Operation Modes

Dr.Web Gateway Security Suite can operate either in standalone mode or as a part of a corporate or private anti-virus network managed by a centralized protection server. Such operation mode is called a centralized protection mode. Using this mode does not require installation of additional software or Dr.Web Gateway Security Suite re-installation or uninstallation.

•In standalone mode, a protected computer is not connected to the anti-virus network and its operation is managed locally. In this mode, configuration and license key files are located on local disks and Dr.Web Gateway Security Suite is fully managed by the protected computer. Updates for virus databases are received from Doctor Web update servers.

•In centralized protection mode, protection of the computer is managed by the centralized protection server. In this mode, some functions and settings of Dr.Web Gateway Security Suite can be adjusted in accordance with the general (corporate) anti-virus protection policy implemented on the anti-virus network. The license key file used for operating in centralized protection mode is received from the centralized protection server to which Dr.Web Gateway Security Suite is connected. The license or demo key file stored on the local computer, if any, is not used. Statistics on threat events together with information on Dr.Web Gateway Security Suite operation are sent to the centralized protection server. Updates for virus databases are also received from the centralized protection server.

•In mobile mode, Dr.Web Gateway Security Suite receives updates from Doctor Web update servers, but uses settings stored locally and a custom license key file that were received from the centralized protection server.

A possibility of configuring the settings of the SpIDer Guard file system monitor as well as enabling or disabling it while Dr.Web Gateway Security Suite is controlled by the centralized protection server are dependent on permissions specified on the server.

Doctor Web solutions for managing centralized protection use a client-server model (see the figure below).

Corporate computers or computers of clients of an IT service provider are protected by local anti-virus components (in this case, by Dr.Web Gateway Security Suite), which ensure anti-virus protection and maintain connection to the centralized protection server.

	Centralized protection server		TCP, NetBIOS network
	Anti-virus network administrator		Management via HTTP/HTTPS
	Protected local computer		Transmitting updates via HTTP
	Doctor Web update server

Local components are updated and configured from the centralized protection server. The entire stream of instructions, data and statistics in the anti-virus network also passes the centralized protection server. The volume of traffic between protected computers and the centralized protection server can be significant, therefore an option for traffic compression is provided. Using encryption while sending data prevents a leak of sensitive data or substitution of software downloaded onto protected computers.

All necessary updates are downloaded to the centralized protection server from Doctor Web update servers.

Changes in the configuration of local anti-virus components and command transfer are performed by anti-virus network administrators using the centralized protection server. The administrators manage configuration of the centralized protection server and topology of the anti-virus network (for example, they validate connection of a local station to the network) and configure operation of individual local anti-virus components when necessary.

Local anti-virus components are incompatible with anti-virus products of other companies or Dr.Web anti-virus solutions if the latter do not support operation in the centralized protection mode (for example, Dr.Web Anti-virus version 5.0). Installation of two anti-virus programs on the same computer can cause a system crash or a loss of important data.

The centralized protection mode allows exporting and saving Dr.Web Gateway Security Suite operation reports using the centralized protection server. Reports can be exported and saved in the following formats: HTML, CSV, PDF and XML.

Dr.Web Gateway Security Suite can be connected to the centralized protection server of the anti-virus network using the esconnect command of the drweb-ctl command-line management tool.

For the verification of the centralized protection server the certificate corresponding to the unique public key of the server is used. By default, the Dr.Web ES Agent centralized protection agent will not allow you to connect to the server unless you specify a certificate file. The certificate file must first be obtained from the administrator of the anti-virus network served by the server to which you want to connect Dr.Web Gateway Security Suite.

If Dr.Web Gateway Security Suite is connected to the centralized protection server, you can switch the product into the mobile mode or switch it back into the centralized protection mode. Switching the mobile mode on or off is accomplished with the help of the MobileMode configuration parameter of the Dr.Web ES Agent component.

Dr.Web Gateway Security Suite can switch to the mobile mode only if this is allowed by the settings of the centralized protection server.

Dr.Web Gateway Security Suite can be disconnected from the centralized protection server of the anti-virus network using the esdisconnect command of the drweb-ctl command-line management tool.