What's New
The tables below describe the functions released in each Host Security Service version and corresponding documentation updates. New features will be successively launched in each region.
September 2025
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added application protection for containers. | Application protection is supported for containerized applications. To improve application security, you can enable protection for Tomcat, WebLogic, Netty, and Jetty applications automatically or manually. 
 Editions: container edition | Commercial use | |
| 2 | Added brute-force attack detection for containers. | Brute-force attack detection monitors SSH, MySQL, and vsftp login behaviors while containers are running to detect possible brute-force attacks in time. You can configure the brute-force attack detection thresholds, including slow and fast brute-force attack detection rules, to better suit your workloads. Editions: container edition | Commercial use | |
| 3 | Added abnormal container behavior detection. | Abnormal container behavior detection can detect non-image programs (such as Trojans implanted by hackers) started during container running to defend against unknown attacks. The container infrastructure is immutable. Any programs started outside images are regarded abnormal. Processes are monitored and alarms are reported in real time. After the abnormal container behavior detection policy is enabled, HSS learns the behaviors of started containers by image. After the learning is complete, a baseline library is established, and HSS checks the processes started in containers based on the library. If the process started in the container is not in the baseline library, an alarm is generated. The alarms are classified based on whether the software that starts the process is in an image. 
 Editions: container edition | Commercial use | |
| 4 | Enhanced container image security. | 
 Editions: container edition (only for local images) | Commercial use | |
| 5 | Enhanced vulnerability scan. | Vulnerability scan supports the following OSs: 
 Editions: all editions | Commercial use | |
| 6 | Optimized baseline checks. | 
 Editions: enterprise, premium, WTP, and container editions | Commercial use | |
| 7 | AI ransomware protection supports Linux. | AI ransomware protection can protect Linux. Editions: premium, WTP, and container editions | Commercial use | 
June 2025
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added cluster environment security scans | A cluster environment security scan checks the resources on the Kubernetes cluster management plane and data plane; identifies infrastructure as code (IaC) risks, vulnerabilities, unsafe settings, configuration compliance, sensitive information, and permissions management issues; and provides solutions, helping you build a comprehensive cluster security system. 
 Editions: container edition | Commercial use | |
| 2 | Added kernel module loading checks | Kernel module loading can be detected and alarms can be reported in real time, improving OS kernel security. In kernel module loading, a precompiled kernel module (.ko file) is loaded to a running Linux kernel by using commands such as insmod and modprobe to extend kernel functions. If kernel modules are loaded without strict security reviews, hackers may use the kernel modules to inject malicious code and escalate permissions. This may interfere with kernel operations and even lead to system breakdown. Editions: enterprise, premium, WTP, and container editions | Commercial use | |
| 3 | Optimized automatic quota unbinding | If an Elastic Cloud Server (ECS) instance or a Cloud Container Engine (CCE) node is deleted, it will be automatically unbound from its HSS protection quota. 
 Editions: all editions | Commercial use | |
| 4 | Optimized baseline checks | 
 | Commercial use | |
| 5 | Optimized image synchronization rules | HSS can periodically synchronize basic image information from the container image repository to the HSS console. Editions: container edition | Commercial use | |
| 6 | Optimized the asset fingerprint list | The First Scanned column was added in the account information list and the installed software list to help you trace assets. You can learn when an asset was added. Editions: enterprise, premium, WTP, and container editions | Commercial use | |
| 7 | Optimized the logic for enabling the container edition | 
 Editions: container edition | Commercial use | |
| 8 | Optimized container image security views | Added the Affected Images column on the Malicious Files, Unsafe Configuration, Sensitive Information, and Software Compliance lists in the Risk View on the Container Images page, helping you quickly locate and handle image risks. Editions: container edition | Commercial use | |
| 9 | Added new APIs | Added 99 APIs, including: 
 | Commercial use | 
March 2025
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added graph engine detection | Generally, threat behavior detection checks file, process, network, or other information against the threat feature library to identify and block malicious behaviors. But to identify an attack, which usually involves multiple steps, we need to correlate multiple behaviors. For example, a vulnerability exploit attack involves scan and reconnaissance, system intrusion, malicious file implant, and subsequent attacks. Graph engine detection performs comprehensive source tracing analysis based on the threat information provided by multiple modules (including HIPS detection, AI ransomware detection, and antivirus detection). It can associate and comprehensively analyze multiple suspicious process events to identify intrusion behaviors, enhancing defense against vulnerability exploits. Editions: premium, WTP, and container editions | Commercial use | |
| 2 | Added the cross-account agent installation function | Added the cross-account agent installation function. You can connect the servers of other accounts to the current account for unified protection and management. In this way, HSS can protect the servers of different accounts. Editions: all editions | Commercial use | |
| 3 | Added fileless attack detection for servers | Added fileless attack detection for servers. 
 Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 4 | Added automatic isolation and removal of web shells | HSS can automatically isolate and remove of web shells. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 5 | Added AI ransomware protection | Added AI ransomware prevention. It can monitor all the files on Windows servers; analyze whether multiple files of the same process are created, deleted, modified, or renamed; and determine whether the files are encrypted by ransomware. After detecting suspicious behaviors, HSS uses the graph engine for comprehensive source tracing analysis to identify ransomware attacks and improve the ransomware detection rate. Editions: premium, WTP, and container editions | Commercial use | |
| 6 | Optimized WTP | Improved the WTP configuration process. Users can operate more smoothly, and can enable protection for an application on multiple servers at once. Editions: WTP edition | Commercial use | |
| 7 | Optimized container image security | Added functions include but are not limited to the following: 
 Editions: container edition | Commercial use | |
| 8 | Optimized baseline checks | 
 | Commercial use | 
January 2025
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | New APIs | Added the following APIs: deleting accounts, querying the multi-account list, adding accounts in batches, querying account organizations, querying agent installation scripts, deleting cluster daemonsets, updating cluster daemonsets, creating CCE integrated protection configurations, and obtaining cluster configurations. | Commercial use | |
| 2 | Optimized login security detection | Brute-force cracking of SQL Server accounts can be automatically blocked. Editions: professional, premium, WTP, and container editions | Commercial use | |
| 3 | Optimized policy management | The Balanced and Sensitive modes are added. In Balanced mode, the threat detection rate and accuracy are relatively balanced. In Sensitive mode, the threat detection rate is high, and security level is higher. Policies affected by the protection mode: malicious file detection, web shell detection, HIPS detection, antivirus, and abnormal process behavior policies. Editions: professional, premium, WTP, and container editions | Commercial use | |
| 4 | Optimized emergency vulnerability detection | Windows emergency vulnerability detection is supported. Emergency vulnerability detection of Linux supports the Arm architecture. Editions: professional, premium, WTP, and container editions | Commercial use | |
| 5 | Optimized the asset fingerprint function | 
 Editions: premium, WTP, and container editions | Commercial use | |
| 6 | Optimized the baseline check function | The following configuration baselines are added to adapt to compliance baseline check outside China: 
 Editions: premium, WTP, and container editions. | Commercial use | |
| 7 | Optimized the application protection function | The following application protection functions are supported to meet RASP protection requirements in multiple scenarios: 
 Editions: premium, WTP, and container editions | Open beta testing | |
| 8 | Added container escape blocking function | When a container is running, an attacker may configure high-risk capabilities, exploit incorrect system configurations, or mount host directories to escape the container and gain full control over the host system. HSS provides container escape prevention policies to detect container escapes at the levels of networks, servers, pods, containers, processes, and system calls. Five types of abnormal runtime behaviors (processes, files, network activities, process capabilities, and system calls) can be detected, reported, and blocked to prevent container escape and protect container runtime. Editions: container edition | Open beta testing | |
| 9 | Added CI/CD image security scan function | The CI/CD image security scan function can be integrated into the CI/CD build pipeline of the Jenkins Pipeline project. It can implement security scan in the image build phase; identify system vulnerabilities, application vulnerabilities, abnormal system configurations, malicious files, and sensitive files in images; and shift security left to the DevOps phase, helping you eliminate security risks as early as possible and preventing unsafe images from being deployed in the production environment. Editions: container edition | Commercial use | 
September 2024
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added security scanning for third-party image repositories | HSS can scan third-party image repositories manually or periodically to detect vulnerabilities, baselines, malicious files, software information, file information, sensitive information, software compliance, and basic image information, helping you detect potential security risks in third-party images. Editions: container edition | Commercial use | |
| 2 | Optimized the container cluster protection function | Added the security and compliance protection policy types. More than 20 protection policies are added, including restricting pods to start privileged containers, restricting the range of host directories that can be mounted to pods, restricting the Proc types that can be mounted to pods, and restricting Linux capabilities configured in pods. The protection policies meet container cluster protection requirements in different scenarios. Editions: container edition | Commercial use | 
July 2024
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added the API for querying the basic container information list | You can use the API to query the container list and learn about the container status, cluster, and risks. | Commercial use | |
| 2 | Added the API for querying the local image list | You can use the API to query the local image list and learn about the basic information and risks of local images. | Commercial use | 
June 2024
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added the multi-cloud cluster management function | HSS supports unified management of third-party cloud clusters and IDC self-built clusters, and provides full-lifecycle security protection for containers. Editions: container edition | Commercial use | |
| 2 | Added the monthly operation report | On the first day of each month, HSS generates a security operations summary report for last month. You can learn the asset security status and security configurations, analyze monthly operation report, and harden configurations and improve O&M efficiency accordingly. Editions: all editions | Commercial use | |
| 3 | Added the container audit function | Container audit monitors and records operations and activities of cluster containers, independent containers, and the image repositories of SoftWare Repository for Container (SWR). You can view and analyze their logs on the HSS console. Editions: container edition | Commercial use | 
March 2024
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Optimized policy management | 
 | Commercial use | |
| 2 | Added the dynamic port honeypot function | The dynamic port honeypot function is a deception trap. It uses a real port as a bait port to induce attackers to access the network. In the horizontal penetration scenario, the function can effectively detect attackers' scanning, identify faulty servers, and protect real resources of the user. You can enable the dynamic port honeypot using recommended ports or user-defined ports to deceive compromised servers and reduce the risk of resources intrusion. Editions: premium, WTP, and container editions | Open beta testing | |
| 3 | IPv6 server security protection is supported | IPv6 server security protection is supported. multiple security management and defense capabilities are provided, such as asset management, vulnerability management, baseline check, and intrusion detection, meeting security protection requirements in multiple scenarios of customers. Editions: all editions | Commercial use | |
| 4 | Optimized the container firewall function | The container firewall function allows you to configure security group policies to protect clusters of the cloud native network 2.0 model. Editions: container edition | Commercial use | |
| 5 | Optimized the virus scanning and removal function | The function supports automatic isolation of virus files. Editions: professional, enterprise, premium, WTP, and container editions | Open beta testing | |
| 6 | Optimized vulnerability fixing | Fixing CCE kernel vulnerabilities may bring inconvenience to your services. When you use HSS to fix system vulnerabilities, batch fixing can automatically filter out CCE kernel vulnerabilities, vulnerability fixing for a single CCE kernel vulnerability is not supported. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 7 | Optimized emergency vulnerability scanning | The emergency vulnerability scanning function can scan RunC container escape vulnerability. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | 
December 2023
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Added the automatic quota binding function | After purchasing a yearly/monthly quota, you need to bind the quota to a server to enable protection. To prevent resource waste, you can enable the automatic quota binding function. HSS automatically binds quotas to unprotected servers. Editions: all | Commercial use | |
| 2 | Optimize the agent installation and configuration | Use the same agent installation command for the same OS. Editions: all | Commercial use | |
| 3 | Optimize the alarm notification | Notify users of successful automatic isolation and killing of malicious programs, automatic blocking of ransomware, and automatic blocking of WTP. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 4 | Optimize the vulnerability report | Vulnerability reports can be exported in PDF or HTML format. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 5 | Added the virus scanning and removal function | The function uses the virus detection engine to scan virus files on the server. The scanned file types include executable files, compressed files, script files, documents, images, and audio and video files. You can perform quick scan and full-disk scan on the server as required. You can also customize scan tasks and handle detected virus files in a timely manner to enhance the virus defense capability of the service system. Editions: professional, enterprise, premium, WTP, and container editions | Open beta testing | |
| 6 | Added the automatic agent upgrade function | The agent edition is continuously updated to improve server protection capabilities. Therefore, you need to periodically upgrade the agent to the latest version. If you cannot manually upgrade the agent in a timely manner, you are advised to enable the automatic agent upgrade function. HSS will automatically upgrade the agent to the latest version. Editions: all | Commercial use | |
| 7 | Optimized container image security scanning | 
 Editions: container edition | Commercial use | |
| 8 | Added the emergency vulnerability scanning function | The emergency vulnerability scan function checks whether the software and any dependencies running on the server have vulnerabilities through version comparison and POC verification. Reports risky vulnerabilities to the console and provides vulnerability alarms for you. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | 
October 2023
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Backup before vulnerability fixing | Vulnerability fixing may fail and interrupt services. To avoid this problem, HSS enables you to back up servers before fixing vulnerabilities. If an exception occurs, you can restore servers to ensure service continuity. Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 2 | Cluster agent management | To enable protection for all containers in a CCE cluster or an on-premises Kubernetes cluster, you can use the cluster agent management function to install the agent in the cluster. After this function is enabled, you do not need to manually install the agent on new nodes or pods added to the cluster. Editions: container edition | Commercial use | |
| 3 | Resource monitoring based on Cloud Eye | HSS uses Cloud Eye to perform monitoring over resources and operations, helping you monitor server security and receive alarms and notifications in real time. Editions: all | Commercial use | |
| 4 | Optimized Dashboard page | The quota management, protection overview, and news modules are added to the HSS Dashboard page. You can easily check the quota usage, enabling status of key functions, and the latest vulnerability information. The security score criteria are optimized to help you quickly locate security risks and improve the security score. Editions: all | Commercial use | |
| 5 | Optimized intrusion detection alarms | 
 Editions: professional, enterprise, premium, WTP, and container editions | Commercial use | |
| 6 | Container cluster protection | HSS can check for non-compliance baseline issues, vulnerabilities, and malicious files when a container image is started and report alarms on or block container startup that has not been unauthorized or may incur high risks. You can configure container cluster protection policies to block images with vulnerabilities, malicious files, non-compliant baselines, or other threats, hardening cluster security. Editions: container edition | Commercial use | |
| 7 | Optimized ransomware prevention | Ransomware prevention will be enabled with the HSS premium or higher edition. Editions: premium, WTP, and container editions | Commercial use | |
| 8 | Application process control | HSS can control different types of application processes on servers. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes. Editions: premium, Web Tamper Protection (WTP), and container editions | Commercial use | 
July 2023
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Container image security | 
 | Commercial use | |
| 2 | Intrusion detection | 
 | Commercial use | |
| 3 | Server vulnerability management | The vulnerability management page is redesigned. The new functions are as follows: 
 | Commercial use | Managing the Vulnerability Whitelist | 
| 4 | Container intrusion detection | 
 | Commercial use | |
| 5 | Container asset fingerprint | Information about accounts, auto-started items, clusters, services, workloads, and container instances can be collected to help you identify insecure container assets. | Commercial use | |
| 6 | Container security response | You can isolate, suspend, kill, and restore containers with medium or higher security risks to prevent them from affecting secure containers. | Commercial use | |
| 7 | Container firewall | The HSS container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks. | Commercial use | 
June 2023
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | HSS professional edition | HSS provides the professional edition, where you can isolate and kill Trojans, and can scan for and fix vulnerabilities in a few clicks. | Commercial use | 
March 2023
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | The Docker plug-in is added to enhance container security. | To improve container security capabilities, the Docker plug-in must be installed for Docker containers (Linux). | Commercial use | |
| 2 | Honeypot file protection for Windows | Honeypot files can be deployed in protected directories and important directories (except for the excluded directories specified by users) to trap possible ransomware. If an unknown ransomware attempts to encrypt a honeypot file, HSS immediately generates an alarm. | Commercial use | |
| 3 | The Windows policy group supports antivirus and host intrusion prevention system (HIPS) detection policies. | You can set antivirus detection policies for Windows servers to report, isolate, and kill viruses. You can also set HIPS detection policies to detect registries, files, and processes; and to report alarms for suspicious operations such as abnormal changes. | Commercial use | |
| 4 | Trojans, viruses, and worms can trigger HID alarms. | HSS can detect, generate alarms on, and remove Trojans, viruses, and worms that intrude servers. | Commercial use | 
January 2023
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Privileged processes can be configured in the WTP edition. | If WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, add them to the privileged process list. Only the modification made by privileged processes can take effect. Modifications made by other processes will be automatically rolled back. | Commercial use | |
| 2 | Batch agent installation | The agent can be installed on multiple servers in batches. | Commercial use | 
November 2022
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Free Scan on Unprotected Servers | Servers that are not protected by HSS are scanned once a week for free. A security report on their vulnerabilities, unsafe passwords, and asset risks will be generated. | Commercial use | |
| 2 | Manually Performing a Vulnerability Scan | You can manually scan servers for vulnerabilities. | Commercial use | 
September 2022
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Upgrading Your Edition | You can upgrade to a higher edition and enjoy stronger security features. | Commercial use | |
| 2 | Batch Installing Agents | After creating a batch agent installation task, the system will install the agents automatically. You can enable protection for the target servers after the agents are installed successfully. | Commercial use | 
July 2022
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Configuring Asset Importance | You can configure the asset importance of a server, and can manage servers by asset importance level. | Commercial use | |
| 2 | Ransomware prevention is supported in Windows | Monitor new files and running processes in real time, control risks in new files, dynamically generate bait files for proactive defense, accurately identify ransomware, and periodically back up servers based on user-defined policies. | Commercial use | |
| 3 | Application Protection | To protect your applications with RASP, you simply need to add probes to them, without having to modify application files. | Commercial use | 
June 2022
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Application vulnerability detection | You can check and handle vulnerabilities in applications. | Commercial use | |
| 2 | Exporting the Baseline Check Report | You can filter and export the baseline check report as required. | Commercial use | 
May 2022
| No. | Feature | Description | Phase | Document | 
|---|---|---|---|---|
| 1 | Asset Details | HSS proactively checks open ports, processes, web directories, and auto-startup entries on your servers Asset Management gives you a better perspective on host asset information and allows you to identify risky server assets in a timely manner. | Commercial use | 
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot 
    