Available in VPC
You might run into the following problems when using WebShell Behavior Detector. Find out causes and possible solutions.
Failed to quarantine the web shell file or recover the file.
The web shell file quarantine or file recovery was not performed.
Web shell file quarantine or file recovery failed.
Cause
The operation may fail if there are no files to quarantine or recover. The operation may fail if the file name to be changed already exists in the same path. There may be various situations, such as being already processed by another administrator.
Solution
Search for the error messages displayed on the screen and take action according to the suggested solution.
Adjust the detection alert interval.
The detection alerts are coming too frequently.
Cause
The Webshell Behavior Detector service sends notifications when web shell behavior is detected. However, due to the nature of web shell behavior, many commands may be executed in a short period of time, and if a notification is sent for each executed command, excessive alerts may occur.
Solution
You can adjust the interval settings according to your server environment. In the VPC environment of the NAVER Cloud Platform Console, navigate to 
> Services > Security > Webshell Behavior Detector > Notification Setting > Interval menu to adjust the alert transmission interval.
The alerts set in the Interval menu apply only to web shell detection alerts, and an alert will be sent only once within the notification cycle set by the user.
Agent error
The agent is displayed as not installed, even though it has been installed.
The agent was installed first before registering as a detection target.
Cause
To use the service normally, you need to register the detection target and then install the agent. If the agent is installed before registering the detection target, it may fail during the execution stage and the agent may terminate. Even if the detection target is registered afterwards, the console will show the agent as not installed.
Solution
To run a Agent, follow these steps: Proceed with root privileges.
- Perform one of the following methods.
- Run the script used for agent installation. Since the agent is already installed, the installation process will be skipped, and the agent will start running.
- Enter the commands
/opt/nbp/wbd/wbd_agent -s startto run agent.
- Check if the agent status in the console is Enable.
If you're still having trouble finding what you need, click on the feedback icon and send us your thoughts and requests. We'll use your feedback to improve this guide.