Acronis Active Protection

This article explains how to enable and gather kernel-mode logs of the file_protector.sys driver, also called file protector's debug logs. Usually they are only needed to troubleshoot a problem with the Active Protection feature of Acronis True Image 2018, when the usual logs do not allow to determine the root cause of the problem and to resolve it.

To get more detailed logs of the file_protector driver, please follow the steps below. To stop writing debug mode logs, simply reboot or shut down the computer.


This article explains where to find logs of Active Protection service and driver in Windows.


Acronis Active Protection service's logs

Acronis Active Protection service executable anti_ransomware_service.exe has the following location:

Windows 64-bit: "C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe"

Windows 32-bit: "C:\Program Files\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe"

This article describes a known issue with Acronis Active Protection when all four conditions, listed below, are met:

1) An external or built-in card reader for memory cards (SD, MMC, SM, XD, MS, MS-Pro and others) is connected and enabled.


any other kind of removable storage device without a mounted file system is connected, e.g. a removable storage device that appears after certain printer software is installed.

2) Acronis Active Protection service is shown as "Running" in the services list (open Windows Start menu, type services.msc and press Enter to access the list). If the service's status is "Stopped", the present KB article does not apply - please follow troubleshooting instructions from that article instead.

3) "Active Protection is off" status is displayed under "Active Protection" tab.

4) When you try to turn on Active Protection by clicking on the toggle switch, it changes to a three dots ("in progress"-like picture), and then returns back to the OFF position. The status message remains "Active Protection is off".


This article explains how to enable Active Protection if the tray icon is grayed out and the message says "Acronis Active Protection is turned off" when moving the mouse cursor over it:


Active Protection can be enabled either from the tray icon menu or from Acronis True Image main program's interface.


"Service is unavailable" message is shown in the right bottom part of the screen when Acronis tray monitor is unable to connect to Acronis Active Protection background service.

The message "Acronis Active Protection is inactive" is displayed when placing the mouse cursor over the grayed out tray icon:

This article instructs how to approach common issues with Active Protection in Acronis True Image 2018:

  • "Acronis Active Protection service is turned off" notification
  • "Service is unavailable" and "Acronis Active Protection service is inactive" messages
  • Toggle switch does not work when trying to enable Active Protection. "Active Protection is off" status
  • Legitimate applications are blocked
  • Computer becomes completely unresponsive
  • Operating system crashes (also known as BSOD, fatal system error, bug check)
  • Operating system becomes unbootable

Meeting Acronis Active Protection

Q: What is Acronis Active Protection?

A: Acronis Active Protection is an anti-ransomware technology developed by Acronis to bring peace of mind to its users, in addition to its world's leading backup, data protection and disaster recovery technologies.

Q: What is ransomware?


A third-party application runs slowly if Acronis True Image is installed.

Only those applications are affected, whose executable files (.exe) do not have a valid digital signature, AND modify a lot of files in a small period of time as part of its normal work.

To check if an executable file has a valid digital signature or not, follow the steps below:

Answers to frequent questions


Question: why a ransomware attack was not stopped by Acronis Active Protection? What happened?

Answer: there are many possible reasons, an investigation is required to determine the cause.

You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
4 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.