The invention discloses security monitoring methods, security monitoring devices and a security monitoring system based on SGX (Intel Software Guard Extensions) and a storage medium. One of the methods includes: sending a downloading request instruction to a server to download corresponding software from the server; creating Enclave corresponding to the software; calling a memory reading function and an analysis function in the enclave, extracting a local first software feature value of the software, encapsulating the same in a verification service request, and sending the same to the server, which saves a second software feature value of the software, for matching to enable the server to send a protected certificate to a terminal according to a matching result; allowing the software to start when the certificate is trusted by judgment; and sending running data of the starting software to the server in a log manner to enable the server to monitor the running data of the software. The methods can ensure the legitimacy and the reliability of software running of the terminal.