Updated on 2024-09-25 GMT+08:00

Application Process Control Overview

HSS can learn the characteristics of application processes on servers and manage their running. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes.

Constraints and Limitations

To enable application process control, the following conditions must be met:

Process of Using Application Process Control

Figure 1 Usage process
Table 1 Process of using application process control

Operation

Description

Create a whitelist policy.

A whitelist policy specifies how HSS learns server behaviors and protect application processes. Application process protection can be enabled only for servers associated with a whitelist policy.

Confirm learning outcomes.

After the HSS learns the application processes on servers, there may be some suspicious application processes with insignificant characteristics, and HSS cannot determine whether they are malicious or trustworthy. In this case, you need to confirm the learning outcomes.

Enable application process control.

Enable application process control on the servers associated with a policy.

Check and handle suspicious processes.

HSS cannot determine whether some suspicious application processes with insignificant characteristics are trustworthy. You need to check their process details, determine whether they are trustworthy, and add them to the process whitelist.

(Optional) Add items to the process whitelist.

After HSS completes learning, if it regards many trustworthy application processes as suspicious, you can add these processes to the whitelist. HSS will extend the process whitelist after comparing the fingerprints of the processes it learned and those detected in asset fingerprint scans.

(Optional) Start learning on the servers again.

If you have added trustworthy processes to the whitelist but there are still many false positives reported, you can let HSS start learning again on the servers.