Drweb 12.9 Moss Android en
Drweb 12.9 Moss Android en
User manual
© Doctor Web, 2024. All rights reserved
This document is intended for information and reference purposes regarding the Dr.Web
software discussed herein. This document is not a basis for exhaustive conclusions about the
presence or absence of any functional and/or technical features in Dr.Web software and cannot
be used to determine whether Dr.Web software meets any requirements, technical
specifications and/or parameters, and other third-party documents.
This document is the property of Doctor Web and may be used solely for the personal purposes
of the purchaser of the product. No part of this document may be reproduced, published or
transmitted in any form or by any means, without proper attribution, for any purpose other than
the purchaser's personal use.
Trademarks
Dr.Web, SpIDer Mail, SpIDer Guard, CureIt!, CureNet!, AV-Desk, KATANA and the Dr.WEB logo
are trademarks and registered trademarks of Doctor Web in Russia and/or other countries.
Other trademarks, registered trademarks and company names used in this document are the
property of their respective owners.
Disclaimer
In no event shall Doctor Web and its resellers or distributors be liable for any errors or
omissions, or for any loss of profit or any other damage caused or alleged to be caused directly
or indirectly by this document, or by the use of or inability to use the information contained in
this document.
Doctor Web customers include home users around the world, government agencies, small
businesses, and nationwide corporations.
Since 1992, Dr.Web anti-virus solutions have been known for their continuous excellence in
malware detection and compliance with international information security standards.
The state certificates and awards received by Dr.Web solutions, as well as the worldwide use of
our products, are the best evidence of exceptional trust in the company products.
We thank all our customers for their support and devotion to Dr.Web products!
4
Table of Contents
1. Introduction 8
1.1. Dr.Web Functions 9
2. System Requirements 10
3. Installing Dr.Web Mobile Security Suite 11
4. Updating and Uninstalling Dr.Web Mobile Security Suite 15
5. Licensing 18
5.1. License Screen 18
5.2. Demo License 19
5.3. Purchasing License 20
5.4. Activating License 22
5.5. Restoring License 26
5.6. Pausing and Canceling Subscription 27
5.7. Renewing License 28
5.8. Configuring Notifications on License Expiration 30
6. Getting Started 31
6.1. License Agreement 31
6.2. Permissions 31
6.3. Interface 34
6.4. Notifications 36
6.5. Widget 39
6.6. My Dr.Web 40
7. Dr.Web Account 41
8. Dr.Web Components 44
8.1. Anti-Virus Protection 44
8.1.1. SpIDer Guard: Real-Time Protection 44
8.1.2. Dr.Web Scanner: On-Demand Scan 47
8.1.3. Check Results 50
8.1.3.1. Threats in System Applications 50
8.1.3.2. Changes in System Area 50
8.1.3.3. Stagefright Exploits 50
8.1.4. Device Lockers 55
8.2. Call and SMS Filter 56
User manual
5
User manual
6
9. Settings 125
9.1. General Settings 126
9.2. Virus Database Update 127
9.3. Backup 128
9.4. Reset Settings 129
User manual
7
User manual
Introduction 8
1. Introduction
Dr.Web Mobile Security Suite (hereinafter—Dr.Web) protects mobile devices running the
Android™ operating system as well as TV sets, media players and game consoles running on
the Android TV™ platform from various virus threats designed specifically for these devices.
On devices running Android TV, the centralized protection mode is not available. To check
if your device and Dr.Web app version support the centralized protection mode, see
Centralized Protection Mode.
The app features technologies of Doctor Web that are implemented to detect and neutralize
malicious obj ects that may harm your device and steal your personal data.
Dr.Web uses the Origins Tracing™ for Android technology that detects malware. This
technology allows to detect new families of viruses using information from existing databases.
Origins Tracing™ for Android can identify recompiled viruses, e.g. Android.SmsSend, Spy, as
well as applications infected by Android.ADRD, Android.Geinimi, Android.DreamExploid.
Names of threats detected by Origins Tracing for Android are marked as
Android.VirusName.origin.
The following symbols and text conventions are used in this guide:
Convention Comment
<IP-address> Placeholders.
Save Names of buttons, windows, menu items and other program interface elements.
User manual
Introduction 9
· Provides real-time protection of your file system (scans files and apps when you install or
download them, etc.).
· Scans the entire file system or selected files and folders on your demand.
· Scans archives.
· Scans files on SD cards or other removable media.
· Monitors changes in system area.
· Quarantines threats or completely removes them from your device.
· Unlocks your device if it is locked by ransomware.
· Filters incoming calls and SMS messages (SMS filtering does not work in app versions that are
installed from Google Play).
· Downloads Dr.Web virus database updates from the internet.
· Gathers statistics on detected threats and performed actions; keeps the app log.
· Detects device location and locks its functions remotely when it gets lost or stolen.
· Restricts access to specific websites and website categories in the pre-installed Android
browser, Google Chrome, Yandex.Browser, Microsoft Edge, Firefox, Firefox Focus, Opera,
Adblock Browser, Dolphin Browser, Sputnik, Boat Browser, and Atom.
· Analyzes device security and helps eliminate detected problems and vulnerabilities.
· Controls internet connections to protect your device from unauthorized access and prevents
leakage of personal data through networks.
· Restricts access to applications installed on your device.
· Enables safe search in the main search systems.
Some of the listed functions are not available in the application installed on Android TV
devices.
User manual
System Requirements 10
2. System Requirements
Before installing the app, make sure your device meets the requirements and recommendations
listed below:
Parameter Requirement
CPU x86/x86-64/ARMv7/ARMv8/ARMv9
· For compatibility with apps that lock other apps, the app lockers are required not to restrict
Dr.Web from launching.
· Call and SMS filter and Dr.Web Anti-Theft do not operate on devices that have no SIM card
slot. Make sure your device supports SIM cards.
· URL filter operates in an Android embedded browser, Google Chrome, Yandex.Browser,
Microsoft Edge, Firefox, Firefox Focus, Opera, Adblock Browser, Dolphin Browser, Sputnik,
Boat Browser, and Atom.
· URL filter requires access to your browser history on devices with Android 5.1 or earlier. Make
sure to enable this option in your browser.
Please note that correct operation of Dr.Web is not guaranteed on the devices with custom
ROMs and on rooted devices. Technical support is also not provided for such devices.
By default, the application is installed to the internal device memory. For correct operation
of Dr.Web, do not transfer the installed application to a removable media.
User manual
Installing Dr.Web Mobile Security Suite 11
Some devices might require enabling file transfer when connecting to a computer with a USB
cable.
Copying installation file from disk and launching the file on your device
User manual
Installing Dr.Web Mobile Security Suite 12
· On devices with Android 7.1 or earlier, in your device settings, disable the Unknown
sources setting.
· On devices with Android 8.0 or later, in your device settings, open the Install unknown
apps screen and disallow app installation from selected source.
You can download the Dr.Web installation file on the Doctor Web website at
https://download.drweb.com/android/.
· On devices with Android 7.1 or earlier, in your device settings, disable the Unknown
sources setting.
· On devices with Android 8.0 or later, in your device settings, open the Install unknown
apps screen and disallow app installation from selected source.
User manual
Installing Dr.Web Mobile Security Suite 13
1. On your device, open Google Play, find Dr.Web in the list of applications and tap Install.
If your device does not meet the system requirements, Dr.Web will not be displayed in the
list of applications in Google Play.
2. On the next screen, you will be prompted to provide access to necessary features and data
on your device.
Check the list of required permissions and tap Accept.
3. Tap Open to start using the app.
1. On your device, open HUAWEI AppGallery, find Dr.Web in the list of applications and tap
Install.
If your device does not meet the system requirements, Dr.Web will not be displayed in the
list of applications in HUAWEI AppGallery.
2. On the next screen, you will be prompted to provide access to necessary features and data
on your device.
Check the list of required permissions and tap Accept.
3. Tap Open to start using the app.
User manual
Installing Dr.Web Mobile Security Suite 14
1. On your device, open Xiaomi GetApps, find Dr.Web in the list of applications and tap Install.
If your device does not meet the system requirements, Dr.Web will not be displayed in the
list of applications in Xiaomi GetApps.
Dr.Web is successfully installed on your device and is ready to use. For further operation, you
need to activate a paid or demo license.
User manual
Updating and Uninstalling Dr.Web Mobile Security Suite 15
Updating Dr.Web
Configuring automatic updates for Dr.Web installed from the Doctor Web website
If you have downloaded your Dr.Web from the Doctor Web website, you can enable
notifications about availability of a new version. To do so:
If the check box is selected, Dr.Web checks for new versions every time virus databases get
updated. If a new version is released, you will be prompted to download and install it.
If your Google Play app is not configured to update installed apps automatically, you can
update Dr.Web manually:
· Select the check box next to Dr.Web and tap the icon.
The app is found on the Updates available list only if a new version of Dr.Web has been
released.
6. Dr.Web may require new permissions when it is updated. In this case, a notification asking to
grant new permissions will appear.
Tap Accept to grant Dr.Web required permissions.
Tap Open to start using the app.
User manual
Updating and Uninstalling Dr.Web Mobile Security Suite 16
You can configure automatic update for applications installed from HUAWEI AppGallery
(including Dr.Web). To do so, in the Manager tab of the HUAWEI AppGallery app, turn on the
toggle Auto-update over Wi-Fi.
The Update option will not be available until a new version of Dr.Web is released.
3. Dr.Web may require new permissions when it is updated. In this case, a notification asking to
grant new permissions will appear.
Tap Accept to grant Dr.Web required permissions.
Tap Open to start using the app.
Uninstalling Dr.Web
Dr.Web Anti-Theft is designed to complicate the process of deleting Dr.Web from your
device. If Dr.Web Anti-Theft is configured on your device, disable it and remove Dr.Web
from device administrators before deleting the app.
To uninstall Dr.Web
Quarantine folder and log files are not deleted automatically. You can delete them manually
from the Android/data/com.drweb/files folder in internal memory of your device .
User manual
Updating and Uninstalling Dr.Web Mobile Security Suite 17
User manual
Licensing 18
5. Licensing
A license allows you to use all features of the application during the validity period. It regulates
user rights for the purchased product according to the user agreement.
A license is required for all Dr.Web components to function in the following application
versions:
· Downloaded from your personal account of the Dr.Web Anti-virus service provider.
· Received from the anti-virus network administrator of your company.
· For Dr.Web on Android TV.
A license is required for all components, except for SpIDer Guard, Scanner and Security auditor,
to function in the following application versions:
If you want to try using the application before purchasing a license, you can activate a demo
license.
If you have a valid license for the products Dr.Web Security Space or Dr.Web Anti-virus (full
packaged product or digital license), you can activate it.
If you use the application in the central protection mode, the license is automatically
downloaded from the central protection server.
· In Dr.Web versions that require a license for all the components to function:
ú Tap More in the notification about a missing license on the main screen of Dr.Web.
ú On the Dr.Web main screen, tap Menu and select License.
· In Dr.Web versions that require a license for some of the components to function:
ú On the application main screen, select one of the components that require the purchase of
a license.
ú On the Dr.Web main screen, tap Menu and select License.
User manual
Licensing 19
User manual
Licensing 20
User manual
Licensing 21
If you select one of these options, a standard license purchase screen will open. After you
complete the payment, your license will be enabled automatically.
As a confirmation of your purchase of a 1 or 2 year license, a license key file will be sent to
your email address. If the license is not activated because of a possible technical issue,
contact our technical support: https://support.drweb.com/.
If the application is installed from the Doctor Web website or Xiaomi GetApps
User manual
Licensing 22
Starting from 09/01/2024, Dr.Web licenses for PC product do not cover Dr.Web Mobile
Security Suite. If you have purchased such a license later than 08/31/2024, in order to use
Dr.Web Mobile Security Suite you will need to buy a separate license.
To activate a license
User manual
Licensing 23
To register your serial number and activate the license in the application
User manual
Licensing 24
You will be redirected to the main screen of the application. At the bottom of the screen, you
will see a notification about a successful license activation.
1. Go to https://products.drweb.com/register/.
2. Enter a serial number that you received after you purchased Dr.Web.
3. Fill in the registration form.
User manual
Licensing 25
4. The license key file will be sent as a ZIP archive to your email address.
The file has the .key extension and contains, among other, the following information:
If any of the conditions are violated, the license key file becomes invalid, the anti-virus stops
detecting and neutralizing malicious programs.
The license key file becomes invalid after editing. Do not save changes after opening the
file in text editors to prevent the license from compromise.
1. Copy the key file to your device to a folder in the internal memory.
You can either copy the entire ZIP archive, or you can unpack the archive and copy only the
.key file to your device.
2. On the License screen, tap I already have a license.
3. Select Use a key file (see Figure 4).
4. Open the folder where you have copied the key file or the entire ZIP archive to, and tap it.
The key file will be installed and ready to use. You will be redirected to the main screen of the
application. At the bottom of the screen, you will see a notification about a successful license
activation.
A key file for Dr.Web Security Space or Dr.Web Anti-virus applications can be used with
Dr.Web only if it supports DrWebGUI and Update components.
User manual
Licensing 26
The key file editing makes it invalid. To prevent the license from compromise, do not save
the file when you close the text editor.
If the application is installed from the Doctor Web website or Xiaomi GetApps
User manual
Licensing 27
You can resume your subscription at any moment before the end of the set time period to
pause payments.
User manual
Licensing 28
After you cancel your subscription, the license will be valid until the end of the current billing
period.
· On Android. On the Dr.Web main screen (see Figure 8), tap Menu and select License.
· On Android TV. Open the Dr.Web main screen and go to Miscellaneous > License.
On the License screen, you can view license serial number, license owner name, license
activation and expiration dates.
If you are subscribed to the Dr.Web Anti-virus service, in the central protection mode, the
License screen also contains the subscription expiration date.
Renewing License
The subscription via Google Play is automatically renewed and charged once a month.
To extend your Dr.Web license, you do not need to reinstall or stop the application.
User manual
Licensing 29
· If you have obtained your current license from the Doctor Web website or from Xiaomi
GetApps, you can:
ú Purchase license.
ú Use a key file.
ú Renew license on your personal web page on the Doctor Web website.
To do so, tap Menu , select the About option, and tap My Dr.Web.
· If you have obtained your current license from Google Play:
User manual
Licensing 30
To enable notifications
1. On the Dr.Web main screen, tap Menu and select Settings (see Settings).
2. Tap License.
3. Select the Notifications check box.
User manual
Getting Started 31
6. Getting Started
After you install Dr.Web and activate a license, you can get acquainted with the interface and
the main menu, configure notifications, and place the Dr.Web widget on your Home screen.
On the same screen, you will be notified about sending statistics on the application operation
and the detected threats to the Doctor Web, Google, and Yandex servers.
You can disable sending statistical information at any time by clearing the Send statistics
check box in the General settings section of the application settings.
6.2. Permissions
On Android 6.0 or later, you can allow or block access to device features and personal data for
your apps.
After you install Dr.Web and accept the License Agreement, grant the app the necessary
permissions. Permissions might be also requested the first time you tap one of the components
or enable them.
· Dr.Web requires the following permissions on the first launch of the application:
ú Access to photos, media, and files on your device.
ú All files access (on devices with Android 11.0 or later versions).
These permissions are mandatory for the application.
ú Permission to send notifications (on devices with Android 13.0 or later versions).
Dr.Web needs this permission to use the notification bar for displaying messages about the
device protection status and Dr.Web component activities. If the permission is not granted,
Dr.Web cannot notify you about detected threats and component events until you open the
app.
· Call and SMS filter requires the following permissions:
ú Make and manage phone calls.
ú Send and view SMS messages.
ú Access your contacts.
User manual
Getting Started 32
ú Access notifications.
ú Access the call log (on devices with Android 9.0 or later).
ú Use Dr.Web as the default caller ID and spam app (on devices with Android 10.0 or later).
· URL filter requires access to Android accessibility features in order to operate in one of the
supported browsers.
· Dr.Web Anti-theft requires the following permissions:
ú Make and manage phone calls.
ú Send and view SMS messages.
ú Access your contacts.
ú Access notifications.
ú Access your device’s location.
ú Access Android accessibility features.
ú Make Dr.Web a device administrator.
· Dr.Web Firewall requires the following permissions:
ú Connect to a VPN in order to track traffic.
ú Drawing over other apps.
· Dr.Web on Android TV requires the following permissions:
ú Access your contacts.
ú Access to photos, media, and files on your device.
ú All files access (on devices with Android 11.0 or later versions).
· Basic permissions (access your photos, media, and files, contacts, etc.)—required for
most of the app features.
· Permission to send notifications (on devices with Android 13.0 or later versions)—for
displaying messages about the protection status and component events.
· All files access (on devices with Android 11.0 or later versions)—for performing device
checks.
· Call and SMS filter (may vary depending on the Android version, see above)—for call and
SMS filtering.
· Device administration—to protect the app from uninstalling and to use the full
functionality of Anti-Theft.
· Access to accessibility features—for app filtering and full functionality of URL filter, Anti-
Theft, and Parental Control.
· Drawing over other apps—for app filtering and Firewall functionality.
If the requested permissions are not granted yet, the Permissions required screen appears (see
Figure 7). You can grant all of the requested permissions or only the obligatory ones.
Obligatory permissions are marked with a yellow icon. Non-obligatory permissions are marked
with a gray icon. Once a permission is granted, its icon becomes green.
User manual
Getting Started 33
If you grant all of the permissions requested by a component, the app proceeds to the next
screen automatically. If you grant only the obligatory permissions, you can proceed to the next
screen by tapping the Continue button. You can grant the non-obligatory permissions the next
time you access the component from the Dr.Web main screen or on the settings screen of your
device.
If you decline the at least one permission request, you will be prompted to go to settings:
User manual
Getting Started 34
6.3. Interface
Main screen
The main screen (see Figure 8) comprises the list of the main Dr.Web components.
The menu in the top-right corner of the main screen allows you to:
User manual
Getting Started 35
Status bar
In the top part of the Dr.Web main screen, there is a status bar with an indicator that shows the
current protection status of your device (see Figure 9).
If Dr.Web has detected multiple events that require your attention, select More to open the
Events screen, which will display all events.
User manual
Getting Started 36
6.4. Notifications
On devices with Android 7.0 or later, all Dr.Web notifications are grouped into one extendable
notification.
On devices with Android 8.0 or later, Dr.Web notifications are separated into categories, or
channels. You can manage the behavior of each notification category separately in your device
settings. If you disable one of the categories, you will stop receiving all notifications from this
category. All the categories are enabled by default.
Notification categories
Category Notifications
Anti-virus protection If the notification bar is disabled, this category contains the following
status notifications:
Advanced components · Advanced components enabled. Shown if Call and SMS filter, URL filter,
status Dr.Web Anti-Theft, or Dr.Web Firewall is enabled.
· Agent enabled. Shown in the centralized protection mode if Call and SMS
filter (all incoming calls and SMS are accepted), URL filter, Dr.Web Anti-
Theft, and Dr.Web Firewall are disabled.
· Agent and advanced components enabled. Shown in the centralized
protection mode if Dr.Web Anti-Theft, Dr.Web Firewall, Call and SMS filter,
or URL filter is enabled.
Protection components Configuring components… Shown when the location of your device is
configuration requested from a buddy’s device if Dr.Web Anti-Theft is enabled in the app
version downloaded from Google Play.
User manual
Getting Started 37
Category Notifications
Group notifications This category does not contain any specific notifications but allows you to
group all Dr.Web notifications into one extendable notification.
Notification bar
The Dr.Web notification bar (see Figure 10) provides quick access to the main features of the
application. It also notifies you of suspicious changes in the system area as well as threats.
If Dr.Web detects suspicious changes in the system area or threats, on devices running Android
11.0 or earlier, the application icon changes to on the notification bar. On devices running
Android 12.0 or later, the application icon changes to , and the protection status indicator
turns red .
User manual
Getting Started 38
Figure 10. Notification bar on Android 11.0 (left) and Android 12.0 (right)
On Android 5.0 and 5.1, if Dr.Web detects suspicious changes in the system area or threats,
the notification bar is displayed over other applications until you apply an action to the
detected object or until you swipe over the notification.
If your device does not support SIM cards, instead of the Filter option the notification bar
contains the Downloads option, which allows you to scan downloaded files.
If Dr.Web operates in the centralized protection mode and you do not have the
permissions to change the Call and SMS filter settings or the URL filter settings, the
corresponding options Filter and URL filter are unavailable on the notification bar.
ú Open the app (when the protection status indicator is green). Tap .
ú Grant necessary permissions (when the protection status indicator is yellow). Tap .
User manual
Getting Started 39
ú Select website categories that you want to restrict access to. Tap .
ú View protection status, current and recommended actions. Tap .
6.5. Widget
Dr.Web widget allows you to quickly enable and disable real-time SpIDer Guard protection.
You can add the widget to your Home screen.
The green widget indicates that the SpIDer Guard component is enabled and the device is
under its active protection. The widget with a yellow icon indicates that the SpIDer Guard
component is disabled (see Figure 11). Tap the widget to re-enable SpIDer Guard.
User manual
Getting Started 40
6.6. My Dr.Web
My Dr.Web online service is your personal webpage on the official Doctor Web website. This
page provides you with information on your license including usage period and serial number.
It allows you to renew the license, review the information on the last update and the number of
records in virus databases, contact technical support, etc.
User manual
Dr.Web Account 41
7. Dr.Web Account
Dr.Web account protects access to Dr.Web components and device settings with a password or
a fingerprint.
ú Settings > Apps or Application manager > Dr.Web Security Space (for
Android 6.0 or later).
ú Settings > Accessibility features.
ú Settings > Privacy > Location (for Android 6.0 or later).
ú Settings > Privacy > Device Administrators > Dr.Web Security Space.
ú Settings > Advanced Settings > Reset Settings (the settings name and location
depend on your device).
On Xiaomi devices, access to the Restrict data usage setting is also protected.
If Parental Control is enabled on the device, the sections and settings mentioned above can be
accessed by fingerprint if the Unlock with fingerprint option is enabled in the Parental Control
settings.
You can protect access to Call and SMS filter, URL filter, and Dr.Web settings with your
password or fingerprint (see Blocking access to apps and components section).
User manual
Dr.Web Account 42
The email can be useful later if you forget your password. Enter an email address you have
access to.
Note that you will not be able to change your email address after signing up. To use another
address, you will have to delete the account and create it again with a new address.
5. Tap Next.
6. Set a password. The password must contain at least 4 characters.
7. Confirm the password and tap Next.
On the next screen, you will see a notification confirming that your account has been created
and registered successfully.
8. Tap Finish.
On the Account screen (see Figure 12), you can do the following:
User manual
Dr.Web Account 43
After you delete your account, Anti-Theft and Parental Control will be disabled, and their
settings will be reset.
To change your password or delete your account, enter the current account password or scan
your fingerprint.
User manual
Dr.Web Components 44
8. Dr.Web Components
A list of application components is located on the Dr.Web main screen. It also displays current
state of the components (enabled or disabled):
· Scanner scans your device on demand. 3 scan types are available: full scan, express scan, and
custom scan.
· Call and SMS filter blocks unwanted calls and SMS messages.
· URL filter restricts access to specific Internet resources.
· Anti-theft allows you to locate and lock your device if it is lost or stolen.
· Parental Control restricts access to app components and installed applications.
· Firewall controls Internet connections and data transfers over the network.
· Security Auditor performs system diagnostics and resolves detected security problems and
eliminate vulnerabilities.
If your device does not support SIM cards (there is no slot for a SIM card on your device),
Call and SMS Filter and Dr.Web Anti-Theft are unavailable.
On some devices, the Dr.Web icon may not show when the app is functioning in the
background. It happens because the device firmware optimizes background processes to save
power or improve performance. To pin the Dr.Web icon to the Android status bar, remove
background app restrictions: check your device settings and the built-in app manager settings.
The settings may vary by device. Oftentimes all you need to do is tap the lock icon next to the
Dr.Web app in Recent apps.
SpIDer Guard protects the file system even if the Dr.Web icon is not displayed on the Android
status bar. If you install a malicious app, the component reacts and shows a notification about
the threat. You can test SpIDer Guard by using the EICAR test file.
User manual
Dr.Web Components 45
If SpIDer Guard detects a suspicious change in the system area or a threat, the following items
appear on the screen:
ú on Android 4.4,
ú on Android 5.0–11.0,
ú on Android 12.0 or later.
· A pop-up notification about detection of a threat (see Picture 13).
· The (on Android 11.0 or earlier) or (on Android 12.0 or later) icon on the notification
bar.
· A message with a red indicator on the status bar.
To open check results, tap the ( ) icon or the status bar message.
SpIDer Guard will stop working if the internal device memory is cleared using the default
Task Manager. To restore real-time anti-virus protection, open Dr.Web again.
In the centralized protection mode, some features and settings of SpIDer Guard may be
modified and blocked for compliance with the company security policy or according to the
list of purchased services.
Files in archives
To enable scanning of files in archives, select the Files in archives check box.
By default, scanning of archives is disabled. Enabling archive scanning may impact system
performance and increase power consumption. Disabling the scanning does not decrease
the protection level because SpIDer Guard checks installation .apk files even if the Files
in archives option is off.
User manual
Dr.Web Components 46
To enable scanning of the built-in SD card and removable media on each mounting, select the
Built-in SD card and removable media check box. If the setting is enabled, the scan starts
every time SpIDer Guard is enabled. You will see the corresponding notification.
System area
To monitor changes in the system area, select the System area check box. If the setting is
enabled, SpIDer Guard monitors changes (addition, change, and deletion of files) and notifies
only on deletion of any files as well as addition and change of executable
files: .jar, .odex, .so, APK, ELF files, etc.
To run a recheck of the system area, tap Recheck system area. SpIDer Guard will check the
previously ignored changes in the system area again.
To enable notifications on changes of any files in the system area (not only executables), select
the Notifications about system area check box.
Additional options
To enable detection of adware and riskware (including hacktools and j okes), tap Additional
options, then select the Adware and Riskware check boxes respectively.
Statistics
The application registers events related to the operation of SpIDer Guard: enabling/disabling
of SpIDer Guard, threat detections, and check results of the device storage and installed
applications. SpIDer Guard statistics appear in the Events section of the Statistics tab and are
sorted by date (see Statistics).
User manual
Dr.Web Components 47
The file is not a virus. It does not contain any fragments of a viral code. Thus, it is absolutely
safe for your device. Dr.Web detects the file as “EICAR Test File (NOT a Virus!)”.
1. In any text editor, create a new file which includes only the string:
X5O! P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
As soon as you save the EICAR file on your device, a warning message from SpIDer Guard
appears (see Figure 13).
Figure 13. EICAR test file detection on Android 10.0 (left) and Android 12.0 (right)
It is recommended to scan the system periodically, especially if SpIDer Guard has been
deactivated for a while. Usually the express scan is sufficient for this purpose.
In the centralized protection mode, Dr.Web Scanner settings may be modified or blocked in
compliance with your company’s security policy or according to the list of purchased
services. The scan may start in accordance with a schedule set by the network
administrator.
User manual
Dr.Web Components 48
Scanning
To scan the system, on the Dr.Web main screen, select Scanner. Then on the Scanner screen
(see Figure 14), do one of the following:
If your device is rooted, you can also scan the /sbin and /data folders located in the root
directory.
On devices with Android 11.0 or 12.0, to scan the /Android/data and /Android/obb
folders, a permission is required for Dr.Web to access these folders.
User manual
Dr.Web Components 49
On devices with Android 13.0 or later versions, the /Android/data and /Android/obb
folders are system-protected and thus cannot be scanned.
If Dr.Web Scanner detects threats, the icon appears at the bottom of the scan screen. Tap
the icon to open check results (see Figure 16) and neutralize threats. If you switch to another
screen or application, you can open check results by tapping the icon on the notification bar.
1. Tap and hold the file in the hierarchical list (see Figure 15), then tap Send to laboratory.
2. On the next screen, enter your email address if you want to receive the results of the file
analysis.
User manual
Dr.Web Components 50
· To enable the scanning of files in archives, select the Files in archives check box.
By default, the scanning of archives is disabled. Enabling archive scanning may impact
system performance and increase power consumption. Disabling archive scanning does not
decrease the protection level because Dr.Web Scanner checks APK installation files even if
the Files in archives check box is not selected.
· To enable/disable detection of adware and riskware (including hacktools and j okes), tap
Additional options and select/clear the Adware and Riskware check boxes respectively.
Statistics
The application registers events related to the operation of Dr.Web Scanner (scan type, check
results, and detected threats). All registered actions appear on the Events section on the
Statistics tab and are sorted by date (see Statistics).
User manual
Dr.Web Components 51
ú The (on Android 11.0 or earlier) or (on Android 12.0 or later) icon on the notification
bar.
ú A message with a red indicator on the status bar.
To open check results, tap the ( ) icon or the status bar message.
On Android 5.0 or later, the threat notification will also appear on the lock screen. Tap it to
access check results.
Neutralizing Threats
On the Check results screen, you can review the list of threats and changes in the system area.
For each obj ect, its type and name are specified, as well as the icon of the recommended
option for the obj ect.
Obj ects are marked in different colors depending on the degree of danger. Listed below are
the threat types in decreasing danger order:
1. Malware.
User manual
Dr.Web Components 52
2. Riskware.
3. Hacktool program.
4. Adware.
5. Changes in the system area:
· New files in system area.
· Change of system files.
· Deletion of system files.
6. Joke program.
To view the file path, select the obj ect. For threats that are detected in apps, the app package
name is also specified.
· In the top-right corner of the Check results screen, select Menu > Delete all.
· In the top-right corner of the Check results screen, select Menu > All to quarantine.
User manual
Dr.Web Components 53
If the threat is detected in an installed application, it cannot be moved to the quarantine. In this
case, the Move to quarantine option is not available.
Ignore to temporarily leave the change in the system area or the threat as it is.
Send to laboratory or False positive to send the file to the Doctor Web anti-virus
laboratory for analysis. The analysis will show if there is a threat or it is a false positive. If it is a
false positive error, it will be fixed. To receive the analysis results, enter your email address.
If the file is sent to the laboratory successfully, the Ignore option is automatically applied to
the obj ect.
The Send to laboratory option is available only for added or changed executable files in the
system area: .jar, .odex, .so, APK, ELF files, etc.
The False positive option is available only for threat modifications and for threats detected in
the system area.
More on the Internet to view the detected obj ect description on the Doctor Web website.
For system applications, the Block option is available. Select it to have Dr.Web Firewall block
all internet connections for the system application identified as a threat.
For system applications, as well as for any installed applications, the Move to quarantine
option is not available.
If a system application can be safely deleted or cured, the corresponding option is available for
it. For that, root access should be allowed on your device.
If a system application cannot be safely deleted, the Delete option is not available, but you can
use the following guidelines:
· Stop the application from the device settings: open Settings > Applications and select the
application detected as threat. Then on the screen with information on this application, tap
Stop.
Repeat this action every time after you restart your device.
· Disable the application in the device settings: open Settings > Applications and select the
application detected as a threat. Then on the screen with information on this application, tap
Disable.
User manual
Dr.Web Components 54
· If a custom operating system (ROM) is installed on the device, you can restore the official
software of your device manufacturer by yourself or in a service center.
· If you use official software of the device manufacturer, try to contact the vendor for more
information on this application.
· If root access is allowed on your device, you can try to delete this application using special
utilities.
To disable notifications about threats in system applications that cannot be safely deleted,
select the System applications check box in the Settings > General settings > Additional
options section.
On Android TV, select the System applications check box in the Miscellaneous >
Settings > General settings > Additional options section.
Malicious applications can gain root access and make changes to the system area: delete, add,
or change files or folders.
The SpIDer Guard component can monitor changes in the system area. You can enable system
area monitoring in the SpIDer Guard settings. If the component detects suspicious changes in
the system area, it notifies you about it.
If SpIDer Guard detects one of the changes listed, the files or folders themselves are not
necessarily malicious. However, the change could have been made by a malicious application.
· Ignore.
· Send to laboratory (available only if executable files have been added or
changed: .jar, .odex, .so, APK, ELF files, etc.).
User manual
Dr.Web Components 55
SpIDer Guard merely informs you about the changes listed above. To detect the malicious
application that could have made the change to the system area, run the full scan.
Stagefright exploits are detected and neutralized by Dr.Web Firewall. Enable it to protect your
device from Stagefright exploits.
Dr.Web Firewall scans all multimedia files you download in real time. If Dr.Web detects
malicious code in a file you are downloading:
· A notification with the icon appears at the bottom of the screen. The threat name has the
postfix <threat.name>.Stagefright.
· Information on the detected threat is added to the app statistics.
Ransomware can compromise your photos, videos, and documents. In addition, the programs
may steal various information about the infected device (including IMEI) and information from
the phone book of the infected device (contact names, phone numbers and email addresses)
and transmit it to the cybercriminals’ servers. Ransomware programs monitor incoming and
outgoing communications and can block those communications if desired. All the information
collected, including phone call data, is also transmitted to the control server.
Dr.Web detects and removes ransomware when it attempts to get on your device. However, the
number of malicious programs increases every day. That is why it is extremely important to
update Dr.Web virus databases on your device regularly, as it may prevent your device from
getting infected.
If your mobile device is locked by a ransomware program and SpIDer Guard is enabled on the
device, you can use Dr.Web to unlock it.
User manual
Dr.Web Components 56
Finishing active processes can result in losing data of other applications that were active
when the device was locked.
6. Once the device is unlocked, it is recommended to update the Dr.Web virus databases and
perform an express scan of the system, or to delete the malicious application.
For filtering, you can select one of the standard lists or create your own.
SMS filter does not work in app versions from Google Play.
The filter may not work correctly on devices with two SIM cards.
SMS filter may not work correctly due to system restrictions of Android. Blocked messages
might appear in the SMS log.
In the central protection mode, some filter features and settings may be modified and
blocked for compliance with your company security policy or according to the list of
purchased services.
Permissions
Once you enable Call and SMS filter, it can request the following permissions:
User manual
Dr.Web Components 57
On devices with Android 9.0 and later Call and SMS filter also requests access to the call log.
On devices with Android 10.0 and later Call and SMS filter also requests the permission to use
Dr.Web as the default caller ID and spam app.
If you use a Xiaomi phone with installed Security app, grant Dr.Web the permission to
manage SMS messages in this app.
· Enable the Block all option to block all incoming calls and SMS messages.
· Add contacts to Black List.
· Create your own lists.
To create a list
1. On the screen with the necessary list, tap the icon. Select one of the options:
Contacts to add a contact from your contacts on your device.
Call log to add a contact from your recent calls. Available only in the version
downloaded from the website.
SMS log to add a contact from your recent SMS messages. Available only in the version
downloaded from the website.
Keyword to add a keyword for blocking SMS messages. Available only in the version
downloaded from the website.
Dr.Web will check all incoming text messages for the word or phrase you have added. If you
want the application to block messages by words that may not stand next to each other, add
them one by one.
User manual
Dr.Web Components 58
Private number to block calls from any hidden numbers. Available only in the version
from Google Play. In the version from the website and from Huawei AppGallery, you can
add a hidden number from your call or SMS log.
New contact to create a new contact or mask.
Import contacts to import a contact list that was saved earlier.
2. If necessary, edit a name and phone for each contact, select what to block: Calls or SMS. You
cannot edit private numbers or numbers added from your contacts.
· Enable the Contacts option to accept calls and SMS messages only from your contacts.
· Create your own lists.
To create a list
1. On the screen with the necessary list, tap the icon. Select one of the options:
Contacts to add a contact from your contacts on your device.
Call log to add a contact from your recent calls. Available only in the version
downloaded from the website.
SMS log to add a contact from your recent SMS messages. Available only in the version
downloaded from the website.
New contact to create a new contact or mask.
Import contacts to import a contact list that was saved earlier.
2. If necessary, edit the name and phone number for each contact. You cannot edit a number
added from your contacts.
User manual
Dr.Web Components 59
8.2.3. Masks
Masks allow you to add similar numbers to the lists of blocking and allowing filters.
To add a mask
1. On a screen with the necessary list, tap the icon and select New contact.
2. If necessary, edit a name.
3. When typing a number, use a star * at the beginning, end, or both.
A star replaces any sequence of characters. Do not use a star in the middle of a number or
two stars in a row: such mask will not work.
4. If you add a mask to the blocking filter list, select what to block: Calls or SMS.
Mask examples
Example Description
*0* All numbers containing 0 at the beginning, in the middle or at the end of the
number
To edit a list
User manual
Dr.Web Components 60
3. Tap Save.
To delete a list
If you accidentally delete a wrong list, you can restore it by tapping Undo. You cannot delete
the standard lists.
A contact deleted from the list is not deleted from your contacts on your device.
If calls or SMS messages are blocked, the corresponding information is displayed on the
status bar. To view details, tap More on the status bar.
The following information is available for each blocked call and SMS message:
User manual
Dr.Web Components 61
To call
To send SMS
In an attempt to open a restricted webpage, you will see a relevant notification and will not be
able to access its contents.
On the Dr.Web main screen, tap URL filter (see Figure 17).
URL filter may request access to Android accessibility features in order to work in one of the
supported browsers. Without this access, URL filter will not be able to operate.
User manual
Dr.Web Components 62
Website categories
Dr.Web allows you to select specific website categories with a restricted access. Open the
Website categories list and select necessary categories:
· Non-recommended sites
· Adult content
If you select this option, you will enable safe search in Google, Yandex, Bing, Yahoo, and
Rambler. It means that adult content will be completely excluded from the search results.
· Violence
· Weapons
· Gambling
· Drugs
· Obscene language
· Online games
· Terrorism
· Email
· Social networks
· Chats
User manual
Dr.Web Components 63
1. In the URL filter screen, open the Black and white lists section.
2. Select a list.
You can add only specific website URLs. Adding masks or keywords is not supported.
If you try to add a URL that is already on the opposite list, you will be prompted to move it.
Enable this option to be able to view only those websites you have added to the White list.
Access to other websites will be restricted.
In the centralized protection mode, URL filter settings can be modified and blocked for
compliance with your company security policy or according to the list of purchased
services.
User manual
Dr.Web Components 64
· Configure Dr.Web Anti-theft in advance. For example, enable device lock if a SIM card is
changed.
· Send a command to Dr.Web Anti-theft, for example, to locate the device.
If you use the app version downloaded from the Doctor Web website on a Xiaomi phone
with the Security app installed, grant Dr.Web the permission to manage SMS messages in
this app.
User manual
Dr.Web Components 65
In the centralized protection mode, some features of Dr.Web Anti-Theft can be modified or
blocked for compliance with your company's security policy or according to the list of
purchased services.
To open Anti-Theft
If you upgrade to version 12, your Dr.Web Anti-Theft password automatically becomes your
Dr.Web account password.
User manual
Dr.Web Components 66
Available only in the version downloaded from the Doctor Web website.
Cards with SMS commands are located at the top of the Anti-theft screen (see Figure 18).
Buddies
Buddies are contacts you trust to manage your device with commands, or contacts that trust
you. In the app, buddies are separated into two tabs: I trust and They trust me.
I trust
On this tab, you can see a list of buddies you trust to manage your device with commands. You
have added these contacts as buddies using their phone numbers or email addresses.
Only the version You have added a phone number. The buddy can send SMS commands to
from Doctor Web your device without a password.
website
Any You have added an email address. The buddy has not confirmed your
buddy request yet and cannot send push commands to Dr.Web Anti-theft.
To confirm your request, the buddy needs to have Dr.Web Security Space
or the free Dr.Web Light app installed on their device. Your request may
have gone unnoticed. Send another request if necessary.
Any You have added an email address. The buddy has confirmed your buddy
request. Now they can send push commands to Dr.Web Anti-Theft.
Any You have added an email address, but the buddy has rejected your buddy
request. They cannot send push commands to Dr.Web Anti-Theft. In this
case, you can remove the contact from your buddy list.
User manual
Dr.Web Components 67
To add a buddy
You can add up to five email addresses. In the version downloaded from the Doctor Web
website, you can add up to five phone numbers.
You cannot edit a buddy’s profile if they rejected your buddy request.
To remove a buddy
They trust me
The They trust me tab contains the list of buddies who trust you to manage their devices. They
added you as a buddy in Dr.Web Anti-Theft using your email address. Confirm the buddy
request to be able to manage your buddy’s device remotely.
User manual
Dr.Web Components 68
Icon Description
You have not confirmed the buddy request yet. Confirm the request to be able to send push
commands to the buddy’s device.
You have confirmed the buddy request. You can manage your buddy’s device remotely using
push commands.
You have been removed from the buddy list. Your buddy needs to send you another request
for you to be able to send push commands.
· Tap the request notification that you received after someone added you as a buddy and then
tap Confirm.
· Select the contact on the They trust me tab and tap Confirm.
· Tap the request notification that you received after someone added you as a buddy and then
tap Decline.
· Select the contact on the They trust me tab and tap Decline.
· Remove the contact from your buddy list.
You cannot edit a buddy’s profile if they removed you from their buddy list.
To remove a buddy
User manual
Dr.Web Components 69
If you use two SIM cards on a device with Android 5.1 or later, both SIM cards are added to the
trusted list automatically. If you use a device with Android 5.0 or earlier, you can add only one
SIM card to the trusted list (you cannot add both SIM cards at the same time).
For every SIM card on the list, its name, as well as its ID number (on devices with Android 5.0 or
earlier) or the mobile network operator (on devices with Android 5.1 or later) are displayed.
New SIM cards are added to the trusted list when you reboot your device or launch Dr.Web.
· For more detailed information on a SIM card, tap it on the list. Depending on the OS version,
the following fields may be available: name, operator, ID.
· To rename a SIM card, tap it on the list. On the SIM card details screen, enter a new name in
the Name field and tap Save.
· To remove a SIM card from the trusted list, swipe it left.
You cannot remove a SIM card that is currently used on your device.
User manual
Dr.Web Components 70
· Tap Text on the lock screen, edit the text and then tap Save.
· Tap Text on the lock screen, edit the text and then tap Save.
Settings
Enable this option to force Dr.Web Anti-Theft to lock your device after every reboot. To unlock
your device, you will be prompted to enter your Dr.Web account password. Your device will
stay locked until you enter your password.
Dr.Web Anti-Theft will lock your device as soon as it detects a SIM card that is not on the
trusted SIM card list. To unlock your device, you will be prompted to enter your Dr.Web account
password. Your device will stay locked until you enter your password.
Available only in the version downloaded from the Doctor Web website.
Enable this option to make Dr.Web Anti-Theft send SMS messages to your buddies when a SIM
card which is not on the trusted list is detected on your device. Dr.Web Anti-Theft also identify
the phone number linked to the SIM card.
User manual
Dr.Web Components 71
Anti-Theft resends SMS messages to your buddies at every device reboot with the changed SIM
card. Anti-Theft can send a maximum of five of such SMS broadcasts a day.
Remove data
This option is disabled by default.
If your device is stolen and locked, a stranger can try to unlock it by means of a direct password
search. In order to protect your data, enable the Remove data option.
· If Dr.Web is activated as a device administrator, Dr.Web will trigger a factory reset. This
uninstalls all of your apps and removes your personal data, photos and videos, messages and
contacts. Information on your SD card will also be removed. Note that a factory reset will also
uninstall Dr.Web from your device.
· If Dr.Web is not activated as a device administrator, your personal data will be deleted
(except for your SMS since Dr.Web is not set as the default app for sending and receiving
messages). Dr.Web will not be uninstalled and will continue to lock your device.
No SIM mode
This mode is enabled when a SIM card is missing on your device or when your device
configuration blocks access to SIM card information for installed apps. This concerns devices
that feature a SIM card slot.
Once Dr.Web Anti-Theft detects that it has no access to SIM card information, you are
prompted to enter your Dr.Web account password. The notification bar also shows a
notification that a SIM card is not found. Enter your Dr.Web account password to make the no
SIM card mode trusted. You will not be able to send SMS commands, but the other Anti-Theft
functions will be available.
· Push commands are sent via push notifications and are not displayed on the recipient’s
device.
· SMS commands are sent via SMS messages and are displayed on the recipient’s device.
User manual
Dr.Web Components 72
Sender Device with any app version. Anti-Theft is Dr.Web is not required to be installed.
enabled, the recipient’s buddy request is
· Any device if the password is specified
confirmed in Anti-Theft.
in the command.
· Device with a phone number that is
added to the recipient’s Buddy list if
the password is not specified in the
command.
Recipient Device with any app version. Anti-Theft is Device with the app version from the
enabled. website or with the version from
HUAWEI AppGallery. Anti-Theft is
enabled.
The Show on Lock screen system setting found on some devices may prevent you from
entering your Dr.Web account password on a device that was blocked with a command.
This setting is disabled by default. If you have enabled it, open your device settings, select
Apps > Dr.Web > Other permissions, and disable the Show on Lock screen setting.
Push commands are commands for managing Dr.Web Anti-Theft that are sent over Android
push notifications. Push notifications that contain push commands are not displayed on the
recipient’s device but they are processed by the app.
Please note that correct operation of push commands is not guaranteed in the app version
from Huawei AppGallery installed on non-Huawei devices. That is because outdated mobile
services might be used for sending push commands.
1. To send and receive push commands, the devices must be connected to the internet.
2. The Dr.Web Security Space app must be installed on the recipient’s device. Dr.Web Security
Space or Dr.Web Light must be installed on the sender’s device.
3. Anti-Theft must be enabled on the recipient’s device.
4. A push command can be sent only from a device where the recipient’s buddy request has
been confirmed before.
User manual
Dr.Web Components 73
· If Dr.Web Security Space is installed on your buddy’s device, the buddy can send any push
commands.
· From the Dr.Web Light app, a buddy can unlock the recipient’s device by using the Help
Your Buddy component.
Commands
The Show on Lock screen system setting found on some devices may prevent you from
unlocking a device locked with a command. Make sure in advance that this setting is
disabled.
Command Action
You will receive a notification with a link to a map showing the device
location.
When you tap the link, the special Doctor Web service called Dr.Web Anti-
Theft Locator opens a browser tab with a map and the location of your
device on the map. The location accuracy depends on the GPS receiver, Wi-Fi
networks and GSM transmitting stations. Thus, depending on the available
data, the received coordinates may be exact (showing a position on the map)
or approximate (showing a circle).
You can select a map service from the list at the top of the map page.
Lock device Lock the device. To unlock it, the Dr.Web account password needs to be
entered.
Lock device and turn on a Lock the device and enable a sound alert that is impossible to switch off even
sound alert by rebooting the device. To unlock it, the Dr.Web account password needs to
be entered.
Remove data Remove all data from the device. If Dr.Web is activated as an administrator
on the buddy’s device, the command will restore the default device settings.
User manual
Dr.Web Components 74
Command Action
This action is also performed if your device is locked and the Remove data
option is enabled in the Dr.Web Anti-Theft settings.
Reset password Unlock the device and reset Dr.Web account password. To send the
command, a verification code is required. The code is displayed on the
buddy’s device.
You can only send SMS commands to devices with the app version installed from the
Doctor Web website.
In order for SMS commands to work on a Xiaomi phone with the Security app installed,
Dr.Web has to have the permission to manage SMS in this app.
You can manage Dr.Web Anti-Theft remotely by sending SMS commands. SMS commands
allow you to get the location of a device, lock it, or delete personal data.
It is not recommended to send SMS commands with your password to a lost or stolen device.
Cybercriminals can view the SMS with the password and unlock the device. To send an SMS
command without a password, add phone numbers to your buddy list in advance.
SMS commands
The Show on Lock screen system setting found on some devices may prevent you from
unlocking a device locked with a command. Make sure in advance that this setting is
disabled.
Command Action
In response to the command, you will receive the following SMS message:
“Dr.Web Anti-Theft - The <device name> phone is locked”.
#SIGNAL#Password# Locks the device and enables a sound alert that is impossible to switch off
even by rebooting the device.
In response to the command, you will receive the following SMS message:
“Dr.Web Anti-theft - The <device name> phone is locked”.
User manual
Dr.Web Components 75
Command Action
#LOCATE#Password# Requests the coordinates of the device that you will receive in an SMS
message.
When you tap the link, the special Doctor Web service called Dr.Web Anti-
Theft Locator opens a browser tab with a map and the location of your
device on the map. The location accuracy depends on the GPS receiver, Wi-Fi
networks and GSM transmitting stations. Thus, depending on the available
data, the received coordinates may be exact (showing a position on the map)
or approximate (showing a circle).
You can select a map service from the list at the top of the map page.
#UNLOCK#Password# Unlocks the device without resetting the Dr.Web account password.
#WIPE#Password# Restores the factory settings of the device and deletes all data from the
device memory and the SD card.
In response to the command, you will receive the following SMS message:
“Dr.Web Anti-Theft - Deleting data on the phone <device name>”.
This action is also performed if your device is locked and the Remove data
option is enabled in the Dr.Web Anti-Theft settings.
#RESETPASSWORD# Unlocks the device and sets a new password. This command can be
performed only if sent from a number from the buddy list.
SMS commands are not case sensitive. For example, to lock the device, you can send the
#LOCK#Password# command as #Lock#Password#, #lock#Password#, #lOck#Password#,
etc.
To get more precise results after sending the #LOCATE# SMS command, enable the use of
mobile networks for geolocation in your device settings in advance.
1. On the Anti-theft screen (see Figure 18), tap any card with an SMS command.
2. Tap Send SMS command.
User manual
Dr.Web Components 76
Disabling Dr.Web Anti-Theft significantly decreases the protection level of your device.
User manual
Dr.Web Components 77
settings. When attempting to launch a blocked app or access component settings, the device
user sees the blocked app screen or the account login screen. A blocked app or component can
be accessed only by entering your Dr.Web account password or scanning your fingerprint.
User manual
Dr.Web Components 78
Training mode
The top part of the Parental Control main screen (see Figure 19) displays mini-slides that allow
you to go to the training mode. The training mode helps you quickly learn how to use the main
features of Parental Control.
Each of the mini-slides leads to a training mode section. Swipe a mini-slide left or right to
move to the next or previous mini-slide. Tap the mini-slide to open the corresponding training
mode section.
In the training mode, you can view fullscreen slides that tell you how to use the main features of
Parental Control (see Figure 20). Swipe the current slide left to move to the next one.
User manual
Dr.Web Components 79
To exit the training mode, tap in the bottom-left corner of the screen.
Apps
The Apps section contains the list of all apps installed on the device.
To block access to an app or all apps in a group, select the check box next to the name of the
app or app group. To restore access, clear the check box.
User manual
Dr.Web Components 80
App groups
By default, all apps are separated into system groups by category. To see apps within a group,
tap the group name.
On devices with Android 8.0 or earlier, all apps are found in the Other system group.
User-defined groups are displayed at the top of the app group list.
3. Delete the groups by tapping the icon in the top-right corner of the screen.
User manual
Dr.Web Components 81
If the Block browsers without URL filter or Block new apps option is enabled in the Parental
Control settings, the Browsers without URL filter or New apps system group will appear on
the app list. To restore access to apps in these groups, disable the corresponding option in the
Parental Control settings.
You can use the search function to navigate the app list.
Time-restricted access
You can block access to app groups all the time or in the set time intervals.
Restriction type is shown to the right of the group name. Two restriction types are available:
Only one time interval can be set for one restriction. To block the app group at other times,
create more restrictions.
User manual
Dr.Web Components 82
To edit a restriction
5. Save the changes by tapping the icon in the top-right corner of the screen.
To delete a restriction
Components
In addition to apps and app groups, you can also block access to Dr.Web component settings:
Call and SMS Filter, URL filter, Firewall, and the Dr.Web app settings.
Time-restricted access is not available for Dr.Web components. Access will be blocked at all
times.
To access a blocked component, enter the Dr.Web account password or scan your fingerprint (if
the corresponding setting is on).
User manual
Dr.Web Components 83
New apps
If the Block new apps option is enabled in the Parental Control settings, all apps installed after
enabling the option will be placed into the New apps system group. When an app from the
New apps group is launched, the blocked app screen shows an option that allows you to grant
access to the app from now on.
User manual
Dr.Web Components 84
· Block new apps. Allows you to block access to apps installed after enabling this option. New
apps are added to the New apps system group. Access to apps from this group is always
blocked.
You can grant access to an individual app by using the Remove from “New apps” group
option on the blocked app screen.
· Block browsers without URL filter. Allows you to block access to browsers not supported by
URL filter. The browsers are added to the Browsers without URL filter system group. Access
to apps from this group is always blocked.
· Block access to recent apps screen. Allows you to block the recent apps screen. The blocked
app screen will be shown when the recent apps screen is opened.
User manual
Dr.Web Components 85
The option might not work as intended if you use a third-party system shell.
· Unlock with fingerprint. Allows you to use your fingerprint instead of the Dr.Web account
password for gaining access to apps and components.
Before enabling this option make sure that only the Dr.Web account owner’s fingerprints
are registered on the device.
After multiple fingerprint recognition errors, the fingerprint sensor will be disabled. To
enable it again, unlock the device by means of another unlock option (pattern, PIN code, or
password).
· Parental Control log. Enables the Parental Control log. Once the option is enabled, the View
log option is available.
By default, Parental Control log events are shown as a list of events grouped by date. The
following events are registered in the log:
· App events:
ú launch attempt,
ú unlocking.
· Dr.Web component and Parental Control events:
ú enabling,
ú disabling.
Event filter
To sort or filter events by a set parameter, tap the icon in the bottom-right corner of the
screen and select Filter.
User manual
Dr.Web Components 86
· oldest on top,
· newest on top,
· A to Z,
· Z to A.
You can also filter events by event type: app unlocking, launch attempt; component enabling,
disabling.
To sort or filter the event list, select the desired parameters and go back to the event list.
You can restore the default view by tapping in the top-right corner of the Event filter
screen.
Searching
Grouping
You can group events by app or component. When grouping is enabled, the Parental Control
log is displayed as a list of apps and components whose events have been registered in the log
(see Figure 23).
To group Parental Control log events, on the log screen, tap Menu in the top-right corner of
the screen and select the Group check box. Tap the app or component name to expand the list
of relevant events.
User manual
Dr.Web Components 87
Group filter
You can sort groped events by a set parameter.
You can restore the default view by tapping in the top-right corner of the Group filter
screen.
User manual
Dr.Web Components 88
Dr.Web Firewall is based on VPN for Android technology, so it does not require root access on
the device. However, the VPN for Android technology sets a number of limits:
· Only one app at a time can use VPN. Before enabling VPN, the application prompts you to
provide it relevant permission. If you give the permission, the application starts using VPN,
but it blocks access to VPN for other applications. Dr.Web Firewall requests VPN permission
the first time you enable the component. It can also request the permission after the device
reboot and after VPN requests from other applications. VPN is shared among the applications
over time. Dr.Web Firewall can operate only when it gets full rights to use VPN.
· Enabling Dr.Web Firewall can result in inability to connect the device on which Dr.Web
Firewall runs to other devices directly using Wi-Fi or local network. It depends on the device
model and applications which are used to establish a connection between devices.
· When Dr.Web Firewall is enabled, you cannot use your device as a Wi-Fi access point.
Dr.Web Firewall uses the VPN for Android technology only to perform its functions, without
creating a VPN tunnel, so the traffic is not encrypted.
User manual
Dr.Web Components 89
On devices with Android 7.0 or later you can set your OS to automatically enable Dr.Web
Firewall after the device boots. To do so:
On devices with Android 8.0 or later, you can block access to the internet after the device boots
until the VPN successfully connects. To do so, enable the Block connections without VPN
setting.
When other application starts using VPN, Dr.Web Firewall will be disabled. You will see a
corresponding notification. Tap this notification to enable Dr.Web Firewall again.
If you use a restricted profile (guest profile) on your device, Dr.Web Firewall is disabled.
Main screen
The Firewall main screen displays cards containing information from its sections:
· Traffic limit (when a limit is set): displays information on the current traffic limit.
· Active apps: displays a diagram of the incoming and outgoing traffic used by active app
connections.
· All apps: displays the total sum of all incoming and outgoing traffic used by apps installed on
the device.
Tap More on the app traffic or traffic limit card to go to the corresponding section.
The menu in the top-right corner of the main screen allows you to:
User manual
Dr.Web Components 90
The section card on the main Firewall screen displays apps with the highest active traffic use.
Tap More to open the full list of apps with active connections.
The following information is provided on every app on the Active apps screen (see Figure 24):
· User settings. Apps with a changed access to data transmission are marked with the icon.
· System threats with blocked internet connection. System apps with a blocked access to data
App connections
Tap the icon to the left of the name of an app on the Active apps screen to see detailed
information on connections established by the app:
User manual
Dr.Web Components 91
· total amount of incoming and outgoing traffic used by each of the established connections;
· connection rule:
ú allowing,
ú blocking,
ú redirecting,
ú not set.
To copy a connection address to the clipboard, tap and hold the connection row. The address
will be copied to the clipboard.
Connection rules
You can create allowing, blocking, and redirecting rules to manage connections established by
apps (see Connection Rules). To create or edit a rule, tap the or icon to the right of the
connection.
App sorting
To sort the list of apps, tap the icon in the bottom-right corner of the screen, then tap
Filter and select a sorting option:
· highest traffic first—apps with the highest traffic will be at the top of the list;
· lowest traffic first—apps with the lowest traffic will be at the top of the list;
· A to Z;
· Z to A.
By default, apps are sorted by traffic (apps with the highest traffic are at the top of the list). To
restore the default sorting, tap the icon on the Filter screen.
Search
To quickly navigate to a certain app, use the search by app name function. To do so, tap the
icon in the bottom-right corner of the screen, then tap Search and enter your query in the
search field at the bottom of the screen.
Floating window
To see all active internet connections in real time and control the amount of incoming and
outgoing traffic, enable the floating window that is displayed on top of all other apps (see
Figure 25).
User manual
Dr.Web Components 92
1. Go to the Active apps screen and tap the icon in the top-right corner (see Figure 24).
2. Allow the app to display its floating window on top of the other apps.
If the permission to draw over other apps is removed, the floating window cannot be
displayed. To enable it again, tap the icon in the top-right corner of the screen and grant
the requested permission.
Total traffic size is calculated since the moment you enable the window.
· To open the list of apps that are using internet connections (see Figure 26), tap the floating
window.
· To close the list of apps, tap .
· Go to the Active apps screen and tap the icon in the top-right corner.
User manual
Dr.Web Components 93
The section card on the main Firewall screen displays the total amount of incoming and
outgoing traffic used by applications since enabling Firewall. Tap More to open the full list of
apps.
The following information is provided on every app on the All apps screen:
Tap the name of an app to go to the Application screen and see the statistics, settings, and
rules for this app.
To filter or sort the list of apps, tap the icon in the bottom-right corner of the screen, then
tap Filter and select the options:
· Display apps:
ú with no traffic.
· Sort:
ú highest traffic first—apps with the highest traffic will be at the top of the list;
ú lowest traffic first—apps with the lowest traffic will be at the top of the list;
ú A to Z;
ú Z to A.
By default, apps are sorted by traffic (apps with the highest traffic are at the top of the list),
apps with no traffic are displayed. To restore the default list view, tap the icon on the Filter
screen.
User manual
Dr.Web Components 94
Search
To quickly navigate to a certain app, use the search by app name function. To do so, tap the
icon in the bottom-right corner of the All apps screen, then tap Search and enter your
query in the search field at the bottom of the screen.
· Use IPv6. Allows you to enable or disable the use of IPv6 in parallel with IPv4.
· Allow DNS over TCP. Allows you to enable or disable the use of the DNS over TCP protocol
for DNS query redirection and the hiding of domain names.
The use of the DNS over TCP protocol may prevent domain names from being displayed
on some Firewall screens.
The setting works on devices which support this protocol type. The setting is disabled by
default.
· Block connections for new apps. Allows you to block access to networks for apps installed
after enabling the setting. You can block connections over Wi-Fi and mobile networks by
selecting the corresponding check boxes below the setting.
· Store rules and statistics after deleting apps. Allows you to store data of apps removed
from your device for the selected period of time: one week, month, or year.
All rules
The All rules screen contains the list of all connection rules of all apps (app groups).
To open the list of all rules, on the All apps screen, tap Menu and select All rules.
The rules are grouped by the name of the app (or app group) that established the connection.
Apps are sorted in alphabetical order. To expand the list of rules of an app, tap the icon to
the left of the app (app group) name. App rules are listed in the order of their execution.
· Tap and hold the icon next to the rule you want to move, then drag the rule to the desired
position on the list.
User manual
Dr.Web Components 95
· Tap the icon in the bottom-right corner of the All rules screen and enter your query in
the search field at the bottom of the screen.
App rules can be stored on the device for the specified period of time after the app is deleted
if the corresponding setting is enabled.
· over Wi-Fi ,
· over mobile networks ,
· over mobile networks when roaming .
Allowed access types are marked with green icons, blocked access types are marked with gray.
By default, data transmission is allowed over Wi-Fi and mobile networks and blocked over
mobile networks when roaming for all apps.
· On the All apps screen, tap Wi-Fi, Mobile data, or Roaming at the top of the screen.
1. On the All apps screen, tap and hold one of the apps.
2. Select the rest of the apps you want to change access for.
3. Use the icons in the top-right corner of the screen to allow/block the corresponding access
to data transmission for all selected apps.
To exit the access editing mode, tap the icon in the top-left corner of the screen.
User manual
Dr.Web Components 96
· On the Application screen, open the Settings tab and tap the , , or icon.
Icons of apps with a changed access to data transmission are marked with the icon.
This function is unavailable if your device does not support SIM cards (there is no slot for a
SIM card on your device).
1. On the main Dr.Web Firewall screen, tap Menu and select the Traffic limit option.
2. Tap Limit.
3. Set a traffic limit (in megabytes or gigabytes).
4. If necessary, specify the amount of traffic that has already been used since the selected
limitation period started (which begins at 00:00 of the current day).
5. Tap Save.
6. Set the duration period for the limit: a day, a week, or a month. When selecting Week or
Month, specify the day of the week or the day of the month on which the limit will restart
within the current selected period.
7. You can select the Notify me when my mobile traffic limit is reached check box to receive
a notification upon reaching the traffic usage limit.
When the traffic usage limit is enabled, a diagram showing the amount of the remaining
mobile traffic is displayed on the Traffic limit card on the main Dr.Web Firewall screen. The
specified limit and the countdown to the restart of the period are shown next to the diagram
(see Figure 27).
User manual
Dr.Web Components 97
Tap More on the traffic limit card to go to the Traffic limit screen.
3. Tap the icon in the top-right corner of the screen to save changes.
· On the Traffic limit screen, tap the Disable button and confirm the action.
The Application screen displays the statistics of traffic usage for every app (or, in some cases,
app group) and allows you to set custom connection rules and traffic use settings, as well as
view all Firewall events related to this app.
· On the Active apps or All apps screen, tap the name of an app on the app list.
· On the Connection screen, tap the icon to the right of the name of an app.
User manual
Dr.Web Components 98
Three tabs are available on the Application screen: Statistics, Settings, and Rules.
To go to the traffic use statistics, on the Active apps or All apps screen, tap the name of an
app on the app list.
User manual
Dr.Web Components 99
On the Statistics tab, the amount of traffic used by the app since enabling Firewall is shown
below the name of the app.
Outgoing app traffic is marked with orange on the graph, incoming traffic is marked with blue.
The numeric values of the amount of traffic (total, incoming, and outgoing) spent over a
specified period of time are shown above the graph.
· Select the period of time over which you want to review the statistics. You can review the
statistics for the current day, last 7 days, current month, previous month, or specify any other
period manually by setting the start and end dates. Select the period in the Period drop-
down list above the diagram.
· Change the scale of the displayed statistical data within the selected period: hour, day, or
month. Select one of the options above the diagram.
You can swipe the diagram left or right to the desired value if the graphic does not fit on the
screen.
Clearing statistics
User manual
Dr.Web Components 100
Once you remove an app from the device, its statistics will be cleared automatically within
the next 5 minutes.
Application log
Events related to the network activity of apps installed on the device are registered in
application logs. Use the toggle button to enable or re-enable the application log. To go to the
log, tap View log.
You can allow or deny access to data transmission over Wi-Fi , mobile networks , or over
mobile networks when roaming for an app by tapping the corresponding icon (see Access
to Data Transmission).
To block all connections for an app by default, select the Block all connections not allowed by
the rules check box. With no allowing rules set, the app will be unable to initiate any
connections.
An allowing rule for port 53 is automatically added when enabling the Block all connections
not allowed by the rules setting for this app. This rule (set for the DNS, UDP, or ALL protocols)
is mandatory for the functioning of allowing rules with domain names.
To ensure that this setting works as intended in the presence of allowing rules with domain
names, disable the use of a private DNS server in your device settings.
Dr.Web Firewall is based on the VPN for Android technology. VPN prevents apps from
functioning if they use a technology which is incompatible with VPN, e.g. Wi-Fi Direct. This can
result in inability to connect your device to other devices. In this case you should disable
Dr.Web Firewall control for the app (or app group) by selecting the Do not control the app
check box.
User manual
Dr.Web Components 101
It is recommended to disable Dr.Web Firewall control only for your trusted apps.
When the option is enabled, Dr.Web Firewall does not control network connections of the app
even if you customize traffic settings for it in the Dr.Web Firewall settings. The app traffic is not
monitored.
Connection rules are displayed on the Rules tab of the Application screen, as well as on the All
rules screen.
Connections
General information on each connection is shown on the Connection screen (see Figure 30). To
go to this screen, do one of the following:
· On the Active apps screen, tap the icon to the left of the name of an app and then tap a
connection row.
· In the Firewall log:
ú When events are grouped by date: tap a connection row.
ú When events are grouped by app name: expand the list of app connections by tapping
the icon to the left of the name of an app and then tap a connection row.
· In an application log: expand the list of app connections by tapping the icon to the right
of an event date and then tap a connection row.
User manual
Dr.Web Components 102
1. Tap and hold the connection row. You will enter the copying mode. The address will be
highlighted in gray.
2. Tap the icon in the top-right corner of the screen. The address will be copied to the
clipboard.
To exit the copying mode, tap the icon in the top-left corner.
User manual
Dr.Web Components 103
Connection rules
Creating rules
· On the Application screen, open the Rules tab and tap the icon in the bottom-right
corner of the screen.
2. On the next screen, select the rule type:
· allowing,
· blocking,
· redirecting.
3. Check the IP address/host name. If the address is not specified, enter a valid IP address (in
the a.b.c.d format for IPv4 addresses or [a:b:c:d:e:f:g:h] for IPv6), an IP address range (in the
a1.b1.c1.d1-a2.b2.c2.d2 or [a1:b1:c1:d1:e1:f1:g1:h1]-[a2:b2:c2:d2:e2:f2:g2:h2] format), or a
network (in the a.b.c.0/n format, where n is a number from 1 to 32). If you are creating a
redirecting rule, enter the redirection address in the field below. You can specify a host
name instead of an address.
4. Tap More for the additional Protocol setting to choose a network protocol for the
connection.
Icons of apps with set connection rules are marked with the icon.
Viewing rules
User manual
Dr.Web Components 104
2. On the All apps screen, tap Menu and select All rules.
The All rules screen contains the list of all connection rules grouped by the name of the app
(or app group) that established the connection. Apps are sorted in alphabetical order. To
expand the list of rules of an app, tap the icon to the left of the app (app group) name.
App rules are listed in the order of their execution.
· Tap and hold the icon next to the rule you want to move, then drag the rule to the desired
position on the list.
· Tap the icon in the bottom-right corner of the All rules screen and enter your query in
the search field at the bottom of the screen.
App rules can be stored on the device for the specified period of time after the app is deleted
if the corresponding setting is enabled.
Editing rules
Deleting rules
To delete a rule
User manual
Dr.Web Components 105
1. On the Application screen, tap Menu in the top-right corner and select Clear.
2. On your next step, select the App rules check box. Tap Clear.
1. On the Rules tab of the Application screen, tap Menu in the top-right corner and
select Export rules.
2. Tap OK.
· For all apps:
1. On the All rules screen, tap Menu in the top-right corner and select Export rules.
2. Tap OK.
1. On the Rules tab of the Application screen, tap Menu in the top-right corner and
select Import rules.
2. Locate the file with rules in the file tree and tap it.
User manual
Dr.Web Components 106
1. On the All rules screen, tap Menu in the top-right corner and select Import rules.
2. Locate the file with rules in the file tree and tap it.
· On the Application screen, open the Statistics tab and use the Application log toggle
button.
· On the Application screen, open the Statistics tab and select the View log option.
All events related to the app are grouped by date. To open the list of events for a certain date,
tap the icon to the right of the date. You can review the following information for each event
in the log:
Tap the connection row to go to the Connection screen and set up rules.
· Tap and hold the connection row. The address will be copied to the clipboard.
1. On the application log screen, tap the icon in the top-right corner of the screen.
User manual
Dr.Web Components 107
· On the Application screen, open the Statistics tab and use the Application log toggle
button.
To open the list of all the events related to the operation of Dr.Web Firewall, on the main
Firewall screen, tap Menu and select Log.
You can review the following information for each event in the Firewall log:
1. Tap the icon in the bottom-right corner of the Log screen and then tap Filter.
2. Select the options:
· Sort:
ú newest on top—newest events at the top of the log;
ú oldest on top—oldest events at the top of the log;
ú A to Z;
ú Z to A.
· Display connections:
ú established,
ú reset,
ú redirected,
ú with errors.
By default, events are sorted by date (newest events are at the top of the log), all connections
are displayed. To restore the default log view, tap the icon on the Filter screen.
User manual
Dr.Web Components 108
· On the Log screen, tap Menu in the top-right corner and select the Group check box.
1. Tap the icon in the bottom-right corner of the Log screen and then tap Search.
2. Enter your query in the search field at the bottom of the screen.
· Tap and hold the connection row. The address will be copied to the clipboard.
1. On the Firewall log screen, tap Menu and select Maximum log size.
2. On the next screen, change the value and tap OK.
The maximum log file size must be more than 0 MB and less or equal to 99 MB.
User manual
Dr.Web Components 109
· Vulnerabilities.
· System settings that affect device security.
· Conflicting software.
· Hidden device administrators.
· Applications exploiting Fake ID vulnerability.
· Optimization settings.
To open the list of the detected problems (see Figure 31), select Security Auditor on the
Dr.Web main screen.
8.7.1. Vulnerabilities
Vulnerability is a weakness in the source code which allows cybercriminals to impair the correct
operation of a system.
Security Auditor detects the following vulnerabilities in the device system: BlueBorne, EvilParcel,
Extra Field, Fake ID, Janus, Obj ectInputStream Serialization, OpenSSLX509Certificate,
User manual
Dr.Web Components 110
The vulnerabilities allow adding malicious code to some applications, that may result in
performing of dangerous functions by these applications and damage the device.
If one or more of these vulnerabilities are detected on your device, check for operation system
updates on the official website of your device manufacturer. Recent versions may have these
vulnerabilities fixed. If there are no available updates, you are recommended to install
applications only from trusted sources.
Root access
The device may become vulnerable to different types of threats if it is rooted, i.e. the procedure
of rooting has been performed to attain control (known as root access) over the device system.
It results in ability to modify and delete system files, that may potentially damage the device. If
you have rooted your device yourself, rollback the changes for security reasons. If root access is
the integral feature of your device or you need it for your everyday tasks, be extremely cautious
when installing applications from the unknown sources.
· Debugging enabled. USB debugging is intended for developers and allows copying data
from PC to the device and vice versa, installing the applications on the device, viewing their
logs and deleting them in some cases. If you are not a developer and do not use the debug
mode, you are recommended to turn this mode off. To open the corresponding device
settings section, tap Settings on the screen with detailed information on the problem.
· Installation of apps from unknown sources is enabled. Installing application from
unknown sources is one of the main reasons devices with Android 7.1 and earlier get infected.
Applications downloaded from elsewhere other than the official store are likely to be unsafe
and become a threat to device security. To mitigate risks of installing the unsafe applications,
you are recommended to disable installation of the applications from unknown sources. To
open the corresponding device settings section, tap Settings on the screen with detailed
information on the problem.
You should scan for threats all the applications you install on your device. Before scanning,
make sure that Dr.Web virus databases are up to date.
· Dr.Web notifications are blocked. In this case, Dr.Web cannot immediately inform you on
detected threats. This compromises security of your device. That is why, you are
recommended to enable Dr.Web notifications in the settings of your device.
· User root certificate installed. If any user certificates are detected on your device, Security
Auditor detects and displays them. Certificates may be used by a third party to monitor your
network activity. If you are not aware why these certificates are installed on your device, you
are recommended to remove them.
User manual
Dr.Web Components 111
If you do not know why an application is not displayed in the list of device administrators, you
are recommended to delete it from the device. To delete the application, tap Delete on the
screen with the detailed information on the problem related to this application.
The Dr.Web app should work continuously to achieve real-time anti-virus protection and
efficiency of the advanced components: Call and SMS filter, URL filter, Anti-Theft, Parental
Control, and Firewall.
Remove background restrictions for Dr.Web so that the app works as expected. To do that,
check your device settings and the settings of the built-in app manager.
· Asus
· Huawei
· Meizu
User manual
Dr.Web Components 112
· Nokia
· OnePlus
· Oppo
· Samsung
· Sony
· Xiaomi
The instructions provided in these sections may not fully correspond to some devices as
settings may vary on different device models and OS versions. In case of inconsistencies,
please refer to the user manual provided by your device manufacturer. If this does not
solve your problem, please contact our technical support.
Permission auto-reset
This warning appears only when Dr.Web has not been granted access to accessibility
features.
Starting with Android 6.0, the system resets permissions granted by the user if an app has not
been used for a few months. Additionally, on Android 12.0 and later, the app cache is cleared
and the app can no longer send you notifications. This is done to save storage space and
protect user data. However, Dr.Web cannot provide continuous device protection if the
permissions required for its main functions and the app components will be reset. To ensure
seamless operation of Dr.Web, it is recommended to disable permission auto-reset in the
device settings. To open the corresponding device settings section, tap Settings on the screen
with detailed information on the problem.
Restricted settings
On devices with Android 13.0 or later, the operating system restricts access to certain settings
to apps by default. This is done to protect sensitive info from being acquired and used by
harmful apps. However, Dr.Web components use some of these settings, such as accessibility
features and notification access, to protect your data and block unwanted content. To open the
system setting that grants access to settings required for Dr.Web to function as intended, follow
the instructions on the screen with detailed information on the problem.
8.7.6.1. Asus
In order for the Dr.Web app to work properly on Asus devices, proceed as follows:
User manual
Dr.Web Components 113
· Allow autostart
Autostart allows the app to start its processes right after the device startup. It is necessary for
constant anti-virus protection and for the following advanced components to work as
expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Allow running in the background
Running in the background allows the app to keep running even if it is not active. It is
necessary for constant anti-virus protection and for the following advanced components to
work as expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
To allow autostart
8.7.6.2. Huawei
Manual management allows the app to keep running even if it is not active, and to start its
processes right after the device startup. It is necessary for constant anti-virus protection and for
the following advanced components to work as expected: Call and SMS filter, URL filter, Anti-
Theft, Parental Control, and Firewall.
User manual
Dr.Web Components 114
3. On the next screen, enable all the additional management settings and tap OK.
To optimize battery consumption, operating system can stop the Dr.Web app. This interrupts
constant anti-virus protection and work of advanced components: Call and SMS filter, URL
filter, Anti-Theft, Parental Control, and Firewall.
· Allow running after screen is off
Running when the screen is off is necessary for constant anti-virus protection and for the
advanced components to work as expected: Call and SMS filter, Anti-Theft, and Firewall.
· Allow pop-up windows if Anti-Theft or Parental Control is enabled.
Anti-Theft and Parental Control use pop-up windows in the background to restrict access to a
single app or the whole device.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
1. In your device settings, open Advanced settings > Battery manager > Protected apps.
2. Select Protected for the Dr.Web app.
User manual
Dr.Web Components 115
8.7.6.3. Meizu
In order for the Dr.Web app to work properly on Meizu devices, change the following settings:
To optimize battery consumption, operating system can stop the Dr.Web app. This interrupts
constant anti-virus protection and work of advanced components: Call and SMS filter, URL
filter, Anti-Theft, Parental Control, and Firewall.
· Lock Dr.Web in the background
Running in the background allows the app to keep running even if it is not active. It is
necessary for constant anti-virus protection and for the following advanced components to
work as expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Allow running after screen is off
Running when the screen is off is necessary for constant anti-virus protection and for the
advanced components to work as expected: Call and SMS filter, Anti-Theft, and Firewall.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
1. In your device settings, open Advanced settings > Battery manager > Protected apps.
2. Select Protected for the Dr.Web app.
User manual
Dr.Web Components 116
8.7.6.4. Nokia
In order for the Dr.Web app to work properly on Nokia devices, force close the Power saver
app.
The Power saver app optimizes battery consumption that can cause the Dr.Web app to stop.
This interrupts constant anti-virus protection and work of advanced components: Call and SMS
filter, URL filter, Anti-Theft, Parental Control, and Firewall.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
8.7.6.5. OnePlus
In order for the Dr.Web app to work properly on OnePlus devices, change the following
settings:
To optimize battery consumption, operating system can stop the Dr.Web app. This interrupts
constant anti-virus protection and work of advanced components: Call and SMS filter, URL
filter, Anti-Theft, Parental Control, and Firewall.
· Lock Dr.Web in the background
Running in the background allows the app to keep running even if it is not active. It is
necessary for constant anti-virus protection and for the following advanced components to
work as expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
User manual
Dr.Web Components 117
After you install an update of the operating system, the optimization settings may be reset. In
this case you will need to change them again.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
To disable autostart
8.7.6.6. Oppo
In order for the Dr.Web app to work properly on Oppo devices, change the following settings:
· Allow autostart
Autostart allows the app to start its processes right after the device startup. It is necessary for
constant anti-virus protection and for the following advanced components to work as
expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Lock Dr.Web in the background
Running in the background allows the app to keep running even if it is not active. It is
necessary for constant anti-virus protection and for the following advanced components to
work as expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Allow running in the background if you have the Security center app on your device
User manual
Dr.Web Components 118
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
To allow autostart
8.7.6.7. Samsung
In order for the Dr.Web app to work properly on Samsung devices, change the following
settings:
Running in the background allows the app to keep running even if it is not active. It is necessary
for constant anti-virus protection and for the following advanced components to work as
expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
User manual
Dr.Web Components 119
8.7.6.8. Sony
In order for the Dr.Web app to work properly on Sony devices, disable battery optimization for
Dr.Web.
To optimize battery consumption, operating system can stop the Dr.Web app. This interrupts
constant anti-virus protection and work of advanced components: Call and SMS filter, URL filter,
Anti-Theft, Parental Control, and Firewall.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
In the Ultra STAMINA mode you are not able to exclude apps from optimization.
8.7.6.9. Xiaomi
In order for the Dr.Web app to work properly on Xiaomi devices, change the following settings:
· Allow autostart
Autostart allows the app to start its processes right after the device startup. It is necessary for
constant anti-virus protection and for the following advanced components to work as
expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Allow running in the background
Running in the background allows the app to keep running even if it is not active. It is
necessary for constant anti-virus protection and for the following advanced components to
work as expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Lock Dr.Web in the background
Running in the background allows the app to keep running even if it is not active. It is
necessary for constant anti-virus protection and for the following advanced components to
User manual
Dr.Web Components 120
work as expected: Call and SMS filter, URL filter, Anti-Theft, Parental Control, and Firewall.
· Allow pop-up windows if Anti-Theft or Parental Control is enabled.
Anti-Theft and Parental Control use pop-up windows in the background to restrict access to a
single app or the whole device.
Settings and their location may vary on different device models and OS versions. If the
instruction does not solve your problem, please contact our technical support.
To allow autostart
Some OS versions also allow you to lock apps in the background via the pre-installed Security
app:
User manual
Dr.Web Components 121
8.8. Statistics
Dr.Web collects statistics on detected threats and application actions.
To view the statistics, on the Dr.Web main screen, tap Menu and select Statistics.
Viewing statistics
The Statistics tab contains two information sections (see Figure 32):
· Total. Contains the information on the total number of scanned files, detected and
neutralized threats.
· Events. Contains the information on Dr.Web Scanner check results, enabling and disabling of
SpIDer Guard, detected threats and performed actions.
Clearing statistics
To clear all the statistics, on the Statistics tab, tap Menu and select Clear statistics.
User manual
Dr.Web Components 122
You can save the application event log to send it to the Doctor Web technical support if you
experience problems while using the application.
8.9. Quarantine
Dr.Web allows you to move detected threats to the quarantine folder, where they are isolated
and cannot damage the system (see Figure 33).
User manual
Dr.Web Components 123
2. Select Quarantine.
· file name;
· path to the file;
· date and time the threat was quarantined.
Available options
· More on the Internet to view the threat description on the Doctor Web website.
· Restore to return the file back to the folder where it was quarantined from (use this action
only if you are sure that the file is safe).
· Delete to delete the file from the quarantine and from the device.
· False positive to send the file to the Doctor Web anti-virus laboratory for analysis. The
analysis will show if the file does pose a threat or it is a false positive. If it is a false positive
error, it will be fixed. To receive the analysis results, enter your email address.
User manual
Dr.Web Components 124
Quarantine size
To view the information on the internal device memory free space and space occupied by the
quarantine:
User manual
Settings 125
9. Settings
To open the settings screen (see Figure 34), on the Dr.Web main screen, tap Menu and select
Settings.
If you have set a password to access application settings, enter your account password.
· General settings. Allows you to configure the notification bar, enable and disable sound
alerts, and opt out of sending statistics (see General settings).
· SpIDer Guard. Allows you to configure the SpIDer Guard component, which constantly scans
the file system for threats and monitors changes in the system area (see SpIDer Guard
settings).
· Scanner. Allows you to configure Dr.Web Scanner, which scans your device on your request
(see Dr.Web Scanner settings).
· Virus database update. Allows you to disable virus database updates over mobile networks
(see Update settings).
· Backup. Allows you to import and export application settings (see Backup).
User manual
Settings 126
· Administration. Allows you to switch to the centralized protection mode (this option is
available for the application version downloaded from the Doctor Web website).
· License. Allows you to enable and disable notifications on the upcoming license expiration
(see Configuring Notifications on License Expiration).
· Reset settings. Allows you to reset user settings and restore the default configuration (see
Reset Settings).
If Dr.Web Anti-Theft is enabled on the device, to change some application settings (Reset
settings, Backup and Administration), enter your Dr.Web account password.
On the General settings screen (see Figure 35), you can use the following options:
· Status bar. Enables and disables the Dr.Web icon in the Android status bar. Using this option,
you can also remove the Dr.Web bar from the notification area (see Notification bar).
User manual
Settings 127
· Notification bar. Allows you to manage the appearance of the Dr.Web notification bar. If the
option is enabled, the Dr.Web notification bar is used. If the option is disabled, the standard
Android notification bar is used.
· No threats notifications. Enables and disables notifications informing that no threats have
been detected in apps or updates that were j ust installed.
The setting is not available on devices with Android 8.0 or later. In this case, notifications
from the Safe applications category can be enabled or disabled in the device settings.
· Sound. Enables and disables sound alerts on threat detection, deletion, or moving to
quarantine. By default, sound alerts are enabled.
· Send statistics. Allows you to opt out of sending statistics to Doctor Web.
· Additional options. Contains additional settings:
ú System applications. Allows you to enable and disable notifications on detecting threats
in system applications that cannot be safely deleted. This option is disabled by default.
In the centralized protection mode, you cannot update virus databases manually; updates
are downloaded automatically from the centralized protection server. If the mobile mode is
enabled on the server and the connection with the centralized protection server is lost, you
can update the virus databases manually.
Update
The virus databases are updated via the internet several times a day automatically. If the virus
databases have not been updated for more than 24 hours (for example, if the device is not
connected to the internet), you should update them manually.
1. On the Dr.Web main screen, tap Menu and select Virus databases.
2. In the pop-up window, you will see the virus database update status and when the virus
databases were last updated. If the last update happened more than 24 hours ago, you
should update virus databases manually.
User manual
Settings 128
1. On the Dr.Web main screen, tap Menu and select Virus databases.
2. Tap Update.
It is recommended to update the virus databases as soon as you install the app so that
Dr.Web can use the most up-to-date information about known threats. As soon as the
Doctor Web anti-virus laboratory experts discover new threats, an update for virus
signatures, behavior characteristics, and attributes is issued. In some cases, updates can be
issued several times per hour.
Update settings
By default, the updates are automatically downloaded several times a day.
1. On the Dr.Web main screen, tap Menu and select Settings (see Figure 34).
2. Select Virus database update.
3. To disable the use of mobile data for downloading updates, select the Update over Wi-Fi
check box.
If no Wi-Fi networks are available, you will be prompted to use mobile data. Changing this
setting does not affect the use of mobile data by other applications and device functions.
Updates are downloaded via the internet. You may be additionally charged by your mobile
network provider for the data transfer. For detailed information, contact your mobile
network provider.
In the centralized protection mode, update settings can be modified and blocked in
compliance with your company security policy or according to the list of purchased
services.
9.3. Backup
You can export your current settings to a file on the internal memory. This allows you to import
them from the file (for example, in case you reinstall Dr.Web or use it on another device).
User manual
Settings 129
To reset settings
1. Tap Reset settings on the settings screen (see Figure 34). Then tap Reset settings.
2. Enter your Dr.Web account password.
3. Confirm restoring default settings.
User manual
Centralized Protection Mode 130
The Dr.Web Mobile Security Suite version detailed in this manual is compatible with Dr.Web
AV-Desk 10 and 13 and Dr.Web Enterprise Security Suite 10, 11, 12 and 13.
Features and settings of Dr.Web may be modified and blocked for compliance with your
company security policy or according to the list of purchased services.
The following components can be controlled from the centralized protection server:
· Dr.Web Scanner. Allows you to scan your device on demand and according to a schedule. It
also allows you to launch scanning from the centralized protection server remotely.
· SpIDer Guard.
· Call and SMS Filter.
· Dr.Web Anti-Theft.
· URL Filter.
· Application Filter.
In the centralized protection mode, the license key file is automatically downloaded from the
server; your personal license is not used. If the license expires or gets blocked, contact the anti-
virus network administrator of your company in order to obtain a new license, or extend your
Dr.Web Anti-virus service subscription, after receiving the corresponding notification.
User manual
Centralized Protection Mode 131
In the centralized protection mode, you cannot update the virus databases manually. Updates
are downloaded automatically from the centralized protection server. Update settings may be
modified and blocked for compliance with your company security policy or according to the
list of purchased services. If the mobile mode is enabled on the server and the connection with
the centralized protection server is lost, you can update the virus databases manually.
Some versions of the centralized protection server support updating Dr.Web Mobile Security
Suite. If you select the New version check box in the application settings, you will receive a
notification whenever a new version of the application is available and will be prompted to
install it. Contact the anti-virus network administrator of your company for details.
Application versions downloaded from the Doctor Web website cannot be updated from the
centralized protection server. In these application versions, only the virus databases can be
updated in the centralized protection mode.
To connect to the central protection server 11.0.0 or later, Dr.Web 11.0.0 or later is
required.
After you connect to the server, the following permissions can be requested:
· Basic permissions (access your photos, media, and files, contacts, etc.)—required for most of
the app features.
· Call and SMS filter (set Dr.Web as the default phone app)—for call and SMS filtering.
· Device administration—to protect the app from uninstalling and to use the full functionality
of Anti-Theft.
· Access to accessibility features—for app filtering and full functionality of URL filter, Anti-
Theft, and Parental Control.
· Drawing over other apps—for app filtering and Firewall functionality.
User manual
Centralized Protection Mode 132
Automatic connection
If you have received your Dr.Web version from the anti-virus network administrator of your
company or from the Dr.Web Anti-virus service provider, Dr.Web connects to the central
protection server automatically. For that, the installation package must be run from the internal
memory of your device.
To connect to the central protection server, you need to specify connection settings received
from the anti-virus network administrator or from your Dr.Web Anti-virus service provider.
The Dr.Web Agent check box is selected by default in the Dr.Web versions that have been
received from the anti-virus network administrator of your company or from the Dr.Web
Anti-virus service provider.
4. When you enable the central protection mode, the application restores settings of your last
connection.
However, if the configuration file is stored on your device, the configuration settings from
this file are used. To use another settings, for example, from your installation package, reset
connection settings.
If you are connecting to the server for the first time or connection settings are changed,
enter the following settings:
· IP address of the central protection server.
· Additional authentication settings: ID (assigned to your device for registration) and a
password. These settings are saved automatically, so it is not required to enter them again
the next time you are connecting to the server. If you want to connect to the server as a
newbie, tap Menu and select Connect as a newbie.
5. Tap Connect.
The install.cfg file, received from the anti-virus network administrator or your Dr.Web
Anti-virus service provider, contains settings to connect to the central protection server.
User manual
Centralized Protection Mode 133
2. Place the install.cfg file to the root folder or any of the folders at the first nesting level
of the internal device memory.
3. On the settings screen (see Figure 34), tap Administration.
If Dr.Web Anti-Theft is enabled on your device, enter Dr.Web account password to open
Administration.
4. Select the Dr.Web Agent check box.
If the file is downloaded to the device, fields for entering the connection settings will be
filled in automatically.
The Dr.Web Agent check box is selected by default in the Dr.Web versions that have been
received from the anti-virus network administrator of your company or from the Dr.Web
Anti-virus service provider. As the application is installed, it starts to search the
configuration file and tries to connect to the server. If the file is not found or it contains
incorrect connection settings, clear the Dr.Web Agent check box and select it again, then
enter the settings manually or use the configuration file with correct settings.
5. Tap Connect.
When the settings are reset, the install.cfg file, which contains the connection settings, will
be deleted. If the other install.cfg file is present on the device, the connection settings of
this file will be used. Thus, the connection settings will be reset only when all the install.cfg
files are deleted.
Connection errors
Unsupported option. The error occurs if traffic encryption and/or compression options that are
not supported by Dr.Web are enabled on the server. To resolve the problem, contact your anti-
virus network administrator or the Dr.Web Anti-virus service provider.
License (subscription) has expired. Contact your anti-virus network administrator in order to
get a license or extend your Dr.Web Anti-virus service subscription.
Subscription is blocked. Contact your Dr.Web Anti-virus service provider in order to enable
your subscription.
Running Dr.Web for Android is not allowed by the server. The error occurs if your service
plan does not support the use of Dr.Web for Android, or running Dr.Web for Android is
disabled by the anti-virus network administrator.
User manual
Centralized Protection Mode 134
10.2. Administration
If Application filter configuration is enabled on the centralized protection server, you can select
applications that will be available on your device.
You can allow or restrict launch of both system and user applications. System applications are
located at the top of the list and, by default, are marked as available. User applications are
located lower in the list.
Application launch settings specified on the user device will be applied only if Application
filter is enabled for this device on the centralized protection server.
If you are an anti-virus network administrator, on the centralized protection server, you can
configure the lists of available applications for all devices in the network based on your
personal settings saved on the server.
When the standalone mode is on, all anti-virus settings are restored to their previous or default
values. You can once again access all features of Dr.Web.
To operate in the standalone mode, a valid personal license is required. The license received
from centralized protection server cannot be used in this mode. If necessary, you can purchase
or renew a personal license.
User manual
Dr.Web on Android TV 135
· Events
· Scanner
· Firewall
· Security Auditor
· Miscellaneous
Permissions
When you launch the application for the first time, you will be prompted to provide the
following permissions:
User manual
Dr.Web on Android TV 136
On devices with Android 11.0 or later, the app also requests the permission to access all files.
Interface
· It is not possible to create a widget.
· Notification bar is unavailable.
· The green icon indicates that the device is protected. No additional actions are required.
· The yellow icon indicates that Dr.Web has detected issues, for example, a missing license or a
vulnerability. To learn more about the detected issues and to eliminate them, select the status
bar.
· The red icon indicates that Dr.Web has detected suspicious changes in system area or threats.
To open check results and neutralize the threats, select the status bar.
If Dr.Web has detected multiple events that require your attention, select the status bar to open
the Events screen, which will display all important events.
After activating the license, the constant protection is enabled automatically. SpIDer Guard
keeps protecting the device file system even if you close the application. If SpIDer Guard
User manual
Dr.Web on Android TV 137
detects a suspicious change in system area or a threat, the alerting notification appears at the
bottom part of the screen.
Configuration
To enable, disable, or configure SpIDer Guard, open the Dr.Web main screen and select
Miscellaneous > Settings > SpIDer Guard (see Dr.Web Settings on Android TV section).
Statistics
The application registers events related to the operation of SpIDer Guard: enabling/disabling
of SpIDer Guard, threat detections, and check results of the device storage and installed
applications. SpIDer Guard statistics appear in the Events section of the Statistics tab and are
sorted by date (see Statistics).
You should periodically scan the system, especially if SpIDer Guard has not been active for a
while. Usually, the express scan is sufficient for this purpose.
Scanning
To scan the system, on the Dr.Web main screen, select Scanner (see Figure 37) and then select
one of the following actions:
If your device is rooted, you can also scan /sbin and /data folders located in the root
directory.
User manual
Dr.Web on Android TV 138
To access Dr.Web Scanner settings, open the Dr.Web main screen and select Miscellaneous >
Settings > Scanner (see section Dr.Web Settings on Android TV).
Statistics
The application registers events related to Dr.Web Scanner operation (scan type, check results,
and detected threats). All registered actions appear in the Events section on the Statistics tab
and are sorted by date (see Statistics).
Neutralizing Threats
On the Check results screen, you can review the list of threats and changes in the system area.
For each obj ect, its type and name are specified, as well as the icon of the recommended
option for the obj ect.
User manual
Dr.Web on Android TV 139
Obj ects are marked in different colors depending on the degree of danger. Listed below are
the threat types in decreasing danger order:
1. Malware.
2. Riskware.
3. Hacktool program.
4. Adware.
5. Changes in the system area:
· New files in system area.
· Change of system files.
· Deletion of system files.
6. Joke program.
To view the file path, select the obj ect. For threats that are detected in apps, the app package
name is also specified.
· In the top-right corner of the Check results screen, select Menu > Delete all.
· In the top-right corner of the Check results screen, select Menu > All to quarantine.
User manual
Dr.Web on Android TV 140
· If a threat modification is detected. To identify if the app does pose a threat, report a false
positive.
Ignore to temporarily leave the change in the system area or the threat as it is.
Send to laboratory or False positive to send the file to the Doctor Web anti-virus
laboratory for analysis. The analysis will show if there is a threat or it is a false positive. If it is a
false positive error, it will be fixed. To receive the analysis results, enter your email address.
If the file is sent to the laboratory successfully, the Ignore option is automatically applied to
the obj ect.
The Send to laboratory option is available only for added or changed executable files in the
system area: .jar, .odex, .so, APK, ELF files, etc.
The False positive option is available only for threat modifications and for threats detected in
the system area.
More on the Internet to view the detected obj ect description on the Doctor Web website.
Dr.Web Firewall is based on the VPN for Android technology, so it does not require root access
on the device. However, the VPN for Android technology sets a number of limitations:
· Only one app can use VPN at a time. As a result, before enabling VPN, the app prompts you
to provide it the corresponding permission. If you give the permission, the app starts using
VPN, but it also blocks access to VPN for other apps. Dr.Web Firewall requests the VPN
permission the first time you enable the component and at every device reboot. It can also
request the permission after VPN requests from other apps. VPN is shared between the apps
over time. Dr.Web Firewall can operate only when it gets the full rights to use VPN.
· Enabling Dr.Web Firewall can result in inability to connect the device on which Dr.Web
Firewall runs to other devices directly using Wi-Fi or a local network. It depends on the device
model and the apps which are used to establish a connection between devices.
· When Dr.Web Firewall is enabled, you cannot use your device as a Wi-Fi access point.
User manual
Dr.Web on Android TV 141
Dr.Web Firewall uses the VPN for Android technology only to perform its functions, without
creating a VPN tunnel, so the traffic is not encrypted.
If another app gets the rights to use VPN during the operation of Dr.Web Firewall, the
component will be disabled. You will be notified on it.
If you use a restricted profile (guest profile) on your device, Dr.Web Firewall is disabled.
User manual
Dr.Web on Android TV 142
The following information is provided on every app on the Active apps tab:
App connections
Tap the icon to the left of the name of an app to see detailed information on connections
established by the app:
User manual
Dr.Web on Android TV 143
On the All apps tab, you can review the total amount of data transferred over networks and the
amount of sent and received data. You can view the list of apps (and app groups) as well as the
amount of spent traffic for each of them.
The following information is provided on every app on the All apps tab:
· Sort:
ú highest traffic first—apps with the highest traffic will be at the top of the list;
ú lowest traffic first—apps with the lowest traffic will be at the top of the list;
ú A to Z;
ú Z to A.
By default, apps are sorted by traffic (apps with the highest traffic are at the top of the list),
apps with no traffic are displayed. To restore the default list view, tap Reset on the Filter
screen.
Search
To quickly navigate to a certain app, use the search by app name function. Tap the icon
on the left side of the screen and enter your query in the search field.
Settings
To manage settings for all apps, on the Traffic screen, tap in the top-right corner of the
screen.
User manual
Dr.Web on Android TV 144
· Use IPv6. Allows you to enable or disable the use of IPv6 in parallel with IPv4.
· Allow DNS over TCP. Allows you to enable or disable the use of the DNS over TCP protocol
for DNS query redirection and the hiding of domain names.
The use of the DNS over TCP protocol may prevent domain names from being displayed
on some Firewall screens.
The setting works on devices which support this protocol type. The setting is disabled by
default.
· Block connections for new apps. Allows you to block access to networks for apps installed
after enabling the setting. The setting is enabled by default.
· Block connections for all apps. Allows you to block access to networks for all apps installed
on the device. If the access is granted to one app, the setting will be disabled.
· Store rules and statistics after deleting apps. Allows you to store data of apps removed
from your device for the selected period of time: one week, month, or year.
· The Statistics tab allows you to review statistics on traffic use of any app on the device and
change the individual app settings.
· The Rules tab allows you to manage rules for connections established by apps.
User manual
Dr.Web on Android TV 145
App group
Some system apps can be combined into an app group. To view the list of apps in a group, on
the app screen, tap the counter to the right of the App group header.
User manual
Dr.Web on Android TV 146
· Select the period of time over which you want to review the statistics in the field above the
diagram. You can review the statistics for the current day, last 7 days, current month, previous
month, or specify any other period manually by setting the start and end dates.
· Change the scale of the displayed statistical data within the selected period: hour, day, or
month, by using the options above the diagram.
Clearing statistics
Once you remove an app from the device, its statistics will be cleared automatically within
the next 5 minutes.
Application log
Events related to the network activity of apps installed on the device are registered in
application logs. Use the toggle button to enable or re-enable the application log. To go to the
log, tap View log.
App settings
To go to the app (app group) settings, on the Statistics tab, tap in the top-right corner of
the screen (see Figure 40).
User manual
Dr.Web on Android TV 147
Use this toggle button to block or allow access to data transmission over Wi-Fi for this app. By
default, the access is allowed. The access indicator is displayed in the app row on the Traffic
screen (green indicates that the access is allowed, gray means blocked).
To block all connections for an app by default, use the Block all connections not allowed by
the rules toggle button. With no allowing rules set, the app will be unable to initiate any
connections.
An allowing rule for port 53 is automatically added when enabling the Block all connections
not allowed by the rules setting for this app. This rule (set for the DNS, UDP, or ALL protocols)
is mandatory for the functioning of allowing rules with domain names.
To ensure that this setting works as intended in the presence of allowing rules with domain
names, disable the use of a private DNS server in your device settings.
Dr.Web Firewall is based on the VPN for Android technology. VPN prevents apps from
functioning if they use a technology which is incompatible with VPN, e.g. Wi-Fi Direct. This can
result in inability to connect your device to other devices. Disabling Firewall completely is not
recommended in this case. Instead, disable Dr.Web Firewall control for the app (or app group).
To do so, use the Do not control the app toggle button.
It is recommended to disable Dr.Web Firewall control only for your trusted apps.
When the option is enabled, Dr.Web Firewall does not control network connections of the app
even if you customize traffic settings for it in the Dr.Web Firewall settings. The app traffic is not
monitored.
User manual
Dr.Web on Android TV 148
Connections
General information on each connection is shown on the Connection screen (see Figure 42). To
go to this screen, do one of the following:
· On the Active apps tab of the Traffic screen, tap the icon to the left of the name of an app
and then tap a connection row.
· In the Firewall log:
ú When events are grouped by date: tap a connection row.
ú When events are grouped by app name: expand the list of app connections by tapping
the icon to the left of the name of an app and then tap a connection row.
· In an application log: expand the list of app connections by tapping the icon to the right
of an event date and then tap a connection row.
User manual
Dr.Web on Android TV 149
· protocol.
Connection rules are displayed on the Rules tab of the app screen.
Connection rules
Creating rules
· On the Connection screen, tap the icon to the right of the Rule section.
For any connection:
· On the app screen, open the Rules tab and tap the icon on the left side of the screen.
2. On the next screen, select the rule type:
· allowing,
· blocking,
· redirecting.
3. Check the IP address/host name. If the address is not specified, enter a valid IP address (in
the a.b.c.d format for IPv4 addresses or [a:b:c:d:e:f:g:h] for IPv6), an IP address range (in the
a1.b1.c1.d1-a2.b2.c2.d2 or [a1:b1:c1:d1:e1:f1:g1:h1]-[a2:b2:c2:d2:e2:f2:g2:h2] format), or a
network (in the a.b.c.0/n format, where n is a number from 1 to 32). If you are creating a
redirecting rule, enter the redirection address in the field below. You can specify a host
name instead of an address.
4. Tap More for the additional Protocol setting to choose a network protocol for the
connection.
5. Tap Save.
Icons of apps with set connection rules are marked with the icon.
User manual
Dr.Web on Android TV 150
Viewing rules
· Go to the app screen and open the Rules tab (see Figure 43).
The tab contains the list of all rules set for the app, in the order of their execution.
· Tap and hold the icon next to the rule you want to move, then drag the rule to the desired
position on the list.
Editing rules
· On the Connection screen, tap the icon to the right of the rule.
· On the app screen, open the Rules tab and tap the rule row.
2. Make changes.
3. Tap Save.
User manual
Dr.Web on Android TV 151
Deleting rules
To delete a rule
1. On the app screen, open the Rules tab and tap the icon in the top-right corner of the
screen.
2. On your next step, select the App rules check box and tap Clear.
2. On the Traffic screen, tap the icon in the top-right corner of the screen.
3. On your next step, select the App settings and rules check box and tap Clear.
User manual
Dr.Web on Android TV 152
All events related to the app are grouped by date. To open the list of events for a certain date,
select the date from the list.
Tap the connection row to go to the Connection screen and set up rules.
1. On the Application log screen, tap the icon in the top-right corner.
2. Tap Clear.
You can review the following information for each event in the Firewall log (see Figure 44):
User manual
Dr.Web on Android TV 153
By default, events are sorted by date (newest events are at the top of the log), all connections
are displayed. To restore the default log view, tap Reset on the Filter screen.
User manual
Dr.Web on Android TV 154
· On the Log screen, tap in the top-right corner and use the Group by app name toggle
button.
· Tap the icon on the left side of the screen and enter your query in the search field.
1. On the Log screen, tap in the top-right corner and select the Clear log option.
2. Confirm the action by tapping Clear.
1. On the Log screen, tap in the top-right corner and select the Maximum log size option.
2. On the next screen, change the value and tap Save.
The maximum log file size must be more than 0 MB and less or equal to 99 MB.
· Vulnerabilities.
· System settings that affect device security.
· Hidden device administrators.
· Applications exploiting Fake ID vulnerability.
User manual
Dr.Web on Android TV 155
To open the list of the detected problems (see Figure 45), select Security Auditor on the
Dr.Web main screen.
Vulnerabilities
Vulnerability is a weakness in the source code which allows cybercriminals to impair the correct
operation of a system.
Security Auditor detects the following vulnerabilities in the device system: BlueBorne, EvilParcel,
Extra Field, Fake ID, Janus, Obj ectInputStream Serialization, OpenSSLX509Certificate,
PendingIntent, SIM Toolkit, Stagefright, and Stagefright 2.0.
The vulnerabilities allow adding malicious code to some applications, that may result in
performing of dangerous functions by these applications and damage the device.
If one or more of these vulnerabilities are detected on your device, check for operation system
updates on the official website of your device manufacturer. Recent versions may have these
vulnerabilities fixed. If there are no available updates, you are recommended to install
applications only from trusted sources.
Root access
The device may become vulnerable to different types of threats if it is rooted, i.e. the procedure
of rooting has been performed to attain control (known as root access) over the device system.
It results in ability to modify and delete system files, that may potentially damage the device. If
you rooted your device yourself, rollback the changes for security reasons. If root access is the
User manual
Dr.Web on Android TV 156
integral feature of your device or you need it for your everyday tasks, be extremely cautious
installing applications from the unknown sources.
System settings
Security Auditor detects the following system settings that affects the device security:
· Debugging enabled. USB debugging is intended for developers and allows copying data
from PC to the device and vice versa, installing the applications on the device, viewing their
logs and deleting them in some cases. If you are not a developer and do not use the debug
mode, you are recommended to turn this mode off. To open the corresponding device
settings section, select Settings on the screen with detailed information on the problem.
· Installation of apps from unknown sources is enabled. Installing application from
unknown sources is one of the main reasons devices running Android get infected.
Applications downloaded from elsewhere other than the official market are likely to be
unsafe and become a threat to device security. To mitigate risks of installing the unsafe
applications, you are recommended to disable application installation from unknown
sources. To open the corresponding device settings section, select Settings on the screen
with detailed information on the problem. You should also scan for viruses all the
applications you install on your device. Before scanning, make sure Dr.Web virus databases
are up to date.
· Dr.Web notifications are blocked. In this case, Dr.Web cannot immediately inform you on
detected threats. This compromises security of your device. That is why, you are
recommended to enable Dr.Web notifications in the settings of your device.
· User root certificate installed. If any user certificates are detected on your device, Security
Auditor detects and displays them. Certificates may be used by a third party to monitor your
network activity. If you are not aware why these certificates are installed on your device, you
are recommended to remove them.
If you do not know why an application is not displayed in the list of device administrators, you
are recommended to delete it from the device. To delete the application, select Delete on the
screen with the detailed information on the problem related to this application.
User manual
Dr.Web on Android TV 157
screen with the detailed information on the problem related to this application, or use standard
OS tools.
11.5. Miscellaneous
The Miscellaneous screen (see Figure 46) allows you to open application settings, quarantine
and statistics. You can check application version number, license information, such as activation
and expiration dates. Also, you can check when virus databases were last updated, and update
them manually.
License
You can view license activation and expiration dates.
In this window, you can also buy and activate a new license.
Statistics
The Statistics section contains the information on Dr.Web Scanner check results, enabling and
disabling of SpIDer Guard, detected threats and performed actions (see Statistics section).
Quarantine
Quarantine is a special folder used for isolating and secure storing detected threats (see
Quarantine section).
User manual
Dr.Web on Android TV 158
Virus databases
Dr.Web uses special virus databases to detect threats. These databases contain details and
signatures of all viruses and malicious programs for devices running Android known by Doctor
Web experts. Virus databases have to be regularly updated as new malicious programs appear
every day. The application features a special option for updating virus databases over the
internet.
Update
It is recommended to update the virus databases as soon as you install the app so that
Dr.Web can use the most up-to-date information about known threats. As soon as the
Doctor Web anti-virus laboratory experts discover new threats, an update for virus
signatures, behavior characteristics, and attributes is issued. In some cases, updates can be
issued several times per hour.
Settings
The Settings section allows you to configure anti-virus components, set general application
settings, enable and disable sending statistics, and restore default settings (see Dr.Web Settings
on Android TV section).
About
On the About screen, you can view application version. It also contains links to Doctor Web
official website.
General settings
· Sound enables and disables sound notifications on threat detection, deletion or moving to
the quarantine. By default, sound notifications are enabled.
· Send statistics allows you to enable and disable sending statistics to Doctor Web.
User manual
Dr.Web on Android TV 159
SpIDer Guard
· Files in archives allows you to enable scanning of files in archives.
By default, the scanning of archives is disabled. Enabling archive scanning may impact
system performance and increase power consumption. Disabling archive scanning does not
decrease the protection level because Dr.Web Scanner checks APK installation files even if
the Files in archives option is disabled.
· Built-in SD card and removable media allows you to enable scanning of the built-in SD card
and removable media on each mounting. If the setting is enabled, the scan starts every time
SpIDer Guard is enabled.
· System area allows you to monitor changes in the system area. If the setting is enabled,
SpIDer Guard monitors changes (addition, change, and deletion of files) and notifies only on
deletion of any files as well as addition and change of executable files: .jar, .odex, .so,
APK, ELF files, etc.
· Recheck system area allows you to run a recheck of the system area. SpIDer Guard will check
previously ignored threats in the system area again.
· Notifications about system area allows you to enable notifications on changes of any files
in the system area (not only executables).
· Additional options allows you to enable and disable detection of adware and riskware
(including hacktools and j okes).
Scanner
· Files in archives allows you to enable scanning of files in archives.
By default, the scanning of archives is disabled. Enabling archive scanning may impact
system performance and increase power consumption. Disabling archive scanning does not
decrease the protection level because Dr.Web Scanner checks APK installation files even if
the Files in archives option is disabled.
· Additional options allows you to enable and disable detection of adware and riskware
(including hacktools and j okes).
More
· Reset settings allows you to reset settings to default.
· New app version (for the version downloaded from the Doctor Web website) allows to
check for new versions every time the virus databases get updated. If a new version is
available, you will be prompted to download and install it.
User manual
Technical Support 160
If you haven't found a solution to your problem, you can request direct assistance from Doctor
Web technical support specialists. Please use one of the options below:
For information on regional and international offices of Doctor Web, please visit the official
website at https://company.drweb.com/contacts/offices/.
User manual
Forgot Password? 161
· Via email. You specified this email address when creating your Dr.Web account or
configuring Dr.Web Anti-Theft.
· Via SMS. The option is available only in the app version from the website if the Dr.Web Anti-
Theft buddy list contains at least one phone number.
· Via notification. The option is available if at least one buddy has confirmed your buddy
request in the Dr.Web Security Space app.
· Via technical support request. Our technical support team will be able to help you only after
making sure that you are the device owner.
If Dr.Web operates in the centralized protection mode and Dr.Web Anti-Theft is configured
on the server, you will not be able to set a new password in the aforementioned ways.
Contact the anti-virus network administrator of your company or the Dr.Web Anti-virus
service provider and use a symbolic or QR recovery code.
Key. This is a unique character sequence that has been generated for your account.
Email address. You used this address when creating your Dr.Web account or configuring
Dr.Web Anti-Theft.
User manual
Forgot Password? 162
If you use Dr.Web 11.1.3 or earlier, use the Dr.Web Anti-Theft website at
https://antitheft.drweb.com/ to reset your password, or update your app to version 12.
User manual
Forgot Password? 163
User manual
Forgot Password? 164
If you enter the correct data, a message appears confirming that a verification code has
been sent to your email (see Figure 50).
If you do not receive the email within 10 minutes:
1. Please check your Spam folder.
2. Try entering the data again. You could have entered the wrong key or an email address
that is different from the one shown in the Dr.Web app.
3. If after that you do not receive the email, contact the Doctor Web technical support. To
do so, tap Did not receive the email? (see Figure 50).
User manual
Forgot Password? 165
5. In the Dr.Web app, enter the verification code in the Verification code field (see Figure 51).
1. Your app version was downloaded from the Doctor Web website.
2. Your device is within the network service area and switched on.
3. Dr.Web Anti-Theft is enabled on your device.
4. The Anti-Theft I trust list contains at least one phone number.
5. The phone number the SMS command will be sent from is added to the I trust list.
User manual
Forgot Password? 166
6. You know the phone number of the SIM card that is used on your device. The SMS command
can only be sent to this number.
If you do not know the number, insert a SIM card with a known number.
If you use two SIM cards on your device, the SMS command can be sent to any of your
numbers.
To reset password
1. Send the SMS text message #RESETPASSWORD# to your device from a buddy’s number.
A list of phone numbers that an SMS command can be sent from is shown on the Device
locked or Reset password screen (see Figure 52). SMS commands are case-insensitive.
If your device is locked, you can unlock it without resetting the password. To do so, send
the SMS command #UNLOCK# to your device.
User manual
Forgot Password? 167
1. Send a notification to your buddy. Tap the icon (see Figure 53).
2. Pass the verification code specified on the same pane on to your buddy.
Your buddy needs to enter the verification code on their device and send a command to
Anti-Theft to reset your password.
3. When the command is received, the Change password screen appears automatically. Enter
a new password. If your device was locked, it will be unlocked.
User manual
Forgot Password? 168
User manual
Forgot Password? 169
· Documents that prove your Dr.Web license purchase (an email from the online store, a
payment document, etc.). If you won your license at the Dr.Web auction, specify your
Doctor Web website account login. If you use a demo version, skip this step.
The text in the images should be clearly readable: the technical support specialist has to
make sure that you own the device and the Dr.Web license.
7. Tap Send.
An email with the link to your request will be sent to the email address that you have
specified earlier. On your request page, you will see a verification code.
8. Enter the verification code in the Verification code field on the Device locked or Reset
password screen (see Figure 51). Tap Continue.
9. On the Change password screen, enter a new password. The password must contain at least
4 characters.
Tap to the right of the password field to show the password characters. Tap to hide
the characters.
10. Confirm the password and tap Save.
· Using a QR code:
1. Contact the anti-virus network administrator of your company or the Dr.Web Anti-virus
service provider.
2. Share the QR code displayed on the Device locked screen with the administrator. Tap
and hold the QR code to save it to your device. You can also take a photo of the screen
with the clearly readable QR recovery code.
The administrator will send you a QR device unlock code.
3. Make sure you have received the QR unlock code and tap Continue.
4. On the next screen, tap Scan QR code and point your device’s camera at the QR unlock
code you received from the administrator.
If the QR code is recognized successfully, the device will be unlocked.
· Using a symbolic code:
1. On the Device locked screen, tap Another option.
2. Contact the anti-virus network administrator of your company or the Dr.Web Anti-virus
service provider.
3. Share the ID and the recovery code shown on the Device locked screen with the
administrator.
User manual
Forgot Password? 170
If for some reason you are unable to complete the procedure using either of the device unlock
options, tap on Another option on the Device locked screen to choose the other option.
To reset your password after unlocking the device, contact the anti-virus network administrator
of your company or the Dr.Web Anti-virus service provider.
User manual
© Doctor Web, 2024