About the Product |
Dr.Web Enterprise Security Suite is designed to provide an integrated and complex anti-virus protection either for the local network of a company (including mobile devices) or home computers of its employees. Once the components of Dr.Web Enterprise Security Suite are installed on corporate computers and mobile devices, they begin communicating with each other and become an integrated anti-virus network.
Logical structure of the anti-virus network Dr.Web Enterprise Security Suite anti-virus network has a client-server architecture. Its components are installed on stations. In this context, a "station" means a protected device in the anti-virus network, with Dr.Web Agent and the anti-virus package installed, acting as a client and interacting with Dr.Web Server. Stations can be computers, virtual and mobile devices of users and administrators, as well as computers functioning as LAN servers. The anti-virus network components exchange information using TCP/IP network protocols. The anti-virus software can be installed (and subsequently managed) on protected stations either via LAN or the internet. Centralized protection server Centralized protection server (Dr.Web Server) is installed on one of the computers in the anti-virus network. The installation can be performed on any computer, not necessarily on a computer acting as a LAN server. General requirements for such a computer are specified in the , section System Requirements. The cross-platform nature of Dr.Web Server allows it to be used on a computer with the following operating systems installed: •Windows OS, •Unix-like OS (Linux, FreeBSD). Dr.Web Server stores distribution kits of anti-virus packages for various operating systems on protected computers, updates for virus databases and anti-virus packages, license keys and settings of anti-virus packages for protected computers. Dr.Web Server receives updates of anti-virus protection components and virus databases via the internet from Dr.Web Global Update System and distributes them to protected stations. Several Dr.Web Servers can be combined into a hierarchical structure to serve protected stations in the anti-virus network. Dr.Web Server backs up critical data (such as databases, configuration files, etc.) Dr.Web Server keeps a consolidated log of anti-virus network events. Unified database Dr.Web Server is connected to a unified database where it stores statistics about anti-virus network events, Dr.Web Server settings, parameters of protected stations and anti-virus components installed on protected stations. You can use the following types of databases: SQLite3 database built into Dr.Web software. An database. Dr.Web software comes with built-in drivers for the following databases: •MySQL, MariaDB DBMS, •Oracle, •PostgreSQL (including PostgreSQL Pro, Jatoba, and others), •ODBC driver for connecting other databases such as Microsoft SQL Server/Microsoft SQL Server Express. You can use any database that meets your requirements, such as: scalability, database software maintenance, administrative capabilities provided by the database itself and also the standards adopted in your company. Centralized Protection Control Center Centralized Protection Control Center (Dr.Web Control Center) is automatically installed with Dr.Web Server and provides a web interface for remote administration of Dr.Web Server and the anti-virus network by configuring the settings of Dr.Web Server and the settings of protected computers which are stored on Dr.Web Server and protected computers. The Control Center can be accessed on any computer with a network access to Dr.Web Server. The Control Center can be used almost under any operating system and is fully compatible with the following web browsers: •Windows Internet Explorer, •Microsoft Edge, •Mozilla Firefox, •Google Chrome, •Yandex Browser. Potential use cases are described in the , section System Requirements. Control Center offers the following features: •Easy installation of anti-virus protection on protected stations, including remote installation on workstations with a preliminary network scan to search for computers; creation of distribution files with unique identifiers and Dr.Web Server connection parameters, which facilitates the anti-virus installation process by an administrator or allows station users to install the anti-virus themselves. •Streamlined administration based on grouping of anti-virus network workstations (see detailed information in Chapter 7: Integrated Workstations Management). •Centralized control of anti-virus packages on stations, including uninstallation of either individual components or the entire anti-virus package on stations running Windows OS; configuration of parameters of anti-virus package components; assignment of permissions to set up and manage the anti-virus packages for the users of protected computers (for detailed information see Chapter 8: Administration of Workstations). •Centralized control of anti-virus scanning at workstations, including remote anti-virus scanning either on a scheduled basis or at the administrator's direct request via the Control Center; centralized configuration of anti-virus scanning parameters and their delivery to workstations for local scanning using these parameters (see detailed information in section Anti-Virus Scanning of Stations). •Statistics on the status of protected stations, virus statistics, status of installed anti-virus software, status of running anti-virus components, and a list of hardware and software on protected stations (for detailed information see section Viewing Workstation Statistics). •Flexible Dr.Web Server and anti-virus network administration system based on the differentiation of access rights for different administrators, as well as the ability to connect administrators via external authorization systems such as Active Directory, LDAP, RADIUS, PAM (see detailed information in Chapter 6: Anti-Virus Network Administrators). •Management of licenses for anti-virus protection of workstations, with a branched system of licenses for stations and groups of stations, as well as the ability to transfer licenses between several Dr.Web Servers in a multi-server configuration of the anti-virus network (for detailed information see section License Manager). •Wide range of settings for configuring Dr.Web Server and its individual components, including the Dr.Web Server maintenance schedule; adding user hooks; flexible configuration of the update system for all anti-virus network components using the GUS and further propagation of updates on stations; configuration of the administrator notification system about anti-virus network events with various methods of notification delivery; setting up inter-server connections for configuring a multi-server anti-virus network (for detailed information see Chapter 10: Configuring Dr.Web Server).
The Web server is one of the Control Center components that are automatically installed with Dr.Web Server. The main purpose of the Web server is to ensure operation of the Control Center web pages and client network connections. Mobile Control Center for centralized protection Dr.Web Mobile Control Center is available as a separate component for mobile devices running iOS and Android. The basic device requirements for running the application are given in the , section System Requirements. Mobile Control Center connects to Dr.Web Server via an encrypted protocol using the credentials of the anti-virus network administrator. Mobile Control Center supports the basic set of the Control Center features: 1.Managing anti-virus components installed on anti-virus network stations: •launching a fast or a full scan either on selected stations or on all stations in selected groups; •configuring Dr.Web Scanner's reaction to detected malware; •viewing and managing files in the Quarantine either on selected stations or on all stations in the selected group. 2.Displaying statistics on anti-virus network status: •number of stations registered at Dr.Web Server and their current status (online/offline); •virus-related statistics for protected stations. 3.Managing stations and groups: •reviewing settings; •reviewing and managing components of the anti-virus package; •deleting stations and groups; •send custom messages to the stations; •rebooting stations running Windows OS; •adding stations and groups to favorites for quick access. 4.Viewing and managing messages about major events in the anti-virus network through interactive push notifications: •displaying all notifications on Dr.Web Server; •configuring reactions to notification events; •searching for a notification by filter parameters; •deleting notifications; •preventing notifications from being lost due to automatic deletion. 5.Managing new stations, which await connection to Dr.Web Server: •approving access; •rejecting stations. 6.Managing the stations, where anti-virus software failed to update: •displaying failed stations; •updating components on failed stations. 7.Managing Dr.Web Server repository: •viewing product status in the repository; •updating repository from Dr.Web Global Update System. 8.Searching for specific anti-virus network stations and groups by their names, addresses, or IDs. You can download Dr.Web Mobile Control Center from the Control Center or directly from the App Store or Google Play. Protection of network stations A control module (Dr.Web Agent) and an anti-virus package are installed on protected computers and mobile devices in the network. The cross-platform nature of the software ensures that anti-virus protection is provided for computers and mobile devices running the following operating systems: •Windows OS, •Unix-like OS, •macOS, •Android OS. Protected stations can include both workstations and LAN servers. Anti-virus protection of Microsoft Outlook mail system is also supported. The control module regularly updates anti-virus components and virus databases by downloading them from Dr.Web Server. It also sends information about virus events on protected computers to Dr.Web Server. If Dr.Web Server is unavailable, virus databases on protected stations can be updated from the Global Update System via the internet. Depending on the operating system installed on the station, the following protection functions are provided: Stations running Windows OS Anti-virus scanning Scans a computer on demand or according to a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits. File monitor Continuous file system protection in real time. Checks all launched processes, as well as all files created on hard drives and files opened on removable media. Mail monitor Checks all incoming and outgoing email messages when using email clients. The spam filter is also available (if your license allows you to use it). Web monitor Checks all data exchange with the websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (for example, in sent and received files) and restricts access to suspicious or incorrect resources. Office Control Controls access to local and global network resources, specifically restricting access to websites. Controls the integrity of important files to prevent accidental modification or infection with viruses It also restricts access to unwanted information for employees. Firewall Protects computers from unauthorized external access and prevents leaks of sensitive data via the internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels. Quarantine Isolates malware and suspicious objects into a specified folder. Self-protection Protects Dr.Web Enterprise Security Suite files and folders from unauthorized or accidental removal and modification by users or malicious software. If self-protection is enabled, access to Dr.Web Enterprise Security Suite files and folders is granted to Dr.Web processes only. Preventive protection Prevents potential security threats. Controls access to critical operating system objects, controls driver loading, program autorun and system service operation. It also monitors running processes and blocks them in case if any viral activity is detected. Application control Monitors the activity of all processes on stations. Allows the anti-virus network administrator to control which applications are allowed to run and on protected stations and which are not. Stations running Unix-like OS Anti-virus scanning A scanning engine. Performs anti-virus scanning (scans files, disk boot records and other data received from other components of Dr.Web for UNIX). It queues files that are waiting to be scanned. Cures the files that can be cured. Anti-virus scanning, Quarantine management Scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX components. It also scans file system directories according to a received task, submits files for scanning to the scanning engine. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates a cache that stores information on scanned files to reduce the frequency of repeated file scanning. Used by components that scan file system objects, such as SpIDer Guard (for Linux, SMB, NSS). Web traffic scanning ICAP server analyzing requests and traffic, which goes via HTTP proxy servers. It also prevents transmitting infected files and access to network hosts belonging to the internet resource categories and to domain lists, blocked by the system administrator. File monitor for GNU/Linux-based OS The Linux file system monitor. It operates in the background and monitors file operations (creating, opening, closing, and running a file) in the GNU/Linux file systems. It sends tasks to the file check component to scan new, modified or executable files upon a program startup. File monitor for Samba directories Monitor of Samba shared file system directories. It operates in the background and monitors file operations (creating, opening, closing, reading or writing operations) in directories used by Samba SMB file server. It sends the contents of new and modified files to the file check component for checking. NSS file monitor NSS volume monitor (Novell Storage Services). It operates in the background and monitors file operations (creating, opening, closing and writing operations) on NSS volumes mounted to a specified file system point. It sends the contents of new and modified files to the file check component for checking. Internet connection scanner Network traffic and URL monitoring component. It is designed to scan for threats any data downloaded from the global network to a local host and then transmitted from that host to an external network. The component also prevents connections to any network hosts included either into unwanted categories of web resources or to blocked domain lists created by the system administrator. Mail monitor Email scanning component. Analyzes messages transferred over email protocols, sorts out emails and prepares them for scanning for threats. It can operate in one of two modes: 1.As a filter for mail servers (Sendmail, Postfix, etc.) connected via the Milter, Spamd or Rspamd interface. 2.As a transparent mail protocol proxy (SMTP, POP3, IMAP). In this mode, it uses SpIDer Gate. Stations running macOS Anti-virus scanning Scans a computer on user demand and according to a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits. File monitor Continuous file system protection in real time. Checks all launched processes, as well as all files created on hard drives and files opened on removable media. Web monitor Checks all data exchange with the websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (for example, in sent and received files) and restricts access to suspicious or incorrect resources. It neutralizes malicious software in HTTP traffic (for example, in sent and received files) and restricts access to suspicious or incorrect resources. Quarantine Isolates malware and suspicious objects into a specified folder. Mobile devices running Android OS Anti-virus scanning Scans a mobile device on user demand and according to a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits. File monitor Continuous file system protection in real time. Checks all files as they are saved in the device memory. Call and SMS filter Filters incoming phone calls and SMS messages, while allowing you to block any unwanted messages and calls, such as advertisements or messages and calls from unknown numbers. Anti-theft Detects device location or locks its functions in case it has been lost or stolen. Restricting internet access URL filter that protects a mobile device user from inappropriate websites. Firewall Protects a mobile device from unauthorized external access and prevents sensitive data from leaking over the internet. Monitors connection attempts and data transfer over the internet and blocks suspicious connections on both network and application levels. Security troubleshooting Diagnosis and analysis of mobile device security and remediation of any detected problems and vulnerabilities. Application launch control Blocks applications from launching on a mobile device, unless they are included in the list of allowed applications by the administrator. Ensuring connection between anti-virus network components To ensure stable and secure connection between the anti-virus network components, the following features are available:
Dr.Web Proxy Server can be optionally included in the anti-virus network. The main function of the Dr.Web Proxy Server is to provide connection between Dr.Web Server and protected stations in cases when direct connection is impossible. Dr.Web Proxy Server allows you to use any computer included in the anti-virus network for the following purposes: •As an update relay center to reduce the network load on Dr.Web Server and on the connection between Dr.Web Server and Dr.Web Proxy Server, as well as to reduce the time required for protected stations to receive updates using the caching function. •As a forwarder of virus events from protected stations to Dr.Web Server, which also reduces the network load and ensures trouble-free operation in cases when, for example, a group of stations is located in a network segment, that is isolated from the segment where Dr.Web Server is located.
To reduce network traffic to a minimum, special compression algorithms are used when the anti-virus network components exchange data.
Data transferred between the anti-virus network components can be encrypted to provide an additional level of security. Additional features
NAP Validator is a separate component that uses Microsoft Network Access Protection (NAP) technology to check the software health of protected stations. Enhanced security is achieved by implementing network station performance requirements.
Dr.Web Repository loader is a separate utility that downloads Dr.Web Enterprise Security Suite products from Dr.Web Global Update System. It can be used for downloading Dr.Web Enterprise Security Suite updates and storing them on Dr.Web Server which is not connected to the internet. Dr.Web Scanning Server is provided as a separate component designed for operating in virtual environments. The Scanning Server is installed on a separate virtual machine and processes anti-virus scanning requests from other virtual machines. |