The Anti-virus Times

Tuesday, March 5, 2019

The anti-virus’s cloud features are used to address threats that haven't yet been examined by security researchers. Dr.Web Cloud collects statistics on application activity and relays them to a server for analysis.

Important

• Dr.Web Cloud does not collect any personal data. Because it has no need for it. The analysis is based on information about running applications—Dr.Web is interested only in them.
• No files are transmitted to Dr.Web Cloud—only the information about them. That is both good and not so good. On the plus side, no user data is ever compromised (which, of course, is very important); data transfers are instantaneous, and because only small volumes of data are transmitted, even low bandwidth will suffice. But, on the other hand, it can be hard to tell whether we are dealing with malware or a legitimate software update, without examining the files' contents.
• All collected data is analysed automatically, without human intervention. That way the data is processed at maximum speed—something that can never be achieved when operators are involved in the process. Furthermore, that's another way to make sure that the information will never be accessed by a third party.

Dr.Web Cloud collects information about running processes, including thei checksums, and transmits them to protected computers. Then, by matching them against the checksums of local processes, Dr.Web can decide whether or not they are malicious. The anti-virus doesn't look through files for known signatures. Therefore, Eicar can't be used to test whether or not Dr.Web Cloud is working.

So how can you determine whether Dr.Web Cloud is protecting your computer?

Let's disable the HTTP monitor SpIDer Gate.

Click on the icon in the system tray, and in the pop-up menu, select Security Center. In the newly appeared window, click on the icon (enable the administrator mode).

In the newly opened window, select Files and Network and toggle off SpIDer Gate.

Important! To complete the test successfully, the SpIDer Guard component must be installed and enabled.

Make sure that Dr.Web Cloud has been enabled too. In the upper-right corner, click on the gear icon, and in the Settings list, select Dr.Web Cloud. The toggle switch must be set to "On".

In the browser address bar, enter https://www.amtso.org/feature-settings-check-cloud-lookups and press Download the CloudCar Testfile.

If the anti-virus is functioning properly (the Dr.Web SpIDer Guard and Dr.Web Cloud components are up and running), the test file will automatically be moved to the quarantine.

In the Security Center select Tools → Quarantine.

To download the test file and analyse it, disable SpIDer Guard, and download the file again. Out of curiosity, let's start the scanner. We choose to scan only the test file.

We now verify that the test file has been examined by Dr.Web as CLOUD:AMTSO.Test.Virus. The CLOUD prefix in the threat’s title indicates that Dr.Web Cloud is working properly.

And now toggle SpIDer Gate back on again.

#SpIDer_Gate #cloud_technologies #Dr.Web_settings #personal_data