After you install the Security Center agent on your server, you can enable the agent protection feature for the server to prevent the agent from being uninstalled. If you want to limit the memory or CPU resources that can be consumed by the Security Center agent, you can enable the local file detection feature or configure a running mode for the Security Center agent. This topic describes the features that you can enable on the Agent Settings tab and how to enable the features.
Agent protection
The agent protection feature blocks malicious operations that attempt to uninstall the Security Center agent or terminate the running processes of the Security Center agent. The feature ensures that Security Center provides stable protection capabilities but does not protect servers.
Description
After you enable the agent protection feature, Security Center blocks all malicious behavior that attempts to uninstall the Security Center agent but is not performed in the Security Center console, and provides default protection capabilities for the process files in the directory of the Security Center agent. This prevents attackers from gaining access to your server and uninstalling the Security Center agent. This also prevents the Security Center agent from being accidentally disabled by other processes that are running on the server. If the Security Center agent on your server is uninstalled or disabled, Security Center cannot protect your server. We recommend that you enable the agent protection feature for all servers.
Important After you enable the agent protection feature for your server, you can uninstall the Security Center agent by using one of the following methods:
Disable the agent protection feature and uninstall the Security Center agent on the server.
Uninstall the Security Center agent in the Security Center console. For more information, see Uninstall the Security Center agent.
If the operating system version or kernel version of your server is not supported by the agent protection feature, you cannot enable the feature for the server. If you enable the feature for the server, Protection Failed and the "The kernel version is not supported." message are displayed.
Operating system versions and kernel versions supported by the agent protection feature
Operating system | Supported operating system version | Supported kernel version |
Windows (64-bit) | Windows Server 2008 R2 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022
| All versions |
CentOS (64-bit) | CentOS 6.3~6.10 CentOS 7.0~7.9 CentOS 8.0~8.5
| 5.x.x series 5.6.5-1.el7.elrepo.x86_64 5.5.7-1.el7.elrepo.x86_64 5.5.5-1.el7.elrepo.x86_64 5.5.1-1.el7.elrepo.x86_64 5.4.208-1.el7.elrepo.x86_64 5.4.201-1.el7.elrepo.x86_64 5.4.195-1.el7.elrepo.x86_64 5.4.188-1.el7.elrepo.x86_64 5.4.181-1.el7.elrepo.x86_64 5.4.173-1.el7.elrepo.x86_64 5.4.168-1.el7.elrepo.x86_64 5.4.157-1.el7.elrepo.x86_64 5.4.155-1.el7.elrepo.x86_64 5.4.148-1.el7.elrepo.x86_64 5.4.144-1.el7.elrepo.x86_64 5.4.143-1.el7.elrepo.x86_64 5.4.132-1.el7.elrepo.x86_64 5.4.129-1.el7.elrepo.x86_64 5.4.109-1.el7.elrepo.x86_64 5.4.91-1.el7.elrepo.x86_64 5.4.86-1.el7.elrepo.x86_64 5.4.42-200.el7.x86_64 5.4.8-1.el7.elrepo.x86_64 5.3.8-1.el7.elrepo.x86_64 5.3.7-1.el7.elrepo.x86_64 5.3.0-1.el7.elrepo.x86_64
4.x.x series 4.19.113-300.el7.x86_64 4.19.104-300.el7.x86_64 4.19.110-300.el7.x86_64 4.19.94-300.el7.x86_64 4.19.12-1.el7.elrepo.x86_64 4.18.10-1.el7.elrepo.x86_64 4.18.8-1.el7.elrepo.x86_64 4.18.0-408.el8.x86_64 4.18.0-394.el8.x86_64 4.18.0-383.el8.x86_64 4.18.0-373.el8.x86_64 4.18.0-372.19.1.el8_6.x86_64 4.18.0-372.9.1.el8.x86_64 4.18.0-365.el8.x86_64 4.18.0-358.el8.x86_64 4.18.0-348.20.1.el8_5.x86_64 4.18.0-348.12.2.el8_5.x86_64 4.18.0-348.7.1.el8_5.x86_64 4.18.0-348.2.1.el8_5.x86_64 4.18.0-348.el8.x86_64 4.18.0-305.25.1.el8_4.x86_64 4.18.0-305.19.1.el8_4.x86_64 4.18.0-305.17.1.el8_4.x86_64 4.18.0-305.12.1.el8_4.x86_64 4.18.0-305.10.2.el8_4.x86_64 4.18.0-305.7.1.el8_4.x86_64 4.18.0-305.3.1.el8.x86_64 4.18.0-240.22.1.el8_3.x86_64 4.18.0-240.15.1.el8_3.x86_64 4.18.0-240.10.1.el8_3.x86_64 4.18.0-240.1.1.el8_3.x86_64 4.18.0-193.28.1.el8_2.x86_64 4.18.0-193.19.1.el8_2.x86_64 4.18.0-193.14.2.el8_2.x86_64 4.18.0-193.6.3.el8_2.x86_64 4.18.0-193.1.2.el8_2.x86_64 4.18.0-193.el8.x86_64 4.18.0-147.8.1.el8_1.x86_64 4.18.0-147.5.1.el8_1.x86_64 4.18.0-147.3.1.el8_1.x86_64 4.18.0-80.11.2.el8_0.x86_64 4.14.1-1.el7.elrepo.x86_64 4.13.3-1.el7.elrepo.x86_64 4.13.2-1.el7.elrepo.x86_64 4.11.8-1.el7.elrepo.x86_64 4.9.220-37.el7.x86_64 4.9.215-36.el7.x86_64 4.4.248-1.el7.elrepo.x86_64 4.4.169-1.el7.elrepo.x86_64 4.4.196-1.el7.elrepo.x86_64 4.4.216-1.el7.elrepo.x86_64 4.4.219-1.el7.elrepo.x86_64 4.4.223-1.el7.elrepo.x86_64 4.4.225-1.el7.elrepo.x86_64 4.4.228-2.el7.elrepo.x86_64 4.4.231-1.el7.elrepo.x86_64 4.4.240-1.el7.elrepo.x86_64 4.4.71-1.el7.elrepo.x86_64
3.10.0 series 3.10.0-1160.88.1.el7.x86_64 3.10.0-1160.83.1.el7.x86_64 3.10.0-1160.81.1.el7.x86_64 3.10.0-1160.80.1.el7.x86_64 3.10.0-1160.76.1.el7.x86_64 3.10.0-1160.71.1.el7.x86_64 3.10.0-1160.66.1.el7.x86_64 3.10.0-1160.62.1.el7.x86_64 3.10.0-1160.59.1.el7.x86_64 3.10.0-1160.53.1.el7.x86_64 3.10.0-1160.49.1.el7.x86_64 3.10.0-1160.45.1.el7.x86_64 3.10.0-1160.42.2.el7.x86_64 3.10.0-1160.41.1.el7.x86_64 3.10.0-1160.36.2.el7.x86_64 3.10.0-1160.31.1.el7.x86_64 3.10.0-1160.25.1.el7.x86_64 3.10.0-1160.24.1.el7.x86_64 3.10.0-1160.21.1.el7.x86_64 3.10.0-1160.15.2.el7.x86_64 3.10.0-1160.11.1.el7.x86_64 3.10.0-1160.6.1.el7.x86_64 3.10.0-1160.2.2.el7.x86_64 3.10.0-1160.2.1.el7.x86_64 3.10.0-1160.el7.x86_64 3.10.0-1127.19.1.el7.x86_64 3.10.0-1127.18.2.el7.x86_64 3.10.0-1127.13.1.el7.x86_64 3.10.0-1127.10.1.el7.x86_64 3.10.0-1127.8.2.el7.x86_64 3.10.0-1127.el7.x86_64 3.10.0-1062.18.1.el7.x86_64 3.10.0-1062.12.1.el7.x86_64 3.10.0-1062.9.1.el7.x86_64 3.10.0-1062.7.1.el7.x86_64 3.10.0-1062.4.3.el7.x86_64 3.10.0-1062.4.2.el7.x86_64 3.10.0-1062.4.1.el7.x86_64 3.10.0-1062.1.2.el7.x86_64 3.10.0-1062.1.1.el7.x86_64 3.10.0-1062.el7.x86_64 3.10.0-957.27.2.el7.x86_64 3.10.0-957.21.3.el7.x86_64 3.10.0-957.21.2.el7.x86_64 3.10.0-957.12.2.el7.x86_64 3.10.0-957.12.1.el7.x86_64 3.10.0-957.10.1.el7.x86_64 3.10.0-957.5.1.el7.x86_64 3.10.0-957.1.3.el7.x86_64 3.10.0-957.el7.x86_64 3.10.0-862.14.4.el7.x86_64 3.10.0-862.11.6.el7.x86_64 3.10.0-862.9.1.el7.x86_64 3.10.0-862.6.3.el7.x86_64 3.10.0-862.3.3.el7.x86_64 3.10.0-862.3.2.el7.x86_64 3.10.0-862.2.3.el7.x86_64 3.10.0-862.el7.x86_64 3.10.0-693.21.1.el7.x86_64 3.10.0-693.17.1.el7.x86_64 3.10.0-693.11.6.el7.x86_64 3.10.0-693.11.1.el7.x86_64 3.10.0-693.5.2.el7.x86_64 3.10.0-693.2.2.el7.x86_64 3.10.0-693.el7.x86_64 3.10.0-514.26.2.el7.x86_64 3.10.0-514.26.1.el7.x86_64 3.10.0-514.21.2.el7.x86_64 3.10.0-514.21.1.el7.x86_64 3.10.0-514.16.1.el7.x86_64 3.10.0-514.10.2.el7.x86_64 3.10.0-514.6.2.el7.x86_64 3.10.0-514.6.1.el7.x86_64 3.10.0-514.2.2.el7.x86_64 3.10.0-514.el7.x86_64 3.10.0-327.36.3.el7.x86_64 3.10.0-327.28.3.el7.x86_64 3.10.0-327.28.2.el7.x86_64 3.10.0-327.22.2.el7.x86_64 3.10.0-327.18.2.el7.x86_64 3.10.0-327.13.1.el7.x86_64 3.10.0-327.10.1.el7.x86_64 3.10.0-327.el7.x86_64 3.10.0-229.el7.x86_64
2.6.32 series 2.6.32-754.35.1.el6.x86_64 2.6.32-754.33.1.el6.x86_64 2.6.32-754.31.1.el6.x86_64 2.6.32-754.30.2.el6.x86_64 2.6.32-754.29.2.el6.x86_64 2.6.32-754.29.1.el6.x86_64 2.6.32-754.28.1.el6.x86_64 2.6.32-754.27.1.el6.x86_64 2.6.32-754.25.1.el6.x86_64 2.6.32-754.24.3.el6.x86_64 2.6.32-754.23.1.el6.x86_64 2.6.32-754.22.1.el6.x86_64 2.6.32-754.18.2.el6.x86_64 2.6.32-754.17.1.el6.x86_64 2.6.32-754.15.3.el6.x86_64 2.6.32-754.14.2.el6.x86_64 2.6.32-754.12.1.el6.x86_64 2.6.32-754.11.1.el6.x86_64 2.6.32-754.10.1.el6.x86_64 2.6.32-754.9.1.el6.x86_64 2.6.32-754.6.3.el6.x86_64 2.6.32-754.3.5.el6.x86_64 2.6.32-754.2.1.el6.x86_64 2.6.32-754.el6.x86_64 2.6.32-696.30.1.el6.x86_64 2.6.32-696.28.1.el6.x86_64 2.6.32-696.23.1.el6.x86_64 2.6.32-696.20.1.el6.x86_64 2.6.32-696.18.7.el6.x86_64 2.6.32-696.16.1.el6.x86_64 2.6.32-696.13.2.el6.x86_64 2.6.32-696.10.2.el6.x86_64 2.6.32-696.10.1.el6.x86_64 2.6.32-696.6.3.el6.x86_64 2.6.32-696.3.2.el6.x86_64 2.6.32-696.3.1.el6.x86_64 2.6.32-696.1.1.el6.x86_64 2.6.32-696.el6.x86_64 2.6.32-642.15.1.el6.x86_64 2.6.32-642.13.1.el6.x86_64 2.6.32-642.11.1.el6.x86_64 2.6.32-642.6.2.el6.centos.plus.x86_64 2.6.32-642.6.2.el6.x86_64 2.6.32-642.6.1.el6.x86_64 2.6.32-642.4.2.el6.x86_64 2.6.32-642.3.1.el6.x86_64 2.6.32-642.1.1.el6.x86_64 2.6.32-642.el6.x86_64 2.6.32-573.22.1.el6.x86_64 2.6.32-573.18.1.el6.x86_64 2.6.32-573.12.1.el6.x86_64 2.6.32-573.26.1.el6.x86_64 2.6.32-573.3.1.el6.x86_64 2.6.32-573.7.1.el6.x86_64 2.6.32-573.8.1.el6.x86_64 2.6.32-573.el6.x86_64 2.6.32-504.30.3.el6.x86_64 2.6.32-504.16.2.el6.x86_64 2.6.32-504.12.2.el6.x86_64 2.6.32-504.8.1.el6.x86_64 2.6.32-504.el6.x86_64 2.6.32-431.29.2.el6.x86_64 2.6.32-431.23.3.el6.x86_64 2.6.32-431.20.3.el6.x86_64 2.6.32-431.17.1.el6.x86_64 2.6.32-431.el6.x86_64 2.6.32-358.6.2.el6.x86_64 2.6.32-358.el6.x86_64 2.6.32-279.el6.x86_64 2.6.32-220.el6.x86_64
|
Ubuntu (64-bit) | Ubuntu 14.04 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
| 5.x.x series 5.4.0-139-generic 5.4.0-137-generic 5.4.0-136-generic 5.4.0-135-generic 5.4.0-132-generic 5.4.0-131-generic 5.4.0-126-generic 5.4.0-125-generic 5.4.0-124-generic 5.4.0-123-generic 5.4.0-122-generic 5.4.0-121-generic 5.4.0-120-generic 5.4.0-117-generic 5.4.0-113-generic 5.4.0-110-generic 5.4.0-109-generic 5.4.0-108-generic 5.4.0-107-generic 5.4.0-106-generic 5.4.0-105-generic 5.4.0-104-generic 5.4.0-102-generic 5.4.0-100-generic 5.4.0-99-generic 5.4.0-97-generic 5.4.0-96-generic 5.4.0-94-generic 5.4.0-92-generic 5.4.0-91-generic 5.4.0-90-generic 5.4.0-89-generic 5.4.0-88-generic 5.4.0-86-generic 5.4.0-84-generic 5.4.0-83-generic 5.4.0-81-generic 5.4.0-80-generic 5.4.0-77-generic 5.4.0-75-generic 5.4.0-74-generic 5.4.0-73-generic 5.4.0-72-generic 5.4.0-70-generic 5.4.0-67-generic 5.4.0-66-generic 5.4.0-65-generic 5.4.0-62-generic 5.4.0-60-generic 5.4.0-59-generic 5.4.0-58-generic 5.4.0-54-generic 5.4.0-52-generic 5.4.0-48-generic 5.4.0-47-generic 5.4.0-45-generic 5.4.0-42-generic 5.4.0-31-generic 5.3.0-40-generic
4.x.x series 4.18.0-21-generic 4.18.0-15-generic 4.15.0-202-generic 4.15.0-200-generic 4.15.0-197-generic 4.15.0-196-generic 4.15.0-192-generic 4.15.0-191-generic 4.15.0-190-generic 4.15.0-189-generic 4.15.0-188-generic 4.15.0-187-generic 4.15.0-184-generic 4.15.0-181-generic 4.15.0-180-generic 4.15.0-177-generic 4.15.0-176-generic 4.15.0-175-generic 4.15.0-173-generic 4.15.0-171-generic 4.15.0-170-generic 4.15.0-169-generic 4.15.0-167-generic 4.15.0-166-generic 4.15.0-161-generic 4.15.0-163-generic 4.15.0-162-generic 4.15.0-159-generic 4.15.0-158-generic 4.15.0-156-generic 4.15.0-154-generic 4.15.0-153-generic 4.15.0-151-generic 4.15.0-147-generic 4.15.0-145-generic 4.15.0-144-generic 4.15.0-143-generic 4.15.0-141-generic 4.15.0-142-generic 4.15.0-140-generic 4.15.0-139-generic 4.15.0-137-generic 4.15.0-136-generic 4.15.0-135-generic 4.15.0-134-generic 4.15.0-132-generic 4.15.0-130-generic 4.15.0-129-generic 4.15.0-128-generic 4.15.0-124-generic 4.15.0-122-generic 4.15.0-121-generic 4.15.0-117-generic 4.15.0-118-generic 4.15.0-112-generic 4.15.0-111-generic 4.15.0-109-generic 4.15.0-108-generic 4.15.0-106-generic 4.15.0-101-generic 4.15.0-99-generic 4.15.0-96-generic 4.15.0-91-generic 4.15.0-88-generic 4.15.0-76-generic 4.15.0-74-generic 4.15.0-72-generic 4.15.0-70-generic 4.15.0-66-generic 4.15.0-65-generic 4.15.0-64-generic 4.15.0-58-generic 4.15.0-54-generic 4.15.0-55-generic 4.15.0-52-generic 4.15.0-48-generic 4.15.0-46-generic 4.15.0-45-generic 4.15.0-43-generic 4.15.0-42-generic 4.15.0-23-generic 4.15.0-13-generic 4.11.0-14-generic 4.4.0-210-generic 4.4.0-206-generic 4.4.0-203-generic 4.4.0-201-generic 4.4.0-198-generic 4.4.0-197-generic 4.4.0-194-generic 4.4.0-193-generic 4.4.0-190-generic 4.4.0-189-generic 4.4.0-187-generic 4.4.0-186-generic 4.4.0-185-generic 4.4.0-184-generic 4.4.0-179-generic 4.4.0-178-generic 4.4.0-177-generic 4.4.0-176-generic 4.4.0-174-generic 4.4.0-173-generic 4.4.0-171-generic 4.4.0-170-generic 4.4.0-169-generic 4.4.0-165-generic 4.4.0-164-generic 4.4.0-161-generic 4.4.0-159-generic 4.4.0-157-generic 4.4.0-154-generic 4.4.0-151-generic 4.4.0-150-generic 4.4.0-148-generic 4.4.0-146-generic 4.4.0-145-generic 4.4.0-143-generic 4.4.0-142-generic 4.4.0-141-generic 4.4.0-140-generic 4.4.0-139-generic 4.4.0-138-generic 4.4.0-135-generic 4.4.0-131-generic 4.4.0-130-generic 4.4.0-128-generic 4.4.0-127-generic 4.4.0-124-generic 4.4.0-119-generic 4.4.0-117-generic 4.4.0-116-generic 4.4.0-105-generic 4.4.0-104-generic 4.4.0-101-generic 4.4.0-97-generic 4.4.0-96-generic 4.4.0-93-generic 4.4.0-87-generic 4.4.0-85-generic 4.4.0-81-generic 4.4.0-79-generic 4.4.0-63-generic 4.4.0-62-generic 4.4.0-57-generic 4.4.0-53-generic
|
Alibaba Cloud Linux (Alinux) | Alinux 2.1903 | 5.x.x series 5.10.134-14.1.al8.x86_64 5.10.134-13.1.al8.x86_64 5.10.134-13.al8.x86_64 5.10.134-12.2.al8.x86_64 5.10.134-12.al8.x86_64 5.10.112-11.2.al8.x86_64 5.10.112-11.1.al8.x86_64 5.10.112-11.al8.x86_64 5.10.84-10.4.al8.x86_64 5.10.84-10.3.al8.x86_64 5.10.84-10.2.al8.x86_64 5.10.60-9.al8.x86_64 5.10.23-6.al8.x86_64 5.10.23-6.1.al8.x86_64 5.10.23-5.al8.x86_64
3.10.0 series 3.10.0-1160.al7.1.x86_64 3.10.0-1127.19.1.al7.1.x86_64 3.10.0-1127.al7.1.x86_64 3.10.0-1062.12.1.al7.1.x86_64 3.10.0-1062.4.1.al7.1.x86_64 3.10.0-514.2.3.al7.x86_64
|
Anolis (64-bit) | All versions | 4.x.x series 4.19.91-27.an7.x86_64 4.19.91-26.6.an8.x86_64 4.19.91-26.6.an7.x86_64 4.19.91-26.5.an8.x86_64 4.19.91-26.5.an7.x86_64 4.19.91-26.4.an7.x86_64 4.19.91-26.1.an8.x86_64 4.19.91-26.an8.x86_64 4.19.91-26.an7.x86_64 4.19.91-25.8.an8.x86_64 4.19.91-25.7.an8.x86_64 4.19.91-25.2.an7.x86_64 4.18.0-372.32.1.an8_6.x86_64 4.18.0-372.26.1.an8_6.x86_64 4.18.0-372.19.1.an8_6.x86_64 4.18.0-372.16.1.an8_6.x86_64 4.18.0-372.9.1.an8.x86_64 4.18.0-348.23.1.an8_5.x86_64 4.18.0-348.20.1.an8_5.x86_64 4.18.0-348.12.2.an8.x86_64 4.18.0-348.2.1.an8_4.x86_64 4.18.0-305.an8.x86_64
3.10.0 series 3.10.0-1160.81.1.0.1.an7.x86_64 3.10.0-1160.76.1.0.1.an7.x86_64 3.10.0-1160.71.1.0.1.an7.x86_64 3.10.0-1160.66.1.0.1.an7.x86_64 3.10.0-1160.62.1.0.1.an7.x86_64 3.10.0-1062.an7.x86_64 3.10.0-1160.an7.x86_64
|
RHEL | RHEL 6, RHEL 7, and RHEL 8 | |
Limits
Both free and paid users of Security Center can use this feature.
Enable the agent protection feature for a server
After you turn on Defense mode below agent protection, the agent protection feature is automatically enabled for the servers that are within the protection scope and have the Security Center agent installed.
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
Click the tab. In the Agent Protection section, turn on the Defense mode.
Click Manage to the right of Protection Scope.
In the Agent Protection panel, select the servers for which you want to enable the agent protection feature and click OK.
Note If you enable the Agent Protection feature for a server, the feature immediately takes effect. If you disable the agent protection feature for a server, the feature remains in effect for 5 minutes and then becomes invalid.
Check whether the agent protection feature is enabled
You can perform the following steps to check whether the agent protection feature is enabled for a server:
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
On the page that appears, find the required server and click the server name or click View in the Actions column.
On the server details page, click the Basic information tab. On the tab that appears, click Details. In the Defense status section, view the status of agent protection.
Local File Detection Engine
The local file detection engine is a high-efficiency and low-cost engine that is developed by Alibaba Cloud Security Center to detect threats in files. The local file detection engine is efficient and can reduce performance loss that is caused by data upload and data interaction in threat detection and removal.
If you enable local file detection for a server, threats in the files on the server are detected by using local file detection and cloud file detection engines. The local file detection engine is preferentially used to detect threats. If no threats are detected in a file, the file is uploaded to the cloud for further threat detection.
Limits
All editions of Security Center support this feature. For more information about the features that are supported by each edition, see Functions and features.
Enable the local file detection feature for a server
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
Click the tab. In the Local File Detection Engine section, turn on File Test.
Click Manage to the right of Installation Scope.
In the Local File Detection Engine panel, select the server for which you want to enable the local file detection feature and click OK.
Client Resource Management
The Security Center agent is a plug-in that you can install on servers. Before you can use Security Center to protect your servers, you must install the Security Center agent on the servers. Security Center supports multiple agent running modes to meet your security requirements in different scenarios. For more information, see Operating systems and kernel versions that are supported by Security Center.
Supported running modes
When the Security Center agent runs on a server, the agent consumes a small number of server resources. You can change the running mode of the agent to limit the number of resources that the agent can consume. You can select a suitable running mode for a server to enhance security.
Note If the memory usage or CPU utilization of the Security Center agent exceeds the maximum threshold that you specify in the running mode of the agent, the agent is suspended. When the CPU utilization or memory usage falls below the specified threshold, the agent automatically restarts.
Running mode | Maximum memory usage or CPU utilization | Supported edition | Scenario |
Low Consumption Mode | | All editions | This mode is suitable for scenarios that have basic security requirements. In this mode, the Security Center agent can automatically downgrade the features that consume a large number of resources. However, threats may not be detected at the earliest opportunity. We recommend that you enable the smooth mode.
Note By default, the low consumption mode is enabled for newly added assets. |
Smooth Mode | | Anti-virus, Advanced, Enterprise, and Ultimate | This mode is suitable for scenarios in which important workloads need to be protected. In this mode, the Security Center agent consumes more resources to collect data and detect risks at the earliest opportunity. |
Custom Mode | | Enterprise and Ultimate | This mode is suitable for major event protection. In this mode, you can control the memory usage and CPU utilization in a flexible manner. You can also configure the file collection frequency.
Important If you set the thresholds to values that are too small, several detection capabilities may become invalid. Proceed with caution. |
Configure a running mode
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
Click the tab. In the Client Resource Management section, click Manage to the right of Smooth Mode or Custom Mode.
In the Smooth Mode or Custom Mode panel, select the servers for which you want to enable the mode and click OK.
You can enable only Smooth Mode or Custom Mode for a server. For example, if you enable Custom Mode for a server that is protected in Smooth Mode, the running mode for the server changes to Custom Mode.
Note In Custom Mode, more types of threats can be detected, and more alerts are triggered. As a result, the false positive rate may increase. We recommend that you pay attention to alerts and handle the alerts at the earliest opportunity.
Optional. Change the thresholds for memory usage and CPU utilization. You can perform this step if you enable Custom Mode for a server.
The higher the thresholds for memory usage and CPU utilization, the more efficiently Security Center protects your assets. We recommend that you set the thresholds to appropriate values.