How Do I Enable or Disable HSS Self-protection?
HSS self-protection provides the following functions:
- Self-protection in Windows: Prevent malicious programs from uninstalling the agent, tampering with HSS files, or stopping HSS processes.
- Self-protection in Linux: Prevent malicious programs from stopping the HSS process and uninstalling the agent.
Self-protection is disabled by default. To enable or disable this function, perform the operations described in this section.
Constraints
- HSS self-protection is available only in the HSS premium, web tamper protection, or container edition, and can be used only if the Linux agent version is 3.2.12 or later or the Windows agent version is 4.0.18 or later.
- Self-protection in Windows depends on antivirus detection, HIPS detection, and ransomware protection. It takes effect only when more than one of the three functions are enabled. For more details, see:
- Enabling Ransomware Prevention.
- Antivirus detection and HIPS detection are enabled by default. If you manually disable the two detection items, enable them again by referring to Viewing a Policy Group.
- Enabling the self-protection policy has the following impacts:
- The agent cannot be uninstalled on the control panel of a Windows server. It can be uninstalled on the HSS console.
- In the agent installation path C:\Program Files\HostGuard on a Windows server, you can only access the log and data directories (and the upgrade directory, if your agent has been upgraded).
- On a Linux server, the agent cannot be uninstalled using commands. It can be uninstalled on the HSS console.
- If you run a command on a Linux server to stop or restart HSS, you need to enter a verification code, which is displayed in the command output after you run the stop or restart command.
- Hide the process information of HSS.
Procedure
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation tree on the left, choose
- Click the name of a premium edition policy group for Windows servers. The policy group details page is displayed.
Select the policy group of the server where you want to enable self-protection.
- If you have not created any policy groups of premium edition, you can select the default policy group of the premium or WTP edition. The group name format is tenant_XXX_XXX_default_policy_group.
- If you have created policy groups of premium edition, select the policy group of your server. Perform the following operations:
- In the navigation tree on the left, choose .
- Click the Servers tab to view the policy groups of servers.
Figure 1 Viewing the policy groups of servers
- In the row containing the target self-protection policy, click Enable or Disable in the Operation column.
- In the displayed dialog box, click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot