Server Guard

Server Guard has been upgraded and integrated with Security Center that provides unmatched server protection and unified security operation center.

Server Guard is a host security software system. It provides functions such as host vulnerability detection, baseline check, virus scan and removal, and unified asset management.


Unified Security Management
Allows you to manage the security status of all hosts in the console.
Low Resource Consumption
Server Guard typically only consumes 1% of the CPU time and less than 50 MB memory.
Real-time Security Monitoring
Automatically scans the asset security status to detect asset changes, vulnerabilities, and intrusions.
Quick Event Handling
Detects security issues, quickly fixes vulnerabilities, and quarantines viruses to protect your assets.


  • Detect and Fix Host Vulnerabilities

    Comprehensive vulnerability management largely reduces the security risks on your assets.

    CVE Vulnerabilities in System Software

    Detects and reports vulnerabilities that are listed in Common Vulnerabilities and Exposures (CVE) on your server, for example, SSH, OpenSSL, and MySQL.

    Windows System Vulnerabilities

    Sends you Microsoft patches for critical vulnerabilities on your server, for example, the SMB RCE vulnerability. Manual operations are required to update the security system and fix low-risk vulnerabilities.

    Web CMS Vulnerabilities

    Detects web CMS vulnerabilities by scanning directories and files based on Alibaba Cloud security information, and provides patches developed by Alibaba Cloud Security. Fixes vulnerabilities in software such as WordPress and Discuz!.

    Other Critical Vulnerabilities

    Detects vulnerabilities in the software configurations and components, including vulnerabilities that cannot be detected by checking the version information or files, for example, the Redis unauthorized access vulnerability.

  • Configuration Baseline Check

    Checks all security configurations to enable targeted protection.

    Suspicious Account Detection

    Detects and reports hidden accounts and cloned accounts that are created by attackers on your servers.

    Weak Password Detection

    Detects weak passwords of servers such as SSH and RDP, based on common weak password dictionaries.

    Configuration Risk Detection

    Checks whether the logon configurations, process configurations, and registry configurations on your servers comply with the security standards of servers in an enterprise.

  • Attacker Intrusion Detection (Cloud Virus Removal Included)

    Alerts you about attacker intrusions in real time, enabling a quick response to security events.

    Unusual Logon Alerts

    Audits all logons and alerts you about unusual logons. You can set the usual logon locations.

    Brute-force Attack Prevention

    Detects brute-force attacks and reports to Alibaba Cloud to prevent password cracking.

    Webshell Detection and Removal

    Provides an Alibaba engine for detecting and removing webshells such as PHP webshells and JSP webshells, both on-premises and in the cloud. Supports both regular and real-time webshell detection and removal.

    Suspicious Host Detection

    Detects and alerts you about reverse shells, DDoS attacks on other hosts, mining processes, botnets used for CC attacks, and downloads from malicious sources.

    Cloud Virus Removal

    Integrates major cloud virus removal engines from developers across the globe and Alibaba-developed sandboxes. Detects malicious processes and viruses and allows you to quickly quarantine them.

  • Host Port/Process/Account Management

    Manages processes, ports, and accounts in the cloud, and detects unusual changes on your assets.

    Asset Data Collection

    Regularly records process data on your servers, such as listener ports and created accounts, and manages the data in a unified manner.

    Process Change Audit

    Audits changes in the process data to detect unusual activities on your assets.

  • Real-time Retrieval of All Host Logs

    Manages all host logs and allows you to locate security issues.

    Unified Data Management

    Manages all host data, such as network connections, logon history, accounts, listener ports, and all process data.

    Fast Data Retrieval

    Allows you to use Boolean search to identify the causes of security events on your hosts. Displays the search result within seconds.

Common Scenarios

  • Unified Security Management
  • Emergency Vulnerability Response
  • Defense In Depth
Unified Security Management

Unified Security Management

Manage Server Guard on Different Platforms in One Console

As more applications have been migrated to the cloud, asset security requires a unified management system. The security statuses of ECS instances must be visualized and managed, in order to lower the security risks and management costs.


  • Multi-OS Support

    Compatible with multiple operating systems, including Windows, Linux, Ubuntu, and Debian.

  • Multi-Platform Support

    Compatible with multiple platforms, such as Alibaba Cloud and private clouds (such as financial cloud solutions), and external servers.

  • Unified Management

    Allows you to manage Server Guard that is deployed in different environments and regions in the same console.

Integrations and Configurations

Emergency Vulnerability Response

Emergency Vulnerability Response

Quickly Identifies and Fixes Critical Vulnerabilities

Once a zero-day vulnerability is exposed on your system, to prevent security issues, you must locate and fix the vulnerability before attackers launch attacks on your servers.


  • Information Sharing

    Uses threat information that has been collected by Alibaba Cloud and quickly pushes the vulnerability data.

  • Vulnerability Inspection

    After vulnerability inspection plans have been imported into Server Guard, you can obtain the inspection results within 24 hours.

  • Vulnerability Fixes

    Provides fixes for all vulnerabilities and allows you to quickly fix specific vulnerabilities.

Related Products and Services

Defense In Depth

Defense In Depth

Deploy Server Guard on Hosts

Host security is an important part in a defense-in-depth security system. For example, malicious traffic may not pass through your network boundaries, which are protected by network security systems. Attacks may be initiated from inside the corporate network or through VPN connections. Such attacks within the boundaries of your networks are not captured. Therefore, you need to implement protection at host level.


  • Intranet Attack Detection

    Detects and alerts you on attacks and intrusions between intranet servers.

  • Attack Prevention Using Network Security Devices

    Blocks attack sources in real time using network security devices.

  • Quick Response

    Allows you to quickly quarantine suspicious files and prevent unusual activities on your hosts.

Related Products and Services