Why this alert is displayed:
Active Protection protects a system from malicious software known as ransomware, which encrypts files and demands a ransom for the encryption key. This alert appears when Acronis Active Protection service detects a process encrypting files on a machine listed in the Active Protection plan.

When the alert is deactivated:
Click Clear to deactivate the alert.

How to troubleshoot:
Depending on the option you have specified in Active Protection plan, the malicious process is stopped, the changes made by the process are reverted or none actions have been taken yet and you need to resolve this issue manually.

Read details of the alert to find out which process is encrypting files and which files are affected.

If you decide that the process encrypting the files is sanctioned (false-positive alert), add this process to Trusted processes:

1. Open Active Protection plan.
2. Click Edit to modify the settings.
3. In Trusted processes, specify trusted processes that will never be considered ransomware. Specify the full path to the process executable, starting with the drive letter. For example: C:\Windows\Temp\er76s7sdkh.exe.