   To generate a report:

   1. Download and save the utility on your PC: https://download.geo.drweb.com/pub/drweb/tools/dwsysinfo.exe
   2. Launch the saved dwsysinfo.exe file.
   3. Click on the Generate report button.
   4. Wait for the report-generation process to complete.

To prevent a specific program from connecting to the Internet, create a new rule. Click the Dr.Web icon on the taskbar, and select Security Center → Files and Network. Click on the icon.

In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Select the Firewall section, and click on Change in the Application rules.

In the newly appeared window, click on the icon to add a new rule.

In the next window, enter the path to the application's executable file, and in the drop-down list Launching network applications, select Block. Then select Block all on the Access to network resources list.

Click on OK to have your changes go into effect.

The notification window’s appearance indicates that a processing rule has not been set for the application to which the firewall has reacted. You can do one of the following:

• Allow once — the application’s network activity is allowed for the duration of the current session. After the PC is restarted or you want to use the program again, the firewall will prompt you to allow the Internet connection again.
• Block once — this blocks the program’s network activity. Only for the current session.
• Create rule — when you configure a rule for an application, the firewall will automatically follow this rule. By selecting this option, you will see a window that lets you choose a course of action:
  • Allow network connections for the application on port *port number*
  • Block network connections for the application on port *port number*
  • Allow all network connections
  • Block all network connections
  • Create custom rule — you can create a new firewall rule for the current program.

Note. Always try to create rules to automate the firewall's operation.

To prevent a specific program from connecting to the Internet, you have to create a new rule. Click on the Dr.Web icon on the taskbar, select Security Center → Files and Network and click on the .

In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Select the Firewall section, and click on Change in the Application rules.

In the newly appeared window, click on the icon to add a new rule.

In the next window, enter the path to the application's executable file, and then in the drop-down list Launching network applications, select the action you need:

• Allow — when you try to run the network application, the firewall will allow this action.
• Block — when you try to run the network application, the firewall will block this action.
• Not specified — when you try to run the network application, the firewall will issue a request.

Then select the action you need from the Access to network resources list:

• Allow all — any network activity will be allowed for the program.
• Block all — any network activity will be blocked for the program.
• Custom — you can manually configure all the parameters for the program’s network activity.
• Not specified — every time the program tries to access the Internet, the firewall will issue a request before connecting.

Click OK to have your changes go into effect.

If the firewall is operating in interactive mode, there is no need to manually configure rules — it is easier to configure access for each application at the time of its initial network activity, directly from the firewall notification window.

Click on the Dr.Web icon on the taskbar, select Security Center → Files and Network, and click on the icon. In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Then, toggle on the switch to make the Firewall component active — its frame will turn red.

To reset the settings, click on the Dr.Web icon in the system tray. In the Dr.Web menu, select Security Center. Click on the icon in the lower-left corner of the window, and then on — in the upper-right corner. In the Manage settings section, select Change → Restore defaults, and click on OK.

Important! This action will reset all the user settings for all the Dr.Web components, and you will need to configure them again.

Dr.Web Firewall has three operating modes:

• Allow unknown connections — all unknown connections are allowed. Protection is not active.
• Allow connections for trusted applications — rules for known applications (with a valid digital signature) are created automatically. The user will be prompted to choose what action to take with all unknown connections.
• Interactive mode — learning mode. When the operating system or an application attempts to connect to the network, the firewall will prompt the user to choose an action.
• Block unknown connections — all unknown connections will be blocked without prompting the user.

The user can configure the mode in the firewall's settings. If a rule has already been set for an application, the firewall will follow it.

A parent process is a process or an application that can run other applications. Users can configure rules for parent processes in the window used to create or edit rules for an application with the help of the drop-down list Launching network applications.

Click on the Dr.Web icon on the taskbar, select Security Center → Files and Network, and click on the icon. In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Select the Firewall section, and click on Show additional settings. In the Operation parameters for known networks section, click on Change. In the next window, the user can define a set of predefined rules for each network connection.

• Allow all — all packets are allowed.
• Block all — all packets are blocked.
• Default rule — rules that describe the most popular network configurations and common attacks (used for all interfaces by default).

Click on the Dr.Web icon on the taskbar and select Security Center → Statistics → Firewall.

This firewall element manages the traffic flow via the selected protocols by allowing or blocking packets according to specified conditions. The packet filter is a basic means of ensuring your computer’s security; it operates independently of applications.

Dr.Web Firewall is a Dr.Web anti-virus software component, and it is impossible to install the firewall without the anti-virus.

A digital signature is a code that verifies that a program has been received from a particular source and has not been changed. At the same time, a signed application is not necessarily secure, so users should be careful when installing any software, even signed software.

This could be malware. It is recommended that you launch a full anti-virus system scan.

At home, when you need to protect only one computer against network attacks, the packet filter configuration is not required. The fact is that the firewall database contains a substantial number of rules, and these rules are activated as they are required. If, for any reason, a rule is absent, the firewall will request the action.

If Dr.Web has detected a malicious program, one of the following actions can be applied to it:

• Cure — Dr.Web can try to restore the infected file to its original state.
  In most cases, the "Cure" option will be unavailable. This action is only available for files infected with known, curable viruses. Trojans and compromised files found in other objects (archives, email files and file containers) cannot be cured.

• Remove — a malicious object (file, script, email attachment, etc.) is permanently deleted.

• Move to quarantine — if for some reason you want to save a file (for example, to send it to Doctor Web’s virus laboratory), you can move it to the secure quarantine folder where it will not be able to harm your PC.

• Ignore — no action is taken. Choose this option only if you are completely sure that the threat is in fact a false positive.

Threat-neutralisation options have their limits:

• Suspicious objects (seemingly infected files and files that supposedly contain malicious code) cannot be cured.

• Threats that are not actually files (e.g., boot sectors) cannot be moved or deleted.

• No actions can be performed with individual files in archives, installers or emails—in such cases, an action is applied only to the entire object.

Yes, you can. In order to disable SpIDer Guard, right-click on the Dr.Web icon in the notifications area and select SpIDer Guard–>Disable.

Enabling this option allows to block automatic launch of autorun.exe-like files from removable media and hard disk drives. This option is used to neutralize autorun-viruses, which are automatically activated when a device is connected to the PC with autorun option enabled.

Enabling this option allows to block attempts to modify HOSTS system file used by operating system to make an Internet access easier. Modifications of this file may be resulted in virus or any other malicious program activities, and this may cause loss of access to some websites or network resources as a whole.

Anti-virus guard is loaded into RAM and checks files being created or modified on the hard disk and all the files being opened on network disks and removable media “on the fly”.

Besides, SpIDer Guard constantly traces running processes activities specific to viruses and blocks those processes upon their detection.

Upon detection of infected objects, SpIDer Guard interacts with them according to the specified settings.

SpIDer Guard log file is called spiderg3.log and located in the anti-virus installation folder (by default, it is C:\Program Files\DrWeb).

Paranoid mode is an enhanced protection mode. When this mode is activated, the guard starts scanning all the files being opened, created or modified on hard disks, removable media and network disks.

In the Optimal mode the guard scans only files being launched, created and modified on hard disks, removable media and network disks.

In order to exclude a program or file from the SpIDer Guard scan, right-click on the Dr.Web icon in the notifications area and select SpIDer Guard–>Settings. In the next window, proceed to the Exclusions tab, press the Browse button to select the folder where the program to be excluded from the scan is installed, and press Add.

Should it become necessary to exclude a folder or file while the Dr.Web for Windows Scanner is running — select Settings–>Modify settings in the scanner menu. You may add a folder in the Scan–>Excluded paths list tab, and a certain file in the Excluded files list, then you need to press Add.

SpIDer Mail scans email messages only if you are using a local mail client (for example, MS Outlook, Mozilla Thunderbird, etc.). Moreover, emails are scanned as they are downloaded. When the list of new messages is displayed on the server, they may not yet have been physically downloaded by you, and, thus, at that moment, they are still unscanned.

If an email is opened via a browser, it is not downloaded to the local computer. Instead, it is rendered by the browser according to the message located on the remote server. It is impossible to scan an email if it is not fully downloaded. But any attachments you save from an email message on the disk of your computer will be scanned by SpIDer Guard.

If the spam filter misrecognizes some letters, they can be forwarded to special mail addresses for analysis and improving filter performance quality:

• Send letters misrecognized as a spam to nonspam@drweb.com.
• Send letters not recognized by mistake as a spam to spam@drweb.com.

Important! You should forward messages as attachment, not as inline.

You can test proper operability of anti-virus programs detecting viruses by their signatures with the use of EICAR (European Institute for Computer Anti-Virus Research) file.

This program is specially designed to allow you to see how the installed anti-virus will alert you to the viruses it detected, with no need to expose your PC to danger. Eicar program is not malicious but is specially tuned so that most anti-viruses treat it as a virus. Dr.Web refers to this “virus” as EICAR Test File (Not a Virus!).

To test mail anti-virus performance, you can ask a friend of yours to send you this file, or otherwise try to send it to yourself. If SpIDer Mail detects a virus — that is OK.