Help Center/ Host Security Service/ User Guide (Ankara Region)/ FAQs/ Intrusions/ Why a Process Is Still Isolated After It Was Whitelisted?
Updated on 2024-04-15 GMT+08:00

Why a Process Is Still Isolated After It Was Whitelisted?

After you add a process to the whitelist, it will no longer trigger certain alarms, but its isolation will not be automatically canceled.

Isolating and Killing a Malicious Program

  • Choose Installation & Configuration and click the Security Configuration tab. Click the Isolation and Killing of Malicious Programs tab and enable this function.
  • Choose Detection > Alarms. In the Events area, manually isolate and kill malicious programs.

If a program is isolated and killed, it will be terminated immediately and no longer able to perform read or write operations. Isolated source files of programs or processes are displayed on the Isolated Files slide-out panel and cannot harm your servers.

Canceling the Isolation of Files

  • Choose Detection > Events. In the Alarm Statistics area, click View Details under Isolated Files, and locate the target server and click Restore in the Operation column.

After you cancel isolation, the read/write permissions of files will be restored, but terminated processes will not be automatically started.