Release Notes for Dr.Web Enterprise Security Suite 11.0.2

Last updated on 11/30/2018

About

New Features and Capabilities

Resolved Issues and Enhancements

Known Issues

Installation Notes

Upgrade to Dr.Web Enterprise Security Suite 11.0.2

Additional Information


Dr.Web Enterprise Security Suite is designed for organization and management of integrated and secure complex anti-virus protection as local company network including mobile devices, or home computers of employers.

Dr.Web Enterprise Security Suite has a client-server architecture. Client components of anti-virus network are installed on the protected workstations of users and administrators (network servers). Dr.Web Server provides for centralized administrating of the anti-virus and anti-spam protection of the company's network, including deployment, virus databases and program files updates on protected computers, monitoring of virus events and the state of the anti-virus packages and OS’s on all protected computers.

An aggregate of computers on which Dr.Web Enterprise Security Suite cooperating components are installed is called an anti-virus network. To deploy the anti-virus network, the advantages of Active Directory technology employed in servers under Windows OS's can be used. To exchange information between Dr.Web Server and Dr.Web Agents network protocols TCP/IP are used.


New Features and Capabilities

New Utilities

Dr.Web Server remote scriptable diagnostics utility (executable file is drwcmd) allows remotely connect to Dr.Web Server for basic controlling and viewing the operation statistics. This version of the utility is adapted for use in scripts.

Dr.Web Server

Secure connection of anti-virus components now is implemented via certificates, not encryption keys.

MySQL is now supported as an external database.

PostgreSQL version 10 is now supported as an external database.

Redesigned the principle of network scanning and remote installation of the Agents (web browser extension is no longer used).

New feature to restore a damaged embedded database.

Multicast updates for protected stations are now enabled by default.

New mechanism to control licenses donated to the neighbor Servers via the interserver connections.

Redesigned the procedure of collecting the information on hardware and software on protected stations. Information is now also transmitted via the interserver connections.

New limitation on the number of simultaneous Agent installations from the Server.

New limitation on traffic for the Agent installations and updates from the Server.

Installation packages for the Server under UNIX system-based OS are now provided only in universal format.

During the installation of the Server under UNIX system-based OS, a random password is now generated for the administrator. After the installation is complete, this password is printed in the console into the Server installation results.

The list of operating systems supported for the Server installation is updated.

New feature to resume TLS sessions based on session tickets.

Dr.Web Proxy Server

New feature for managing the Dr.Web Proxy server settings via the Dr.Web Security Control Center.

New feature for installation and uninstallation of Dr.Web Proxy server via connected Dr.Web Agent.

New feature for automatic updating of Dr.Web Proxy server during the operation.

Implemented caching for the encrypted traffic transmitted by Dr.Web Proxy server.

New feature for manually filling of Dr.Web Proxy server cache, particularly from Dr.Web Server repository.

New feature to store the Dr.Web Agent events on Dr.Web Proxy server and transmit them to Dr.Web Server according to the schedule.

Dr.Web Security Control Center

Settings for interserver connections are moved from the Neighbors section to the Anti-virus network section. Neighbor connections are now located in the anti-virus network tree.

New system of stations integrated configuration based on policies. Policies can be managed via the anti-virus network tree.

New Favourites section in the main menu of Dr.Web Security Control Center.

Tables and graphics display technologies are redesigned.

New web server setting that allow to forbid the access to the Control Center for search indexers and other client robots.

New web server setting that provide the protection against flood attacks at accessing the Control Center.

New feature to view Dr.Web Server operation log via the Dr.Web Security Control Center in the real-time mode.

New feature to configure settings of Dr.Web Server operation log via the Dr.Web Security Control Center.

The sending method of administrator notifications via the Dr.Web Agent protocol is returned.

Configuration of administrator notifications is redesigned.

For information messages sent by administrator to stations, the log of sent messages and the ability to create message templates are added.

The list of utilities available for downloading via Dr.Web Security Control Center is extended.

New products in the Server repository—Dr.Web Server security data and Dr.Web Proxy server.

New feature for removing unused product from the repository and disable its update from GUS at the same time, via the Control Center. Operation can be undone, if necessary.

Saving settings changes is simplified in the General repository configuration section.

New Backups section for viewing and saving the contents of the Server critical data backup copies.

New Yandex.Locator extension for automatic location of stations under Android OS.

The SQL condole is now more comfortable to use: syntax highlighting and autocompletion when typing a query are added.

The settings for the external administrator authentication on the Server are redesigned: a new section with a simplified configuration of authentication via LDAP is added.

The Start and interrupt components administrative permission is extended by the ability to manage quarantine at stations.

For the Server of the Agent address, now the IP protocol version can be specified directly.

Statuses of the protected station in the anti-virus network tree are redesigned. New color indication depending on the station states is added.

Clients (stations, Servers, Proxy servers) now can be sorted in the anti-virus network tree.

New feature for exporting statistic reports for several objects of anti-virus network at the same time.

Connection parameters of Dr.Web Agents under Windows OS and UNIX system-based OS are placed in a separate station configuration section.

New feature for launching anti-virus components on stations via the Dr.Web Security Control Center. The Running components and Installed components  sections of anti-virus network are united into the Protection components section.

New feature for remote configuring Dr.Web Firewall on stations under Windows OS via the Dr.Web Security Control Center. Please note at stations connecting: the package filter is disabled by default in Dr.Web Firewall settings in the Control Center.

New opportunity to manage the period during which the virus databases on protected stations are considered up-to-date.

New section of Dr.Web Security Control Center with information on security identifiers of protected stations.

Settings sections of SpIDer Gate and SpIDer Mail under Windows OS are not united. The exclusions section is now common to both components.

Extended options for specifying exclusions from the scan for SpIDer Gate and SpIDer Mail components for stations under Windows OS.

New component Network port monitor for stations under Windows OS. The component is available only in the Control Center and is not provided to users of the stations.

New feature for selecting an existing station for placing a newbie when approving the access to the Server.

New feature for managing parameters of devices access on protected stations.

New feature for managing Office control settings separately for each user of a station.

Component settings of new version for stations under UNIX system-based OS are now supported.

New feature for managing settings and viewing operation statistics of Dr.Web for Microsoft Exchange Server product from the Control Center.

The Support menu functions are extended: now from the pages of the Control Center you can open the corresponding documentation page.

Extended list of documentation in the Support section.

Dr.Web Agent

For stations under all supported systems, the group installer is provided to perform the Dr.Web Agent installation on several stations using one installation package.

Allowed the option to downgrade Dr.Web Agent to the previous revision.

Dr.Web Agent for Windows downgrade to the previous revision is performed via the full reinstallation of the product on a station.

New feature for stations under Windows OS, that allows to check scripts on demand from applications via the AMSI.

Completely redesigned option in the Office control that prohibits access to data on removable media. The new edition provides the blocking of devices by classes and buses.

Stop Supporting

InitDB (SQLite 2) is no longer supported as an embedded database.

Novell Netware is no longer supported as operating system for protected stations.

Solaris is no longer supported as operating system for Dr.Web Server installation.

Dr.Web Security Control Center Extension for web browsers in no longer used.

The Adobe Flash technology in no longer used in Dr.Web Security Control Center.

Sending administrator notifications via the Windows Messenger is no longer used.

Dr.Web Enterprise Security Suite of version 11.0.2 does not support Dr.Web for IBM Lotus Domino and Dr.Web for Microsoft Exchange Server plug-ins of versions earlier than 11.5.


Resolved Issues and Enhancements

Changes in the current version:

New Features and Improvements

New feature to control the number of processor cores used by Dr.Web Scanner at anti-virus scan of stations under Windows OS.

New feature to inform administrator about detection of security threats from the list of known hashes of threats. Information on such threats is displayed in scan statistic and in specific administrator notifications. Also, a manual search in the list of known hashes is provided. Bulletins of known hashes of threats are stored in a new repository product and licensed separately.

Dr.Web Agents for Windows now use system language by default.

System of administrator notifying about insufficient privileges to perform operations is improved.

The list of parameters in administrator hooks is extended.

Extended report on licenses usage is now located in the Administration section of Dr.Web Security Control Center.

New option in the Update restrictions section that allows to disable Agent downgrade at downloading revisions from the Server.

Resolved Issues

Fixed an error due to which anti-virus components could be launched remotely by the administrator without corresponding permissions.

Resolved an issue due to which MAC address of a station could not be displayed in the properties of its account.

Fixed a filter error at displaying objects in the Quarantine section of Dr.Web Security Control Center.

Fixed a filter error at statistic reports export.

Fixed an error in validation of IPv4 addresses in the Network Scanner settings.

Fixed an error due to which the anti-virus scan of stations could not be remotely launched from the Web console notifications section.

Other minor corrections.

Changes in the 12-11-2018 version:

New Features and Improvements

New statistic section about events detected on stations by the Preventive protection component.

New feature allowing the administrator to receive notifications about events from stations connected to neighbor Dr.Web Servers.

New feature for getting the report on using licenses by neighbor Servers.

New feature for automatic update Dr.Web Proxy server connected to Dr.Web Server.

New feature of the Office Control allowing to set separate access permissions for devices with ID specified manually.

New implementation that does not allow to add an expired license key via Dr.Web Security Control Center.

New feature for duplicating the rule set of packet filter when configuring Dr.Web Firewall via Dr.Web Security Control Center.

New approach to using policies for configuring the stations. Changes have affected the rules for creating policies versions and licenses assigning to policies and policy groups via the License Manager.

New section of the server statistic with the parameters of usage of the Web server.

MySQL version 8 is now supported as an external database.

New feature for synchronization of the anti-virus network groups with Active Directory under UNIX system-based OS. Settings for connection to the Active Directory are added for the corresponding task in Dr.Web Server Scheduler.

New feature to configure the secure connection to search stations in the Active Directory by the Network Scanner.

Redesign of updating Dr.Web Server repository from GUS. New feature to launch and get the information about the progress and status of the update in real-time.

The set of settings for remote management of stations under UNIX system-based OS is extended. New feature for remote management of the unified configuration file of anti-virus components.

New category in the URL filter for stations under Android OS that allows blocking the access to pools for cryptocurrency mining.

Now, in the AdministrationBackups section of the Control Center, not only backups from the var/backups directory are displayed, but also the backups created by the Dr.Web Server Task Scheduler.

The documentation in the Support section of Dr.Web Security Control Center is updated.

The License Agreement is updated.

Resolved Issues

Fixed an error that did not allow to add objects to exceptions from the scan at their restoring from the quarantine by a threat type.

Fixed an error due to which devices were not deleted from the white list of the Office Control when resetting the settings.

Resolved an issue that caused in some cases the inability to open separate preinstalled groups in the anti-virus network tree.

Fixed an error in the search of stations in the anti-virus network tree by the user name of the operating system.

Fixed an error in counting used licenses for stations that were automatically added to user groups according to membership rules.

Fixed an error that did not allow to specify multiple administrator accounts for authorization on remote stations for network installation of the Agent.

Fixed an error in reverse resolving of NetBIOS names at remote Agent installation.

Resolved an issue that caused an error in Agent installation on a local computer.

Other minor corrections.

Stop Supporting

Polish localization is no longer supported.

Changes in the 27-07-2018 version:

Resolved Issues

Fixed an error that caused Dr.Web Server fails with the external PostgreSQL database when receiving data from protected stations in invalid encoding.

Resolved an issue that caused Dr.Web Server inoperability under operating systems with invalid name of the system locale.

Fixed an error in archive creation during the export of repository via Dr.Web Repository Loader utility.

Changes in the 04-07-2018 version:

New Features and Improvements

New category in the Office Control for stations under Windows OS that allows blocking the access to pools for cryptocurrency mining.

The documentation in the Support section of Dr.Web Security Control Center is updated.

Resolved Issues

Fixed an error due to which in some cases Dr.Web Server was unable to be proper configured for operation through a proxy server (the AdministrationDr.Web Server configurationNetworkProxy section of the Control Center).

Resolved an issue due to which Dr.Web Server service did not start under some versions of Windows OS after restarting the computer.

Fixed an error occurred on the launch of Dr.Web Repository Loader for Linux OS.

Other minor corrections.

Changes in the 31-05-2018 version:

Resolved Issues

Resolved an issue that might have caused to slower the processing of requests by the Server, if there is no access to the push notifications that are sent to Dr.Web Mobile Control Center under iOS service.

Fixed an error in transmission of a user-defined value of the port to install the Agent at creating personal installation packages.

Fixed an error during the Proxy server installation on a station with the installed Agent and enabled self-protection.

Fixed an error in the Repository Loader utility that occurred at attempt to synchronize the Server repository after the list of update products was changed.

Fixed an error in displaying of hieroglyphs in statistic reports of the PDF format exported via the Control Center.

Resolved an issue due to which the disconnection of the neighbor Server was considered as an abnormal connection termination.

Fixed an error that allowed to export a license key file of the neighbor Server from which licenses were received by an interserver connection.

Fixed an error that allowed to donate licenses from the child Server to the parent Server by an interserver connection.

Fixed errors that occurred during creation of the Server critical data backup via the Control Center.

Resolved an issue that might have caused the errors  of the Server repository update from GUS after the network disconnection.

Fixed an error due to which the information about protection components on uninstalled stations was displayed in the Control Center.

Fixed errors of displaying and processing marks for reading a news feed in the Control Center.

Fixed an error of placing the public encryption key in the shared folder after the Server installation.

Fixed the incorrect message on a result of some tasks execution in the Server schedule.

Fixed an error of the SQL console when processing the queries that contain the “<” sign.

Fixed an error due to which the Server detection service cannot be used, if the Agent installation was run remotely.

Fixed an error in a response on a request of stations list of the Newbies group via the Web API.

Fixed an error of restoring of deleted stations.

Fixed an error of saving changes in the Server configuration via the Control Center.

Resolved an issue due to which notifications via the SNMPv2 protocol were not sent for the Servers under Windows OS.

Resolved an issue due to which SpIDer Guard for Linux settings cannot be changed via the Control Center.

Fixed an inaccuracy when selecting station platforms at configuring the automatic membership in user groups in the Control Center.

Fixed an error of saving the Server repository via the saverepo command.


Known Issues

At upgrading Dr.Web Server under Windows OS from version 10 and earlier, the settings from the following sections of the Control Center will not be transferred into the version 11:

Dr.Web Server configuration Network Download (the download.conf file),

Dr.Web Server remote access (the frontdoor.conf file),

Web server configuration (the webmin.conf file).

At upgrading Dr.Web Server under UNIX system-based OS from version 10 and earlier, the settings from the Web server configuration (the webmin.conf file) section of the Control Center will not be transferred into the version 11.

Settings in these sections will be reset to defaults. If you want to use the settings of the previous version, specify them manually after the Server upgrade in the corresponding sections of the Control Center basing on the data from the configuration files backup.

Through the inter-server connection between the Servers of version 10 and 11 the unsupported repository products can be transferred during the upgrade: old products that are not included into the new Server repository, or new products that are not included into the old Server repository. At this, you can get the upgrade error due to the unknown repository product. In the Repository content section, for such products the name of location directory is given instead of the product name.

This situation may occur, particularly, at the step-by-step upgrade of the Servers in a multi-server anti-virus network.

At the Server upgrade, custom hooks created manually are not saved.

Automatic upgrade of the Server under UNIX system-based OS from the version 6.0.4 to the version 11.0.2 cannot be done. Upgrade can be made only manually. For this, you must delete the Server software of 6.0.4 version saving the backup copy and install the software of the version 11.0.2 based on the saved backup copy.

Dr.Web Enterprise Security Suite of version 11.0.2 supports only Dr.Web Agents for Android of version 12.2 and later.

At regular upgrade of Dr.Web Agents for Android, mobile devices protection will be disabled due to the error of incompatible virus databases version.

Administrator notifications via the Agent protocol (the Dr.Web Agent send method) cannot be sent to a group of stations.

After upgrading the Server to the version 11, some problems may occur in collaboration with the server components of the previous version under UNIX system-based OS. Anti-virus protection is fully ensured, but periodic disconnects from the Server are possible and incorrect information is displayed in the Control Center about the status and operation of anti-virus components. To avoid such problems, upgrade all the server components under UNIX system-based OS to the new versions.

Stable operation of Dr.Web Server under FreeBSD 11.1 OS is not guaranteed. It is recommended to upgrade the system to FreeBSD 11.2.


Installation Notes

System Requirements

For Dr.Web Enterprise Security Suite to be installed and function the following is required

Anti-virus network computers should have access to the Dr.Web Sever or to the Proxy server.

For interaction between the anti-virus components, the following ports must be opened on used computers:

Port numbers

Protocols

Connection directions

Purpose

2193

TCP

incoming, outgoing for the Server and Proxy server

outgoing for the Agent

For connection between the Server and anti-virus components and for interserver communications.

Also is used by Proxy server to establish a connection with clients.

UDP

incoming, outgoing

For the Network Scanner.

139, 445

TCP

incoming for the Server

incoming, outgoing for the Agent

outgoing for the computer on which the Control Center is opened

For the Network Installer.

UDP

incoming, outgoing

9080

HTTP

incoming for the Server

outgoing for the computer on which the Control Center is opened

For Dr.Web Control Center.

9081

HTTPS

10101

TCP

For Server remote diagnostic utility.

80

HTTP

outgoing

For receiving updates from GUS.

443

HTTPS

To install Dr.Web Server 11.0.2, your computer must meet the following requirements:

Component

Requirement

CPU

CPU that supports SSE2 instructions and has 1,3 GHz or faster clock frequency.

RAM

Minimal requirements: 1 GB.

Recommended requirements: 2 GB and more.

Free disk space

Up to 12 GB: up to 8 GB for a embedded database (installation catalog) and up to 4GB for the system temporary catalog (for work files).

Depending on the Server settings, additional space may be required to store temporary files, e.g. to store personal installation packages of Agents (app. 17 MB for each) in the var\installers-cache subfolder of Dr.Web Server installation folder.

To install the Server, it is required on Windows OS system disk or in the /var/tmp for UNIX system-based OS (or in the other temporary files folder, if it is redefined), not dependently on the Server installation folder, at least 4,3 GB for the general distribution kit and 2,5 GB for the extra distribution kit of free system disk space to launch the installer and unpack temporary files.

Operating system

Windows;

Linux;

FreeBSD.

Complete list of supported OS see in the Appendices document, in Appendix A.

Other

For the installation of Dr.Web Server for UNIX system-based OS, the following libraries are required: lsb v. 3 or later, glibc v. 2.7 and later.

To use Oracle DB, the Linux kernel AIO access library (libaio) is required.

To install Proxy server 11.0.2, your computer must meet the following requirements:

Component

Requirement

CPU

CPU that supports SSE2 instructions and has 1,3 GHz or faster clock frequency.

RAM

Not less than 1 GB.

Free disk space

Not less than 1 GB.

Operating system

Windows;

Linux;

FreeBSD.

Complete list of supported OS see in the Appendices document, in Appendix A.

Other

For the installation of Proxy Server for UNIX system-based OS: lsb v. 3 or later.

Together with Dr.Web Server the Dr.Web Security Control Center is installed.

Dr.Web Security Control Center requires:

a)Web browser:

Web browser

Support

Windows Internet Explorer 11

Supported.

Microsoft Edge 0.10 and later

Mozilla Firefox 25 and later

Google Chrome 30 and later

Opera® 10 and later

Allowed to be used, but operating is not guaranteed.

Safari® 4 and later

For the Windows Internet Explorer web browser, please note the following features:

Full operability of the Control Center under web browser with the Enhanced Security Configuration for Windows Internet Explorer mode enabled is not guaranteed.

If you install Server on a computer with a '_' (underline) character in the name, configuration of Server with Dr.Web Security Control Center by use of Windows Internet Explorer will not be available. In this case, use other web browser.

For proper operation of Control Center, IP address and/or DNS name of computer with installed Dr.Web Server must be added to the trusted sites of a web browser, on which you open Control Center.

For proper opening of Control Center via the Start menu under Windows 8 and Windows Server 2012 OS with tiled interface, set the following parameters of a web browser: Tools → Programs → Opening Internet Explorer set the Always in Internet Explorer flag.

b)Recommended screen resolution to use Dr.Web Security Control Center is 1280x1024 pt.

Dr.Web Mobile Control Center requires:

Requirements are differ depending on the operating system on which the application is installed:

Operating system

Requirement

Operating system version

Device

iOS

iOS® 8 and later

Apple® iPhone®

Apple® iPad®

Android

Android 4.0 and later

The NAP requires

For the Server

Windows Server 2008 OS.

For the Agents

Windows XP SP3 OS, Windows Vista OS, Windows Server 2008 OS.

To install Dr.Web Agent and full anti-virus package of 11.0.2 version, your computer must meet the following requirements:

Requirements are differ depending on the operating system on which anti-virus solution is installed (the full list of supported OS see in the Appendices document, in Appendix A):

Windows OS:

Component

Requirement

CPU

1 GHz CPU or faster.

Free RAM

Not less than 512 MB.

Free disk space

1 GB for executable files + extra disk space for logs and temporary files.

Other

1.The Dr.Web Agent for Windows context help requires Windows® Internet Explorer® 6.0 or later.

2.For Dr.Web for Outlook plug-in the the Microsoft Outlook client from the Microsoft Office package is required:

Outlook 2000;

Outlook 2002;

Outlook 2003;

Outlook 2007;

Outlook 2010 SP2;

Outlook 2013;

Outlook 2016.

Linux system-based OS:

Component

Requirement

CPU

CPU with the following Intel/AMD architecture and command system are supported: 32-bit (IA-32, x86); 64-bit (x86-64, x64, amd64).

Free RAM

Not less than 512 MB.

Free disk space

Not less than 400 MB of free disk space on a volume on which Anti-virus folders are placed.

macOS, Android OS: configuration requirements coincide with the requirements for operating system.


Upgrade to Dr.Web Enterprise Security Suite 11.0.2

Important Note

Before updating, it is recommended to check the validity of TCP/IP protocol configuration for the Internet access. Particularly, DNS service must be enabled and properly configured.

In multiserver anti-virus network configuration, consider that interserver updates transmission is not performed between Servers of 11 version and Servers of previous versions and interserver connection is used for transmission statistics only. To provide interserver updates transmission, you must upgrade all Servers. If you need to remain Servers of previous version as a part of the anti-virus network to connect the Agents installed on operating systems which are not supported by the 11 version, when Servers of 6 versions and Servers of the 11 version must receive updates independently.

For the anti-virus network containing Dr.Web Proxy server, at upgrade of the components up to the version 11.0.2, you must also upgrade the Proxy server up to the version 11.0.2. Otherwise, the Agents supplied within version 11.0.2 will not be able to connect to the Server of version 11.0.2. It is recommended to perform the upgrade in the following order: Dr.Web Server → Dr.Web Proxy server → Dr.Web Agent.

During upgrade of the Server from the 6 version to the 11 version, settings of the Sever operation via the proxy server are not saved. After the installation of the 11 version, you must specify the settings of connection via the proxy server manually (see Administration Manual, p. Proxy).

At upgrading the Server, all repository settings will not be transferred to the new version (will be reset to defaults), however they are backed up. If necessary, specify the repository settings manually after the Server upgrade.

Upgrading the Dr.Web Server for Windows® OS

At upgrading Dr.Web Server under Windows OS from version 10 and earlier, the settings from the following sections of the Control Center will not be transferred into the version 11:

Dr.Web Server configuration > Network > Download (the download.conf file),

Dr.Web Server remote access (the frontdoor.conf file),

Web server configuration (the webmin.conf file).

Settings in these sections will be reset to defaults. If you want to use the settings of the previous version, specify them manually after the Server upgrade in the corresponding sections of the Control Center basing on the data from the configuration files backup.

Upgrading of the Server from versions 6 and 10 to the 11 version and within version 11 is performed automatically by the means of the installer.

Saving Configuration Files

At upgrading the Server to the 11 version by the installer means, the configuration files are saved into the folder specified for the back up:

For the upgrade from the version 6: to the <installation_drive>:\DrWeb Backup.

For the upgrade from the versions 10 and within version 11: to the folder that is specified in the Back up Dr.Web Server critical data option during the upgrade (<installation_drive>:\DrWeb Backup by default).

At upgrading of the Server of the version 6, the following files are saved:

File

Description

agent.key (name may vary)

Agent license key file

auth-ads.xml

configuration file for administrators external authorization via Active Directory

auth-ldap.xml

configuration file for administrators external authorization via LDAP

auth-radius.xml

configuration file for administrators external authorization via RADIUS

drwcsd.conf (name may vary)

Server configuration file

dbinternal.dbs

embedded database

drwcsd.pri

private encryption key

drwcsd.pub

public encryption key

enterprise.key (name may vary)

Server  license key file

webmin.conf

Control Center configuration file

At upgrading of the Server of the version 10, the following files are saved:

File

Description

agent.key (name may vary)

Agent license key file

auth-ads.xml

configuration file for administrators external authorization via Active Directory

auth-ldap.xml

configuration file for administrators external authorization via LDAP

auth-radius.xml

configuration file for administrators external authorization via RADIUS

enterprise.key (name may vary)

Server  license key file. The file is saved if it presented after the upgrade from the previous versions. For the new Server 11.0.2 installation, the file is absent

drwcsd.conf (name may vary)

Server configuration file

drwcsd.conf.distr

Server configuration file template with default parameters

drwcsd.pri

private encryption key

drwcsd.pub

public encryption key

download.conf

network settings for generating of the Agent installation packages

frontdoor.conf

configuration file for the Server remote diagnostic utility

webmin.conf

Control Center configuration file

openssl.cnf

Server certificate for HTTPS

At upgrading of the Server within version 11, the following files are saved:

File

Description

agent.key (name may vary)

Agent license key file

auth-ads.conf

configuration file for administrators external authorization via Active Directory

auth-radius.conf

configuration file for administrators external authorization via RADIUS

auth-ldap.conf

configuration file for administrators external authorization via LDAP

auth-ldap-rfc4515.conf

configuration file for administrators external authorization via LDAP using the simplified scheme

auth-ldap-rfc4515-check-group.conf

configuration file template for administrators external authorization via LDAP using the simplified scheme with verification of belonging to an Active Directory group

auth-ldap-rfc4515-check-group-novar.conf

configuration file template for administrators external authorization via LDAP using the simplified scheme with verification of belonging to an Active Directory group and using variables

auth-ldap-rfc4515-simple-login.conf

configuration file template for administrators external authorization via LDAP using the simplified scheme

auth-pam.conf

configuration file for administrators external authorization via PAM

enterprise.key (name may vary)

Server  license key file. The file is saved if it presented after the upgrade from the previous versions. For the new Server 11.0.2 installation, the file is absent

drwcsd-certificate.pem

Server certificate

download.conf

network settings for generating of the Agent installation packages

drwcsd.conf (name may vary)

Server configuration file

drwcsd.conf.distr

Server configuration file template with default parameters

drwcsd.pri

private encryption key

dbexport.gz

database export

drwcsd.pub

public encryption key

frontdoor.conf

configuration file for the Server remote diagnostic utility

openssl.cnf

Server certificate for HTTPS

webmin.conf

Control Center configuration file

yalocator.apikey

API key for the Yandex.Locator extension

If you are planning to use configuration files from the version 6 of the Server, please note:

1.Server license key is no longer supported.

2.The embedded database is upgraded and configuration files of the Server is converted by the means of the installer. You cannot replace these files with a backup copies when upgrading from the Server of version 6.

If necessary, copy other critical files you want to preserve to another folder, other than Server installation folder. For instance, report templates which are stored in the \var\templates folder.

Saving Database

Attention! The MS SQL CE database starting from the 10 version of Dr.Web Server is no longer supported. During automatic Server upgrade by the means of the installer, the MS SQL CE database is automatically converted to the SQLite internal database.

Before upgrade Dr.Web Enterprise Security Suite software, it is recommender to backup database.

For Servers with external DB, it is recommended to use standard tools supplied with the database.

Make sure, that Dr.Web Enterprise Security Suite DB export completed successfully. If DB backup copy is not  available, the Server could not be restored in emergency case.

To upgrade Dr.Web Server

To upgrade Dr.Web Server, run the distribution file.

By default, installer uses the language of the operating system. If necessary, you can change the installation language on any step by selecting the corresponding option in the right upper part of the installer window.

For the external Server database, also select Use existing database during upgrade.

If you are going to use the Oracle DB as an external database via the ODBC connection, then during installation (upgrading) of the Server, in the installer settings, disable the installation of embedded client for Oracle DBMS (in the Database support → Oracle database driver section).

Otherwise, interaction with the Oracle DB via ODBC will fail because of the libraries conflict.

Upgrade from the Version 6

1.The window opens, which notifies you on the previous Dr.Web Server version installed and brief description of the upgrade process to a new version. To start configuring upgrade procedure, click Upgrade.

2.The next window contains the information on the product and the link to the license agreement text. When you read the agreement, to continue the installation, select I accept the terms of the license agreement and click Next.

3.On the following steps, the upgrading Server is configured as at the Installing Dr.Web Server process based on the configuration files from the previous installation. The installation wizard automatically locates the Server installation folder, configuration files and embedded DB location from the previous installation. If necessary, you can change locations of the files which were found automatically by the installer.

4.To uninstall the Server of the previous version and launch the installation process of the 11.0.2 version of the Server, click Install.

During the Server uninstallation, the configuration files are automatically saved to the <installation_drive>:\DrWeb Backup folder.

Upgrade from the Version 10.0

1.The window opens, which notifies you on the previous Dr.Web Server version installed and brief description of the upgrade process to a new version. To start configuring upgrade procedure, click Upgrade.

2.The next window contains the information on the product and the link to the license agreement text. When you read the agreement, to continue the installation, select I accept the terms of the license agreement and click Next.

3.On the following steps, the upgrading Server is configured as at the Installing Dr.Web Server process based on the configuration files from the previous installation. The installation wizard automatically locates the Server installation folder, configuration files and embedded DB location from the previous installation. If necessary, you can change locations of the files which were found automatically by the installer.

4.To uninstall the Server of the previous version and launch the installation process of the 11.0.2 version of the Server, click Install.

5.During the update, the window opens that contains the critical data backup settings before uninstalling the Server of the previous version. It is recommended to set the Back up Dr.Web Server critical data flag. If necessary, you can change the default backup folder (<installation_drive>:\DrWeb Backup).

Upgrade from the Versions 10.0.1, 10.1 and within version 11

1.The window opens, which notifies you on the previous Dr.Web Server version installed and brief description of the upgrade process to a new version. To start configuring upgrade procedure, click Upgrade.

2.The next window contains the critical data backup settings before uninstalling the Server of the previous version. It is recommended to set the Back up Dr.Web Server critical data flag. If necessary, you can change the default backup folder (<installation_drive>:\DrWeb Backup). Click Uninstall to start the uninstalling of the Server of previous version.

3.After the previous version is uninstalled, the new version of the Server starts the installation. The next window contains the information on the product and the link to the license agreement text. When you read the agreement, to continue the installation, select I accept the terms of the license agreement and click Next.

4.On the following steps, the upgrading Server is configured as at the Installing Dr.Web Server process based on the configuration files from the previous installation. The installation wizard automatically locates the Server installation folder, configuration files and embedded DB location from the previous installation. If necessary, you can change locations of the files which were found automatically by the installer.

5.To start the installation of the Server of version 11.0.2, click Install.

After upgrade of anti-virus network Servers is completed, you must do the following:

1.Configure encryption and compression settings for the connected Servers (see the Administrator Manual, the Setting Connections between Several Dr.Web Servers section).

2.Clear the cache of the Web browser that is used to connect to Dr.Web Security Control Center.

Upgrading the Server for UNIX System-Based Systems

At upgrading Dr.Web Server under UNIX system-based OS from version 10 and earlier, the settings from the Web server configuration (the webmin.conf file) section of the Control Center will not be transferred into the version 11.

Settings in this section will be reset to defaults. If you want to use the settings of the previous version, specify them manually after the Server upgrade in the corresponding section of the Control Center basing on the data from the configuration file backup.

All actions must be performed under the root administrator account.

Upgrade of the Server up to the version 11 depends on the initial version:

Upgrade from the version 6.0.4 to the version 11 can be made only manually.

Upgrade from the version 10 to the version 11 automatically over the installed version is possible not for all UNIX system-based OS. Thus, under UNIX system-based OS, on which automatic upgrading over the installed package is not supported, you must perform the upgrade manually.

Upgrading the Server software within version 11 for the same package types is performed automatically for all UNIX system-based OS. If needed, you can also perform the upgrade manually.

At uninstalling and automatic upgrading of the Server to the version 11, configuration files are saved into default backup directory: /var/tmp/drwcs/.

After the Server of 6 version has been removed, the following files are automatically saved:

File

Description

agent.key (the name may vary)

Agent license key file

certificate.pem

SSL certificate

common.conf

configuration file (for some UNIX system-based OS)

dbinternal.dbs

embedded database

drwcsd.conf (the name may vary)

Server configuration file

drwcsd.pri

private encryption key

drwcsd.pub

public encryption key

enterprise.key (the name may vary)

Server  license key file

private-key.pem

RSA private key

webmin.conf

Dr.Web Security Control Center configuration file

After the Server of 10 version has been removed, the following files are automatically saved:

File

Description

agent.key (the name may vary)

Agent license key file

auth-ldap.xml

configuration file for administrators external authorization via LDAP

auth-pam.xml

configuration file for administrators external authorization via PAM

auth-radius.xml

configuration file for administrators external authorization via RADIUS

certificate.pem

SSL certificate

common.conf

configuration file (for some UNIX system-based OS)

dbexport.gz

database export (created during the Server uninstallation using the command drwcs.sh xmlexportdb)

download.conf

network settings for generating of the Agent installation packages

drwcsd.conf (the name may vary)

Server configuration file

drwcsd.pri

private encryption key

drwcsd.pub

public encryption key

enterprise.key (the name may vary)

Server  license key file. The file is saved if it presented after the upgrade from the previous versions. For the new Server 11.0.2 installation, the file is absent

frontdoor.conf

configuration file for the Server remote diagnostic utility

local.conf

Server log settings

private-key.pem

RSA private key

webmin.conf

Dr.Web Security Control Center configuration file

*.dbs

*.sqlite

embedded database

After the Server of 11 version has been removed, the following configuration files are automatically saved:

File

Description

agent.key (the name may vary)

Agent license key file

auth-ldap.conf

configuration file for administrators external authorization via LDAP

auth-ldap-rfc4515.conf

configuration file for administrators external authorization via LDAP using the simplified scheme

auth-pam.conf

configuration file for administrators external authorization via PAM

auth-radius.conf

configuration file for administrators external authorization via RADIUS

certificate.pem

SSL certificate

common.conf

configuration file (for some UNIX system-based OS)

dbexport.gz

database export (created during the Server uninstallation using the command drwcs.sh xmlexportdb)

download.conf

network settings for generating of the Agent installation packages

drwcsd-certificate.pem

Server certificate

drwcsd.conf (the name may vary)

Server configuration file

drwcsd.pri

private encryption key

drwcsd.pub

public encryption key

enterprise.key (the name may vary)

Server  license key file. The file is saved if it presented after the upgrade from the previous versions. For the new Server 11.0.2 installation, the file is absent

frontdoor.conf

configuration file for the Server remote diagnostic utility

local.conf

Server log settings

private-key.pem

RSA private key

webmin.conf

Dr.Web Security Control Center configuration file

yalocator.apikey

API key for the Yandex.Locator extension

After the automatic upgrade, the following files are saved to the backup directory:

For the Server version 10:

File

Description

auth-ldap.xml

configuration file for administrators external authorization via LDAP

auth-pam.xml

configuration file for administrators external authorization via PAM

auth-radius.xml

configuration file for administrators external authorization via RADIUS

db.backup.gz

database export (created during the Server upgrade using the command drwcs.sh exportdb)

For the Server version 11:

File

Description

auth-ldap.conf

configuration file for administrators external authorization via LDAP

auth-ldap-rfc4515.conf

configuration file for administrators external authorization via LDAP using the simplified scheme

auth-pam.conf

configuration file for administrators external authorization via PAM

auth-radius.conf

configuration file for administrators external authorization via RADIUS

db.backup.gz

database export (created during the Server upgrade using the command drwcs.sh exportdb)

If you are planning to use configuration files from the version 6 of the Server, please note:

1.Server license key is no longer supported.

2.The embedded database is upgraded and configuration files of the Server is converted by the means of the installer. You cannot replace these files with a backup copies when upgrading from the Server of version 6.

If necessary, save other files that you are planning to use in the sequel in another location.

Saving Database

Before upgrade Dr.Web Enterprise Security Suite software, it is recommender to backup database.

For Servers with external DB, it is recommended to use standard tools supplied with the database.

Make sure, that Dr.Web Enterprise Security Suite DB export completed successfully. If DB backup copy is not  available, the Server could not be restored in emergency case.

Automatic Upgrade of Dr.Web Server

If you upgrade the Server from 10 version to version 11 (except the Servers installed under Linux OS from the *.rpm.run and *.deb.run packages), instead of deleting the old version and installing the new version of the Server, you can use the package upgrade. For this, launch the installation of corresponding Server package.

Upgrading the Server software within version 11 for the same package types is performed automatically for all UNIX system-based OS.

At this, configuration files will be automatically converted and placed in corresponding directories. Also, some configuration files are additionally stored in the backup directory.

Manual Upgrade of Dr.Web Server

If the Server upgrade from the version 6.0.4 and later cannot be done over the installed package, you must delete the Server software of previous versions saving the backup copy and install the software of the version 11 based on the saved backup copy.

To upgrade Dr.Web Server, perform the following procedure:

1.Stop the Server.

2.If you plan to use any files (besides the files which are copied automatically during the Server uninstall at step 3), backup these files manually, for example, the report templates and etc.

3.Remove the Server software (see Installation Manual, p. Removing Dr.Web Server Software for UNIX® System-Based OS). You will be prompt to create a backup copies of the files. For this, specify the path to store the backup or accept the default path.

4.Install Dr.Web Server version 11.0.2 according to the general installation procedure (see Installation Manual, p. Installing Dr.Web Server for UNIX® System-Based OS) based on the backup copy from the step 3. All saved configuration files and embedded database (if you use embedded database) will be automatically converted to be used by the Server of the 11.0.2 version. Without automatic conversion, database (if you use embedded database) and some of the Server configuration files from the previous version cannot be used.

In case of manual backup, place the files to the same directories where they were located in the previous version.

For all backup files from the previous Server version (see step 4) you must set the user selected at the installation of the new Server version (drwcs by default), as files owner.

5.Launch the Server.

6.Set up repository upgrade and perform the upgrade.

After upgrade of anti-virus network Servers is completed, you must configure encryption and compression settings for the connected Servers (see the Administrator Manual, the Setting Connections between Several Dr.Web Servers section).

Upgrading Dr.Web Agents on Stations under Windows® OS

Upgrade of the Agents Supplied with Dr.Web Enterprise Security Suite 10

Upgrade of the Agents supplied with Dr.Web Enterprise Security Suite 10 is performed automatically.

After the automatic upgrade, the popup notification with restart request is displayed on a station; in the Control Center, restart request after the upgrade is displayed in the station status. Restart a station locally or remotely via the Control Center to complete the upgrade.

If the station was connected to the Server via the Dr.Web Proxy server of version 10 and earlier, you must upgrade the Proxy server up to the version 11 or remove the Proxy server before the Agent upgrading.

Automatic Upgrade of the Agents Supplied with Dr.Web Enterprise Security Suite 6

To perform automatic upgrade, the following conditions must be met:

1.Agents must be installed on a computers under Windows OS which are supported for the installation of Agents for Dr.Web Enterprise Security Suite version 11.0.2 (see the Appendices document, Appendix A. The Complete List of Supported OS Versions).

2.For the automatic upgrade, the following actions are possible depending on the Server settings:

a)Automatic upgrade is performed, if during the Server upgrade, encryption keys and network settings from the previous Server were saved, is performed by the following procedure:

1.The old version of the Agent is uninstalled when upgrade is started.

2.The station is rebooted manually.

3.The new version of the Agent is installed. For this, the task in the Server schedule is automatically created.

4.After the Agent upgrade is completed, the station automatically connects to the Server. In the Status section of the Control Center, the notification on required restart will be displayed for the upgraded station. The station must be restarted.

b)The manual configuration required during the automatic upgrade, if during the Server upgrade, new encryption keys and Server network settings were specified, is performed by the following procedure:

1.Configure settings for connection to the new Server and replace public encryption key on station manually.

2.After changing of the settings on the station and connecting the stations to the Server, the Agent upgrade process starts.

3.The old version of the Agent is uninstalled when upgrade is started.

4.The station is rebooted manually.

5.The new version of the Agent is installed. For this, the task in the Server schedule is automatically created.

6.After the Agent upgrade is completed, the station automatically connects to the Server. In the Status section of the Control Center, the notification on required restart will be displayed for the upgraded station. The station must be restarted.

Please note the following features during automatic upgrade:

1.After removing the Agent, notification on reboot required is not displayed on a station. Administrator must initiate the station reboot.

2.Between the removal of an old Agent version and installing of a new version, stations will have no anti-virus protection.

3.After upgrading of the Agent, the anti-virus software operation will be limited without the station restart. At this, the complete anti-virus protection of the station is not provided. User must restart the station on the Agent demand.

Manual Upgrade of the Agents Supplied with Dr.Web Enterprise Security Suite 6

If installation of the new version of the Agent during automatic upgrade failed for any reason, the next installation attempts are not performed. No anti-virus software will be installed on the station, and such station will be displayed as offline in the Control Center.

In such case, you must install the Agent by yourself. At this, after the new Agent installation, you must merge the new station and the old station in the Control Center, in the hierarchical tree of the anti-virus network.

Upgrade is not Supported

If Agents are installed on stations under OS which are not supported for the installation of Agents for Dr.Web Enterprise Security Suite version 11.0.2, actions to upgrade are not performed.

Agents installed on unsupported OS cannot receive updates (including virus bases updates) from the new Server. If you need to remain Agents under unsupported OS, you must leave the Server of previous version to which these Agents are connected as a part of the anti-virus network. At this, Servers of 6 versions and Servers of the 11.0.2 version must receive updates independently.

Recommendations on upgrading the Agents, installed at the stations that implement significant LAN functions, specified in the Appendices document, p. Upgrading Dr.Web Agents on the LAN servers.

Upgrading Dr.Web Agents on Stations under Android OS

Please note the following features:

Dr.Web Agents for Android must be upgraded manually on mobile devices to operate with Dr.Web Enterprise Security Suite of version 11.0.2.

Dr.Web Enterprise Security Suite of version 11.0.2 supports only Dr.Web Agents for Android of version 12.2 and later.

At regular upgrade of Dr.Web Agents for Android, mobile devices protection will be disabled due to the error of incompatible virus databases version.

To upgrade Dr.Web Agents for Android locally, you can use one of the following ways:

1.If you can download separately the installation package of the Agent standalone version via the Internet.

Before upgrading Dr.Web Server, upgrade Dr.Web Agents for Android manually on mobile devices up to the version 12.2 or later. You can download the new version on Doctor Web company web site at https://download.drweb.com/android/. The new Agent will connect to the Server of previous version normally, after that you can upgrade the Server up to the version 11.0.2 according to the general procedure.

2.If you cannot download separately the installation package of the Agent standalone version via the Internet.

After upgrade of Dr.Web Server, Dr.Web Agents for Android will automatically connect to the upgraded Server. After the upgrade attempt, the protection will be disabled on mobile devices due to the error of incompatible virus databases version. Upgrade the Agents manually directly on mobile devices. You can download installation package of the Agent new version in the Control Center, in the station properties or on the installation page.

3.If you cannot download separately the installation package of the Agent standalone version via the Internet, and the upgrade error occurrence on a mobile device is unwanted.

Before upgrading the Server, disconnect Dr.Web Agents for Android. In this case, mobile devices will not be able to connect to the new Server for downloading incompatible updates. Upgrade the Server up to the version 11.0.2 according to the general procedure. Download installation package of the Agent new version in the Control Center, in the station properties or on the installation page. Upgrade the Agents manually on mobile devices. Connect upgraded Agents to the new Server.

Upgrading Dr.Web Agents on Stations under Linux OS and macOS

Agents installed on stations under Linux system-based OS and macOS connect to the Server of the 11.0.2 version if the following conditions are met:

1.Agents must be installed on a computers under operation systems which are supported for the installation of Agents for Dr.Web Enterprise Security Suite version 11.0.2 (see the Appendices document, Appendix A. The Complete List of Supported OS Versions).

2.Encryption keys and network settings from the upgraded Server must be set on the stations.

After connecting the stations to the updated Server:

1.Only virus databases will be updated on stations. Automatic upgrade of the anti-virus software itself is not performed.

2.If the last software version is installed on stations, no actions required.

3.If the software on stations is outdated, download installation package of the Agent new version in the Control Center, in the station properties or on the installation page. Upgrade the station software manually as described in the corresponding User Manual.


Additional Information

Technical Support

If you encounter any issues installing or using company products, before requesting for the assistance of the technical support, take advantage of the following options:

Download and review the latest manuals and guides at https://download.drweb.com/doc/.

Read the frequently asked questions at https://support.drweb.com/show_faq/.

Browse the Dr.Web official forum at https://forum.drweb.com/.

If you have not found solution for the problem, you can request direct assistance from Doctor Web company technical support by one of the following ways:

Fill in the web form in the corresponding section at https://support.drweb.com/.

Call by phone in Moscow: +7 (495) 789-45-86.

Refer to the official website at https://company.drweb.com/contacts/offices/ for regional and international office information of Doctor Web company.

Copyright

© Doctor Web, 2018. All rights reserved

This document is the property of Doctor Web. No part of this document may be reproduced, published or transmitted in any form or by any means for any purpose other than the purchaser's personal use without proper attribution.

Trademarks

Dr.Web, SpIDer Mail, SpIDer Guard, CureIt!, CureNet!, AV-Desk, KATANA and the Dr.WEB logo are trademarks and registered trademarks of Doctor Web in Russia and/or other countries. Other trademarks, registered trademarks and company names used in this document are property of their respective owners.

Disclaimer

In no event shall Doctor Web and its resellers or distributors be liable for errors or omissions, or any loss of profit or any other damage caused or alleged to be caused directly or indirectly by this document, the use of or inability to use information contained in this document.


© Doctor Web, 2018