Statistics

On the Statistics tab, you can configure statistics information that will be written to the log file, to the Dr.Web Server database, and further can be viewed in the statistics section of the Control Center.

To add corresponding type of information to the DB, set the following flags:

•Quarantine state—logs stations Quarantine state.

•Hardware and software composition—enables monitoring of hardware and software composition and storing the information in the database.

•List of the station modules—enables monitoring of the list of the station modules and storing the information in the database.

•List of installed components—enables monitoring of the list of the installed components (Scanner, monitors, etc) and storing the information in the database.

•Sessions of stations users—enables monitoring of user sessions and storing in the database the logins of users which are loged in the system with installed Dr.Web Agent.

•Start/Stop of components—enables monitoring of the information on the start and stop of the components (Scanner, monitors, etc) and storing the information in the database at stations.

•Detected security threats—enables monitoring of security threat detection on stations and storing the information in the database.

If the Detected security threats flag is set, you can also configure some additional parameters of threat statistics.

▫Set the Track epidemic flag to enable sending a summary notification (Epidemic in the network) to the administrator in case of a malware epidemic in the network. If the flag is cleared, individual notifications on detected threats (Security threat detected and Security threat detected by known hashes of threats) are sent instead. If the flag is set, you can configure the following parameters of tracking malware epidemics:

▪Prohibition period on sending notifications—time period in seconds after a notification about a malware epidemic is sent during which no individual station infection notifications are sent.

▪Period of infected stations counting—time period in seconds during which a specified number of reports on infected stations must be received to send a notification about a malware epidemic.

▪Messages number—number of infection reports that must be received within a specified period of time for Dr.Web Server to send a summary malware epidemic notification to the administrator for all infection cases.

▪Number of the most common threats—number of the most common threats to be included in the epidemic report.

▫Set the Group reports of Preventive protection flag to send a summary report on multiple Preventive protection events (the Summary report of Preventive protection notification). If the flag is cleared, Preventive protection events are reported in individual notifications (Report of Preventive protection) regardless of their number. If the flag is set, you can configure the following parameters of summary reports:

▪Prohibition period on sending notifications—time period in seconds after sending a summary report on Preventive protection events during which no individual event notifications are sent.

▪Period of counting terminated connections—time period in seconds during which a specified number of Preventive protection events must occur for a summary report to be sent.

▪Events number—number of Preventive protection events that must be received within a specified time period for Dr.Web Server to send a summary report on these events to the administrator.

▪Number of the most active processes—number of the most active processes that have performed a suspicious action to be included in the Preventive protection summary report.

▫Set the Send statistics to Doctor Web company flag, to activate sending statistics on detected stations security threats to the Doctor Web company. The following fields will become available:

▪Interval—an interval in minutes for sending statistics;

▪Identifier—an MD5 key (located in the Dr.Web Server configuration file);

Interval for sending statistics is the only obligatory field.

•Abnormally terminated connections—enables monitoring of abnormally terminated connections with Dr.Web Server clients and sending notifications of individual (Connection terminated abnormally) and multiple (Large number of abnormally terminated connections detected) terminated connection cases to the administrator.

You can configure the following parameters of notifications of abnormally terminated connections:

▫Prohibition period on sending notifications—time period in seconds after sending a notification about multiple terminated connections during which notifications about individual terminated connections are not sent.

▫Period to counting terminated connections—time period in seconds during which a specified number of connections to clients must be terminated for a notification to be sent.

▫Number of connections for notification on single terminations—minimum number of connections to a single address that must be terminated during the count period for an individual abnormally terminated connection notification to be sent.

▫Number of connections for notification on multiple terminations—minimum number of connections that must be terminated during the count period for a summary notification about multiple abnormally terminated connections to be sent.

▫Duration of short connections—if the duration of a terminated connection to a client is less than the specified value, then when the specified number of connections is reached, a notification about a single terminated connection is sent regardless of the count period. In this case the connection must not be interrupted by longer connections later on, and the summary notification of multiple terminated connections must not be sent.

•Scan errors—enables monitoring of scan errors occurring and storing the information in the database.

•Scan statistics—enables monitoring of the statistics of scanning and storing the information in the database.

•Dr.Web Agent installations—logs the information about Dr.Web Agent installations on the stations.

•Blocked devices—enables monitoring of information on devices blocked by the Office Control component and storing the information in the database.

•Application Control statistics on processes activity—enables monitoring of processes activity at stations detected by Application Control and write the information to the database.

•Application Control statistics on processes blocking—enables monitoring the blocking of the processes at stations by Application Control and write the information to the database.

•Multiple blockings by Application Control—allows to track cases when multiple processes are blocked by Application Control and sending a summary report on such cases to the administrator (the Large number of blocks by the Application Control detected notification).

You can configure the following parameters of tracking such cases:

▫Prohibition period on sending notifications—time period in seconds after sending a summary report on processes blocked by Application Control during which notifications of individual blocked processes (Application Control blocked the process and Application Control blocked the process from the known hashes of threats list) are not sent.

▫Period of counting blocked processes—time period in seconds during which a specified number of processes must be blocked for a summary report to be sent.

▫Events number—number of events on processes blocked by Application Control within a specified period of time that must be reached for Dr.Web Server to send a summary report on these events to the administrator.

▫Number of the most common profiles—number of the most frequently triggered Application Control profiles that resulted in blocked processes and are to be included in a summary report.

•Station tasks execution log—enables logging of results of task execution on workstations and storing the log in the database.

•Station statuses—enables logging of status changes for workstations and storing the log in the database.

▫Virus database statuses—enables logging of changes in the virus database status and contents on workstations and storing the logs in the database. The flag is available only if the Station statuses flag is set.

•Location data—allows to receive information on station location and store the information in the database.

•Disk space on stations—allows to receive information on disk space on stations and store the information in the database.

•Collect device information—allows to receive information on devices connected to Windows stations and store the information in the database. The data is used by the Office Control component.

•Collect user information—allows to receive information on users on Windows stations and store the information in the database. The data is used by the Office Control component.

To view statistics information

1.Select the Anti-virus network item of the main menu.

2.Select a station or a group in the hierarchical list.

3.Open the corresponding section of the control menu (see the table below).

The table below describes correspondence between flags in the Statistics tab of the Dr.Web Server settings and items of the control menu on the Anti-virus network page.

If you clear flags on the Statistics tab, corresponding items of the control menu become hidden.

Correspondence between flags of Statistics data section and items of the control menu