My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Dr.Web KATANA Kills Active Threats And New Attacks* Dr.Web KATANA

A non-signature anti-virus offering preventive protection against

  • the latest active threats
  • targeted attacks
  • infiltration attempts, including those taking advantage of zero-day vulnerabilities your anti-virus can’t yet detect.

30-day trial

We will help you choose the Dr.Web solution you need


Dr.Web KATANA consists of a set of next-generation Dr.Web anti-virus technologies that is designed to provide advanced protection. It will shield your computer from threats your anti-virus may not yet be able to detect.

  • The most lightweight non-signature anti-virus for all servers running Windows 2019/2016/2012 R2/2012/2008 R2/2008 (64-bit systems), 2008/2003 SP1 (32-bit systems)
  • Does not conflict with third-party anti-viruses

Ready to protect

Requires no configuration and starts operating effectively as soon as it is installed.


A set of pre-installed protection scripts and a fine tuning option make it possible to fully control the protection process, while adapting it to the needs of the user.


Dr.Web KATANA offers system protection even if a PC is not connected to the Internet.


Protects a wide range of Windows OS—from Windows XP to the latest version Windows 10. Find out more

Product system requirements can be found in the documentation.

All advantages

All-seeing — neutralises threats that are completely new and not yet known to your anti-virus

Every day the Doctor Web anti-virus laboratory receives several hundred thousand program samples. Every day tens of thousands of entries are added into the company’s virus databases. These are the threats with which our virus analysts are already familiar and for which neutralisation routines have been designed. However, programs that have not yet been analysed by information security experts are the ones that most benefit cybercriminals.

Dr.Web KATANA offers protection against the latest malicious programs that have been designed to bypass detection by traditional signature-based scanning and heuristic mechanisms. These programs have not yet been analysed by the anti-virus laboratory and, therefore, are unknown to Dr.Web at the moment of intrusion. They include the latest encryption ransomware programs, Trojan injectors, and Trojan blockers, as well as threats that exploit zero-day vulnerabilities.

Dr.Web KATANA starts protecting a system during the boot-up phase, even before the traditional, signature-based anti-virus is loaded!


The functionality of anti-virus software must constantly be enhanced to keep pace with ever-evolving and ever-increasing numbers of malware programs. Such enhancements often decrease computer performance and irritate users to the point that they sometimes prefer to disable their anti-virus protection in order to allow their computers to work faster. Dr.Web KATANA’s developers have significantly enhanced computer security to create a new product that is practically invisible in terms of system load and system resource usage.

Dr.Web KATANA neutralises the actions of active malware programs without overloading the system.

Lightning-like — analyses the behaviour of each threat in real time and immediately neutralises harmful scripts and processes that your anti-virus didn’t manage to recognise.

Dr.Web KATANA’s protection is grounded in non-signature-based search methods, the neutralisation of malware, and cloud protection technologies. The product analyses and monitors all system processes and blocks those exhibiting malicious behaviour.



Traditional behavioural analysers are based on predefined rules describing the behaviour of legitimate programs. Such rules are well known to criminals. Dr.Web KATANA acts differently. This product analyses the behaviour of each running program in real time by comparing it with the reputation information stored in the Dr.Web cloud, which is constantly being updated. Dr.Web subsequently uses that information to determine whether a program is dangerous and then takes whatever measures are necessary to neutralise the threat.


Traditional behavioural analysers monitor the requests malicious programs make of various system resources. But what if a malicious program, having infiltrated the browser, makes no requests of the system and simply modifies, for example, the screen you use to interact with your bank?

Dr.Web KATANA monitors malware activity within processes so that attempts to steal confidential information or transfer money from your account will be prevented in a timely manner!

When is it necessary to run two anti-virus applications concurrently—a conventional anti-virus and a non-signature anti-virus?

  • When your anti-virus fails to detect threats
  • When your anti-virus cannot be updated frequently enough
  • When your PC has been disconnected from the Internet for quite some time
  • When your PC is connected to a network that has no Internet access and is rarely supplied with updates


Dr.Web KATANA is known to be compatible with anti-virus software from TrendMicro, Symantec, Kaspersky, McAfee, ESET, and others.

Protection profiles

  • Using profiles on the Protection tab, the user can create flexible rules for trusted applications to prevent conflicts that may otherwise be caused by Dr.Web KATANA. Each profile can contain specific restrictions on how programs access resources.
  • To work properly, different programs require access to different resources. A Dr.Web KATANA user can configure Dr.Web’s control parameters to protect a specific application so that it receives access only to certain resources that can save the system in case that application gets infected.


Optimal #drweb

Installed by default. This mode provides protection for only those registry branches that are used by malicious software and can be blocked (modification can be prohibited) — without a significant load on system resources.


Medium  #drweb

If the threat of infection increases, the protection level can be raised to Medium.


Paranoid #drweb

For full control over critical Windows areas, the protection level can be increased to Paranoid. Increasing the protection level provides the system with additional security in the event malware that has not yet been added to the Dr.Web virus database is active. But, at the same time, the risk increases for conflicts to arise between the prohibitions that have been placed on the system by the preventive protection and the requirements of the running applications.

Learn more about fine tuning


  • Protects critical system areas from being modified by malware.
  • Detects and stops the execution of malicious, suspicious or unreliable scripts and processes.
  • Detects unwanted file modification, monitors the operation of all processes to detect actions that are typical of malware (e.g., the activities of encryption ransomware), and prevents malicious objects from injecting their code into other processes.
  • Detects and neutralises threats that have not yet been discovered and entered in the Dr.Web virus database: encryption ransomware, injectors, remote-controlled malware used for espionage and to create botnets, and malware packers.
  • Protects against exploits—malicious objects that take advantage of software flaws, including those not yet known to anyone except for the intruders who created them (i.e., zero-day vulnerabilities). If it detects that malicious code is attempting to exploit a vulnerability, Dr.Web KATANA will end the attacked process immediately.

    Impregnable systems do not exist!

    Developers try to release patches quickly for known vulnerabilities. For example, Microsoft releases security updates quite often. However, users often install some of them way too late (or don't install them at all). This encourages intruders to search for new vulnerabilities and exploit those that have been discovered but aren't yet closed on the computers that are being targeted.

  • Controls the operation of the most popular browsers and their associated plugins; protects against browser blockers.

Today, one of the most popular ways for malicious programs to penetrate a system is via the installation of add-on applications in the guise of useful software.


  • Blocks malware’s ability to modify boot disk areas in order to prevent the launch of Trojan horses, for example, on your computer.
  • Blocks changes from being made to the Windows Registry to ensure that the safe mode won't be disabled.
  • Prevents malicious programs from altering basic system routines. By blocking certain Windows Registry keys, it prevents malware from changing the appearance of the desktop or hiding a Trojan with a rootkit.
  • Prevents malware from changing launch permissions.
  • Prevents new or unknown drivers from being downloaded without user consent.
  • Prevents malware and certain other applications, such as anti-antiviruses, from adding their entries into the Windows Registry where they could be launched automatically.
  • Locks registry sections containing information about virtual device drivers, ensuring that no new virtual devices are created.
  • Blocks connections between spyware components and the server that controls them.
  • Prevents malware from disrupting system routines such as scheduled backups.

The procedure is as follows

  • If any attempt to activate malicious code is detected, Dr.Web KATANA will end this process immediately. If the attack was carried out through a vulnerability of another software program, Dr.Web KATANA completes the process of that program. It won't perform any actions with the files of the attacked application and won't move any files to the quarantine.
  • Users will also see notifications about thwarted attempts to perform malicious actions; no response on their part is required.
  • An entry about the disrupted attack is added to the Dr.Web event log.
  • The cloud will also instantly be notified about the incident. If necessary, Doctor Web specialists will respond, for example, by upgrading the protection routine.


Unlike a traditional anti-virus, Dr.Web KATANA does not contain an anti-virus signature database, a component that requires updating.

The anti-virus protection algorithms in Dr.Web KATANA are implemented as executables and libraries. Periodically, updates are released to improve these algorithms and fix detected errors.

To detect malicious actions, Dr.Web KATANA uses information stored by the anti-virus locally as well as Dr.Web Cloud reputation data which includes:

  • Information about the routines used by programs having malicious intentions;
  • Information about files that are 100% clean;
  • Information about the compromised digital signatures of well-known software developers;
  • Information about digital signatures used by adware and riskware;
  • Protection routines used by specific applications.

Dr.Web KATANA’s cloud system can collect information about Dr.Web’s operation on PCs, including data about brand-new threats, which enables Doctor Web to respond promptly to discovered defects and update rules stored on a computer locally.


Control Center

Control Center #drweb
Control Center #drweb