Add to the library


News & Events | Promotions | Licensing center | Anti-cyber fraud center | Customers | Company

Dr.Web ATM Shield

Centralised protection for embedded systems (ATMs, terminals and multi-kiosks)

Dr.Web ATM Shield

Buy Demo Dr.Web ATM Shield My Dr.Web Portal login


  • Low system requirements; updates consume minimal bandwidth.
  • Reliable protection from zero-day programs including those that haven't yet been analysed by the Doctor Web anti-virus laboratory.
  • Simple to deploy; a secure network can be managed with ease.

    The Control Center is provided free of charge.

  • All rights to Dr.Web technologies are reserved by Doctor Web. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies for detecting and curing malware. Dr.Web software incorporates a proprietary anti-virus engine. Doctor Web has its own in-house anti-virus laboratory, a global virus monitoring service and a technical support service.
  • Customer trust—Dr.Web is trusted by major Russian governmental entities, large companies, Russian and international banks, and government organisations, including those with multiple branches and networks with tens of thousands of computers.

You are mistaken, if you believe that:

  • Malware cannot penetrate an embedded system that is only accessible to technical specialists;
  • Once installed on a device, systems based on checksum verification programs offer sufficient protection;
  • A small amount of RAM and a low performance CPU make it impossible to protect such devices with an anti-virus.

Not true! Only an anti-virus provides protection against malicious programs—including those created specifically for ATMs. Designed for embedded systems, Dr.Web ATM Shield incorporates state-of-the-art anti-virus security technologies and fully protects embedded systems of any configuration.

Find out more!


  • Per number of protected embedded systems
  • The Control Center comes with Dr.Web ATM Shield free of charge.

Expand all Collapse all

Dr.Web—always the first

The first malware species targeting ATMs was detected in Russia in March 2009. It was found that the virus (Trojan.Skimer) could easily steal money from cardholder accounts. This threat was implemented as a Trojan horse that collected credit card information and PIN codes attached to the cards. Infected ATMs were first discovered in Moscow, and later in St. Petersburg.

Doctor Web was the first to respond to this threat: the company alerted the public to Trojan.Skimer’s existence and then developed an anti-virus for embedded computer systems (ATMs, multi-kiosks, and POS networks) that offers real-time protection from viruses — Dr.Web ATM Shield. This product was developed on the basis of Doctor Web’s flagship product Dr.Web Enterprise Suite, whose main advantages (expressly taking into account the specifics of banking networks) apply to Dr.Web ATM Shield.

Seamless integration

The many advantages of Dr.Web ATM Shield include:

  • Deploying the anti-virus network is easy;
  • The anti-virus packages deployed on the client side have many configuration options;
  • The server rapidly and efficiently distributes virus database and application module updates between protected hosts; no additional configuration or custom update schedules are required;
  • Extremely easy administration.

With the hierarchical multi-server Dr.Web ATM Shield protection system, where interconnected servers provide protection for an entire company network, information about the entire network is collected on one server; this solution is the best choice for organisations with multiple branches, e.g., banks. This highly scalable solution can be deployed in networks of different sizes and topologies, ranging from several connected embedded computer systems to complex distributed networks connecting tens of thousands of hosts.

With Dr.Web ATM Shield, organizations guarantee themselves minimal losses in the event of virus attacks, eliminate downtime, and simplify system maintenance.

Detection of all types of threats

Technologically complex and highly dangerous viruses, especially those designed for commercial gain, are normally tested by virus writers using all known anti-virus software before they are released into the wild; this ensures that the viruses go undetected by anti-viruses for as long as possible. Preventing such infections is a complex task that can only be solved by means of modern technologies and anti-virus products.

  • Protection from unknown threats using the unique non-signature detection technology Origins Tracing™ and the intelligent Dr.Web heuristic analyser. The heuristic analyser, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats.
  • With the unique FLY-CODE™ technology at its disposal, Dr.Web detects and removes malware disguised with unknown packers. The comprehensive analysis of packed threats significantly improves the detection of supposedly “new” malicious programs that were known to the Dr.Web virus database before they were concealed by new packers. Such an analysis also eliminates the need to add redundant definitions of new threats to the virus database.
  • Neutralises viruses, Trojans and other malware.
  • Comprehensive databases for detecting spyware, riskware, adware, hack tools, and jokers.
Cures viruses

A good anti-virus application can detect viruses. Deleting an infected file that may contain important information is one thing, but restoring the file to its original, healthy state is entirely different matter.

Dr.Web detects and cures viruses

  • The Dr.Web anti-virus functions on infected computers; its exceptional resistance to viruses makes it a stand-out among other anti-viruses.
  • A system does not need to be cured prior to Dr.Web’s installation; this is due to the product’s unique technologies for scanning memory processes and its outstanding ability to neutralise active infections. It can even be run from external media without installing it in the system (for example, from a USB stick) and cure active threats during installation.
  • Dr.Web is capable of detecting and neutralising viruses that only reside in the RAM and never exist as separate files. Even today, few anti-viruses can neutralise such threats.
  • Dr.Web can reliably detect packed malicious objects regardless of whether it recognises the compression format, and can disassemble and analyse them in detail to expose hidden threats.
  • Only Dr.Web can fully check archives at any nesting level. This means that the Dr.Web anti-virus will detect and neutralise a threat even if it has been compressed many times with various supported archiving programs.
Maximum security with Dr.Web

Dr.Web ATM Shield includes the Dr.Web scanner, file and system monitors, and traffic filtering and device control modules. The Dr.Web scanner is designed to sweep systems for viruses, both on demand and according to a predetermined schedule. Dr.Web SpIDer Guard is a file monitor that remains in the system memory and scans on-the-fly all files as they are being opened and applications as they are being started. In addition, it constantly monitors the actions of running processes typical of viruses and, if any are detected, it blocks the processes and displays a corresponding notification.

  • Constant control of all objects at risk of infection—removable media; e-mail formats; and files and directories, including those that are packaged and archived. The highest quality of curing, powered by constant new technology upgrades and a high level of self-defence, leaves viruses and other malicious objects no chance of penetrating a protected network.
  • Full scan of all traffic: all traffic transmitted via protocols supported by Dr.Web is scanned, on all ports.
  • Anti-virus scan modes include express, full and custom—the latter can be launched manually.
  • Different actions can be performed with different types of objects, e.g., cure, move to the quarantine, delete; action sequences allow you to define which action will be applied to an object if the first action can't be performed.
  • User-defined file and path exclusions.
  • The Quarantine isolates infected files; quarantine storage time and its maximum size can be specified.
  • Curing, restoring and removing quarantined objects.
  • The anti-virus log contains the time of each event, the name of the scanned object and the type of action applied to the object.
Disrupts attempts to render the anti-virus non-operational

The SelfPROtect module protects Dr.Web ATM Shield files and directories against unauthorised or inadvertent deletion or modification. With the self-protection module running, only Dr.Web processes can access these resources.

  • The file monitor is highly resistant to attempts by malicious programs to disrupt its operation. Dr.Web SelfPROtect is implemented as a driver that operates at the lowest system level. It cannot be stopped or unloaded until a system is rebooted.
  • Protection against attempts to change settings in violation of corporate security policies. Dr.Web SelfPROtect restricts access to the network, files and folders, certain branches of the Windows Registry and removable data-storage devices on the system driver level, and protects the software from anti-antiviruses aiming to disrupt Dr.Web’s operation.
  • Some anti-viruses modify the Windows kernel by intercepting interruptions, changing vector tables, using other undocumented features, etc. This may have a negative impact on system stability and pave new ways for malicious programs to get into a system. At the same time, Dr.Web SelfPROtect maintains the security of the anti-virus and does not interfere with Windows kernel routines.
Always up-to-date
  • Virus database update reminders
  • Automatic (scheduled) and on-demand updating
Centralised administration

The Control Center is equally reliable in networks of any scale and structural complexity, ranging from small workgroup networks to distributed intranets with tens of thousands of hosts.

Dr.Web ATM Shield allows administrators working within a network or remotely over the Internet to centrally manage all anti-virus security components, monitor the status of all protected hosts, receive notifications about virus incidents and set up automatic responses to those incidents. You only need a TCP/IP connection between the administrator's computer and the anti-virus server.

The Control Center is provided free of charge.

Scanner SpIDer Guard SpIDer Gate
Removal of all types of threats Real-time protection A shield against Internet threats
Quarantine Office control
Isolation of moved files Block access to Internet sites and removable data-storage devices

服务器: Windows NT 4.0/2000/XP/2003/2008, Linux, Free BSD( 6.2至7.1), Solaris (x86 和 Sparc)—— 支持32位和64位系统

代理端:操作系统为OS MS 7/2008/Vista/2003/XP Professional/2000/NT 4.0/ ME/ 98/95 (32位和64位系统)。

About the Product

And also