The Security Center agent is a plug-in provided by Security Center. Before you can use Security Center to protect your on-promises servers, you must install the Security Center agent on your servers. Security Center provides multiple protection modes. This allows the Security Center agent to run in different modes to meet security requirements in different scenarios. This topic describes how to configure a protection mode for the Security Center agent.

Background information

To use Security Center, you must install the Security Center agent on your servers. For more information about the Security Center agent, see Security Center agent overview. For more information about how to install the Security Center agent, see Install the Security Center agent.

Descriptions of protection modes

The Security Center agent consumes a small number of resources on your server when the agent is running. You can modify the protection mode of the Security Center agent to limit the number of resources the agent can consume. You can select a protection mode suitable for a server to enhance security. The following table describes the protection modes supported by the Security Center agent.

Protection mode Maximum resource consumption Supported edition Scenario
Basic Protection Mode
  • Maximum memory usage: 200 MB
  • Maximum CPU utilization: 10% per core
All editions This mode is suitable for all service scenarios. In this mode, the Security Center agent consumes a small number of resources, which does not affect your workloads.
Note By default, the basic protection mode is enabled for newly purchased Elastic Compute Service (ECS) instances.
High-security Prevention Mode
  • Maximum memory usage: 300 MB
  • Maximum CPU utilization: 30% per core
Anti-virus, Advanced, Enterprise, and Ultimate This mode is suitable for scenarios in which important workloads need to be protected. In this mode, the Security Center agent can identify more types of potential attacks and threats by using the big data analytics engine, machine learning engine, and deep learning engine.
Safeguard Mode For Major Activities
  • Maximum memory usage: 500 MB
  • Maximum CPU utilization: 60% for all cores
Enterprise and Ultimate This mode is suitable for major events. In this mode, the Security Center agent enables all the protection rules and security engines and enhances the capability to detect potential threats based on intelligent rules. Security Center generates alerts for all potential attacks and threats.
Note If the consumed resources exceed the upper limit in the mode you select, the Security Center agent stops running. After the consumed resources drop below the upper limit, the agent automatically restarts. The upper limit on resources that the Security Center agent can consume in each mode is described in the Maximum resource consumption column of the preceding table.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. In the Protection Mode section of the General tab, click Manage in the High-security Prevention Mode or Safeguard Mode For Major Activities section. Protection modes
  4. In the High-security Prevention Mode or Safeguard Mode For Major Activities panel, select the servers for which you want to enable the High-security Prevention Mode or Safeguard Mode For Major Activities mode. Select a protection mode
    Note You can select High-security Prevention Mode or Safeguard Mode For Major Activities for a server. For example, the Security Center agent on a server uses High-security Prevention Mode. If you change the mode to Safeguard Mode For Major Activities, the Security Center agent uses the Safeguard Mode For Major Activities mode.
  5. Click Determine.
  6. In the Safeguard Mode For Major Activities section, select a percentage from the CPU Threshold drop-down list to specify the CPU utilization threshold. Set the CPU utilization threshold for the Safeguard Mode For Major Activities mode
    The Safeguard Mode For Major Activities mode allows you to specify the CPU utilization threshold. A higher threshold value supports more precise protection. You can set CPU Threshold to a value that ranges from 5% to 60%. The default value is 5%.
    Note In the Safeguard Mode For Major Activities mode, more types of threats can be detected, and more alerts are triggered. Therefore, the false positive rate may increase. We recommend that you pay attention to alerts and handle them at the earliest opportunity.