This topic provides answers to some frequently asked questions about Security Center.

The following list provides the answers to some frequently asked questions about Security Center by category.

Pre-sales

I have tried the edition of Security Center free of charge. Can I reapply for the free trial?

How do I apply for a 7-day free trial of the Security Center Ultimate edition?

Can I purchase Security Center on a monthly basis?

Are there differences between each edition of Security Center?

The list price of the edition is USD 4.5 per month. Why the price on the buy page is higher than USD 4.5?

I do not have an Alibaba Cloud ECS instance. Can I use Security Center to protect servers in data centers?

Can Security Center protect third-party cloud servers?

How do I use Security Center to protect my servers in data centers and third-party cloud servers?

Pre-sales FAQ

Does Security Center provide the antivirus service?

Which edition of Security Center provides the automatic vulnerability fix feature?

Which edition of Security Center must I select if I want to meet the testing and evaluation requirements for classified protection?

Purchase and renew Security Center

What do I do if Security Center prompts that the subscription is due to expire?

Why am I unable to view the DDoS alerts in the Security Center console?

Access Security Center

How do I view a log file of the Security Center agent?

How do I use Security Center to protect servers not deployed on Alibaba Cloud?

Why am I unable to install the Security Center agent on the virtual machines and lightweight servers?

Operations on the Security Center console

The error message "Invalid token" is returned in the Security Center console. What do I do?

The error message "You are not authorized to perform the current operation." is returned when I log on to the Security Center console as a RAM user. What do I do?

How do I address the browser compatibility issues when I log on to the console?

The maximum number of protected servers allowed is less than the total number of the existing servers. What do I do?

Security score

What are the priorities to handle security events that you can access from the Security Score section?

What are the differences in deduction items between and compared with , , and ?

How do I enable the brute-force attacks protection feature?

How do I handle common alerts?

How does the vulnerability scan level affect the security score?

How does the baseline check level affect the security score?

Unbinding of a server and uninstallation of the Security Center agent

How do I unbind an external server from Security Center?

How do I unbind an Elastic Compute Service (ECS) instance from Security Center?

Virus defense

How can I purchase the anti-ransomware capacity?

What is the anti-virus feature? Why do I have to pay for the anti-virus feature?

After I purchase the anti-virus feature, can the existing features run properly?

What is the relationship between the anti-virus feature and Alibaba Cloud HBR?

What functions does the anti-virus feature provide?

Is the data backup function automatically enabled after I purchase the anti-ransomware capacity?

What do I do if the anti-ransomware client consumes excessive server CPU or memory resources?

What are the differences between the general anti-ransomware solution and the snapshot feature?

What do I do if the anti-ransomware capacity that I purchased is insufficient?

What do I do if the status of a protection policy is abnormal?

Web tamper proofing

If the remaining validity period of Security Center is three years, can I purchase web tamper proofing for one year?

Can web tamper proofing protect files of any size?

If my server stores more than 3 MB of files, can web tamper proofing protect the excessive files that exceed 3 MB? Can web tamper proofing protect files whose total size is not larger than 3 MB?

Why is the 30006 error code returned when I enable web tamper proofing?

What are the requirements for the local backup directory of web tamper proofing?

What do I do if I receive a message that indicates that a protected directory is invalid?

Why does web tamper proofing remain disabled after I specify a protected directory?

Can I write files to a protected directory?

After a protected directory is specified, what do I do if web tamper proofing does not take effect immediately?

After I enable web tamper proofing, what do I do if the website content and images cannot be modified or updated?

What do I do if I receive an email or text message that notifies me of a webshell detected on my server?

Linux software vulnerabilities

How do I manually detect Linux software vulnerabilities on my servers?

How do I view the current software version and vulnerability details?

How do I update kernel 3.1* to kernel 4.4 on Ubuntu 14.04?

Is a system restart required after I fix a vulnerability?

What can I do if Security Center still sends a vulnerability alert to me after I update the kernel?

What can I do If no update software package is released for a vulnerability?

The parameters of Linux software vulnerabilities

After Linux kernel vulnerabilities are fixed and the system is restarted, I am still notified that I have to restart the system when I log on to the console. What do I do?

What is the rule of the wget buffer overflow vulnerability in Security Center?

Vulnerability fixing

Fix software vulnerabilities

Troubleshoot vulnerability fix failures

How do I delete a Windows patch from the directory of the Security Center agent?

Can Security Center detect Elasticsearch vulnerabilities?

How do I handle a connection timeout between my server and the YUM repository of Alibaba Cloud?

How do I handle the "Invalid token" error message when I fix a vulnerability?

What can I do if Security Center fails to verify the fix of a system vulnerability?

Why does the state of a vulnerability remain unchanged when I verify the vulnerability fix?

Why does Security Center fail to roll back a vulnerability fix?

How do I verify whether a vulnerability is fixed?

How do I handle urgent vulnerabilities?

How do I manually detect system software vulnerabilities on a server?

How do I fix the software vulnerabilities on a server?

How do I troubleshoot the failures of vulnerability fixing?

I fail to verify the fixes of Windows system vulnerabilities. What do I do?

The status of a vulnerability is not updated to fixed after it is fixed. What do I do?

I cannot view vulnerabilities or the vulnerabilities of a specific server in the Security Center console. What do I do?

After Security Center fixes Windows system vulnerabilities, the vulnerabilities are detected again when I perform vulnerability detection. What do I do?

What is the rule of the wget buffer overflow vulnerability in Security Center?

After Linux kernel vulnerabilities are fixed and the system is restarted, I am still notified that I have to restart the system when I log on to the console. What do I do?

Vulnerability detection

Scan cycles

Can Security Center detect system and application vulnerabilities?

FAQ

Baseline checks

What can I do if Security Center fails to verify a fixed baseline risk?

What are the differences between baselines and vulnerabilities?

I fail to verify the fixes of baseline risks. What do I do?

What are the common baseline risks and how do I fix them?

Alerting

How can I view the defense features that I have enabled?

How can I determine whether my assets contain mining programs?

How does Security Center detect intrusions?

What alerts can I add to the whitelist?

How can I manage common alerts?

After I change the default port of the SSH service, Security Center still generates alerts on brute-force attacks against passwords. What do I do?

How does Security Center detect unusual logons and generate alerts on unusual logons?

How do I view all alerts that are generated on assets?

How do I add an alert to the whitelist?

How do I handle alerts?

How do I check whether a website is attacked?

How does Security Center detect unusual logons and generate alerts on unusual logons?

What do I do after sensitive information is breached?

How do I use Security Center Basic to handle webshells?

The source files of some alerts can be manually quarantined in the Security Center console. What are the types of these alerts?

How do I view the usernames of failed logons to a Windows server when Security Center generates alerts on unusual logons?

An alert is generated. It indicates proactive connections to malicious download sources. How do I handle this alert?

An alert is generated. It indicates access to a malicious domain name. How do I handle this alert?

After I change the default port of the SSH service, Security Center still generates alerts on brute-force attacks against passwords. What do I do?

Brute-force attacks

How can I enable protection against brute-force attacks?

What can I do if my server passwords are cracked?

Why can I still receive brute-force attack alerts after I change the default port of the SSH service?

Why are RDP brute-force attacks detected after RDP requests on port 3389 have already been blocked by security group rules or firewall rules?

Does Security Center detect only weak passwords of RDP and SSH services?

How can I handle an SSH or RDP remote logon failure?

AccessKey pair leaks

Handle sensitive information leakage

Notifications

How do I modify the alert contacts that receive notifications?