File Trojan Detection
Document Last Updated (2024/12/12)
The File Trojan Detection feature of UHIDS Host Intrusion Detection, independently developed, utilizes various detection methods such as code analysis, data flow analysis, and abnormal network traffic analysis. Combined with cloud big data analysis and static rule-based detection systems, it is capable of detecting stealthy file trojans and viruses.
Detection Principle
UHIDS Host Intrusion Detection checks specific directories and processes on the server, using static rules and the cloud virus database to determine whether the process or file is a trojan. If it is, an alert will be triggered.
Detection Cycle
- The plugin will perform an immediate scan upon startup by default.
- It will scan every 2 hours by default.
- After a risk is cleared, the risk will be re-checked within 2 hours. If it is found to be fixed, the alert will be automatically deleted.
Detection Items
| Detection Item | Description |
|---|---|
| Rootkit | Supports detection of Rootkit backdoors |
| shell | Supports detection of shell script backdoors |
| so | Supports detection of dynamic link library backdoors |
| sshd | Supports detection of sshd backdoors |