Webshell detection scans servers and web directories for webshells and trojans at regular intervals. Security Center runs webshell detection tasks and generates alerts only when webshell detection is enabled. This topic describes how to enable webshell detection for your servers.
Description of webshell detection:
- Security Center scans the entire web directory early in the morning on a daily basis. Changes in files in the web directory trigger dynamic detection.
- You can specify the assets on which Security Center scans for webshells.
- You can quarantine, restore, or ignore the detected trojan files.
Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.
- Log on to the Security Center console.
- In the left-side navigation pane, click Settings.
- In the Webshell Detection section, click Manage.
- Select the servers for which you want to enable webshell detection.
Select servers from the Detection Disabled section and click the rightwards arrow to move them to the Detection Enabled section. Webshell detection is enabled for the servers in the Detection Enabled section. To disable webshell detection for a server, move the server from the Detection Enabled section to the Detection Disabled section.Note We recommend that you enable webshell detection for all servers and pay attention to the alerts generated on your servers on which web services run.
- Click OK.