The Anti-virus Times

Tuesday, May 8, 2018

How can I tell whether the anti-virus program is installed on my laptop?

A question for Doctor Web’s tech support

That's an interesting question. Indeed, an anti-virus shouldn't disturb the user and display notifications if there’s no valid reason to do so.

Sometimes system administrators opt to hide anti-virus icons so that they don't appear in the system tray; otherwise, abrupt pop-up messages could cause users to panic.

But prolonged silence can arouse suspicion. What if the anti-virus isn’t working or was never installed in the first place?

First, let's take a look at the system tray to make sure that the Dr.Web icon is displayed there. If the icon is there, the anti-virus is up and running. If it isn't, look for Dr.Web on the list of installed applications:

• Windows XP (depending on the Start menu style):
  • Start menu: Start → Control Panel → Add and Remove Programs.
  • Classic Start menu: Start → Settings → Control Panel → Add and Remove Programs.
• Windows Vista (depending on the Start menu style):
  • Start menu: Start → Control Panel, and then depending on the Control Panel view:
    • Classic view: Programs and Features
    • Control Panel Home: Programs → Programs and Features.
  • Classic Start menu: Start → Settings → Control Panel → Add and Remove Programs and Features.
• Under Windows 7, select Start → Control Panel, and then depending on the Control Panel view:
  • Small/large icons: Programs and Features
  • Category: Programs → Uninstall a program.
• For Windows 8/8.1/10, open the Control Panel. Right-click on the menu button, and in the drop-down menu, select Control Panel. Then, depending on the Control Panel view:
  • Small/large icons: Programs and Features
  • Category: Programs → Uninstall a program.

The product you installed should be on the newly appeared list. For example, Dr.Web Security Space.

Then, if you can see that the program has been installed, let's check the list of running processes. It should contain information about the anti-virus’s processes (tick the “View processes from all users” box to see information about all the processes).

If the anti-virus isn't running, go to the Start menu; find Dr.Web on the programs list, and try to launch it.

If you are certain that you didn't remove the anti-virus, you can either contact our technical support service (gather all the relevant information before submitting your support request), or try to reinstall the application on your own.

If the tray icon is visible (the anti-virus is running), see what it looks like—its appearance reflects the anti-virus's current status.

• – all protection components are working properly.
• – the self-protection or other important component (SpIDer Guard monitor, Firewall) is disabled. This weakens anti-virus security; Enable the self-protection or other disabled component.
• – an error occurred while launching a key Dr.Web component. Your computer is at risk of infection. Make sure that you have a valid key file, and copy the file to an appropriate location, if necessary, or contact technical support.

Check your license—it may have expired. To enter a new license’s information, in the anti-virus's menu, select License → Buy or activate new license → enter your new serial number.

Sometimes a purchased license (or one obtained otherwise) doesn't match up with the product you’ve installed. For example, you may have Dr.Web KATANA installed on your computer, but your license is for Dr.Web Security Space. In this case, install the respective product, or contact your license supplier to change your license.

Once your license information is updated, update the application.

To check whether the anti-virus is protecting your system, you can use the EICAR test file (Doctor Web neither distributes nor provides malicious files for testing purposes).

To do this, right-click on the icon in the system tray, and then click on .

Note the current number of discovered threats; click on Detailed report.

In the Component list, select SpIDer Gate; enter the filter's name and press the Filter button.

Note the number of infected objects detected for the SpIDer Gate component.

Launch your web browser, and go to the address http://www.eicar.org/85-0-Download.html.

On the loaded page locate the text

Select any of the files available for downloading, e.g. choose the first one — eicar.com.

This "program" (EICAR — European Institute for Computer Anti-Virus Research) is specifically designed to test whether an installed anti-virus will alert the user to a detected virus without exposing the PC to a real threat. The file is not malicious but most anti-viruses regard it as malware. Dr.Web detects this "virus" as the EICAR Test File (Not a Virus!). Other anti-virus applications call it something similar. If executed, the 68-byte COM file will output this message in the command-prompt window: EICAR-STANDARD-ANTIVIRUS-TEST-FILE!

The file consists only of the following string of symbols:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

If you create a file containing the above string and save it as test.com, you will end up with the "virus" file we are talking about.

If the anti-virus is working properly, your browser should display the following window:

Click More in the pop-up window to get more information and export it.

Return to the Statistics section.

The number of infected objects that have been detected by SpIDer Gate must increase by 1.

If you’d like to test the file monitor, you will first need to download the test virus file. To do so, in the agent menu, select Protection components, and toggle off SpIDer Gate. Return to eicar.org, and try to download the test virus once again. The result should be a pop-up window similar to the one displayed below:

If SpIDer Guard is working in the optimal mode, it won't block the launch of the EICAR file or alert you to any danger because the file doesn't pose any threat to the system. However, if you copy or create such a file on a hard drive, SpIDer Guard will automatically treat the file as malware and move it to the Quarantine.

When the test is finished, enable SpIDer Gate: right-click on the icon in the system tray, and in the Protection Components menu, toggle on SpIDer Gate.

To test the Parental Control, use the component's settings to add a new item to the blacklist.

Then open a browser and enter the blacklisted address. The requested page won't be loaded. Instead, an informational message will appear in the browser window, and in the upper-right corner of the screen, you will see a notification (unless notifications have been disabled in the anti-virus settings).

#Dr.Web #Dr.Web_settings #anti-virus_updates #Dr.Web_technologies