All Documents
Host Security ServiceHost Security Service
- What's New
- Function Overview
- Product Bulletin
- Service Overview
- Getting Started
-
User Guide
- Enabling HSS
- Viewing the Server List
- Dashboard
- Security Configuration
- Server Management
- Risk Prevention
- Intrusion Detection
- Advanced Protection
- Security Operations
- WTP
- Managing Quotas
- (Optional) Managing Enterprise Projects
- Audit
- Permissions Management
- Change History
-
Best Practices
- Quickly Learning Your Host Security Status
- Quickly Enhancing Server Security
-
Detecting and Fixing Vulnerabilities
- Git Credential Disclosure Vulnerability (CVE-2020-5260)
- SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
- OpenSSL High-risk Vulnerability (CVE-2020-1967)
- Adobe Font Manager Library Remote Code Execution Vulnerability (CVE-2020-1020/CVE-2020-0938)
- Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-1027)
- Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
- Best Practices for Defense Against Ransomware
- Best Practices for Using Host Security Service Basic Edition (Free)
- Change History
- API Reference
- SDK Reference
-
FAQs
-
About HSS
- What Is Host Security Service?
- How Do I Use HSS?
- Can I Upgrade My HSS Edition?
- Does the HSS Agent Conflict with Any Other Security Software?
- What Are the Differences Between HSS and WAF?
- Can HSS Quota Be Shared Between Accounts?
- What Is the HSS Agent?
- Can HSS Quota Be Shared Across Regions?
- Can I Use HSS If My Services Are Not Deployed on HUAWEI CLOUD?
- Can HSS Protect Offline Servers Using the Same Public IP Address?
- What HSS Edition Should I Choose to Earn DJCP L2 Certification?
- Do I Need to Install Antivirus Software If I Have Enabled HSS?
- What Are the Differences Between HSS and SA Baseline Checks?
- Can I Add an IP Blacklist in HSS?
- Do I Need to Enable HSS Again After My Server OS Is Reinstalled?
- How Often Does HSS Detect, Isolate, and Kill Malicious Programs?
- How Often Are the HSS Virus Database and Vulnerability Database Updated?
- Do I Have to Deploy HSS on All My Cloud Servers?
- How Do I Enable the HSS Basic Edition Free of Charge?
- How Does HSS Transfer Data?
- HSS Purchase
-
Deployment and Configuration
-
Agent
- Do I Need to Install the HSS Agent After Purchasing HSS?
- How Do I Install the Agent?
- How Do I Install the Agent on Servers in Batches?
- How Do I Install the Agent from the Command Line (on Windows)?
- Is the Agent in Conflict with Any Other Security Software?
- What Is the Default Agent Installation Path?
- How Do I Filter Servers Where No Agents Have Been Installed?
- What Do I Do If Agent Installation Fails?
- How Do I Fix an Abnormal Agent?
- How Many CPU and Memory Resources Are Occupied by the Agent While It Is Running?
- Does HSS Agent Installation Affect My Services?
- Do WTP and HSS Use the Same Agent?
- How Do I Uninstall the Agent?
- Security Configurations
- Two-factor Authentication (2FA)
-
HSS Quota
- How Do I Check My Quotas?
- How Do I Know Whether HSS Has Been Enabled for My Servers?
- How Do I Filter Unprotected Servers?
- Why Can't I Find the Servers I Purchased on the Console?
- What Do I Do If My Quotas Are Insufficient and I Failed to Enable Protection?
- How Do I Allocate a My Quota?
- If I Change the OS of a Protected Server, Does It Affect My HSS Quota?
- Alarm Notifications
-
Agent
-
Alarm and Event Management
- How Do I View and Handle Alarms Reported by HSS?
-
Brute-force Attack Defense
- How Does HSS Block Brute-Force Attacks?
- How Do I Handle a Brute-force Attack Alarm?
- How Do I Defend Against Brute-force Attacks?
- What Do I Do If the Account Cracking Prevention Function Does Not Take Effect on Some Accounts for Linux Servers?
- How Do I Unblock an IP Address?
- What Do I Do If HSS Frequently Reports Brute-force Alarms?
- How Do I Handle Alarms on the Brute-Force Attacks Launched from a HUAWEI CLOUD IP Address?
- Weak Passwords and Unsafe Accounts
-
Intrusions
- What Do I Do If My Servers Are Subjected to a Mining Attack?
- Why a Process Is Still Isolated After It Was Whitelisted?
- What Should I Do If a Mining Process Is Detected on a Server?
- What Should I Do If I Find My Servers Attacking Others?
- Why Some Attacks on Servers Are Not Detected?
- Can I Unblock an IP Address Blocked by HSS, and How?
- Why a Blocked IP Address Is Automatically Unblocked?
- What Do I Do If an IP Address Is Blocked by HSS?
- Abnormal Logins
-
Unsafe Settings
- How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
- How Do I Set a Proper Password Complexity Policy in a Windows OS?
- How Do I Handle Unsafe Configurations?
- How Do I View Configuration Check Reports?
- Do I Need to Handle Detected Configuration Problems of the Windows OS?
-
Vulnerability Management
- How Do I Fix Vulnerabilities?
- What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
- Why a Server Displayed in Vulnerability Information Does Not Exist?
- Do I Need to Restart a Server After Fixing its Vulnerabilities?
- How Do I Check Vulnerability Severity?
- Can I Check the Vulnerability and Baseline Fix History on HSS?
- Can I Restore the Server Data That Was Cleared During Vulnerability Fixing?
-
Web Tamper Protection
- Why Do I Need to Add a Protected Directory?
- How Do I Modify a Protected Directory?
- What Should I Do If WTP Cannot Be Enabled?
- How Do I Modify a File After WTP Is Enabled?
- What Can I Do If I Enabled Dynamic WTP But Its Status Is Enabled but not in effect?
- What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
- Enterprise Project
- Fee
-
Others
- What Are Regions and AZs?
- What Should I Do If the Key Board Response Is Slow or If I Need to Enter Consecutive Digits in Chinese Windows OS?
- How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Server?
- How Do I Check HSS Log Files?
- How Do I Enable Logging for Login Failures?
- How Do I Scan My Servers?
- Why Does Manual Detection Fail?
- Does HSS Have a Service Level Agreement?
- How Do I Clear an Alarm on Critical File Changes?
- Is HSS Available as Offline Software?
- Do I Have to Bind an EIP to My Server to Install an HSS Agent on the Server?
- Can I Use HSS Via APIs?
- Can HSS Alarm Logs Be Stored in OBS?
- How Do I Change the Server Bound to an HSS Quota?
- Change History
-
About HSS
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Introduction
- Enabling HSS
- Viewing the Server List
- Dashboard
- Security Configuration
- Server Management
- Risk Prevention
- Intrusion Detection
- Advanced Protection
- Security Operations
- WTP
- Audit
- Permissions Management
-
FAQs
- About HSS
- Deployment and Configuration
- Alarm and Event Management
-
Vulnerability Management
- How Do I Fix Vulnerabilities?
- What Should I Do If a Warning Still Exists After I Fixed a Vulnerability as Prompted?
- Why the Alarms of Fixed Vulnerabilities Are Still Displayed?
- Why a Server Displayed in Vulnerability Information Does Not Exist?
- Do I Need to Restart a Server After Fixing its Vulnerabilities?
- Web Tamper Protection
- Others
- Change History
-
User Guide (ME-Abu Dhabi Region)
Updated at: May 07, 2022 GMT+08:00
What Is the HSS Agent?
The HSS agent is used to perform scans on all servers, monitor server security status in real time, and reports collected server information to the cloud protection center.
There are different agent versions for Linux and Windows OSs. The HSS protection functions will be available after you install the agent and enable HSS protection.
Functions of the Agent
- The agent runs scan tasks every day in the early morning to scan all servers, monitors server security, and reports collected server information to the cloud protection center.
- The agent blocks server attacks based on the security policies you configured.
- If the agent is not installed or is abnormal, HSS is unavailable.
- The agent can be installed on HUAWEI CLOUD Elastic Cloud Servers (ECSs), Bare Metal Servers (BMSs), offline servers, and third-party cloud servers.
- WTP and HSS can use the same agent on a server.
Linux Agent Processes
The agent process needs to be run by the root user.
The agent contains the following processes:
Agent Process Name |
Function |
Path |
|---|---|---|
hostguard |
Detects security issues, protects the system, and monitors the agent. |
/usr/local/hostguard/bin/hostguard |
upgrade |
Upgrades the agent. |
/usr/local/hostguard/bin/upgrade |
Windows Agent Processes
The agent process needs to be run by the system user.
The agent contains the following processes:
Agent Process Name |
Function |
Path |
|---|---|---|
HostGuard.exe |
Detects and protects the system against security issues. |
C:\Program Files (x86)\HostGuard\HostGuard.exe |
HostWatch.exe |
Monitors the agent process. |
C:\Program Files (x86)\HostGuard\HostWatch.exe |
upgrade.exe |
Upgrades the agent. |
C:\Program Files (x86)\HostGuard\upgrade.exe |
Parent topic: About HSS
About HSS FAQs
- What Is Host Security Service?
- How Do I Use HSS?
- Can I Upgrade My HSS Edition?
- Does the HSS Agent Conflict with Any Other Security Software?
- What Are the Differences Between HSS and WAF?
- Can HSS Quota Be Shared Between Accounts?
- What Is the HSS Agent?
- Can HSS Quota Be Shared Across Regions?
- Can I Use HSS If My Services Are Not Deployed on HUAWEI CLOUD?
- Can HSS Protect Offline Servers Using the Same Public IP Address?
- What HSS Edition Should I Choose to Earn DJCP L2 Certification?
- Do I Need to Install Antivirus Software If I Have Enabled HSS?
- What Are the Differences Between HSS and SA Baseline Checks?
- Can I Add an IP Blacklist in HSS?
- Do I Need to Enable HSS Again After My Server OS Is Reinstalled?
- How Often Does HSS Detect, Isolate, and Kill Malicious Programs?
- How Often Are the HSS Virus Database and Vulnerability Database Updated?
- Do I Have to Deploy HSS on All My Cloud Servers?
- How Do I Enable the HSS Basic Edition Free of Charge?
- How Does HSS Transfer Data?
more
