Creating a Whitelist Policy
Before enabling application process control, you need to create a whitelist policy and configure the HSS learning duration, the way to confirm learning outcomes, the way policy takes effect, and the action taken on suspicious or malicious processes. HSS will manage application processes based on your policies.
Procedure
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > HSS.
- In the navigation tree, choose .
- Click the Whitelist Policies tab. Click Create Policy.
- In the Create Policy dialog box, configure policy parameters. For details about related parameters, see Table 1.
Figure 1 Creating a whitelist policy
Table 1 Whitelist policy parameters Parameter
Description
Policy Mode
Mode of the application process control policy.
The conservative mode is used by default. Trustworthy and suspicious processes are allowed to run. Alarms are generated only for malicious processes.
Policy Name
A whitelist policy name is generated by default. You are advised to set a custom name to facilitate management.
Intelligent Learning Period
Number of days that HSS learns the application processes on servers. A long learning period indicates accurate learning outcomes.
Confirm Learning Outcomes
The way to confirm suspicious processes with insignificant characteristics after HSS completes learning on the servers associated with the policy.
- Automatically: HSS automatically marks suspicious application processes with insignificant characteristics based on the application process signature database.
- Manually: Choose . Click a policy name. On the policy details page, click the Process Files tab and filter processes in the To be confirmed state. Manually mark suspicious processes with insignificant characteristics.
Apply Policy After Learning
The way application process control is enabled after HSS completes learning on the servers associated with the policy.
- Automatically: Application process control is automatically enabled after HSS completes learning on the servers associated with the policy.
- Manually: Manually enable application process control as needed after HSS completes learning. For more information, see Enabling Application Process Control.
Action
Action taken when a malicious process is detected. Alarms are generated for malicious processes.
Servers
Servers to be protected. The agent version falls within the following scope. For details about how to upgrade the agent, see Viewing Server Protection Status.
- Click OK.
You can view the created policy and its status in the policy list.
After a whitelist policy is created, HSS automatically starts learning the application process characteristics of the servers associated with the policy. If the policy status changes to Learning complete but not in effect, you can confirm learning outcomes.
Related Operations
Editing a whitelist policy
You can modify the policy mode, action, or protected servers in a whitelist policy.
- In the row of a policy, click Edit in the Operation column.
- In the Edit Policy dialog box, modify parameters and click OK.
Deleting a whitelist policy
If you no longer need HSS to provide application process control for the servers associated with a policy and do not need to retain the application process information learned by HSS, you can delete the whitelist policy. If you need to enable application process control for the servers after the deletion, HSS will need to start learning again. Exercise caution when performing this operation.
- In the row of a policy, click Delete in the Operation column.
- In the displayed dialog box, click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
