Checking Web Traffic

SpIDer Gate scans HTTP traffic and blocks malicious objects. HTTP is used by browsers, download managers, and other applications which work with the internet.

Note

Encrypted traffic is not checked in order to avoid issues with network resources. This is due to the fact that, in order to establish secure connections within the corporate network, the Dr.Web certificate is used instead of the certificates of installed software, which may lead to errors in programs that use a secure protocol for connections and check the integrity of encrypted traffic.

 

By default, SpIDer Gate filters non-recommended websites and websites known as infection sources.

SpIDer Gate automatically launches on Windows startup and resides in memory.

To enable or disable traffic scan and non-recommended websites filter

1.Open Dr.Web menu Dr.Web icon, then select Security Center.

2.In the open window, click Files and Network tile.

3.Enable or disable SpIDer Gate by using the switcher .

Figure 34. Enabling/Disabling SpIDer Gate

In this section:

Traffic and URLs in IM clients scan

Blocking parameters

Block programs

Block unchecked and corrupted objects

Check archives and containers

Use system resources during the checks

Traffic direction

See also:

Exclude websites from scan

Excluding applications from scanning

Traffic check options

The default SpIDer Gate settings are optimal for most cases. Do not change them unnecessarily.

Note

The component parameters can be adjusted if the administrator of the centralized protection server, to which Dr.Web is connected, enables this option.

 

To open SpIDer Gate parameters

1.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock .

2.Click the SpIDer Gate tile. A component parameters window opens.

Figure 35. HTTP traffic check parameters

Traffic and URLs in IM clients scan

In the Scan options group, you can enable scanning of URLs and files transmitted by instant messaging clients, such as Mail.ru Agent, ICQ, and Jabber clients. Only incoming traffic is checked. By default, the option is enabled.

The following actions are applied to the found threats:

Object

Action

URL scan

Websites known as infection sources

Blocked automatically.

Non-recommended websites and URLs listed due to a notice from the copyright owner

Blocked according to settings in the Blocking parameters group.

File scan

Viruses

Blocked automatically.

Malware:

Suspicious

Riskware

Dialers

Hacktools

Adware

Jokes

Blocked according to parameters in the Block programs group.

When SpIDer Gate scans URLs in messages, the websites and applications excluded from scan have an effect.

Blocking parameters

In the Blocking parameters group, you can enable automatic blocking of URLs listed due to a notice from copyright owners and blocking unreliable websites. For this, enable the corresponding option.

To allow access to necessary websites specify exclusions in the Exclusions group.

Note

By default, SpIDer Gate blocks access to the websites known as infection or malware sources except the list of websites excluded from scan.

Block programs

To access this and following sections, click the Advanced settings link.

SpIDer Gate can block the following malware:

Suspicious

Riskware

Dialers

Hacktools

Adware

Jokes

To enable blocking of malware, click the Advanced settings link and enable the corresponding switchers in the Block programs group. By default, SpIDer Gate blocks suspicious programs, adware and dialers.

Block objects

SpIDer Gate can block unchecked and corrupted objects. By default, these settings are disabled. To open the settings, click the Advanced settings link.

Advanced settings

Scan archives and Scan containers. The settings are disabled by default.

Level of system resource consumption. In some cases Dr.Web cannot determine the final file size for example when loading the file. In this case, the file is sent for the scan in parts. It requires the use of computer resources. You can configure the resource use level and determine the frequency of sending files with unknown size. If you select a high resource use level, files will be sent more frequently and will be scanned faster. However, frequent scans increase processor load.

Traffic scan mode. By default, SpIDer Gate scans incoming traffic only. If necessary, you can select HTTP traffic type to scan.

During the traffic scanning, the SpIDer Gate parameters, the white list, and the list of applications excluded from scan have an effect.