To view and edit Scanner settings, do one of the following:
1.In the main menu of the Dr.Web Control Center, select Network, then click the name of a station or a group in the hierarchical list. In the opened control menu (panel on the left), click the Dr.Web Scanner for Windows item. Scanner settings window opens. This parameters list is the most complete and includes all parameter groups, described below.
2.In the main menu of the Dr.Web Control Center, select Network, then click the name of a station or a group in the hierarchical list. In the toolbar, click 
Scan. In the opened list at the toolbar, select 
Dr.Web Scanner for Windows. Custom scan. The Scanner settings window will be opened on the right pane. This parameter list is shortened and allows to specify only basic settings included in the General, Actions, Log control and Miscellaneous tabs.
3.In the main menu of the Dr.Web Control Center, select Network, then click the name of a station or group in the hierarchical list. In the toolbar, click Scan. In the opened list at the toolbar, select 
Dr.Web Enterprise Scanner for Windows. The Scanner settings window will be opened on the right pane. This parameter list is shortened and allows to specify only basic settings included in the General, Actions and Excluded paths tabs.
General Tab
◆With the Heuristic analysis flag set by default, the Scanner makes attempts to detect unknown viruses. In this mode the Scanner may give false positives though.
◆The Check archives flag is set by default and instructs the Scanner to search for viruses in files within archives of different types.
◆The Check e-mail files flag is set by default and instructs to scan mailboxes.
◆The Scan running programs and modules (Processes in memory for the Enterprise Scanner) flag is set by default and instructs to scan the processes run in the RAM.
◆The Scan programs that run on OS start up (Startup processes for the Enterprise Scanner) flag is set by default and instructs to scan the files automatically launched at startup.
◆The Scan boot sectors flag is set by default and instructs the Scanner to scan the boot sectors of the drives selected for scanning (or those drives where the files selected for scanning reside). Both boot sectors of logical drives and main boot sectors of physical drives are scanned.
◆The Scan subfolders flag (it is absent for the Enterprise Scanner) is set by default and used in case of scanning the paths. This flag instructs the Scanner to scan not only files, but specified nested subfolders.
In case of setting the Scanner parameters via the Dr.Web Scanner for Windows item of the control menu, the following parameters are available:
◆Protect the HOSTS system file - forbid modifications of the HOSTS file. The operating system uses this file when connecting to the Internet. Changes to this file may indicate virus infection.
◆The Scan files item defines the scan mode. Select the mode in the drop-down list:
•All files - scan all files, regardless of their names and extensions.
•User masks - scan only files, which names and extensions are included in the list, specified at the Mask list tab.
•Selected types - scan only files, which extensions are included in the list, specified at the Extensions list tab.
◆The Prompt on any action flag instructs to show messages about events and Scanner action confirmations to the user.
◆The Prompt to scan another floppy flag uses in case of scanning the removable data storages such as floppy or CD/DVD disks, flash drives etc. and instructs to prompt the confirmation for change the current and check the next storage.
In case of setting the Scanner parameters via the Dr.Web Scanner for Windows item of the toolbar, select one of the two alternative modes:
1.Scan all volumes.
For the Enterprise Scanner, if Scan all volumes is selected, specify what system volumes should be scanned
◆To scan fixed hard drives, select Fixed volumes;
◆To scan all removable data storages such as floppy or CD/DVD disks, flash drives etc, select Removable volumes;
The paths excluded from search can also be specified in the Scan all volumes mode. (Details of path selection are provided below).
2.Scan specified paths.
If Scan specified paths is selected, specify the list of scanned paths (how to specify paths is described below);
For the Enterprise Scanner for Windows, also the following flags are available:
◆The BurstScan technology flag instructs to use this technology, which considerably increases the scanning speed on modern systems.
◆The Low priority scan flag is set by default and ensures lower Scanner load on computing recourses of a system. Meanwhile, other processes could have higher priority as compared to when the option is disabled. The load is reduced by dynamical adjustment of thread priorities in the scan process.
◆The Scan containers flag instructs the Scanner to search for viruses in files within file containers of different types.
◆The Actions after scan list instructs to perform specified action automatically when scan completes: shutdown, reboot, set the corresponding mode or do nothing with the station.
◆The Disable network while scanning flag instructs to disable network and Internet connections during scanning process.
In the Limitations section, the following settings are available:
◆Maximum time for scanning one file - the maximum file scanning time in milliseconds. When the specified time expires, Scanner stops the scan.
◆Maximum archive nesting level - the maximum nesting level for archived files. During scan, Scanner proceeds unpacking and scanning the archive until this limit is exceeded.
◆Maximum archive size - if the archive size exceed the limit, Scanner neither unpacks, nor scans the archive.
◆Maximum compression ratio - the maximum archives compression rate. If the compression rate of the archive exceed the limit, Scanner neither unpacks, nor scans the archive.
◆Maximum size of extracted files (KB) - the maximum file size at unpacking. If the size of extracted files will exceed the limit, Scanner neither unpacks, nor scans the archive.
◆Compression check threshold - minimum size of file inside archive beginning from which compression ratio check will be performed.
Actions Tab
On the Actions tab, you can configure reactions of Scanner to various virus events. For different types of compromised objects, actions are assigned separately.
The following actions for detected virus threats are provided:
◆Cure - instructs Scanner to try to restore the original state of an object before infection. If the object is incurable, or the attempt of curing fails, the action set for incurable viruses is applied.
Available for known viruses only except Trojan programs that are deleted on detection, and infected files within complex objects such as archives, mail boxes or file containers.
◆Delete - delete the object.
◆Quarantine - move the object to the special Quarantine.
◆Rename - rename infected objects according to the rule from the Pattern used for renaming files field.
◆Report - report about the detection of a virus (read p. Setting Alerts on how to configure alerts).
◆Ignore - skip the object without performing any action or displaying a notification.
Reactions of Scanner to various virus events
Action |
Object |
||||
|---|---|---|---|---|---|
Adware |
Infected archives |
Infected files |
Suspicious files |
Incurable |
|
Cure |
|
|
+/* |
|
|
Delete |
+ |
+ |
+ |
+ |
+ |
Quarantine |
+ |
+/* |
+ |
+ |
+/* |
Rename |
+ |
+ |
+ |
+ |
+ |
Report |
+/* |
+ |
+ |
+/* |
+ |
Ignore |
+ |
|
|
|
|
|
To set actions on virus threats detection, use the following options:
◆In the Pattern used for renaming files field specify an extension mask applied to renamed files, if you specify Rename actions for them. By default, it is #??, i. e. the first character of the extension is replaced with #. The extension can be changed, but standard extensions (EXE, COM, BAT, DOC, PAS, BAS etc.) should not be used instead.
◆In the Adware drop-down list set the Scanner reaction to the detection of this type of unsolicited software.
|
If you select to Ignore, no action is performed as compared to when you select to Report user on virus detection, that is, no warning is displayed and detection of an adware program is ignored. |
◆In the same way setting the Scanner reaction to the detection of other types of unsolicited software such as
•Dialers;
•Jokes;
•Riskware;
•Hacktools.
◆In the Reboot mode drop-down list, set the mode for restart the computer after the scan.
◆In the Infected archives drop-down list set the Scanner reaction to the detection of an infected or suspicious file in a file archive or container. The reaction is to be applied to the whole archive.
◆In the Infected files drop-down list, set the Scanner reaction to the detection of a file infected with a known virus.
◆The Suspicious files drop-down list sets the Scanner reaction to the detection of a file presumably infected with a virus (upon a reaction of the heuristic analyzer).
|
When scanning with the OS installation folder included to the list of objects, it is advisable to select the Report action for suspicious files instead of the default Quarantine action. |
◆The Incurable files drop-down list sets the Scanner reaction to the detection of a file infected with a known incurable virus (and in case an attempt to cure a file failed).
◆The Enable archive deletion flag allows to delete infected archives and e-mail files. If you set this flag, the Infected archive and Infected e-mail file lists will contain the Delete action. If you clear this flag, only Quarantine (by default for archives), Rename and Report (by default for e-mail files) actions will be acceptable.
Excluded Files and Paths Lists
To edit lists of excluded from scanning files and paths
◆In an empty line of the Paths excluded from scanning or Files excluded from scanning list, enter a path to scan for viruses.
◆To add a new path, click 
Add, then enter a path in the new line.
◆To remove a path from the list, click 
Remove next to the appropriate line.
The Paths selected to scan list contains in explicit form the paths (disks and catalogs) to be scanned.
The list of paths excluded from scanning can contain the following elements:
1.Direct path in the explicit form to the excluded object. And:
◆A character \ or / excludes the entire disc with the Windows OS installation folder,
◆A character \ at the end of a path excludes the folder from checking,
◆A path without a character \ at the end - all subfolders of the selected folder are excluded from checking,
For example: C:\Windows - skip scanning files of the C:\Windows folder and all its subfolders.
2.Masks of objects, excluded from the scan. The ? and the * symbols can be used to specify masks.
For example: C:\Windows\*\*.dll - C:\Windows. skip scanning all files with the dll extension at all subfolders of the C:\Windows folder.
3.Regular expression. Paths can be specified through regular expressions. Any file whose full name (with the path) corresponds to a regular expression is excluded from checking.
|
Before starting Dr.Web Scanner for Windows familiarize yourself with recommendations on virus scanning for computers operated by Windows Server 2003 OS, Windows 2000, or Windows XP OS. The information can be found at http://support.microsoft.com/kb/822158/en. The article is meant to help you increase system performance. |
The syntax of regular expressions used for excluding paths from scanning is as follows:
qr{expression}flags
As a flag mostly the character i is used. It instructs "to ignore letter case difference".
Some examples of specifying excluded paths through regular expressions are given below:
◆qr{\\pagefile\.sys$}i — skip scanning Windows NT swap files,
◆qr{\\notepad\.exe$}i — skip scanning notepad.exe files,
◆qr{^C:}i — skip scanning disk C,
◆qr{^.:\\WINNT\\}i – skip scanning WINNT catalogs on all disks,
◆qr{(^C:)|(^.:\\WINNT\\)}i – skip scanning disk C and WINNT catalogs on all disks,
◆qr{^C:\\dir1\\dir2\\file\.ext$}i – skip scanning the c:\dir1\dir2\file.ext file,
◆qr{^C:\\dir1\\dir2\\(.+\\)?file\.ext$}i – skip scanning file.ext, if it is located in the c:\dir1\dir2 catalog and its subcatalogs,
◆qr{^C:\\dir1\dir2\\}i – skip scanning c:\dir1\dir2 and its subcatalogs,
◆qr{dir\\^\\+}i – skip scanning the dir subcatalog located in any catalog, but scan its subcatalogs,
◆qr{dir\\}i – skip scanning the dir subcatalog located in any catalog and its subcatalogs.
Regular expressions briefly described in Appendix K.
See links to detailed descriptions of the regular expressions syntax in p. Links or refer to the User Manual Dr.Web Anti-Virus for Windows, the section about the Scanner arguments.
Extensions List (for setting parameters via the item of the control menu)
To activate the Extension list section, set the Selected types value for parameter Scan files on the General tab. Only the files with extensions from this list will be scanned.
While changing extensions list, use the button to add a new item of a list and the button to delete present item.
You can use special symbols * and ? in extension list. The list with extensions of executable and archive files are set by default. To restore default values, click the 
button.
Mask List (for setting parameters via the item of the control menu)
To activate the Mask list section, set the User masks value for Scan files parameter on the General tab. Only the files with names and extensions from this list will be scanned.
While changing mask list, use the button to add a new item of a list and the button to delete present item.
You can use special symbols * and ? in extension list. The list with extensions of executable and archive files are set by default. To restore default values, click the button.
Miscellaneous
At the Miscellaneous tab, set the additional parameters of the Scanner:
◆The Use disk to make swap file flag instructs to use the hard drive for swap creation in case of RAM misplace, while scanning large files such as large archives and etc.
◆The Restore access date flag instructs to restore the last date of access to the file after scanning (replace the date on the one before scanning).
◆The Auto-save settings flag instructs to save Scanner configuration settings after current session automatically.
◆In the Scan priority list sets thread priorities in the scan process. Select one of the referred:
•idle - it is not recommended to set this priority level, to avoid slowing down the Scanner operating and considerable increasing of scanning time,
•lowest,
•below normal,
•normal - recommended scan priority,
•above normal,
•highest,
•time-critical - it is not recommended to set this priority level, to avoid intense loading of operating system by the Scanner during scan.
Log Control
At the Log control tab you can set the parameters of Scanner log file. To do this, set the Write report to file flag and configure necessary parameters.
Sound Control (for setting parameters via the item of the control menu)
At the Sound Control tab you can set the sound files for events of certain types. To do this, set the Play sounds flag and specify the names of the sound files for listed events.