Detection Methods

Doctor Web anti-virus solutions use several malicious software detection methods simultaneously, which allows them to perform thorough checks on suspicious files and control software behavior.

Behavior Analysis

Behavior analysis methods analyze the sequence of actions of all the processes in the system. When the malicious behavior is detected, actions of this program are blocked.

Dr.Web Process Heuristic

The Dr.Web Process Heuristic behavioral analysis technology protects systems against new dangerous malicious programs that can avoid detection by traditional signature-based and heuristic analyses.

Dr.Web Process Heuristic analyses the behavior of each running program in real time. Using the constantly updated Dr.Web cloud service, along with the information on malware behavior, it determines whether the program is dangerous and then takes necessary measures to neutralize the threat. Objects detected using Dr.Web Process Heuristic are indicated with the DPH prefix added to their names.

This data protection technology helps to minimize losses resulting from the actions of unknown malware while consuming very few of the protected system resources.

Dr.Web Process Heuristic monitors any attempts to modify the system:

•Detects malicious processes that modify users’ files (such as encryption attempts of ransomware), including shared files and folders accessible through network.

•Prevents malware from injecting its code into the processes of other applications.

•Protects critical system areas from being modified by malware.

•Detects and shuts down the execution of malicious, suspicious or unreliable scripts and processes.

•Prevents malware from modifying boot sectors so that malicious code cannot be executed on the computer.

•Blocks changes in the Windows Registry to make sure that the safe mode won't be disabled.

•Prevents malware from changing launch permissions.

•Prevents new or unknown drivers from being downloaded without the user's consent.

•Prevents malware and certain other applications, such as anti-antiviruses, from adding their entries into the Windows Registry, so that they could be launched automatically.

•Locks registry sections containing information about virtual device drivers, ensuring that no new virtual devices are created.

•Prevents malware from disrupting system routines such as scheduled backups.

Dr.Web ShellGuard

Dr.Web ShellGuard protects your device against exploits. Exploits are malicious objects that take advantage of software vulnerabilities. These vulnerabilities are used to gain control over a targeted application or the operating system. Objects detected using Dr.Web ShellGuard are indicated with the DPH:Trojan.Exploit prefix added to their names.

Dr.Web ShellGuard protects the most common applications installed on almost all computers running Windows:

•popular web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and others);

•MS Office applications;

•system Applications;

•applications that use java, flash and pdf;

•media players (software).

To detect malicious actions, Dr.Web ShellGuard uses not only the information stored locally, but also the following data from the Dr.Web Cloud service:

•information on algorithms of malicious programs;

•information about known clean files;

•information on the compromised digital signatures of well-known software developers;

•information about digital signatures used by adware and riskware;

•information about websites unwanted for visiting;

•protection algorithms used by specific applications.