Updated on 2025-09-08 GMT+08:00

Viewing and Handling Viruses

Scenarios

After the virus scanning is complete, HSS handles the virus-infected files based on the handling policy selected. The handling policies are as follows:

  • Automatic handling: HSS automatically isolates the detected malicious files. The suspicious files that are not confirmed as viruses are labeled as suspicious and need to be manually checked and handled.
  • Manual handling: Alarms are generated for the detected virus-infected files. You need to manually confirm the files before handling them.

No matter which handling policy you choose, you need to confirm and handle the scan results in a timely manner to protect your servers from viruses.

The section describes how to check and manually handle virus-infected files.

Prerequisites

A virus scanning task has been executed. For details, see Scanning for Viruses.

Viewing and Handling Viruses

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Server Protection > Virus Scan.
  4. View the scanned virus files.

    Hover the cursor over a virus name to view its file path, file hash, owner, attribute, size, and creation time.

    Figure 1 Virus-infected file list

  5. In the Operation column of a virus file, click Handle.

    You can also select multiple virus files and click Batch Handle above the list to handle them in batches.

    Figure 2 Handling virus-infected files

  6. In the Handle Infected Files dialog box, select a virus-infected file handling method. For more information, see Virus-infected file handling methods.

    Table 1 Virus-infected file handling methods

    Parameter

    Description

    Mark as handled

    Select this if you have manually handled the virus-infected file on the server.

    Ignore

    Ignore the virus-infected file alarm. If this file is detected again, HSS generates an alarm.

    Add to alarm whitelist

    If you confirm that the virus file is falsely reported, you can add it to the alarm whitelist. After a file is added to whitelist, HSS will not generate alarms for the file.

    Isolating files manually

    Isolate virus-infected files. After a file is isolated, it will become read-only. To avoid impact on services, exercise caution when performing this operation.

    Isolated files are added to the Isolated Files and cannot harm your server. You can restore or delete isolated files as required. For details, see Isolated Files.

  7. Click OK.

    After the alarm is handled, the status of the virus file alarm event changes to Handled. You can view the handling records on the historical handling records page. For details, see Handling History.

Exporting Virus Alarms

Export virus alarms to a local PC.

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Server Protection > Virus Scan.
  4. Above the virus-infected file alarm event list, click Export to export all virus-infected file alarm events to the local PC.
  5. View the export status in the upper part of the virus scan page. After the export is successful, obtain the exported information from the default file download address on the local host.

    Do not close the browser page during the export. Otherwise, the export task will be interrupted.