Checking and Handling Suspicious Processes

Scenarios

If a new application process is started after application process control was enabled, HSS will display it in the suspicious process list. In this case, determine whether the process can be trusted. If it is a normal process, add it to the process whitelist.

Checking and Handling Suspicious Processes

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

3. In the navigation tree, choose Server Protection > Application Process Control.

4. Click the Suspicious Processes tab.
   Figure 1 Viewing suspicious processes
   

5. Determine whether a suspicious process can be trusted based on its information, such as the hash value and file path.
   • If the process can be trusted, go to 6.
   • If the process cannot be trusted, manually clear it.

6. In the row of a process, click Handle in the Operation column.

   You can also select multiple suspicious processes and click Batch Handle above the list.

7. In the dialog box that is displayed, select an action.

   Select Add to process whitelist.

8. Click OK.

Related Operations

HSS reports an alarm once it detects a running malicious process. Choose Detection & Response > Alarms, check and handle the alarms on the Server Alarms tab page, and clear malicious processes in a timely manner. For details, see Handling Server Alarms.