The Security Center agent is a local plug-in provided by Security Center. Before you use Security Center to protect your services, you must install the Security Center agent on your servers. Security Center provides multiple protection modes. This allows the Security Center agent to run in different modes to meet security requirements in different scenarios. This topic describes how to configure the protection mode for the Security Center agent.

Background information

To use Security Center, you must install the Security Center agent on your servers. For more information about the Security Center agent, see Security Center agent overview. For more information about how to install the Security Center agent, see Install the Security Center agent.

Description of the protection modes

The Security Center agent consumes a small number of resources on your servers when it is running. You can modify the protection mode of the Security Center agent to limit the number of resources the agent can consume. You can select a protection mode suitable for servers to enhance security. The following table describes the protection modes supported by the Security Center agent.

Protection mode Maximum resource consumption Supported edition Scenario
Basic Protection Mode
  • Maximum memory usage: 200 MB
  • Maximum CPU utilization: 10% per core
All editions This mode is suitable for all service scenarios. It consumes a small number of resources and does not affect your workloads.
Note By default, the basic protection mode is enabled to protect newly purchased Elastic Compute Service (ECS) instances.
High-security Prevention Mode
  • Maximum memory usage: 300 MB
  • Maximum CPU utilization: 30% per core
Anti-virus, Advanced, Enterprise, and Ultimate This mode is suitable for scenarios where important workloads need to be protected. It identifies more types of potential attacks and threats by using the big data analytics engine, machine learning engine, and deep learning engine.
Safeguard Mode For Major Activities
  • Maximum memory usage: 500 MB
  • Maximum CPU utilization: 60%
Enterprise and Ultimate This mode is suitable for major events. It enables all the protection rules and security engines and enhances the capability to detect potential threats based on intelligent rules. Security Center generates alerts for all potential attacks and threats.
Note If the consumed resources exceed the upper limit in the mode you select, the Security Center agent stops running. After the consumed resources drop below the upper limit, the agent automatically restarts. The upper limit on resources that the Security Center agent can consume in each mode is described in the Maximum resource consumption column of the preceding table.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. In the Protection Mode section of the General tab, click Manage in the High-security Prevention Mode or Safeguard Mode For Major Activities section.Protection modes
  4. In the High-security Prevention Mode or Safeguard Mode For Major Activities panel, select the servers for which you want to enable the High-security Prevention Mode or Safeguard Mode For Major Activities mode.Select a protection mode
    Note You can select High-security Prevention Mode or Safeguard Mode For Major Activities for a server. For example, the Security Center agent on a server uses High-security Prevention Mode. If you change the mode to Safeguard Mode For Major Activities, the Security Center agent then uses the Safeguard Mode For Major Activities mode.
  5. Click Ok.
  6. In the Safeguard Mode For Major Activities section, select a percentage from the CPU Threshold drop-down list to specify the CPU utilization threshold.Set the CPU utilization threshold for the Safeguard Mode For Major Activities mode
    The Safeguard Mode For Major Activities mode allows you to specify the CPU utilization threshold. A higher threshold supports more precise protection. You can set CPU Threshold to a value that ranges from 5% to 60%. The default value is 5%.
    Note In the Safeguard Mode For Major Activities mode, more types of threats can be detected, and more alerts are triggered. Therefore, the false positive rate may increase. We recommend that you pay attention to alerts and handle them at the earliest opportunity.