Russian anti-virus company Doctor Web has updated the Dr.Web Security Space, Anti-virus for Windows, Anti-virus for Windows servers setup module (12.5.4.02270) in Dr.Web Security Space 12.0, Dr.Web Anti-virus 12.0 and Dr.Web Anti-virus for Windows Servers. The update resolves known software issues.
Specifically, it eliminates UI layout issues and corrects an installer window defect involving high-contrast Windows themes.
The update will be downloaded and installed automatically.
Russian anti-virus company Doctor Web has updated Dr.Web Control Service (11.5.21.03200), the self-defence module Dr.Web Protection for Windows (11.05.12.03230) as well as the Dr.Web File System Monitor (12.00.04.03190) and amsi-client (12.5.3.202003270) modules in Dr.Web Enterprise Security Suite agent software 11.0.. The update resolves known issues and delivers upgrades.
Changes made to the Dr.Web Control Service:
An issue preventing devices from being added to the whitelist with a regular expression has been resolved.
Changes made to Dr.Web Protection for Windows:
The update addresses compatibility issues between Dr.Web and ViPNet CSP under Windows 10 (x86).
Changes made to Dr.Web File System Monitor:
A defect that could cause a system crash has been eliminated.
Changes made to amsi-client:
The module's routines That detect malicious scripts have been enhanced.
The update will be performed automatically; however, a system reboot will be required.
Now, when the option to assist a friend is re-enabled, no push-notifications are sent to the user from people who have previously been added to the friend list.
A registration issue involving email addresses containing upper-case characters has been resolved.
Automatic email dispatching routines are now more reliable.
Russian anti-virus company Doctor Web has updated the ES Service (12.5.5.03310) and amsi-client (12.5.3.202003270) modules in Dr.Web Enterprise Security Suite agent software 12.0. The update resolves known issues and delivers upgrades.
Changes made to the ES Service:
An issue involving the Office Control profile names in Cyrillic fonts has been resolved;
Also eliminated was a problem that could cause the Office Control to block access to whitelisted devices; and
Finally, another Office Control defect that could cause general protected directories settings to be deleted if the settings were changed in the agent software has been corrected.
Changes made to the amsi-client:
Malicious script detection routines have been enhanced.
The update will be downloaded and installed automatically.
Russian anti-virus company Doctor Web has updated Dr.Web Control Service (11.5.21.03200), the self-defence module Dr.Web Protection for Windows (11.05.12.03230), and the Dr.Web File System Monitor (12.00.04.03190) module in Dr.Web Security Space 11.5, Dr.Web Anti-virus 11.5, and Dr.Web Anti-virus 11.5 for Windows Servers. The update resolves known software issues.
Changes made to the Dr.Web Control Service:
An issue preventing devices from being added to the whitelist with a regular expression has been resolved.
Changes made to Dr.Web Protection for Windows:
The update addresses compatibility issues between Dr.Web and ViPNet CSP on Windows 10 (x86) computers.
Changes made to Dr.Web File System Monitor:
A defect that could cause a system crash has been eliminated.
The update will be performed automatically; however, a system reboot will be required.
Russian anti-virus company Doctor Web has updated the amsi-client module (12.5.3.202003270) in Dr.Web Security Space, Dr.Web Anti-virus and Dr.Web Anti-virus for Windows Servers 11.5 and 12.0. The update introduces feature upgrades.
Specifically, the module's routines That detect malicious scripts have been enhanced.
The update will be downloaded and installed automatically.
Russian anti-virus company Doctor Web has updated Dr.Web for Microsoft Exchange Server to version 12.0.7. The update makes the utility's components current and delivers a new feature.
The following software components and modules have been updated: Parental Control databases, anti-spam database, Lua-script for main (12.5.2.10140) and Lua-script for exchange-plugin-setup (12.5.4.12230) configuration scripts, Dr.Web Updater (12.0.18.12230), Dr.Web Scanning Engine (12.5.2.202001210), Dr.Web Anti-rootkit API (12.5.9.202003180), Dr.Web for Microsoft Exchange setup (12.0.0.12130) and Dr.Web Virus-Finding Engine (7.00.46.03050).
Changes made to Dr.Web for Microsoft Exchange setup:
Now the application setup can process Exchange Management Shell exitcodes.
More information about the upgrade process, as well as the system requirements for Dr.Web 12.0.7 for Microsoft Exchange Server, can be found in the documentation.
Russian anti-virus company Doctor Web has released Subscription Control Center (SCC) 10.3.0 for its Dr.Web AV-Desk Internet service.
New:
Redesigned financial reports;
An extended list of supported international domain names for email addresses used during registration;
Support for PHP 7 in Subscription Control Center 10.3.0 and later versions;
Updated texts for sublicense agreements executed between resellers and users;
Improved stability and security.
Issues resolved:
An issue that could accidentally cause subscriptions to be blocked if the credit features were enabled;
Search and filtering errors involving the “by user” and “by organisation” criteria;
An issue preventing the maximum payment amount from being processed correctly in WebPay;
A file access issue that could sometimes occur if the SCC was upgraded to a newer version;
A server connection problem that could occur if SSL was being used to connect to a Dr.Web AV-Desk server;
A defect preventing the Dr.Web agent installation status from being retrieved if the subscription ID had been changed manually;
Minor typo and UI displAdditional minor tweaks and upgrades.ay issues;
Additional minor tweaks and upgrades.
Download the updated SCC version from the website.
To avoid compatibility issues between the latest SCC version and older libdwavdapi and php-avdesk library files, delete these files either before you apply the update or immediately after you have updated the SCC, and then restart the web server.
If you have any questions, please contact Doctor Web engineers for further guidance.
In February, the number of threats found on Android devices dropped by 11.57% compared to January. The amount of detected malware decreased by 11.05%. Trojans downloading other malware and executing arbitrary code were among the most active.
The number of identified unwanted apps increased by 0.48%. At the same time, the number of detected adware and potentially dangerous software decreased by 11% and 2.56% respectively.
Our specialists have identified threats on Google Play. New modifications of the Android.HiddenAds adware trojan family and Android.FakeApp fraudulent app family were among them.
PRINCIPAL TRENDS IN FEBRUARY
The number of threats detected on Android devices decreased
The appearance of new threats on Google Play
According to statistics collected by Dr.Web for Android
Android.RemoteCode.246.origin
Android.RemoteCode.256.origin
Android.RemoteCode.262.origin
Malicious applications that download and execute arbitrary code.
Android.MobiDash.4945
A trojan that displays obnoxious ads.
Android.Triada.491.origin
A trojan that executes criminal commands and helps them control infected mobile devices.
Program.FakeAntiVirus.2.origin
Detects adware that imitates anti-virus software.
Program.MobileTool.2.origin
Program.Mrecorder.1.origin
Program.FreeAndroidSpy.1.origin
Program.SpyPhone.4.origin
Software that monitors Android user activity and may serve as a tool for cyber espionage.
Tool.SilentInstaller.6.origin
Tool.SilentInstaller.7.origin
Tool.SilentInstaller.11.origin
Tool.VirtualApk.1.origin
Riskware platforms that allow applications to launch APK files without installation.
Tool.Rooter.3
A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.
Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices:
Adware.Myteam.2.origin
Adware.Mobby.5.origin
Adware.Adpush.6547
Adware.Toofan.1.origin
Adware.Gexin.2.origin
Threats on Google Play
In February, our security specialists discovered several threats on Google Play. Trojans of the Android.HiddenAds family, dubbed Android.HiddenAds.2065, Android.HiddenAds.2066 and Android.HiddenAds.2067 were among them.
Upon launch these trojans hid their icons from the apps list on the home screen and displayed obnoxious ads. Attackers spread them as benign software such as wallpapers collections, image editors and useful system tools.
In addition, new fraudulent apps of the Android.FakeApp family have been spotted. They were added to the Dr.Web virus database as Android.FakeApp.189 and Android.FakeApp.4.origin. Cybercriminals spread them as apps designed to help users earn money online. These trojans loaded websites containing fake polls where potential victims were asked to answer a few questions. To get the “reward”, they were required to confirm their identity or pay a fee. To do so, victims were asked to provide their bank card information or transfer the requested amount to an electronic wallet. Consequently, users never received any payment, lost the transferred money and were put at risk of losing all the funds in their bank accounts.
Our specialists have identified the Android.Click.878 clicker trojan spread as a wallpaper collections app. Upon launch, it loaded various websites, including malicious and scam sites, in the Google Chrome browser. To hide from users, Android.Click.878 removed its icon from the apps list on the home screen. The trojan could then be found only on the apps list on the system menu where the clicker was presented as an application called “Settings” and equipped with the wheel icon.
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.
Your Android needs protection.
Use Dr.Web
The first Russian anti-virus for Android
Over 140 million downloads—just from Google Play
Available free of charge for users of Dr.Web home products
Russian anti-virus company Doctor Web has updated its Dr.Web Mobile Control Center for Android to version 12.0.1. The update delivers a fix for an identified problem.
Changes made to the Mobile Control Center:
An issue preventing devices running Android 10 from connecting to ES servers has been resolved.
Go to Google Play to download the Dr.Web Mobile Control Center for Android for free and to learn about its features.
Doctor Web presents its February 2020 overview of malware activity for mobile devices. Last month, the number of threats detected on Android devices decreased. New threats were discovered on the Google Play app store. Read more about these events in our review.
Russian anti-virus company Doctor Web has updated the Dr.Web Protection for Windows (12.05.03.03200) and Dr.Web Anti-rootkit API (12.5.9.202003180) modules in Dr.Web Enterprise Security Suite 12.0. The update resolves known software issues.
Changes made to Dr.Web Protection for Windows:
The update addresses compatibility issues between Dr.Web and ViPNet CSP under Windows 10 (x86).
Changes made to Dr.Web Anti-rootkit API:
An issue involving the anti-rootkit false positive NSP:SUSPICIOUS.BrokenId has been eliminated.
The update will be performed automatically; however, a system reboot will be required.
Russian anti-virus company Doctor Web has updated the Dr.Web Protection for Windows module (12.05.03.03200) in Dr.Web Security Space 12.0, Dr.Web Anti-virus 12.0, and Dr.Web 12.0 for Windows Servers. The update delivers a fix for an identified problem.
Specifically, the update addresses compatibility issues between Dr.Web and ViPNet CSP under Windows 10 (x86).
The update will be performed automatically; however, a system reboot will be required.
Russian anti-virus company Doctor Web has updated the Dr.Web Anti-rootkit API ((12.5.9.202003180) module in Dr.Web Security Space 12.0, Dr.Web Anti-virus 12.0 and Dr.Web 12.0 for Windows Servers. The update delivers a fix for an identified problem.
Specifically, it eliminates an issue involving the anti-rootkit false positive NSP:SUSPICIOUS.BrokenId.
The update will be downloaded and installed automatically.
Doctor Web virus analysts report that certain websites, from online news blogs to corporate pages created using WordPress CMS, have been compromised. The JavaScript script embedded in the hacked pages code redirects visitors to a phishing site where they are prompted to install an important security update for the Chrome browser. The downloadable file is a malware installer that allows attackers to remotely access and control the infected computers. Over 2000 people have downloaded the fake update so far.
According to the Doctor Web virus laboratory, the hacker group behind this attack was previously involved in spreading a fake installer of the popular VSDC video editor through its official website and the CNET software platform. This time the cybercrooks managed to gain administrative access to several websites that began to be used in the infection chain. They embedded a malicious JavaScript code inside the compromised pages that redirects users to a phishing site, which is presented as legitimate Google service.
Target selection is based on geolocation and browser detection. The target audience are users from the USA, Canada, Australia, Great Britain, Israel and Turkey, using the Google Chrome browser. It is worth noting that the downloaded file has a valid digital signature identical to the signature of the fake NordVPN installer distributed by the same criminal group.
The infection mechanism is implemented as follows. Upon launching the installer, it creates a folder in the %userappdata% directory that contains files for the TeamViewer remote control application and unpacks two password-protected SFX archives. One archive contains two components: a malicious msi.dll library, which allows one to establish an unauthorised connection to an infected computer and a batch file for launching the Chrome browser with Google[.]com start page. The second archive carries a script for bypassing Microsoft Windows’s built-in anti-virus protection. The msi.dll library is loaded into the RAM memory by the TeamViewer process, simultaneously hiding its activity from the user.
Using the backdoor, the attackers are able to deliver payload modules with malware to infected devices, such as:
The X-Key Keylogger,
The Predator The Thief stealer, and
A trojan for remote control over the RDP protocol.
All mentioned malware is successfully detected and removed by Dr.Web and does not pose a threat to our customers. The phishing page with malicious content has been added to the Dr.Web database of dangerous and non-recommended websites.
Doctor Web malware analysts have discovered a multifunctional Android bot on Google Play that is controlled with BeanShell scripts. This malware combines both adware and clicker trojan functionality and can be used to perform phishing attacks.
Dubbed Android.Circle.1, the trojan has been spread as wallpaper collections, horoscopes apps, image editors, games, system tools, online dating apps and other software. Our specialists have found 18 modifications of this malware downloaded more than 700,000 times. After Doctor Web’s report to Google, all of them have been deleted from Google Play. Moreover, the C2 server domains have been terminated as well.
Examples of the discovered trojan apps are shown below:
All these apps seemed harmless and worked as advertised, thus, users had no reasons to perceive them as threats. In addition, some of these apps pretended to be an important system component after installation, providing an additional layer of protection from possible deinstallation.
Android.Circle.1 is a bot that performs malicious tasks at the command of cybercriminals. It’s bot functionality is implemented via the built-in open source library BeanShell. This library presents a Java code interpreter with Java-based scripting language capabilities and allows the malware to run arbitrary code “on the fly”. Upon launch, the malware connects to the C2, sends information about the infected device to it and waits for incoming commands.
Android.Circle.1 receives tasks via the Firebase Cloud Messaging service. The trojan saves them into the configuration file and extracts BeanShell scripts with the commands, which it then executes. Doctor Web virus analysts tracked several such commands received by the malware:
delete the trojan’s app icon from the apps list on the home screen;
delete the trojan’s app icon and load the URL specified in the command in the browser;
perform a click action on the loaded website, and
display an advertisement banner.
Thereby, the main purpose of Android.Circle.1 1 is to show ads and load various websites where the trojan imitates user actions. For instance, it can click on links, ads and other interactive elements on loaded websites, implementing the clicker functionality.
However, these are not the only functions this bot has. In fact, the trojan can load and execute any arbitrary code it receives. Its capabilities are only limited with system permissions available to the app that the malware is built in. Let the C2 server send the specific command, Android.Circle.1 will be able to load WebView with a fraudulent or malicious website to perform phishing attacks. Herewith, executing the arbitrary code received outside of Google Play is prohibited by the catalogue’s policy.
See the examples of the obnoxious advertisements displayed by the trojan:
Android.Circle.1 is created using the Multiple APKs mechanism. It allows developers to prepare and host multiple versions of a single program on Google Play to support various device models and processor architectures. Thanks to this mechanism, the size of APK files is reduced, since they contain only the necessary components for working on a particular device. At the same time, files with resources, as well as modules and application libraries can be located in separate APK files (the so-called Split APKs mechanism) and may or may not exist at all depending on the target device. Such auxiliary APKs are automatically installed together with the main program package and are perceived by the operating system as a whole.
Part of the malicious functionality of Android.Circle.1 has been taken to the native library, which is located in one of the such auxiliary APK. Therefore, Multiple APKs turns into a kind of self-defense mechanism of the Trojan. If information security specialists find only the main Android.Circle.1 without the rest of the APK files with the components necessary for analysis, studying a malicious application may be significantly difficult or even impossible.
Moreover, in case of a potential targeted attack, it is possible for the attackers to create multiple “clean” variants of an app and build a trojan into only one or a few of them. Malicious modifications will only be installed on specific device models. To other users, the application will remain harmless, which will reduce the chance of timely discovery of the threat.
Even though all discovered Android.Circle.1 modifications have been deleted from the Google Play, it is possible that cybercriminals will create and distribute more versions of the trojan. Therefore, Android users should be vigilant and avoid installing unknown software. Dr.Web for Android Anti-Virus solutions reliably detect and delete Android.Circle.1 from Android devices, keeping our users well protected from this threat.
Russian anti-virus company Doctor Web has updated Dr.Web Virus-Finding Engine (7.00.46.03050) in Dr.Web Security Space and Dr.Web Anti-virus as well as in Dr.Web Enterprise Security Suite, the Internet service Dr.Web AV-Desk, the Dr.Web CureIt! utility, Dr.Web for macOS and in the emergency system recovery solution Dr.Web LiveDisk.
The update eliminates data processing issues involving the SQUASHFS, FLY-CODE, BINARY PACKAGE, HA, JSPACK and mdb file formats.
Dr.Web Virus-Finding Engine has been updated in the following products:
Dr.Web 9/10/11.0/11.1 for macOS
Dr.Web 6/11.0/11.1 for Unix Server
Dr.Web 6/11.0/11.1 for Unix Mail Servers
Dr.Web Anti-virus 6/11.0/11.1 for Internet gateways Unix
Dr.Web Anti-virus 6/11.0/11.1 for Linux
Dr.Web Security Space 7/8/9/10/11.0/11.5/12
Dr.Web Anti-virus 7/8/9/10/11.0/11.5/12 for Windows
Dr.Web 7/8/10/11.0/11.5/12 for Windows Servers
Dr.Web 10/11/11.5/12 for MS Exchange
Dr.Web 10/11.0/11.5/12 for M Lotus Domino (version for Windows)
Dr.Web 6.0 for IBM Lotus Domino (Linux-version)
Dr.Web AV-Desk 10.00.1/10.01.0
Dr.Web ATM Shield 6
Dr.Web Enterprise Security Suite 10.00.0/10.00.1/10.01.0/11.00/12.0 (Windows)
Dr.Web 6.0 for MIMEsweeper
Dr.Web LiveCD 9
Dr.Web для Novell NetWare 7
Dr.Web 6.0 for Qbik WinGate
Dr.Web 6.0 for Trafficinspector
Dr.Web CureNet! 10/11
Dr.Web 11.0 for Microsoft ISA Server and Forefront TMG
Dr.Web 6.0 for Kerio mail servers (Windows)
Dr.Web 11.1 for Kerio mail servers (Linux)
Dr.Web 6.0 for Internet gateways Kerio (Windows)
Dr.Web 11.0/11.1 for Internet gateways Kerio (Linux)
The update will be downloaded and installed automatically.
In February, an analysis of Dr.Web’s statistics revealed an increase in the total number of threats by 4.86% compared with the previous month. The number of unique threats dropped by 8.38%. Adware still made up the majority of detected threats. Email traffic was dominated by malware that exploits vulnerabilities in Microsoft Office programs. With that, detections of the Trojan.SpyBot.699 banking trojan continued to increase.
In February, the number of user requests to decrypt files affected by encoders increased by 12.32% compared with January. Trojan.Encoder.26996 was the most active encoder, accounting for 29.06% of all incidents.
Principal trends in February
Adware remains amongst the most common threats
A growth in ransomware activity
Threat of the month
In February, Doctor Web virus analysts reported that the VSDC video editor’s download link had been compromised on the popular software platform CNET. Instead of the genuine program, visitors received a modified installer bundled with TeamViewer valid files and a downloader trojan that further retrieved malicious auxiliary modules from the repository. Thus, the computer was infected with a trojan from the BackDoor.TeamViewer family, which allowed attackers to establish an unauthorised connection to an infected computer, as well as with a script for bypassing Microsoft Windows’s built-in anti-virus protection. Utilising BackDoor.TeamViewer, the attackers were able to deliver payload modules with malware such as stealers, keyloggers and RAT to infected devices.
According to Doctor Web’s statistics service
The most common threats in February:
Adware.Softobase.15
Installation adware that spreads outdated software and changes browser settings.
Adware.Ubar.13
A torrent client designed to install unwanted programs on a user’s device.
Adware.Elemental.14
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Adware.Downware.19627
Adware that often serves as an intermediary installer of pirate software.
Adware.SweetLabs.2
An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
Statistics for malware discovered in email traffic
Trojan.SpyBot.699
A multi-module banking trojan. It allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
Exploit.CVE-2012-0158
A modified Microsoft Office document that exploits the CVE-2012-0158 vulnerability in order to run malicious code.
W97M.DownLoader.2938
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
Exploit.ShellCode.69
A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
Tool.KMS.7
Hacking tools that are used to activate illegal copies of Microsoft software.
Encryption ransomware
In February, Doctor Web’s virus laboratory registered 12.32% more requests to decode files encoded by trojan ransomware than in January.
Trojan.Encoder.26996 — 18.48%
Trojan.Encoder.567 — 10.38%
Trojan.Encoder.29750 — 4.81%
Trojan.Encoder.858 — 3.54%
Trojan.Encoder.11464 — 2.78%
Dr.Web Security Space for Windows protects against encryption ransomware
Malicious and unwanted programs for mobile devices
In February, Dr.Web’s statistics for Android devices confirmed an almost 12% decrease in the total number of threats on protected devices compared with January. Malware, adware and riskware showed less activity, while the number of detected potentially unwanted programs increased.
Doctor Web virus analysts uncovered new threats on Google Play such as adware trojans, fraudulent applications, and other malicious software.
The following February events related to mobile malware are the most noteworthy:
Detection of new threats on Google Play
Decline in malware activity on protected devices
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Doctor Web presents its February 2020 overview of malware activity. In February, the number of detected threats remained steady at January levels. Users continued to face adware and unwanted programs primarily. E-mail traffic was dominated by malware with a multi-module banking trojan showing the highest distribution rate. Encoder activity increased by 12%, demonstrating an upward trend for the first time since October 2019. Finally, the number of URLs added to Dr. Web’s database of dangerous and non-recommended websites dropped by almost 7% compared with January. Read more about these and other events in our February review.
Russian anti-virus company Doctor Web has updated the amsi-client (12.5.2.202002120) and Dr.Web Updater (11.5.15.02061) modules as well as Dr.Web Anti-rootkit API (11.5.13.202001310) in Dr.Web Security Space 11.5, Dr.Web Anti-virus 11.5 and Dr.Web Anti-virus 11.5 for Windows Servers. Furthermore, Dr.Web Security Space 11.5 and Dr.Web Anti-virus 11.5 have also had the Dr.Web Net Filtering Service (11.5.4.02210) updated. The update resolves known software issues.
Changes made to amsi-client:
Issues involving the option to scan Windows Script Host and PowerShell scripts have been fixed.
Changes made to the Dr.Web Net Filtering Service:
Also resolved was a defect causing HTTPS connections to be blocked if the WPAD protocol was being used to access websites via a proxy server.
The documentation has been updated too.
The update will be performed automatically; however, a system reboot will be required.
Russian anti-virus company Doctor Web has updated Dr.Web Enterprise Agent (12.0.1.03100), a component of Dr.Web Enterprise Security Suite 12.0. The release brings the software components and the Office Control, Anti-spam, and virus databases up to date.
The updated modules and components include SpIDer Agent for Windows (12.0.10.02050), Dr.Web Control Service (12.5.4.02030), ES Service (12.5.4.01240), Dr.Web Net Filtering Service (12.5.3.01290), Dr.Web Updater (12.0.18.12230), Dr.Web SysInfo (12.5.1.202002170), Dr.Web Scanner SE (12.0.8.01281), Dr.Web Scanning Engine (12.5.2.202001210), Dr.Web Anti-rootkit API (12.5.8.202002280), amsi-client (12.5.2.202002120),Dr.Web Virus-Finding Engine (7.00.44.12030) and the configuration script Lua-script for win-es-agent-setup (12.5.4.12230).
The documentation in English has been updated too.
The update will be downloaded and installed automatically.
Russian anti-virus company Doctor Web has updated the server software incorporated into Dr.Web Enterprise Security Suite to version 12.00.1 (REL-1200-202003030). The update delivers a new feature and resolves known issues.
New feature:
Job search sites have been added to the list of categories Office Control can block—the new category is Jobs. To block access by the new category, the agent software on the protected hosts must support this feature.
Resolved issues:
The Dr.Web Agent option to block networking during scanning is disabled by default;
An issue interfering with directory search and browsing on servers via LDAP;
An issue preventing Dr.Web server software from updating over the Global Updating Network under FreeBSD/i386;
An issue preventing devices from being blocked if multiple device classes or buses were indicated simultaneously in the Office Control settings;
A defect preventing version 11 of Dr.Web server software from being upgraded to version 12 if MySQL or MariaDB was also being used as a database server;
A server error that occurred while hosts or host groups were being compared in the Control Center;
An issue that stopped the server software from being updated if var-root and home directories were located on different partitions;
A problem preventing items on the Office Control class block list from being removed properly;
An error that, under certain circumstances, interfered with Dr.Web software updates on protected hosts;
An issue preventing the configuration file from being saved after Dr.Web server software version 6 had been upgraded to version 12;
A defect causing an error when a message was being sent to selected hosts via the Control Center;
An issue preventing Dr.Web agent software from being installed from the distribution package on machines whose CPUs didn't support SSE2;
A defect that, under some circumstances, prevented users from configuring filters and parameters for viewing logs in the statistics section;
An issue preventing the Dr.Web proxy server from updating automatically via the ES server;
A problem causing an error when settings were being imported in the Control Center network view;
A problem causing the application control Events item to disappear from the menu when user groups were being selected;
A defect causing an error if no translation in the selected language was available for certain Control Center UI items;
Minor tweaks and upgrades were made.
The server software can be updated via the Dr.Web Global Update System. The latest software version has also been incorporated into the corresponding distribution files.
Russian anti-virus company Doctor Web has updated the amsi-client module (12.5.2.202002120), Dr.Web Net Filtering Service (11.5.4.02210), Dr.Web Updater (11.5.15.02061), Dr.Web Anti-rootkit API (11.5.13.202001310) and the ES Service module (11.5.20.02182) in Dr.Web Enterprise Security Suite 11 agent software. The update resolves known software issues.
Changes made to amsi-client:
Issues involving the option to scan Windows Script Host and PowerShell scripts have been fixed.
Changes made to the Dr.Web Net Filtering Service:
A defect causing HTTPS connections to be blocked if the WPAD protocol was being used to access websites via a proxy server has been eliminated.
Changes made to the ES Service:
An issue causing a whitelisted device to be blocked under specific circumstances has been resolved;
A problem causing general user settings to be deleted while user configuration data was being transmitted from the agent to the server has been addressed.
The update will be performed automatically; however, a system reboot will be required.
Russian anti-virus company Doctor Web has updated its Dr.Web Security Space Life for Android to version 12.6.1. The update delivers minor tweaks upgrades.
Specifically, adjustments have been made so that the application works properly on devices powered by Android TV.
If you downloaded the Dr. Web application from Google Play, the updates will be downloaded and installed automatically. If automatic updates are disabled on your device, go to Google Play, select Dr.Web Security Space Life on the application list, and tap "Update."
Go to:
The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
