1.3. About Dr.Web Enterprise Security Suite

Dr.Web Enterprise Security Suite ensures complete anti-virus protection of your company computers regardless of whether they are integrated in a local network or not.

◆centralized (without user intervention) installation of the anti-virus packages on computers,

◆centralized virus databases and program files updates on protected computers,

◆monitoring of virus events and the state of the anti-virus packages and OS on all protected computers.

Dr.Web ESS allows both to grant the users of the protected computers with the permissions to set up and administer the anti-virus packages on their computers, or flexibly limit their rights, including absolute prohibition.

Dr.Web ESS has a client-server architecture. Dr.Web ESS components are installed on the computers of users and administrators and the computer(s) to function as the Enterprise Server(s), and exchange information through network protocols TCP/IP, IPX/SPX, NetBIOS. An aggregate of computers on which Dr.Web ESS cooperating components are installed is called an anti-virus network.

◆Dr.Web Enterprise Server (Enterprise Server) stores distribution kits of anti-virus packages for different OS of protected computers, updates of virus databases, anti-virus packages and Enterprise Agents, user keys and package settings of protected computers. Enterprise Server sends necessary information to the correspondent computers on Agents requests and keeps a general log of events of the whole anti-virus network.

◆Dr.Web Control Center is automatically installed with Enterprise Server. It is a certain extension of a web page and allows to administrate the anti-virus network by means of editing the settings of Enterprise Server and protected computers stored on Enterprise Server and protected computers.

◆Dr.Web Enterprise Agent (Enterprise Agent) is installed on protected computers. It installs, updates and controls the anti-virus package as instructed by Enterprise Server. Enterprise Agent reports virus events and other necessary information about the protected computer to Enterprise Server.

◆Proxy server. This component can optionally be included into the anti-virus network. The main function of the proxy server is to provide connection between Enterprise Server and Enterprise Agents in cases when direct connection is impossible. E.g. if the Server and Agents are located in different networks which do not have packet routing between them. At the expense of using caching function, reducing of network traffic and time of receiving Agent updates can be provided.

◆NAP Validator. Allows to use Microsoft Network Access Protection (NAP) technology to check health of Dr.Web anti-virus software on protected workstations by enforcing compliance with system health requirements.

Enterprise Server can be installed on any computer of the local network, not only on that functioning as a local network server. It is crucial that this computer is connected to the Internet to communicate with other anti-virus network computers and Global Update System servers.

The Dr.Web Control Center can be run on a different computer than the Server, there should be a network connection between them.

The anti-virus network can incorporate several Enterprise Servers. The features of such configuration are described in the Manual in p. Peculiarities of a Network with Several Dr.Web Enterprise Servers below.

An anti-virus package installed on protected workstations includes the following components:

◆Dr.Web Scanner for Windows is a part of the common product Dr.Web for Windows. The Scanner is configured through group or personal settings for the workstation. It scans the PC upon user's demand or according to the user's local schedule. Additionally has an anti-rootkit module (not included in Dr.Web Enterprise Scanner).

◆Dr.Web Enterprise Scanner for Windows is one of Enterprise Agent functions. It is also an anti-virus scanner and uses the same virus databases and search engine. But this functionality is 'built in Enterprise Agent. Dr.Web Enterprise Scanner is meant to scan for viruses on demand: either according to the schedule, or a direct task from the Dr.Web Control Center. It has no special interface and no independent settings, it is configured only when run through the Dr.Web Control Center (when scanning is scheduled or initiated manually).

◆SelfPROtect System monitor which protects files and directories used by ESS from unauthorized or accidental removal and modification by user or malicious software. With the system monitor running, access to these resources is granted to Dr.Web processes only.

◆SpIDer Guard (a file monitor) constantly resides in the main memory and checks all opened files on removable media and files opened for writing on hard drives on-access. Besides, the guard constantly monitors running processes for virus-like activity and, if they are detected, blocks these processes and informs the user about it.

◆SpIDer Mail (a mail monitor) also constantly resides in the memory. The program intercepts all calls from your mail clients to mail servers via POP3/SMTPIMAP4/NNTP protocols and scans incoming (or out-going) mail messages before they are received (or sent) by the mail client.

◆SpIDer Gate (an HTTP guard) constantly resides in the computer memory and intercepts addresses to web sites. The guard neutralizes malicious software in http-traffic (for example, viruses in uploaded and downloaded files) and blocks access to suspicious or incorrect resources.

◆Dr.Web Office Control resides in the computer memory and, with the respective settings, control access to network resources and specified local resources. In particular, allows you to limit access to specific web sites, which helps you control access to inappropriate web content. The component helps you ensure integrity of important files and protect them from threats, as well as limit access to inappropriate web sites for your employees.

◆Dr.Web FireWall protects your computer from unauthorized access and prevents leak of vital data through networks. This component monitors connection attempts and data transfer and helps you block unwanted or suspicious connections both on network and application levels.