The cloud threat detection feature provided by Security Center is integrated with major antivirus engines worldwide. It detects threats against large amounts of threat intelligence data provided by Alibaba Cloud. Cloud threat detection also provides an exception detection module designed by Alibaba Cloud to detect threats based on machine learning and deep learning. With these features, cloud threat detection can provide full-scale and dynamic antivirus protection to safeguard your assets.

The cloud threat detection feature can scan millions of files on a daily basis and is currently protecting millions of assets on the cloud.

Detection capabilities

Security Center uses the Server Guard client to collect process information, and then scans the retrieved data for viruses. If a malicious process is detected, you can directly stop the process and quarantine the related files.

  • Deep learning engine (developed by Alibaba Cloud): The deep learning engine is built on deep learning technology and a large amount of attack samples. The engine specializes in detecting malicious files in the cloud and automatically identifies potential threats. It provides additional detection capabilities compared to traditional antivirus engines.
  • Cloud sandbox (developed by Alibaba Cloud): It allows you to simulate cloud environments and monitor attacks launched by malicious samples. Based on big data analytics and machine learning modeling techniques, cloud sandbox automatically detects threats and offers dynamic analysis and detection capabilities.
  • Integration with major antivirus engines: The cloud threat detection feature is integrated with major antivirus engines worldwide. Its virus library is updated in real time.
  • Threat intelligence detection: Based on the threat intelligence data provided by Alibaba Cloud Security, cloud threat detection works with the exception detection module to detect malicious processes and operations.

Detectable virus types

Cloud threat detection is one of the best practices tested by Alibaba Cloud Security technologies and specialists. It provides end-to-end security services, including threat intelligence collection, data masking, threat identification, threat analysis, and malicious file quarantine and restoration. You can quarantine and restore data that has viruses in the Security Center console.

Cloud threat detection can detect the following types of viruses:

Virus Description
Mining programs A mining program consumes server resources without authorization to mine virtual currencies.
Computer worms A computer worm uses computer networks to replicate itself and spread to a large number of computers within a short period of time.
Ransomware Ransomware, such as WannaCry, uses encryption algorithms to encrypt files and prevent users from accessing the files.
Trojans A Trojan is a program that allows the attacker to access information about the server and users, to gain control of the server, and to consume system resources.
DDoS Trojans A DDoS Trojan hijacks servers and uses zombie servers to launch DDoS attacks, which can interrupt your workloads.
Backdoors A backdoor is a malicious program injected by an attacker, who uses the backdoor to control the server or launch attacks.
Computer viruses A computer virus inserts malicious code into other programs, and may replicate and infect the whole system.
Malicious programs Programs that may pose a threat to the system and data security.


  • Independent development and controllability: Cloud threat detection is based on deep learning, machine learning, and big data analytics with a large amount of attack and defense practices. It uses multiple detection engines to protect your assets against viruses without delay.
  • Lightweight: Cloud threat detection only takes 1% CPU usage and 50 MB of memory.
  • Dynamic: Cloud threat detection dynamically retrieves log data to monitor the launches of malicious programs.
  • Easy to manage: You can manage all servers and view their status at any time in the Security Center console.



Select a detection type


Quarantines files


Restores quarantined files

Threat detection limits

When Security Center detects risks, it sends security alerts to you without delay. You can process security alerts, scan for vulnerabilities, analyze attacks, and check security settings in the Security Center console. Security Center can analyze alerts and automatically trace attacks. This helps you protect your assets. Security Center supports a wide array of protection features. We recommend that you also install the latest system patches on your server, and use multiple security services, such as Cloud Firewall and Web Application Firewall (WAF), to better protect your assets against attacks.

Note Due to the rapid adaption of attacks, viruses, and the variation of the workload environments, security breaches may occur. We recommend that you use the alerting, vulnerability detection, baseline check, and configuration assessment features provided by Security Center to better protect your assets against attacks.