edit-icon download-icon

Server Guard detection scope

Last Updated: Feb 12, 2018

Server Guard works in concert with the on-cloud Server Guard Protection Center through the Agent installed on your ECS. It provides you with server asset inventory check, vulnerability management, baseline management, and intrusion detection features.

After you activate ECS, the system installs and activates Server Guard Basic for you by default.

Following is the detailed description of the Server Guard detection scope:

Suspicious file information

After the system detects a suspicious file, it uploads the information about the file (including but not limited to the file path, MD5 value, and time of creation) to the on-cloud Server Guard Protection Center for final verification. If the file is determined to be a malicious file, Server Guard sends you a security warning notification.

Suspicious process information

After the system detects a suspicious process, it uploads the information about the process (including but not limited to the process name, process startup parameters, paths of corresponding files of the process, and process start time) to the on-cloud Server Guard Protection Center for final verification. If the process is determined to be a malicious process, Server Guard sends you a security warning notification.

Account information

The system regularly analyzes and uploads account information of the server (including but not limited to user name and user permissions) and logon log information (including but not limited to logon name and logon IP addresses) to provide logon audit, suspicious account reminders, and brute-force attack block. If an abnormal logon event occurs, Security Guard sends you a security warning notification.

Abnormal connection information

After the system detects a suspicious network connection, it uploads information about the network connection (including but not limited to access source IP address, source port, access destination IP address, and destination port) to the on-cloud Server Guard Protection Center for final verification. If the connection is determined to be a suspicious connection, Security Guard sends you a security warning notification.

Server asset information

The system regularly collects information about relevant assets of the server (including but not limited to installed software information, monitored port information, and running website information) to provide the asset management feature.

Note

In case of any changes in the collection of the preceding server information, Alibaba Cloud prompts about the changes in an appropriate section on the Alibaba Cloud official website.

If you do not agree with Alibaba Cloud’s changes, you have the right to stop using Alibaba Cloud Server Guard service. In this case, see Uninstall Server Guard Agent to remove the Server Guard Agent from your ECS.

If you continue to use Alibaba Cloud Server Guard service, you are considered to have accepted relevant changes made by Alibaba Cloud.

Thank you! We've received your feedback.