App Review DrWeb Security Space BETA

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 40
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
High Reputation
Forum Veteran
Sep 2, 2021
2,969
37,856
3,880
29
France
Content source
https://odysee.com/@Shadowra:f/DrWeb-Security-Space-BETA:1
DrWeb is a Russian antivirus publisher, a compatriot of Kaspersky.
For several years, they have been offering an antivirus solution called Security Space to protect machines.
They are also known for their disinfection solutions called CureIT and provide some solutions to eradicate and decrypt certain ransomware.
In this test, we will observe how DrWeb succeeds or fails in protecting the machine against threats.

Please note: By default, DrWeb does not install its firewall. I installed it deliberately.
After that, DrWeb is no longer interactive and relies on rules. When running it for the first time, I allow the connection to see if the other modules react or not. If I see a second alert (or a different payload), I block the connection or create a blocking rule.



Interface :

The product interface has changed little since I last tested it. It offers a mini interface and then deploys its large interface. You can therefore see its various shields (Spider Guard, Spider Gate, etc.), which are its agents (resident protection, web filtering, etc.).
I leave everything at default, including the predefined rules for behavioral protection (called Katana; DrWeb also offers a version with only behavioral protection).

Resource consumption: It is lightweight but tends to slow down Internet browsing speed.

Web protection: 4,5/9
DrWeb blocks half of the malicious links, including one partially during installation (the dropper installed the NanoCore RAT), which was blocked by the anti-malware engine.

A fairly average result.

Fake crack : N/A
The sample is too old and the site that distributed it was down.
Skipped.

Malware Pack : Remaining 45 threats out of 85
Once again, DrWeb's anti-malware engine is very average, but the software will also suffer from bad luck.

During testing, DrWeb was unable to recover from its errors. Apart from the firewall, which tried to do what it could (it is preconfigured, so processes signed by Microsoft will pass without alert, such as LOLBins - wscript.exe and co), the machine was heavily infected afterwards, to the point of crashing completely. To continue the cleaning process, I had to restart the machine without videos.

Final scan :
DrWeb : 0
NPE : 25
KVRT : 17 (Memory Infected)


Final opinion:

DrWeb is a very average antivirus program. It does not evolve while malware is constantly evolving, remaining stuck in the past.
It offers good solutions, but they are underutilized. As a result, the antivirus program is completely outdated and unable to catch up with subsequent actions.
Not recommended.

@Tachikoma request
 
  • +Reputation
  • Like
  • Thanks
Reactions: Behold Eck, Neno, alex mall and 19 others
Shadowra said:
DrWeb is a Russian antivirus publisher, a compatriot of Kaspersky.
For several years, they have been offering an antivirus solution called Security Space to protect machines.
They are also known for their disinfection solutions called CureIT and provide some solutions to eradicate and decrypt certain ransomware.
In this test, we will observe how DrWeb succeeds or fails in protecting the machine against threats.

Please note: By default, DrWeb does not install its firewall. I installed it deliberately.
After that, DrWeb is no longer interactive and relies on rules. When running it for the first time, I allow the connection to see if the other modules react or not. If I see a second alert (or a different payload), I block the connection or create a blocking rule.



Interface :

The product interface has changed little since I last tested it. It offers a mini interface and then deploys its large interface. You can therefore see its various shields (Spider Guard, Spider Gate, etc.), which are its agents (resident protection, web filtering, etc.).
I leave everything at default, including the predefined rules for behavioral protection (called Katana; DrWeb also offers a version with only behavioral protection).

Resource consumption: It is lightweight but tends to slow down Internet browsing speed.

Web protection: 4,5/9
DrWeb blocks half of the malicious links, including one partially during installation (the dropper installed the NanoCore RAT), which was blocked by the anti-malware engine.

A fairly average result.

Fake crack : N/A
The sample is too old and the site that distributed it was down.
Skipped.

Malware Pack : Remaining 45 threats out of 85
Once again, DrWeb's anti-malware engine is very average, but the software will also suffer from bad luck.

During testing, DrWeb was unable to recover from its errors. Apart from the firewall, which tried to do what it could (it is preconfigured, so processes signed by Microsoft will pass without alert, such as LOLBins - wscript.exe and co), the machine was heavily infected afterwards, to the point of crashing completely. To continue the cleaning process, I had to restart the machine without videos.

Final scan :
DrWeb : 0
NPE : 25
KVRT : 17 (Memory Infected)


Final opinion:

DrWeb is a very average antivirus program. It does not evolve while malware is constantly evolving, remaining stuck in the past.
It offers good solutions, but they are underutilized. As a result, the antivirus program is completely outdated and unable to catch up with subsequent actions.
Not recommended.

@Tachikoma request
Click to expand...

Thanks for sharing this test – here’s a concise breakdown and some thoughts on what it shows about Dr.Web Security Space (BETA).

Test recap
  • Interface: Still the classic Dr.Web style with mini + full UI and the usual modules (SpIDer Guard, SpIDer Gate, etc.). Katana (behavior blocker) is present but left at defaults.
  • Performance: Light on system resources, but noticeably slows web browsing.
  • Firewall: Installed manually. Once rules are set, it becomes mostly non‑interactive. Microsoft-signed processes are auto‑trusted, which lets LOLBins (wscript.exe, etc.) communicate without clear prompts.

Protection results

Web protection: 4.5/9
  • Blocked around half of the malicious URLs.
  • One dropper managed to install NanoCore RAT; only later was it stopped by the file‑based engine.
  • Net effect: average at best, especially compared to modern products that rely heavily on URL / reputation blocking to stop attacks early.

Malware pack: 45/85 left
  • Roughly half the samples survived, which is very weak for a modern suite.
  • Once things went wrong, Dr.Web couldn’t really recover – no strong remediation or rollback.
  • Firewall tried to help, but its trust model (especially for signed system binaries) allowed living‑off‑the‑land abuse.
  • System ended up heavily infected and unstable to the point of crashing; cleanup could only continue after reboot and without video capture.

Final scan:
  • Dr.Web: 0 detections (post‑infection, nothing more found/remediated)
  • Norton Power Eraser: 25 detections
  • Kaspersky Virus Removal Tool: 17 detections, including memory infections

Overall assessment based on this test
  • Signature‑based engine appears average or below average in this scenario.
  • Behavior blocking / “Katana” doesn’t seem to compensate for missed signatures, at least on default settings.
  • Firewall is not tightly integrated as a strong, interactive HIPS – more like a rule‑based network filter that’s too trusting of system-signed binaries.
  • No strong post‑infection recovery: once the system is compromised, Dr.Web doesn’t seem to have the rollback / cleanup depth you see in stronger products.

Your conclusion that Dr.Web feels “stuck in the past” and “not recommended” is consistent with what this specific test shows: in a modern, multi‑stage malware scenario, it doesn’t keep up, and it fails both at prevention and at cleanup.

If someone still wants to use Dr.Web despite this (not a recommendation, just practical points):
  • Harden the settings:
    • Max out heuristic / cloud / behavior options if available.
    • Tighten firewall rules and make it more interactive where possible.
  • Do not rely on it alone:
    • Use additional on‑demand scanners (KVRT, Emsisoft Emergency Kit, etc.) for regular checks.
    • Keep good offline backups; don’t assume it will save you from a serious compromise.

Bottom line:
Based on this test, Dr.Web Security Space (even in BETA) looks significantly behind current top‑tier solutions in both prevention and remediation. For most users, there are safer, more capable alternatives right now.
 
  • Like
  • +Reputation
  • Thanks
Reactions: BigWrench, Virus, Kongo and 1 other person
Shadowra said:
DrWeb is a Russian antivirus publisher, a compatriot of Kaspersky.
For several years, they have been offering an antivirus solution called Security Space to protect machines.
They are also known for their disinfection solutions called CureIT and provide some solutions to eradicate and decrypt certain ransomware.
In this test, we will observe how DrWeb succeeds or fails in protecting the machine against threats.

Please note: By default, DrWeb does not install its firewall. I installed it deliberately.
After that, DrWeb is no longer interactive and relies on rules. When running it for the first time, I allow the connection to see if the other modules react or not. If I see a second alert (or a different payload), I block the connection or create a blocking rule.



Interface :

The product interface has changed little since I last tested it. It offers a mini interface and then deploys its large interface. You can therefore see its various shields (Spider Guard, Spider Gate, etc.), which are its agents (resident protection, web filtering, etc.).
I leave everything at default, including the predefined rules for behavioral protection (called Katana; DrWeb also offers a version with only behavioral protection).

Resource consumption: It is lightweight but tends to slow down Internet browsing speed.

Web protection: 4,5/9
DrWeb blocks half of the malicious links, including one partially during installation (the dropper installed the NanoCore RAT), which was blocked by the anti-malware engine.

A fairly average result.

Fake crack : N/A
The sample is too old and the site that distributed it was down.
Skipped.

Malware Pack : Remaining 45 threats out of 85
Once again, DrWeb's anti-malware engine is very average, but the software will also suffer from bad luck.

During testing, DrWeb was unable to recover from its errors. Apart from the firewall, which tried to do what it could (it is preconfigured, so processes signed by Microsoft will pass without alert, such as LOLBins - wscript.exe and co), the machine was heavily infected afterwards, to the point of crashing completely. To continue the cleaning process, I had to restart the machine without videos.

Final scan :
DrWeb : 0
NPE : 25
KVRT : 17 (Memory Infected)


Final opinion:

DrWeb is a very average antivirus program. It does not evolve while malware is constantly evolving, remaining stuck in the past.
It offers good solutions, but they are underutilized. As a result, the antivirus program is completely outdated and unable to catch up with subsequent actions.
Not recommended.

@Tachikoma request
Click to expand...

I've been telling my friends for decades—this Spider Doctor had so much potential! Too bad it stayed in the waiting room all this time. And guess what? Turns out its Achilles’ heel is none other than Latrodectus—the Black Widow herself. Talk about poetic irony!
 
  • Like
  • +Reputation
  • HaHa
Reactions: Sorrento, piquiteco, Trident and 6 others
I've always been a fan of the interface, the notifications and how it handles detected threats. Regarding that it's russian-based I personally will not try it in the near future. Aside from the poor detection rate.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Sorrento, Khushal, Miravi and 4 others

You may also like...