Why a Process Is Still Isolated After It Was Whitelisted?
After you add a process to the whitelist, it will no longer trigger certain alarms, but its isolation will not be automatically canceled.
Isolating and Killing a Malicious Program
- Choose Installation and Configuration and click the Security Configuration tab. Click the Isolation and Killing of Malicious Programs tab and enable this function.
- Choose Intrusions > Events. In the Events area, manually isolate and kill malicious programs.
If a program is isolated and killed, it will be terminated immediately and no longer able to perform read or write operations. Isolated source files of programs or processes are displayed on the Isolated Files slide-out panel and cannot harm your servers.
Canceling the Isolation of Files
- Choose Intrusions > Events. Click Isolated Files in the upper right corner. Cancel the isolation of the whitelisted file.
- Choose Intrusions > Events. In the Events area, manually cancel the isolation and killing of the whitelisted file.
After you cancel isolation, the read/write permissions of files will be restored, but terminated processes will not be automatically started.
Intrusions FAQs
- What Do I Do If My Servers Are Subjected to a Mining Attack?
- Why a Process Is Still Isolated After It Was Whitelisted?
- What Should I Do If a Mining Process Is Detected on a Server?
- What Should I Do If I Find My Servers Attacking Others?
- Why Some Attacks on Servers Are Not Detected?
- Can I Unblock an IP Address Blocked by HSS, and How?
- Why a Blocked IP Address Is Automatically Unblocked?
- What Do I Do If an IP Address Is Blocked by HSS?
- How Do I Defend Against Ransomware Attacks?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
