For details on a certain option, click a corresponding item in the picture.
To get information on options available in other tabs, click the name of this tab in the picture
On the Actions tab, you can specify the reaction of Spider Guard on detection of infected or suspicious files and malicious software. The reactions are set according to the type of the virus event.
Actions Setup
All types of malicious objects are represented in the hierarchical list in the left part of pane. When an object is selected, the default program reaction to its detection is displayed in the right part of the pane. The action specified in the current settings and the action to be taken if the first action fails are shown.
You can edit program reactions to the detection of each type of objects separately.
To set actions for detected malicious objects:
1.To modify the settings for the first action, specify the primary reaction of the program in the Primary action drop-down list.
2.In the What to do if action failed section, you can specify another action to be applied if following primary actions fail: cure, move to Quarantine, rename, delete.
Possible Actions
The following actions for detected virus threats are available:
◆Cure - instructs SpIDer Guard to try to restore the original state of an object before infection. If the object is incurable, or the attempt to cure fails, the action for incurable viruses is applied.
Available for known viruses except Trojan programs that are deleted on detection, and infected files within complex objects such as archives, mail boxes or file containers.
◆Delete - delete the infected or suspicious objects (for boot sectors no actions are applied).
|
By default, the program does not check and does not allow to delete file archives. If the file archives check is enabled (this type of check will substantially degrade computer performance), you can enable the Delete action for archives. To do this, open the program configuration file (drweb32.ini in the program installation folder) in a text editor, add a string: EnableDeleteArchiveAction=Yes in the [SpIDerGuardNT] section (if such line already exists, replace No with Yes) and save the file.
Files inside archives cannot be treated separately. If the Delete action is selected for an archive, the whole archive will be deleted. |
◆Move to quarantine - instructs to move infected or suspicious objects to the quarantine folder specified in the Quarantine path field (by default, it is the infected.!!! subfolder in the program installation folder).
◆Report - display informational message about virus detection (in the Virus Alert Window).
◆Block - instructs to block access to files checking of which called the Guard reaction. Access to these files is unblocked after the computer restarts or if SpIDer Guard is temporarily suspended.
◆Ignore - skip the object without performing any action or displaying a notification.
|
If you select Ignore, no action is performed as compared to when you select to Report user on virus detection, that is, no warning is displayed and detection of an adware program is ignored. |
◆Rename - instructs to rename the extension of infected or suspicious object according to the mask specified in the Rename extension field (by default it is #??, i.e. replace the first character of the extension with #).
SpIDer Guard actions on infected and malicious objects
Action |
Object |
|
|---|---|---|
Infected |
Suspicious |
|
Cure |
+/* |
|
Delete |
+ |
+ |
Move to quarantine |
+ |
+/* |
Report |
+ |
+ |
Block |
+ |
+ |
Ignore |
|
+ |
Rename |
+ |
+ |
SpIDer Guard Action on compound objects
Action |
Compound objects |
||
|---|---|---|---|
Archives |
E-mails |
Containers |
|
Move to quarantine |
+/* |
+ |
+/* |
Report |
+ |
+/* |
+ |
Block |
+ |
+ |
+ |
Ignore |
+ |
+ |
+ |
Rename |
+ |
+ |
+ |
SpIDer Guard actions on malicious software
Action |
Malicious software |
||||
|---|---|---|---|---|---|
Adware |
Dialers |
Jockes |
Riskware |
Hacktools |
|
Delete |
+ |
+ |
+ |
+ |
+ |
Move to quarantine |
+ |
+ |
+ |
+ |
+ |
Report |
+/* |
+/* |
+/* |
+ |
+/* |
Block |
+ |
+ |
+ |
+ |
+ |
Ignore |
+ |
+ |
+ |
+/* |
+ |
Rename |
+ |
+ |
+ |
+ |
+ |
|
|
On detection of objects containing Adware and Dialers, the Guard in Dr.web for Servers applies the Move to quarantine action, the Guard in Dr.Web for Workstations applies the Inform action. |
Reaction on Detection
On detection of infected or suspicious object the following reactions depending on the Guard version are available:
◆Spider Guard in Dr.Web for workstations by default requests for user reaction. The Guard generates a Virus Alert Window, in which the necessary program action can be manually specified.
◆SpIDer Guard in Dr.Web for Windows servers will automatically make attempts to avert the virus threat by default.