Basic/Professional/Enterprise/Premium Edition

Precautions

The enterprise edition can be paid after use. To enable other editions, purchase their quotas first. For more information, see Purchasing Quota.

Check Frequency

HSS performs a full scan in the early morning every day.

After you enable server protection, you can view scan results after the automatic scan in the next early morning, or perform a manual scan immediately.

Prerequisite

The agent has been installed on the servers to be protected, the agent status is Online, and the protection status is Unprotected.

Constraints

• Linux

  On servers running the EulerOS with ARM, HSS does not block the IP addresses suspected of SSH brute-force attacks, but only generates alarms.

• Windows
  • Authorize the Windows firewall when you enable protection for a Windows server. Do not disable the Windows firewall during the HSS in-service period. If the Windows firewall is disabled, HSS cannot block brute-force attack IP addresses.
  • If the Windows firewall is manually enabled, HSS may also fail to block brute-force attack IP addresses.

Procedure

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
3. In the navigation pane, choose Asset Management > Servers & Quota. Click the Servers tab.
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

4. Enable protection for one or multiple servers.
   Figure 1 Enabling protection
   
   • Enabling protection for a server
     Click Enable in the Operation column of a server. In the dialog box that is displayed, confirm the server information and select the billing mode, edition, and quota.

     Table 1 Protection parameters

     Parameter	Description	Example Value
     Billing Mode	Yearly/Monthly Select the basic, professional, enterprise, or premium edition. No free trial is available here. You will be billed by the required duration you selected. A yearly/monthly package provides a higher discount than the pay-per-use mode does, and is recommended for long-term users. Pay-per-use The professional or enterprise edition is supported. You pay for the duration you use the resources. Prices are calculated by hour, and no minimum fee is required.	Yearly/Monthly
     Edition	Select the basic, professional, enterprise, or premium edition. Basic edition: It protects test servers or individual users' servers. It can protect any number of servers, but only part of the security scan capabilities are available. This edition does not provide protection capabilities, nor does it provide support for the DJCP Multi-level Protection Scheme (MLPS) certification. The basic edition is free of charge for 30 days if it was enabled for the first time. Professional edition: This edition is between the basic edition and the enterprise edition. It supports file directory changes, abnormal shell detection, and policy management. For details, see Editions and Features. Enterprise edition: It provides support for the DJCP MLPS certification. Main features include asset fingerprint management, vulnerability management, malicious program detection, web shell detection, and abnormal process behavior detection. For details, see Editions and Features. Premium edition: It helps you with the DJCP MLPS certification and provides advanced features, including application protection, ransomware prevention, high-risk command detection, privilege escalation detection, and abnormal shell detection. For details, see Editions and Features.	Enterprise
     Select Quota	Select a quota for the server. If you do not want to specify a quota, select Select a quota randomly. You can also select a quota. If you are enabling protection for multiple servers, only one of them will be bound to the selected quota, and the rest of the servers will be bound to randomly allocated quotas. NOTE: If the system displays a message indicating that there are no available quotas, you need to purchase quotas first.	Select a quota randomly

   • Enabling protection in batches
     Select multiple servers and click Enable above the server list. In the dialog box that is displayed, confirm the server information and select the billing mode, edition, and quota.

     Table 2 Protection parameters

     Parameter	Description	Example Value
     Billing Mode	Yearly/Monthly Select the basic, professional, enterprise, or premium edition. No free trial is available here. You will be billed by the required duration you selected. A yearly/monthly package provides a higher discount than the pay-per-use mode does, and is recommended for long-term users. Pay-per-use The professional or enterprise edition is supported. You pay for the duration you use the resources. Prices are calculated by hour, and no minimum fee is required.	Yearly/Monthly
     Edition	Select the basic, professional, enterprise, or premium edition. Basic edition: It protects test servers or individual users' servers. It can protect any number of servers, but only part of the security scan capabilities are available. This edition does not provide protection capabilities, nor does it provide support for the DJCP Multi-level Protection Scheme (MLPS) certification. The basic edition is free of charge for 30 days if it was enabled for the first time. Professional edition: This edition is between the basic edition and the enterprise edition. It supports file directory changes, abnormal shell detection, and policy management. For details, see Editions and Features. Enterprise edition: It provides support for the DJCP MLPS certification. Main features include asset fingerprint management, vulnerability management, malicious program detection, web shell detection, and abnormal process behavior detection. For details, see Editions and Features. Premium edition: It helps you with the DJCP MLPS certification and provides advanced features, including application protection, ransomware prevention, high-risk command detection, privilege escalation detection, and abnormal shell detection. For details, see Editions and Features.	Enterprise
     Select Quota	Select a quota for the server. If you do not want to specify a quota, select Select a quota randomly. You can also select a quota. If you are enabling protection for multiple servers, only one of them will be bound to the selected quota, and the rest of the servers will be bound to randomly allocated quotas. NOTE: If the system displays a message indicating that there are no available quotas, you need to purchase quotas first.	Select a quota randomly

5. Confirm the information and click OK. If the protection status of the target servers is Protected, the protection has been enabled.
   

   If the version of the agent installed on the Linux server is 3.2.8 or later or the version of the agent installed on the Windows server is 4.0.16 or later, ransomware prevention is automatically enabled with the premium edition. To enhance ransomware prevention, you can configure specified protected directories. You are also advised to enable backup so that you can restore data in the case of a ransomware attack to minimize losses. For details, see Modifying a Protection Policy and Enabling Ransomware Backup.

Follow-up Procedure

The premium edition supports ransomware protection. After the premium edition is purchased, you can enable ransomware protection for your server by referring to Enabling ransomware Protection.