Asset Management
HSS proactively checks open ports, processes, web directories, and auto-startup entries on your servers, and records changes on account and software information.
HSS lists all the assets on your servers and identifies risks in them in a timely manner.
HSS does not touch your assets. You need to manually eliminate the risks.
Check Interval
Account information and open ports are checked in real time.
Processes, web directories, software, and auto-start entries are checked in the early morning every day.
Viewing Asset Information
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose . - Go to the Assets page. Click tabs on the page to view assets detected by HSS on your servers.
Figure 1 Assets
Managing Account Information
Operations made to accounts are recorded.
- The Action column records the operations. Its value can be Create (newly found in the latest check), Delete (found in earlier checks but missing in the latest check), and Modify (changes on account information, such as account names, administrator rights, and user groups, are detected).
- The Time column records the time when changes were detected, not the time when they were made.
You can check the information about and changes on all accounts here. If you find unnecessary or super-privileged accounts (such as root) that are not mandatory for services, delete them or modify their permissions to prevent exploits.
Checking Open Ports
You can manage all the open ports on your servers.
- Manually disabling high-risk ports
If dangerous or unnecessary ports are found enabled, check whether they are mandatory for services, and disable them if they are not. For dangerous ports, you are advised to further check their program files, and delete or isolate their source files if necessary.
It is recommended that you handle the ports with the Dangerous risk level promptly and handle the ports with the Unknown risk level based on the actual service conditions.
- Ignore risks: If a detected high-risk port is actually a normal port used for services, you can ignore it. The port will no longer be regarded risky or generate alarms.
Managing Processes
You can quickly check and terminate suspicious application processes on your servers.
If a suspicious process has not been detected in the last 30 days, its information will be automatically deleted from the process list.
Managing Web Directories
You can check and delete risky web directories and terminate suspicious processes in a timely manner.
Managing Software
Operations made to software are recorded.
- Action: Create and Delete.
- The Time column records the time when changes were detected, not the time when they were made.
You can check the information about and changes on all software, upgrade software, and delete software that is unnecessary, suspicious, or in old version.
Managing Auto-start Entries
Trojans usually intrude servers by creating auto-started services, scheduled tasks, preloaded dynamic libraries, run registry keys, or startup folders. The auto-startup check function collects information about all auto-started items, including their names, types, and number of affected servers, making it easy for you to locate suspicious auto-started items.
You can check the servers, paths, file hashes, and last modification time of auto-started items to find and eliminate Trojans in a timely manner.
- Check Interval
- Viewing Asset Information
- Managing Account Information
- Checking Open Ports
- Managing Processes
- Managing Web Directories
- Managing Software
- Managing Auto-start Entries