Isolating and Killing Malicious Programs
HSS automatically isolates and kills identified malicious programs, such as web shells, Trojans, and worms, removing security risks.
Programs are isolated and killed based on their confidence ratings. High confidence indicates a high probability that the detected program is a malicious program. To avoid mistakenly stopping trustworthy programs and affecting services, only the suspicious programs with high confidence are automatically isolated and killed. You can manually isolate and kill programs with low confidence. For details, see Handling Server Alarms.
To check the confidence rating of a suspicious program, choose Detection & Response > Alarms on the HSS console, and click Server Alarms. Click a malicious program alarm name to view details.
Isolating and Killing Malicious Programs
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- Choose Installation & Configuration > Server Install and Config and click the Security Configuration tab. Click the Isolation and Killing of Malicious Programs tab and enable Isolate and Kill Malicious Programs and Malware Cloud Scan.
After the cloud scan function is enabled, all HSS servers will be scanned. Some HSS quota editions can support only limited scanning capabilities. Therefore, you are advised to enable the enterprise edition or higher to enjoy all capabilities of the isolation and killing function.
Figure 1 Enabling isolation and killing
- In the confirmation dialog box, click OK to enable the isolation and killing of malicious programs and malware cloud scan.
Automatic isolation and killing may cause false positives. You can choose Detection & Response > Events to view isolated malicious programs. You can cancel the isolation or ignore misreported malicious programs. For details, see Viewing Server Alarms.
- When a program is isolated and killed, the process of the program is terminated immediately. To avoid impact on services, check the detection result, and cancel the isolation of or unignore misreported malicious programs (if any).
- If Isolate and Kill Malicious Programs is set to Disable on the Isolation and Killing of Malicious Programs tab, HSS will generate an alarm when it detects a malicious program.
To isolate and kill the malicious programs that triggered alarms, choose Detection & Response > Events and click Malicious program.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.