Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Lists of frequently asked questions

Prior to the installation, we strongly recommend doing the following:

  • Install all the critical updates released by Microsoft for your operating system (updates can be downloaded from the Microsoft update site);
  • Use system tools to check the file system and fix problems, if any;
  • Close other running applications.

To run the installation in normal mode, use one of the following:

  • If the installation kit is a single executable file, launch the file.
  • If the installation kit is furnished on a branded disk, insert the disk into your optical drive. If autorun is enabled, the installation procedure will start automatically. If autorun is disabled, launch the autorun.exe file located on the disk. The autorun window will appear.

Then proceed with the following steps:

  • Press Install.

Follow the installation wizard instructions. At any installation step before file copying process is started you can use the two buttons:

  • Press Back to return to the previous step;
  • Press Next to move to the next step;
  • Press Cancel to cancel the installation.

In order to check the version number, right-click on the Dr.Web icon in the notifications area and select About. In the next window, you will see the Dr.Web version number and all the modules versions as well.

When purchasing our anti-virus, you obtain a certificate indicating which product the license you have bought is applied to. So, you need to install the product indicated.

There are two ways to do it:

  1. Disable anti-virus self-protection (right-click on the Dr.Web icon in the notifications area, select Disable self-protection, enter digits from the CAPTCHA and press Disable self-protection), then copy the drweb32.key key file from C:\Program Files\DrWeb (or the anti-virus installation folder) to a removable media. After that, locate the drweb32.key file path during the anti-virus installation the new OS.
  2. Download the latest Dr.Web version from our website and launch the installation. During the installation, enter your serial number; the key will be downloaded and installed automatically.

In this case, you need to download the latest anti-virus distribution file from our website and install it.

In default installation, all the anti-virus package components are automatically installed into C:\Program Files\DrWeb\ folder.

In custom installation, you can specify the list of components to be installed (e.g. you may choose not to install a firewall if you don’t need it), select installation folder and configure update server.

To have this error fixed, you need to download and install an update for Windows, and then restart anti-virus installation.

It is not allowed to install several anti-virus programs on one PC at a time — they will conflict with each other that may considerably slow down you PC or make it completely non-operational. If you have an anti-virus software already installed on your PC, but intend to install a new product from another vendor, then you need to remove the anti-virus program you have, prior to the installation.

If you wish to install another anti-virus program, you do it at your own risk, and become responsible for all the consequences because the consequences of such installation might be unpredictable including inability of your OS to boot as a result of two or more anti-viruses installed on your PC.

The utility is not designed to be used as a main Dr.Web software uninstallation tool. Dr.Web Remover utility is a damaged Dr.Web version emergency removal tool. The anti-virus is recommended to be uninstalled with the standard Windows tools.

If the installed version of Dr.Web Anti-virus was damaged for some reasons and cannot be removed in a regular way — please use the Dr.Web Remover emergency removal utility. Run Dr.Web Remover, enter the code from the CAPTCHA (it is necessary in order to confirm that is the user, not application, who attempts to remove antivirus) and press Remove.

Like any other program, Dr.Web Anti-virus can be removed with standard operating system tools:

  • In Windows 2000/XP: From Menu–>Control Panel–>Add/Remove programs.
  • In Windows Vista/7: From Menu–>Control Panel–>Programs and Features.

If you were unable to remove the anti-virus in such a way, please use a special Dr.Web Remover utility, which can be downloaded here.

Dr.Web Remover is intended to be used to delete the results of incorrect/damaged installations of Dr.Web for Windows. The supported versions are 4.33, 4.44, 5.0, 6.0, 7.0, and 8.0. The utility can also be used with the same versions of Dr.Web Enterprise Suite client software when standard removal tools are not available or do not work.

The Exclusions section lets you launch legitimate applications whose ability to work could be hindered by the anti-virus as well as open websites that interest you but may be on the list of non-recommended sites.

Don't ever add Windows system directories, temp folders, torrent-tracker sites, file catalogues, or sites hosting illegal software and video content.

Any option can be changed, and any restriction can be removed.

Important! The more exceptions you add in the anti-virus settings and the fewer restrictions you set for applications and websites, the lower the system security will be.

Email addresses can be forged, instant messengers can be compromised, and sites and flash drives get infected. A source may seem reliable to you just because a friend told you about it. If Dr.Web gives you the danger signal, delete the file and never open the link.

Under normal circumstances, you should never do that. Disabling Dr.Web components can be very dangerous: while SpIDer Gate is disabled, the anti-virus isn't scanning traffic.

Go to Security Center → Exclusions → Website, and add the URL to the list.

You can use patterns to add multiple objects with a single list item.

Make sure that the performance issues you are experiencing really are being caused by Dr.Web scanning that specific application, and add its executable files to SpIDer Guard's exceptions. If that doesn't help, contact Doctor Web's technical support.

Right-click on the Dr.Web icon in the system tray, and select Security Center. Go to the Statistics tab, and select Detailed report. In the newly opened window, click on the event you are interested in. Look through the list to find information about the site or program being blocked. Add the URL or file/application to the exception list being used by the component that has been blocking it.

Go on Doctor Web’s site to find out more about the threat that’s been detected, and check whether the troubleshooting section in the application's documentation contains any mention of possible issues related to the anti-virus software. Then allow the application to be launched or block its launch. If you can't decide what to do, you should contact our support service.

Access to the site will be denied, and the block page will be displayed.

In the system tray, click on the Dr.Web icon, and select Security Center. Go to the Statistics tab, and select Detailed report.

Exceptions are defined separately for each component. To access the settings, go to Security CenterExclusions. Some options can be changed in the component settings (Devices and Personal Data, Parental Control, Preventive Protection).

Go to Security CenterExclusions; specify the application as an exception for all the components, or define the application's parameters in the Preventive Protection settings.

Both are aimed at keeping the anti-virus current to protect a computer against any and all threats, including the latest ones. The difference is that when only the virus databases are updated, you don’t need to reboot the system, but when the anti-virus components are updated, rebooting may often be necessary. We strongly recommend that you act on Dr.Web reboot notifications related to component updates because out-of-sequence updating may lead to a weakening of protection.

Rebooting is needed so that the updated Dr.Web drivers work properly with the operating system. Our competitors’ anti-virus solutions are updated in the same manner.

Doctor Web strives to release Dr.Web component updates, especially critical ones, as quickly as possible. After all, the reliability of the protection directly depends on the anti-virus’s ability to intercept and cure the latest threats and still operate error free. Experience shows that for each individual product, updates that require a reboot are being released no more than once or twice a month, the only exception to this being recently released program versions and those under active development.

In the window that notifies users that a reboot is required, you can choose when you want the system rebooted. You can choose to do it now or postpone it until a time convenient for you.

Just one Dr.Web database entry can lead to the detection of tens, or hundreds, or sometimes even thousands of similar viruses.

Moreover, the presence of Origins Tracing™ and structural entropy analysis in the Dr.Web anti-virus makes it possible to detect malicious programs that are so new they have yet to undergo analysis in the Doctor Web anti-virus laboratory.

The smaller number of virus entries (compared to some other anti-virus programs) even makes it possible to detect unknown viruses (i.e., those not in the virus database) with a high degree of certainty. These are viruses that will be created on the basis of existing viruses.

How do users benefit from the small size of the virus database and the fewer number of entries in it?

  • Hard drive space is conserved
  • RAM is conserved
  • Less Internet traffic is used when updates are downloaded
  • The virus database can be downloaded at high speed, and it can operate quickly when analysing viruses
  • Future viruses, those that will be created in the future by modifying existing viruses, can be detected

Thus, the fundamental difference between the Dr.Web virus databases and the virus databases of other anti-virus programs is that with its fewer number of database entries, the Dr.Web database allows as many (or even more) viruses and malicious programs to be detected.

Virus databases do indeed get larger with each update. But Dr.Web solutions use the most cutting-edge anti-virus database format so that as the virus databases get bigger, scan speed is not reduced.

Moreover, because the latest technologies are applied to Dr.Web solutions, the size of the virus databases can be reduced. This is because they exclude entries containing information about malicious programs that are automatically detected with the help of the newest technologies.

When an Internet connection is present, the anti-virus updates every 30 minutes by default (this is the most optimal setting).

When required, you can change this setting by doing the following: right-click on the Dr.Web icon located in the bottom-right corner of the system tray. Then, in the context menu, select Tools → Settings and go to the Updating tab.

Alternatively, you can update the anti-virus manually by right-clicking on the Dr.Web icon in the bottom-right corner of the system tray, and then selecting Updating in the context menu.

No, that’s not true. When you buy the anti-virus, you are paying not only for the program itself, but also for the right to get anti-virus database and module updates as well as the opportunity to contact the technical support service while your license is valid. Nobody will ever come after you for additional money! Proof of this can be found in the Dr.Web license agreement which you are invited to read before you install the anti-virus. Doctor Web assumes a number of obligations and guarantees the following:

‘Throughout the entire software usage period, the User is granted the right to receive through the Internet virus database updates as well as upgrades of the software modules as they are made available by the Rights Holder’.

The Dr.Web license agreement is a legal document that guarantees your rights as a consumer.

Hundreds of thousands of new viruses appear DAILY — and correspondingly, tens of thousands appear every hour. The overwhelming majority of them are modifications—brothers and sisters of existing viruses. Yes, the Dr.Web heuristic analyser and the Dr.Web behavioural analyser really do make it possible to detect with a high degree of probability that a file has been infected or is a Trojan itself. But “probably infected” does not mean “infected for sure”! This file will be declared a virus only after its virus signature has been added to the Dr.Web virus database.

But no anti-virus software vendor will ever guarantee you that today won’t be the day that somebody writes a brand new virus that can’t be detected by even the most perfect heuristic analyser.

As a rule, malicious programs reach their victims at the same time they reach the Doctor Web anti-virus laboratory for analysis, and in the case of the newest malicious programs (those not yet detected by any available mechanism), anti-virus analysts need time to develop and test a “cure”. Frequent updating makes it possible to minimise the time it takes for potential victims of criminal attacks to get hold of updates. Often ‘cures’ for malicious files are available, but have not yet been downloaded.

Unlike its competitors, Doctor Web’s principled position is to release updates as frequently as possible so as to minimise the time period during which new threats can pose a danger.

That is why the anti-virus databases need to be updated every time the computer is connected to the Internet or as frequently as possible if the connection is continuous.

First do the following:

  • Make sure that your computer is connected to the Internet.
  • If you are using a firewall, go into its settings and allow the drwupsrv.exe update module, located in the folder containing the installed Dr.Web software, to access the Internet.
  • If you access the Internet through a proxy server that requires authentication with a username and password, go to the settings and specify the proxy server’s address and port, and the username and password for it. To do this, right-click on the Dr.Web icon in the notification area, and select Tools –> Settings. In the next window, go to the Proxy server tab and configure the proxy server settings.

If after trying the above, you are still experiencing difficulties, please contact the Doctor Web technical support service and describe in detail how your computer connects to the Internet (note: if a proxy server is involved, please specify whether authentication is required, and whether your browser or Dr.Web update module is configured to be used via the proxy server).

Anti-virus update downloads can include updated anti-virus databases as well as application files. In the latter case, a system restart may be required to apply the update. And in this case, the corresponding notification will appear.

The user can restart the system immediately—by closing all the running applications and pressing the Restart now button. They can also make the anti-virus show the notification later or schedule a system restart. To use either of the two latter options, first select Remind me later.

You can set the reboot time to occur within the next 24 hours.

Users are also able to restart the system on their own whenever they want. For example, go to Start → Shut down or sign out→ Restart/Shut down.

Important! Selecting the option to enter sleep mode or switching user accounts won't restart the system so that the pending updates are applied.

Important! Pressing the power button on a tablet or laptop will make the device enter sleep mode. To apply updates, restart the system using any of the available methods (including the restart option in the anti-virus notification pop-up).

There are several ways to start the scanner.

  • The scanner shortcut (the icon with a spider on the green field) is placed on the desktop during Dr.Web installation. Double-click on the shortcut and the scanner will start.
  • The green spider icon is displayed in the system tray. Right-click on the icon. In the context menu, select Scanner; the scanner will start.
  • Run the scanner via Windows Explorer to scan a specific object (file or folder). Right-click on the file or folder you want to scan. In the context menu, select Scan with Dr.Web (the item with the red spider icon). The Scanner will start immediately and the file will be scanned.
  • Check the specific object (file or folder) you’ve found by dragging it onto the scanner icon or its open window when custom scan is selected.

In respect to infected and incurable objects, the Move action does the following: The file is moved to a special quarantine folder. Furthermore, once moved, the file loses its extension. The virus is literally disarmed and rendered non-operational and, therefore, harmless. Later, you can open the Quarantine Manager and delete the files if you do not need them.

If you have not installed the self-protection module, do the following:

  1. Download the latest version of the curing utility Dr.Web CureIt and run a full scan. Cure detected infected objects and delete or move to the qurantine incurable malicious objects.
  2. After that you need to reinstall the anti-virus. Open Add and Remove Programs (Windows 2000 \ XP) or Programs and Features (Windows Vista / 7) in the Control Panel, and remove Dr.Web anti-virus. After rebooting, go to C: \ Program Files \ DrWeb (or another folder into which Dr.Web has been installed) and remove all files and folders, but the license key file drweb32.key.
  3. After that, download the latest distribution of the antivirus program and install it. To register, use the saved key file.

Quarantined files can be deleted by selecting the desired file and clicking Delete. It will remove the file from the quarantine and from the system.

A Dr.Web anti-virus is a set of programs, each of them protects its own section in your computer's defense. Removing or disabling at least one component greatly reduces the reliability of anti-virus protection in general, so we strongly advise you not to disable any of its modules unless absolutely necessary.

To temporarily disable self-protection, right-click on the Dr.Web icon in the system tray and in the context menu select Disable self-protection (if this feature is unavailable, please switch to the Administrative Mode and try again). A window will appear where you'll need to enter numbers from the picture and click Disable self-protection.

Caution! Disabling self-protection is not recommended, activate it again as soon as possible.

Right-click on the Dr.Web icon in the system tray and select Tools–> Quarantine. In the subsequent window select the file and click Restore.

Quarantined viruses are not dangerous because they can't be launched. If you want to permanently delete infected files, clean the quarantine:

  • If you are using Dr.Web for Winidows 5.0 and Dr.Web Security Space 5.0: remove all objects from the infected!!! folder, located in the anti-virus's installation folder.
  • If you are using Dr.Web for Winidows 6.0 and Dr.Web Security Space: right-click on the Dr.Web icon in the system tray and select Tools–> Quarantine. In the subsequent window select the files you want to remove and click Delete.
  • If your anti-virus is Dr.Web CureIt!, remove all objects from the C: \ Documents and Settings \ _your_user_name_ \ DoctorWeb \ Quarantine folder.

Dr.Web SelfPROtect protects the modules, processes, and branches of the registry used by Dr.Web for Windows from outside interference. The outside interference includes incompetent user actions that may render the anti-virus non-operational or make it malfunction as well as actions taken by anti-antiviruses that may terminate anti-virus processes, modify and remove its files and delete Windows Registry branches related to Dr.Web. Disabling the self-defense is not recommended!

The quarantine is a special folder where the anti-virus stores suspicious and infected files. Suspicious files are stored to be later sent to Doctor Web's laboratory for analysis, infected files get into the folder if their removal and curing is impossible for some reason.

  • If you use Dr.Web for Windows 5.0 and Dr.Web Security Space 5.0 the quarantine folder name is infected!!!, It is located in the anti-virus installation folder (default path C: \ Program files \ Drweb).
  • With Dr.Web for Windows 6.0 and Dr.Web Security Space access to the quarantine is only available through the program interface. To access the quarantine, right click on the Dr.Web icon in the system tray and select Tools–> Quarantine.
  • Dr.Web CureIt! placed quarantined objects into C:\Documents and Settings\_Your_user_name_\DoctorWeb\Quarantine.

Infected files are moved to a special storage — Quarantine — from where you can remove the file if necessary, restore it to its original location or send it for analysis in our virus lab.

  • If you use Dr.Web for Windows 5.0 and Dr.Web Security Space 5.0, the quarantine folder name is infected!!!, It is located in the anti-virus installation folder (default path C: \ Program files \ Drweb).
  • With Dr.Web for Windows 6.0 and Dr.Web Security Space access to the quarantine is only available through the program interface. To access the quarantine, right click on the Dr.Web icon in the system tray and select Tools–> Quarantine.
  • Dr.Web CureIt! places quarantined objects into C:\Documents and Settings\_Your_user_name_\DoctorWeb\Quarantine.

To answer this question, you need to understand the difference between viruses and Trojan horses. Typically, a virus adds (appends its code) itself to an infected file so it incorporates its own code and the virus's code. Together they represent a virus-infected file. Most of these files can be cured by the Dr.Web anti-virus. Here we speak about curing files of viruses rather then curing viruses.

A Trojan horse is a complete malicious program. It doesn't inject its code into files but operates as a separate program, that's why it can't be cured but removed. Some Trojan programs compromise various system objects such as the Windows Registry. In this case we can speak about curing the system (but not the Trojan horse), which includes removing the Trojan and restoring the compromised objects to their healthy state.

To enter the safe mode when your PC is booting, press F8 at the moment the computer vendor picture disappears, before Windows logo is displayed. If you can see the Windows logo then you failed to press the button in time. In this case, you need to wait for the Windows system login window to appear, shut down and reboot your PC.

If you managed to press F8 key in time, you will see the Windows boot menu on the screen.

Use arrow keys to select a boot mode you need, and press Enter.

To check the date, roll the mouse cursor over the clock icon in the notification area. The system date will be displayed in the pop-up hint. To change the date, do the following: right-click on the clock icon in the notifications area and select Date/time settings in the open menu. In the next window, set the current date and press Ok.

Press Start–>All programs–>Standard–>Service–>Data archving. The archiving window appears. Press Next, check the Archive files and parameters in the next window and press Next. In the next window, select Allow choosing objects to be archived and press Next. Now, open My computer in the left-hand part of the window, check System State box and press Next. Specify archive file save path and name. Verify the data displayed and press Ready. When the operation is completed, you may close the archiver window.

Locate the C:\WINDOWS\inf\mstask.inf file right-click it and select Install item. During installation, you might need an OS installation disk. Your PC may need to reboot.

press Start–>Run and enter the the following command in the open line

reg export "tree" file name
where the “tree” is the registry tree you need to export (tree should be embraced with quotes);
file name is the file where the result will be saved.

For example, you need to export the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control tree into the C:\result.reg file
The command will be as follows
reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" c:\result.reg

Press Start–>Run and enter the winver command in the open line.

To reset Internet connection settings, press Start–>Run and enter the following command in the open line:

netsh winsock reset

And press Ok.

Note: to restore your previous settings, export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 registry tree prior to reset.

If the system recovery is enabled on your PC then roll back the system to a checkpoint when this problem did not exist.

If this measure was useless or the system recovery is disabled then try to use a utility located at plstfix.exe.

Try to use a utility located at plstfix.exe

A ticket is a virtual document keeping technical support calls and dialogs between an engineer an user.

It is a file checksum required to confirm data integrity and authenticity. To get the checksum, use the Hash program or visit forum.drweb.com/hash. When linking, select the file you need with the Browse button and press Compute. When the analysis is over, you will be provided with all the file information, including md5.

It is not allowed to install several anti-virus programs on one PC at a time — they will conflict with each other that may considerably slow down you PC or make it completely non-operational. If you have an anti-virus software already installed on your PC, but intend to install a new product from another vendor, then you need to remove the anti-virus program you have, prior to the installation.

If you wish to install another anti-virus program, you do it at your own risk, and become responsible for all the consequences because the consequences of such installation might be unpredictable including inability of your OS to boot as a result of two or more anti-viruses installed on your PC.

These instructions are intended for users of Dr.Web Security Suite and current versions of Dr.Web Anti-virus for Windows.

Dr.Web technologies are designed to prevent user data, including passwords, from being obtained by hackers. The password is not stored in plain text, so it cannot be recovered.

In addition, Doctor Web does not collect the personal data of Dr.Web users, and, therefore, passwords cannot be recovered by contacting our technical support service.

You have to reinstall the product you are using so that you can gain access to the anti-virus’s settings. Once you do this, all the settings you previously configured, including your password, will be lost.

  1. Save the Dr.Web key file (this file has the .key extension and contains information about your license). The file can be found in the directory C:\Program Files\DrWeb. For example, put it on your desktop.
  2. To reinstall Dr.Web, you will need its distribution. Download it in the Download Wizard. Enter your serial number or your key file—the file with the extension .key that contains information about your license (you can find it in the directory C:\Program Files\DrWeb)—and your registered email address, and then click on the Download button. In the newly appeared window, the download option for Windows and Android is already selected, so you can just click on the Send button. In the next dialogue box, select the download version:
    • 11.5 if you are already using Windows XP;
    • 12 if you are using Windows Vista and later versions.

    Dr.Web does not support versions below Windows XP.

    Download the Dr.Web distribution.

  3. Remove the anti-virus.

    Go to the Control Panel, and select StartSearchControl Panel. After this, depending on the type of Control Panel you have — Programs and Features or Remove program.

    In the list of programs, select Dr.Web Anti-virus or Dr.Web Security Space. Click on Remove, and follow the Removal Wizard's instructions.

    In the Parameters to save window, clear the checkbox next to Settings.

  4. After you remove the solution, restart the computer, and reinstall Dr.Web. Your key file will be downloaded automatically.

    If the key file is not downloaded automatically during the installation, enter it manually. To do this, in the anti-virus's menu, select Licenses. In the License Manager window, click on the Buy or activate new license button. Then click on the text or specify the key file, and select the previously saved key file — the desktop file that begins with SL and has the .key extension.

Try running SpIDer Gate with the -dbg: 2 parameter. To do this, click Start-> Run, type in the string provided below:

"C:\Program Files\DrWeb\spidergate.exe" –dbg:2

Click Ok.
If the problem persists, please contact the technical support service.

No, SpIDer Gate is an HTTP-monitor. It performs the following tasks:

  • Scan incoming and outgoing HTTP-traffic
  • Intercept all HTTP-connections
  • Filter Data
  • Block loading infected pages automatically in any browser
  • Scan archived files
  • Protect from phishing and other dangerous online resources.

At the same time the firewall protects your PC or network from unauthorized access.

Thus, SpIDer Gate and the firewall must operate simultaneously on your computer to protect your system against viruses and network attacks.

No. SpIDer Gate operates independently of the programs that use the Internet (including browsers).

Dr.Web anti-virus engine is so fast that SpIDer Gate won’t delay loading of web-pages or slow-down file transfers.

For version 5.0:

  1. Increase log file size up to 5 Megabytes. Right-click on the Dr.Web icon in the notifications area, select SpIDer Gate–>Settings, in the next window proceed to the Log tab and modify the File size limit field value.
  2. Right-click on the Dr.Web icon in the notifications area and select SpIDer Gate ->Disable.
  3. Press Start–>Run, copy one of the strings below to the Run field and launch SpIDer Gate:
    • "C:\Program Files\DrWeb\spidergate.exe" -dbg — enable verbose logging,
    • "C:\Program Files\DrWeb\spidergate.exe" -dbg -dbg — debug logging.

Version 6.0

Right-click on the Dr.Web icon in the notifications area and select SpIDer Gate–>Settings from the list (if this item is unavailable, you should first switch to the Administrator mode). In the next window, open the Log section and use the slider to set the Extended mode. Press Ok to confirm the changes made.

SpIDer Gate

Further, if required, you can reproduce the problem that must be analysed using the extended report. Please keep in mind that the Debug log is not always required because redundant information might complicate troubleshooting.

It is not recommended to disable the SpIDer Gate HTTP monitor because nowadays a lot of malware is distributed via infected websites. There are many script viruses and exploits that can cause harm to the system before they are saved to your hard drive and, consequently, detected by the SpIDer Guard® file monitor.

If disabling HTTP monitor is still necessary, right-click on the Dr.Web icon and in the next menu, select SpIDer Gate –> Disable. When anti-virus self-protection screen appears, type digits from the picture into the string and click Disable SpIDer Gate.

Right-click on the Dr.Web icon in the system tray and select SpIDer Gate-> Disable in the context menu.

Caution! It is not recommended to disable the HTTP-monitor SpIDer Gate because nowadays a lot of malware is distributed via infected web sites. There are many script viruses and exploits that can harm the system before they are saved to your hard drive and, consequently, detected by the file monitor SpIDer Guard.

Since SpIDer Gate utilizes the Dr.Web engine and databases, it is updated automatically along with other anti-virus modules.

As other modules of the program Dr.Web, SpIDer Gate features the same anti-virus engine and uses the same virus databases and therefore is updated along with other modules.

The red icon indicates that SpIDer Gate is disabled. To activate it, right click on the Dr.Web icon in the notification area. In the menu, hover over the SpIDer Gate item and in the drop-down list select Enable.

If the icon remains red, you have two options:

  • Application error – in this case you need to contact the Technical support service.
  • Your license does not cover SpIDer Gate. In this case, it is recommended to remove the component: Go to Start-> Settings-> Control Panel-> Add and Remove Programs, find the Dr.Web anti-virus on the list, click Modify and follow the wizard's instructions to disable this component.

The unique Dr.Web anti-virus engine allows SpIDer Gate to scan traffic so quickly that you will never notice any delay when viewing web pages and downloading files from the Internet.

If you believe that SpIDer Gate has mistakenly blocked a respected site, please let us know through the form on our website.

If you need to access a suspicious site, right click on the Dr.Web icon in the system tray and in the context menu select SpIDer Gate-> Settings. Clear the Block known source check box and press Ok.

Caution! Disabling this option is not recommended, because pages from all sites, including potentially dangerous ones will be loaded without a corresponding warning.

SpIDer Gate's log file name is spidergate.log. The file is located in the C:\Documents and Settings\Your_user_name\DoctorWeb folder.

SpIDer Gate is compatible with all web-browsers.

Dr.Web anti-virus engine is so fast that SpIDer Gate won’t delay loading of web-pages or slow-down file transfers.

The Speed balance option allows you to adjust the amount of CPU time utilized to scan Internet traffic. The higher the scanning priority, the more CPU resources it will use, but it will help maintain high speed connectivity. Low priority results in low CPU load and slower network communication speed. Changing the default value usually is not required.

One of SpIDer Gate’s tasks is to inform users that visiting some websites is dangerous or undesirable, for reasons that include the presence of “pirated” content. Dr.Web informs users about such websites because they are accompanied by malicious programs. Websites are included in the so-called Dr.Web “anti-piracy” database only on the basis of allegations made by content copyright holders. Each allegation is verified by Doctor Web’s lawyers before the decision is made to include the corresponding URL in the database. When users receive SpIDer Gate notifications concerning the undesirability of visiting pirated websites, they are getting objective, legally considered information about intellectual property infringement. Thus, Doctor Web helps users of its products:

  • avoid becoming the victims of criminals, who for their own selfish ends use others’ works and trademarks, and the fruits of others’ intellectual labours, for illegal purposes;
  • avoid potential criminal indictment for downloading, using, and further distributing pirated content;
  • protect PCs against infections occurring as a result of downloading unlicensed content that is accompanied by malicious programs.

Users make their own decisions as to whether it is worth visiting the websites they have been notified about. The SpIDer Gate component can be enabled or disabled at their discretion.

  • Click on the spider image in the system tray.
  • Click on the closed padlock icon—the system will request elevated privileges.
  • Agree, and, if necessary, enter the administrator account password. The closed padlock is now open.
  • Click on the gear icon.
  • In the Dr.Web settings window, open the Parental Control tab.
  • In the section on the right, select the user account for which you want to set restrictions.
  • Click on Change in the Internet section.
  • In the drop-down list, select Block by categories.
  • Select the categories of the sites you want to block.

Doctor Web specialists are continuously adding sites to the list for each category. How they do this is described in this Moscow News article.

Find out more

  • Go to the Parental Control tab.
  • In the section on the right, select the user account for which you want to set restrictions.
  • Click on Change in the Internet section.
  • Select Block by categories
  • Click on the button Whitelists and blacklists.
  • To make sure that access to a certain site is not blocked, add its address to the whitelist.
  • To add a site to the list of unwanted sites, add its address to the blacklist.
  • If you want the user to access only specific sites, add the site addresses to the whitelist and choose the option Block all except websites from the whitelist.

Popular search engines, such as Google and Yandex, offer a safe search option that enables links to sites containing dangerous or unwanted content to be excluded from search results. So that the browser toggles on the safe search option automatically, enable the corresponding Parental Control feature.

Find out more

  • Open the Files and Folders tab, and click on the switch.
  • Add the paths to the files and folders to the list, and select an access mode.

If you choose Read-only, your child will be able to view files and folder contents but won't be able to change or delete them.

The Blocked option will mean that the files and folders will be inaccessible.

  • Select StartSettings.
  • Go to the Accounts section.
  • Click on Family and other users.
  • Make sure the user accounts for which you have imposed the restrictions do not have administrator privileges.
  • If necessary, change their account type from Administrator to Standard.
  • Also make sure that a reliable password is specified for your Administrator account. If no password is specified, press Alt + Ctrl + Delete, and click Change password. Enter the new password in the New password and Confirm new password fields. Then press OK.
  • Open the Time tab.
  • Use the time grid to create an access schedule.
  • Instead of using the calendar, you may choose the option Interval time limit.

Add the site's address onto the white list, or if you are sure that the site is blocked by mistake, report the false positive to Doctor Web.

Send links to web-site mistakenly rated by the module as undesirable to Doctor Web's laboratory via the web-form on our website.

Right-click on the Dr.Web icon in the notification area and select Parental Control → Settings. Enter the password and select Allow access to all sites. In the Local Access tab, select Allow and Unlimited in the corresponding sections. Click Apply to save the changes.

Caution! Disabling Parental control will allow access to all resources on the Internet, LAN and the PC.

There is no way to recover a Parental control access password. The only solution is to import a new password into the registry from a special file.

  1. Use the download link to obtain the file
  2. Disable the anti-virus's self-protection
  3. Double-click on the downloaded file and agree to modify the registry
  4. Enable self-protection
  5. Now your password is "drweb" (without the quotes), do not forget to change it in the Parental control settings.

Right-click on the Dr.Web icon in the notification area and select Parental Control → Settings. If this is the first launch of the Parental control module, you will need to set a password for it. Then in the subsequent window select what you want to block and then click Apply.

If the password for parental control is not specified, each time you open parental control settings, you will be prompted to set a password. It is Recommended that you set a password right away to prevent unauthorized access to these settings. If no password is required, click Cancel.

If upon activating the Parental control you receive the message "Unable to find a key file", it means that your license does not cover the Parental control. In this case, it is recommended to remove the component: Go to Start–> Settings–> Control Panel–> Add and Remove Programs, find the Dr.Web anti-virus on the list, click Modify and follow the wizard's instructions to disable this component.

Use the local access settings to restrict access to resources on your computer - files and folders. In addition, it is possible to prohibit the use of removable storage media and access to the LAN. By restricting access to such resources you can avoid damaging or removing sensitive data by a third party and prevent unauthorized access to confidential information.

The Parental control module allows you to restrict users' access to certain sites on the Internet, local files and folders, local network resources. An administrator can manually configure a list of banned sites or take advantage of the constantly updated thematic lists provided by Doctor Web.

Local access protection and the URL filter are parental control features disabled by default. You need to activate them manually by setting the parental control operation mode and access password in its settings.

The Parental control module can restrict acces to any specific sites or web-pages, as well as to all known sites containing information on certain subjects (such as sites about drugs or weapons, sites of paid on-line games, etc.). A list of specific websites to be blocked is set up by the user; both individual addresses and keywords found in URLs can be specified in this block list. Blocking websites by subject is carried out automatically using the lists, updated regularly by Doctor Web.

If you set a password for accessing the Parental Control, only the computer's administrator will be able to do so after entering the password. If no password is set, then any user with administrative privileges will be able to change the settings.

Dr.Web scanner for Windows either scans files at the user’s command or on the schedule specified in the Scheduler. Not all the files are checked, but only those specified in the scanner settings instead. By default, files are checked by format — i.e., files in archives, packed and e-mail files, and RAM and all the autorun objects as well. You may choose to scan disks, folders, scan by file types, by preset mask, or scan all the files. To view current scanner settings, go to the program main window menu bar and select Settings–>Modify settings.

Quick scan of the critical system objects with the anti-virus scanner is launched automatically as the program starts. It is required to find out if any viruses exist in the system. After the scan is complete, two right windows indicate numbers. The left one shows the number of viruses found on your PC, while the right one — the number of RAM objects and files scanned with the anti-virus scanner.

In order to launch full scan, please use the Task scheduler.

Windows XP:

Open the Windows task scheduler (Start->Control panel->Assigned tasks). Find the Dr.Web Daily Scan task pre-installed during installation and open it to edit. In the Task tab, check Enabled. In the Schedule tab, specify scan frequency and time you need. Press Ok to apply the settings. Enter user name and password upon the operating system request.

Windows Vista/7:

In order to edit a task pre-installed during the anti-virus installation, right-click on the Dr.Web icon in the notifications area and select Tools->Scheduler. In the next window, select the Drweb Daily Scan task, which is disabled by default. You should enable it (by right-clicking the task and selecting Enable option). In the Triggers tab, edit launch time and frequency.

The Move action in respect to infected and incurable objects means the following: an object is moved to a special directory specified in the Move to field (by default, it is the infected.!!! subdirectory of the Dr.Web installation directory) and accessible even after the scan is over. Furthermore, after having been moved, the file loses its extension. Such actions mean that the virus is actually “disarmed”, rendered incapable and, therefore, absolutely safe.

To have all the messages marked with Dr.Web spam filter automatically moved to a specific folder — let's call it Spam, for example, — follow the below steps:

  1. Right-click on the Dr.Web icon in the notifications area and select SpIDer Mail–>Settings. Go to the Anti-spam tab, and check the box next to Add a prefix to the Subject field of e-mails containing spam. In the field below, enter any word or letter combination you like — that's what will be a prefix Dr.Web spam filter will add to the subjects of messages specified to be a spam.
  2. In your e-mail client, create a folder for spam filtering and configure rule for it so that messages having a prefix you have entered to the Add a prefix to the Subject field of e-mails containing spam be placed into it automatically.

Below are detailed steps on how to set up rules for various e-mail clients. It is assumed that the Anti-spam is configured to mark an incoming spam with the [SPAM] prefix. If you chose an alternative prefix, use it in accordance with this manual...

Microsoft Outlook Express 6

  1. Create a new folder into which spam will be moved:
    • right-click on the account name, and in the context menu select "New Folder...";
    • enter the Spam folder name, and click "OK".
  2. Set a filter rule for messages marked as spam:
    • in the menu, select "Tools" - "Rules for messages" - "Mail ...";
    • in the first list, check the "Search for messages containing specific words in the "Subject" field;
    • in the second list, check the "Move to a specified folder";
    • in the "Rule description", click on the "containing specific words";
    • enter the [SPAM] key word, and press "Add", then "OK";
    • in the "Rule description", click on the "specified";
    • select the "Spam" folder created in step 1, and press "OK";
    • in the "Rule name", type "Spam filtering", and press "OK" twice.

Microsoft Office Outlook 2003:

  1. Create a new folder into which spam will be moved:
    • right-click on the account name, and in the context menu select "New Folder...";
    • enter the Spam folder name, and click "OK".
  2. Set a filter rule for messages marked as spam:
    • in the menu, select "Service" - "Rules and alerts...";
    • Go to the "E-mail rules" tab;
    • click on "New...";
    • select "Create a new rule";
    • in Step 1, select the "Check messages upon receipt", then click "Next";
    • in Step 1, select "containing in the "Subject" field;
    • in Step 2, click on "";
    • in the upper field, enter [SPAM], and press "Add", then "OK" and "Next";
    • in Step 1, select "move them to the folder";
    • in Step 2, click on "";
    • select the "Spam" folder created in step 1, and press "OK", then "Next" twice;
    • in Step 1, specify the "Spam Filtering" rule name, and click "Finish", then "OK".

Microsoft Office Outlook 2007:

  1. Create a new folder into which spam will be moved:
    • right-click on the account name, and in the context menu select "New Folder...";
    • enter the "Spam" folder name, then in the "Folder content" list, select "elements such as Mail"; in the "Place folder into..." tree, choose a location where the "Spam" folder will be stored.
  2. Set a filter rule for messages marked as spam:
    • in the menu, select "Service" - "Rules and alerts...";
    • Go to the "E-mail rules" tab;
    • click on "New...";
    • select "Move all messages containing specific words in the subject field to folder", and click "Next";
    • in Step 1, select "containing in the "Subject" field";
    • in Step 2, click on "";
    • in the upper field, enter [SPAM], and press "Add", then "OK" and "Next";
    • in Step 1, select "move them to the folder";
    • in Step 2, click on "";
    • select the "Spam" folder created in step 1, and press "OK", then "Next" twice;
    • in Step 1, specify the "Spam Filtering" rule name, and click "Finish", then "OK".

Windows Mail 6 (Windows Vista):

  1. Create a new folder into which spam will be moved:
    • right-click on the account name, and in the context menu select "New Folder...";
    • enter the "Spam" folder name; in the "Select the folder in which a new folder will be created" tree, select a location where the "Spam" folder wil be stored.
  2. Set a filter rule for messages marked as spam:
    • in the menu, select "Service" - "Message rules " - "Mail...";
    • click on "New...";
    • in the "1. Select conditions for this rule" list , flag the "Search for messages containing specific words in the "Subject" field";
    • in the "2. Select actions for this rule" list, flag the "Move to the specified folder";
    • in the "3. Rule Description" field, click on "containing specific words";
    • in the "Enter the keywords" dialog box, type [SPAM] in the "Enter keywords or sentence and click" Add"" field, press "Add", then "OK";
    • in the "3. Rule Description" field, click on "specified";
    • in the next "Move" window, select the "Spam" folder created in step 1, and press "OK";
    • in the "4. Rule name" field, type "Spam Filtering" and click "OK" twice.

Ritlabs The Bat! 4

  1. Create a new folder into which spam will be moved:
    • right-click on the account name, and in the context menu select "New" - "New Folder...";
    • enter the Spam folder name, and click "OK".
  2. Set a filter rule for messages marked by anti-spam as spam:
    • right-click on the account name, and in the context menu select "Inbox Assistant settings...";
    • right-click on the "Incoming mail", and in the context menu, select "New rule";
    • in the "Name" field, enter "Spam filter";
    • click on "Sender" and choose the "Subject" line from the drop-down list;
    • enter [SPAM] into the field after the word "containing"
    • under the "Actions" list, click "Add";
    • in the drop-down list, select the "Move message to folder";
    • in the folder tree, select the "Spam" folder created in step 1, and click "OK" twice.

Mozilla Thunderbird 2.0

  1. Create a new folder into which spam will be moved:
    • right-click on the account name, and in the context menu select "New Folder...";
    • enter the Spam folder name, and click "OK".
  2. Set a filter rule for messages marked by anti-spam as spam:
    • select the account name in the tree of accounts and folders;
    • in the menu, select "Tools" - "Message Filters...";
    • press "Create...";
    • in the "Filter name" field, enter "Spam filter";
    • in the list below, sequentially select "Subject", then "contains" from the drop-down lists; in the right-hand field, enter [SPAM];
    • from the drop-down lists in the list far below, sequentially select "Move message to...", and in the next box, select the "Spam" folder created in step 1, then press "OK";
    • close the "Message filters" window.
  • To make it short, let’s apply “spam” name to all unsolicited e-mails. The bulk of it comprises advertisements offering different goods and services.
  • The most dangerous among spam messages are phishing, pharming and scamming ones. Nigerian scams, lottery and casino scams, fraudulent messages from banks and credit organizations are characteristic of them.
  • Next come black political and economic PR scams and the so-called “letters of happiness”.
  • There is also a technical spam, or bounce messages, generated by mail servers in reply to undelivered message, whether you did send one or not. Such e-mails might emerge as a result of mail server poor work or virus activity, of some e-mail worm, for instance.

Incoming mail filtering is processed by SpIDer Mail, one of Dr.Web modules. The following steps describe how to activate the spam filter:

  • In SpIDer Mail menu on the Windows Task Panel choose “Settings” – the SpIDer Mail “Settings” window will appear.
  • In the “Scan” pane of the SpIDer Mail “Settings” window enable the “Check for the spam” checkbox and press OK to save the changes made; then close SpIDer Mail “Settings” window.

After you’ve activated your spam filter, SpIDer Mail with Vade Retro anti-spam engine integrated into it starts filtering all your incoming mail on POP3 and IMAP4 protocols.

To move automatically all messages marked as spam by Dr.Web Anti-spam into definite mail folder in your mail client, do the following.

  1. In SpIDer Mail menu on the Windows Task Panel choose “Settings” – the SpIDer Mail “Settings” window will appear. Press the “Advanced…” button. The “SpIDer Mail® Spam Settings” window will open. Check the “Add prefix to the subjects of the spam messages” box. Input any word or combination of symbols in the field below it. This will be the prefix Dr.Web Anti-spam will add to subjects of messages marked as spam.
  2. In the mail client you use, make a new folder for spam. Make the rule for this folder so that all the spam messages with the prefix you specified in the “Add prefix to the subjects of the spam messages” filed are placed there automatically.

Whitelists and Blacklists contain mail addresses you either trust or not.

  • If the sender’s e-mail address is added to the Whitelist, these messages are not filtered. However, if the sender and the receiver share the same domain name e-mail addresses and this domain name is enlisted in the Whitelist with the “*” symbol, it is filtered for spam.
  • All messages enlisted in Blacklist are marked as spam without additional analysis.

Both lists settings should be fill in one after another, parted by “;”. The “*” sign can be used as a part of e-mail address. For example, *@domain.org passes for all addresses with “domain.org” domain name.

In case some messages are falsely filtered, they should be forwarded as attachments to special addresses for analysis and correction of spam-filtering techniques.

  • Messages, falsely marked as spam , should be forwarded as attachments to vrnonspam@drweb.com
  • Messages, falsely marked as non-spam , should be forwarded as attachments to vrspam@drweb.com.

At first all spam messages were of Latin origin and spam-filters’ developers, represented for the most part by Western companies, were aimed at filtering these ones only. Later on spammers switched into Cyrillic, too. But since the bulk of spam is still in Latin, there are some difficulties to filter Cyrillic spam.

To save your Cyrillic correspondence from being filtered as spam without a prior analysis, check the “Allow Cyrillic texts” box. Otherwise such e-mails are likely to be marked as spam. “Allow Chinese, Japanese, Korean text” option works the same way.

When the firewall displays a message, it is notifying you that some program is trying to connect to the network (or, vice versa, is trying to connect to your system from the network). And it prompts you to decide what to do — to allow access or to block access.

In this case, you need to look at what program has been specified in this message, and if you recognise it, click on "Create rule" — “Allow all”.

To solve the network access problem:

  1. Right-click on the Dr.Web icon in the system tray.
  2. Click on the padlock icon and then on the gear icon (“Settings”).
  3. Select “Protection components” and then “Firewall”.
  4. In the tab, find the “Applications” header and the option “Application rules” below it. Click on “Change”.
  5. You will see a list of applications for which rules already exist. Find the ones with a red circle in front of them — your browser will most likely (but not definitely) be included in this list. Click twice on the red icon, and select “Allow all”.

To reset all the anti-virus settings (including the firewall’s):

  1. Right-click on the Dr.Web icon in the system tray.
  2. Click on the padlock icon and then on the gear icon (“Settings”).
  3. In the open tab, click the “Change” button; then click on “Reset settings”, and tap “OK” to confirm your choice.
  4. After the reset, the interface language will change to English, so you need to change it back to Russian. Click on “Main”, “Advanced”, and in the “Language” section, click on “English”. Select Russian from the list, and close the window.

You can also delete the Firewall. To do this, open the Control Panel, and then — “Add and Remove Programs”.

Folder names may vary for different versions of Windows and different viewing modes.

Find “Dr.Web Security Space” in the list, and click on “Change” → “Change components”. Then clear the checkbox next to the Firewall, and click on “Apply”. The component will be removed.

If the steps indicated above have not solved the problem, please contact our technical support service.

Right-click on the Dr.Web icon in the notification area. In the menu, hover over the Firewall item and in the drop-down list, select Settings. Click the Application tab.

To create an application rule, click Create. In the opened window, specify the path to the executable file for the program for which you are creating the rule, and select

  1. the rule type for launching network applications:
    • Allow — to allow the application to launch processes.
    • Block — to block the application from launching processes.
    • Not configured — to customize the selected firewall operating mode for this application.
  2. and the rule type for accessing network resources:
    • Allow all — the application will be permitted to access the network.
    • Block all — the application will be blocked from accessing the network.
    • Custom — access will be determined by the parameters specified.
    • Not configured — to customize the selected firewall operating mode for this application.

You do not need to configure rules manually if the firewall is operating in the training mode — it is easier to configure access for each application right from the firewall notification window when it attempts to connect to the network for the first time.

Dr.Web Firewall has four operating modes:

  • Allow unknown connections — all unknown connections are allowed. Protection is not active.
  • Training mode (create rules for known applications automatically) — learning mode. Rules for known applications are created automatically. The user will be prompted to choose what action to take with all unknown connections.
  • Interactive mode — learning mode. When the operating system or an application attempts to connect to a network, the firewall will prompt the user to choose an action.
  • Block unknown connections — all unknown connections will be blocked without prompting the user.

If you install a Dr.Web package that includes the firewall, you will be prompted to deactivate the Windows firewall. The Windows firewall must be disabled, doing otherwise will result in numerous conflicts that can cause errors or an OS crash.

Neither it is recommended to enable the Windows firewall while the Dr.Web firewall is working.

You can't disable automatic startup for the firewall with standard tools available in the system.. However, you can disable temporarily various anti-virus modules including the firewall at any moment. Right click on the Dr.Web icon in the system tray and select Firewall-> Disable in the context menu.

Note: If the Disable item is not available in the menu, switch to the Administrative mode.

Dr.Web Firewall in the real time mode creates rules for applications running in the system but are not on its list. Therefore, you must create rules for such applications when they attempt to connect to the network for the first time. A connection request is issued for specific ports and protocols utilized by the application. You can allow all the requested connections, a connection only for a specific protocol and port, or block the connection. Once the rule is created, the firewall handles requests according to the rule and no longer gives out messages regarding application's network activity to the user.

The predefined database contains rules for the most popular programs, as well as all Windows system services and applications. The database is updated on a regular basis.

For more information see the video tutorial on configuring the Dr.Web firewall.

Yes, you can. In order to disable SpIDer Guard, right-click on the Dr.Web icon in the notifications area and select SpIDer Guard–>Disable.

Enabling this option allows to block automatic launch of autorun.exe-like files from removable media and hard disk drives. This option is used to neutralize autorun-viruses, which are automatically activated when a device is connected to the PC with autorun option enabled.

Enabling this option allows to block attempts to modify HOSTS system file used by operating system to make an Internet access easier. Modifications of this file may be resulted in virus or any other malicious program activities, and this may cause loss of access to some websites or network resources as a whole.

Anti-virus guard is loaded into RAM and checks files being created or modified on the hard disk and all the files being opened on network disks and removable media “on the fly”.

Besides, SpIDer Guard constantly traces running processes activities specific to viruses and blocks those processes upon their detection.

Upon detection of infected objects, SpIDer Guard interacts with them according to the specified settings.

SpIDer Guard log file is called spiderg3.log and located in the anti-virus installation folder (by default, it is C:\Program Files\DrWeb).

Paranoid mode is an enhanced protection mode. When this mode is activated, the guard starts scanning all the files being opened, created or modified on hard disks, removable media and network disks.

In the Optimal mode the guard scans only files being launched, created and modified on hard disks, removable media and network disks.

In order to exclude a program or file from the SpIDer Guard scan, right-click on the Dr.Web icon in the notifications area and select SpIDer Guard–>Settings. In the next window, proceed to the Exclusions tab, press the Browse button to select the folder where the program to be excluded from the scan is installed, and press Add.

Should it become necessary to exclude a folder or file while the Dr.Web for Windows Scanner is running — select Settings–>Modify settings in the scanner menu. You may add a folder in the Scan–>Excluded paths list tab, and a certain file in the Excluded files list, then you need to press Add.

If the spam filter misrecognizes some letters, they can be forwarded to special mail addresses for analysis and improving filter performance quality:

  • Send letters misrecognized as a spam to vrnonspam@drweb.com.
  • Send letters not recognized by mistake as a spam to vrspam@drweb.com.

Important! You should forward messages as attachment, not as inline.

You can test proper operability of anti-virus programs detecting viruses by their signatures with the use of EICAR (European Institute for Computer Anti-Virus Research) file.

This program is specially designed to allow you to see how the installed anti-virus will alert you to the viruses it detected, with no need to expose your PC to danger. Eicar program is not malicious but is specially tuned so that most anti-viruses treat it as a virus. Dr.Web refers to this “virus” as EICAR Test File (Not a Virus!).

To test mail anti-virus performance, you can ask a friend of yours to send you this file, or otherwise try to send it to yourself. If SpIDer Mail detects a virus — that is OK.

Familiarise yourself with Google Play's instructions

  • To enter the portal from a mobile device, install Dr.Web. In the application menu, select About and tap My Dr.Web.

    Go to the Support tab → Ask a question.

  • If you want to go to My Dr.Web Portal from a PC or Mac, use the special service on the Doctor Web site. Log on to the portal and go to the Support tab → Ask a question.

Use My Dr.Web Portal — your personal assistant and guide to services. Here, in particular, you can contact our technical support. The history of your requests is also available here.

  • If you need help buying a commercial version, on the support request page of Doctor Web's site, select I do not yet have a commercial Dr.Web license and ask your question.
  • If you need assistance solving a technical problem, this kind of support is not provided with the free version of this product. Try to find the answers to your questions in the FAQ or get advice from other users on the Dr.Web forum.

If you're contacting technical support:

  • From the Dr.Web page at Google Play, through My Dr.Web Portal, or via the support form on Doctor Web's site, specify your serial number or your Google Play order number and your Gmail address. If you do not have the order number, then you probably purchased the Dr.Web license from another site. In this case, you need to submit your serial number. You can find your serial number on My Dr.Web Portal.
  • Use the link in your order confirmation — click on the link found in the support request form at Google Play, select the request topic, and ask your question. We will obtain all the required information from Google Play automatically.

If you have deleted the email confirming your purchase information, you can find the order number (transaction id) in Google Wallet — information on all your orders is stored there.

Only users of the shareware version of Dr.Web for Android (comprehensive security) have serial numbers, which become available to them after they pay for their license on My Dr.Web Portal. Serial numbers are displayed in the Portal’s license information section.

Select About in the Dr.Web menu. If the word Light is present, you are using the free version. Also, the main menu provides access to different sets of security components; the paid version has substantially more components.

Dr.Web for Android Light — free license Dr.Web for Android — commercial license
Dr.Web для Android Light Dr.Web для Android

You will receive an email receipt confirming your purchase. The email will contain your order number and order information, and a link for contacting Doctor Web's support service regarding questions concerning purchase, payment and refund. If you have not received such an email, please contact Google Play's support service — Doctor Web's support service won't be able to help until your payment has been received.

The list of your paid purchases can be found in Google Wallet. The list of applications that have been paid for and are thus available to you can be found in the My Apps section of your Google account.

In the program's main window, go to the menu, select About, tap Update License and choose Purchase/Download. To activate the license, you must have Internet access and use the same Google account through which you made the purchase. The Dr.Web key file will be downloaded automatically. More>>

According to Google Play's refund policy and under the Agreement between Doctor Web and Google, you can apply for a refund no later than within 48 hours after payment is made.

  • If you have a payment receipt email from Google Play, open it and click on the link in the phrase "Have a question? Contact the seller Doctor Web, Ltd.". A Google Play support request form will be loaded. On the request page, select the option "I'd like to request a refund/return the item" and send the refund request. A Doctor Web employee will process your request, and you will get a refund.
  • If the purchase receipt is lost request a refund through the support request form at Doctor Web's site or in My Dr.Web Portal. Specify your order number and Gmail address.

In both cases, you will receive a refund confirmation from Google Play.

Important! The time frame for a refund depends only on how fast your bank processes such requests! If the money is not returned to your account within 2-3 days of receiving a confirmation from Google Play, contact your bank. Doctor Web cannot influence bank policies or expedite refunds. Our refund liabilities to our users are met after you receive a refund confirmation from Google Play.

Chances are the funds have been blocked by the bank that issued your credit card. Doctor Web cannot influence bank policies. The funds will be returned to your account after a period defined by the bank. If the money is not returned to your account in 2-3 days after receiving confirmation from Google Play, contact your bank.

  • I have purchased a new smart phone.How can I transfer my Dr.Web license to the device from my old smart phone?
  • If your license has expired you cannot transfer it to another device. Buy a new license.

In My Apps, select Dr.Web and tap Install. A valid license will be recognized automatically.

  • I lost my Dr.Web license. How can I recover the license purchased through Google Play?
  • If your license has expired, you will not be able to restore it. Please buy a new license.
  1. If your license is still valid,-note that licenses purchased through Google Play are bound to the account under which they have been purchased.
  2. Make sure that this account is set as the primary account on the device.
  3. In the main Dr.Web window, select About.
  • If Dr.Web is not already installed on your device, use the account under which you purchased the license to log in at Google Play. In My Apps, select Dr.Web and tap Install. A valid license will be recognized automatically.
  • If Dr.Web is already installed on your device:
    1. Run Dr.Web.
    2. In the main Dr.Web window, select About.
    3. Tap Update License and select Purchase/Download.

Malignant applications for mobile OSs are the fastest growing malware segment. As popularity of an OS is growing among users, so does the interest in it on the part of intruders, whose main goal is to get money. The number of threats to Android increases most rapidly.

Yes, there are and their number is growing. Android.SmsSend Trojan horses that emerged as early as in 2010 are the most common threats to the OS. They are designed to send SMS messages at premium numbers and sign up subscribers to various services.

Mobile banking Trojans are designed to intercept SMS messages, steal mTAN-codes and pass them to criminals who perform various financial transactions with accounts of unsuspecting victims (for example, make online purchases) pose an extreme danger. Android.SpyEye.1 is a banking Trojan for Android OS.

Such malware as Android.MailSteal.1.origin, Android.Maxbet.1.origin, Android.Loozfon.origin and Android.EmailSpy.origin. steal e-mail addresses from devices' address books and send them to a remote server, so that attackers can carry out spam mailings.

While out of the office, employees are not protected from hackers, applications they use may have vulnerabilities, their computers and mobile devices can be infected with viruses and Trojans that steal banking and payment system access passwords and money from bank accounts.

Employees regularly connect to the company's network via their device, and thus put confidential data and money at risk—not only their personal assets but corporate too. Incidents when malware gets onto a local network from personal devices, including handhelds, account for up to 70% of intrusions.

In addition, banks often send SMS confirmations to maintain security of transactions. There are malignant programs that can modify such confirmation messages. An anti-virus guarantees that incidents when money is stolen from accounts will never be concealed.

You don't need to install anything — just visit a compromised web-site. And it won't necessarily be a site with objectionable content — from intruders' point of view, hacking news portals is much more useful. News sites are the most visited ones on the Internet. They usually do not cause any suspicion among users or system administrators from companies which do not block access to such sites. That's why news portals are a very attractive field of operation to intruders. By Spreading malware through such sites, they can cause damage to a huge number of users and companies.

Dr.Web for Android protects from viruses and other malicious programs that may steal or damage information stored on the mobile device. It prevents viruses from getting and running on a mobile device.

Note: Dr.Web for Android can only protect mobile devices and its virus databases are different from those used by the anti-virus maintaining security of desktops and laptops. To protect a computer, use corresponding products from Doctor Web.

Dr.Web anti-virus occupies about 1 MB in the device memory. Only the file monitor that keeps track of the system processes resides in the memory at all times. The monitor requires a certain amount of resources, but it has no noticeable effect on overall performance.

In the top-right corner of the main application window, click on the menu icon, and select About.

On the newly appeared page, you'll find information about the name and version of the Dr.Web solution you’re using to protect your device.

The name of your Dr.Web product can also be found in the License Manager on Doctor Web’s site.

If you inadvertently downloaded Dr.Web for Android Light instead of Dr.Web Security Space for Android, download a free 14-day trial for the full version (the trial is issued during installation) from Doctor Web’s site. You can also download the full version of Dr.Web from Google Play.

Download a free 14-day trial for the full version (the trial is issued during installation) from Doctor Web’s site.

You can also download the full version of Dr.Web from Google Play.

In the top-right corner of the main application window, click on the menu icon, and select License.

On the newly appeared page, you can find out who owns the license and when the license expires.

The validity period of your Dr.Web license can also be viewed in the License Manager on Doctor Web’s site..

The most dangerous threats for mobile devices are those that penetrate the firmware and system areas. The main signs that malicious behaviour is occurring in the system area are as follows:

  1. The multiple appearance of the same threats in the same areas, even after the anti-virus has removed them. Threats usually reappear after a device reset.
  2. Notifications in Dr.Web Security Auditor.

! In such situations, due to the specific features of the Android OS, it's impossible to employ the standard features of ANY anti-virus to neutralise Trojans because, just like any other application, an anti-virus installed on a non-root device does not have administrative privileges: Dr.Web can detect malicious programs that get into the Android system directory, but it is not authorised to remove them.

To close firmware vulnerabilities and neutralise threats in /system, you can do the following:

  1. Disable (if possible) these applications. This will not eliminate a threat completely, but it will neutralise it until you can remove it permanently.
  2. If your device is rooted (with superuser privileges that allow you to make any type of change you want, including to the firmware), you can try to remove malicious applications with the help of special third-party utilities.

    ! In some cases, configuring root access may lead to the device manufacturer denying to provide you with warrantied maintenance.

    Make a backup of all user data; do a reset to the factory settings; and install new manufacturer-provided firmware that has had the Trojan removed from it. You may need to wait for an update, depending on how much support the manufacturer provides.

    ! If you are not provided with the firmware, your best course of action is to return the device you purchased to the seller. You should NEVER USE this device.

We also recommend that you read the Anti-virus Times issue dedicated to this topic — "A fish rots from the head down..." Please refer to the issue "Firmly rooted" to know how Trojans can find their way into firmware.

Start Dr.Web for Android. In the subsequent window go to the SpIDer Guard section and check if the Monitor is enabled and protects the system message is displayed. If it is, the anti-virus protects your device. If the message is Monitor disabled, the monitor is not running. Tap the monitor indicator button.

To scan your mobile device for viruses, launch Dr.Web for Android, and tap Scanner. In the next window, specify the scan mode.

  • Quick scan. The anti-virus scans only files of installed applications. The fewer there are applications, the sooner the express scan will be completed.
  • Full scan. All files on your mobile device are scanned.
  • Custom scan. Scan only certain files or folders for viruses. To run a custom scan, select objects you want to scan and tap the Scan button.

Abort scan at any time by tapping Abort.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Tap on the Dr.Web icon on the notification panel. In the succeeding window you will see all the available information about the threat. Tap on this message, then select the desired action: delete the file, place it into the quarantine, or ignore the warning.

Warning! It is not recommended to choose the Ignore option! If you believe that the anti-virus has made a mistake, select Quarantine and after that send the file to Doctor Web for a detailed analysis.

SpIDer Guard is designed to constantly protect mobile devices against viruses and other threats. It loads into the memory upon Android start-up and scans all files accessed by a user or the system in real time.

There are three ways to install the anti-virus:

  1. Use HTC Sync. To install Dr.Web, you need to connect your device to your computer and sync them with HTC Sync. Use HTC Sync to run the Application Installation wizard, specify the path to the file drweb-600-android.apk and follow the wizard instructions.
  2. Manually. Copy drweb-600-android.apk (download link) to the mobile device (from a computer, with a memory card or download OTA from our web-site). To run the file you will need a file manager.
  3. Via Android Market. Go to the Android Market, find Dr.Web on the application list and select Install. In the subsequent window displaying information about the privileges required for the program, click OK, the application will be installed automatically.

Open the Dr.Web application; go to Menu (the three dots in the upper-right corner of the screen) → LicenseEnter new serial number. Enter your serial number, and tap "Activate".

No additional actions, including reinstallation, are required. The same method is suitable for activating a serial number when you purchase/renew Security Space that includes a free mobile version.

Activation error

If any error messages appear, try to activate your license using a different network connection.

If you continue to encounter problems, detailed diagnostics are required. Send a written request to our technical support service. Please attach the error screenshot to your request, and enter your serial number.

Activation via a key file is only suitable for applications downloaded directly from Doctor Web's site (this method is not suitable for applications installed from the Play Market!).

  1. Copy the key file to any folder in the device's memory or to its memory card.

    You can extract the archive's contents and copy only the file with the *.key extension, or transfer the whole ZIP archive to your device;

  2. Open Menu (the three dots in the upper-right corner of the screen)); select the License section, the I already have a license item, and the option Use a key file;
  3. Open the folder where the key file or ZIP archive was saved, and select it.

The key file will be installed in the system and a message notifying you about this will appear on the screen.

Activation error

If any error messages appear, try to activate your license using a different network connection.

If you continue to encounter problems, detailed diagnostics are required. Send a written request to our technical support service. Please attach the error screenshot to your request, and enter your serial number.

Go to Menu (the three dots in the upper-right corner of the screen) → LicenseI already have a license.

Then tap Restore purchase from Google Play.

Enter the email address you used when purchasing this license, and your personal data.

Activation error

If any error messages appear, try to activate the license using a different network connection.

If you continue to encounter problems, detailed diagnostics are required. Send a written request to our technical support service. Please attach the error screenshot to your request; indicate your Google play order number (GPA-...) and the Google account address (your email@gmail.com) you used to make the purchase.

Start Dr.Web for Android. To suspend the file monitor, tap the green indicator next to SpIDer Guard. The system will immediately notify you that the monitor is turned off, and the mobile device may be exposed to threats. With the anti-virus disabled your mobile device becomes vulnerable. Be sure to activate Dr.Web as soon as you can.

Go to the Settings menu of the device, select Applications→Manage applications. In the Third-party tab tap Dr.Web for Android. In the subsequent application information window tap Remove. To permanently delete the anti-virus, tap OK in the removal confirmation dialogue.

Another way to remove your anti-virus — tap the anti-virus icon on your device’s screen, and hold it for a few seconds. At the top of the display, you will see the Recycle Bin icon accompanied by the text Remove. Drag the application icon to the Recycle Bin, and confirm that you want to remove your anti-virus.

Open the Dr.Web for Android application, and tap Menu (the three dots in the upper-right corner of the screen) → LicenseRenew license via Google Play. Open the link and pay for the license. When an attempt is made to renew a license that was not purchased on Google Play, the application will display an error message and another renewal method can then be selected.

By default, virus database updates are downloaded automatically in the background. To update the databases manually, on the main application screen, tap “Menu” (the three dots in the upper-right corner of the screen), and select Virus databases and then Update.

Presently you can't update the anti-virus by copying virus databases onto a mobile device. To update the databases, use the built-in update module.

Note: an Internet connection is required for updating.

Information about the number of virus definitions in the databases and date of the last update is contained in the anti-virus statistics.

  1. On the main application screen, tap “Menu” (the three dots in the upper-right corner of the screen), and select Settings and then the section Virus database update;
  2. Select the Update over Wi-Fi checkbox, and by default, mobile networks will not be used to download updates. If no Wi-Fi networks are available, you will be prompted to use the mobile Internet.

Start Dr.Web for Android and tap the Menu button on your mobile device. In the pop-up window select Settings.

Dr.Web for Android interface language corresponds to the current language of the operating system. Select English as the Android interface language and the anti-virus will switch to English automatically.

Note: to change the OS language tap Menu and point to Settings in the subsequent pop-up window. Go to Language & Keyboard, Select Language and choose the language you need in the succeeding window.

Dr.Web Security Space for Android version 12 has a new feature that lets you password-protect your Dr.Web account and the configuration of certain components. Setting a password for your Dr.Web account ensures that outsiders can’t tamper with important anti-virus and system settings.

If you’re a Dr.Web user, when you upgrade to version 12, an account will automatically be created for you provided you enabled the Anti-theft component before the upgrade.

If you’ve downloaded Dr.Web version 12 for the first time, create an account so that you can set a password for accessing Dr.Web’s settings.

In the top-right corner of the main application window, click on the menu icon.

Select Account.

Specify a valid email address. Click on Continue.

Specify an account password. It must consist of at least 4 characters.

Cybercriminals almost instantly hack passwords containing fewer than 8 characters.

Re-enter the password, and click on Continue.

You will see confirmation that you have created an account. Click on Continue.

This same password will work both to protect the settings of certain Dr.Web components and to permit access to other applications installed on the device if the Parental Control blocks access to them.

Ask your friend from the Buddies list you created when you configured Dr.Web Anti-theft to send your mobile phone an SMS message containing the text #RESETPASSWORD#.

When you receive the SMS with the command, the password reset will occur automatically. If your mobile phone is not blocked, you will see the Change password screen, where you can set a new password.

If your device was blocked, it will be unblocked.

All SMS commands for remotely controlling Dr.Web Anti-theft

Download memo (PDF)

Click on Forgot your password? on any screen that prompts you to enter your password. Read the instructions.

Open the Dr.Web account page https://acs.drweb.com and enter the key and email address you specified in the Forgot your password? window.

If the code is entered correctly, you will see this window.

Check your incoming messages—you will receive an email containing a confirmation code.

Enter this code in the Forgot your password? window, and click on Next.

Create a new password and remember it.

If you did not receive the email, click on the line Did not receive the email?, and you will automatically be redirected to the Doctor Web technical support page.

Since the new version 12 has a single password for the account and the Anti-theft settings, we will have to be sure that the person contacting us is indeed the owner of the device and the Dr.Web license.

In the support request:

  1. Specify the device IMEI (your device’s unique identifier; typically, this is a 15-digit number written in decimal digits).
  2. Attach to your request:
    • the corresponding receipt and a photo of the completed warranty certificate (if you have the device's box/packaging and the IMEI is readable, attach a photo of the box to your request);
    • proof of purchase of your Dr.Web license (an email from the eStore, a scanned copy of the payment document, or other). If you won your license during a Dr.Web auction—specify your Doctor Web account login. If you are using a trial version, please ignore this subitem.

If you no longer have access to the email you used to register your account, you will need to remove your old account and create a new one.

If you no longer have access to the email you used to register your account, you will need to remove your old account and create a new one.

Select Account.

Click on Delete account.

Delete account Delete account.

When an account is deleted, the Anti-theft and Parental Control settings will reset—you will need to reconfigure them.

Dr.Web for Android Parental Control will protect applications from unauthorised access and anti-virus settings from tampering by outsiders or children. But first Dr.Web Parental Control must be enabled.

Select Parental Control in the Dr.Web menu.

Click on the Enable button or on the switch in the upper-right corner of the window.

Grant Parental Control access to Android’s special features by clicking on Grant access.

In the Special features settings window, click on the Dr.Web Security Space button.

Use the switch to enable Android’s special features.

Close the configuration window for special features.

Go to the Applications tab, and select Settings — this will block unauthorised access to the system’s settings.

In the Components tab, select all the items—after this, a password will have to be entered to access the selected Dr.Web protection components.

Dr.Web Security Space for Android can protect against both the downloading of new applications and the use of applications that have already been downloaded.

To prevent other users—your children, another family member, or outsiders—from downloading programs or using programs that have already been downloaded but have been determined by you to be harmful for them, use the special Parental Control feature to block those options.

Open the Applications tab in Dr.Web Parental Control. You will see a list of all the applications installed on your device. Select the applications you want to block access to.

This is only sufficient to prevent anyone who does not know the Dr.Web account password from using already installed applications. You must also prohibit anyone from downloading new applications to your device.

Go to the Components tab of the Parental Control. Check the box next to Dr.Web settings.

In the Components tab of the Parental Control, select Play Market.

And then if anyone attempts to download a new application, this window will appear:

The URL filter in Dr.Web Security Space for Android 12 is disabled by default. We recommend that you configure it right after you install Dr.Web and that you password-protect access to it using Dr.Web Parental Control—this will prevent those close to you from visiting malicious and fraudulent websites.

In addition, you can configure website blacklists and whitelists or block access according to thematic groups of sites.

Only then will you be able to keep your children (or anyone else who has access to your device) from disabling the blocking options in the URL filter and visiting webpages you deem to be undesirable; they will be protected from fraudsters’ attempts to lure them to dangerous sites.

To prevent anybody from tampering with the settings you established for the URL filter.

In the Parental Control's Components tab, check the box next to URL filter.

When trying to open a website from the banned websites list, the user will see this window.

Learn more about the URL filter settings from our video tutorial.

Send the trusted friends on your Dr.Web Anti-theft contact list a memo containing the SMS commands used to remotely control the Anti-theft in emergency situations—that way they’ll know how to help you when needed.

Download

In the application's main menu, select Anti-theft. In the Configuration Wizard window, enter and confirm a password. If necessary, create a friends list (a list of trusted numbers).

More detailed information about configuring the anti-theft can be found in the corresponding section of the documentation.

Then you can adjust anti-theft security parameters: set blocking conditions and the actions that the program will perform if those conditions are met. More information about this can be found here.

To activate the anti-theft, use the previously specified password.

There are three ways to choose from to unlock the device depending on the version of Dr.Web for Android you use and availability of the friends list.

  • If you are using Dr.Web for Android 7.0 and higher, use the special service at.
  • If, when configuring the anti-theft (any version), you created a list of friends, you can disable the anti-theft by sending a corresponding SMS command from a trusted number. For more information about SMS commands, please follow this link.
  • If you use Dr.Web for Android 6.0 and didn't create a list of friends, you need to send a request to Doctor Web's Technical Support Service. In your request, you will need to provide the following information:
    • Your Dr.Web serial number
    • a photo of the box, warranty card, or other document that concerns the blocked device and contains a readable IMEI.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Launch Dr.Web for Android and select Statistics. Tap Menu and choose Save log on SD card. The DrWeb_Log.txt file will be saved into the /Andoroid/data/com.drweb/files/ directory and a corresponding notification will be displayed. If you want to send a support request, use the web-form at https://support.drweb.com/support_wizard/. To attach a file to your request, tap Browse, select the file you need and press Open. To send the request, tap the Send button.

To avoid downloading a huge amount of data via the mobile Internet, temporarily disable it for an application. To do this:

  • run Dr.Web;
  • open the Firewall component;
  • click on the “Applications” tab;
  • select the application you need;
  • in the “Access to data transfer” section, click on "Mobile Internet" so that it becomes inactive.

When you need to download a major update, for example, via free or home Wi-Fi, you can use this same method to allow the application to use mobile traffic to connect to the Internet.

To view applications whose network access parameters were specified in the Firewall:

  • run Dr.Web;
  • open the Firewall component;
  • click on the “Applications” tab;
  • take note of the applications marked with the red gear icon.

If present, this icon indicates that the application settings in the Firewall were changed or that an active rule was set for it.

The floating window containing traffic-usage information is disabled by default because it takes up screen space, which may not always be convenient when working with a mobile device. When no acute need to control traffic exists, the window can be disabled, but when the amount of traffic and where it is coming from is important to know, it is better to have this data on view.

To enable the display of the floating window:

  • run Dr.Web;
  • open the Firewall component;
  • click on the “Limit” tab;
  • select "Current traffic information";
  • place the floating window on the screen so that it does not bother you while you are working with your mobile device.

Immediately after this option is selected, the floating traffic-information window will appear; in the future, it will appear on top of other windows.

For user convenience, network traffic-usage information is displayed in two ways.

To obtain full information on application network activity while the Firewall is in operation:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Applications" tab.

To view data pertaining to an application you are interested in, select the application from the list—the settings window, containing complete information, will open.

The user can also control this information via the floating window—we've described how to enable it here.

If you need to prevent an application from accessing a website, you can do this on the Dr.Web Firewall’s "Traffic" tab:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Traffic" tab;
  • select the application you want to prevent from accessing the website;
  • from the drop-down list containing connections used by applications, select the connection that needs to be blocked;
  • you will see a pop-up menu that lets you add an “allow” or “block” rule. Select "Add blocking rule".

The firewall will now automatically block access to this resource.

If you want to restore access to a previously blocked resource, you can do this by removing the corresponding blocking rule.

You can also explicitly specify an address that you don’t want any programs connecting to. To do this:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Applications" tab;
  • select the program you want to keep from accessing the website;
  • in the newly appeared window, in the "Rules for IP addresses and ports" section, select "Block connections from list";
  • click on "Add rule", and in the "New rule" window, specify the server address and the connection port you need to block access to;
  • click OK to finish creating the rule.

The firewall can restrict the use of mobile traffic and, if necessary, block an application's access to the Internet via a selected connection type: Wi-Fi, mobile Internet, and in roaming.

To configure the connection types that applications can use to connect to the Internet:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Applications" tab;
  • select the application you need;
  • in the "Access to data transmission" section, specify the connection types that the application can use to connect to the Internet.

To limit the use of mobile traffic:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Limit" tab;
  • select "Limit mobile Internet";
  • in the newly appeared window, indicate how much mobile traffic (in megabytes or gigabytes) you can use for a specific period (day, week, or month), and click “OK”.
  • you will see a window where you can specify the amount of traffic you’ve already used prior to the current moment—if you’ve already used some traffic from the current period (for example, you installed Dr.Web in the middle of the month). Specify the amount that you have used, and click “OK”.

With this option, you’ll find it very convenient to receive notifications informing you that you are reaching your limit. To enable these notifications, select the “Notifications” checkbox in the “Limit” tab.

Since limited Internet plans are usually offered for a specific amount over a specific period (for example, 100 MB per 24 hours or 5 GB per month), the traffic limitation option can be configured to prevent users from suddenly and significantly exceeding their usage limits.

To configure a limit for the mobile traffic you use

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Limit" tab;
  • select "Limit mobile Internet";
  • in the newly appeared window, indicate how much mobile traffic (in megabytes or gigabytes) you can use for a specific period (day, week or month), and click “OK”.
  • you will see a window where you can specify the amount of traffic you’ve already used prior to the current moment—if you’ve already used some traffic from the current period (for example, Dr.Web was installed in the middle of the month). Specify the amount that you have used, and click “OK”.

With this option, you’ll find it very convenient to receive notifications informing you that you are reaching your limit. To enable these notifications, select the “Notifications” checkbox in the “Limit” tab.

Two of the tools incorporated into the Firewall can be used to view current network activity.

The first one is the floating window, which, in minimised format, displays the total amount of traffic used and, in expanded format, displays the list of applications currently using an Internet connection.

If the floating window is disabled, do the following to get the latest network activity information:

  • run Dr.Web;
  • open the Firewall component;
  • click on the Firewall's "Traffic" tab.

Here, the user can find information about the applications and services currently using an Internet connection and the amount of traffic they are using.

If, for some reason, you have to completely block an application’s access to the Internet, the best solution will be to prevent the application from being able to transfer data.

To limit any kind of network activity for an application, do the following:

  • run Dr.Web;
  • open the Firewall;
  • click on the "Applications" tab,
  • select the program whose Internet access you want to limit;
  • in the newly appeared window, in the "Access to data transmission" section, disable the use of Wi-Fi, mobile Internet, and roaming for each application in the list.

To create a rule that restricts or allows an application to engage in any kind of network activity, do the following:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Applications" tab,
  • select the program for which you want to create the rule;
  • in the newly appeared window, go to the "Rules for IP addresses and ports";
  • create an “allow” or “block” rule, as described below.

To create a blocking rule:

  • select "Block connections from the list" from the drop-down list;
  • click on "Add rule";
  • in the newly appeared window, enter the IP address (in the ххх.ххх.ххх.ххх format) and the number of the port (e.g., 225) to which you need to block access;
  • click "OK".

If necessary, you can repeat this operation for all the addresses you want to block access to. All other connections will be enabled by default. This operation mode can conveniently be called "Using the blacklist".

To create an allowing rule:

  • select "Allow only the connections from the list " from the drop-down list;
  • click on "Add rule";
  • in the newly appeared window, enter the IP address (in the ххх.ххх.ххх.ххх format) and the number of the port (e.g., 225) to which you need to allow access;
  • click "OK".

If necessary, you can repeat this operation for all the addresses you want to have access to. Please note that all other connections will be disabled by default. This operation mode can conveniently be called "Using the whitelist".

For each application that uses Internet access, the Firewall collects statistics related to incoming and outgoing traffic.

To view statistics:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Applications" tab;
  • select an application you are interested in, and in the newly opened window, go to the "Statistics" section.

Here, users can find complete traffic information (incoming and outgoing) for the application and a network-usage diagram. Users can see how much data the application received during a defined period.

If you need to delete an existing rule:

  • run Dr.Web;
  • open the Firewall component;
  • click on the "Applications" tab;
  • select the application for which you want to change the rule;
  • in the list of rules visible in the newly appeared window of the "Rules for IP addresses and ports" section, tap the line that you want to delete, and drag it in any direction. The line will switch to the choice "Edit" or "Delete";
  • click on "Delete" to remove the rule or on "Edit" to replace it with a new one.

All Firewall actions are logged and recorded in the Firewall Log. The report contains the following information about applications and actions involving them:

  1. Application name.
  2. IP address, port, and protocol via which the data was exchanged.
  3. Date and time of connection (for TCP) or time taken to receive data packets with the corresponding amount of traffic (for UDP). For example: 21/11/2017 22:19:39 — 21/11/2017 22:19:42.
  4. Local address and local port. For example: src: 192.168.0.102:55512.
  5. Incoming and outgoing traffic (bytes) or the number of blocked packets. For example: in:124 out:79 or blocked packets:1.
  6. The identifier of the application on the device associated with this traffic (User ID). For example: uid=10011.
  7. Number of network congestion incidents (for TCP only). For example: traffic jam=0. Traffic congestion is a special situation when a client program fails to offload a TCP buffer, and that can be the cause of data transfer slowdowns over the network.

To open the Firewall Log, run Dr.Web, open the firewall, and then click on the icon in the form of the vertical ellipsis. Select "Log".

Note that data related to application network activity is stored in a separate Application log that is created separately for each application.

After this, the Firewall starts operating. By default, all network activity is allowed except the use of the Internet in roaming. To manage traffic at your own discretion, you will need to configure the Firewall.

Since monitoring and recording all network application activity is one of the main tasks of the Firewall, the Application Log stores all the information about application-specific network activity:

  1. Time an event occurred
  2. Resource name
  3. Resource IP address
  4. Protocol via which the connection was established
  5. Connection status
  6. Amount of incoming traffic
  7. Amount of outgoing traffic

To access the Application log, do the following:

  • run Dr.Web;
  • open the Firewall;
  • click on the "Applications" tab;
  • select the application you need, and in the newly appeared window, click on the icon that looks like a vertical ellipsis. Select "Application Log".

The Call and SMS Filter protects against phishers and vishers. But fraudsters can ask children to disable the restrictions their parents have established in this component.

Dr.Web Parental Control will reliably protect your children provided you ensure that they cannot tamper with the Call and SMS Filter settings.

In the Parental Control's Components tab, check the box next to Call and SMS Filter.

This setting won't allow the user to bypass Call and SMS Filter restrictions, and the user will receive calls and SMS according to the settings established for this component. For example, if the Filter is configured to allow calls and messages from the whitelist only, the user will only receive calls from numbers on that list.

When trying to sign in to the Filter settings, the user will see this window:

Learn more about the Call and SMS Filter settings from our video tutorial.

Dr.Web for Android doesn't block outgoing calls.

The anti-virus places suspicious and infected files into the quarantine folder. Suspicious files are quarantined to be sent to Doctor Web's virus laboratory for analysis, infected ones are isolated if curing is not possible for some reason.

To send a suspect file, use the form on our website: https://vms.drweb.com/sendvirus/. To attach a file to your request, tap Browse, select the file you need and press Open. To send the request, tap the Send button.

Launch Dr.Web for Android and select Quarantine. Tap the file you want to restore. In the succeeding window you will see all the information about this file and malicious code contained in tt. Tap the Restore button - the file will be moved to the original folder.

This error can occur due to server overload. Please visit this page later. Or send a written unlock request to our technical support service. Please attach and specify the following data and documents.

Possible reasons:

  • problems with the Internet connection;
  • no settings were specified for the proxy server, if one is used.

Solution:

It defends your Mac from all types of malicious programs—including those created specifically for OS X. With the growing popularity of OS X, malware tends to target specifically this operating system. Incidents involving large-scale botnets comprised of infected Macs did occur: such Trojans as BackDoor.Flashback.39, Trojan.SMSSend and Trojan.Yontoo.1 still pose a threat to unprotected machines.

With Dr.Web for OS X., you can protect your system from these and many other malicious programs created to infect Macs as well as other operating systems. However, bear in mind that, while an update containing a corresponding virus definition has arrived, no anti-virus can protect your Mac against new malware, which hackers tested against latest versions of anti-virus engines. To protect against such malicious programs, you need to use advanced security tools and, of course, be careful when you visit certain sites.

Yes. The first virus for an Apple computer was created in 1982. The first virus for Mac OS X (Mac.Leap) appeared in 2006. In early 2009, the Trojan Mac.Iservice infected machines that comprised the iBot zombie network. In 2012, half a million of computers were connected to the botnet created by the Trojan BackDoor.Flashback. It was Doctor Web who first discovered this zombie network.

An attacker does not necessary need to hack into your computer to install malicious software. In most cases, unwanted programs get onto Macs due to careless of users when they visit legitimate sites, such as news portals. They can be compromised, so that infection gets onto computers of visitors regardless of their OS—in most cases, the target platform is detected and selected automatically.

Two simple conditions must be met for a system to get infected with BackDoor.Flashback.39: Java Virtual Machine must be installed in the system, and a user must load a compromised webpage in the browser.

Trojan.SMSSend family programs can be easily downloaded from various websites under the guise of a useful application. Today, adware for OS X is also rather common. For instance, Trojan.Yontoo.1 gets onto a Mac, if the user agrees to download and install a browser plug-in from certain sites, or downloads it under the guise of a media player, a program to improve video playback quality, a "download accelerator", etc.

There are also e-mail and removable data storage devices—the traditional media that spread malware with no regard to the operating system.

It is a botnet of infected Macs which took shape with emergence of the Trojan Mac.Iservice in January 2009. To date, it has several thousand computers and has managed to manifest itself in a number of DDoS-attacks.

For evaluation purposes, you can use the trial version. Download the distribution from Doctor Web's site at download.drweb.com/demoreq. The period of a demo license is 30 days.

You can also use the free scanner Dr.Web Light for OS X. The scanner incorporates state-of-the-art technologies to detect and eliminate viruses. You can use it to check your system, whenever you need to. However, Dr.Web for OS X is a more feature-packed product as compared with Dr.Web Light for OS X. It includes Dr.Web SpIDer Guard file monitor to scan files in real time.

According to the documentation, OS X 10.7 and above are supported.

Dr.Web for for OS X protects against viruses whose definitions are present in the Dr.Web virus database. They can be written to infect OS X as well as other platforms.

The non-signature detection technology Origins Tracing and heuristic analyser help neutralise threats yet unknown.

Download the program's distribution at download.drweb.com/mac. Install Dr.Web for OS X. In the License Manager, select Demo license.

There is no way to prolong a demo key—you need to purchase a commercial license.

Administrator privileges are required to install Dr.Web. After mounting the drive you will see the following window:

Select Dr.Web anti-virus for OS X . Read the Installation Wizard's welcome and click Continue. To continue the installation, read the License Agreement and accept its terms. After that select the disk onto which Dr.Web for OS X will be installed. Enter the administrator password. Then Dr.Web for OS X will be installed automatically. When finished, click Finish. You don’t need to restart your system after installation.

If you purchased a license for Dr.Web for OS X and the program is already installed on your Mac

  • In the main menu of Dr.Web for OS X, select License Manager. In the subsequent window select Get New License. Follow the registration steps and enter the serial number in the appropriate fields of the registration form. Your key file will be downloaded and placed in the required directory automatically.

If you purchased a license for Dr.Web for OS X and the program is not installed on your Mac

  • Download the installation package at download.drweb.com/mac. During installation, in the License Manager, select Get New License.
  • Enter the serial number in the appropriate fields in the registration form. Your key file will be downloaded and placed in the required directory automatically.

You can also register your serial number at Doctor Web's server at products.drweb.com/register.

You can choose to update the anti-virus automatically and manually on demand or according to the schedule.

Select Update in the program's main window.

By default, only anti-virus file monitor settings are protected. To change them, click on the lock icon in the bottom left corner of the SpIDer Guard window, enter the administrator password and make the necessary adjustments.

Yes, you can. Once a subsequent update is downloaded, you can try to cure a quarantined file.

Administrator privileges are required to remove the anti-virus. After mounting the drive you will see the following window:

Select DrWeb4MacUninstaller. Read the Removal Wizard's welcome and click Uninstall. Enter administrator password. After that, Dr.Web for Mac OS X will be removed automatically. When removal is completed, click Finish. Iit is recommended to reboot the computer after uninstallation.

Back

Nothing found

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040