Active Protection in the Cyber Backup Standard edition

Active Protection protects a system from ransomware and cryptocurrency mining malware. Ransomware encrypts files and demands a ransom for the encryption key. Cryptomining malware performs mathematical calculations in the background, thus stealing the processing power and network traffic.

In Cyber Backup Standard edition, Active Protection is a separate module in the protection plan. Thus, it can be configured separately and applied to different devices or group of devices.

In all other editions of the Cyber Protection service, Active Protection is part of the Antivirus and Antimalware protection module.

Default setting: Enabled.

For Windows, Active Protection is available for machines running the following operating systems:

  • Desktop operating systems: Windows 7 Service Pack 1 and later

    On machines running Windows 7, ensure that Update for Windows 7 (KB2533623) is installed.

  • Server operating systems: Windows Server 2008 R2 and later

Agent for Windows must be installed on the protected machine. The agent version must be 12.0.4290 (released in October 2017) or later. To update an agent, follow the instructions in "Updating agents".

For Linux, Active Protection is available for machines running:

  • CentOS 6.10, 7.8 and later minor versions

  • CloudLinux 6.10, 7.8 and later minor versions

  • Ubuntu 16.04.7 and later minor versions

Agent for Linux must be installed on the protected machine. The agent version must be 15.0.26077 (released in December 2020) or later. For a list of supported Linux kernel versions, see https://kb.acronis.com/acronis-cyber-protect-cloud-active-protection-for-linux-kernel-versions.

How it works

Active Protection monitors processes running on the protected machine. When a third-party process tries to encrypt files or mine cryptocurrency, Active Protection generates an alert and performs additional actions, as specified in the protection plan.

In addition, Active Protection prevents unauthorized changes to the backup software's own processes, registry records, executable and configuration files, and backups located in local folders.

To identify malicious processes, Active Protection uses behavioral heuristics. Active Protection compares the chain of actions performed by a process with the chains of events recorded in the database of malicious behavior patterns. This approach enables Active Protection to detect new malware by its typical behavior.