About the Product

Dr.Web Enterprise Security Suite is designed to provide an integrated and complex anti-virus protection either for the local network of a company (including mobile devices) or home computers of its employees.

Once the components of Dr.Web Enterprise Security Suite are installed on corporate computers and mobile devices, they begin communicating with each other and become an integrated anti-virus network.

	Dr.Web Server		HTTP/HTTPS
	Dr.Web Security Control Center		TCP/IP network
	Dr.Web Mobile Control Center		Updates delivered via HTTP/HTTPS
	Protected station		Dr.Web GUS

Dr.Web Enterprise Security Suite anti-virus network has a client-server architecture. Its components are installed on stations. In this context, a "station" means a protected device in the anti-virus network, with Dr.Web Agent and anti-virus package installed, acting as a client and interacting with Dr.Web Server. Stations can be computers, virtual and mobile devices of users and administrators, as well as computers functioning as LAN servers. Anti-virus network components exchange information using TCP/IP network protocols. Anti-virus software can be installed (and subsequently managed) on protected stations either via LAN, or the internet.

Centralized protection server (Dr.Web Server) is installed on one of the computers in the anti-virus network. The installation can be performed on any computer, not necessarily on the computer acting as a LAN server. General requirements for such a computer are specified in the Installation Manual, section System Requirements.

The cross-platform nature of Dr.Web Server allows it to be used on a computer with any of the following operating systems installed:

Dr.Web Server stores distribution kits of anti-virus packages for various operating systems on protected computers, updates for virus databases and anti-virus packages, license keys and settings of anti-virus packages for protected computers. Dr.Web Server receives updates of anti-virus protection components and virus databases via the internet from Dr.Web Global Update System and distributes them to protected stations.

Several Dr.Web Servers can be combined into a hierarchical structure to serve protected stations in the anti-virus network.

Dr.Web Server backs up critical data (such as databases, configuration files, etc.)

Dr.Web Server is connected to a unified database where it stores statistics about anti-virus network events, Dr.Web Server settings, parameters of protected stations and anti-virus components installed on protected stations.

Embedded database. SQLite3 database comes embedded in the Dr.Web Server directly.

External database. Built-in drivers for connecting the following databases are provided:

•ODBC driver for connecting to other databases, such as Microsoft SQL Server/Microsoft SQL Server Express.

You can use any database that meets your requirements. Your choice should be based on the database capabilities, such as its ability to ensure operation of the anti-virus network of a corresponding size, the database software maintenance needs, administration capabilities provided by the database itself and, also the requirements and standards accepted for use in your organization.

Centralized Protection Control Center (Dr.Web Security Control Center) is automatically installed with Dr.Web Server and provides a web interface for remote administration of Dr.Web Server and the anti-virus network by configuring the settings of Dr.Web Server and the settings of protected computers which are stored on Dr.Web Server and protected computers.

The Control Center can be accessed on any computer with a network access to Dr.Web Server. The Control Center can be used almost under any operating system and is fully compatible with the following web browsers:

Potential use cases are described in the Installation Manual, section System Requirements.

•Easy installation of anti-virus protection on protected stations, including remote installation on workstations with a preliminary network scan to search for computers; creation of distribution files with unique identifiers and Dr.Web Server connection parameters, which facilitates the anti-virus installation process by an administrator or allows station users to install the Anti-virus themselves (see detailed information in the Installing Dr.Web Agent section).

•Streamlined administration based on grouping of anti-virus network workstations.

•Centralized control of anti-virus packages on stations, including uninstallation of either individual components or the entire anti-virus package on stations running Windows OS; configuration of parameters of anti-virus package components; assignment of permissions to set up and manage the anti-virus packages for the users of protected computers .

•Centralized control of anti-virus scanning at workstations, including remote anti-virus scanning either on a scheduled basis or at the administrator's direct request via the Control Center; centralized configuration of anti-virus scanning parameters and their delivery to workstations for local scanning using these parameters.

•Statistics on the status of protected stations, virus statistics, status of installed anti-virus software, status of running anti-virus components, and a list of hardware and software on protected station.

•Flexible Dr.Web Server and anti-virus network administration system based on the differentiation of access rights for different administrators and the possibility to connect administrators via external authorization systems such as Active Directory, LDAP, RADIUS, PAM.

•Management of licenses for anti-virus protection of workstations, with a branched system of licenses for stations and groups of stations, as well as the ability to transfer licenses between several Dr.Web Servers in a multi-server configuration of the anti-virus network.

•Wide range of settings for configuring Dr.Web Server and its individual components, including the Dr.Web Server maintenance schedule; adding user hooks; flexible configuration of the update system for all anti-virus network components using the GUS and further propagation of updates on stations; configuration of the administrator notification system about anti-virus network events with various methods of notification delivery; setting up inter-server connections for configuring a multi-server anti-virus network.

The Web server is one of the Control Center components that are automatically installed with Dr.Web Server. The main purpose of the Web server is to ensure operation of the Control Center web pages and client network connections.

Dr.Web Mobile Control Center is available as a separate component for mobile devices running iOS and Android. Basic device requirements for running the application are given in the Installation Manual, section System Requirements.

Mobile Control Center connects to Dr.Web Server via an encrypted protocol using the credentials of the anti-virus network administrator. Mobile Control Center supports the basic set of the Control Center features:

•launching a fast or a full scan either on selected stations or on all stations in selected groups;

•viewing and managing files in the Quarantine either on selected stations or on all stations in the selected group.

•number of stations registered at Dr.Web Server and their current status (online/offline);

4.Viewing and managing messages about major events in the anti-virus network through interactive push notifications:

8.Searching for specific anti-virus network stations and groups by their names, addresses, or IDs.

You can download Dr.Web Mobile Control Center from the Control Center or directly from App Store and Google Play.

Protected computers and mobile devices in the network have a control module (Dr.Web Agent) and an anti-virus package installed for the corresponding operating system installed.

The cross-platform nature of the software ensures that anti-virus protection is provided for computers and mobile devices running the following operating systems:

Protected stations can include both workstations and LAN servers. Anti-virus protection of Microsoft Outlook mail system is also supported.

The control module regularly updates anti-virus components and virus databases by downloading them from Dr.Web Server. It also sends information about virus events on protected computers to Dr.Web Server.

If Dr.Web Server is unavailable, virus databases on protected stations can be updated from the Global Update System via the internet.

Depending on the operating system installed on the station, the following protection functions are provided:

Scans a computer on demand or according to a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

Continuous file system protection in real time. Checks all launched processes, as well as all files created on hard drives and files opened on removable media.

Checks all incoming and outgoing email messages when using email clients. The spam filter is also available (if your license allows you to use it).

Checks all data exchange with the websites via HTTP protocol. It neutralizes malicious software in HTTP traffic (for example, in sent and received files) and restricts access to suspicious or incorrect resources.

Controls access to local and global network resources, specifically restricting access to websites. Controls the integrity of important files to prevent accidental modification or infection with viruses, as well as restricts access to unwanted information for employees.

Protects computers from unauthorized external access and prevents leaks of sensitive data via the internet. Monitors connection attempts and data transfer via the internet and blocks suspicious connections both on network and application levels.

Protects Dr.Web Enterprise Security Suite files and folders from unauthorized or accidental removal and modification by users or malicious software. If self-protection is enabled, access to Dr.Web Enterprise Security Suite files and folders is granted to Dr.Web processes only.

Prevents potential security threats. Controls access to critical operating system objects, controls driver loading, program autorun and system service operation. It also monitors running processes and blocks them in case if any viral activity is detected.

Monitors the activity of all processes on stations. Allows the anti-virus network administrator to control which applications are allowed to run and on protected stations and which are not.

A scanning engine. Performs anti-virus scanning (scans files, disk boot records and other data received from other components of Dr.Web for UNIX). It queues files that are waiting to be scanned. Cures the files that can be cured.

Scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX components. It also scans file system directories according to a received task, submits files for scanning to the scanning engine. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates a cache that stores information on scanned files to reduce the frequency of repeated file scanning.

Used by components that scan file system objects, such as SpIDer Guard (for Linux, SMB, NSS).

ICAP server analyzing requests and traffic, which goes via HTTP proxy servers. It also prevents transmitting infected files and access to network hosts belonging to the internet resource categories and to domain lists, blocked by the system administrator.

The Linux file system monitor. It operates in the background and monitors file operations (creating, opening, closing, and running a file) in the GNU/Linux file systems. It sends tasks to the file check component to scan new, modified or executable files upon a program startup.

Monitor of Samba shared file system directories. It operates in the background and monitors file operations (creating, opening, closing, reading or writing operations) in directories used by Samba SMB file server. It sends the contents of new and modified files to the file check component for checking.

NSS volume monitor (Novell Storage Services). It operates in the background and monitors file operations (creating, opening, closing and writing operations) on NSS volumes mounted to a specified file system point. It sends the contents of new and modified files to the file check component for checking.

Network traffic and URL monitoring component. It is designed to scan for threats any data downloaded from the global network to a local host and then transmitted from that host to an external network. The component also prevents connections to any network hosts included either into unwanted categories of web resources or to blocked domain lists created by the system administrator.

Email scanning component. Analyzes messages transferred over email protocols, sorts out emails and prepares them for scanning for threats. It can operate in one of two modes:

1.As a filter for mail servers (Sendmail, Postfix, etc.) connected via the Milter, Spamd or Rspamd interface.

2.As a transparent mail protocol proxy (SMTP, POP3, IMAP). In this mode, it uses SpIDer Gate.

Scans a computer on user demand and according to a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

Continuous file system protection in real time. Checks all running processes, as well as any files created on hard drives and files opened on removable media.

Checks all data exchange with websites using HTTP protocol. It neutralizes malicious software in HTTP traffic (for example, in sent and received files) and restricts access to suspicious or inappropriate resources.

Scans a mobile device on user demand and according to a schedule. Anti-virus scanning of stations can also be initiated remotely from the Control Center, including scanning for rootkits.

Continuous file system protection in real time. Checks all files as they are saved in the device memory.

Filters incoming phone calls and SMS messages, while allowing you to block any unwanted messages and calls, such as advertisements or messages and calls from unknown numbers.

Detects device location or locks its functions in case it has been lost or stolen.

Protects a mobile device from unauthorized external access and prevents sensitive data from leaking over the internet. Monitors connection attempts and data transfer over the internet and blocks suspicious connections on both network and application levels.

Diagnosis and analysis of mobile device security and remediation of any detected problems and vulnerabilities.

Blocks applications from launching on a mobile device, unless they are included in the list of allowed applications by the administrator.

To ensure stable and secure connection between the anti-virus network components, the following features are available:

Proxy Server can be optionally included in the anti-virus network. The main function of the Proxy Server is to provide connection between Dr.Web Server and protected stations in cases when direct connection is impossible.

The Proxy Server allows you to use any computer included in the anti-virus network for the following purposes:

•As an update relay center to reduce the network load on Dr.Web Server and on the network hardware between Dr.Web Server and the Proxy Server, as well as to reduce the time required for protected stations to receive updates by using the caching function.

•As a relay for sending virus events from protected stations to Dr.Web Server, which also reduces network load and ensures operation in cases when, for example, a group of stations is located in a network segment isolated from the segment Dr.Web Server is in.

To reduce network traffic to a minimum, special compression algorithms are used when the anti-virus network components exchange data.

Data transferred between the anti-virus network components can be encrypted to provide an additional level of security.

NAP Validator is a separate component that uses Microsoft Network Access Protection (NAP) technology to check the software health of protected stations. Enhanced security is achieved by implementing network station performance requirements.

Dr.Web Repository loader is a separate utility that downloads Dr.Web Enterprise Security Suite products from Dr.Web Global Update System. It can be used for downloading Dr.Web Enterprise Security Suite updates and storing them on Dr.Web Server which is not connected to the internet.

Dr.Web Scanning Server is provided as a separate component designed for operating in virtual environments. The Scanning Server is installed on a separate virtual machine and processes anti-virus scanning requests from other virtual machines.