Dr.Web KATANA - A non-signature anti-virus

Status
Not open for further replies.

Ben10

Level 1
Thread author
Verified
Nov 25, 2015
23
Russian anti-virus company Doctor Web has released its next-generation product — the Dr.Web Katana, which is designed to protect against new threats that your anti-virus is not yet equipped to recognize. The new anti-virus Dr.Web Katana is based on proactive technologies that do not involve the use of virus databases: the decision as to whether a particular malware program should be neutralised is made only on the basis of a mining model of the behaviour of the applications running on a computer.

Homepage : Dr.Web® — инновационные технологии антивирусной безопасности. Комплексная защита от интернет-угроз.

Release note : Dr.Web Katana – the next-generation product that provides advanced protection
 

Cch123

Level 7
Verified
May 6, 2014
335
Looks like Webroot's model with the limited info they released.

Traditional behavioural analysers are based on predefined rules describing the behaviour of legitimate programs. Such rules are well known to criminals. Dr.Web Katana acts differently. This product analyses the behaviour of each running program in real time by comparing it with the reputation information stored in the Dr.Web cloud which is constantly being updated. Dr.Web Katana subsequently uses that information to determine whether a program is dangerous and then takes whatever measures are necessary to neutralise the threat.
 
  • Like
Reactions: XhenEd

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Is this an offline behaviour blocker I see?! I'm so hyped right now to try this out!
Thanks to Dr.Web ShellGuard, when analysing a potentially malicious action, the protection system uses not only predefined rules stored locally on the computer, but also data from the Dr.Web Cloud service.
It really is offline+cloud! :eek::cool::D
 
Last edited:

OokamiCreed

Level 18
Verified
Honorary Member
Top Poster
Well-known
May 8, 2015
881
Looks the same and has the same settings as Dr. Web's flagship product. It's just stripped down and only slightly less expensive (I may get hate for saying that). Running at 13.5MB with only one process. Proactive protection features in Dr. Web are great but they really should cut down the price since this is nothing really new.

For those who run a free AV and firewall, the price won't be a problem. If you pay for your AV, you might not like the price tag. If you already own Dr. Web, don't get this. You already have these features in your product unless there is something hidden deep under the hood. Maybe cloud is a bit different? Would have to conduct a test to prove that it has changed though.
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
In my short test, this seems more like a very weak HIPS and not like an old school BB.
Haven't had time to test it with much except one rootkit and one trojan downloader, the downloader was detected by their cloud after execution, the two payloads however were not. One tried to modify the host files which I blocked but both were still running after a system restart. The rootkit did its dirty deed without any warnings, it dropped a driver and modified the autostart settings. Quite the let down to be honest. :(
KATANA was running with every setting set to ask btw.
 
L

LabZero

Dr.Web Katana 1.0

Dr.Web Katana (Kills Active Threats And New Attacks) protects your system against computer threats by means of non-signature-based technologies—using behavior analysis, cloud-based threat detection, and preset rules. The program does not conflict with third-party anti-viruses and can operate in a team with them to enhance your computer's security.

Dr.Web Katana’s protection is based on non-signature-based search methods, the neutralization of malware, and cloud protection technologies. The product analyses and monitors all system processes and blocks those that exhibit malicious behavior.

Traditional behavioural analysers are based on predefined rules describing the behaviour of legitimate programs. Such rules are well known to criminals. Dr.Web Katana acts differently. This product analyses the behavior of each running program in real time by comparing it with the reputation information stored in the Dr.Web cloud which is constantly being updated. Dr.Web Katana subsequently uses that information to determine whether a program is dangerous and then takes whatever measures are necessary to neutralize the threat.

Dr.Web Katana does not use virus databases (and, therefore, does not have a virus database that requires updating). The product is virtually invisible with regards to system load and resource consumption. Furthermore, it does not require any configuration.

Please note that Dr.Web Katana is not a replacement for a signature-based anti-virus; it operates efficiently in conjunction with other anti-viruses besides Dr.Web.

Dr.Web Katana features

  • Protects critical system areas from being modified by malware.
  • Detects and stops the execution of malicious, suspicious or unreliable scripts and processes.
  • Detects unwanted file modification, monitors the operation of all processes to detect actions that are typical of malware (e.g., the activities of encryption ransomware), and prevents malicious objects from injecting their code into other processes.
  • Detects and neutralises threats that have not yet been discovered and entered in the Dr.Web virus database: encryption ransomware, injectors, remote-controlled malware used for espionage and to create botnets, and malware packers.
  • Protects against exploits—malicious objects that take advantage of software flaws, including those not yet known to anyone except for the intruders who created them (i.e., zero-day vulnerabilities). If it detects that malicious code is attempting to exploit a vulnerability, Dr.Web Katana will end the attacked process immediately.
  • Controls the operation of the most popular browsers and their associated plugins; protects against browser blockers.
  • Blocks malware’s ability to modify boot disk areas in order to prevent the launch of Trojan horses, for example, on your computer.
  • Blocks changes from being made to the Windows Registry to ensure that the safe mode won't be disabled.
  • Prevents malicious programs from altering basic system routines. By blocking certain Windows Registry keys, it prevents malware from changing the appearance of the desktop or hiding a Trojan with a rootkit.
  • Prevents malware from changing launch permissions.
  • Prevents new or unknown drivers from being downloaded without user consent.
  • Prevents malware and certain other applications, such as anti-antiviruses, from adding their entries into the Windows Registry where they could be launched automatically.
  • Locks registry sections containing information about virtual device drivers, ensuring that no new virtual devices are created.
  • Blocks connections between spyware components and the server that controls them.
  • Prevents malware from disrupting system routines such as scheduled backups.
  • Does not conflict with third-party anti-viruses
  • No configuration is required
  • For Windows 10/8/8.1/7/Vista SP2/XP SP2+ (32 - and 64-bit systems)
Download: Dr.Web Katana 1.0 | 35.6 MB (Shareware)
View: Dr.Web Katana Home Page

SOURCE

drwebkatana.jpg
 
Last edited by a moderator:

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
In my short test, this seems more like a very weak HIPS and not like an old school BB.
Haven't had time to test it with much except one rootkit and one trojan downloader, the downloader was detected by their cloud after execution, the two payloads however were not. One tried to modify the host files which I blocked but both were still running after a system restart. The rootkit did its dirty deed without any warnings, it dropped a driver and modified the autostart settings. Quite the let down to be honest. :(
KATANA was running with every setting set to ask btw.


I tested Dr.Web 11 yesterday with few trojans...no alerts from Dr.web. trojans were in memory, one escaped from Comodo cloud AV..still no sign from Dr.Web/Katana.

:(
 

Moose

Level 22
Jun 14, 2011
2,271
It like Kaspersky and Comodo Firewall, you must configure. Run Zemana AntiMalware
in realtime
with Dr. Web Security Space in Paranoid Mode with Firewall. Remember
Zemana AntiMalware is King in Worms detection! An layering of security, with great
software, combinations.

Dr. Web re-guest tickets start off slow, but after they answer you will get an average of
5 responses a day.



It like Kaspersky and Comodo Firewall, you must configure.
 
Last edited:
D

Deleted Member 333v73x

Can it be used as a companion Anti-Virus or standalone only?
 
Last edited by a moderator:
  • Like
Reactions: Moose
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top