Library
My library

+ Add to library

Profile

Dr.Web self-protection

Dr.Web is immune to any attempts by malicious programs to disrupt its operation. Dr.Web SelfPROtect is a unique anti-virus component that maintains anti-virus security.

Purpose

To protect Dr.Web from actions taken by illegitimate software (malware, hacking utilities), intruder activities, wiretapping, and other forms of tracking.

Advantage

Exceptional resistance to malware; Dr.Web cannot be rendered non-operational as a result of being exposed to malware.

Special features

  • Dr.Web SelfPROtect is implemented as a driver that operates on the lowest system level. The driver can’t be stopped or unloaded without a system reboot.
  • Dr.Web SelfPROtect restricts access to a network, files and folders, certain branches of the Windows Registry and removable data-storage devices on the system-driver level and protects the software from anti-antiviruses aiming to disrupt Dr.Web’s operation.
  • Some anti-viruses modify the Windows kernel by intercepting interruptions, changing vector tables, using other undocumented features, etc. This may have a negative impact on system stability and pave new ways for malicious programs to get into a system. At the same time, Dr.Web SelfPROtect maintains the security of the anti-virus and does not interfere with Windows kernel routines.
  • Automatic restoration of its own modules.

Features

  • Crypto-resistant identification of trusted processes based on digital certificates.
  • Certificates are verified in the OS kernel without using the Windows API, which can be compromised.
  • Protects trusted processes from being terminated and compromised, including in some cases when access is from the OS kernel.
  • Protects trusted GUI processes from being emulated by malware and hacker activity.
  • Protects selected files/directories from being deleted or modified. Effective against destructive actions of malware and hackers.
  • Disables access to files or directories to protect important files/documents/databases from leaks, theft etc. Full access is only available to trusted processes.
  • Protects files from theft and modification when criminals attempt to read via the map disk sectors.
  • Protects specified parameters and registry keys. Effective against destructive actions of malware and hackers.
  • Disables access to settings and registry keys to protect important data/parameters/licensing keys and other sensitive information from being stolen or compromised.
  • Protects named pipes from nefarious attempts to establish connections from untrusted processes. The component helps implement secure inter-process communication between trusted processes without fear of wiretapping and unauthorised data modification.
  • Protects trusted processes from injects, including all popular and modern techniques such as APC, CreateRemoteThread, SetThreadContext, UnmapSection, WriteProcessMemory, AppInit_Dlls, Process Hollowing, Double Agent, Process Doppelganging, etc.
  • Tracks the creation and deletion of new executables in the system.
  • Controls attempts to modify/compromise selected files/directories on disks.
  • System time-change control.