Dr.Web is immune to any attempts by malicious programs to disrupt its operation. Dr.Web SelfPROtect is a unique anti-virus component that maintains anti-virus security.

Purpose

To protect Dr.Web from actions taken by illegitimate software (malware, hacking utilities), intruder activities, wiretapping, and other forms of tracking.

Advantage

Exceptional resistance to malware; Dr.Web cannot be rendered non-operational as a result of being exposed to malware.

Special features

Dr.Web SelfPROtect is implemented as a driver that operates on the lowest system level. The driver can’t be stopped or unloaded without a system reboot.
Dr.Web SelfPROtect restricts access to a network, files and folders, certain branches of the Windows Registry and removable data-storage devices on the system-driver level and protects the software from anti-antiviruses aiming to disrupt Dr.Web’s operation.
Some anti-viruses modify the Windows kernel by intercepting interruptions, changing vector tables, using other undocumented features, etc. This may have a negative impact on system stability and pave new ways for malicious programs to get into a system. At the same time, Dr.Web SelfPROtect maintains the security of the anti-virus and does not interfere with Windows kernel routines.
Automatic restoration of its own modules.

Features

Crypto-resistant identification of trusted processes based on digital certificates.
Certificates are verified in the OS kernel without using the Windows API, which can be compromised.
Protects trusted processes from being terminated and compromised, including in some cases when access is from the OS kernel.
Protects trusted GUI processes from being emulated by malware and hacker activity.
Protects selected files/directories from being deleted or modified. Effective against destructive actions of malware and hackers.
Disables access to files or directories to protect important files/documents/databases from leaks, theft etc. Full access is only available to trusted processes.
Protects files from theft and modification when criminals attempt to read via the map disk sectors.
Protects specified parameters and registry keys. Effective against destructive actions of malware and hackers.
Disables access to settings and registry keys to protect important data/parameters/licensing keys and other sensitive information from being stolen or compromised.
Protects named pipes from nefarious attempts to establish connections from untrusted processes. The component helps implement secure inter-process communication between trusted processes without fear of wiretapping and unauthorised data modification.
Protects trusted processes from injects, including all popular and modern techniques such as APC, CreateRemoteThread, SetThreadContext, UnmapSection, WriteProcessMemory, AppInit_Dlls, Process Hollowing, Double Agent, Process Doppelganging, etc.
Tracks the creation and deletion of new executables in the system.
Controls attempts to modify/compromise selected files/directories on disks.
System time-change control.