Actions Tab

Actions Tab

In this pane the program’s reactions to the detection of infected or suspicious files, malicious programs and infected archives are set.

The reaction is assigned separately for objects infected with a known and (supposedly) curable virus, for supposedly infected (suspicious) objects, and for certain types of malicious programs and archives.

All types of objects are represented in the hierarchy tree in the left part of the pane. When an object is chosen, the default program’s reaction to its detection is displayed in the right part of the pane. The action specified in the current settings is shown, and the action to be taken if the first action fails.

By default, the Guard in Dr.Web for workstations just informs the user about all infected and suspicious objects. The Guard generates a dialog box requesting the user to select an action, in which the necessary program’s action can be manually specified .

SpIDer Guard in Dr.Web for Windows servers, if a known virus is detected, or if there is a suspicion an object is infected with a virus, by default, will automatically make attempts to avert the virus threat.

If a joke program, or riskware, or hacktool is detected, the default setting is to ignore.

If an adware or dialer is detected, SpIDer Guard in Dr.Web for Windows servers, by default, will move it to the quarantine. And the Guard in Dr.Web for workstations will notify the user about it.

You can specify separate program’s reactions to the detection of each type of objects.

To customize the primary action, in the Primary action drop-down list select an initial program’s action.

Depending on the type of object the following actions can be set from the list:

· Cure – (accessible only for Infected objects) instructs the Guard to try to cure objects infected with a known virus.
· Move to quarantine – instructs to move infected or suspicious objects to the quarantine folder specified in the Quarantine path field (by default, it is the infected.!!! subfolder in the program’s installation folder).
· Rename – instructs to rename the extension of infected or suspicious objects according to the mask specified in the Rename extension field (by default, it is #??, i.e. to replace the first character of the extension with #).
· Delete – instructs to delete infected or suspicious objects (for boot sectors no actions are applied).


By default, the program does not check file archives and the Delete action is disabled for them. If the file archives check is enabled (this type of check will substantially degrade computer's performance), you can enable the Delete action for archives. To do this, open the program’s configuration file (this is drweb32.ini in the program’s installation folder) in a text editor, add a string EnableDeleteArchiveAction=Yes in the [SpIDerGuardNT] section (if such line already exists, replace No with Yes) and save the file.


Files inside archives cannot be treated separately. If the Delete action is selected for an archive, the whole archive will be deleted.


· Report – instructs to inform the user an object is detected (in a dialog box requesting the user to select an action).
· Block – instructs to block access to files which were detected by the Guard. Access to these files is unblocked after the computer restarts or if SpIDer Guard is temporarily suspended.
· Ignore – instructs to abstain from any action if a suspicious object is found.

In the What to do if the (primary) action failed fields the following possible first actions are listed: curing, moving to the quarantine, deletion. From respective drop-down lists you can select another action to be applied if the specified primary action fails.

For more details on the settings specified in this pane click the correspondent fragment of the window in the picture.

To view parameters set at another tab click the name of this tab.