How to install the Security Center agent-Security Center(Security Center)-阿里云帮助中心

Agent workflow

The Security Center agent is a lightweight proxy that runs on your target server. Its workflow is as follows:

Installation and registration: When you run the installation command, the agent automatically downloads and registers with the service using a unique installation key.
Data collection: The agent runs in the background and collects security data in real time, such as processes, network connections, and logon behaviors.
Data reporting: The agent securely reports the collected data to the service over a Transport Layer Security (TLS)-encrypted channel, adapting to different network environments, such as proxies.
Command execution: The agent executes security commands received from the service, such as vulnerability scans and baseline checks, and reports the results.
Status synchronization: The agent sends periodic heartbeat signals to report its online and health status, ensuring the console displays the real-time protection status of your servers.

Applicability

System version: You must install the agent on a supported operating system. For more information, see Supported systems.
Server ownership: You can install the agent only on servers in your Alibaba Cloud account. Security Center does not support cross-account installation.

Note
To protect cross-account resources with Security Center, use the multi-account management feature.

Prerequisites

Installation notes

Installation time: The installation process takes approximately 5 minutes per server.
Resource consumption: The agent is a lightweight proxy. During high-load tasks such as scans, the agent's resource use (CPU and memory) may temporarily increase.
Business impact: Installation does not require a server restart or interrupt normal business operations.

Clean up previous installations

If the agent is already installed on the server, first uninstall the agent and then manually delete any remaining files from the installation directory. The default paths are as follows:

Linux: /usr/local/aegis.
Windows (64-bit): C:\Program Files (x86)\Alibaba\Aegis.

Identify assets missing the agent

Log on to the Security Center console.
In the left-side navigation pane, choose System Settings > Feature Settings. In the upper-left corner of the console, select the asset region: Chinese Mainland or Outside Chinese Mainland.
On the Agent > Agent Not Installed tab, view the servers that are missing the agent.

Installation methods

Installation method	Scenarios	Key advantages
One-click installation	For running ECS instances in a supported region that use a VPC and have Cloud Assistant installed.	Simple installation from the console, with no server login required.
General installation	For any server with Internet access, including ECS instances and external servers.	Highly versatile. Supports all major operating systems.
Batch installation using an image	To create multiple, standardized servers with the agent pre-installed.	Scalable deployment. Create once, reuse for multiple deployments.
Installation in restricted or complex network environments	For servers that lack direct Internet access, have unstable network connectivity, or require a specific endpoint.	Supports complex network scenarios through a proxy or leased line.

Installation

One-click installation

Use cases

You can use one-click installation if your ECS instance meets all the following conditions:

The ECS instance is in the Running state and has Cloud Assistant installed.

Note
If Cloud Assistant is not installed on the server, install Cloud Assistant first.
The network type is VPC.

The ECS instance must be in one of the following supported regions.

Region category	Region name
Asia-Pacific	China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Hong Kong), and Shanghai Finance Cloud Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), and Japan (Tokyo)
Europe and Americas	Germany (Frankfurt), UK (London), US (Silicon Valley), and US (Virginia)
Middle East and India	UAE (Dubai)

Disable or uninstall third-party security software to prevent installation conflicts.

Note
After the Security Center agent is installed, you can restart or reinstall your third-party security software as needed.

Procedure

Log on to the Security Center console.
In the left-side navigation pane, choose System Settings > Feature Settings. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.
On the Agent > Agent Not Installed tab, find the server where you want to install the agent, and click Install Agent in the Actions column.

Note
You can also select multiple servers and click Install to install the agent in batches.

General installation

Use cases

Use this method for any server with Internet access.

Important

To ensure a successful installation, allow outbound traffic to the service endpoints of Security Center in your firewall or security group. For more information, see Configure an allowlist policy.

Procedure

Log on to the Security Center console.
In the left-side navigation pane, choose System Settings > Feature Settings. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

On the Agent > Installation Command tab, copy the installation command that corresponds to your server's operating system.

Note

The command includes a dedicated installation key, which is the value after -k.

Default installation command: A quick and convenient option that requires no extra configuration. This method is suitable for scenarios where you do not need to immediately assign the asset to a specific group.
Custom installation command: A flexible option that lets you configure the server group and command expiration time. This method is suitable for scenarios where you need to automate asset categorization during installation for fine-grained management.

Default command

Servers installed with the default installation command are assigned to the Ungrouped group. For more information about how to view and create server groups, see Manage server groups.

Custom command

Click Create Installation Command, configure the parameters for the command, and then click OK. On the Installation Command page, view and copy the new command. The following table describes the parameters.

Parameter	Description
Expiration Time	Specifies when the command expires. You cannot use an expired command to install the agent.
Service Provider	From the drop-down list, select the server's service provider.
Default Group	Select a server group. For more information about how to view and create server groups, see Manage server groups.
OS	Select the server's operating system.
Create Image System	Select No.
Access Method	Set the access method of the server to Public Endpoint. The server communicates with the Security Center service directly through a public IP address, without requiring an extra proxy or private connection.

Log on to the server and run the installation command with administrator or root privileges.
- Windows: In Command Prompt (CMD) or PowerShell, run the copied installation command to download and install the agent.
- Linux: In the command-line interface of the server, run the copied installation command to download and install the agent.

Batch image installation

Use cases

This method is suitable for creating servers at scale. It involves installing the agent on a template server without activation and then creating a custom image from that server.

Procedure

Prepare a template server and generate an image installation command
1. Prepare a clean server to use as an image template (no third-party security software installed).
2. Log on to the Security Center console.
3. In the left-side navigation pane, choose System Settings > Feature Settings. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.
4. On the Agent > Installation Command tab, click Create Installation Command, and configure the following parameters:
  - Create Image System: Select Yes. This is the most critical step.
  - Operating System: Select the operating system that matches the template server.
  - Other options (such as Default Group): Configure the options as needed. For more information, see Custom installation command.
Install the agent on the template server
1. Log on to the template server with administrator privileges.
2. Run the image installation command that you copied in the previous step. The script downloads the required agent files to the specified directory but does not start any service processes.
3. After the installation is complete, immediately shut down the template server. Do not restart the template server.
Create and use the image
Warning
- Do not restart the template server when you create the image.
- Before you use the same template server to create multiple images, make sure to uninstall and clean up the old agent, and then obtain a new installation command. This prevents registration failures from conflicting unique agent identifiers (agent IDs).
1. Use the powered-off template server to create a custom image. For more information, see Create a custom image.
2. Use the image to create a new instance. For more information, see Create an ECS instance from a custom image.
3. The agent automatically completes initialization when the new instance starts for the first time. It generates a unique agent identifier (agent ID) and connects to Security Center.

Installation in complex networks

Use cases

Security Center provides the following installation methods for complex network environments:

Access via proxy: For servers without direct Internet access.
Access by using a specified service endpoint: For external servers, servers with unstable network connectivity, multi-cloud environments with internal IP address conflicts, or access through an Alibaba Cloud private connection.

Procedure

Important

The host running this command must be able to access the Security Center service endpoints through the specified method, such as the public network, a proxy, a leased line, or a VPN.
This installation command does not support 32-bit Linux operating systems.

Proxy access

First, deploy and configure a proxy cluster. For more information, see Proxy access.
Log on to the Security Center console.
In the left-side navigation pane, choose System Settings > Feature Settings. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.
On the Agent > Installation Command tab, click Create Installation Command, and configure the following parameters:
- Access Method: Select Self-managed Proxy Cluster and select the created proxy cluster from the drop-down list. This is the most critical step.
- Create Image System: Select No.
  
  Note
  If you select Yes, follow the instructions in Batch installation using an image.
- Operating System: Select the operating system that matches the target server.
- Other options (such as Default Group): Configure the options as needed. For more information, see Custom installation command.
Use the generated command to install the agent. The agent will then communicate with Security Center through the specified proxy.

Specified endpoint access

Obtain the installation key: The installation key is the value after -k in the Default installation command generated in the console.

Select an installation command, and log on to the server to run it.

Important

Replace <YOUR_INSTALL_KEY> in the following commands with your actual installation key.

External servers and unstable networks

This installation command is suitable for scenarios where external servers access Security Center over unstable networks.

Linux

wget "https://update6.aegis.aliyun.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh  "-j=jsrv-abroad.aegis.aliyuncs.com|jsrv.aegis.aliyun.com" "-u=aegis.alicdn.com|update6.aegis.aliyun.com|update.aegis.aliyun.com" -k=<YOUR_INSTALL_KEY>

Windows

powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('https://update6.aegis.aliyun.com/download/install/2.0/windows/AliAqsInstall.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\AliAqsInstall.exe'))"; "./AliAqsInstall.exe '-j=jsrv-abroad.aegis.aliyuncs.com|jsrv.aegis.aliyun.com' '-u=aegis.alicdn.com|update6.aegis.aliyun.com|update.aegis.aliyun.com' -k=<YOUR_INSTALL_KEY>"

Multi-cloud IP conflicts

The Security Center agent uses internal domain names in the 100.0.0.0/8 CIDR block by default. These domain names may conflict with IP addresses from other cloud services and increase connection latency. To improve installation efficiency, you can specify a public network domain name for the connection.

Linux

wget "https://update.aegis.aliyun.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh "-j=jsrv.aegis.aliyun.com" "-u=aegis.alicdn.com|update.aegis.aliyun.com" -k=<YOUR_INSTALL_KEY>

Windows

powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('https://update.aegis.aliyun.com/download/install/2.0/windows/AliAqsInstall.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\AliAqsInstall.exe'))"; "./AliAqsInstall.exe '-j=jsrv.aegis.aliyun.com' '-u=aegis.alicdn.com|update.aegis.aliyun.com' -k=<YOUR_INSTALL_KEY>"

Alibaba Cloud private connection

This command is for servers within the Alibaba Cloud internal network. It prioritizes connecting through internal VPC endpoints to reduce public network traffic.

Linux

wget "https://update2.aegis.aliyun.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh "-j=jsrv2.aegis.aliyun.com|jsrv3.aegis.aliyun.com|jsrv4.aegis.aliyun.com|jsrv5.aegis.aliyun.com|jsrv.aegis.aliyun.com" "-u=update2.aegis.aliyun.com|update4.aegis.aliyun.com|update5.aegis.aliyun.com|update3.aegis.aliyun.com|aegis.alicdn.com|update.aegis.aliyun.com" -k=<YOUR_INSTALL_KEY>

Windows

 # Step 1: Download
 powershell -executionpolicy bypass -command "(New-Object Net.WebClient).DownloadFile('https://update6.aegis.aliyun.com/download/install/2.0/windows/AliAqsInstall.exe', '$env:TEMP\AliAqsInstall.exe')"
 # Step 2: Install
 powershell -executionpolicy bypass -command "& '$env:TEMP\AliAqsInstall.exe' '-j=jsrv2.aegis.aliyun.com|jsrv3.aegis.aliyun.com|jsrv4.aegis.aliyun.com|jsrv5.aegis.aliyun.com|jsrv.aegis.aliyun.com' '-u=update2.aegis.aliyun.com|update4.aegis.aliyun.com|update5.aegis.aliyun.com|update3.aegis.aliyun.com|aegis.alicdn.com|update.aegis.aliyun.com' -k <YOUR_INSTALL_KEY>"

Verify the installation status

After installation, use one of the following methods to verify that the agent is running:

Verify on the console: Check the agent status from the console without logging in to the server. This method relies on data synchronization, which typically has a delay of a few minutes.
Verify on the server: This provides immediate and accurate feedback on the server's local status. You must log in to the server and run commands, making it ideal for immediate confirmation or for troubleshooting installation issues.

Console (approximately 5-minute latency)

You can check the online status of the agent on the Host page of the Security Center console:

For an Alibaba Cloud server, the icon in the Agent column changes from to .
A non-Alibaba Cloud server appears in the server list, and the icon in the Agent column changes from to .

Important
The Security Center console automatically synchronizes asset information for installed agents every minute. Due to network conditions, information synchronization for non-Alibaba Cloud servers may be delayed after the agent is installed. If the server does not appear on the Host page, click Synchronize Assets to manually synchronize the asset information. For more information, see Synchronize Assets.

Server (real-time)

Verify that the installation was successful by checking the status of agent processes and the server's network connectivity.

Check the service processes: Check whether the core processes of the Security Center agent (AliYunDun, AliYunDunMonitor, and AliYunDunUpdate) are running on the server. For more information about the agent processes, see Security Center agent processes.

Linux

Run the following commands in a terminal:

# Check that AliYunDun, AliYunDunMonitor, and AliYunDunUpdate are all running.
ps -ef | grep -E 'AliYunDun|YunDunMonitor|YunDunUpdate'

# Check the service status. The output should show "active (running)".
systemctl status aegis

Expected output when all processes are healthy:

root        5472       1  0 Sep10 ?        00:00:18 /usr/local/aegis/aegis_update/AliYunDunUpdate
root        5524       1  0 Sep10 ?        00:01:34 /usr/local/aegis/aegis_client/aegis_12_61/AliYunDun
root        5546       1  0 Sep10 ?        00:03:13 /usr/local/aegis/aegis_client/aegis_12_61/AliYunDunMonitor

● aegis.service - LSB: Aegis service
   Loaded: loaded (/etc/rc.d/init.d/aegis; generated)
   Active: active (running) since Mon 2023-10-30 10:00:00 CST; 1 day 2h ago

If any of the three core processes is missing from the ps output, or the service status is not active (running), the agent is not fully operational.

Windows

Use one of the following methods.

Method 1: Open Task Manager and check that AliYunDun, AliYunDunMonitor, and AliYunDunUpdate appear in the process list.

Method 2: Run the following commands in PowerShell:

# Check that the three core processes are running.
Get-Process | Where-Object {$_.Name -match '^(AliYunDun|AliYunDunMonitor|AliYunDunUpdate)$'}

# Check the service status. The Status column should show "Running".
Get-Service | Where-Object {$_.Name -match 'Aegis|AliYunDun'}

Expected output when all processes are healthy:

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
    380      26    15948      19656     615.75   6072   0 AliYunDun
    599      31    47576      37356     968.73   2488   0 AliYunDunMonitor
    257      14     8072      11336     232.03   2904   0 AliYunDunUpdate

Status   Name               DisplayName
------   ----               -----------
Running  Alibaba Securit... Alibaba Security Aegis Detect Service
Running  Alibaba Securit... Alibaba Security Aegis Update Service

If any core process is missing or a service status shows anything other than Running, the agent is not fully operational.

Check network connectivity: On your server, run the following command to check whether you can connect to the Security Center service endpoint on port 443 or 80. If the connection is successful, the terminal displays a Connected to ... message. If the connection fails, a Connection refused or Connection timed out message is returned.

Note
Make sure that the server can connect to at least one jsrv domain name and one update domain name. The jsrv domain name is used to issue instructions, such as vulnerability scans and virus detection. The update domain name is used to download and update agent plugins.
- telnet jsrv.aegis.aliyun.com 443
- telnet jsrv2.aegis.aliyun.com 443
- telnet jsrv3.aegis.aliyun.com 443
- telnet update.aegis.aliyun.com 443
- telnet update2.aegis.aliyun.com 443
- telnet update3.aegis.aliyun.com 443

Troubleshooting

Installation command failure

If the agent installation command fails to run, refer to the following common causes and solutions.

Insufficient script execution permissions

Symptom: The system returns a Permission denied error when you run the installation script.

Resolution: Switch to an account with administrator or root permissions and run the installation command again.

Self-protection

Symptom: Reinstalling the Security Center agent fails after a virus is removed. An error message indicates that self-protection is running and prompts you to uninstall or disable it on the Security Center console first.

Resolution: Restart the server. This action disables the self-protection process, which allows you to install the agent.

Important

Assess the potential risks before you proceed.

Agent offline

An offline status on the console indicates that the agent has lost communication with the service. The following sections describe common diagnostic steps and solutions.

Agent processes

Diagnostic steps: Verify that the two core processes, AliYunDun and AliYunDunUpdate, are running.

Linux: Run the ps -ef | grep AliYunDun command to check.
Windows: Open Task Manager and go to the Details or Services tab to find the related processes and services.

Resolution: Manually restart the agent processes.

Linux

Run the following commands to restart the processes.

Stop the related processes:

killall AliYunDun
killall AliYunDunUpdate

Start the latest version of the agent.

In the /usr/local/aegis/aegis_client directory, find the aegis_10_xx folders and select the one with the highest version number.

For example, among aegis_10_70, aegis_10_73, and aegis_10_75, select aegis_10_75.
```
/usr/local/aegis/aegis_client/aegis_10_xx/AliYunDun
```

Windows

In the Services panel, restart the two Security Center services: Alibaba Security Aegis Detect Service and Alibaba Security Aegis Update Service. To do so, right-click each service and select Restart.

Network connection

Diagnostic steps: Verify that your firewall or security group allows outbound traffic to the Security Center service IP addresses or domain names, such as jsrv.aegis.aliyun.com or update.aegis.aliyun.com. The agent can also go offline if the server cannot connect to the Security Center service.

Note

For more information about the Security Center service IP addresses and domain names, see Appendix: Agent communication endpoints (domain names and IP addresses).

Resolution:

Verify that the DNS service on the server is running correctly.

If the DNS service is not running, restart the server or troubleshoot the DNS service.
Check if network access policies are configured on the server.
1. Firewall ACL rules
  
  Add the Security Center service IP addresses or domain names to your firewall's allowlist to permit network access. You only need to configure rules for outbound traffic.
  
  Note
  If you use Alibaba Cloud Firewall, see Create an outbound access control policy for traffic from an internal network to the Internet for instructions.
  
  Example firewall configuration (iptables):
```
# Allow access to the control service
iptables -A OUTPUT -p tcp -d jsrv.aegis.aliyun.com --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -d jsrv.aegis.aliyun.com --dport 80 -j ACCEPT

# Allow access to the update service
iptables -A OUTPUT -p tcp -d update.aegis.aliyun.com --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -d update.aegis.aliyun.com --dport 80 -j ACCEPT
```
2. Alibaba Cloud security group rules
  
  If you use an ECS instance, see Manage security groups for specific steps.
  
  Note
  Allow outbound traffic to the Security Center CIDR blocks. You can either leave the port unrestricted or allow traffic on ports 80 and 443.
  
  The following is an example configuration for the 100.100.0.0/16 CIDR block:
  - Direction: Outbound
  - Authorization policy: Allow
  - Protocol type: TCP
  - Port range: 80/443
  - Authorization object: 100.100.0.0/16

System resources

Diagnostic steps:

Verify that the server has sufficient resources. The agent may stop running if server resources are exhausted.

CPU/Memory: Use top (Linux) or Task Manager (Windows) to check the usage.
Disk space: Use df -h (Linux) or This PC (Windows) to check the remaining disk space.

Resolution:

High resource usage
- If the AliYunDun process is the cause, contact technical support and provide the relevant logs.
- If other business processes are the cause, optimize your applications or consider upgrading the server configuration.
Insufficient disk space: Delete unnecessary files to free up disk space.

Duplicate agent IDs

Diagnostic steps: This issue often occurs when you create multiple servers from the same system image. Check if the uuid field in the following configuration files is duplicated across multiple servers.

Linux: /usr/local/aegis/aegis_client.conf
Windows:
- 32-bit: C:\Program Files\Alibaba\aegis\aegis_client.conf
- 64-bit: C:\Program Files (x86)\Alibaba\aegis\aegis_client.conf

Resolution:

Before creating multiple images from a single template server, uninstall and clean up the old agent, and then obtain a new installation command.

Software conflicts

Diagnostic steps: Check if other Host-based Intrusion Detection System (HIDS), Endpoint Detection and Response (EDR), or antivirus software is installed on the server. Such software can conflict with the Security Center agent.

Resolution:

Disable or uninstall the third-party security software. After the Security Center agent is installed, you can restart or reinstall the original software as needed.

Agent logs

Diagnostic steps: Review the agent logs for specific error messages. The log files are located in the following directories:

Linux: /usr/local/aegis/aegis_client/aegis_12_xx/data/.

Note
The aegis_xx_xx placeholder represents the version directory for the running agent. To find the exact path, check the output of the ps -ef|grep AliYunDun command.
Windows: C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_xx\data\.

Resolution:

Troubleshoot the issue based on the error messages in the logs. If you cannot resolve the issue, contact technical support and provide the complete log files.

Agent Troubleshooting feature

Security Center provides the Agent Troubleshooting feature to perform a comprehensive check on the agent. This feature allows you to quickly identify issues, such as system exceptions caused by the agent, high CPU usage of agent processes, installation failures, or unexpected offline status, and provides potential causes and solutions. The following section describes the procedure and provides an example configuration:

In the left-side navigation pane, choose Assets > Host.
On the Host page, on the Server tab, select the server to troubleshoot. In the More Operations menu, click Agent Troubleshooting.
After configuring the check requirements, click Start Check.
- Issue Type: Overall Check (Unknown Issues).
- Mode: Enhancement Mode.
  
  Note
  Enhancement mode collects and reports agent-related data, such as network, process, and log information, to Security Center for analysis. The check takes about 5 minutes.
After the check is complete, view the result in the Agent Task Management panel in the upper-right corner of the Host page.
On the task details page, follow the solution provided in the Result column.

Important
If no solution is provided in the Result column, click Download Diagnostic Logs. Then, submit the exported diagnostic logs and your Alibaba Cloud account ID (AliUid) to Security Center technical support for further analysis.

Appendix: Agent communication endpoints

Wildcard domains

Domain name	Business type
`*.aegis.aliyun.com`	Enables communication between the agent and the Security Center server.
`*.aegis.aliyuncs.com`
`*.alicdn.com`	CDN domain for downloading static files for Security Center.

IP address ranges

IP address range	Business type
`100.100.0.0/16`	Private IP address range for Security Center servers.
`106.11.248.209`	Public IP addresses for Security Center servers.
`106.11.250.224`
`8.153.161.116`
`47.117.157.227`
`106.14.18.21`
`8.153.86.12`
`8.153.199.39`
`8.153.93.165`
`139.196.179.111`
`106.14.97.100`
`47.236.52.221`
`47.245.118.16`
`47.236.237.12`
`47.237.189.170`
`43.106.19.196`
`47.84.136.231`
`106.14.104.2`
`47.116.1.151`
`47.116.0.190`

Domain names

Region	Domain name	Use case	Business type
Chinese Mainland	`jsrv.aegis.aliyun.com`	Accessing Security Center over the public network.	Persistent TCP connections
	`jsrv2.aegis.aliyun.com`	Accessing Security Center over a private network.
	`jsrv3.aegis.aliyun.com`	Accessing Security Center over Classic Network (to be deprecated).
	`jsrv4.aegis.aliyun.com`
	`jsrv5.aegis.aliyun.com`
	`update.aegis.aliyun.com`	Accessing Security Center over the public network.	HTTP short-lived connections
	`update2.aegis.aliyun.com`	Accessing Security Center over a private network.
	`update3.aegis.aliyun.com`	Accessing Security Center over Classic Network (to be deprecated).
	`update4.aegis.aliyun.com`
	`update5.aegis.aliyun.com`
	`aegis.alicdn.com`	Enables the agent to download static files from the public CDN.	File download
Outside Chinese Mainland	`jsrv-inter-abroad.aegis.aliyuncs.com`	Accessing Security Center over the public network.	Persistent TCP connections
	`jsrv2.aegis.aliyun.com` `jsrv-intra-abroad.aegis.aliyuncs.com`	Accessing Security Center over a private network.
	`jsrv-classic-abroad.aegis.aliyuncs.com`	Accessing Security Center over Classic Network (to be deprecated).
	`update-inter-abroad.aegis.aliyuncs.com`	Accessing Security Center over the public network.	HTTP short-lived connections
	`update2.aegis.aliyun.com` `update-intra-abroad.aegis.aliyuncs.com`	Accessing Security Center over a private network.
	`update-classic-abroad.aegis.aliyuncs.com`	Accessing Security Center over Classic Network (to be deprecated).
	`aegis-abroad.alicdn.com`	Enables the agent to download static files from the public CDN.	File download

FAQ

Installation and uninstallation

How do I uninstall the agent?

Security Center provides two uninstallation methods: one-click uninstallation from the console and manual uninstallation. For more information, see Uninstall agent.
Can I restart the template server when I create an image?

No. After you run the image installation command, you must immediately shut down the server to create the image. A restart activates the agent on the template server and generates a fixed instance ID. Servers created from this image will fail to report data due to ID conflicts.

Assets and groups

After I manually install the agent, to which group is the server automatically added?

Servers installed using the default installation command are automatically assigned to the Ungrouped group. You can specify a Default Group when you Create Installation Command, or you can manually change the server's group on the Host Assets page after installation.
Why can't I see my server in the Agent Not Installed list?

Possible reasons include the following:
1. The agent is already installed on the server.
2. The server is new, and its asset information has not yet been synchronized. Wait a few minutes or manually click Sync Now.
3. The server does not belong to the current Alibaba Cloud account or the selected region.

Other issues

Why does the agent hold file handles?

After the Security Center client is installed on the Windows server, its host security monitoring and detection process AliYunDunMonitor performs file system detection, it will proactively hold folder handles to achieve deep traversal. The behavior of occupying handles is an official component behavior of the Security Center, which complies with industry standards. The handles will be automatically released after the scan is completed, and will not be occupied.
Why is the Cloud Assistant offline, but the Simple Application Server console can still send commands normally through the Cloud Assistant?

Security Center does not support Cloud Assistant status synchronization for Simple Application Server. Therefore, even if Security Center displays the Cloud Assistant as offline, the Simple Application Server console can still send commands normally.