Host-based security software such as the Security Center agent is used to monitor the security status of hosts, detect and remove viruses and scripts, and detect execution of malicious commands. If the security software is uninstalled without authorization, the cloud security service can no longer protect hosts.
Impacts
Unauthorized operations performed by an employee of an enterprise
If an employee of an enterprise wants to perform unauthorized operations, the employee first uninstalls the security software from hosts to prevent the security software from detecting unauthorized operations and generating alerts.
Attacks
After an attacker intrudes into a cloud-based system, the attacker can uninstall the security software from hosts. This way, alert notifications of intrusions cannot be sent to engineers even if the hosts are attacked.
Spreading of worms and trojans
After security software is uninstalled from hosts, alert notifications of intrusions cannot be sent even if malware such as worms and trojans is downloaded to implement webshell persistence or steal data.
Operations in the Cloud Firewall console
The rules that you can use to disable uninstallation of the Security Center agent are in Monitor mode. If you want to disable uninstallation of the agent in the cloud, you can log on to the Cloud Firewall console, choose , and click Customize in the Basic Protection section. In the Customize Basic Protection Policies dialog box, change the mode of some or all related rules to Block. This prevents or minimizes the preceding impacts in an efficient manner.