Updated on 2025-08-26 GMT+08:00

Creating a Whitelist Policy

Scenarios

Before enabling application process control, you need to create a whitelist policy and configure the HSS learning duration, the way to confirm learning outcomes, the way policy takes effect, and the action taken on malicious processes. HSS will manage application processes based on your policies.

Creating a Whitelist Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  1. In the navigation tree, choose Server Protection > Application Process Control.
  2. Click the Whitelist Policies tab. Click Create Policy.
  3. In the Create Policy dialog box, configure policy parameters. For details about related parameters, see Table 1.

    Figure 1 Creating a whitelist policy
    Table 1 Whitelist policy parameters

    Parameter

    Description

    Example Value

    Policy Mode

    Mode of the application process control policy.

    The conservative mode is used by default. Trustworthy and suspicious processes are allowed to run. Alarms are generated only for malicious processes.

    -

    Policy Name

    A whitelist policy name is generated by default. You are advised to set a custom name to facilitate management.

    test

    Intelligent Learning Period

    Number of days that HSS learns the application processes on servers. A long learning period indicates accurate learning outcomes.

    7

    Confirm Learning Outcomes

    The way to confirm suspicious processes with insignificant characteristics after HSS completes learning on the servers associated with the policy.

    • Automatically: HSS automatically marks suspicious application processes with insignificant characteristics based on the application process signature database.
    • Manually: After HSS finishes learning based on policy configurations, choose Application Process Control > Whitelist Policies. Click a policy name. On the policy details page, click the Process Files tab and filter processes in the To be confirmed state. Manually mark suspicious processes with insignificant characteristics.

    Automatically

    Apply Policy After Learning

    The way application process control is enabled after HSS completes learning on the servers associated with the policy.

    • Automatically: Application process control is automatically enabled after HSS completes learning on the servers associated with the policy.
    • Manually: Manually enable application process control as needed after HSS completes learning. For more information, see Enabling Application Process Control.

    Automatically

    Action

    Action taken when a malicious process is detected. Alarms are generated for malicious processes.

    Report alarm

    Servers

    Servers to be protected. The agent version falls within the following scope. For details about how to upgrade the agent, see Viewing Server Protection Status.

    -

  4. Click OK.

    You can view the created policy and its status in the policy list. For more information, see Table 2.

    Table 2 Policy status description

    Policy Status

    Description

    Learning

    HSS is learning the characteristics of the application processes on servers. Please wait.

    Learning complete but not in effect

    The server characteristics associated with the policy have been learned. Confirm the learning outcomes. For details, see Confirming Learning Outcomes.

    Learning complete and in effect

    Application process control protection has been enabled for servers.

Related Operations

Editing a whitelist policy

You can modify the policy mode, action, or protected servers in a whitelist policy.

  1. In the row of a policy, click Edit in the Operation column.
  2. In the Edit Policy dialog box, modify parameters and click OK.

Deleting a whitelist policy

If you no longer need HSS to provide application process control for the servers associated with a policy and do not need to retain the application process information learned by HSS, you can delete the whitelist policy. If you need to enable application process control for the servers after the deletion, HSS will need to start learning again. Exercise caution when performing this operation.

  1. In the row of a policy, click Delete in the Operation column.
  2. In the displayed dialog box, click OK.