Checking the Whitelist Policy List
Application Recognition Service (ARS) scans all the applications running on your servers for uncertified or unauthorized applications, helping you maintain a secure runtime.
Function Description
Set whitelist policies, and determine whether applications are Trusted, Untrusted, or Unknown. The applications that are not whitelisted are not allowed to run. This function protects your servers from untrusted or malicious applications, reducing unnecessary resource usage.
You can create a whitelist policy and apply it to your servers. HSS will check whether suspicious or malicious processes exist on the servers, and generate alarms or isolate the processes that are not in the whitelist.
![](https://support.huaweicloud.com/intl/en-us/my-kualalumpur-1-usermanual-hss/public_sys-resources/note_3.0-en-us.png)
- An alarm is generated when an application not in the whitelist is started.
- An application not in the whitelist is probably a new normal application, or a malicious program implanted through intrusion.
- If the alarmed application is normal, frequently used, or a third-party application you installed, you are advised to add it to the whitelist. HSS will no longer report alarms when the application starts.
- If the application is malicious, you are advised to delete it in a timely manner and check whether your configuration files, such as scheduled task files, have been tampered with.
Checking the Whitelist Policy List
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose .
- On the Programs page, click the Whitelist Policies tab, as shown in Figure 1.
- Click the name of a whitelist policy to view the applications on associated servers, as shown in Figure 2.
- Click the Servers Protected tab to view the servers that the whitelist policy applies to, as shown in Figure 3.
The server names and IP addresses, whitelist policy, number of suspicious operations, and the way to handle the operations are displayed.
- Suspicious Operations include startup of processes that are not in the whitelist policy or marked as Untrusted or Unknown.
- Action in the following figure indicates that HSS will report an alarm when detecting suspicious operations.
You can remove servers as required. Servers removed will no longer be protected by the whitelist policy.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot