Preventive protection technologies

An anti-virus must prevent infections. Non-signature technologies and Preventive protection technologies help a traditional anti-virus protect against various threats.

All Trojans do this:

They operate in a similar way - they exploit the same vulnerabilities and carry the same payload.
They all make the same mistake: they make the first move (attack the system).

Any sign that Trojan activity is underway is enough for Dr.Web to spot it and neutralise it.

This is possible due to various Dr.Web Preventive protection technologies that are designed to provide advanced protection. They analyse the behaviour of programs in real time and immediately neutralise harmful processes. Dr.Web can recognise suspicious programs that have similar behaviour patterns and block their operation. The Preventive protection technologies protect systems against new, highly prolific malicious programs that are capable of avoiding detection by traditional signature-based analysis and heuristic routines because they haven't yet been analysed in the anti-virus laboratory and, therefore, are unknown to Dr.Web at the moment of intrusion.

Here are just some of them:

Dr.Web Process Heuristic

Unlike traditional behavioural analysis, which relies on predefined rules describing the behaviour of legitimate programs that are well known to criminals, the intelligent Dr.Web Process Heuristic analyses the behaviour of each running program in real time by comparing it with the reputation information stored in the Dr.Web cloud which is constantly updated. It determines whether the program is dangerous and then takes whatever measures are necessary to neutralise the threat.

This data protection technology helps minimise losses resulting from the actions of unknown malware — and consumes very few of the protected system’s resources.

Dr.Web Process Heuristic monitors any attempts to modify the system:

Detects malicious processes that modify files (such as encryption ransomware).
Prevents malware from injecting its code into the processes of other applications.
Protects critical system areas from being modified by malware.
Detects and stops the execution of malicious, suspicious or unreliable scripts and processes.
Blocks malware’s ability to modify boot disk areas in order to prevent the launch of, for example, Trojan horses on your computer.
Blocks changes from being made to the Windows Registry to ensure that the safe mode won't be disabled.
Prevents malicious programs from altering basic system routines. Blocks certain registry keys, preventing malware from changing the desktop’s appearance or hiding a Trojan with a rootkit
Prevents malware from changing launch permissions.

Dr.Web Process Heuristic starts protecting a system during the boot-up phase, even before the traditional, signature-based anti-virus is loaded!

Prevents new or unknown drivers from being downloaded without user consent.
Prevents malware and certain other applications, such as anti-antiviruses, from adding their entries into the Windows Registry, so that they could be launched automatically.
Blocks registry sections containing information about virtual device drivers, ensuring that no new virtual devices are created.
Blocks connections between spyware and its control servers.
Prevents malware from disrupting system routines such as scheduled backups.

Dr.Web Process Heuristic works right out of the box, but the user can always configure rules based on their own needs!

The technology Dr.Web ShellGuard, which is incorporated into Dr.Web Script Heuristic, blocks routes into the system so that programs that exploit vulnerabilities can’t get in. Exploits are malicious objects, that take advantage of software flaws, including those not yet known to anyone except for the intruders who created the exploits (i.e., zero-day vulnerabilities). The vulnerabilities are used to gain control over a targeted application or the operating system.

Dr.Web ShellGuard

Dr.Web ShellGuard protects:

All popular web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Vivaldi Browser);
MS Office applications including MS Office 2016;
System Applications;
Applications that use java, flash and pdf;
Media players.

The procedure is as follows:

If it detects that malicious code is attempting to exploit a vulnerability, Dr.Web will end the attacked process immediately. It won't perform any actions with application files and won't move any files to the quarantine.
Users will also see notifications about a thwarted attempt to perform malicious actions; no response on their part will be required.
An entry about the disrupted attack is added to the Dr.Web event log.
The cloud will also be instantly notified about the incident. If necessary, Doctor Web specialists will instantly respond, for example, by upgrading the system monitoring routine.

Updates

Dr.Web Preventive protection technologies use only the predefined rules stored by the anti-virus locally as well as reputation data from Dr.Web Cloud which includes:

information about the routines used by programs with malicious intentions;
information about files that are 100% clean;
information about compromised digital signatures of well-known software developers;
information about digital signatures used by adware and riskware;
protection routines used by specific applications.

The cloud collects information about Dr.Web's operation on protected PCs, including data about brand-new threats. This enables Doctor Web to respond promptly to discovered defects and update rules stored on a computer locally.

Any files from the user's computer are not transmitted to Doctor Web's servers!

Dr.Web Preventive protection technologies are available with: