Security Center supports automatic scan tasks at scheduled points in time and manual scan tasks at unscheduled points in time.

Background information

If you want to run a scan task on a newly purchased Elastic Compute Service (ECS) instance at an unscheduled point in time, you can click Scan now in the Security Center console to start a manual scan task.

For more information about the intervals at which automatic tasks scan for different types of vulnerabilities, see Vulnerability detection cycle.

The following table lists the check items supported by each edition of Security Center.

Note The following symbols are used in the table:
  • ×: This edition does not check this item.
  • √: This edition checks this item.
Check item Basic Anti-virus Advanced Enterprise Ultimate
Vulnerabilities Linux software vulnerabilities X
Windows system vulnerabilities X
Web-CMS vulnerabilities X
Application vulnerabilities X X X
Urgent vulnerabilities
Baseline risks X X
Configuration assessment X X

Procedure

The following procedure shows how to run a manual scan task to scan for server vulnerabilities.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click Scan now below Latest System Vul Time.
  4. In the One-click detection dialog box, select the types of vulnerabilities or issues that you want to detect and click OK.
    One-click detection dialog box
    The quick scan feature can be used to check the following items:
    • Vul: Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, application vulnerabilities, and urgent vulnerabilities.
      Note For more information, see Check items supported by each edition.
    • Baseline problems: The baseline check feature is a value-added service provided by Security Center. Only the users of the Advanced, Enterprise, and Ultimate editions can enable and use this feature. You can select an existing baseline check policy or create a policy to use the quick scan feature. Only users of Security Center Enterprise can create policies. Users of Security Center Advanced can select only the default policy to run baseline checks. For more information about how to create a baseline check policy, see Set baseline check policies.
    • Configuration Assessment: Security Center checks whether the configurations of Alibaba Cloud services contain risks.

    After you click Scan now, Security Center scans all protected assets. It may take 1 to 5 minutes to run the scan task. Wait for the task to complete.

    After the scan is complete, you can view the latest scan results.

References

How often does Security Center detect vulnerabilities?

What are the differences between baselines and vulnerabilities?

What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?