Adding a Privileged Process

If WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, add them to the privileged process list.

Only the modification made by privileged processes can take effect. Modifications made by other processes will be automatically rolled back.

Exercise caution when adding privileged processes. Do not let untrustworthy processes access your protected directories.

Constraints

  • Only the servers that are protected by the HSS WTP edition support the operations described in this section.

  • For Linux OSs, only x86 OSs with kernel 4.18 support this function.

  • The privileged process takes effect only for Agent 3.2.4 or later.

  • A maximum of 10 privileged processes can be added to each server.

Prerequisites

The Protection Status of the server must be Protected. To view the status, choose Prevention > Web Tamper Protection. Click the Servers tab.

Adding a Privileged Process

  1. Log in to the management console.

  2. Click image1 in the upper left corner of the page, select a region, and choose Security > HSS. The HSS page is displayed.

  3. Choose Prevention > Web Tamper Protection, click Configure Protection.

    Note

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

    **Figure 1** Entering the page for protected directory settings

    Figure 1 Entering the page for protected directory settings

  4. Click Privileged Process Settings and then Settings.

    **Figure 2** Setting a privileged process

    Figure 2 Setting a privileged process

  5. On the Privileged Process Settings page, click Add Privileged Process.

    **Figure 3** Adding a Privileged Process

    Figure 3 Adding a Privileged Process

  6. In the Add Privileged Process dialog box, enter the path of the privileged process.

    The process file path must contain the process name and extension, for example, C:/Path/Software.type. If the process has no extension, ensure the process name is unique.

  7. Click OK.