Checking and Handling Suspicious Processes

If HSS detects suspicious processes on servers, the processes will be displayed in the suspicious process list but will not trigger alarms. HSS cannot determine whether these processes are trustworthy based on the application process characteristics. To avoid affecting services, you need to check whether the processes can be trusted and add trustworthy ones to the process whitelist.

Checking and Handling Suspicious Processes

  1. Log in to the management console.

  1. In the navigation tree, choose Prevention > Application Process Control.

  2. Click the Suspicious Processes tab.

  3. Determine whether a suspicious process is malicious based on its information, such as the hash value and file path.

  4. In the row of a process, click Handle in the Operation column.

    You can also select multiple suspicious processes and click Batch Handle above the list.

  5. In the dialog box that is displayed, select an action.

    Select Add to process whitelist.

  6. Click OK.