This topic introduces common solutions on how to manage alerts.

Unusual process activities

View the alert and check whether the process activity is a normal service operation. If it is a normal service operation, click Processing in the Actions column, and add the event to the Whitelist. If it is not a normal service operation, check and manage other relevant alerts. After the alerts are managed, click Processing in the Actions column, and select Ignore.Unusual process activitiesSolutions on managing unusual process activities

Webshells

Check whether the source file is a normal service file. If it is a normal service file, click Processing and add the event to the Whitelist. If it is not a normal service file, click Processing and select Isolation.WebshellsSolutions on managing webshells

Unusual logons

View the alert. If the logon record is generated by a usual logon event, you can ignore the alert or add approved locations, IP addresses, time, and accounts to the security settings. If the logon record is generated by an unusual logon event, the password may have been leaked. We recommend that you change the password at the earliest opportunity, and select to Block requests from this IP address.Unusual logonsSolutions on managing unusual logons

Malicious processes

We recommend that you use the virus detection feature to terminate malicious processes and quarantine the source files. Alternatively, you can log on to the server and manually manage malicious processes. Malicious processes may be automatically deleted, or disguise as system processes to pass detections. If no source file exists, check for unusual processes, scheduled tasks, and startup programs.Malicious processesSolutions on managing malicious processes

Unusual network connections

If network connections are established by normal workload traffic, click Processing and add the event to the Whitelist. If network connections are not established by normal workload traffic, use Cloud Firewall or Web Application Firewall (WAF) to block requests based on the alert. After the alert is managed, select Ignore to add the event to the Handled list.Unusual network connectionsSolutions on managing unusual network connections