What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
An alarm indicates that an attack was detected. It does not mean your cloud servers have been intruded.
If you receive an alarm, handle it and take countermeasures in a timely manner.
Vulnerability Cause
After the vulnerability is fixed, it will still be displayed on the console. You can check vulnerability statuses on the Vulnerabilities page. The status may be Fixed or Failed.
- If a vulnerability is fixed, its status will change to Fixed.
Fixed vulnerabilities will remain in the list within 30 days after it was fixed.
- If it fails to be fixed, its status will change to Failed.
For more information, see Fixing Vulnerabilities and Verifying the Result.
Perform the following operations to locate the cause and fix the problems on Windows or Linux servers.
Possible Causes and Solutions on a Windows Server
- The patch package failed to be downloaded.
Your server may not have the permission to access the Internet. In this case, connect to the Internet and fix the vulnerability again.
- The patch package does not match your OS.
In this case, select the vulnerability and click Ignore on the Vulnerabilities page.
- Another patch is being installed.
In this case, wait until the current patch is installed, and then fix the vulnerability.
- Server settings hinder vulnerability fix or alarm clearance.
- If automatic patch update is enabled on the server, and you have confirmed that a patch has been installed to fix the vulnerability, you can ignore the vulnerability on the console.
- If the latest patch has overwritten old patches (in Windows Server 2016 and later), and you have confirmed that a patch has been installed to fix the vulnerability, you can ignore the vulnerability on the console.
- If a piece of security software (such as the Server Edition of 360 Guard) blocks the vulnerability patch, stop the software, fix the vulnerability, and then start the software again.
- Microsoft has stopped updating and maintaining Windows Server 2008 R2 since January 14, 2020. To continue to use the system, you need to purchase Extended Security Update (ESU) keys and activate or replace the Windows OS.
Possible Causes and Solutions on a Linux Server
- No yum sources have been configured.
In this case, configure a yum source suitable for your Linux OS, and fix the vulnerability again.
- The yum source does not have the latest upgrade package of the corresponding software.
Switch to the yum source having the required package and fix the vulnerability again.
- The intranet environment cannot connect to Internet.
Servers need to access the Internet and use external yum sources to fix vulnerabilities. If your servers cannot access the Internet, or the external image sources cannot provide stable services, you can use the image source provided by Huawei Cloud.
- The old kernel version remains.
Old kernel versions often remain in servers after upgrade. You can run the verification commands to check whether the current kernel version meets the vulnerability fix requirements. If it does, ignore the vulnerability on the Linux Vulnerabilities tab of the Vulnerabilities page. You are not advised to delete the old kernel.
Follow-up Operations
After the vulnerability is fixed, you are advised to perform a manual detection to verify the result. For details, see How Do I Scan My Servers?
- HSS performs a full check every early morning. If you do not perform a manual verification, you can view the system check result on the next day after you fix the vulnerability.
- Restart the system after you fixed a Windows OS or Linux kernel vulnerability, or HSS will probably continue to warn you of this vulnerability.
Vulnerability Management FAQs
- How Do I Fix Vulnerabilities?
- What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
- Why a Server Displayed in Vulnerability Information Does Not Exist?
- Do I Need to Restart a Server After Fixing its Vulnerabilities?
- How Do I Check Vulnerability Severity?
- Can I Check the Vulnerability and Baseline Fix History on HSS?
- Can I Restore the Server Data That Was Cleared During Vulnerability Fixing?
- What Do I Do If a Vulnerability Failed to Be Fixed?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore