How Do I Enable or Disable the Agent Self-protection Policy?
HSS agent self-protection provides the following functions:
- Self-protection in Windows: Prevent malicious programs from uninstalling the agent, tampering with HSS files, or stopping HSS processes.
- Self-protection in Linux: Prevent malicious programs from stopping the HSS process and uninstalling the agent.
Agent self-protection is enabled by default. This section describes how to enable or disable it for the servers associated with the same policy group.
Agent self-protection can be configured in two ways. For details, see Enabling or Disabling Agent Self-Protection.
Constraints
- Agent self-protection is supported only if the Linux agent version is 3.2.12 or later, or the Windows agent version is 4.0.18 or later.
- Agent self-protection in Windows depends on antivirus detection, HIPS detection, and ransomware protection. It takes effect only when more than one of the three functions are enabled. For details about how to check or enable these functions, see:
- Ransomware protection: Enabling Ransomware Prevention
- AV detection and HIPS detection: Configuring Policies
- Enabling the self-protection policy has the following impacts:
- Windows
- The agent cannot be uninstalled through the control panel. It can be uninstalled on the HSS console.
- In the agent installation path C:\Program Files\HostGuard, you can only access the log and data directories (and the upgrade directory, if your agent has been upgraded).
- HSS-related processes cannot be forcibly stopped.
- Linux
- The agent cannot be uninstalled using commands. It can be uninstalled on the HSS console.
- If you run a command to stop or restart HSS, you need to enter a verification code, which is displayed in the command output after you run the stop or restart command.
- HSS-related process information is hidden.
- Windows
Procedure
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > Host Security Service.
- In the navigation tree on the left, choose
- Click the name of a premium edition policy group for Windows servers. The policy group details page is displayed.
Select the policy group of the server where you want to enable self-protection.
- If you have not created any policy groups, select the default policy group tenant_XXX_XXX_default_policy_group.
- If you have created a policy group, select the policy group of your server. Perform the following operations:
- In the navigation pane on the left, choose .
- Click the Servers tab to view the policy groups of servers.
Figure 1 Viewing the policy groups of servers
- In the row containing the target self-protection policy, click Enable or Disable in the Operation column.
- In the displayed dialog box, click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot