Skip to Content

File Trojan Detection

Document Last Updated (2024/12/12)


The File Trojan Detection feature of UHIDS Host Intrusion Detection, independently developed, utilizes various detection methods such as code analysis, data flow analysis, and abnormal network traffic analysis. Combined with cloud big data analysis and static rule-based detection systems, it is capable of detecting stealthy file trojans and viruses.

Detection Principle

UHIDS Host Intrusion Detection checks specific directories and processes on the server, using static rules and the cloud virus database to determine whether the process or file is a trojan. If it is, an alert will be triggered.

Detection Cycle

  • The plugin will perform an immediate scan upon startup by default.
  • It will scan every 2 hours by default.
  • After a risk is cleared, the risk will be re-checked within 2 hours. If it is found to be fixed, the alert will be automatically deleted.

Detection Items

Detection ItemDescription
RootkitSupports detection of Rootkit backdoors
shellSupports detection of shell script backdoors
soSupports detection of dynamic link library backdoors
sshdSupports detection of sshd backdoors