Enabling and Disabling Agent Self-Protection

Agent self-protection can protect HSS software, processes, and files from malicious programs. The protection capabilities vary depending on the OS.

Self-protection in Windows: Prevents malicious programs from uninstalling the agent, tampering with HSS files, or stopping HSS processes.
Self-protection in Linux: Prevent malicious programs from stopping HSS processes or uninstalling HSS agents.

This section describes how to enable or disable agent self-protection for servers in a specified enterprise project.

Agent self-protection and the self-protection policy are the same function, but their application scopes are different. For details, see Table 1.

**Table 1** Differences between agent self-protection and the self-protection policy
Function	How to Find	Application Scope and Restriction	Operation
Agent self-protection	Installation and Configuration > Server Install & Config > Security Configuration > Agent Self-protection	After this function is enabled, agent self-protection will be enabled for all servers in the specified enterprise project. This switch is displayed only if an enterprise project has at least one server protected by HSS. If the self-protection policy is disabled for a server in the enterprise project, this switch will be displayed as disabled ().	Enabling Agent Self-protection Disabling Agent Self-protection
Self-protection policy	Choose Security Operations > Policies. Click a policy group and click Self-protection.	After this function is enabled, the agent self-protection function is enabled only for the servers associated with the policy group.	How Do I Enable or Disable HSS Self-protection?

Agent self-protection is supported only if the Linux agent version is 3.2.12 or later, or the Windows agent version is 4.0.18 or later.
Agent self-protection in Windows depends on antivirus detection, HIPS detection, and ransomware protection. It takes effect only when more than one of the three functions are enabled. For details about how to check or enable these functions, see:
- Ransomware protection: Enabling Ransomware Prevention
- AV detection and HIPS detection: Configuring Policies
Enabling the self-protection policy has the following impacts:
- Windows
  - The agent cannot be uninstalled through the control panel. It can be uninstalled on the HSS console.
  - In the agent installation path C:\Program Files\HostGuard, you can only access the log and data directories (and the upgrade directory, if your agent has been upgraded).
  - HSS-related processes cannot be forcibly stopped.
- Linux
  - The agent cannot be uninstalled using commands. It can be uninstalled on the HSS console.
  - If you run a command to stop or restart HSS, you need to enter a verification code, which is displayed in the command output after you run the stop or restart command.
  - HSS-related process information is hidden.

Log in to the HSS console.
Click in the upper left corner and select a region or project.
In the navigation pane, choose Installation & Configuration > Server Install & Config.
Click the Security Configuration tab. Click Agent Self-Protection.
In the upper part of the page, select a project from the Enterprise Project drop-down list.

All projects indicates all enterprise projects.
Click . The Enable Agent Self-protection? dialog box is displayed.

Figure 1 Agent self-protection
Click OK.

indicates that agent self-protection is enabled.

Log in to the HSS console.
Click in the upper left corner and select a region or project.
In the navigation pane, choose Installation & Configuration > Server Install & Config.
Click the Security Configuration tab. Click Agent Self-Protection.
In the upper part of the page, select a project from the Enterprise Project drop-down list.

All projects indicates all enterprise projects.
Click . The Disable Agent Self-protection? dialog box is displayed.

Figure 2 Agent self-protection
Click OK.

indicates that agent self-protection is disabled.