Updated on 2024-09-25 GMT+08:00

Adding a Privileged Process

If WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, add them to the privileged process list.

Only the modification made by privileged processes can take effect. Modifications made by other processes will be automatically rolled back.

Exercise caution when adding privileged processes. Do not let untrustworthy processes access your protected directories.

Constraints

  • Only the servers that are protected by the HSS WTP edition support the operations described in this section.
  • For Linux OSs, only x86 OSs with kernel 4.18 support this function.
  • The privileged process takes effect only for Agent 3.2.4 or later.
  • A maximum of 10 privileged processes can be added to each server.

Prerequisites

The Protection Status of the server must be Protected. To view the status, choose Server Protection > Web Tamper Protection. Click the Servers tab.

Adding a Privileged Process

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. Choose Server Protection > Web Tamper Protection. Click Configure Protection in the Operation column.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

    Figure 1 Entering the page of protection settings

  4. Click Privileged Process Settings and then Settings.

    Figure 2 Setting a privileged process

  5. On the Privileged Process Settings page, click Add Privileged Process.

    Figure 3 Adding a Privileged Process

  6. In the Add Privileged Process dialog box, enter the path of the privileged process.

    The process file path must contain the process name and extension, for example, C:/Path/Software.type. If the process has no extension, ensure the process name is unique.

  7. Click OK.
  8. Enable Trust Subprocess to trust the subprocess in the path of the added privileged file.

    When this function is enabled, subprocesses at the five levels under all privileged process files are trusted.

Related Operations

Modifying or deleting existing privileged processes

In the Operation column of a process file path, click Edit to modify the privileged processes or click Delete to delete it if it is unnecessary.

  • After you edit or delete the process file path, the privileged process cannot modify the files in the protected directory. To avoid impact on services, exercise caution when performing these operations.
  • Unnecessary privileged processes should be deleted in a timely manner as they may be exploited by attackers.