This topic provides an overview of tamper protection. Tamper protection is a value-added service provided by Security Center. This service monitors website directories in real time, and backs up and restores tampered files or directories. This service prevents Trojans, hidden links, and uploads of violent or illicit content.

Background information

To make illegal profits or conduct business attacks, attackers exploit vulnerabilities in websites to insert illegal hidden links and tamper with the websites. Defaced web pages affect user access and may lead to serious economic losses, damaged brand reputation, or political risks.

Tamper protection allows you to add Linux and Windows processes to the whitelist. This ensures that protected files are updated in real time.

How tamper protection works

The Security Center agent automatically identifies and terminates the processes that attempt to modify files in the protected directories of the protected servers.

You can log on to the Security Center console and choose Defense > Tamper Protection. On the page that appears, you can find the alert list where you can view the alerts generated upon unusual file changes, unusual processes, and the number of times that each unusual process has attempted to write files. If a file is modified by a trusted process, you can add the process to the whitelist. After the process is added to the whitelist, tamper protection no longer blocks the process. In scenarios where the content of websites, such as news and education websites, is frequently modified, the whitelist saves you the efforts of frequently enabling and disabling tamper protection. For more information, see Add blocked processes to the whitelist.

Note The Basic edition of Security Center does not support tamper protection. To activate and enable tamper protection, you must upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition.

Versions of operating systems and kernels supported by tamper protection

Operating system Supported operating system version Supported kernel version
Windows 32-bit and 64-bit Windows Server 2008 or later All versions
CentOS 64-bit 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, and 7.6
Note Tamper protection supports only 64-bit CentOS. 32-bit CentOS is not supported.
  • 2.6.32-x
  • 3.10.0-x
Ubuntu 64-bit 14.04, 16.04, 18.04
Note Tamper protection supports only 64-bit Ubuntu. 32-bit Ubuntu is not supported.
  • 3.13.0-32-generic
  • 3.13.0-86-generic
  • 4.4.0-62-generic
  • 4.4.0-63-generic
  • 4.4.0-93-generic
  • 4.4.0-151-generic
  • 4.4.0-117-generic
  • 4.15.0-23-generic
  • 4.15.0-42-generic
  • 4.15.0-45-generic
  • 4.15.0-52-generic
Note
  • Kernel versions supported by tamper protection are listed in the preceding table. Servers that use unsupported kernel versions are not supported by the tamper protection whitelist. Make sure that your servers use supported kernel versions. If the current kernel version is not supported, you must upgrade it to a supported version. Otherwise, you cannot add processes to the whitelist.
  • Before you upgrade the server kernel, create a snapshot to back up your asset data.

Related topics

Enable tamper protection

Enable tamper protection

View the protection status

Add blocked processes to the whitelist