December 11, 2019

Doctor Web presents its November 2019 overview of malware for mobile devices. This month, cybercriminals continued spreading malware on Google Play, including an Android backdoor for cyber spying, trojan adware and malware that subscribed users to premium services. Read more about these events in our review.

Go to the review

December 11, 2019

This November, Doctor Web virus analysts detected a number of new threats on Google Play. The list included new modifications to trojans of the Android.Joker family that subscribed users to premium mobile services. Cybercriminals also continued spreading the Android.HiddenAds malware family that displayed annoying ads. We also found a new version of the Android.Backdoor.735.origin backdoor, designed for cyber spying.

Mobile threat of the month

In November, Doctor Web experts detected a new modification to the Android.Backdoor.735.origin trojan, a component of the dangerous Android.Backdoor.736.origin backdoor, reported by Doctor Web in July. This malware, also known as PWNDROID1, was spreading as a utility for configuring and optimising the browser.

Android.Backdoor.735.origin executes cybercriminal commands, allowing them to control the affected Android devices, monitor their owners, as well as download and launch other malicious components.

According to statistics collected by Dr.Web for Android

Android.Backdoor.682.origin

A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.

Android.DownLoader.677.origin

A downloader of other malicious software.

Android.Triada.481.origin

A multi-functional trojan that performs various malicious actions.

Android.MobiDash.4006

Trojan code that displays obnoxious advertising.

Android.RemoteCode.197.origin

A malicious application that downloads and executes arbitrary code.

• Program.FakeAntiVirus.2.origin
  Detects adware that imitates anti-virus software.
• Program.RiskMarket.1.origin
  An app store that contains trojan software and recommends that users install it.
• Program.HighScore.3.origin
  An app store that invites users to install free Google Play apps by paying for them via expensive text messages.
• Program.MonitorMinor.1.origin
• Program.MobileTool.2.origin
  Spyware that monitors activities of Android users and may serve as a tool for cyber espionage.

• Tool.SilentInstaller.6.origin
• Tool.SilentInstaller.7.origin
• Tool.SilentInstaller.11.origin
• Tool.VirtualApk.1.origin
  A riskware platform that allows applications to launch APK files without installing them.
• Tool.Rooter.3
  A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.

Program modules that incorporate themselves into Android applications and display obnoxious ads on mobile devices:

• Adware.Dowgin.5.origin
• Adware.Toofan.1.origin
• Adware.BrowserAd.1
• Adware.Myteam.2.origin
• Adware.Altamob.1.origin

Trojans on Google Play

Last month, Doctor Web virus analysts detected a number of new modifications to trojans from the Android.Joker family. They were hidden in seemingly innocuous software, such as useful utilities that help configure mobile devices, games, messengers, wallpaper collections and camera apps. This malware subscribes users to premium mobile services, downloads and launches malicious modules, and can execute arbitrary code.

We also detected the new trojan adware, Android.HiddenAds. Cybercriminals were distributing it under the guise of games, camera apps, photo editors and other software.

To protect your Android device from malware and unwanted programs, we recommend you install Dr.Web for Android.

Your Android needs protection.

Use Dr.Web

• The first Russian anti-virus for Android
• Over 140 million downloads—just from Google Play
• Available free of charge for users of Dr.Web home products

Free download

December 9, 2019

Russian anti-virus company Doctor Web has updated the drweb-se module (11.1.2-1912031755) in Dr.Web Anti-virus 11.1 for Unix Mail Servers, Dr.Web Anti-virus 11.1 for Linux, Dr.Web Anti-virus 11.1 for Unix Server, and Dr.Web Anti-virus 11.1 for Internet gateways Unix. The update delivers minor tweaks upgrades.

Specifically, it speeds up the database loading process for faster scan query processing.

The update is performed via the Dr.Web repository. If you encounter any problems when updating, please use the instructions from our previous news post to specify the additional repository for the Dr.Web software you use.

December 3, 2019

Russian anti-virus company Doctor Web has updated its SpIDer Agent for Windows (12.0.8.10110), Dr.Web Control Service (12.5.2.11050), Dr.Web Updater (12.0.16.10070) and Dr.Web Protection for Windows module (12.05.02.10250), as well as the Dr.Web Security Space component, Anti-virus for Windows, Anti-virus for Windows servers setup (12.5.2.11012), amsi-client (12.5.0.201911210) and the Lua-script main configuration routines (12.5.2.10140) and Lua-script for spider-agent (12.5.0.10140) in Dr.Web Security Space 12.0, Dr.Web Anti-virus 12.0 and Dr.Web Anti-virus 12.0 for Windows Servers. The Dr.Web Firewall for Windows (12.05.01.11150) was also updated in Dr.Web Security Space 12.0 and Dr.Web Anti-virus 12.0, while the Dr.Web Device Guard for Windows (12.05.00.10250) was updated in Dr.Web Security Space 12.0 and Dr.Web Anti-virus 12.0 for Windows Servers. The updates deliver feature upgrades and resolve existing software issues.

Changes made to the Dr.Web SpIDer Agent for Windows:

• The firewall rule list now loads faster. A notification icon is displayed while the table content loads.

Changes made to the Dr.Web Control Service:

• Issues preventing sysinfo reports from being generated when no Temp directory is found in the Windows folder have been resolved.

Changes made to Dr.Web Updater:

• The module's routines for interacting with updating severs have been optimised.

Changes made to Dr.Web Security Space, Anti-virus for Windows, Anti-virus for Windows servers setup:

• Some UI texts in certain languages have been updated.

Changes made to Lua-script main 12.5.2.10140, Lua-script for spider-agent:

• The SpIDer Agent item in the Start menu has been changed to Security Center.

The update will be performed automatically; however, a system reboot will be required.

December 2, 2019

Russian anti-virus company Doctor Web has updated its Security Space for Android to version 12.5.0. The update delivers new features and resolves known issues.

New:

• The Anti-theft component can now use push notifications;
• In the Google Play version of the application, the Call and SMS filter component has been changed to Call Filter;
• The new version changes the way the application handles root permissions;
• The ability to disable program scan notifications in the application settings added;
• The ability to connect to servers using self-signed certificates;
• The Administration component now supports all Android versions in a centralised protection mode;
• Application version 15.5.0 operates differently regarding administrator permissions;
• Support for 64-bit architecture added;
• Ping queries now pass through the firewall;
• A new notification channel added Notifications from Friends ; and
• The updated version also incorporates UI tweaks and fixes for known defects.

If you downloaded the Dr. Web application from Google Play, the updates will be downloaded and installed automatically. If you ve disabled automatic updates, go to Google Play, select the Dr.Web Security Space or Dr.Web Security Space Life icon in the application list, and tap "Update.

To update via the Doctor Web site, you need to download a new distribution file. If you ve enabled the New app version option in the settings, a notification will be displayed whenever the virus databases are updated. You can begin the download directly from this dialogue box.

A note for Dr. Web Anti-virus service subscribers who use Dr. Web Security Space for Android: installing the updated version will not overwrite your previous installation. You will need to remove the earlier version manually after the update has been installed.

November 28, 2019

Russian anti-virus company Doctor Web has updated the server software for its Enterprise Security Suite 11.0 (REL-1200201911180). The update resolves known software issues.

Change log:

• An issue preventing devices from being blocked if multiple device classes or buses were indicated simultaneously has been resolved;
• A defect preventing version 11 of Dr. Web server software from being upgraded to version 12 if MySQL or MariaDB was also being used as a database server has been corrected;
• A server error that occurred while hosts or host groups were being compared in the Control Center has been fixed;
• An issue that stopped the server software from being updated if var-root and home-root directories were located on different partitions has been eliminated;
• A problem preventing items on the Office Control class block list from being removed properly has been eliminated;
• An error that, under certain circumstances, interfered with Dr. Web software updates on protected hosts has been fixed.

The server software can be updated via the Dr. Web Global Update System.

November 25, 2019

Russian anti-virus company Doctor Web has launched the public beta-testing of its Dr.Web Office Shield. The product provides multilayer email filtering and boasts easy installation, a user-friendly interface and functional monitoring tools.

The Dr.Web Office Shield operates as a gateway between local mail servers and untrusted networks. The distribution is based on Ubutnu 18.04 (Bionic) and uses Linux kernel 4.15, while the Dr.Web Mail Security Suite 11.1 facilitates anti-spam and malware filtering.

With the Dr.Web Office Shield you can:

• Scan inbound SMTP traffic for malware and neutralise it;
• Filter spam and dubious content;
• Block attachments by file type;
• Receive up-to-date information from logs and the monitoring panel; and
• View statistics.

An OVA image is used to deploy the Dr.Web Office Shield in a virtual environment, while a web interface is used to configure and control the solution.

Doctor Web invites all Dr.Web community members to participate in the Dr.Web Office Shield beta-testing. Testers whose advice and comments prove to be most helpful in improving the product will receive gifts from Doctor Web. Please note that registration is required to access the beta-testing section.

Important! This beta version is not the final version of the new Dr. Web Office Shield. The product is being tested prior to its release and the final version may differ from the beta release.

November 22, 2019

Russian anti-virus company Doctor Web has updated a numer of modules in its Dr.Web 11.1 products for Unix-like systems. The updated modules include drweb-maild (11.1.5-1911070858), drweb-statd (11.1.3-1911141200), drweb-configd (11.1.5-1910291408), drweb-httpd (11.1.3-1910291407), drweb-qt (11.1.1-1910041806), drweb-ctl (11.1.4-1910151942) and drweb-update (11.1.3-1910031102). The update resolves known issues and delivers minor upgrades.

Changes affecting Dr.Web Anti-virus 11.1 for Unix Mail Servers, Dr.Web Anti-virus 11.1 for Linux, Dr.Web Anti-virus 11.1 for Unix Server and Dr.Web Anti-virus 11.1 for Internet gateways Unix.

drweb-statd:

• The update eliminates a database rotation problem that occurred while messages with multiple attachments were being scanned.

Changes affecting Dr.Web Anti-virus 11.1 for Unix Mail Servers and Dr.Web Anti-virus 11.1 for Linux

drweb-maild:

• An issue preventing temporary files from being deleted has been eliminated.

The update is performed via the Dr.Web repository. If you encounter any problems when updating, please use the instructions from our previous news post to specify the additional repository for the Dr.Web software you use.

November 20, 2019

Russian anti-virus company Doctor Web has updated SpIDer Agent for Windows (11.5.7.10080), Dr.Web Net Filtering Service (11.5.3.10240), the Dr.Web Protection for Windows module (11.05.10.10080), Dr.Web File System Monitor (12.00.03.03130), Lua-script for antispam (11.5.0.10160) and the Dr.Web Updater module (11.5.12.08150) as well as DwService module (11.5.18.10300) in the Dr.Web Enterprise Security Suite 11.0 agent software. The update makes the software suite compatible with Windows 10 Restone 7 and delivers fixes for known issues.

Changes made to the Dr.Web Net filtering Service:

• Problems occurring when the Mikrotik routers' web interface was being accessed have been fixed.
• An issue preventing the Your Phone application on Windows 10 PCs from establishing a connection to Android devices has been resolved;
• An issue preventing the service from being started on computers running Windows Vista x64 has been resolved.

Changes made to Lua-script for antispam:

• An issue causing the anti-virus setup to freeze while the anti-spam was being installed has been eliminated.

Changes made to Dr.Web Updater:

• Updating routines have been optimised.

Changes made to DwService::

• Also eliminated was a problem that prevented REBOOTSYSTEM messages in Cyrillic font from being displayed correctly.

The update will be performed automatically; however, a system reboot will be required.

November 19, 2019

Russian anti-virus company Doctor Web has updated the Dr.Web Anti-rootkit API (12.5.4.201911110) module in Dr.Web Security Space 12.0, Dr.Web Anti-virus 12.0, Dr.Web 12.0 for Windows Servers and in Dr.Web Enterprise Security Suite 12.0.The update introduces feature upgrades.

Specifically, it improves anti-rootkit detection and neutralisation routines.

The update will be downloaded and installed automatically.

November 19, 2019

Russian anti-virus company Doctor Web has updated Dr.Web CureIt!. Now the utility incorporates the latest version of Dr.Web Anti-rootkit API (12.5.4.201911110). The update introduces feature upgrades.

Specifically, threat detection and neutralisation routines have been enhanced.

Download Dr.Web CureIt!

November 18, 2019

Russian anti-virus company Doctor Web has updated Dr.Web Virus-Finding Engine (7.00.42.09300) in Dr.Web Security Space and Dr.Web Anti-virus as well as in Dr.Web Enterprise Security Suite, the Internet service Dr.Web AV-Desk, the Dr.Web CureIt! utility, Dr.Web for macOS and in the emergency system recovery solution Dr.Web LiveDisk.

The update fixes signature-extraction errors and resolves data-processing issues affecting the following executable file formats: CRX, AHK, SQUASHFS, ULTRAPROTECT, PE-files with double headers (UPX for ARMADILLO), ASPROTECT and FLY-CODE.

Dr.Web Virus-Finding Engine has been updated in the following products:

• Dr.Web 9/10/11.0/11.1 for macOS
• Dr.Web 6/11.0/11.1 for Unix Server
• Dr.Web 6/11.0/11.1 for Unix Mail Servers
• Dr.Web Anti-virus 6/11.0/11.1 for Internet gateways Unix
• Dr.Web Anti-virus 6/11.0/11.1 for Linux
• Dr.Web Security Space 7/8/9/10/11.0/11.5/12
• Dr.Web Anti-virus 7/8/9/10/11.0/11.5/12 for Windows
• Dr.Web 7/8/10/11.0/11.5/12 for Windows Servers
• Dr.Web 10/11/11.5/12 for MS Exchange
• Dr.Web 10/11.0/11.5/12 for M Lotus Domino (version for Windows)
• Dr.Web 6.0 for IBM Lotus Domino (Linux-version)
• Dr.Web AV-Desk 10.00.1/10.01.0
• Dr.Web ATM Shield 6
• Dr.Web Enterprise Security Suite 10.00.0/10.00.1/10.01.0/11.00/12.0 (Windows)
• Dr.Web 6 for MIMEsweeper
• Dr.Web LiveCD 9
• Dr.Web for Novell NetWare 7
• Dr.Web 6.0 for Qbik WinGate
• Dr.Web 6.0 for for Trafficinspector
• Dr.Web CureNet! 10/11
• Dr.Web 11.0 for Microsoft ISA Server and Forefront TMG
• Dr.Web 6.0 for Kerio mail servers (Windows)
• Dr.Web 11.1 for Kerio mail servers (Linux)
• Dr.Web 6.0 for Internet gateways Kerio (Windows)
• Dr.Web 11.0/11.1 for Internet gateways Kerio (Linux)

The update will be downloaded and installed automatically.

November 14, 2019

Russian anti-virus company Doctor Web has updated its Dr.Web vxCube, an emergency file analysis and malware neutralisation service, to version 1.04.10. The update resolves known software issues and delivers some UI tweaks.

Changes made to the analysis service:

• The causes behind possible analysis and detection errors have been eliminated.
• Analysis report formatting errors have been fixed.
• Issues that could occur while a Dr.Web CureIt! build was being generated have been resolved.

To purchase a license, please contact our sales support service.

With a Dr.Web vxCube trial license, available here, you can examine 10 objects in 10 days.

November 14, 2019

Russian anti-virus company Doctor Web has released the new anti-spam library Vaderetro for Dr.Web 11.0 for Unix Mail Servers and Dr.Web Anti-virus 11.0 for Linux. Now the library makes use of LivePatch. Because of this, the anti-spam can be updated much more frequently.

In addition to the libvaderetro library, the aforementionedDr.Web 11.1 products will now use *.kwo update files to maintain their anti-spam functionality.

To make full use of LivePatch, install the latest versions of the software with up-to-date components from the official Dr.Web repository or download the corresponding run-packages from Doctor Web's site.

November 14, 2019

Russian anti-virus company Doctor Web has updated the Dr.Web Protection for Windows module (11.05.10.10080), Dr.Web Shellguard anti-exploit module (11.05.04.01140), Dr.Web Anti-rootkit API (11.5.7.201902131) and the Dr.Web KATANA setup component (1.0.14.10080) in Dr.Web KATANA 1.0. The update ensures the anti-virus is compatible with Windows 10 Redstone 6 and uses up-to-date software components. Known issues have been resolved.

Changes made to Dr.Web Protection for Windows:

• Adjustments have been made to ensure compatibility with Windows 10 Redstone 6.

Changes made to the Dr.Web Shellguard anti-exploit module:

• An issue causing anti-exploit module false positives to occur while MS Office 2019 and the Office Tab 13.0 plugin or Habel software were in use has been fixed.

Changes made to Dr.Web Anti-rootkit API:

• Enhanced threat detection and neutralisation routines.

The update will be performed automatically; however, a system reboot will be required.

November 14, 2019

Russian anti-virus company Doctor Web has updated Dr.Web Enterprise Agent for Active Directory (12.00.10230) in Dr.Web Enterprise Security Suite 12.0. The update delivers a fix for an identified problem.

Specifically, it eliminates an issue that caused an Active Directory policy to repeatedly attempt to install the Agent software on computers where the agent had already been installed

The update will be downloaded and installed automatically.

November 14, 2019

Doctor Web has updated its Dr.Web Mobile Control Center for iOS to version 12.0.1. The update delivers feature upgrades and fixes of known defects.

Changes made to the Mobile Control Center:

• Now more information about server connection errors is displayed;
• IPv6 addresses can now be entered manually.
• A server HTTPS connection error has been fixed.

The updated Mobile Control Center is available free of charge via the App Store.

November 13, 2019

The second autumn month turned out to be rough for Android users. Doctor Web virus analysts detected numerous malicious applications on Google Play, such as Android.Click clicker trojans that subscribed users to premium services. The detected threats also included malicious software from the Android.Joker family. They also subscribed users to expensive services and were able to execute arbitrary code. Our experts found other trojans as well.

Mobile threat of the month

In early October, Doctor Web reported a few clicker trojans that were added to the Dr.Web virus database as Android.Click.322.origin, Android.Click.323.origin, and Android.Click.324.origin. These malicious apps covertly opened webpages where they subscribed their victims to premium mobile services. The trojans have the following unique features:

• they are embedded into harmless applications;
• they are protected by a program packer;
• they are disguised as well-known SDKs;
• they attack users from specific countries.

Our virus analysts continued detecting additional modifications to these clickers throughout the entire month, having found Android.Click.791, Android.Click.800, Android.Click.802, Android.Click.808, Android.Click.839, and Android.Click.841. Later, they detected similar malicious applications, dubbed Android.Click.329.origin, Android.Click.328.origin, and Android.Click.844. They also subscribed victims to premium services, but may have been developed by different virus writers. All these trojans were hidden in seemingly harmless applications such as camera apps, photo editors and wallpaper collections.

According to statistics collected by Dr.Web for Android

Android.HiddenAds.472.origin

A trojan that delivers annoying advertisements.

Android.RemoteCode.5564

A malicious application that downloads and executes arbitrary code.

Android.Backdoor.682.origin

A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.

Android.DownLoader.677.origin

A downloader of other malicious software.

Android.Triada.465.origin

A multi-functional trojan that performs various malicious actions.

• Program.FakeAntiVirus.2.origin
  Detection of adware that imitates anti-virus software.
• Program.MonitorMinor.1.origin
• Program.MobileTool.2.origin
• Program.FreeAndroidSpy.1.origin
• Program.SpyPhone.4.origin
  Spyware that monitors activities of Android users and may serve as a tool for cyber espionage.

• Tool.SilentInstaller.6.origin
• Tool.SilentInstaller.7.origin
• Tool.SilentInstaller.11.origin
• Tool.VirtualApk.1.origin
  A riskware platform that allows applications to launch APK files without installing them.
• Tool.Rooter.3
  A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.

Program modules that incorporate themselves into Android applications and display obnoxious ads on mobile devices:

• Adware.Patacore.253
• Adware.Myteam.2.origin
• Adware.Toofan.1.origin
• Adware.Adpush.6547
• Adware.Altamob.1.origin

Trojans on Google Play

Apart from clicker trojans, Doctor Web virus analysts revealed several versions, as well as modifications to already known malware from the Android.Joker family on Google Play. The list included Android.Joker.6, Android.Joker.7, Android.Joker.8, Android.Joker.9, Android.Joker.12, Android.Joker.18, and Android.Joker.20.origin. These trojans download and launch malicious auxiliary modules that can execute arbitrary code and subscribe users to premium mobile services. They are distributed under the guise of useful and harmless applications such as wallpaper collections, camera apps with artistic filters, various utilities, photo editors, games, online messengers and other software.

Apart from that, our experts detected another trojan adware from the Android.HiddenAds family, dubbed Android.HiddenAds.477.origin. Cybercriminals were spreading it as a video player and an application that provided information about phone calls. Upon launch, the trojan hid its icon from the Android home screen and began displaying annoying ads.

Additionally, the Dr.Web virus database was updated to detect the trojans Android.SmsSpy.10437 and Android.SmsSpy.10447. They were embedded into an image collection and a camera app. Both malicious applications hooked the contents of incoming text messages. Android.SmsSpy.10437 was also able to execute arbitrary code downloaded from the command and control server.

To protect your Android device from malware and unwanted programs, we recommend you install Dr.Web for Android.

Your Android needs protection.

Use Dr.Web

• The first Russian Anti-virus for Android
• More than 140 million downloads on Google Play alone
• Free for users of Dr.Web home products

Free download

November 13, 2019

In October, Dr.Web server statistics showed an increase in the total number of threats compared to September. The number of unique threats dropped by 6.86%. The most common threat in email traffic was malware that exploits vulnerabilities in Microsoft Office documents, as well as phishing newsletters. A password stealing trojan topped the list of detected malware and unwanted software, but adware still makes up the majority of all threats.

According to Doctor Web’s statistics servers

Threats of this month:

Trojan.PWS.Siggen2.34629

A trojan designed to steal passwords.

Adware.Elemental.14

Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising as well as install unwanted software.

Adware.SweetLabs.2

Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.

Adware.Softobase.15

An installer that distributes outdated software. It changes browser settings.

Adware.Ubar.13

A torrent client that installs unwanted software on devices.

Trojan.InstallCore.3553

Another notorious adware installer. It displays ad banners and installs software without users’ permission.

Statistics for malware discovered in email traffic

Exploit.Rtf.CVE2012-0158

A modified Microsoft Office Word document that exploits the CVE2012-0158 vulnerability to execute malicious code.

W97M.DownLoader.2938

A modified Microsoft Office Word document that exploits the CVE2012-0158 vulnerability to execute malicious code.

PDF.Phisher.115

A PDF document used in phishing newsletters.

Exploit.ShellCode.69

A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.

Trojan.PWS.Siggen2.34629

A trojan designed to steal passwords.

Trojan.PWS.Stealer.19347

A family of trojans designed to steal passwords and other confidential information stored on an infected computer.

Encoders

In October, cases involving the following trojan encoders were most commonly registered by Doctor Web’s technical support service:

• Trojan.Encoder.858 — 16.34%
• Trojan.Encoder.10700 — 6.27%
• Trojan.Encoder.29750 — 2.81%
• Trojan.Encoder.11539 — 2.64%
• Trojan.Encoder.25574 — 2.64%
• ACCDFISA v2 — 2.48%
• Trojan.Encoder.11464 — 2.15%

Dangerous websites

In October 2019, the database of non-recommended and malicious websites was updated with 254,849 webpages.

Malicious and unwanted programs for mobile devices

Last month, Doctor Web virus analysts revealed a number of threats on Google Play. They included clicker trojans from the Android.Clickfamily that subscribed users to premium services. Cybercriminals also distributed the Android.HiddenAds trojan adware and the Android.SmsSpy, malware that hooked incoming text messages. In October, our experts detected new modifications to the Android.Joker trojan family. They were able to execute arbitrary code at cybercriminals’ command and clandestinely subscribe victims to costly mobile services.

The most noticeable October event related to mobile malware:

• rapid distribution of malware on Google Play.

Find out more about malicious and unwanted programs for mobile devices in our special overview.

November 13, 2019

Doctor Web presents its October 2019 overview of malware for mobile devices. This month, our experts detected numerous malicious applications spread by cybercriminals via Google Play, including a clicker trojan that subscribed users to premium services, trojan adware, and other dangerous apps.

Go to the review

November 13, 2019

Doctor Web presents its October 2019 overview of malware activity. The number of requests to technical support for file decryption has increased. The number of unique malware has dropped, while the number of dangerous and non-recommended websites has grown. Read about these and other events in our review.

Go to the review

November 11, 2019

Russian anti-virus company Doctor Web has updated the unlock code service for Dr.Web online accounts. The update delivers feature enhancements and UI tweaks.

Changes made to the service:

• Support is now provided for the new Dr.Web Anti-theft features;
• The following interface languages are currently unavailable: Greek, Estonian, Latvian, Czech, Slovak, Korean, Indonesian and Hindi;
• The same links are now used in emails and on the service webpage.
• The text notifying users that they do not have an account has been changed.

November 11, 2019

Doctor Web has updated its Dr.Web Mobile Control Center for iOS to version 12.0.0. The update ensures the application's compatibility with the latest versions of corporate Dr.Web solutions and delivers upgrades and error fixes.

Changes made to the Control Center:

• Dr.Web Enterprise Security Suite 12.0 is now supported;
• The ability to use a custom port for server connections;
• The option to change the status of the installed components is no longer available;
• Entries showing zero values no longer appear in statistics;
• Minor UI tweaks have been introduced.

The updated is available free of charge via the App Store.

November 7, 2019

Russian anti-virus company Doctor Web is pleased to announce the release of Dr.Web Enterprise Security Suite version 12.0. The twelfth version includes an Agent that has been updated to version 12, a new protection component—Application Control, and a number of tweaks and upgrades that are designed to make the Suite easier to use and improve the security level of protected networks.

New, twelfth version of Dr.Web Enterprise Security Suite now available for users

New Dr.Web Agent 12 for Windows

Changes made to the Agent:

• A significantly expanded range of Agent features;
• An expanded range of entities can now be protected by the anti-virus (processes, system services, drivers, the registry, Windows management instrumentation (WMI), system scheduler tasks, process network connections, and file system events);
• New, advanced scanning techniques, including new non-signature methods for detecting threats and new behavioural algorithms;
• Heuristic algorithms with expanded detection capabilities;
• Enhanced behavioural detection routines—an even broader spectrum of threats can now be detected;
• Dr.Web Agent for Windows’ design has been significantly revamped;
• A new device class—Multimedia devices—is now available in the Office Control settings for Windows OS workstations, offering more reliable access control.

Application Control — a new Agent component

The Application Control module within Dr.Web Enterprise Security Suite's Control Center controls the launch of programs on anti-virus network stations: unwanted applications, known malware, and outdated operating system versions. Application Control lets system administrators allow or block the launch of applications on anti-virus network stations running Dr.Web Agent for Windows, including for selected users. The administrator can decide what needs to be monitored on protected PCs and specify the specific signs of a threat the protection module should react to.

Using the statistics of the Application Control module, the network administrator can, on the fly, create allow and deny rules, which makes it possible to deflect even targeted attacks.

The updated Dr.Web Enterprise Security Suite has even more features for working with security centers (SOC) and incident analysis systems in computer networks (SIEM). Some of these new features are implemented with the Application Control module. Thus, FinCERT mailing data can be integrated into a Dr.Web Enterprise Security Suite security system with minimal effort.

Systems in which an anti-virus cannot be installed for one reason or another can be protected by an array of measures, including the Application Control, Office Control, and Preventive Protection modules.

Find out more about Dr.Web Application Control

| Component description

Major changes made to the Server:

• The installation process has been simplified; the number of distributions to install has been reduced—the network administrator can now download only the products that will be deployed in their company's network;
• The network administrator can automatically receive the latest versions of Dr.Web utilities;
• A new Server parameter has been added; it can be used to create missing accounts for hosts automatically when the agent software is being installed from a group installer;
• The installation process for Dr.Web Enterprise Security Suite on PCs running UNIX-like systems, including Russian ones, has been simplified.

Major changes made to the Control Center:

• Protection components can now be started and stopped remotely for stations running Unix-like operating systems; additional parameters are now available for the Dr.Web ICAPD and SpIDer Gate components;
• MAC addresses can now be used to look for hosts in the anti-virus network layout window;
• Statistics are now available about devices that are being blocked by Dr.Web on protected hosts;
• The audit log now contains information about the following events: Purge database, Analyse database, and Purge Active Directory database;
• New Dr.Web Server notification sorting options have been added for events involving the Dr.Web Preventative Protection and Application Control components, malware outbreak control, and abnormally terminated client connections;
• Less traffic and the ability to exchange data over low bandwidth: the detailed repository configuration now has a new setting for disabling the exchange of updates for neighbouring Servers, which can be used to prevent updates from being forwarded using inter-server connections.

More information about the innovations and tweaks in Dr.Web Enterprise Security Suite can be found in the Release Notes.

Read our detailed instructions to learn how to start using Dr.Web Enterprise Security Suite 12.0.

Corporate customers increasingly trust Dr.Web anti-virus protection technologies. From year to year, the share of Doctor Web revenue generated through the sales of Dr.Web licenses for business users is constantly growing, and to date, it exceeds 71%.

#Dr.Web #update

November 7, 2019

Russian anti-virus company Doctor Web is offering system administrators a series of supplementary documents detailing the features of Application Control—one of the key innovations in Dr.Web Enterprise Security Suite 12.0. Learn when Application Control can be employed, see configuration examples, and use the new component to further enhance the security of your corporate network.

The new Dr.Web Enterprise Security Suite 12.0 component— Application Control—enables system administrators to use flexible allow and block lists to assert control over the applications in their corporate networks.

Learn how you can further enhance your anti-virus protection using the Application Control module in Dr.Web Enterprise Security Suite 12.0.

The series of supplementary documents highlights how administrators can configure the component to address various security situations. They can: block legitimate software whose use for some reason is not allowed under company policies; Block applications by their file checksums, which can be provided by SOC/SIEM solutions, or prevent legacy application versions from being started on all the hosts in their network or limit the restriction to specific groups of nodes and users.

With Dr.Web Enterprise Security Suite 12.0, you can opt to install only the Application Control component on a computer and thus protect a system where no other anti-virus software can be installed.

To give the Application Control feature a try, upgrade Dr.Web Enterprise Security Suite to version 12.0 (here you can find the upgrade instructions) or request a trial version.

Please note that Application Control is only available under the comprehensive protection license and the Control Center is required to change its settings.

Doctor Web invites all system administrators and corporate information security specialists to study the Application Control guides and make full use of the new protection features so that they can achieve even more robust security for their corporate infrastructures.

Download PDF

#Application_Control #new_version #components