The content of this page has been automatically translated by AI. If you encounter any problems while reading, you can view the corresponding content in Chinese.
Help & Documentation>Cloud Workload Protection Platform>Cloud Workload Protection Description>Function Behavior Description

Function Behavior Description

Last updated: 2025-02-27 11:17:56

On this page:

Web Shell Detection

Web shells are common in hackers’ attacks. The CWPP agent will scan newly created web program files on the server for suspicious risks. For a small number of files that are suspected to be web shells, CWPP reports them to Tencent Cloud, which then conducts further detection through the machine learning detection engine. After detection, the sample files will be deleted in real time. CWPP runs a full scan every day by default. No private data will be extracted in this process.

Abnormal Login Reminder

The abnormal login reminder allows you to identify abnormal admin logins. The source IP, time, login user name and login status data in the login log need to be collected for computing risks. The login log data is retained on cloud for one month.

Password Cracking Reminder

Detect password cracking attacks against your server and show you the log and result of the attacks. It collects and analyzes information in the logs, including source IP address, time, login username, and login status. The login logs will be retained in the cloud for one month.

Malicious Trojans and Virus Detection

Malicious Trojans and virus programs usually steal user data or launch attacks, consuming a large amount of system resources and causing business disruptions. The client will collect the hash fingerprints of suspicious malicious programs to the cloud, where the Cloud Scan module will inspect the hash fingerprints. If the cloud hash library does not have a record of the file, the executable file will be reported to the cloud and inspected by the cloud antivirus engine. After inspection, the sample file will be deleted in real time. The host security system provides a full-disk scan service every day by default, and no user privacy data will be extracted during the detection process.

Vulnerability Alert

The current CWPP supports detecting Linux and Windows vulnerabilities and security baselines complying with Tencent Cloud requirements.

Upgrade and Maintenance

The upgrade and maintenance feature mainly informs users to upgrade the client to obtain the latest security protection services. The client software needs to collect the host security version number, OS configuration information, and security rule version number to the cloud for judgment and reminders. No private data will be extracted in this process.
中国站 - English