they have most-talented Russian Programmers in their R&D , it would not be hard to do what they want IMO,
Looks like it. How come they can't block dynamic forking then? They can't stop me from marking the Hosts file for removal on reboot and then forcing a BSOD crash from user-mode either.

I already looked at dwsguard32.dll, dwsguard64.dll and dwprot.sys... :D I can see what they can and cannot do

I get it... you like dr.web... what I am posting is my own personal view

What is the problem now...

they have most-talented Russian Programmers
btw this isn't even an opinion it's an incorrect statement because Kasperksy is Russian and they have the hyper-visor usage, Dr.Web do not ;) :p

but yes this isn't about Kaspersky so I won't bring it up again. just wanted to point that out
Last edited by a moderator:


Level 25
Content Creator
Hi all,

This is a test of Dr. Web KATANA. No signatures, no problem? Well Dr. Web seem to think so, but lets take a look & double check ;)

Thanks for watching, more videos coming soon!
If you're looking to remedy the Windows Defender popups and stop it turning itself on when you're moving malware samples around: Open the start menu, type services.msc, scroll down to Windows Defender, right click on it and click stop, then go into properties and set its startup type to disabled. Hopefully that will solve the issues.

Thanks a lot for the video. :)

Edit: Didn't notice Dani Santos already told you how to do it a different way. Apologies! :oops:
Last edited:


  • Windows Defender on W10 has quite a few bugs
  • Katana does use signatures, although it uses a cloud lookup instead of local signatures (see below from Dr Web website)
* * * * *
Lightning-like — analyses the behaviour of each threat in real time and immediately neutralises harmful scripts and processes that your anti-virus didn’t manage to recognise.

Dr.Web KATANA’s protection is based on non-signature-based search methods, the neutralization of malware, and cloud protection technologies. The product analyses and monitors all system processes and blocks those that exhibit malicious behavior.

To detect malicious actions, Dr.Web KATANA uses information stored by the anti-virus locally (they're talking about algorithms and libraries here, and not signatures) as well as Dr.Web Cloud reputation data which includes:
  • Information about the routines used by programs having malicious intentions;
  • Information about files that are 100% clean;
  • Information about the compromised digital signatures of well-known software developers;
  • Information about digital signatures used by adware and riskware;
  • Protection routines used by specific applications.
* * * * *
  • Katana is not a complete anti-ransom solution; it is going to fail against a lot of ransomware
  • Katana was released as version 1.0 and it remains at version 1.0; it hasn't been updated since its initial release
Submit bug reports... don't forget to send the samples...
Last edited by a moderator: