Help Center/ Host Security Service/ Best Practices/ Using HSS to Scan for Trojans
Updated on 2024-10-28 GMT+08:00

Using HSS to Scan for Trojans

Scenario

Trojans are an important issue in the current network security field. They intrude computer systems in different ways, which poses serious threats to user data security, privacy protection, and system stability.

To prevent Trojans, you need to update the OS and software in a timely manner, use secure network connections, and avoid downloading and running files from unknown sources. In addition, you can use HSS to view and handle reported Trojan alarms and fix system vulnerabilities to improve system security.

This section describes how to use HSS to scan for Trojans.

Prerequisites

HSS professional, enterprise, premium, WTP, or container edition has been enabled for the server. For details, see HSS Access Overview.

Step 1: Kill Trojans.

After you purchase and enable HSS for a server, if a Trojan is implanted on the server, HSS will send a Trojan alarm. You need to determine whether the detected Trojan alarm file is normal. If it is an attack event, you are advised to isolate and kill malicious files.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane on the left, choose Detection & Response > Alarms. The Server Alarms page is displayed.
  4. In the Alarms to Be Handled area, choose Malware > Trojan to view the alarms reported within the specified time range.

    Figure 1 Trojan alarm

  5. In the alarm list on the right, click the alarm name to view details about the Trojan alarm.
  6. In the alarm list, click Handle in the Operation column.
  7. In the dialog box that is displayed, set Action to Isolate and kill.

    If a program is isolated and killed, it will be terminated immediately and no longer able to perform read or write operations. Isolated source files of programs or processes are displayed on the Isolated Files slide-out panel and cannot harm your servers.

Step 2: Data Backup and Restoration and Vulnerability Fixing

  • Data backup and restoration

    If your data is lost due to Trojan malicious programs and you have subscribed to CBR, you can try to restore data using CBR. For details, see Restoring Data Using a Cloud Server Backup.

  • Vulnerability fixing

    To prevent the server from being intruded by Trojans again, you can use the vulnerability management function of HSS to view and fix the server vulnerabilities. For details, see Using HSS to Scan and Fix Vulnerabilities.