Q&A Will there be a Dr Web Security Space 12?


Level 70
Malware Hunter
Apr 5, 2014
Due to some blah blah blah Info the 12 version is underway...may be 2019...from an unknown crow :D
  • Like
Reactions: upnorth


Level 17
May 16, 2013
It will be just wait...some good staffs are in the way.
Last version for Dr.Web 12 was updated at 27.08.2018.
  • Like
Reactions: upnorth


Level 17
May 16, 2013
There are a lot of changes, including a redesigned interface, everything you like and returned a green (!) Icon. Work done a lot, bugs at the start, more than enough, go!

The main changes in Dr.Web Security Space 12.0:
  • The graphic interface of the product has been redesigned. Protection components from the menu (on / off) are transferred to the "Security Center" and are divided into "Local Protection" and "Network Protection". Also, the "Security Center" was made the settings of the program.
  • The "Security Center" has blocks of components responsible for protection: "Parental Control", "Exceptions" and "Tools." Also on the main window there is a new functionality: "Privacy" (protection of web cameras and microphones).
  • Starting with the version of Dr.Web 12.0, the product is no longer installed on the operating systems of Windows XP and Windows Server 2003.
  • In the new version, the "Preventive Protection" component has been transformed into three separate components: "Activity Monitor", "Protection against extortionists" and "Protection from exploits". All three components are located on the "Local Protection" window, each of them can be separately turned on and off and set the parameters for them.
    • The component "Protection against extortionists" is responsible only for Dr.Web reaction to application access to user files. When the component is turned on, protection starts (application access to user files begins to be regulated).
    • The "Protection from exploits" component allows you to block malicious objects that exploit vulnerabilities in popular applications.
  • Changed "Data loss protection": instead of the ability to create copies, the user can now add important folders to the protection. For each folder that the user wants to protect, he can set specific access options: to change and delete. Enabling protection for specified folders (and files inside them) does not prohibit viewing them, and they can also be copied.
    The possibility of restoring backups created in previous versions of the product is left.
  • There was a "Notification Tape", in which the information displayed in the baluns, which the user did not have time to read or did not respond (not pressed the button in the balun) will accumulate.
  • Added the ability to configure the automatic reboot at a specific time.
  • An area for displaying the status of protection status appeared in the menu. If any security components are disabled, a corresponding alert status is displayed in the menu.
  • In the settings of Dr.Web Firewall for Windows, it became possible to search among the created rules for applications and a set of rules for applications.
  • Drivers for Dr.Web Firewall for Windows driver (drweblwf.sys) and Dr.Web Net Filter for Windows (dw_wfp.sys) are united into a single driver.
  • Dr.Web Firewall for Windows notify module is transferred to the agent.
  • Implemented optional auto-deletion of records in statistics.
  • In the update statistics update information on the amount of downloaded updates.
  • Parental control statistics added date / time and lock category information
  • Implemented multiple choice when adding files and folders under protection or exceptions.
  • There are improvements related to Parental control:
    • the ability to select the length of time for continuous work on the computer;
    • An opportunity to find out how much more time you can work if the Parental Control lock is enabled.
  • The system of advice to users has been removed.
  • Removed Dr.Web Hypervisor (dwhv.sys).


Dr Web 12 seems OK. Doesn't seem to be too many issues with a quick look at it. Some minor GUI display bugs in Firewall rules creation wizard\alerts. I like it better than 11.
  • Like
Reactions: harlan4096 and Jack

Deleted Member 3a5v73x

Can't find a reason why would some chose Dr.Web over Kaspersky, since both come from RU. Personal liking probably, Dr.Web most likely still have many loyal users from XP golden times.. I live near Russia's border and do sometimes feel like Dr.Web is more used and targeted in-country wide than Kas.
Last edited by a moderator:


Can't find a reason why would some chose Dr.Web over Kaspersky, since both come from RU. Personal liking probably, Dr.Web most likely still have many loyal users from XP golden times.. I live near Russia's border and do sometimes feel like Dr.Web is more used and targeted in-country wide than Kas.

Personal preference.

Dr Web understandably hates Kaspersky.

I think Dr Web offers good support resources. That's good for those that want it.


I was able to bypass the Dr Web firewall using a shortcut that calls BItsadmin to download a file and then execute it. The firewall does not pick-up bitsadmin because in Windows it appears that it is SYSTEM (pid 4) is doing the actual download. I used Winja as the download test file. Now Winja doesn't do anything that is going to provoke Dr Web even when the Prevention (Katana module) is set to Paranoid.. The point of the test was to see if I could bypass the firewall only - instead of also bypassing Dr Web's behavior analysis (prevention) by installing Winja.

If I set the Dr Web firewall to Ask User for all programs, then I get a firewall alert for SYSTEM when bitsadmin attempts to download the file. A typical user isn't going to get what is happening.

In short, Dr Web isn't detecting basic malicious shortcut files. However, all is not lost. Don't get too bent out of shape.

If I do the same test using Process Hacker, then Dr Web doesn't block the download, but it does detect and removes the Process Hacker install. Process Hacker is detected as a threat. Why ? Because it installs a driver that can be exploited and used as a hack tool. So may AVs detect it. It is good and safe to use for testing.

The scan engine will use high % during a CPU scan. However, that isn't much of a fret as one shouldn't be scanning their entire system all the time.

However, disinfection\removal uses high CPU temporarily. I can see people complaining about that.

Overall it is decent. It isn't perfect, but it is decent. From what I am seeing, it is quite likeable.

It's like most security programs... the user isn't going to know what to expect unless they practice with it. And most importantly, practice with malware.
Last edited by a moderator:


Level 44
Jan 27, 2017
I have a comped Dr. Web 1 year license for 10 PC's and was playing with this recently.

Previously, I found SS11X to be underwhelming in some areas, and good in other areas. One area I really disliked was the firewall. It added weight to the system, dragged web pages a bit, and worse - wasn't capable at speeds exceeding around 250Mbps. I am happy to report they've resolved all of my firewall complaints and it can handily deal with 250Mbps-1000Mbps range connections without any issue.

Another area they've clearly taken to the next level is the heuristic web scanner. It is exceptionally capable at spotting malicious acting websites and the generic/heuristic detection has been absolutely fantastic in my tests. Even slightly modified payload websites it was able to detect and block mid-stream. I'm feeling at this point it's heuristic web scanner is on par with Kaspersky and Sophos Home Premium. Which is a really good thing given the prevalence of payloaded web pages.

As noted above, CPU spiking can happen on detection as well as on-demand scanning. Not a big deal for average people not dropping 200 packs on their system or scanning constantly.

They've reduced the weight of the product significantly, it feels equivalent to something like Norton these days.

I can't say how it performs under a wide range of conditions in terms of detection so we'll leave that there without further testing available.

One major thing - they have 24/7 support now, including in English. I had the need to use support a few times in the last couple of days messing with it and they've been extremely proactive. Probably better than most firms I have dealt with in this area.

So far, as Lockdown noted above, it's quite likable.

Here's a vid of their new anti-ransomware tech.
Last edited:

Mahesh Sudula

Level 17
Sep 3, 2017
The only downside here is :
What Dr WEB calls it as Anti Ransom module is non existent, as protected folders is doing it's job.
Scan time, UI, Slight change in the update pattern are improved, Heuristics are not at par as of present malware trend.
Recommendable but user should be knowledged to take it's alerts
  • Like
Reactions: Divine_Barakah