The Enterprise edition of Security Center provides the baseline check feature to scan for baseline risks on servers. This topic describes how to run a baseline check.

Prerequisites

You have set a baseline check policy. For more information, see Create and configure a baseline check policy.
Note If you have not set a custom baseline check policy, Security Center runs baseline checks based on the default policy. The default policy does not include all check items and certain items may not be checked.

Background information

Baseline check is a value-added service of Security Center. Only Enterprise edition users can activate and use this service. You must upgrade the Basic or Advanced edition to the Enterprise edition before you can use this feature. For more information about baseline check, see Baseline Check items.

The baseline check feature supports periodic checks that run automatically and manual checks.

  • Periodic and automatic checks: Periodic checks that run automatically based on the default baseline check policy or custom policies. The default check policy automatically starts a baseline check at 00:00:00 every other day.
  • Manual checks: If you have set a custom policy, you can select this Check Policy on the Baseline Check page, and click Check Now to start a manual check. Manual baseline checks help you scan for baseline risks in real time. For more information about manual baseline checks, see Run a manual baseline check.

Run a manual baseline check

  1. Log on to the Security center console.
  2. In the left-side navigation pane, click Protection > Baseline Check.
  3. In the Select Policy drop-down list, select a policy to run manual checks.
    Select a policy
  4. Click Check Now.
    Check Now

    Security Center displays task progress and detailed check results.

    • The progress is updated in the View Progress section in real time.Real-time task progress
    • You can click View Progress to view task details, including the task status (successful or failed), number of checked serves, and causes of failure. You can click View Solution to view the solutions on how to address the failures.Task details

      You can click Refresh to update the progress.

    • View baseline risks in the baseline risk list.

      After the baseline check is completed, the result is displayed on the Baseline Check page.

      Baseline risks
      Note If the number in the Failed Items/Affected Servers column is not 0, it indicates that baseline risks have been detected on the servers.

What to do next

After you run a baseline check, you need to check and manage detected risks on the Baseline Check page. For more information, see View baseline check results and manage baseline risks.