Active Protection

Introduction

This article explains how to enable Active Protection if the Tray Notification Center displays a message "Acronis Active Protection is turned off" :

Solution

Active Protection can only be enabled from Acronis True Image main program's interface.

Launch Acronis True Image, click the Active Protection tab, and then click the toggle to enable Acronis Active Protection:

Issue

I have the Active Protection and Lightweight Agent installed at the same time in Acronis Manager Standard with Antivirus (AV) protected VMs. Could this be causing issues with my scheduled Antivirus scans?

Issue

I am having issues reinstalling and upgrading Active Protection inside the VMs in Acronis Cloud Security. What might be causing this, and how do I fix it?

Resolution

To be able to figure out the root cause of some of the VMs in your environment having difficulties with reinstalling and upgrading Active Protection (AP), please perform the following troubleshooting steps:

1. On the VM having issues with the AP Installation

Symptoms

You are using Acronis True Image 2020 or later on Windows 7.

It is not possible to activate Acronis Active Protection: the option is grayed out. No error message appears.

This article applies only to Windows 7. If you face this issue on a different operating system, the issue is not covered in this article and requires investigation.

Cause

Windows update KB2533623 is required for Active Protection on Windows 7.

Symptoms

Acronis Active Protection stops on its own.

"Application error" event about anti_ransomware_service.exe is recorded in Windows Application event log (open Windows Start menu, type eventvwr.msc, press Enter, navigate to Windows Logs - Application).

Cause

Known issue with the software. The application crash occurs when the software is unable to parse configuration files.

Symptoms

After Update 5 (build 16180) installation, self-protection detects Acronis processes – mms.exe, managementserver.exe, service_process.exe – as suspicious:

Self-protection detected suspicious process 'C:\Program Files\Acronis\...'

Cause

Issue in the product.

Solution

This issue has been fixed in Build 16318, please update to the latest build.

Symptoms

  1. A tenant has (Legacy) Cyber Backup - Standard Edition,
  2. You create or edit a protection plan and successfully enable Active Protection in that plan,
  3. After clicking on Apply or Save, the Active Protection module is disabled:

Cause

Issue in the product.

Solution

This issue has been fixed in Acronis Cyber Cloud 21.05 Hotfix 1.

Answers to frequent questions

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Question: why a ransomware attack was not stopped by Acronis Active Protection? What happened?

Answer: there are many possible reasons, an investigation is required to determine the cause.

Why do I have a false detection?

With Acronis Cyber Protect you gain real-time protection with AI-based static and behavioral heuristic antivirus, antimalware, antiransomware, and anticryptojacking technologies. It means that it uses heuristics and analyzes software behavior, rather than relies on signatures only.

Symptom

A third-party application runs slowly if Acronis True Image is installed.

Only those applications are affected, whose executable files (.exe) do not have a valid digital signature, AND modify a lot of files in a small period of time as part of its normal work.

To check if an executable file has a valid digital signature or not, follow the steps below:

Symptoms

Alert Cyber Protection (or Active Protection) service is not responding appears on macOS 10.12 or earlier.

This article applies only to macOS versions earlier than 10.13. If this alert appears on a different system, see Troubleshooting "Cyber Protection (or Active Protection) service is not responding" alerts

Cause

Issue in the product.

Symptoms

  1. Machine is running Dentrix software,
  2. You receive false-positive alerts from Acronis Active Protection:

    Suspicious activity is detected
    On machine 'machine name', injection process within program '...\DENTRIX\...' modified file. The process has been stopped, and the file changes have been reverted.

Cause

The behavior is by design. 

Dentrix software is being monitored by Active Protection because it does not have a valid signature.

Symptoms

  • User receives a false positive alert about a suspicious process from Active Protection,
  • You want to exclude the process from Active Protection (add it to Trusted processes), but there is no exact path for exclusion: e.g. the process has a new name or a new location by each run. Exclusion of the whole folder where the process is located does not help.

Cause

Symptoms

You receive the following alert:

Cyber Protection (or Active Protection) service is not responding

Cause

Alert is raised when Acronis Active Protection service or Acronis Cyber Protection service has been enabled for this machine, but is not started or does not respond.