This topic describes how to troubleshoot the abnormal status of the anti-ransomware client after you apply anti-ransomware policies to your server.

Prerequisites

Anti-ransomware policies are applied to your server. For more information, see Create a protection policy.

Background information

When the status of the anti-ransomware client is abnormal, the system cannot backup files or protect your servers as expected. We recommend that you troubleshoot the abnormal status of the anti-ransomware client in a timely manner.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-Virus.
  3. On the Anti-Virus page, click Add anti-ransomware policies.
  4. On the General anti-ransomware solutions page, view the servers that are in the Abnormal status.
    Click The Hide/Show icon to view the servers where the policy is applied.
  5. Click The prompt message to view the cause of the abnormal status.
  6. Troubleshoot the abnormal status based on the information in the Details dialog box.

Causes of the abnormal status of the anti-ransomware client

Status Detail Cause Solution
failed Cloud assistant Not started Cloud Assistant is not started, which leads to failed installation of the anti-ransomware client. To handle issues that are related to Cloud Assistant, perform the following steps:
  1. Log on to the Elastic Compute Service (ECS) console.
  2. Check whether Cloud Assistant is started. For more information, see Cloud Assistant troubleshooting FAQ.
  3. Optional. After you start Cloud Assistant, reinstall the anti-ransomware client. For more information, see Related operations.
Authorization The current account does not have the required permissions. Log on to the Security Center console with your Alibaba Cloud account and click Authorize Now on the General anti-ransomware solutions page. Assign AliyunHBRDefaultRole and AliyunECSAccessingHBRRole to the current account.
The client connection is abnormal. Check the ECS instance network and try again. Network connections failed. To handle network connection failures, perform the following steps:
  1. Log on to your ECS instance, run the ping or telnet command to test the connectivity between the ECS instance and the anti-ransomware endpoint. Check whether firewall policies are applied to the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware points.
  2. After you solve network connection issues, reinstall the anti-ransomware client. For more information, see Related operations.
ecs role does not have AliyunECSAccessingHBRRolePolicy AliyunECSAccessingHBRRolePolicy is not granted to the Resource Access Management (RAM) account of the ECS instance, which leads to the installation failure of the anti-ransomware client. Grant AliyunECSAccessingHBRRolePolicy to the RAM account. For more information, see What can I do if the error message "The strategy of AliyunECSAccessingHBRRolePolicy is missing on EcsRamRole. Please refer to the FAQ for authorization" appears when I install the HBR backup client on an ECS instance?.
Check activation command timeout The installation of the anti-ransomware timed out. To reinstall the anti-ransomware client, perform the following steps:
  1. On the Security Center consoleGeneral anti-ransomware solutions page, uninstall the anti-ransomware client. For more information, see Related operations.

    After you uninstall the anti-ransomware client, the status of the client is Not Installed.

  2. Reinstall the anti-ransomware client. For more information, see Related operations.
ecs downtime The ECS instance is shut down. After you start the ECS instance, reinstall the anti-ransomware client. Perform the following steps:
  1. In the Elastic Compute Service (ECS) console, start the ECS instance. For more information, see Start or stop an instance.
  2. Reinstall the anti-ransomware client. For more information, see Related operations.
Failed to uninstall client The Cloud Assistant command timed out. To reinstall the anti-ransomware client, perform the following steps:
  1. On the Security Center consoleGeneral anti-ransomware solutions page, find the server where the installation of the anti-ransomware client failed and click Delete in the Actions column.
  2. Wait two minutes.
  3. Apply the preceding anti-ransomware policy to the ECS instance. For more information, see Edit a protection policy.
  4. Reinstall the anti-ransomware client. For more information, see Related operations.
Installation failed The Cloud Assistant command timed out. To reinstall the anti-ransomware client, perform the following steps:
  1. On the Security Center consoleGeneral anti-ransomware solutions page, uninstall the anti-ransomware client. For more information, see Related operations.

    After you uninstall the anti-ransomware client, the status of the client is Not Installed.

  2. Reinstall the anti-ransomware client. For more information, see Related operations.
Service is not started after the client is installed If deleted registries leave residual files, Cloud Assistant fails to start. After you delete the residual files, reinstall the anti-ransomware client. Perform the following steps:
  1. On the Security Center consoleGeneral anti-ransomware solutions page, uninstall the anti-ransomware client. For more information, see Related operations.

    After you uninstall the anti-ransomware client, the status of the client is Not Installed.

  2. Delete residual files of the following registries:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hybridbackup
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrupdater
  3. Reinstall the anti-ransomware client. For more information, see Related operations.
Failed to download the installation package Network connections failed. To handle network connection failures, perform the following steps:
  1. Log on to your ECS instance, run the ping or telnet command to test the connectivity between the ECS instance and the anti-ransomware endpoint. Check whether firewall policies are applied to the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware points.
  2. After you solve network connection issues, reinstall the anti-ransomware client. For more information, see Related operations.
Preflight command failed The Cloud Assistant command timed out. To reinstall the anti-ransomware client, perform the following steps:
  1. On the Security Center consoleGeneral anti-ransomware solutions page, uninstall the anti-ransomware client. For more information, see Related operations.

    After you uninstall the anti-ransomware client, the status of the client is Not Installed.

  2. Reinstall the anti-ransomware client. For more information, see Related operations.
The following table describes anti-ransomware endpoints in different regions.
Region Public endpoint Internal ECS endpoint
China (Hangzhou) https://hbr.cn-hangzhou.aliyuncs.com https://hbr-vpc.cn-hangzhou.aliyuncs.com
China (Shanghai) https://hbr.cn-shanghai.aliyuncs.com https://hbr-vpc.cn-shanghai.aliyuncs.com
China (Qingdao) https://hbr.cn-qingdao.aliyuncs.com https://hbr-vpc.cn-qingdao.aliyuncs.com
China (Beijing) https://hbr.cn-beijing.aliyuncs.com https://hbr-vpc.cn-beijing.aliyuncs.com
China (Zhangjiakou-Beijing Winter Olympics) https://hbr.cn-zhangjiakou.aliyuncs.com https://hbr-vpc.cn-zhangjiakou.aliyuncs.com
China (Hohhot) https://hbr.cn-huhehaote.aliyuncs.com https://hbr-vpc.cn-huhehaote.aliyuncs.com
China (Shenzhen) https://hbr.cn-shenzhen.aliyuncs.com https://hbr-vpc.cn-shenzhen.aliyuncs.com
China (Chengdu) https://hbr.cn-chengdu.aliyuncs.com https://hbr-vpc.cn-chengdu.aliyuncs.com
China (Hong Kong) https://hbr.cn-hongkong.aliyuncs.com https://hbr-vpc.cn-hongkong.aliyuncs.com
Singapore (Singapore) https://hbr.ap-southeast-1.aliyuncs.com https://hbr-internal.ap-southeast-1.aliyuncs.com
Australia (Sydney) https://hbr.ap-southeast-2.aliyuncs.com https://hbr-vpc.ap-southeast-2.aliyuncs.com
Malaysia (Kuala Lumpur) https://hbr.ap-southeast-3.aliyuncs.com https://hbr.ap-southeast-3.aliyuncs.com
Indonesia (Jakarta) https://hbr.ap-southeast-5.aliyuncs.com https://hbr-vpc.ap-southeast-5.aliyuncs.com
Japan (Tokyo) https://hbr.ap-northeast-1.aliyuncs.com https://hbr.ap-northeast-1.aliyuncs.com
Germany (Frankfurt) https://hbr.eu-central-1.aliyuncs.com https://hbr.eu-central-1.aliyuncs.com
US (Silicon Valley) https://hbr.us-west-1.aliyuncs.com https://hbr.us-west-1.aliyuncs.com
China East 2 Finance https://hbr.cn-shanghai-finance-1.aliyuncs.com https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com