Scanning for Viruses
Scenarios
Once a static virus file is started, it may become a malicious process and become a security risk of servers. You are advised to scan for and clear viruses on servers in a timely manner.
HSS supports quick scans, full-disk scans, and custom scans. For details, see Table 1.
Constraints
- A virus scan uses a lot of memory, CPU, and I/O resources. Perform this operation during off-peak hours. For details about the resource usage, see How Many CPU and Memory Resources Are Occupied by the Agent When It Performs Scans?
- The HSS professional edition only supports quick scan and removal.
- A full-disk scan does not check network directories.
Quick Scan
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > Host Security Service.
- Choose Server Protection > Virus Scan.
- Click Quick Scan. The dialog box is displayed.
- Set parameters related to the quick scan task as prompted.
Table 2 Quick scan parameters Parameter
Description
Example Value
Task Name
HSS automatically generates a task name based on the task creation time (accurate to seconds). You can modify it as needed.
Quick Scan-20250425173536
Select Server
Select the servers where you want to perform a quick scan.
You can select and scan servers that meet all the following conditions:
- The agent is online and meets the following requirements. For details about how to install the agent, see Installing the Agent on Servers.
- Unlimited scans: Windows agent version ≥ 4.0.20, Linux agent version ≥ 3.2.9
- Pay-per-use scans: Windows agent version ≥ 4.0.23, Linux agent version ≥ 3.2.12
- The AV detection policy is enabled. For details about how to enable it, see Configuring Policies.
- The server is not being scanned.
-
Handling Policy
Action to be taken on the detected virus-infected files.
- Automatic Handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
CAUTION:
In rare cases, files may be incorrectly isolated. In this case, you can restore the isolated files on the Isolated Files page. For details, see Restoring Isolated Files.
- Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.
Automatic Handling
- The agent is online and meets the following requirements. For details about how to install the agent, see Installing the Agent on Servers.
- Click Scan and start the scan task.
Full-disk Scan
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > Host Security Service.
- Choose Server Protection > Virus Scan.
- Click Full-disk Scan. The dialog box is displayed.
- Set parameters related to the full-disk scan task as prompted.
Table 3 Full-disk scan parameters Parameter
Description
Example Value
Task Name
HSS automatically generates a task name based on the task creation time (accurate to seconds). You can modify it as needed.
Full-disk Scan-20250425174038
Select Server
Select the servers where you want to perform a full scan.
You can select and scan servers that meet all the following conditions:
- The agent is online and meets the following requirements. For details about how to install the agent, see Installing the Agent on Servers.
- Unlimited scans: Windows agent version ≥ 4.0.20, Linux agent version ≥ 3.2.9
- Pay-per-use scans: Windows agent version ≥ 4.0.23, Linux agent version ≥ 3.2.12
- The AV detection policy is enabled. For details about how to enable it, see Configuring Policies.
- The server is not being scanned.
-
Handling Policy
Action to be taken on the detected virus-infected files.
- Automatic Handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
CAUTION:
In rare cases, files may be incorrectly isolated. In this case, you can restore the isolated files on the Isolated Files page. For details, see Restoring Isolated Files.
- Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.
Automatic Handling
- The agent is online and meets the following requirements. For details about how to install the agent, see Installing the Agent on Servers.
- Click Scan and start the scan task.
Custom Scan
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > Host Security Service.
- Choose Server Protection > Virus Scan.
- Click Custom Scan.
- Set the parameters of the Custom Scan policy as prompted. For details about the parameters, see Custom antivirus policy parameters.
Table 4 Custom antivirus policy parameters Parameter
Description
Example Value
Task Name
HSS automatically generates a task name based on the task creation time (accurate to seconds). You can modify it as needed.
Custom Scan-20250425180036
Startup Type
Scan task execution type.
- Scan Now: Start a scan immediately.
- Scan Later: Start a scan at the specified time.
- Periodic Start: Start a scan periodically based on your settings.
Scan Later
Start
If Startup Type is set to Scan Later, configure this parameter to set the start time of the scan. You can set the start time to a time within one month.
2025/04/25 18:10
Schedule
If Startup Type is set to Periodic Start, configure this parameter to set the scan period.
-
File Type
Type of the file to be scanned. Currently, the following types of files can be scanned:
- Executable: executable files and dynamic link libraries (DLLs), such as .exe, .dll, and .so files
- Compressed: installation packages or other compressed packages, such as .zip, .rar, and .tar files
- Script: script files, such as .bat, .py, and .ps1 files
- Document: document files, such as .txt, .doc, and .pdf files
- Image: image files, such as .bmp, .jpg, and .gif files
- Audio & Video: audiovisual files, such as .mp3, .mp4, and .flv files
Select All
(Optional) Directory Settings
Directory where virus-infected files need to be scanned. If this parameter is not set, full scan is performed by default. Full scan does not cover network directories.
WARNING:The reasons for not scanning network directories are as follows:
- Inefficient scan
A network directory usually contains a large number of files and may reach hundreds of terabytes, severely slowing down a scan.
- Network bandwidth consumption
Accessing a network directory consumes network bandwidth. A large-scale scan may fully occupy the network bandwidth and affect your workloads. For example, the access speed may slow down and the network latency may increase.
-
(Optional) Exclude Specified Directories
Directories that do not require virus scan.
-
Select Server
Select the servers to be scanned.
You can select and scan servers that meet all the following conditions:
- The agent is online and meets the following requirements: For details about how to install the agent, see Installing the Agent on Servers.
- Unlimited scans: Windows agent version ≥ 4.0.20, Linux agent version ≥ 3.2.9
- Pay-per-use scans: Windows agent version ≥ 4.0.23, Linux agent version ≥ 3.2.12
- The AV detection policy is enabled. For details about how to enable it, see Configuring Policies.
- The task start conditions required by the corresponding policy are met:
- Policy whose Startup Type is Scan Now: The server is not being scanned.
- Policy whose Startup Type is Scan Later: No other custom scan policies using the same startup time as the current policy are bound to the server.
- Policy whose Startup Type is Periodic Start: No other custom policies whose Startup Type is Periodic Start are bound to the server.
-
Handling Policy
Action to be taken on the detected virus-infected files.- Automatic Handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
CAUTION:
In rare cases, files may be incorrectly isolated. In this case, you can restore the isolated files on the Isolated Files page. For details, see Restoring Isolated Files.
- Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.
Automatic Handling
- Click Scan and start the scan task.
Viewing Virus Scan Status
After starting a scan task, you can view its execution status by referring to this section.
- On the Virus Scan page, click Scan tasks. The Scan Tasks page is displayed.
Figure 1 Viewing scan tasks
- On the Scan Task page, view the task start time, task status, and scan status.
- To view information about specific scan tasks, configure search criteria in the search box above the scan task list.
- To stop an ongoing scan task, click Cancel in the Operation column of the task.
- To retry a failed scan task, click Scan Again in the Operation column of the task.
Figure 2 Scan tasks - Click
to view the scan status and number of scanned files of each server.
- Click Cancel in the Operation column of the server to stop scanning the server.
- To retry a failed scan on a server, click Scan Again in the Operation column of the server.
Follow-up Operations
After a virus scan task is complete, you can manually handle the detected virus-infected files based on service requirements. For details, see Viewing and Handling Viruses.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot