About Product

Dr.Web Enterprise Security Suite is designed for implementation and management of integrated and secure complex anti-virus protection for either local company network (mobile devices included), or home computers of employees.

A sum of computers and mobile devices with Dr.Web Enterprise Security Suite cooperating components installed represents a single anti-virus network.

scheme-structure-intro

scheme-icon-server

Dr.Web Server

scheme-icon-proto-http

HTTP/HTTPS

scheme-icon-scc

Dr.Web Security Control Center

scheme-icon-proto-tcp

TCP/IP network

scheme-icon-mcc

Dr.Web Mobile Control Center

scheme-icon-proto-updates

Updates delivered via HTTP/HTTPS

scheme-icon-station-intro

Protected station

scheme-icon-gus

Dr.Web GUS

The logical structure of the anti-virus network

Dr.Web Enterprise Security Suite anti-virus network has a client-server architecture. Its components are installed on a computers and mobile devices of users and administrators as well as on a computers that function as LAN servers. Anti-virus network components exchange information via TCP/IP network protocols. Anti-virus software can be installed (and manage them afterwards) on protected stations either via the LAN, or via the internet.

Central Protection Server

Central protection Server is installed on a computer of anti-virus network, and installation can be performed on any computer, not only on that functioning as a LAN server. General requirements to this computer are given in the System Requirements section.

Cross-platform Server software allows to use a computer under the following operating systems as a Server:

Windows OS,

UNIX system-based OS (Linux, FreeBSD).

Central protection Server stores distribution kits of anti-virus packages for different OS of protected computers, updates of virus databases and anti-virus packages, license keys and package settings of protected computers. Server receives updates of anti-virus protection components and virus databases via the internet from the Global Update System and propagate updates on protected stations.

Hierarchical structure of several Servers can be established to serve protected stations of anti-virus network.

Server supports the backup of critical data (databases, configuration files, etc.).

Server writes single log of anti-virus network events.

Single Database

The single database is connected to the central protection Server and stores statistic data on anti-virus network events, settings of the Server itself, parameters of protected stations and anti-virus components, installed on protected stations.

You can use the following types of databases:

Embedded database. The SQLite3 database that is embedded into the central protection Server directly is provided.

External database. Inbuilt drivers for connecting the following databases are provided:

MySQL,

Oracle,

PostgreSQL (including Postgres Pro),

ODBC driver to connect other databases such as Microsoft SQL Server/Microsoft SQL Server Express.

You can use any database that corresponds to your demands. Your choice should be based on the needs that must be satisfied by the data store, such as: capability to service the anti-virus network of corresponding size, features of database software maintenance, administration capabilities provided by the database itself and also requirements and standards which are accepted for use in your company.

Central Protection Control Center

Central protection Control Center is automatically installed with the Server and provides the web interface for remote managing of the Server and the anti-virus network by means of editing the settings of the Server and protected computers settings stored on the Server and protected computers.

The Control Center can be opened on any computer that have the network access to the Server. The Control Center can be used almost under any operating system with full use on the following web browsers:

Windows Internet Explorer,

Microsoft Edge,

Mozilla Firefox,

Google Chrome.

The list of possible variants of use is given in the System Requirements section.

Central protection Control Center provides the following features:

Serviceability of Anti-virus installation on protected stations including: remote installation on protected stations under Windows OS with preliminary browsing the network to search computers; Creation of distribution files with unique identifiers and parameters of connection to the Server to facilitate Anti-virus installation process by the administrator or possibility of Anti-virus installation by users on stations by oneself.

Facilitate administering based on grouping of anti-virus network workstations (detailed information see in the Groups section).

Feasibility of centralized administrating of stations anti-virus packages including: uninstallation either separate components or entire Anti-virus on stations under Windows OS; configuring parameters of anti-virus package components; assigning permissions to set up and administer the anti-virus packages on protected computers for users of these computers (detailed information see in the Chapter 8: Administration of Workstations section).

Centralized administering of workstations anti-virus check including: remote launch of anti-virus check either according the specified schedule or direct request from administrator for the Control Center; centralized configuration of check parameters and transmitting them to the workstations to launch the local check with these parameters (detailed information see in the Anti-Virus Scanning of Stations section).

Receiving the statistic information on protected stations states, viral statistics, installed anti-virus software state, running anti-virus components state and also, the list of hardware and software on protected station (detailed information see in the Viewing Workstation Statistics section).

Flexible administrating system of Server and anti-virus network based on opportunity of permissions delimiting for different administrators and also, possibility to connect administrators via the external authorization systems such as Active Directory, LDAP, RADIUS, PAM (detailed information see in the Chapter 6: Anti-Virus Network Administrators section).

Managing the licensing of workstations anti-virus protection with branched system of assigning licenses to stations, groups of stations and also, granting licenses between several Servers in multiserver configuration of anti-virus network (detailed information see in the License Manager section).

Wide set of setting to configure the Server and its separate components including: configuring schedule to maintain the Server; plug in user hooks; flexible configuration of update system of all anti-virus network components from the GUS and further propagation of updates on stations; configuring the system of administrator notifications about anti-virus network events with different methods of notification delivering; configuring neighbor connections to configure multiserver anti-virus network (detailed information see in the Chapter 9: Configuring Dr.Web Server section).

info

Detailed information on features for installation of anti-virus protection on workstations is given in the Installation Manual.

The par of the Control Center is the Web server that is automatically installed with the Server. The general task of the Web server is performing operation with web pages of the Control Center and clients network connections.

Central Protection Mobile Control Center

As a separate component, the Mobile Control Center is provided. It is designed for installation and operation on mobile devices under iOS and Android. General requirements to the application are given in the System Requirements section.

Mobile Control Center connects to the Server according to the anti-virus network administrator credentials including via an encrypted protocol. Mobile Control Center supports the base set of Control Center functions:

1.Manage Dr.Web Server repository:

view the products state in the repository;

launch repository update from Dr.Web Global Update System.

2.Manage stations on which an update of anti-virus software is failed:

display failed stations;

update components on failed stations.

3.Display statistics information on anti-virus network state:

number of stations registered at Dr.Web Server and their current state (online/offline);

viral statistics for protected stations.

4.Manage new stations waiting for connection to Dr.Web Server:

approve access;

reject stations.

5.Manage anti-virus components installed on anti-virus network stations:

launch the fast or full scan either for selected stations or for all stations of selected groups;

setup Dr.Web Scanner reaction on malware detection;

view and manage files in the Quarantine either for selected stations or for all stations in the selected group.

6.Manage stations and groups:

view properties;

view and manage components composition of anti-virus package;

delete;

send custom messages to stations;

reboot stations under Windows OS;

add to favorites list for the quick assess.

7.Search for stations and groups in an anti-virus network by different parameters: name, address, ID.

8.View and manage messages on major events in an anti-virus network via the interactive Push notifications:

display all notifications at Dr.Web Server;

set reactions on notification events;

search notification by specified filter parameters;

delete notifications;

exclude notifications from automatic deletion.

You can download Mobile Control Center from the Control Center or directly in App Store and Google Play.

Network Stations Protection

On protected computers and mobile devices of the network, the control module (Agent) and the anti-virus package for corresponding operating system are installed.

Cross-platform software allows to provide anti-virus protection of computers and mobile devices under the following operating systems:

Windows OS,

UNIX system-based OS,

macOS,

Android OS.

Either user computers or LAN servers can be protected stations. Particularly, anti-virus protection of the Microsoft Outlook mail system is supported.

Control module performs regular updates of anti-virus components and virus databases from the Server and also, sends information on virus evens on protected computer to the Server.

If the central protection Server is not accessible, it is possible to update virus databases on protected stations via the internet from the Global Update System.

Depending on the operating system of the station, the following protection functions are provided:

Stations under Windows OS

Anti-virus check

Scans a computer on user demand and according to the schedule. Also the remote launch of anti-virus scan of stations from the Control Center including rootkits check is supported.

File monitor

The constant file system protection in the real-time mode. Checks all launched processes and also created files on hard drives and opened files on removable media.

Mail monitor

Checks all incoming and outgoing mail messages when using the mail clients.

The spam filter is is also available (if the license permits this function).

Web monitor

Checks all calls to web sites via the HTTP protocol. Neutralises malicious software in HTTP traffic (for example, in uploaded and downloaded files) and blocks the access to suspicious or incorrect resources.

Office Control

Controls access to network and local resources, in particular, limits access to web sites. Allows to control the integrity of important files from the accidental change or virus infecting and limit the access to unwanted information for employees.

Firewall

Protects computers from external unauthorised access and prevents leak of vital data via internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Quarantine

Isolates malware and suspicious objects in the specific folder.

Self-protection

Protects files and folders of Dr.Web Enterprise Security Suite from unauthorised or accidental removal and modification by user or malicious software. If self-protection is enabled, access to files and folders of Dr.Web Enterprise Security Suite is granted to Dr.Web processes only.

Preventive protection

Prevents of potential security threats. Controls the access to the operating system critical objects, controls drivers loading, programs autorun and system services operation and also monitors running processes and blocks them in case of detection of viral activity.

Application control

Monitors activity of all processes on stations. Allows the anti-virus network administrator to adjust which applications to allow and which ones to prohibit for launching on protected stations.

Stations under UNIX system-based OS

Anti-virus check

Scanning engine. Provides the anti-virus scanning service (contents of files and disk boot records and other data received from other components of Dr.Web for UNIX). It queues files that are waiting to be scanned. Cures the files that can be cured.

Anti-virus check, Quarantine management

The component which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX components. Checks file system directories according to a received task, transmits files for scanning to the scanning engine. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.

Used by components that scan file system objects, such as SpIDer Guard (for Linux, SMB, NSS).

Web traffic check

ICAP server analyzing requests and traffic which goes via HTTP proxy servers. It also prevents transmitting infected files and access to the network hosts belonging to the internet resources categories and to black lists, created by the system administrator.

File monitor for GNU/Linux system-based OS

The Linux file system monitor. It operates in a resident mode and monitors file operations (creation, opening, closing, and running of a file) in the GNU/Linux file systems. It sends to the files check component tasks to scan new and modified files or executable files upon a program startup.

File monitor for Samba directories

Monitor of Samba shared file system directories. It operates as a resident mode and monitors file operations (creation, opening, closing, and read or write operations) in directories used by SMB file server Samba. It sends to the files check component contents of new and modified files  for the check.

NSS file monitor

NSS volumes monitor (Novell Storage Services). It operates as a resident mode and monitors file operations (creation, opening, closing and write operations) on NSS volumes mounted in the specified file system point. It sends to the files check component contents of new and modified files  for the check.

Internet connections check

The component for monitoring network traffic and URLs. It is designed to check data downloaded from the network to the local host and transmitted from it to the external network for threats. The components also prevents connections with the network hosts, included not only to the unwanted categories of web resources, but also to black lists created by the system administrator.

Mail monitor

The component for scanning of emails. Analyzes the messages of email protocols, sorts out emails and prepares them for scanning for threats. It can operate in two modes:

1.A filter for mail servers(Sendmail, Postfix, etc.) connected via the interface Milter, Spamd or Rspamd.

2.A transparent proxy of mail protocols (SMTP, POP3, IMAP). In this mode, it uses SpIDer Gate.

Stations under macOS

Anti-virus check

Scans a computer on user demand and according to the schedule. Also the remote launch of anti-virus scan of stations from the Control Center is supported.

File monitor

The constant file system protection in the real-time mode. Checks all launched processes and also created files on hard drives and opened files on removable media.

Web monitor

Checks all calls to web sites via the HTTP protocol. Neutralises malicious software in HTTP traffic (for example, in uploaded and downloaded files) and blocks the access to suspicious or incorrect resources.

Quarantine

Isolates malware and suspicious objects in the specific folder.

Mobile devices under Android OS

Anti-virus check

Scans a mobile device on user demand and according to the schedule. Also the remote launch of anti-virus scan of stations from the Control Center is supported.

File monitor

The constant file system protection in the real-time mode. The check of all files as they are saved in the memory of the device.

Calls and SMS filter

Filtering the incoming phone calls and SMS allows to block the undesired messages and calls, such as advertisements or messages and calls from unknown numbers.

Anti-theft

Detect the device location or lock its functions in case it has been lost or stolen.

Restricting internet access

URL filter allows to protect user of the mobile device from unsolicited internet sites.

Firewall

Protects the mobile device from external unauthorised access and prevents leak of vital data via internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Security troubleshooting

Diagnostic and analysis of the security of mobile device and resolving the detected problems and vulnerabilities.

Application launch control

Blocks the launch on mobile device those applications that are not included into the list of allowed by administrator.

Providing a Connection between Anti-virus Network Components

To provide stable and secure connection between anti-virus network components, the following features are presented:

Dr.Web Proxy Server

Proxy Server can optionally be included into the anti-virus network. The main function of the Proxy Server is to provide connection between the Server and protected stations in cases when direct connection is impossible.

The Proxy server allows using any computer included in an anti-virus network for the following purposes:

As update relay center to reduce the network load on the Server and on connection between the Server and the Proxy server, as well as to reduce the time required for protected stations to get updates by using the caching function.

As a distribution center of virus events coming from protected stations to the Server, which also reduces network load and allows keeping up with cases when, for example, a group of stations is located in a network segment, which is isolated from the segment the Server is in.

Traffic compression

Special compression algorithms are applicable for transferring data between the anti-virus network components to reduced network traffic to minimum.

Traffic encryption

Data transferred between the anti-virus network components can be encrypted to provide additional secure level.

Additional Features

NAP Validator

NAP Validator is provided as a separate component and allows to use Microsoft Network Access Protection (NAP) technology to check health of protected stations software. The resulting security is achieved through the implementation of the requirements for performance of network stations.

Repository loader

Dr.Web Repository loader is provided as a separate utility and allows to download products of Dr.Web Enterprise Security Suite from the Global Update System. It can be used for downloading of Dr.Web Enterprise Security Suite products updates to place them on the Server not connected to the internet.