SpIDer Guard: Real-Time Protection

SpIDer Guard is enabled automatically after you accept the License Agreement. The component keeps protecting the file system even if you close the application. If SpIDer Guard is enabled, the Dr.Web icon shieldicon is displayed on the Android status bar.

On some devices, the Dr.Web icon may not show when the app is functioning in the background. It happens because the device firmware optimizes background processes to save power or improve performance. To pin the Dr.Web icon to the Android status bar, remove background app restrictions: check your device settings and the built-in app manager settings. The settings may vary by device. Oftentimes all you need to do is tap the lock icon next to the Dr.Web app in Recent apps.

SpIDer Guard protects the file system even if the Dr.Web icon is not displayed on the Android status bar. If you install a malicious app, the component reacts and shows a notification about the threat. You can test SpIDer Guard by using the EICAR test file.

If SpIDer Guard detects a suspicious change in the system area or a threat, the following items appear on the screen:

An icon on the Android status bar in the top-left screen corner:

threat_detected_icon on Android 4.4,

threatsicon on Android 5.0–11.0,

notifier_threat on Android 12.0 or later.

A pop-up notification about detection of a threat (see Picture 13).

The notif_monitor_threats (on Android 11.0 or earlier) or color_shield_red_day (on Android 12.0 or later) icon on the notification bar.

A message with a red indicator on the status bar.

To open check results, tap the notif_monitor_threats (color_shield_red_day) icon or the status bar message.

warning_green

SpIDer Guard will stop working if the internal device memory is cleared using the default Task Manager. To restore real-time anti-virus protection, open Dr.Web again.

To disable or re-enable SpIDer Guard

1.On the Dr.Web main screen, tap Menu men and select Settings.

2.On the Settings screen, tap SpIDer Guard.

SpIDer Guard settings

warning_green

In the centralized protection mode, some features and settings of SpIDer Guard may be modified and blocked for compliance with the company security policy or according to the list of purchased services.

To open SpIDer Guard settings

1.On the Dr.Web main screen, tap Menu men and select Settings.

2.On the Settings screen, tap SpIDer Guard.

Files in archives

To enable scanning of files in archives, select the Files in archives check box.

warning_green

By default, scanning of archives is disabled. Enabling archive scanning may impact system performance and increase power consumption. Disabling the scanning does not decrease the protection level because SpIDer Guard checks installation .apk files even if the Files in archives option is off.

Built-in SD card and removable media

To enable scanning of the built-in SD card and removable media on each mounting, select the Built-in SD card and removable media check box. If the setting is enabled, the scan starts every time SpIDer Guard is enabled. You will see the corresponding notification.

System area

To monitor changes in the system area, select the System area check box. If the setting is enabled, SpIDer Guard monitors changes (addition, change, and deletion of files) and notifies only on deletion of any files as well as addition and change of executable files: .jar, .odex, .so, APK, ELF files, etc.

Recheck system area

To run a recheck of the system area, tap Recheck system area. SpIDer Guard will check the previously ignored changes in the system area again.

Notifications about system area

To enable notifications on changes of any files in the system area (not only executables), select the Notifications about system area check box.

Additional options

To enable detection of adware and riskware (including hacktools and jokes), tap Additional options, then select the Adware and Riskware check boxes respectively.

Statistics

The application registers events related to the operation of SpIDer Guard: enabling/disabling of SpIDer Guard, threat detections, and check results of the device storage and installed applications. SpIDer Guard statistics appear in the Events section of the Statistics tab and are sorted by date (see Statistics).

Testing SpIDer Guard

You can test SpIDer Guard by using the EICAR test file. The file is usually used to:

Check if the anti-virus software is installed correctly.

Show the anti-virus reaction if a threat is detected.

Check the corporate procedures if a threat is detected.

The file is not a virus. It does not contain any fragments of a viral code. Thus, it is absolutely safe for your device. Dr.Web detects the file as “EICAR Test File (NOT a Virus!)”.

You can download it from the internet or create it by yourself:

1.In any text editor, create a new file which includes only the string:

X5O! P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2.Save the file with the .com extension.

As soon as you save the EICAR file on your device, a warning message from SpIDer Guard appears (see Figure 13).

eicar_zoom50

Figure 13. EICAR test file detection on Android 10.0 (left) and Android 12.0 (right)