- FTP Directory Listing
Contents
1. System Requirements Dr Web can be installed on a computer running OS X 10 7 or higher Other requirements are similar to those of the operating system Installing and Removing Anti virus The Dr Web software is distributed as a single disk image file To install Dr Web 1 Double click the disk image to mount it if necessary 2 Drag the application file from the disk image to the Applications folder on your Mac To uninstall Dr Web To delete Dr Web you can simply move the application to Trash If necessary enter user name and password of the administrator account in the corresponding dialog Ta J TY ax Chapter 3 Managing Licenses Chapter 3 Managing Licenses To use Dr Web you need to activate a license You can purchase a license with the product or on the official Doctor Web website A license allows to take advantage of all product features during the whole period Parameters of the key file are set in accordance with the software license agreement To activate a license renew it after it is expired or purchase a new one License Manager is used Dr Web Anti virus for Mac OS X license is not valid for the server operating system If A Server app is installed on your computer the operating system is defined as OS X Server In this case to use Dr Web you need either to remove Server app or purchase Dr Web Anti virus for Mac OS X Server license It is recommended to activate the license after installation2. ax Chapter 4 Basic Functions 2 Click the Websites button Only users with administrator privileges can change black and white lists Click the icon of a lock at the bottom of the window and enter the administrator name and password if necessary 3 By default both lists are empty You can add addresses to the black and white lists Click under the corresponding list and enter a domain name or a part of a domain name for the website that you want block or allow access to e To add a certain website enter its name for example www example com This allows access to all webpages located on this website e To allow access to websites with similar names enter the common part of their domain names For example if you enter example then SpIDer Gate will allow access to the example com example test com test com example test example222 com and other similar websites To allow access to websites within a particular domain enter the domain name with a period This allows access to all webpages located on this website If the domain name includes a forward slash the substring before the slash is considered a domain name while the substring after the slash is considered a part of address for the websites that you want to access within this domain For example if you enter example com test SpIDer Gate will allow access to webpages such as example com testi1 template example com test22 and so on To delete websites
3. 6 Dr WEB Anti virus for Mac OS X User Manual oe Je w A Doctor Web 2015 All rights reserved This document is the property of Doctor Web No part of this document may be reproduced published or transmitted in any form or by any means for any purpose other than the purchaser s personal use without proper attribution TRADEMARKS Dr Web SpIDer Mail SpIDer Guard Curelt CureNet AV Desk and the Dr WEB logo are trademarks and registered trademarks of Doctor Web in Russia and or other countries Other trademarks registered trademarks and company names used in this document are property of their respective owners DISCLAIMER In no event shall Doctor Web and its resellers or distributors be liable for errors or omissions or any loss of profit or any other damage caused or alleged to be caused directly or indirectly by this document the use of or inability to use information contained in this document Dr Web Anti virus for Mac OS X Version 10 1 User Manual 21 08 2015 Doctor Web Head Office 2 12A 3rd str Yamskogo polya Moscow Russia 125124 Web site www drweb com Phone 7 495 789 45 87 Refer to the official web site for regional and international office information Doctor Web Doctor Web develops and distributes Dr Web information security solutions which provide efficient protection from malicious software and spam Doctor Web customers can be found among home users from all
4. If necessary modify the list of exclusions e To add a file folder or application to the list click the button and select the object e To add a website to the list click the button under the white list and enter a domain name or a part of a domain name for the website e To delete an object from the exclusions list select it and click 7 or drag it outside the application window A The default exclusions settings are optimal for most uses Do not change them unnecessarily By default all quarantine folders are excluded from scans because they are used to isolate detected threats and as access to them is blocked there is no use scanning these folders Check Encrypted Traffic By default Dr Web does not check the data transmitted in accordance with SSL protocol To check the encrypted traffic 1 In the application menu click Preferences and open the Network tab 2 If the settings are locked click the icon of a lock at the bottom of the window and enter the administrator name and password 3 Select the Check encrypted traffic check box To obtain Doctor Web Certificate If the encrypted traffic check is enabled some browsers and mail clients which send and receive this traffic and do not refer to the system certificate storage may need Doctor Web certificate to operate 1 In the application menu click Preferences and open the Network tab 2 Press the Export button and save the certificate to a convenient fo
5. s rights are set in accordance with the License agreement The file also contains information on the user and seller of the anti virus It is recommended to keep the license key file until the license or demo period expires 9 Ta J AN ax Chapter 3 Managing Licenses A license key file for a demo period activation can be used only on the computer where the activation procedure was run License Manager To open License Manager click License Manager in the application menu the menu bar is at the top of the main desktop or click the license information section in the main application window The License Manager window displays the information on your current license The Get New License button allows you to activate your license for Dr Web or renew an expired license License Activation After installation you need to activate Dr Web to confirm legitimacy of using the anti virus and unlock the updating constant protection and on demand scanning features When you run Dr Web for the first time activation starts automatically You can also launch activation from License Manager by clicking Get New License To activate a new license 1 If you have a serial number for activation of a license or a demo period for 3 months on the first step of the activation procedure click Activate license 2 Enter the serial number and click Next In case you re activating a demo period go to the step 5 3 If you have a previo
6. 27 1 8 Kb Picture 3 Threats tab To view information on the threats 1 To view the list of the detected threats open the Threats section In the status bar in the bottom of the window the total number and size of the detected threats and also the number and size of the selected threats are displayed To view the information in a threat click the button or double click the threat To read about the type of the threat on Doctor Web website click the button to the left of the threat name on the details window To neutralize detected threats 4 Open the Threats section To apply an action specified in the anti virus settings for the corresponding threat type click the button with this action under the threat To select an alternative action click the arrow on the button with recommended action on the details window To neutralize several threats select them holding the SHIFT key then select the action to perform in the Actions section of the main application menu or in the threat list context menu To neutralize all threats click Neutralize All This will apply actions specified in the anti virus settings for the corresponding threat types You can also use the hot keys combinations on the keyboard to apply actions to the threats HTTP Traffic Check And Access Control to Web Resources Web traffic check is carried out via a resident component called SpIDer Gate It checks the incoming HTTP traffic and blocks all obj
7. Dr Web 8 reset settings 24 S scan mode custom 14 express 14 full 14 user 14 Scanner 14 automatic actions 20 Index exclusions 20 notifications 21 scanning administrator privileges battery use 22 exclusions 20 sound alerts 21 SpIDer Gate 16 SpIDer Guard 14 automatic actions exclusions 20 notifications 21 SSL traffic check 21 start Dr Web 13 system requirements T technical support 33 U Updater 13 web traffic check 16 websites access control 35 22 20 16 Doctor Web 2015
8. are locked in order to prevent anyone without administrative privileges from changing these settings To unlock them click the icon of a lock at the bottom of the mode preferences window and enter the administrator name and password To use central protection mode 1 2 3 Contact an anti virus network administrator of your company or IT provider for a license and parameters of connection to the central protection server In the application menu click Preferences and select Mode To connect to central protection server of your company or IT provider select the Enable central protection mode check box In the central protection mode the option of manual start and configuring updates is blocked Some features and settings of Dr Web particularly concerning the constant protection and on demand scanning may be modified and blocked for compliance with the company security policy or according to the list of purchased services A license for operation in this mode is received from central protection server Your personal license is not used In central protection mode the scanning of your computer can be launched manually or according to schedule directly from the server On switching to the central protection mode Dr Web restores parameters of the previous connection If you are connecting to the server for the first time or connection parameters have changed do the following The install cfg file provided by administrator of anti v
9. can leave the default settings configure which actions to apply automatically or choose actions manually upon every detection Below is a list of possible actions e Cure move to quarantine if incurable This action can be applied to infected objects only It implies deletion of malicious code from infected objects as well as recovery of their structure and operability to the state in which it was before the infection if possible If the malicious object is made of malicious code only for example Trojans or functional copies of computer worms it will be moved to quarantine Cure delete if incurable This action can be applied to infected objects only It implies deletion of malicious code from infected objects as well as recovery of their structure and operability to the state in which it was before the infection if possible If the malicious object is made of malicious code only for example Trojans or functional copies of computer worms it will be deleted Move to quarantine The detected threat is moved to a special folder and isolated from the rest of the system This action is preferable for incurable and suspicious objects It is recommended to send copies of such files to the Doctor Web Anti virus Laboratory for analysis Delete It is the most effective action for neutralizing computer threats It implies the complete removal of the malicious object Ignore This action can be applied to suspicious objects only The threat is skipped
10. from the quarantine to the initial folder it has been moved from e Restore to to select the folder to move the object from quarantine To process several objects select them holding the SHIFT key then select the action to perform in the Actions section of the main application menu or in the object list context menu You can also use the hot keys combinations on the keyboard to apply actions to the objects in quarantine Configuring Automatic Actions You can specify actions that will be applied automatically by Dr Web to various types of computer threats unless it is required to choose an action manually You can set different automatic reaction for Scanner and SpIDer Guard To configure automatic actions 1 w To open the automatic reactions settings for Dr Web components do one of the following e To configure automatic actions for Scanner in the application menu click Preferences and open the Scanner tab e To configure automatic actions for SpIDer Guard in the application menu click Preferences and open the SpIDer Guard tab Select necessary action for infected and suspicious objects Click Other to select actions for malware adware dialers jokes riskware and hacktools The actions specified in the SpIDer Guard settings will be applied automatically every time a threat is detected by this components To apply action automatically to the threats detected during the system check performed by Scanner select t
11. over the world and in government enterprises small companies and nationwide corporations Dr Web antivirus solutions are well known since 1992 for continuing excellence in malware detection and compliance with international information security standards State certificates and awards received by the Dr Web solutions as well as the globally widespread use of our products are the best evidence of exceptional trust to the company products We thank all our customers for their support and devotion to the Dr Web products y an aX Table of Contents Document Conventions Chapter 1 Introduction About Dr Web Main Components and Functions Chapter 2 Installation and Removal System Requirements Installing and Removing Anti virus Chapter 3 Managing Licenses License Key File License Manager License Activation Chapter 4 Basic Functions Starting and Quitting Anti virus Updating Anti virus Constant Anti virus Protection Scanning System on Demand Neutralizing Threats HTTP Traffic Check And Access Control to Web Resources Getting Help Chapter 5 Advanced Use Quarantine Configuring Automatic Actions Excluding Objects from Scanning Check Encrypted Traffic Notifications Administrator Privileges Optimizing Battery Use Dr Web Cloud Operation Mode Restoring Deafult Settings Appendices Appendix A Types of Computer Threats Appendix B Fighting Computer Threats O oo 0 nu un NWN OA NN NwNNNNNNNN NN BS amp a BB Bw B
12. without performing any action or displaying information in report 29 Ta J TY ax Appendices Appendix C Central Anti virus Protection Solutions for central protection from Doctor Web help automate and simplify configuring and managing information security of computers within logical structures for example company computers that access each other from both inside and outside of company s local networks Protected computers are united in one anti virus network which security is monitored and managed from central server by administrators Connection to centralized anti virus systems guarantees high level of protection while requiring minimum efforts from end users Logical Structure of Anti virus Networks Solutions for central protection from Doctor Web use client server model see picture below Workstations and servers are protected by local anti virus components agents or clients herein Dr Web installed on them which provides for anti virus protection of remote computers and ensures easy connection to central protection server i Central protection server Network based on TCP NetBIOS Anti virus network administrator Management via HTTP HTTPS Protected local computer Transmitting updates via HTTP CEA ll Doctor Web update server Picture 5 Logical structure of anti virus networks Local computers are updated and configured from central server The stream of instructions data and sta
13. E and CONTROL COMMAND F on the keyboard to start express or full scan 2 To scan only certain files and folders drag them to the main application window or click the dotted area in the left part of the window to select objects to scan In the list of objects select files and folders to scan e To add an object to the list click under the list of objects or simply drag this object to the list e To delete an object from the list select it and click 7 or drag it outside the application window Click Start Scanning to start scanning the selected objects To start a file or a folder scan from the context menu 1 Select a file or folder icon on the Desktop or in the Finder 2 Select Check with Dr Web in the context menu When you start scanning the main window switches to the results section see the illustration below During AT Os Chapter 4 Basic Functions 15 scanning this section displays the following information e scanning start time e number of checked objects e time left to end scanning e number of the detected threats e name of the file that is currently being scanned Statistic summary of the current scanning session is displayed in the bottom part of the window You can pause or stop scanning use the Pause and Stop buttons nce Bes Desk Threats My Dr Web Dr Web is scanning the system Object Users mariannalopatina Library Caches com ap ta BO9A778B D250 4F0A B26B 0CD4DFBAD023 Pic
14. P Bw BSB BSB F amp F BS h ou wp WN N N BF e Bb Ob HB on U BR PW WN o Ta gt A D N Appendix C Central Anti virus Protection Appendix D Hot Keys Appendix E Contacting Support Index 30 32 33 34 Ta ax Document Conventions Document Conventions The following conventions and symbols are used in this manual Convention l Description SO SS Bold Green and bold Green and underlined Italic CAPITAL LETTERS Minus sign Exclamation mark Names of buttons and other elements of the graphical user interface GUI and required user input that must be entered exactly as given in the guide Names of Dr Web products and components Hyperlinks to topics and webpages Placeholders which represent information that must be supplied by the user For command line input it indicates parameter values In addition it may indicate a term in position of a definition Names of keys and key sequences Indicates a combination of keys For example COMMAND Q means to hold down the COMMAND key while pressing the Q key A warning about potential errors or any other important comment The following abbreviations are used in this manual e CPU Central Processing Unit e GUI Graphical User Interface e OS Operating System e RAM Random Access Memory 6 Ta TY ax Chapter 1 Introduction Chapter 1 Introduction Thank you for purchasing D
15. because it unlocks updating constant protection and on demand scanning features If you want to evaluate the product before purchasing it you can activate a demo period It provides you with full functionality of the main components but the period of validity is considerably restricted A You can activate a demo period for the same computer no more than once a year Demo period is available for e 3 months For that register on the official Doctor Web website and receive a serial number e 1 month For that purpose no serial number is required and no registration data is requested License Key File The license type is determined by a special file called the license key file The license key file contains the following information e Duration of the anti virus license e List of components a user is allowed to use e Other restrictions for example the number of users allowed to use the application A license for Dr Web file satisfies the following criteria e License is not expired e All anti virus components required by the product are licensed e Integrity of the license is not violated If any of the conditions is violated the license becomes invalid and Dr Web stops detecting and neutralizing threats The license key file has the key extension and it can be received during the license activation procedure at first launch of Dr Web via the License Manager The parameters of the license key file which specify the user
16. demo period to evaluate Dr Web e For 3 months For that register on the website and receive a serial number 10 Ta J TY ax Chapter 3 Managing Licenses 11 After you complete the questionnaire a serial number required to activate the demo period for 3 months is sent to the specified email address e For 1 month For that purpose no serial number is required and no registration data is requested To purchase license If you don t have a serial number on the first step of the activation procedure click Purchase license to purchase the license from Doctor Web online store It is recommended to keep the license key file until it expires If you re install the product or install it on several computers you will be able to use the previously activated license key file To install existing license key file 1 On the first step of the activation procedure click Other activation types 2 If you already have a license key file or a configuration file required to connect to the central protection server drag it to the dotted area or click to browse to select the file 3 To activate you license click Next Subsequent activation You may need to reactivate a license or demo period if the license key file is lost When reactivating a license or a demo period you receive the same license key file as during the previous activation providing that the validity period is not expired A demo period can be reactivated only on t
17. duct release However modern virus threats are characterized by high speed evolvement and modification Within several days and sometimes hours new viruses and malicious programs emerge To mitigate the risk of infection during the licensed period Doctor Web provides you with regular updates to virus databases and product components which are distributed via the Internet With the updates Dr Web receives information required to detect new viruses block their spreading and sometimes cure infected files which were incurable before From time to time the updates also include enhancements to anti virus algorithms and fix bugs in software and documentation Updating the components and virus databases of Dr Web ensures that your Mac s protection is always up to date and ready for any new threat types Updating is performed by a special component called Updater On the first start of Dr Web it is necessary to update the virus databases to the most recent for the moment of the application start Further updates will be performed periodically with interval specified in preferences of Dr Web Configuring the update interval 1 In the application menu click Preferences and open the Update tab 2 Select an interval for updating T4 yan A W Chapter 4 Basic Functions 14 Constant Anti virus Protection Constant anti virus protection is carried out via a resident component called SpIDer Guard The component performs real time chec
18. e Security Suite 30 check encrypted traffic 21 web traffic 16 computer threats 25 constant protection 14 D default settings restore 24 demo period 9 activation 10 document conventions 6 Dr Web 7 actions 15 administrator privileges 22 battery use 22 components 7 constant protection 14 default settings 24 functions 7 12 19 help 18 34 Index hot keys 32 install 8 key file 9 license activation 10 license manager 9 10 managing licenses 9 neutralizing threats 15 notifications 21 on demand scan 14 operation mode 23 quarantine 19 quit 13 reaction 20 registering 10 remove 8 start 13 system requirements 8 technical support 33 update 13 web traffic check 16 websites access control 16 Dr Web Anti virus for Mac OSX 7 Dr Web AV Desk 30 Dr Web certificate 21 Dr Web Enterprise Security Suite 30 Dr Web Help 18 excluding applications 20 files and folders 20 websites 20 F fighting computer threats 28 G getting help 18 H hot keys 32 HTTP traffic check 16 I install Dr Web 8 Ta J TY ax K key combinations 32 key file 9 10 license 9 activation 10 license manager 9 10 M main functions 12 neutralizing threats 15 19 notifications 21 configure 21 on screen 21 sounds 21 O on demand scan Scanner 14 on screen notifications 21 operation mode central 23 configure 23 standalone 23 Q quarantine 19 process objects 19 quit Dr Web 13 R remove
19. ects that contain security threats HTTP is used by web browsers download managers and other applications which exchange data with web servers that is which work with the Internet Ta J TY aX Chapter 4 Basic Functions 17 SpIDer Gate also allows you to control access to web resources and to prevent users from viewing undesirable websites for example pages on violence gambling adult content etc By default SpIDer Gate is enabled automatically after you install and activate Dr Web license Other applications for checking web traffic and controlling access to web resources installed on your Mac may not work properly if SpIDer Gate is enabled Enabling or disabling SpIDer Gate e On the Desk section of the main window see Picture 1 enable disable the SpIDer Gate option e Click the Dr Web icon in the menu bar and select the corresponding item A Only users with administrator privileges can disable SpIDer Gate Configuring HTTP traffic check By default SpIDer Gate blocks all incoming malicious objects You can select the types of malicious programs to block configure actions for the not checked objects and set up the maximum time for checking one file by performing the following actions 1 In the application menu click Preferences and open the SpIDer Gate tab Only users with administrator privileges can change SpIDer Gate settings Click the icon of a lock at the bottom of the window and enter the administrator
20. erences Select all Close Ta TY ax Appendices Appendix E Contacting Support If you encounter any issues installing or using company products take advantage of the following Doctor Web support options e Download and review the latest manuals and guides at http download drweb com e Read the frequently asked questions at http support drweb com e Browse Dr Web official forum at http forum drweb com e Request assistance from Doctor Web Technical Support or read the frequently asked questions on your personal My Dr Web webpage To go to My Dr Web webpage open the My Dr Web section on the main window and click the My Dr Web button If you have not found solution for the problem you can request direct assistance from Doctor Web Technical Support by filling in the web from in the corresponding section of the support site at http support drweb com For regional office information visit the official Doctor Web website at http company drweb com contacts moscow 33 Ta 3 AN ax A actions 15 activation demo period 10 license 10 subsequent 10 administrator privileges 14 22 anti virus actions automatic 20 anti virus check 14 anti virus network 30 appendix central protection 30 computer threats 25 contacting support 33 fighting computer threats 28 hot keys 32 automatic actions 20 C central protection 23 anti virus network 30 Dr Web AV Desk 30 Dr Web Enterpris
21. fferent in every copy of the virus This means that such viruses do not have byte signatures e Stealth viruses perform certain actions to disguise their activity and thus conceal their presence in an infected object Such viruses gather the characteristics of an object before infecting it and then plant these dummy characteristics that mislead the scanner searching for modified files Viruses can also be classified according to the programming language in which they are written in most cases it is Assembler high level programming languages script languages etc or according to 25 Ta an aX Appendices affected operating systems Computer Worms Worms have become a lot more widespread than viruses and other types of computer threats recently Like viruses they are able to reproduce themselves and spread their copies but they do not infect other programs and files that is they do not need host files to spread A worm infiltrates a computer from a worldwide or local network usually via an attachment to an email and distributes its functional copies to other computers in the network It can begin distributing itself either upon a user s action or in an automatic mode choosing which computers to attack Worms do not necessarily consist of only one file the worm s body Many of them have an infectious part the shellcode that loads into the main memory RAM and then downloads the worm s body as an executable fi
22. from black or white list select them in the corresponding list and click LZ or drag them outside the application window 3 Click OK to save changes Getting Help To get help about the program you can use Dr Web Help which can be accessed via the Apple Help viewer To access Dr Web Help In the menu bar click Help and select Dr Web Help or search for keywords using the text box If you cannot find a solution for your problem or necessary information about Dr Web you can request direct assistance from Technical Support 18 Ta J TY D Chapter 5 Advanced Use 19 Chapter 5 Advanced Use This chapter contains information on performing more advanced tasks with Dr Web and adjusting its settings Quarantine Quarantine allows you to isolate detected malicious or suspicious objects that cannot be cured from the rest of the system in case you need them Curing algorithms are being constantly improved therefore these objects may become curable after one of the updates Due to the privacy reasons the quarantine folder is created for each user in the system Therefore if you switched to the administrator mode the detected threats which are moved to the administrator Quarantine and will not be available in the user Quarantine folders You can view and manage the contents of quarantine using the Quarantine tab on the Threats section of the main window see illustration below In the status bar in the bottom of the wi
23. gnature analysis which is performed by comparison of file code segments to the known virus signatures A signature is a finite continuous sequence of bytes which is necessary and sufficient to identify a specific virus To reduce the size of the signature dictionary the Dr Web anti virus solutions use signature checksums instead of complete signature sequences Checksums uniquely identify signatures which preserves correctness of virus detection and neutralization The Dr Web virus databases are composed so that some entries can be used to detect not just specific viruses but whole classes of threats Origins Tracing On completion of signature analysis the Dr Web anti virus solutions use the unique Origins Tracing method to detect new and modified viruses which use the known infection mechanisms Thus Dr Web users are protected against such threats as notorious blackmailer Trojan Encoder 18 also known as gpcode In addition to detection of new and modified viruses the Origins Tracing mechanism allows to considerably reduce the number of false triggering of the heuristics analyzer Objects detected using the Origins Tracing algorithm are indicated with the Origin extension added to their names Execution emulation The technology of program code emulation is used for detection of polymorphic and encrypted viruses when the search against checksums cannot be applied directly or is very difficult to be performed due to the impossibil
24. he Apply actions automatically check box in the Scanner settings section Click Advanced to set up the check of the complex objects archives and email files and specify the maximum time for scanning a single file Please note that scanning the contents of archives and email files as well as increasing the time for scanning a single file leads to increasing of the overall scanning time and may slow down your Mac in some cases The default automatic actions are optimal for most uses Do not change them unnecessarily By default all SpIDer Guard settings are locked in order to prevent anyone without administrative privileges from changing these settings To unlock them select the SpIDer Guard section of the anti virus preferences click the icon of a lock at the bottom of the window and enter the administrator name and password Excluding Objects from Scanning If necessary you can exclude from scanning the following objects e files and folders e websites 20 Ta yas A A W Chapter 5 Advanced Use 21 e applications To configure exclusions 1 In the application menu click Preferences and open the Exclusions tab 2 To configure the exclusions of files and folders websites or applications click the corresponding button By default the exclusion settings are locked To unlock these settings click the icon of a lock at the bottom of the preferences window and enter the administrator name and password 3
25. he computer where the activation procedure was run One serial number can be activated not more than 25 times If more requests are sent the license will not be activated In this case to receive a lost license key file contact Technical Support describing your problem in detail stating your personal data input during the license activation and the serial number Se 207 Chapter 4 Basic Functions 12 Chapter 4 Basic Functions You can access all main functions from the Dr Web window see picture below This window consists of sections that helps you control and access anti virus components Section Description S SO OS Desk In this section you can Enable or disable constant anti virus protection Enable or disable web traffic check Review information about the last scan and start express or full system scan as well as scan only critical files and folders Review information about the last virus databases update and start an update manually if necessary View information on the current license and run License Manager if necessary Open the Threats or My Dr Web section Threats Lets you access the list of the detected threats select actions to apply to them and to open the contents of Quarantine My Dr Web Lets you review the Doctor Web news the latest special deals the information on viruses and open your personal page on the official Doctor Web website where you can review the information on your license vi
26. hreats This solution also provides diverse tools for anti virus network administrators that allow them to keep track and manage operation of local anti virus components including components deployment and update network status monitoring statistics gathering and notification on virus events Dr Web AV Desk Internet Service Dr Web AV Desk is an innovative Internet service created by Doctor Web for providers of various types of Internet services With this solution providers can deliver information security services to home customers and companies providing them with a selected package of services for protection from viruses spam and other types of computer threats for as long as is necessary Services are provided online For more information on Dr Web AV Desk Internet service visit the official Doctor Web website at http www av desk com 31 Ta gt N ax Appendix D Hot Keys Appendices 32 You can use the special hot keys combinations to start a system scan to apply action to the detected threats or to set up Dr Web Scan menu Actions menu General CONTROL COMMAND E CONTROL COMMAND F CONTROL COMMAND C COMMAND SHIFT C COMMAND SHIFT M COMMAND SHIFT I COMMAND SHIFT D COMMAND SHIFT R COMMAND SHIFT P COMMAND SHIFT A COMMAND COMMAND A COMMAND W Express scan Full scan Select objects to scan Cure Move to Quarantine Ignore Delete Restore Restore to Work with administrator privileges Pref
27. ice and some other applications supporting macro commands usually written in Visual Basic Macro commands are a type of implemented programs macros written in a fully functional programming language For instance in Microsoft Word macros can automatically initiate upon opening closing saving etc a document Script viruses are created using script languages and usually infect other scripts e g service files of an operating system They are also able to infect other file formats that allow execution of scripts and thus take advantage of scripting vulnerabilities in Web applications Boot viruses infect boot records of diskettes and partitions or master boot records of fixed disks They require very little memory and remain ready to continue performing their tasks until a system roll out restart or shut down occurs Most viruses have some kind of protection against detection Protection methods are being constantly improved and ways to overcome them are constantly being developed All viruses may also be classified according to the type of protection that they use e Encrypted viruses cipher their code upon every infection to hamper their detection in a file boot sector or memory All copies of such viruses contain only a small common code fragment the decryption procedure that can be used as a virus signature e Polymorphic viruses also encrypt there code but besides that they also generate a special decryption procedure that is di
28. irus network contains settings to connect to the central protection server To use this file 1 Click Other activation types in the License Manager 2 Drag the configuration file to the opened window or click the dotted area to select the file If the file is mounted fields for entering the connection settings will be specified automatically Enter the IP address of the central protection server provided by administrator of anti virus network Enter the port number that is used to connect to the server Drag the license key file receives from the central protection server to the settings window or double click the license key area and browse to select the file e As an option enter the authentification parameters station ID which is assigned to your computer for registration at the server and password The entered values are saved with Keychain system Therefore you need not enter them again when reconnecting to the server Ta gt TY aX Chapter 5 Advanced Use 24 Depending of the authorization settings of the central protection server the station can be connected to the server in one of the following modes e As a newbie In this case it may require to be approved on the server ID and password will be assigned automatically or it may be authorized automatically if the corresponding authorization mode is specified on the server e If the station has already been created on the server and it has an ID and pass
29. ity of building secure signatures The method implies simulating the execution of an analyzed code by an emulator a programming model of the processor and runtime environment The emulator operates with protected memory area emulation buffer in which execution of the analyzed program is modelled instruction by instruction However none of these instructions is actually executed by the CPU When the emulator receives a file infected with a polymorphic virus the result of the emulation is a decrypted virus body which is then easily determined by searching against signature checksums Heuristic analysis The detection method used by the heuristics analyzer is based on certain knowledge heuristics about certain features attributes than might be typical for the virus code itself and vice versa that are extremely rare in viruses Each attribute has a weight coefficient which determines the level of its severity and reliability The weight coefficient can be positive if the corresponding attribute is indicative of a malicious code or negative if the attribute is uncharacteristic of a computer threat Depending on the sum weight of a file the heuristics analyzer calculates the probability of unknown virus infection If the threshold is exceeded the heuristic analyzer generates the conclusion that the analyzed object is probably infected with an unknown virus The heuristics analyzer also uses the FLY CODE technology which is a versatile alg
30. k of all files accessed by the user or running programs and processes running on your Mac By default it is enabled as soon as you install and activate Dr Web license Whenever a threat is detected SpIDer Guard displays a warning and applies actions according to the anti virus preferences To enable or disable SpIDer Guard e On the Desk section of the main window see Picture 1 enable disable the SpIDer Guard option e Click the Dr Web icon in the menu bar and select the corresponding item A Only users with administrator privileges can disable SpIDer Guard Be extremely cautious when using this option While SpIDer Guard functions are disabled avoid connecting to the Internet and check all removable media using Scanner before accessing Scanning System on Demand Dr Web checks objects in the file system on your demand and detects various threats that may be present in the system though inactive To protect your computer it is necessary to run a system scan with Dr Web periodically Process load increases during scanning which may lead to rapid discharge of batteries We recommend starting scans when portable computers are powered by mains electricity To start system scanning 1 In the main window of Dr Web select the scan mode e Express scan run a quick check of the most vulnerable parts of the system only e Full scan perform a full scan of the entire file system You can press the hot keys combinations CONTROL COMMAND
31. lder Notifications The notifications about various events that may occur during operation of the anti virus are configured on the Main tab of Dr Web preferences There are 2 type of notifications e On screen messages e Sound alerts Ta an ax Chapter 5 Advanced Use To configure sound notifications Sound alerts are enabled by default To disable or enable sound alerts clear or select the Use sound alerts check box on the Main tab of the application preferences To configure on screen notifications 1 On screen notifications are enabled by default To disable or re enable on screen notifications clear or select the Enable notifications check box on the Main tab of the application preferences 2 Select the notification system e Dr Web selected by default e System OS X standard notifications e Growl 3 For Dr Web notifications you can configure additional parameters by clicking Configure to the right of the selected notification system e Specify the notifications display time e Select the area on the screen to show notifications Click OK to apply settings Administrator Privileges Dr Web may require administrator privileges to access and check critical areas of the hard drive To start scanning with administrator privileges 1 In the application menu click Preferences and open the Main tab 2 Select the Start scanning with administrator privileges check box You will need to enter the administrato
32. le via the network If only the shellcode is present in the system the worm can be deleted by simply restarting the system at which the RAM is erased and reset However if the worm s body infiltrates the computer then only an anti virus program can cope with it Worms have the ability to cripple entire networks even if they do not bear any payload i e do not cause any direct damage due to their intensive distribution In Doctor Web classification worms are divided by the method of distribution e Net worms distribute their copies via various network and file sharing protocols e Mail worms spread themselves using email protocols POP3 SMTP etc e Chat worms use protocols of popular messengers and chat programs ICQ IM IRC etc Trojan Programs Trojans This type of computer threats cannot reproduce itself or infect other programs A Trojan substitutes a program that is used a lot and performs its functions or imitates its operation At the same time it performs some malicious actions in the system damages or deletes data sends confidential information etc or makes it possible for hacker to access the computer without permission for example to harm the computer of a third party A Trojan s masking and malicious facilities are similar to those of a virus A Trojan may even be a component of a virus However most Trojans are distributed as separate executable files through file exchange servers removable data carrier
33. m actions that will lead to data loss Their purpose is to frighten or annoy users Dialers These are special programs that are designed to scan a range of telephone numbers and find those where a modem answers These numbers are then used to mark up the price of telephoning facilities or to connect the user to expensive telephone services Riskware These programs were not intended as computer threats but can potentially cripple or be used to cripple system security due to certain features and therefore are classified as minor threats Riskware programs are not only those that can accidentally damage or delete data but also ones that can be used by crackers or some malicious programs to do harm to the system Among such programs are various remote chat and administrative tools FTP servers etc Suspicious Objects These are possible computer threats detected by the heuristic analyzer Such objects can potentially be any type of threat even unknown to IT security specialists or turn out safe in case of a false detection Suspicious objects should be sent for analysis to the Dr Web Virus Laboratory 27 Ta J An aX Appendices Appendix B Fighting Computer Threats The Dr Web anti virus solutions use several malicious software detection methods simultaneously and that allows them to perform thorough checks on suspicious files and control software behavior Detection Methods Signature analysis The scans begin with si
34. name and password if necessary 2 Click Advanced Select the malware types to block Specify the maximum time for checking one file Please note that increasing the time for scanning a single may slow down your Mac in some cases 5 By default the objects that cannot be scanned are blocked To allow such objects clear the Block not checked content check box 6 Click OK to save changes ww Configuring access to websites By default in addition to HTTP traffic anti virus check SpIDer Gate blocks URLs listed due to a notice from copyright owner and non recommended sites You can disable these functions on the SpIDer Gate tab of Dr Web preferences You can also select the website categories to block access to and create black and white lists of websites to automatically allow or block access to them regardless of other SpIDer Gate settings A The default SpIDer Gate settings are optimal for most uses Do not change them unnecessarily To select the categories of websites 1 In the application menu click Preferences and open the SpIDer Gate tab Only users with administrator privileges can change SpIDer Gate settings Click the icon of a lock at the bottom of the window and enter the administrator name and password if necessary 2 Select the categories of websites you want to block access to To create black and white lists of web addresses 1 In the application menu click Preferences and open the Exclusions tab Ta J TY
35. ndow the total number and size of the threats and also the number and size of the selected threats are displayed 600 A pas re E aw ll Desk Threats My Dr Web Threats Quarantine Win32 HLLM Beagle pswzip Win32 HLLM Beagle pswzip 15 eml 53 eml Users mariannalopatina Desktop viruses Users mariannalopatina Desktop viruses 8 6 14 12 35 PM 8 6 14 12 35 PM Delete Delete EICAR Test File NOT a Virus Win32 HLLM Beagle pswzip eicar com 00000012 sg Users mariannalopatina Downloads Users mariannalopatina Desktop viruses 1 17 14 3 37 PM 8 6 14 12 34 PM Delete Delete Total objects 238 9 0 Mb Picture 4 Objects in quarantine To view information on the objects in quarantine 1 Click the button or double click the object 2 To read about the type of the threat that the object is supposed to contain on Doctor Web website click the button to the left of the threat name on the details window This will open the page with information on this type of threats on Doctor Web website Ta J TY ax Chapter 5 Advanced Use To process objects in Quarantine 1 To apply a recommended action to an object in quarantine click the button with this action under the object To select an alternative action click the arrow on the button with recommended action on the details window You can select one of the following actions e Delete to completely remove the object from the file system e Restore to return the object
36. orithm for extracting files The technology allows making heuristic assumptions about the presence of malicious objects in files compressed not only by packagers Dr Web is aware of but by also new previously unexplored programs While checking packed objects Dr Web anti virus solutions also use structural entropy analysis The technology detects threats by arranging pieces of code thus one database entry allows identification of a substantial portion of threats packed with the same polymorphous packager As any system of hypothesis testing under uncertainty the heuristics analyzer may commit type I or 28 Ta J TY aX Appendices type II errors omit viruses or raise false alarms Thus objects detected by the heuristics analyzer are treated as suspicious While performing any of the abovementioned checks the Dr Web anti virus solutions use the most recent information about known malicious software As soon as experts of Doctor Web Anti virus Laboratory discover new threats the update for virus signatures behavior characteristics and attributes is issued In some cases updates can be issued several times per hour Therefore even if a brand new virus passes through the Dr Web resident guards and penetrates the system then after an update the virus is detected in the list of processes and neutralized Actions To neutralize computer threats Dr Web products use a number of actions that can be applied to malicious objects You
37. r Web Anti virus for Mac OS X hereinafter referred to as Dr Web It offers reliable protection from various types of computer threats using the most advanced virus detection and neutralization technologies This manual is intended to help users of computers running OS X install and use Dr Web About Dr Web Dr Web is an anti virus solution designed to help users of computers running OS X protect their machines from viruses and other types of threats The core components of the program anti virus engine and virus databases are not only extremely effective and resource sparing but also cross platform which allows specialists in Doctor Web to create secure anti virus solutions for different operating systems Components of Dr Web are constantly updated and virus databases are supplemented with new signatures to assure up to date protection Also a heuristic analyzer is used for additional protection against unknown viruses Main Components and Functions Dr Web consists of the following components each performing its own set of functions SpIDer Guard This is a resident anti virus component which checks all files which are being used in real time SpIDer Gate This component checks the incoming HTTP traffic and blocks all malicious objets It is also used to control access to web ressources Scanner This virus detection component is used for e Express full and custom system scan on user demand e Neutralization of detected threats C
38. r password before scanning express full or custom starts Optimizing Battery Use By default when your Mac is operating under battery power the scanning is paused to prevent the battery from quick draining Dr Web displays a corresponding message where you can confirm pausing or continue scanning To disable scanning pausing 1 In the application menu click Preferences and open the Main tab 2 If you don t want to pause scanning when you Mac is on battery power clear the Pause scanning when on battery power check box Dr Web Cloud Dr Web Cloud services provide most recent information on threats which is updated on Doctor Web servers in real time mode and used for anti virus protection Depending on update settings information on threats used by anti virus components may become out of date Cloud services can reliably prevent users from viewing unwanted websites To connect to the services 1 In the application menu click Preferences and open the Dr Web Cloud tab 2 To connect to cloud services select I want to connect to services recommended 22 Ta 2 TY ax Chapter 5 Advanced Use 23 Operation Mode If necessary you can use your installation of Dr Web to connect to corporate anti virus networks or to access Dr Web AV Desk anti virus service of your IT provider To operate in such central protection mode you do not need to install additional software or uninstall Dr Web By default Dr Web mode settings
39. rs redirect hyperlinks to certain addresses in order to increase traffic of websites or perform DDoS attacks Proxy Trojans provide anonymous Internet access through a victim s computer 26 Ta J TY ax Appendices Trojans may also perform other malicious actions besides those stated above for example change the start page in a Web browser or delete certain files However other actions can also be performed by other types of threats viruses and worms Hacktools Hacktools are programs designed to assist the intruder with hacking The most common among them are port scanners that detect vulnerabilities in firewalls and other components of computer protection system Besides hackers such tools are used by administrators to check security of their networks Occasionally common software that can be used for hacking and various programs that use social engineering techniques are designated as among hacktools as well Adware Usually this term refers to a program code implemented into freeware programs that force display of advertisements to users However sometimes such codes can be distributed via other malicious programs and show advertisements in Web browsers Many adware programs operate with data collected by spyware Jokes Like adware this type of minor threats can not be used to inflict any direct damage to the system Joke programs usually just generate messages about errors that never occurred and threaten to perfor
40. rus databases and last update renew the license contact Technical Support etc S e00 E Dr Web for Mac OS X SplDer Guard SplDer Gate Express scan Full scan Update is not required Picture 1 Main application window User Manual A an T v A A gt Chapter 4 Basic Functions 13 Starting and Quitting Anti virus To start Dr Web Do one of the following e In the Finder open the Applications folder and double click Dr Web for Mac OS X e Start the Launchpad and then select to start Dr Web for Mac OS X On the application start the update settings are checked and the updates are downloaded if necessary On the first start of the application the virus databases are updated to the most recent for the moment of application start This may take some time To quit Dr Web Do one of the following e Click the Quit Dr Web for Mac OS X item in the application menu the menu bar is at the top of the main desktop e Click and hold the application icon in Dock then select Quit in the menu e Press COMMAND Q on the keyboard when Dr Web is active When you quit Dr Web SpIDer Guard remains active It is a resident anti virus monitor which checks all files in real time when they are used Updating Anti virus Anti virus solutions of Doctor Web use Dr Web virus databases to detect malicious software These databases contain details and signatures for all virus threats known at the moment of the pro
41. s Appendix A Types of Computer Threats Herein the term threat is defined as any kind of software potentially or directly capable of inflicting damage to a computer or network and compromising the user s information or rights that is malicious and other unwanted software In a wider sense the term threat may be used to indicate any type of potential danger to the security of the computer or network that is vulnerabilities that can result in hacker attacks All of the program types stated below have the ability to endanger the user s data or confidentiality Programs that do not conceal their presence e g spam distribution software and various traffic analyzers are usually not considered as computer threats although they can become threats under certain circumstances Computer Viruses This type of computer threats is characterized by the ability to implement its code into other objects Such implementation is called infection In most cases the infected file becomes a virus carrier itself and the implemented code does not necessarily match the original Most viruses are intended to damage or destroy data in the system In Doctor Web classification viruses are divided by the type of objects which they infect File viruses infect files of the operating system usually executable files and dynamic libraries and activate upon launching of the infected file Macro viruses are viruses that infect documents used by Microsoft Off
42. s or email attachments that are launched by users or system tasks It is very hard to classify Trojans due to the fact that they are often distributed by viruses or worms and also because many malicious actions that can be performed by other types of threats are ascribed to Trojans only Here are some Trojan types which are distinguished as separate classes in Doctor Web Backdoors are Trojans that make it possible for an intruder to log on into the system or obtain privileged functions bypassing any existing access and security measures Backdoors do not infect files but they write themselves into the registry modifying the registry keys Rootkits are used to intercept system functions of an operating system in order to conceal themselves Besides a rootkit can conceal processes of other programs e g other threats registry keys folders and files It can be distributed either as an independent program or as a component of another malicious program There are two kinds of rootkits according to the mode of operation User Mode Rootkits UMR that operate in user mode intercept functions of the user mode libraries and Kernel Mode Rootkits KMR that operate in kernel mode intercept functions on the level of the system kernel which makes it harder to detect Keyloggers are used to log data that users enter by means of a keyboard The aim of this is to steal personal information i e network passwords logins credit card data etc Clicke
43. tistics in the anti virus network goes also through the central protection server The volume of traffic between protected computers and the central server can be quite sizeable therefore solutions provide options for traffic compression To prevent leak of sensitive data or substitution of software downloaded onto protected computers encryption is also supported 30 Ta J TY aX Appendices All necessary updates are downloaded to central protection server from Dr Web update servers Local anti virus components are configured and managed from central protection server according to commands from anti virus network administrators Administrators manage central protection servers and topology of anti virus networks for example validate connections to central protection server from remote computers and configure operation of local anti virus components when necessary Local anti virus components are not compatible with other anti virus software including versions of Dr Web anti virus solutions that do not support operation in central protection mode i e Dr Web version 5 0 Installing two anti virus programs on one computer may lead to system crash and loss of important data Central Protection Solutions Dr Web Enterprise Security Suite Dr Web Enterprise Security Suite is a complex solution for corporate networks of any size that provides reliable protection of workstations mail and file servers from all types of modern computer t
44. ture 2 Viewing the scanning results Some files may be omitted during scanning because they are corrupted or protected by password If there are archives in the list of the skipped objects try to extract them before scanning Dr Web may require the administrator privileges to check critical areas of the hard drive To grant Dr Web administrator privileges e Press the combination COMMAND SHIFT A on the keyboard then enter the administrator password e Click the lock icon in the bottom of the window and then enter the administrator password Neutralizing Threats To neutralize threats you can specify the automatic actions or apply actions to the threats manually To review the list of detected threats and apply actions to neutralize them open the Threats tab on the main application window see illustration below User Manual Ta J TY ax Chapter 4 Basic Functions 2 6 8 lt gt eh Desk Threats My Dr Web Threats Quarantine Neutralize All 4 EICAR Test File NOT a Virus 4 EICAR Test File NOT a Virus eicar 3 com eicar 4 com Users mariannalopatina Downloads Users mariannalopatina Downloads 3 2 15 2 55 PM 3 2 15 2 55 PM Move to Quarantine Move to Quarantine 4 EICAR Test File NOT a Virus 4 EICAR Test File NOT a Virus eicar 5 com eicar 6 com Users mariannalopatina Downloads Users mariannalopatina Downloads 3 2 15 2 55 PM 3 2 15 2 55 PM Move to Quarantine Move to Quarantine Total objects
45. ure Delete Move to Quarantine The action is either selected by the user manually or automatically according to the Dr Web settings for the corresponding type of threat Quarantine This is a special folder which is used for isolation of infected files and other threats so that they cannot do harm to the system Updater This is an automated updating utility that is used for updating virus databases and other program components License Manager This component is used to simplify management of the licenses It allows to view information about the current license activate license or demo period or get a new license Flexible settings of Dr Web allow to configure sound and on screen notifications for various events automatic actions applied by the anti virus to detected threats updates periodicity list of files and folders excluded from scanning etc 7 Ta J TY aX Chapter 2 Installation and Removal Chapter 2 Installation and Removal Dr Web is distributed as a single disk image file The file can be found on the product CD DVD or downloaded via the Internet from the official Doctor Web website at http www drweb com Dr Web is not compatible with anti virus software including its own earlier versions Installing two anti virus programs on one computer may lead to system crash and loss of important data If you already have an anti virus software installed uninstall it before starting a new anti virus installation
46. us license provide its serial number Select the corresponding option then enter the serial number or drag the key file to the dotted area alternatively click the area to browse to select the key file If you have been a user of Dr Web in the past and are activating a new license you are eligible for extension of your new license for another 150 days To get additional 150 days you need to submit your previous license data a serial number or a license key file If you have been a user of Dr Web in the past and are activating a renewal license you need to submit serial number or a license key file of your previous license In case neither a serial number nor a license key file is provided the new license period will be reduced by 150 days Click Next 4 Enter personal data registration name region city etc The Registration name field is obligatory and should be filled in If you want to receive news about Doctor Web by email select the corresponding check box Click Next 5 The license will be activated and installed on your Mac Usually this procedure does not require your active participation Click Next If the activation procedure completed successfully the corresponding message displays where the license validity period or demo period is specified Click Finish If activation failed an error message displays To get demo If you installed Dr Web with demonstration purposes select click Get demo You can activate a
47. word it will be authorized automatically when connecting to the server regardless of its settings For detailed information on connecting a station to the server refer to Dr Web Control Center and Dr Web AV Desk Administrator guides To use standalone mode 1 In the application menu click Preferences and select Mode 2 To switch to the standalone mode clear the Enable central protection mode check box On switching to this mode all settings of the anti virus are unlocked and restored to their previous or default values You can once again access all features of anti virus 3 For correct operation in standalone mode Dr Web requires a valid personal license The license received from central protection server cannot be used in this mode If necessary you can receive or update a personal license with License Manager Restoring Deafult Settings If you experience any difficulties with configuring Dr Web you can restore the default application settings By default the restoring defaults option is locked in order to prevent anyone without administrator privileges from changing it To unlock it click the icon of a lock at the bottom of the window and enter the administrator password 1 In the application menu click Preferences and open the Main tab 2 Click Restore Defaults Confirm restoring the default application configuration by clicking Restore Now in the corresponding dialog Ta an aX Appendices Appendice
Download Pdf Manuals
Related Search