Dr.Web KATANA

A non-signature anti-virus offering preventive protection against the latest active threats, targeted attacks, and attempts by Trojans and exploits to use vulnerabilities, including zero-day ones, to penetrate systems.

Dr.Web KATANA consists of a set of next-generation Dr.Web anti-virus technologies that is designed to provide advanced protection. It will shield your computer from threats that your anti-virus cannot yet recognize.

Advantages

• All-seeing — neutralises threats that are completely new and not yet known to your anti-virus. Every day the Doctor Web anti-virus laboratory receives several hundred thousand program samples. Every day tens of thousands of entries are added into the company’s virus databases. These are the threats with which virus analysts are already familiar and for which neutralisation routines have been designed. However, programs that have not yet been analysed by information security experts are the ones that benefit cybercriminals the most.

  Dr.Web KATANA offers protection against the latest malicious programs that have been designed to bypass detection by traditional signature-based scanning and heuristic mechanisms. These programs have not yet been analysed by the anti-virus laboratory and, therefore, are unknown to Dr.Web at the moment of intrusion. They include the latest encryption ransomware programs, Trojan injectors, and Trojan blockers, as well as threats that use zero-day vulnerabilities.

  Dr.Web KATANA starts protecting a system during the boot-up phase, even before the traditional, signature-based anti-virus is loaded!

• Invisible
  The functionality of anti-virus software must constantly be enhanced to keep pace with ever-evolving and ever-increasing numbers of malware programs. An antivirus must be able to operate without interruption in anticipation of an imminent attack. Such enhancements often decrease computer performance and irritate users to the point that they sometimes prefer to disable their anti-virus protection in order to allow their computers to work faster. Dr.Web KATANA’s developers have significantly enhanced computer security to create a new product that is practically invisible in terms of system load and system resources.

  Dr.Web KATANA neutralises the actions of active malware programs without overloading the system.

• Lightning-like — analyses the behaviour of each threat in real time and immediately neutralises harmful scripts and processes that your anti-virus didn’t manage to recognise.
  Dr.Web KATANA’s protection is based on non-signature-based search methods, the neutralization of malware, and cloud protection technologies. The product analyses and monitors all system processes and blocks those that exhibit malicious behaviour.

Learn more

Traditional behavioural analysers are based on predefined rules describing the behaviour of legitimate programs. Such rules are well known to criminals. Dr.Web KATANA acts differently. This product analyses the behaviour of each running program in real time by comparing it with the reputation information stored in the Dr.Web cloud which is constantly being updated. Dr.Web KATANA subsequently uses that information to determine whether a program is dangerous and then takes whatever measures are necessary to neutralise the threat.

Traditional behavioural analysers monitor the requests malicious programs make of various system resources. But what if a malicious program, having infiltrated the browser, makes no requests of the system and simply modifies, for example, the screen you use to interact with your bank?

Dr.Web KATANA monitors malware activity within processes so that attempts to steal confidential information or transfer money from your account will be prevented in a timely manner!

Learn more

• Independent — does not require any configuration and starts operating effectively as soon as it’s installed.
• Flexible — a set of pre-installed protection scripts and the possibility of fine tuning make it possible to fully control the protection process, while adapting it to the needs of the user.
• Offline — protects the system even if a PC is not connected to the Internet.
• Universal — protects a wide range of Windows OS—from Windows XP to the latest version Windows 10.
  Learn more
• Conflict-free — can operate in conjunction with other anti-viruses to enhance the protection of your computer.

• Protects critical system areas from being modified by malware.
• Detects and stops the execution of malicious, suspicious or unreliable scripts and processes.
• Detects unwanted file modification, monitors the operation of all processes to detect actions that are typical of malware (e.g., the activities of encryption ransomware), and prevents malicious objects from injecting their code into other processes.
• Detects and neutralises threats that have not yet been discovered and entered in the Dr.Web virus database: encryption ransomware, injectors, remote-controlled malware used for espionage and to create botnets, and malware packers.
• Protects against exploits—malicious objects that take advantage of software flaws, including those not yet known to anyone except for the intruders who created them (i.e., zero-day vulnerabilities). If it detects that malicious code is attempting to exploit a vulnerability, Dr.Web KATANA will end the attacked process immediately.

• Controls the operation of the most popular browsers and their associated plugins; protects against browser blockers.

Today, one of the most popular ways for malicious programs to penetrate a system is via the installation of add-on applications in the guise of useful software.

Dr.Web KATANA:

• Blocks malware’s ability to modify boot disk areas in order to prevent the launch of Trojan horses, for example, on your computer.
• Blocks changes from being made to the Windows Registry to ensure that the safe mode won't be disabled.
• Prevents malicious programs from altering basic system routines. By blocking certain Windows Registry keys, it prevents malware from changing the appearance of the desktop or hiding a Trojan with a rootkit.
• Prevents malware from changing launch permissions.
• Prevents new or unknown drivers from being downloaded without user consent.
• Prevents malware and certain other applications, such as anti-antiviruses, from adding their entries into the Windows Registry where they could be launched automatically.
• Locks registry sections containing information about virtual device drivers, ensuring that no new virtual devices are created.
• Blocks connections between spyware components and the server that controls them.
• Prevents malware from disrupting system routines such as scheduled backups.

The procedure is as follows

• If any attempt to activate malicious code is detected, Dr.Web KATANA will end this process immediately. If the attack was carried out through a vulnerability of another software program, Dr.Web KATANA completes the process of that program. It won't perform any actions with the files of the attacked application and won't move any files to the quarantine.
• Users will also see notifications about thwarted attempts to perform malicious actions; no response on their part is required.
• An entry about the disrupted attack is added to the Dr.Web event log.
• The cloud will also instantly be notified about the incident. If necessary, Doctor Web specialists will respond, for example, by upgrading the protection routine.

• The Optimal mode is enabled by default. This mode provides protection for only those registry branches that are used by malicious software and can be blocked (modification can be prohibited) — without a significant load on system resources.
• If the threat of infection increases, the protection level can be raised to Medium.
• For full control over critical Windows areas, the protection level can be increased to Paranoid.

Increasing the protection level provides the system with additional security in the event malware that has not yet been added to the Dr.Web virus database is active. But, at the same time, the risk increases for conflicts to arise between the prohibitions that have been placed on the system by the preventive protection and the requirements of the running applications.

• Using profiles on the Protection tab, the user can create flexible rules for applications to prevent conflicts that may otherwise be caused by Dr.Web KATANA. Each profile can contain specific restrictions on how programs access resources.
• To work properly, different programs require access to different resources. A Dr.Web KATANA user can configure Dr.Web’s control parameters to protect a specific application so that it receives access only to certain resources that can save the system in case that application gets infected.

Read more about fine-tuning settings

Unlike a traditional anti-virus, Dr.Web KATANA does not contain a signature database, a component that requires updating.

The anti-virus protection algorithms in Dr.Web KATANA are implemented as executables and libraries. Periodically, updates are released to improve these algorithms and fix detected errors.

To detect malicious actions, Dr.Web KATANA uses information stored by the anti-virus locally as well as Dr.Web Cloud reputation data which includes:

• Information about the routines used by programs having malicious intentions;
• Information about files that are 100% clean;
• Information about the compromised digital signatures of well-known software developers;
• Information about digital signatures used by adware and riskware;
• Protection routines used by specific applications.

Dr.Web KATANA’s cloud system can collect information about Dr.Web’s operation on PCs, including data about brand-new threats, which enables Doctor Web to respond promptly to discovered defects and update rules stored on a computer locally.