November 7, 2019
New Dr.Web Agent 12 for Windows
Changes made to the Agent:
- A significantly expanded range of Agent features;
- An expanded range of entities can now be protected by the anti-virus (processes, system services, drivers, the registry, Windows management instrumentation (WMI), system scheduler tasks, process network connections, and file system events);
- New, advanced scanning techniques, including new non-signature methods for detecting threats and new behavioural algorithms;
- Heuristic algorithms with expanded detection capabilities;
- Enhanced behavioural detection routines—an even broader spectrum of threats can now be detected;
- Dr.Web Agent for Windows’ design has been significantly revamped;
- A new device class—Multimedia devices—is now available in the Office Control settings for Windows OS workstations, offering more reliable access control.
Application Control — a new Agent component
The Application Control module within Dr.Web Enterprise Security Suite's Control Center controls the launch of programs on anti-virus network stations: unwanted applications, known malware, and outdated operating system versions. Application Control lets system administrators allow or block the launch of applications on anti-virus network stations running Dr.Web Agent for Windows, including for selected users. The administrator can decide what needs to be monitored on protected PCs and specify the specific signs of a threat the protection module should react to.
Using the statistics of the Application Control module, the network administrator can, on the fly, create allow and deny rules, which makes it possible to deflect even targeted attacks.
The updated Dr.Web Enterprise Security Suite has even more features for working with security centers (SOC) and incident analysis systems in computer networks (SIEM). Some of these new features are implemented with the Application Control module. Thus, FinCERT mailing data can be integrated into a Dr.Web Enterprise Security Suite security system with minimal effort.
Systems in which an anti-virus cannot be installed for one reason or another can be protected by an array of measures, including the Application Control, Office Control, and Preventive Protection modules.
You must install the Control Center to use the Application Control module. The component is included in the Comprehensive Protection license.
Find out more about Dr.Web Application Control
Major changes made to the Server:
- The installation process has been simplified; the number of distributions to install has been reduced—the network administrator can now download only the products that will be deployed in their company's network;
- The network administrator can automatically receive the latest versions of Dr.Web utilities;
- A new Server parameter has been added; it can be used to create missing accounts for hosts automatically when the agent software is being installed from a group installer;
- The installation process for Dr.Web Enterprise Security Suite on PCs running UNIX-like systems, including Russian ones, has been simplified.
The Dr.Web Enterprise Security Suite server software can now be updated directly from Dr.Web Control Center — after the administrator issues the command to launch the updating process.
Major changes made to the Control Center:
- Protection components can now be started and stopped remotely for stations running Unix-like operating systems; additional parameters are now available for the Dr.Web ICAPD and SpIDer Gate components;
- MAC addresses can now be used to look for hosts in the anti-virus network layout window;
- Statistics are now available about devices that are being blocked by Dr.Web on protected hosts;
- The audit log now contains information about the following events: Purge database, Analyse database, and Purge Active Directory database;
- New Dr.Web Server notification sorting options have been added for events involving the Dr.Web Preventative Protection and Application Control components, malware outbreak control, and abnormally terminated client connections;
- Less traffic and the ability to exchange data over low bandwidth: the detailed repository configuration now has a new setting for disabling the exchange of updates for neighbouring Servers, which can be used to prevent updates from being forwarded using inter-server connections.
More information about the innovations and tweaks in Dr.Web Enterprise Security Suite can be found in the Release Notes.
Read our detailed instructions to learn how to start using Dr.Web Enterprise Security Suite 12.0.
Corporate customers increasingly trust Dr.Web anti-virus protection technologies. From year to year, the share of Doctor Web revenue generated through the sales of Dr.Web licenses for business users is constantly growing, and to date, it exceeds 71%.
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.