Help Center/ Host Security Service/ User Guide (Kuala Lumpur Region)/ Server Protection/ Application Process Control/ Application Process Control Overview

Updated on 2025-10-10 GMT+08:00

View PDF

Application Process Control Overview

HSS can learn the characteristics of application processes on servers and manage their running. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes.

Constraints

Application process control is available only in HSS premium, WTP, and container editions.
To use application process control, ensure the agent installed on the server falls within the following range. For details about how to upgrade the agent, see Upgrading the Agent.
- Linux: 3.2.7 or later
- Windows: 4.0.19 or later

Process of Using Application Process Control

Figure 1 Usage process

**Table 1** Process of using application process control
Operation	Description
Create a whitelist policy.	A whitelist policy specifies how HSS learns server behaviors and protect application processes. Application process protection can be enabled only for servers associated with a whitelist policy.
Confirm learning outcomes.	After the HSS learns the application processes on servers, there may be some suspicious application processes with insignificant characteristics, and HSS cannot determine whether they are malicious or trustworthy. In this case, you need to confirm the learning outcomes.
Enable application process control.	Enable application process control on the servers associated with a policy.
Check and handle suspicious processes.	HSS cannot determine whether some suspicious application processes with insignificant characteristics are trustworthy. You need to check their process details, determine whether they are trustworthy, and add them to the process whitelist.
Check and handle malicious process alarms.	HSS reports an alarm once it detects a malicious process. Choose Detection & Response > Alarms, check and handle the alarms on the Server Alarms tab page, and clear malicious processes in a timely manner.
(Optional) Add items to the process whitelist.	After HSS completes learning, if you think the number of application processes it learned is fewer than the number of process fingerprints collected by the asset fingerprint function, or if it regarded many trustworthy application processes as suspicious, you can extend the HSS process whitelist. HSS will compare the application processes it already learned with the collected process fingerprints to enrich the HSS application process intelligence library and extend the trusted process whitelist.
(Optional) Start learning on the servers again.	If you have added trustworthy processes to the whitelist but there are still many false positives reported, you can let HSS start learning again on the servers.

Parent topic: Application Process Control

Previous topic: Application Process Control

Next topic: Creating a Whitelist Policy

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.