This topic answers common questions about billing for Security Center renewals, upgrades, downgrades, and vulnerability fixes.
Renewal
How do I renew Security Center when it is about to expire?
Your Security Center service has a validity period. You must renew the service before it expires to avoid service interruptions. For more information about how to renew the service, see Renewal policy (subscription).
How far in advance can I renew a Security Center instance?
There is no time limit for renewing Security Center. You can renew your instance at any time after purchase.
Can I downgrade from Security Center Premium Edition to Anti-virus Edition during a renewal with a specification change?
Yes, you can.
When you renew with a specification change, you can downgrade or upgrade your edition. For example, if you have the Premium Edition, you can downgrade to the Anti-virus Edition, purchase only value-added services, or upgrade to the Enterprise or Ultimate Edition. For more information, see Renewal policy (subscription).
How do I change the auto-renewal period or cancel auto-renewal?
If you did not select Auto-renewal when you purchased Security Center and want to enable or cancel auto-renewal for your service, follow these steps:
Log on to the Renewal Management page. In the Commodity Name field, select Security Center.
Select an operation as needed.
Enable auto-renewal: On the Manual Renewal tab, find the instance and click Actions > Enable Auto-renewal. In the dialog box that appears, turn on the Enable auto-renewal switch, set the renewal cycle, and click Enable Auto-renewal.
Modify auto-renewal: On the Auto-renewal tab, find the instance and click Actions > Modify Auto-renewal Settings. In the dialog box that appears, turn off the Enable auto-renewal switch or change the renewal cycle, and click OK.
Enable manual renewal (cancel auto-renewal): On the Auto-renewal tab, find the instance and click Actions > Enable Manual Renewal.
What do I do if a RAM user has no permission to renew?
By default, a newly created RAM user has no permissions. You must use your Alibaba Cloud account to grant the RAM user the required system policies for the User Center. Then, the RAM user can perform renewals. For more information, see Grant system policies to a RAM user.
Insufficient authorizations
What do I do if the number of my servers exceeds the number of purchased authorizations?
After you purchase a Security Center instance in full protection mode, if the number of your servers exceeds the purchased authorizations and you do not promptly increase the number of authorizations, the following issues may occur:
Security Center features may not work correctly.
You cannot renew the service upon expiration.
When your Security Center service is about to expire, if the number of your servers exceeds the maximum number of authorizations, you must first upgrade to increase the number of authorizations before you can renew.
If the number of your servers exceeds the maximum number of authorizations you selected when purchasing Security Center, you can follow these steps to increase the number of authorizations:
Log on to the Security Center console.
On the Overview page, click Upgrade Now.
In the Upgrade Now panel, set the number of protected servers, read and select service agreement , and then click Upgrade Now.
If you do not need to increase the number of authorizations, you can switch the protection mode from full protection to on-demand protection. The on-demand protection mode does not limit the number of purchased authorizations, so you will not encounter issues related to exceeding your authorization quota. After you switch to on-demand protection mode, you must bind authorizations to servers to specify which servers to protect. For more information about how to switch the purchase mode, see How do I manually upgrade from full protection to on-demand protection mode?.
Upgrades and downgrades
Can the subscription duration for upgraded server authorizations or value-added services be different from my existing Security Center subscription?
No, it cannot.
The subscription duration for upgraded server authorizations or value-added services must be the same as your existing Security Center instance. This means they must have the same expiration date. The upgrade fee is calculated as follows: (Fee for additional authorizations + Fee for value-added features) × Remaining validity period of the Security Center service (in seconds).
Can I downgrade Security Center Enterprise Edition to the Free Edition?
Security Center does not support manually downgrading a paid edition to the free edition. A paid edition is automatically downgraded to the free edition after it expires.
Why do I see the message "A pending renewal with a specification change exists. Upgrade or downgrade is not allowed." when I try to upgrade or downgrade?
Symptom
When you try to upgrade or downgrade Security Center, the Upgrade NowLevel or Buy Now button is grayed out, preventing you from submitting the order. The page displays the message "A pending renewal with a specification change exists. Upgrade or downgrade is not allowed."
Cause
You performed a renewal with a specification change before you tried to upgrade or downgrade. If a pending order for a renewal with a specification change exists, you cannot perform another upgrade or downgrade.
View pending orders
In the upper-right corner of the console, choose . On the Service tab, set the order type filter to Security Center and click Search to view recent renewal orders. Click Details in the Actions column of a renewal order to view the effective period and configuration of the pending order.
Solution
If the configuration of the pending renewal order matches the configuration of the upgrade or downgrade you want to perform, you do not need to perform the operation again. Wait for the pending renewal order to take effect.
If the configuration of the pending renewal order does not match the configuration of the upgrade or downgrade that you want to perform, or if you want to change the configuration, you can submit a ticket to request the cancellation of the pending renewal order. Then, you can perform the upgrade or downgrade.
Can I unsubscribe from Security Center and then purchase it again?
Yes, you can.
If your purchased Security Center service does not meet your security protection needs, you can unsubscribe from your existing instance in the Alibaba Cloud console and then purchase a new one. For more information, see Refund policy and Purchase Security Center.
Vulnerability fix billing
After purchasing a subscription for vulnerability fixes, can I still enable pay-as-you-go for vulnerability fixes?
No, you cannot.
How do I switch from a subscription to pay-as-you-go for vulnerability fixes?
After you purchase vulnerability fixes with a subscription, you cannot directly switch to the pay-as-you-go billing method. You can downgrade or request a refund for your Security Center instance and then enable the pay-as-you-go mode.
Downgrade:
You can apply for a downgrade if you have not used any vulnerability fixes in the current billing cycle, which starts from the order date and ends at 00:00:00 on the same date of the next month. If you have used vulnerability fixes in the current billing cycle, you must wait until the next billing cycle begins. You can then apply for a downgrade, provided you have not used any vulnerability fixes in the new cycle.
For example, you place an order on November 2, 2023, to purchase 20 vulnerability fixes for a subscription duration of two months. Your current billing cycle is from November 2, 2023, to December 2, 2023. On November 5, 2023, if you have not used any vulnerability fixes, you can directly disable the subscription by downgrading. If you have used vulnerability fixes, you must wait until 00:00:00 on December 3, 2023, to apply for a downgrade.
Apply for a downgrade. When applying, you must select No for the vulnerability fix option. For more information, see Upgrade and downgrade.
In the Security Center console, go to the Vulnerabilities page and click Purchase to enable pay-as-you-go for vulnerability fixing.
Refund:
Request to unsubscribe from your purchased Security Center instance in the console. For more information, see Refund policy.
In the Security Center console, go to the Vulnerabilities page and click Purchase to enable pay-as-you-go for vulnerability fixing.
(Optional) Purchase other Security Center services again. For more information, see Purchase Security Center.
If I enable pay-as-you-go for vulnerability fixes and then purchase the Premium Edition or higher, will I continue to be charged?
No, you will not. Servers that are bound to a Premium Edition or higher authorization can have vulnerabilities fixed with one click, with no limit on the number of fixes. If you enable pay-as-you-go for vulnerability fixes and then purchase the Premium Edition or higher, Security Center automatically disables the pay-as-you-go mode. You will not be charged for any future vulnerability fixes.
Are unused vulnerability fixes from a monthly subscription carried over to the next month?
No, it is not.
The billing unit for subscription resources is one month. Unused quotas from the current billing cycle are cleared at the beginning of the next billing cycle. In the next billing cycle, the product quota that you purchased for that cycle is used. If you cannot estimate the number of vulnerability fixes that you need, we recommend that you enable pay-as-you-go for vulnerability fixes. For more information, see View and manage vulnerabilities.
If you no longer need to use vulnerability fixes within the current billing cycle, you can downgrade to unsubscribe from the subscription service for vulnerability fixes. Security Center refunds the cost of the unused vulnerability fixes from the current billing cycle up to the expiration date of the Security Center instance. For more information, see Upgrade and downgrade.
Billing mode FAQ
How do I check the activation time, method, and operator ID of Security Center pay-as-you-go features?
Log on to the ActionTrail console, search for "Security Center" as the product name, and find the event named "ModifyPostPayModuleSwitch" to view the activation time, method, and operator ID.
Why does the Security Center purchase page fail to load prices, show conflicts, or not display version options?
Purchase page issues may be caused by:
Anti-ransomware configuration conflict: If a conflict or price loading failure is displayed, it may be because anti-ransomware was previously configured and has partially used capacity. Solution: On the Anti-ransomware Configuration page in the console, change the related options to "No" or deselect them, then refresh the purchase page.
Page does not display basic versions or options are missing:
Check whether "Purchase Value-added Services Only" is selected. Switch to a specific version (such as Advanced or Enterprise).
Check whether the account has overdue payments. If so, top up the account first.
Clear the browser cache, switch to another browser (Chrome/Edge), or reopen the purchase page.
Try switching the billing mode (e.g., from subscription to pay-as-you-go) to see if the display is restored.
Why does the error "Already had postpaid instance, cannot buy prepaid version" appear when purchasing a subscription?
Cause: A valid pay-as-you-go (postpaid) instance or subscription order for Security Center already exists under the account. The system prevents conflicting billing modes for the same feature or duplicate orders of the same type.
Solutions:
To switch to subscription: First close all pay-as-you-go services on the Security Center console - Overview page (note: settlement occurs the next day and data is cleared immediately), then purchase the subscription.
If a subscription already exists: Do not repurchase. Instead, use Change Configuration (upgrade/downgrade) or add value-added services on the existing instance.
To unsubscribe and repurchase: First unsubscribe from the existing subscription (data is cleared after refund), then repurchase.
How do I check the current Security Center version, instance creation time, and service status?
Check current version/status: Log on to Security Center console - Overview page. In the Subscription or Pay-as-you-go area, view the current version name, expiration date, or service switch status.
Check instance creation time: The console may not directly display the exact creation time. You can check the first bill generated for the instance ID in Bill Details, or contact technical support for the exact creation time.
How do I confirm the payment and activation status of Security Center host protection?
Confirmation method: Go to the Expenses and Costs-Bill Details page, search for the Security Center order number, and check whether the order status is "Paid" and the activation time.
Console verification: Log on to Security Center console - Overview page and confirm that the service is displayed in the Subscription list with normal status.
Service closure and billing settlement
How do I confirm that Security Center services have been closed and billing has stopped?
Closure confirmation: Log on to the Security Center console - Overview page and check that the service status for the corresponding billing mode (subscription/pay-as-you-go) shows "Closed" or the feature switch is in the off state.
Billing settlement rules:
Pay-as-you-go: After closing the service, fees incurred on the current day are settled and billed on the next day (T+1). No new fees are generated afterward. Data is cleared immediately with no retention period.
Subscription: Use Unsubscribe Management or Downgrade operations. The refund amount is shown on the downgrade/unsubscribe page.
Why do I still receive bills or overdue notifications after closing pay-as-you-go services?
T+1 billing mechanism: Security Center pay-as-you-go uses a T+1 billing model. Fees incurred today generate a bill tomorrow. Therefore, fees are still incurred on the day the service is closed, and billing stops the next day.
Historical arrears settlement: If there were arrears before closing, the closing operation does not eliminate historical debts. All fees incurred before closure must be settled.
Status sync delay: In rare cases, there may be a brief delay in the console status display. If the closure operation has been confirmed and no new usage occurs, the brief status anomaly can be ignored. Refer to the bill as the authoritative source.
Does closing Security Center pay-as-you-go services affect ECS instances or other cloud products?
No impact on business: Closing Security Center pay-as-you-go only stops advanced protection features (such as virus scanning, vulnerability fixing, and log analysis). Servers are downgraded to Free Edition protection or no protection, but ECS instances, lightweight application servers, and other cloud products continue to operate normally.
Arrears impact: While Security Center arrears do not directly stop ECS, if overall account arrears cause insufficient balance, other pay-as-you-go products (such as pay-as-you-go ECS and bandwidth) may be affected.
How do I close Security Center pay-as-you-go services from the mobile app?
You can try to close pay-as-you-go features from the mobile app. If you cannot find the entry or the operation fails, log on to the PC console instead, as it provides more complete and stable functionality.
Log on to the Security Center console - Overview,click the Deactivate on the Pay-as-you-go section .
Pay-as-you-go and auto-activation
What is the relationship between ECS console security protection and Security Center? Why was Security Center automatically activated when I purchased ECS?
Relationship: Enabling "Security Protection" in the ECS console activates Security Center protection capabilities (usually Free Edition or pay-as-you-go basic protection). They are linked at the underlying level.
Auto-activation reason: When purchasing an ECS instance, if security or backup options are selected on the purchase page, the system automatically activates Security Center (pay-as-you-go) and Cloud Backup services.
How to close: If not needed, log on to the Security Center console - Overview page, and click the Deactivate on the Pay-as-you-go section or close individual feature switches to stop pay-as-you-go charges.
Does Security Center automatically activate or charge fees when I access the console?
Security Center does not automatically activate or generate fees simply because you access the console.
Activation conditions: Service activation typically requires actively purchasing a subscription, enabling pay-as-you-go features, or selecting related options when purchasing other products (such as ECS).
Free Edition: All verified accounts automatically have Free Edition basic detection capabilities, which incur no fees.
Why am I being charged for Security Center when I never activated it?
This may be triggered by the following scenarios:
ECS free benefits/trial resource packages: Activating ECS security benefits or trial resource packages automatically enables a pay-as-you-go instance. When the resource package is exhausted or expires, charges continue as pay-as-you-go.
Alert handling/manual scan: Clicking "Detect", "Handle Alert", or performing manual scans without a subscription triggers automatic pay-as-you-go activation.
Residual features after subscription expiry: Pay-as-you-go features (such as Agentic SOC, CSPM) enabled during the subscription period continue billing after the subscription expires.
Sub-account activation: A RAM user or other authorized role may have activated the service. Check ActionTrail for activation records.
Solution: Log on to the Security Center console - Overview page, and click the Deactivate on the Pay-as-you-go section or close individual feature Closure takes effect T+1.
How do I check the pay-as-you-go activation time?
Log on to the ActionTrail console, search for "Security Center" as the product name, and find the event named "ModifyPostPayModuleSwitch" to view the activation time.
How do I check the operation records for enabling pay-as-you-go?
Log on to the ActionTrail console, search for "Security Center" as the product name, and find the event named "ModifyPostPayModuleSwitch" to view the activation records, including the operator ID, activation time, and source IP.
ActionTrail retains event records for the most recent 90 days only.
Why am I charged for Security Center after claiming ECS free security benefits?
When you claim ECS free security benefits or trial resource packages, the system automatically activates Security Center pay-as-you-go services. The free period incurs no charges. After the free period ends, these pay-as-you-go services continue to bill until you manually close them.
Arrears and fees
How do I handle viruses/worms on servers after Security Center is suspended due to arrears?
Recommended: Pay off arrears and repurchase a subscription or enable pay-as-you-go to use automated virus scanning and quarantine capabilities.
Emergency manual handling: If you do not want to activate the service, log on to the server operating system, use historical alert logs and process paths from Security Center to manually find and terminate malicious processes and delete malicious files.
Risk warning: Create a server snapshot before manual operations to prevent accidental impact on business systems.
Why am I still being charged after Security Center has arrears? How do I restore services after paying off arrears?
Why charges continue: If the "Grace Period" (delayed suspension) privilege is enabled, services continue running and billing within the granted credit or time limit, even with arrears, until the grace period is exceeded.
Restoration: After arrears are paid off, pay-as-you-go services typically resume immediately.
Prevention tips: Set up balance alerts, monitor resource package usage, and close unnecessary services promptly.
Does Security Center pay-as-you-go support resource packages or coupon deductions?
Resource packages: Some Security Center features (such as vulnerability fixing) support resource package deductions, which are more cost-effective than pure pay-as-you-go billing.
Coupons: Coupons can be used to deduct pay-as-you-go bills or purchase subscription products, but note the validity period and applicable scope.
Pricing: For subscription pricing or bulk purchase discounts, refer to the purchase page for real-time pricing.
Specific operation billing
Does quarantining Webshell files incur ongoing pay-as-you-go fees?
Quarantining Webshell files does not incur ongoing pay-as-you-go fees. However, this feature requires Security Center Premium Edition or higher, or active pay-as-you-go services. If the relevant security service is closed or expired, you cannot use the quarantine feature, and no related fees are incurred.
Do snapshots created during quarantine or remediation operations incur additional fees?
If server snapshots are created during quarantine or remediation, snapshot storage may incur separate charges for Cloud Backup or ECS Snapshots, billed independently from Security Center pay-as-you-go charges. Delete snapshots that are no longer needed to avoid unnecessary storage costs.