Help Center> Host Security Service (New)> FAQs> Agent FAQs> How Do I Upgrade the Agent?
Updated on 2024-03-25 GMT+08:00
View PDF

How Do I Upgrade the Agent?

You can upgrade the HSS agent from 1.0 to 2.0 on the HSS (Old) console. After the upgrade, you can view and manage the protection status on the HSS (New) console. HSS (Old) will stop detection and protection.

Checking the Agent Upgrade Status

Go to the HSS (Old) console and check the agent status.

  1. Log in to the management console.
  1. In the upper left corner of the page, select a region, click , and choose Security and Compliance > HSS. The HSS (Old) page is displayed.
  2. In the upgrade notice that is displayed, click the service list link to go to the Servers tab of the HSS (Old) console.
  3. Check the agent statuses of all the servers. If the Agent Status is Upgraded, the agent has been upgraded.

    If the status is Online, you can upgrade the agent.
    Figure 1 Checking the agent status

  4. Click View Details to go to the HSS (New) console and check the server status.

Upgrade Prerequisites

  • The Agent Status of a server is Online.
  • You are on the HSS (Old) console.

Precautions

  • Agent upgrade is free of charge.
  • The upgrade does not affect the workloads on your cloud servers.
  • After the upgrade, the billing stops on the old console and starts on the new console.
  • After the upgrade, you need to switch to HSS (New) to view the protection status of ECSs. HSS (Old) will stop protection.
    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.
  • After the upgrade, you can enable enhanced ransomware prevention.
  • After the upgrade, the new agent will be more secure, stable, and reliable.

Upgrading to Agent 2.0 on the Console

  1. Log in to the management console.
  1. In the upper left corner of the page, select a region, click , and choose Security and Compliance > HSS. The HSS page is displayed.
  2. In the upgrade notice that is displayed, click the service list link to go to the Servers tab of the HSS (Old) console.

    Figure 2 Going to the server list to upgrade the agent

  3. Select servers and click Upgrade to Agent 2.0.

    • Select one or more servers whose Agent Status is Online.
    • If the WTP edition has been enabled for a server, go to the Web Tamper Protection page and disable the WTP edition. Otherwise, the server cannot be selected for agent upgrade.

  4. In the dialog box, confirm the server information and click OK. The platform automatically performs the upgrade.
  5. Check the upgrade status in the server list in step 3. If the agent status is Upgraded, the upgrade has succeeded.

    • If the agent upgrade fails or the agent status is Not installed after successful installation, troubleshoot the problem by referring to the FAQ.
    Figure 3 Checking the agent status

Manually Upgrading to Agent 2.0 on a Windows Server

If the agent fails to be upgraded to 2.0 for your Windows server on the console, you can manually upgrade it.

  1. Remotely log in to the Windows server where agent 2.0 is to be upgraded.

  2. Go to C:\Program Files (x86)\HostGuard on the Windows server.
  3. Delete the PkgConfMgr.exe file.

    If you authorize agent 1.0 to enable the firewall when enabling HSS (Old), agent 1.0 will add rules that allow all the inbound and outbound traffic (hostguard_AllowAnyIn and hostguard_AllowAnyOut), which protects your workloads from being affected by the firewall. If agent 1.0 is uninstalled, the rules will be deleted, and the network access of your workloads will be blocked unless you create a bypass rule for the workloads. To solve this problem, delete the PkgConfMgr.exe file, so that the rules will not be deleted with agent uninstallation.

  1. Double-click the unins000.exe file to uninstall agent 1.0.
  2. In the HostGuard Uninstall dialog box, click Yes to delete HostGuard and all its components.
  3. (Optional) Restart the server.

    • If you have enabled WTP, you need to restart the server after uninstalling agent 1.0. In the HostGuard Uninstall dialog box, click Yes to restart the server.
    • If you have not enabled WTP, you do not need to restart the server. In the HostGuard Uninstall dialog box, click No to skip server restart.

  4. Verify the uninstallation. If the C:\Program Files (x86)\HostGuard directory is not found on the Windows server, agent 1.0 has been uninstalled.
  1. Log in to the management console.
  1. In the upper left corner of the page, select a region, click , and choose Security and Compliance > HSS. The HSS (New) page is displayed.
  2. In the navigation pane, choose Installation & Configuration and click the Agents tab.
  3. On the agent management page, click Add Asset from Other Cloud.
  4. In the displayed slide-out panel, copy the agent download link suitable for your system architecture and OS.
  5. On the Windows server where agent 2.0 is to be installed, use Internet Explorer to download the agent installation package from the copied agent download address and decompress it.
  6. Run the agent 2.0 installation program as an administrator.

    Select a server type on the Select host type page.
    • Huawei Cloud server: Select Huawei Cloud Host.
    • Non-Huawei Cloud server: Select Other Cloud Host.
      Copy the Org ID from the agent installation guide, as shown in Figure 4. Enter the Org ID in the prompt box of the installation program, and then install the agent as prompted.

      Ensure Org ID is correct. Otherwise, the agent status may be displayed as Not installed even if the installation succeeded.

      Figure 4 Obtaining the Org ID (for a non-Huawei Cloud server)

  1. Check the HostGuard.exe and HostWatch.exe processes in the Windows Task Manager.

    If both processes exist, the agent has been installed.

  2. It takes 3 to 5 minutes for the console to update the agent status after agent installation.

Manually Upgrading to Agent 2.0 on a Linux Server

If the agent fails to be upgraded to 2.0 for your Linux server on the console, you can manually upgrade it.

  1. Remotely log in to the Linux server where agent 2.0 is to be upgraded.

  2. If agent 1.0 has been installed, run one of the following commands to uninstall it.

    Do not run the uninstallation command in the /usr/local/hostguard/ directory. You can run the uninstallation command in any other directory.

    • For EulerOS, CentOS, SUSE, and Red Hat, or other OSs that support RPM installation, run the rpm -e hostguard; command.
    • For Ubuntu, Debian, and other OSs that support DEB installation, run the dpkg -P hostguard; command.

  3. Verify the uninstallation. If the /usr/local/hostguard/ directory is not found on the Linux server, agent 1.0 has been uninstalled.
  1. Log in to the management console.
  1. In the upper left corner of the page, select a region, click , and choose Security and Compliance > HSS. The HSS (New) page is displayed.
  2. In the navigation pane, choose Installation & Configuration > Agents.
  3. On the agent management page, click Add Asset from Other Cloud.
  4. In the displayed slide-out panel, copy the agent installation link suitable for your system architecture and OS.
  5. On the Linux server, run the installation command obtained in the previous step as the root user to install agent 2.0.

    If the command output shown in Installation completed is displayed, the agent 2.0 is successfully installed.

    Figure 5 Installation completed

  6. Run the service hostguard status command to check the running status of the agent.

    If the command output shown in Agent running properly is displayed, the agent is running properly.

    Figure 6 Agent running properly

  7. It takes 3 to 5 minutes for the console to update the agent status after agent installation.
Parent topic: Agent FAQs

Agent FAQs FAQs

more