Updated on 2024-01-16 GMT+08:00

Isolating and Killing Malicious Programs

HSS automatically isolates and kills identified malicious programs, such as web shells, Trojans, and worms, removing security risks.

Programs are isolated and killed based on their confidence ratings. A high rating indicates a high probability that the detected program is a malicious program. To avoid mistakenly stopping trustworthy programs and affecting services, only the suspicious programs with a confidence rating of 95 or higher are automatically isolated and killed. You can manually isolate and kill programs with lower ratings. For details, see Handling Server Alarms.

To check the confidence rating of a suspicious program, choose Detection > Alarms on the HSS console, and click Server Alarms. Click a malicious program alarm name to view details.


  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. Choose Installation & Configuration and click the Security Configuration tab. Click the Isolation and Killing of Malicious Programs tab and enable Isolate and Kill Malicious Programs and Malware Cloud Scan.

    After the cloud scan function is enabled, all HSS servers will be scanned. Some HSS quota editions can support only limited scanning capabilities. Therefore, you are advised to enable the enterprise edition or higher to enjoy all capabilities of the isolation and killing function.

    Figure 1 Enabling isolation and killing

  1. In the confirmation dialog box, click OK to enable the isolation and killing of malicious programs and malware cloud scan.

    Automatic isolation and killing may cause false positives. You can choose Intrusions > Events to view isolated malicious programs. You can cancel the isolation or ignore misreported malicious programs. For details, see Viewing Server Alarms.

    • When a program is isolated and killed, the process of the program is terminated immediately. To avoid impact on services, check the detection result, and cancel the isolation of or unignore misreported malicious programs (if any).
    • If Isolate and Kill Malicious Programs is set to Disable on the Isolation and Killing of Malicious Programs tab, HSS will generate an alarm when it detects a malicious program.

      To isolate and kill the malicious programs that triggered alarms, choose Intrusions > Events and click Malicious program.