Help Center/ Host Security Service/ User Guide/ Server Protection/ Virus Scan/ Scanning for Viruses
Updated on 2025-09-08 GMT+08:00
View PDF
Share

Scanning for Viruses

Scenarios

Once a static virus file is started, it may become a malicious process and become a security risk of servers. You are advised to scan for and clear viruses on servers in a timely manner.

HSS supports quick scans, full-disk scans, and custom scans. For details, see Table 1.

Table 1 Virus scan methods

Method

Description

File Type

Directory Scope

Quick Scan

Quick virus scan tasks can save time and costs. This function scans and removes preset key system files and directories.
  • Windows

    Processes (active processes, hidden processes, and Docker processes), kernel modules, installed programs, dynamic library hijacking, services, scheduled tasks, auto-started items, sensitive directories, Office files, images, videos, scripts, and compressed packages

  • Linux

    Processes (active processes, hidden processes, and Docker processes), kernel modules, installed programs, dynamic library hijacking, services, scheduled tasks, auto-started items, sensitive directories, Office files, images, videos, scripts, and compressed packages
  • Windows
    • User desktop, downloaded files, and document directories
    • Startup items in the Start menu
    • System directories

      C:\Windows\System, C:\Windows\System32, C:\Windows\SysWOW64

    • Temporary directories

      C:\Users\[Username]\AppData\Local\Temp\, C:\Temp, C:\Windows\Temp

    • Download directories of browsers

      Google Chrome, Microsoft Edge, and Mozilla Firefox

  • Linux
    • Standard system directories

      /bin, /sbin, /lib, /lib64, /usr/bin, /usr/sbin, /usr/lib, /usr/lib64, /usr/local/lib, /usr/local/lib64, /usr/local/bin, /usr/local/sbin

    • Other important directories

      /tmp, /root, /home, /boot, /opt, /data, /var/tmp, /var/run, /var/lib, /dev/shm, /etc, /etc/sysconfig, /usr/local/src, /usr/share, and the root directory

    • Directories of the executable files corresponding to the startup items

      /etc/rc.d, /etc/init.d

Full-disk Scan

A time-consuming full-disk virus scan can comprehensively check servers for viruses.
  • Executable: executable files and dynamic link libraries (DLLs), such as .exe, .dll, and .so files
  • Compressed: installation packages or other compressed packages, such as .zip, .rar, and .tar files
  • Script: script files, such as .bat, .py, and .ps1 files
  • Document: document files, such as .txt, .doc, and .pdf files
  • Image: image files, such as .bmp, .jpg, and .gif files
  • Audio & Video: audiovisual files, such as .mp3, .mp4, and .flv files

All directories except network directories. The reasons for not scanning network directories are as follows:

  • Inefficient scan

    A network directory usually contains a large number of files and may reach hundreds of terabytes, severely slowing down a scan.

  • Network bandwidth consumption

    Accessing a network directory consumes network bandwidth. A large-scale scan may fully occupy the network bandwidth and affect your workloads. For example, the access speed may slow down and the network latency may increase.

You can create a custom scan task to scan network directories.

Custom Scan

You can create a custom virus scan task as needed.

You can scan executable, compressed, script, document, image, or audiovisual files.

User-defined

Constraints

Quick Scan

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Server Protection > Virus Scan.
  4. Click Quick Scan. The dialog box is displayed.
  5. Set parameters related to the quick scan task as prompted.

    Table 2 Quick scan parameters

    Parameter

    Description

    Example Value

    Task Name

    HSS automatically generates a task name based on the task creation time (accurate to seconds). You can modify it as needed.

    Quick Scan-20250425173536

    Select Server

    Select the servers where you want to perform a quick scan.

    You can select and scan servers that meet all the following conditions:

    • Have online agent (Windows agent 4.0.20 or later, or Linux agent 3.2.9 or later) For details about how to install the agent, see Installing the Agent on Servers.
    • The AV detection policy is enabled. For details about how to enable it, see Configuring Policies.
    • The server is not being scanned.

    -

    Handling Policy

    Action to be taken on the detected virus-infected files.

    • Automatic Handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
      CAUTION:

      In rare cases, files may be incorrectly isolated. In this case, you can restore the isolated files on the Isolated Files page. For details, see Restoring Isolated Files.

    • Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.

    Automatic Handling

  6. Click Scan and start the scan task.

Full-disk Scan

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Server Protection > Virus Scan.
  4. Click Full-disk Scan. The dialog box is displayed.
  5. Set parameters related to the full-disk scan task as prompted.

    Table 3 Full-disk scan parameters

    Parameter

    Description

    Example Value

    Task Name

    HSS automatically generates a task name based on the task creation time (accurate to seconds). You can modify it as needed.

    Full-disk Scan-20250425174038

    Select Server

    Select the servers where you want to perform a full scan.

    You can select and scan servers that meet all the following conditions:

    • Have online agent (Windows agent 4.0.20 or later, or Linux agent 3.2.9 or later) For details about how to install the agent, see Installing the Agent on Servers.
    • The AV detection policy is enabled. For details about how to enable it, see Configuring Policies.
    • The server is not being scanned.

    -

    Handling Policy

    Action to be taken on the detected virus-infected files.

    • Automatic Handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
      CAUTION:

      In rare cases, files may be incorrectly isolated. In this case, you can restore the isolated files on the Isolated Files page. For details, see Restoring Isolated Files.

    • Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.

    Automatic Handling

  6. Click Scan and start the scan task.

Custom Scan

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Server Protection > Virus Scan.
  4. Click Custom Scan.
  5. Set the parameters of the Custom Scan policy as prompted. For details about the parameters, see Custom antivirus policy parameters.

    Table 4 Custom antivirus policy parameters

    Parameter

    Description

    Example Value

    Task Name

    HSS automatically generates a task name based on the task creation time (accurate to seconds). You can modify it as needed.

    Custom Scan-20250425180036

    Startup Type

    Scan task execution type.

    • Scan Now: Start a scan immediately.
    • Scan Later: Start a scan at the specified time.
    • Periodic Start: Start a scan periodically based on your settings.

    Scan Later

    Start

    If Startup Type is set to Scan Later, configure this parameter to set the start time of the scan. You can set the start time to a time within one month.

    2025/04/25 18:10

    Schedule

    If Startup Type is set to Periodic Start, configure this parameter to set the scan period.

    -

    File Type

    Type of the file to be scanned. Currently, the following types of files can be scanned:

    • Executable: executable files and dynamic link libraries (DLLs), such as .exe, .dll, and .so files
    • Compressed: installation packages or other compressed packages, such as .zip, .rar, and .tar files
    • Script: script files, such as .bat, .py, and .ps1 files
    • Document: document files, such as .txt, .doc, and .pdf files
    • Image: image files, such as .bmp, .jpg, and .gif files
    • Audio & Video: audiovisual files, such as .mp3, .mp4, and .flv files

    Select All

    (Optional) Directory Settings

    Directory where virus-infected files need to be scanned. If this parameter is not set, full scan is performed by default. Full scan does not cover network directories.

    WARNING:

    The reasons for not scanning network directories are as follows:

    • Inefficient scan

      A network directory usually contains a large number of files and may reach hundreds of terabytes, severely slowing down a scan.

    • Network bandwidth consumption

      Accessing a network directory consumes network bandwidth. A large-scale scan may fully occupy the network bandwidth and affect your workloads. For example, the access speed may slow down and the network latency may increase.

    -

    (Optional) Exclude Specified Directories

    Directories that do not require virus scan.

    -

    Select Server

    Select the servers to be scanned.

    You can select and scan servers that meet all the following conditions:

    • Have online agent (Windows agent 4.0.20 or later, or Linux agent 3.2.9 or later) For details about how to install the agent, see Installing the Agent on Servers.
    • The AV detection policy is enabled. For details about how to enable it, see Configuring Policies.
    • The task start conditions required by the corresponding policy are met:
      • Policy whose Startup Type is Scan Now: The server is not being scanned.
      • Policy whose Startup Type is Scan Later: No other custom scan policies using the same startup time as the current policy are bound to the server.
      • Policy whose Startup Type is Periodic Start: No other custom policies whose Startup Type is Periodic Start are bound to the server.

    -

    Handling Policy
    Action to be taken on the detected virus-infected files.
    • Automatic Handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
      CAUTION:

      In rare cases, files may be incorrectly isolated. In this case, you can restore the isolated files on the Isolated Files page. For details, see Restoring Isolated Files.

    • Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.

    Automatic Handling

  6. Click Scan and start the scan task.

Viewing Virus Scan Status

After starting a scan task, you can view its execution status by referring to this section.

  1. On the Virus Scan page, click Scan tasks. The Scan Tasks page is displayed.

    Figure 1 Viewing scan tasks

  2. On the Scan Task page, view the task start time, task status, and scan status.

    • To view information about specific scan tasks, configure search criteria in the search box above the scan task list.
    • To stop an ongoing scan task, click Cancel in the Operation column of the task.
    • To retry a failed scan task, click Scan Again in the Operation column of the task.
    Figure 2 Scan tasks

  3. Click to view the scan status and number of scanned files of each server.

    • Click Cancel in the Operation column of the server to stop scanning the server.
    • To retry a failed scan on a server, click Scan Again in the Operation column of the server.

Follow-up Operations

After a virus scan task is complete, you can manually handle the detected virus-infected files based on service requirements. For details, see Viewing and Handling Viruses.

Parent Topic: Virus Scan