The Known hashes of threats section allows you to search the bulletin with known hashes of threats which is provided by the FinCERT organization and included in the 15-drwhashdb product.
The section is available only if the usage of bulletins of known threat hashes is licensed. You can check the license in the information on a license key that can be found in the License Manager section, the Allowed lists of hash bulletins parameter (the license in at least one of the license keys used by Dr.Web Server is sufficient).
|
Anti-virus protection level is not reduces if hash bulletins are not licensed. This license allows to notify the administrator that the detected threat is in the specialized bulletins of known hashes of threats. |
|
The 15-drwhashdb product is managed in the Administration > Detailed repository configuration > Known hashes of threats section. |
The table in this section contains the following data:
•Threat hash—known hash of threat.
•Bulletin name—FinCERT_IOC.
To search in the hash table fields, click 
.
When a threat is detected on a station (by application control, preventive protection or scanning) and information about it is sent to the Dr.Web Server, the server checks its hash with the hash in the FinCERT list and, if it matches, marks it as present in the FinCERT bulletin. This information is available in the statistics tables with detected threats when the Bulletin column is enabled in the Anti-Virus Network > Statistics section.
The hash database is stored in a single hash-db file in the following catalog:
•for Windows OS: C:\Program Files\DrWeb Server\var\hash-db\<revision number>\hash.db,
•for Linux OS: /var/opt/drwcs/hash-db/<revision number>/hash.db,
•for FreeBSD OS: /var/drwcs/hash-db/<revision number>/hash.db.
Notifications about detecting threats by known hashes
You can configure sending notifications about found matches with known threat hashes in the Notification Configuration section.
The following notifications are available:
•Application Control blocked the process from the known hashes of threats list,
•Security threat detected by known hashes of threats,
•Scan error at threat detection by known hashes of threats,
•Report of Preventive protection on threats detection by known hashes of threats.
Set the Send notifications on events of neighbor Dr.Web Server at threat detection by known hashes flag to send notifications to the administrator about the events received from the configuring child Dr.Web Server in case of security threat detection by known hashes of threats. If the flag is cleared, the administrator will receive notifications on events only on the own Dr.Web Server.
The flag is available only if the usage of bulletins of known threat hashes is licensed (the 15-drwhashdb repository product).
It is also possible to customize notifications via user hooks.
|
If you do not have a license for a product, the corresponding notifications are automatically turned off. |