Installed components

Modern security requirements demand deeper understanding of the software that works with the sensitive data. This page explains what components are installed with DbDefence. It has already been stated on the website, but we would like to do it one more time:

Our guarantees:

  • The software doesn't contain any ad-ware, spy-ware, or otherwise malicious software in the package.
  • The software doesn't gather or transmit any usage information or statistics.
  • The software doesn't analyze database information.

Digital signatures

All binaries from Activecrypt Software are digitally signed. Digital signatures provide authenticity, integrity, and non-repudiation. You can see a signature by right clicking on a binary and selecting "Properties".

A signed binary has a "Digital Signatures" tab, as shown in the picture below:

So, DbDefence installs the following components:

System Components

  • System driver acrwatchdrv.sys (copied to C:\Windows\System32\drivers\). Runs automatically. Very rarely updated.
  • System service acrwatchsrv.exe (copied to C:\Windows\System32\). It starts and then stops. Its normal state is Stopped. Rarely updated.

SQL Server Components

Those components are copied to Binn folder of the SQL Server instance.

  • dbdefence.dll - the core encryption DLL. Periodically updated. Normally, the DLL is loaded and locked by SQL Server's process.
    libeay32.dll - FIPS 140-2 validated encryption library module from OpenSSL.
  • dbdfips.dll - helper module for libeay32.dll.
  • cryptopp.dll and cryptoppdll.dll - DLLs for alternative encryption implementation from Crypto++.

IIS Module

This is a Native Module for IIS. Installation is disabled by default. Its functionality may be achieved with other methods. Install it when you understand its role. When installed, this component affects performance of SQL Server connections.

  • actdbdiis.dll and actdbdiis64.dll (on X64 platform) are copied to C:\Windows\System32\inetsrv\

The DLL is registered as a Native Module in IIS. Don't delete the DLL from C:\Windows\System32\inetsrv\. Remove it with IIS Console. More info at

Program Components

Program components are installed in Program Files (by default "C:\Program Files\DBDefence for SQL Server"). None of these components is set to Autostart. It should be run explicitly by the user.

  • Activation.msc - XML file for Microsoft Management Console plug-in for software activation.
  • dbdefence.dll and dbdefence64.dll - core encryption DLL (32 and 64-bit), a copy of the DLL copied to Binn folder of the SQL Server instance (see above).
  • DbDefenceConfiguration.msc, DbDefenceConfiguration.dll, Resource-en.dll - Microsoft Management Console plug-in for some of DbDefence's functions.
  • setpoolpass.exe - tool required for DbDefence Configurator.
  • weblayer1.dll, weblayer2.dll, weblayer3.dll - DLLs related to DbDefence Configurator.
  • updatechecker1.exe connects to Activecrypt's website and checks if newer builds of DbDefence are available.
  • C:\Program Files\DbDefence for SQL Server\API\ contains command line tool, DLL and examples for database encryption for X86 and X64.
  • C:\Program Files\DbDefence for SQL Server\client contains dbd_clnt.dll for both platforms. This is dbdefence client dll. More about it:
  • C:\Program Files\DbDefence for SQL Server\demopkcs11 contains demo PKCS #11 dll for both platforms.
  • C:\Program Files\DbDefence for SQL Server\enc_x64 and C:\Program Files\DbDefence for SQL Server\enc_x86 contain DbDefence Encryptor and its DLLs.

Miscellaneous Components

  • Elitude.ReportingServices.BDataExtension.dll - extension for a Reporting Server. If enabled, it is installed into corresponding folders of Reporting Server and Visual Studio. This is optional component. Its various versions located in "Reporting Services".
  • Microsoft.ManagementConsole.dll and MMCFxCommon.dll - Microsoft's DLLs for MMC.
  • unins000.* - Uninstaller files generated by InnoSetup (Installer maker tool)