Dr.Web 8.0 for Windows – new features
Expand all | Collapse All
The new installer
- The new installer of Dr.Web 8.0 doesn't use the Microsoft Windows Installer, no additional services are required to install the product.
- Integration with the updated Dr.Web anti-rootkit allows you to cure your PC during installation, even if the computer is infected with sophisticated malware.
- Installation is much faster.
New installer features:
- The revamped installation wizard interface reduces the number of steps required to install Dr.Web and therefore makes installation quicker.
- The updated Dr.Web anti-rootkit allows the wizard counter active threats and install Dr.Web onto computers infected even with complex malware.
- Enhanced interaction with already installed Dr.Web (for example, toggle on/off the self-protection module during installation).
- Incremental installer updating to ensure that the user always has the latest distribution file.
- Import settings of your installed Dr.Web to get the security you need.
Faster installation
- The new installation wizard no longer scans the system, which also reduces the installation time.
- Instead a background search for active threats is initiated upon scanning completion and disarms all threats without interrupting user experience.
Background anti-rootkit scan and new arkapi.
- The Anti-rootkit API used in Dr.Web 8.0 provides background scan and neutralization of active threats.
- The resident background scan routines search for active threats among start-up objects, running processes and modules, system objects, RAM, MBR/VBR and BIOS. If threats are detected, Dr.Web can notify the user about the danger, cure the infection and block malicious activities.
- One of the key criteria of this resident subsystem is its carefully measured consumption of system resources (CPU, IO, RAM), and intelligent assessment of hardware capabilities.
Preventive protection
Dr.Web 8.0 blocks automatic modification of critical Windows objects and controls certain routines that can be exploited to undermine the system security thus expanding preventive protection even further.
Dr.Web 8.0 blocks automatic modification of critical Windows objects and controls certain routines that can be exploited to undermine the system security thus expanding preventive protection even further.
- Minimum (Recommended) — prohibit low-level disk access, modification of the HOSTS file and critical operating system objects often compromised by malware. So objects whose modification is a clear indication of a malicious activity are kept secure.
- Medium — in addition to objects protected in the recommended mode it disables modification of objects that could potentially be used by malicious programs. Since enabling this option can affect operation of some legitimate programs, running the anti-virus in this mode may cause compatibility issues.
- Paranoid — in this mode a user is prompted when a driver is loaded or a program is launched automatically.
- Custom — adjust Dr.Web's response to various events in the system as you see fit.
The same set of system objects and routines is available for protection in all modes, and includes:
- HOSTS file
- Low-level disk access
- Driver loading
- Access to the Image File Execution Options
- Access to User Drivers
- Winlogon shell settings
- Winlogon dialogue windows
- Windows shell autorun
- Executable file associations
- Software Restriction Policies
- Internet Explorer BHO
- Autorun
- Automatic implementation of policies
- Safe mode settings
- Session Manager settings
- System services
Dr.Web Cloud
- Similarly to the Dr.Web URL-filter available in Dr.Web for Android, Dr.Web 8.0 permits the parental control and SpIDer Gate to check URLs with the Dr.Web Cloud service on Doctor Web's servers.
- As a user goes to a website, the respective URL is sent to Doctor Web to determine if the site is safe to visit.
- The URL is checked in real time regardless of updating settings or how up-to-date the virus definitions on the user's computer are.
- No information that may help identify the user is transmitted to Doctor Web by Dr.Web Cloud.
Updated Dr.Web Parental control
- Limiting Internet and computer time.
- The minimal period of usage is one hour.
- When the allowed period ends, a corresponding notification is displayed and all connections are interrupted.
- When access to a site is blocked, a notification similar to hose displayed by SpIDer Gate or parental control appears in the browser window.. When access to the computer is blocked, the Windows welcome screen is displayed.
- Windows accounts support
- This feature allows you to configure filtering web pages and limit computer land the Internet time individually for each user.
- The list of existing accounts is generated in the parental control settings automatically.
- This feature does not enamble to manage access to local files, folders or devices.
- Restrict access to devices
- In the local access settings you can now also restrict access to the following types of devices:
- Disk drive
- CD/DVD-ROM
- Keyboard
- Mouse
- Network adapter
- Audio and video device
- Game controller
- USB-device
- COM / LPT port
- Two device access modes are available: completely ban access for all processes of the operating system or use the user-prompt mode in which the user will be notified whenever a process attempts to access adevice.
- Device access settings are applied under all user accounts.
- In the local access settings you can now also restrict access to the following types of devices:
- Limiting Internet and computer time.
New customization features and a single Dr.Web (control center (except Scanner settings)
In the version 8.0 you can right-click on the SpIDer Agent icon in the system tray to invoke the settings window that permits you to adjust general settings of the anti-virus and configure all its components, including the Firewall. Only the scanner settings are available in a separate window.
New anti-virus configuration features:
- An expanded list of on-screen notifications.
- Enhanced logging configuration:
- The standard mode available in Dr.Web 7.0 is no longer used. Information is logged in a mode similar to the extended mode (the default) or debug mode of the version 7.0.
- By default, detailed logging is conducted until a reboot to reduce the log file size. if necessary, the detailed logging period can be extended.
- Now you can save memory dumps upon scanning errors.
- A link to the logs folder is now available in the anti-virus settings window.
- The anti-virus also enables you to collect pcap-logs and detailed firewall logs.
- Detailed logs of Dr.Web services (Dr.Web Control Service) are now also available.
- New quarantine settings:
- The quarantine folder size on each drive is displayed.
- Upon detection of infected files on hard or removable drives you can now choose the quarantine location.
- You can limit the size of the quarantine folder and clean it on each hard drive.
- Single network configuration for all Dr.Web components:
- All the settings are aggregated in the Proxy-server section.
- You can specify settings for several proxy servers.
- Import and export anti-virus settings and reset them to default.
- New parental control settings:
- Limit Internet and computer time.
- The Web filter and Internet time and computer time settings are defined individually for each user account in Windows.
- Block access to files and folders as well as devices.
- Black and white lists of sites are created in the same window and addresses are checked for collision as you type.
- Simplified SpIDer Mail configuration.
- Black and white lists of e-mail addresses are created in the same window and addresses are checked for collision as you type.
- Settings for automatic and manual interception of connections have been merged.
- Separate settings for scanning archives and containers.
- SpIDer Gate configuration simplified
- The scanning priority slider is now available in the Advanced settings section. A drop-down list is used instead.
- The option to use SpIDer Gate as a local proxy server has been removed.
- Separate settings for scanning archives and containers.
The new notification system. Notifications can be sent via e-mail.
The list of events upon which Dr.Web 8.0 sends notifications:
- A threat is detected.
- A URL is blocked.
- A spam message is detected.
- A mass mailing is detected.
- Access to a site is denied.
- Access to a device is denied.
- Allowed Internet time is over.
- Allowed computer time is over.
- Preventive protection
- Self-protection status has changed.
- Access to a protected object is blocked.
- Connections awaiting firewall's reply are detected.
- Updating
- Virus databases have been updated.
- Update error
- Virus databases are outdated
- There is a new version of the product
- The license has expired
- The license is expiring.
On-screen notifications
- Notifications are divided into modal and ordinary.
- Modal notifications require user input and close only upon an appropriate action on the part of the user. An example of such a notification is a reboot prompt.
- Ordinary notifications inform a user about events that do not require input and close after some time. One ordinary notification can be displayed for similar events, i.e. one message and the event counter are placed in the same window.
- Modal notifications do not interrupt ordinary ones but are placed in the queue for display, that is only one notification window is displayed at any time.
- If needed, a notification window can contain a link to a window with more information about the event (for example, with a list of infected objects, names of viruses and performed actions, etc.), or to the notifications configuration window.
- Notifications appear over the Windows notification area.
E-mail notifications
- E-mail notification can be sent upon the same events upon which on-screen notifications appear.
- Yet you can select to be notified upon some events by e-mail and display on-screen notifications for other events.
- Notifications are sent only at one e-mail address.
A single statistics window
In the version 8.0 statistics of all Dr.Web components, including the firewall logs, is displayed in a single window. Statistics is displayed for the current session. Only scanning results are displayed in a separate window.
Other changes
- Dr.Web Link Checker has been removed from the distribution because most popular browsers only install plugins from approved sites.
- License Manager UI tweaks:
- A list of components allowed under the license has been removed.
- Information about the license type is displayed.
- License Manager and Register license items in the SpIDer Agent menu are now available in the user mode.
- The option Allow/block once set in the firewall's prompt now applies to all events during the process's lifetime. In the version 7.0, such rules were applied only until the next connection to the port, which could lead to repeated requests for permission.
- Quarantine Manager UI tweaks:
- Improved usability (similarly to CureIt! 7.0)
- Quarantine settings are included into general Dr.Web settings.