Why do I have a false detection?
With Acronis Cyber Protect Home Office, Acronis Cyber Protect you gain real-time protection with AI-based static and behavioral heuristic antivirus, antimalware, antiransomware, and anticryptojacking technologies. It means that it uses heuristics and analyzes software behavior, rather than relies on signatures only.
Below there's a way to share this information with us.
Definitions
False Positive Case – when you receive an alert about an application or URL you know is benign
Example: AV software on your computer incorrectly identifies a harmless program as a malicious one.
False Negative Case – when the software fails to block a threat
Example: you scan a binary with a confirmed virus and the AV does not raise an alert.
How to report such cases to Acronis?
Please, collect the information described in the sections below (depending on the feature) and choose one of the following ways to report a problem:
How to send a false positive report
If the problem is not critical for you and if you would like to report a false positive or false negative case to Acronis and would not like to receive any response or participate in the investigation, you can simply report it to our cybersecuritylab@acronis.com . The report will be reviewed automatically and depending on the result, the fix might get included in one of the upcoming updates.
Please, collect all required information from the information collection section and send an email, attaching all the logs or files to it and send an email to cybersecuritylab@acronis.com
(!) Please note: no reply should be expected. If the binary in question is bigger than 20mb, please raise a support ticket.
How to raise a ticket with Support and investigate the issue
If you face a problem with false positive or false negative detection and would like to investigate it and work with our support, please contact Acronis Support .
(!) Please note: Acronis Support does not provide incident response services and only investigates product behavior in certain situations.
Expand All / Hide All
Active Protection, Antivirus & Antimalware Protection
The Antivirus and Antimalware protection module allows you to protect your Windows and macOS machines from all recent malware threats.
It protects a system from malicious software known as ransomware, cryptominers and more.
False Positive Case
Symptoms
You received an alert about suspicious activity.
Example of alert:
Suspicious activity is detected: Several files were renamed using a well-known ransomware extension.
Alert is raised when Acronis Active Protection detects a suspicious process in the system. It can be either an unsigned binary or unusual behavior of 3rd party software.
Information needed
Description of false positive. Does it happen regularly? Is the application known? Why do you think this is a false positive?
Screenshot of the alert you are receiving
Zipped binary in question (please, protect ZIP archive with password)
Please collect System Report from the affected machine:
(!) To exclude the files from the Active Protection search, configure exclusions in Antivirus & Antimalware protection settings. Please refer to Acronis Cyber Protect 15 or Acronis Cyber Protection Service user guide pages.
False Negative case
Symptoms
Systems are infected with ransomware or crypter and active protection did not detect and stop the malicious process in the system.
Acronis Active Protection has a defined scope of protection and a set of mechanisms to counter ransomware attacks. We are constantly working on expanding them to cover more possible scenarios, but it is possible that new ransomware attacks, that we have not implemented protection against yet.
Information needed
Description of the false negative. Is the application known? Why do you think this is a false negative? What type of threat do you suspect it is? Any additional details you could share about the threat?
Zipped binary you consider to be harmful (please, protect ZIP archive with password)
Please collect System Report from the affected machine:
URL Filtering
URL filtering scans all web traffic and helps block malicious content. Both HTTP and HTTPS connections will be checked.
Example - A phishing website (sometimes called a "spoofed" site ) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate website. URL filtering feature blocks phishing websites. It can also block/allow various kinds of categories .
False Positive case
Symptoms
If a website is not malicious and URL filtering is blocking it.
Alert is raised when URL filtering assumes a website malicious.
If you would like us to put it into allow list, please, send us the information from the list below
Information needed
Description of false positive. Does it happen regularly? Is the site known to you?
Screenshot of the alert you are receiving
Link to the page getting blocked. Note raise a support ticket .
Optional: this article and enclose the link
(!) To exclude the site from URL filtering, please refer to Acronis Cyber Protect 15 or Acronis Cyber Protection Service user guide pages.
False Negative case
Symptoms
If a website is malicious and URL filtering is not detecting it as harmful.
Example – If you confirmed the site does phishing attacks / Sensitive data is stolen by a phishing website used by employees and URL filtering did not detect the website as malicious.
Information needed
Description of false negative. Is the site known to you? Why do you think this is a false negative? Any details you can share about the site?
Link to the page you consider malicious. Note raise a support ticket .
