68000: Acronis Cyber Protect Cloud: atp_database_mirror.exe consumes a lot of network bandwith and disrupts network connectivity

use Google Translate

Last update: 12-05-2021

Symptoms

atp_database_mirror.exe consumes a lot of network bandwith and disrupts network connectivity despite the license not allowing antimalware functions.

Approximately every 60-120 minutes the process "atp_database_mirror.exe" is opening thousands of connections to the internet at once.

In %ProgramData%\Acronis\AtpDatabaseMirror\Logs\atp_database_mirror.log, you can see these entries:

{"level":"info","timestamp":"2020-12-18T09:36:00.689+0100","caller":"common/logger.go:162","message":"[WWW_DIR] The current update version is 113082, updating from existing version 113083"}
{"level":"info","timestamp":"2020-12-18T09:36:00.827+0100","caller":"common/logger.go:162","message":"[WWW_DIR] Verifying the files to update ... "}
{"level":"info","timestamp":"2020-12-18T09:36:00.835+0100","caller":"common/logger.go:162","message":"[WWW_DIR] File 'Plugins/emalware.199.gzip' is missing, will be downloaded"}
{"level":"info","timestamp":"2020-12-18T09:36:00.838+0100","caller":"common/logger.go:162","message":"[WWW_DIR] File 'Plugins/emalware.283.gzip' is missing, will be downloaded"}
[...]
{"level":"warn","timestamp":"2020-12-18T09:36:15.375+0100","caller":"common/logger.go:170","message":"[WWW_DIR] Unable to download all files. 932 files remaining."}
{"level":"info","timestamp":"2020-12-18T09:36:15.375+0100","caller":"common/logger.go:162","message":"[WWW_DIR] Sleeping for 7s"}
{"level":"warn","timestamp":"2020-12-18T09:36:23.843+0100","caller":"common/logger.go:170","message":"[WWW_DIR] Unable to download all files. 932 files remaining."}
{"level":"info","timestamp":"2020-12-18T09:36:23.843+0100","caller":"common/logger.go:162","message":"[WWW_DIR] Sleeping for 7s"}

The updates never fully complete but end with the same error everytime.

Cause

Issue in the product

Solution

This issue has been fixed in Acronis Cyber Cloud 21.05.

As a workaround without updating, the customer could try to edit the config file to lower the amount of download workers.

On Windows: C:/Program Files/Acronis/AtpDatabaseMirror/atp_database_mirror.json
On Linux: /usr/lib/Acronis/AtpDatabaseMirror/atp_database_mirror.json

In the atp_database_mirror.json config file, lower the "download_workers" option from the default '100'. Something like 10 or lower could be sufficient if the primary goal is just not to overload the network. Minimum 1.

{
  "sysconfig": 
  {
    "port": "7777",
    "download_workers": 100,       <---------- Edit this number
    ...

More information

It is possible to disable it completely, however we should warn that this way further product updates might go in an unpredictable way. It will cause issues in the future with upgrade/downgrading to a product that require AV database mirroring. If that occurs, we do not have any automated process currently in place to 'fix' the config in those scenarios, so the customer may find themselves encountering errors in other components searching for the mirrored AV databases. So the customer should acknowledge the risk.

However, if it is still causing major issues with 1 download worker, removing the 'av_database' from the 'mirrorconfigs' JSON array will disable mirroring of AV databases entirely.

Find this section in atp_database_mirror.json:

    "mirrorconfigs": [
      {
        "name": "av_database",
        "subconfigs": [
          ...
        ]
      },
      {
        "name": "downloader_agent_indexes",
        "subconfigs": [
          ...
        ]
      }
    ]

Change it to:

    "mirrorconfigs": [
      {
        "name": "downloader_agent_indexes",
        "subconfigs": [
          ...
        ]
      }
    ]