This topic provides answers to some frequently asked questions about Security Center.

The following list provides the answers to some frequently asked questions about Security Center by category.

Pre-sales

I used the free trial of Security Center before. Can I apply for the free trial again?

How do I apply for the 7-day free trial of Security Center Ultimate?

Can I purchase Security Center on a monthly basis?

Are there differences among the editions of Security Center?

The list price of the edition is USD 9.5 per month. Why is the price on the buy page higher than USD 9.5 ?

I do not have an ECS instance. Can I use Security Center to protect servers in data centers?

Can Security Center protect third-party cloud servers?

How do I use Security Center to protect servers in data centers and third-party cloud servers?

Pre-sales FAQ

Does Security Center remove viruses?

Which edition of Security Center provides the automatic vulnerability fixing feature?

Which edition of Security Center is required if I want to meet the testing and evaluation requirements for classified protection?

Purchase and renew Security Center

What do I do if Security Center prompts that the subscription is due to expire?

Why am I unable to view the DDoS alerts in the Security Center console?

Access Security Center

How do I view a log file of the Security Center agent?

How do I use Security Center to protect servers not deployed on Alibaba Cloud?

Why am I unable to install the Security Center agent on the virtual machines and lightweight servers?

Operations in the Security Center console

The error message "Invalid token" is returned in the Security Center console. What do I do?

The error message "You are not authorized to perform the current operation." is returned when I log on to the Security Center console as a RAM user. What do I do?

How do I address the browser compatibility issues when I log on to the console?

The maximum number of protected servers allowed is less than the total number of the existing servers. What do I do?

Security score

What are the priorities to handle security events that I can access in the Secure Score section?

What are the differences of the deduction items in the Advanced edition and in the Enterprise, Ultimate, Basic, and Anti-virus editions?

How do I enable the feature of protection against brute-force attacks?

How do I handle common alerts?

How does the vulnerability scan level affect the security score?

How does the baseline check level affect the security score?

Unbinding of a server and uninstallation of the Security Center agent

How do I unbind an external server from Security Center?

How do I unbind an Elastic Compute Service (ECS) instance from Security Center?

Virus defense

How do I purchase the anti-ransomware capacity?

What is the anti-ransomware feature? Why do I must pay for the anti-ransomware feature?

After I purchase the antivirus feature, can the existing features properly run?

What is the relationship between the anti-ransomware feature and Alibaba Cloud HBR?

What capabilities does the antivirus feature provide?

Is the data backup feature automatically enabled after I purchase the anti-ransomware capacity?

What do I do if the anti-ransomware agent consumes excessive server CPU or memory resources?

What are the differences between the general anti-ransomware solution and the snapshot feature?

What do I do if the anti-ransomware capacity that I purchased is insufficient?

What do I do if the status of an anti-ransomware policy is abnormal?

What do I do if the anti-ransomware capacity that I purchased is insufficient?

Web tamper proofing

If the remaining validity period of Security Center is three years, can I purchase web tamper proofing for one year?

Can web tamper proofing protect files of all sizes?

If my server stores more than 3 MB of files, can web tamper proofing protect the excessive files that exceed 3 MB? Can web tamper proofing protect files whose total size is not larger than 3 MB?

The message "The protection module initialization failed. Check whether other software has blocked the creation of the service" appears when I enable web tamper proofing. Why?

What are the requirements for the local backup directory of web tamper proofing?

What do I do if I receive a message that indicates that a protected directory is invalid?

Why does web tamper proofing remain disabled after I specify a protected directory?

Can I write files to a protected directory on a server for which web tamper proofing is configured?

After I specify a protected directory, what do I do if web tamper proofing does not immediately take effect?

After I enable web tamper proofing, what do I do if the website content and images cannot be modified or updated?

What do I do if I receive an email or text message that notifies me of a webshell detected on my server?

Linux software vulnerabilities

How do I manually detect Linux software vulnerabilities on my servers?

How do I view the current software version and vulnerability details?

How do I update kernel 3.1* to kernel 4.4 on Ubuntu 14.04?

Do I need to restart my server after I fix a vulnerability?

What do I do if Security Center continues to send a vulnerability alert to me after I update the kernel?

What do I do If no update is released for the software package that has a vulnerability?

How do I view the parameters of Linux software vulnerabilities?

After Linux kernel vulnerabilities are fixed and the system is restarted, I am still notified that I have to restart the system when I log on to the console. What do I do?

What is the rule of the wget buffer overflow vulnerability in Security Center?

Vulnerability fixing

Fix software vulnerabilities

Troubleshoot vulnerability fix failures

How do I delete a Windows patch from the directory of the Security Center agent?

Can Security Center detect Elasticsearch vulnerabilities?

How do I handle a connection timeout between my server and the YUM repository of Alibaba Cloud?

The "Invalid token" error message appears when I fix a vulnerability. What do I do?

What do I do if Security Center fails to verify the fix of a system vulnerability?

Why does Security Center fail to roll back a fix for a vulnerability?

How do I verify whether a vulnerability is fixed?

How do I handle urgent vulnerabilities?

How do I manually detect system software vulnerabilities on a server?

How do I fix the software vulnerabilities on a server?

How do I troubleshoot the failures of vulnerability fixing?

I fail to verify the fixes of Windows system vulnerabilities. What do I do?

The status of a vulnerability is not updated to fixed after it is fixed. What do I do?

I cannot view vulnerabilities or the vulnerabilities of a specific server in the Security Center console. What do I do?

After Security Center fixes Windows system vulnerabilities, the vulnerabilities are detected again when I perform vulnerability detection. What do I do?

What is the rule of the wget buffer overflow vulnerability in Security Center?

After Linux kernel vulnerabilities are fixed and the system is restarted, I am still notified that I have to restart the system when I log on to the console. What do I do?

Vulnerability detection

How often does Security Center detect vulnerabilities?

Can Security Center detect system- and application-layer vulnerabilities?

How does Security Center implement real-time vulnerability scans?

Baseline checks

What do I do if Security Center fails to verify a fixed baseline check risk?

What are the differences between baselines and vulnerabilities?

I fail to verify the fixes of baseline risks. What do I do?

What are the common baseline risks and how do I fix them?

Alerting

How do I view the protection features that are enabled?

How do I check whether mining programs exist in my assets?

How does Security Center detect intrusions?

What alerts can I add to the whitelist?

How do I handle common alerts?

After I change the default port of the SSH service, Security Center still generates alerts on brute-force attacks against passwords. What do I do?

How does Security Center detect unusual logons and generate alerts on unusual logons?

How do I view all alerts that are generated on assets?

How do I add an alert to the whitelist?

How do I handle alerts?

How do I check whether a website is attacked?

How does Security Center detect unusual logons and generate alerts on unusual logons?

What do I do after sensitive information is breached?

How do I use Security Center Basic to handle webshells?

The source files of some alerts can be manually quarantined in the Security Center console. What are the types of these alerts?

How do I view the usernames of failed logons to a Windows server when Security Center generates alerts on unusual logons?

An alert is generated. It indicates proactive connections to malicious download sources. How do I handle this alert?

An alert is generated. It indicates access to a malicious domain name. How do I handle this alert?

After I change the default port of the SSH service, Security Center still generates alerts on brute-force attacks against passwords. What do I do?

Brute-force attacks

What do I do if my server passwords are cracked?

I still receive alert notifications about brute-force attacks after I change the default port of the SSH service. Why?

Records on RDP brute-force attacks are generated even after RDP requests on port 3389 are blocked by security group rules or firewall rules. Why?

Does Security Center detect only weak passwords of RDP and SSH services?

How do I handle an SSH or RDP remote logon failure?

AccessKey pair leaks

What do I do if sensitive information is leaked?

Notifications

How do I modify the contacts that receive alert notifications?