Doctor Web monitors new threats as they arise and promptly updates its products to ensure that they can protect against those threats. Many malicious programs try to hide deep in the bowels of the operating system at the driver level and launch while a system boots up in order to prevent security tools, including anti-viruses, from detecting them. To neutralise threats of this kind, Dr.Web’s drivers are installed on a layer below the system drivers and thus thwart all malware attempts to penetrate the system.
Windows is designed in such a way that a system restart is required to update a driver.
For detection routines to be updated or urgent updates that provide protection from brand new threats to be applied, a system must be restarted because new Dr.Web interception drivers can only be installed after the reboot.
The WannaCry outbreak is a good example of how a threat can be neutralised while it is being downloaded even on Windows PCs whose security loopholes are unpatched. The trojan wasn't able to exploit vulnerabilities because the anti-virus intercepted the malicious code on Dr.Web-protected machines.
IMPORTANT! Starting with Windows 8.0, turning off a PC and turning it back on is no longer enough—it is imperative that a system be restarted! This is critical because often after installing updates, users merely power off their computers for the night and power them on again in the morning. The update prompt pops up again, and users regard it as an error. In reality, Windows 8.0 and later versions behave differently—when Windows starts, it creates a system image and later on restores itself from the image whenever the computer is turned on. This significantly reduces a PC’s start-up time because the drivers (including those of the anti-virus) don't need to be loaded all over again.
