Resident programs are specifically managed for Unix and Linux systems.
Once a program that is not on the allowed list is found to be running, the system will immediately issue an alert.
The function of 【Running Programs】 is similar to 【Resident Programs】. Here are the differences between the two:

Running Programs
➢ Monitors specific important programs.
➢ Specifies a small number of running programs.
➢ Sets alarm values for the minimum and maximum number of running programs.

Resident Programs
➢ Monitors all running programs in the operating system whitelist, identifying those not listed.
➢ Can monitor up to 768 specified running programs.
➢ The alarm condition is unauthorized execution outside the specified range.

Although most servers are equipped with antivirus software for security, the Watchdog system further enhances host protection measures. The function of "Resident Programs" is one of the key features.

System Specifications for "Resident Programs"
➢ Detection Purpose: Confirm that running programs are on the allowed list.
➢ Monitoring Target: Program name.
➢ Alarm Conditions: Unauthorized running programs.
➢ Real-Time Information: Normal operation or alarm status.
➢ Information Collection: Records of alerts issued or resolved.
➢ Emergency Response: Immediate notification and execution of predefined programs.
➢ Alarm Threshold: Alert issued when a non-listed program is detected.