Security settings

To configure the general protection settings for Cyber Protection, go to Settings > Protection in the service console.

Automatic updates for components

By default, all agents can connect to the Internet and download updates.

An administrator can minimize the network bandwidth traffic by selecting one or several agents in the environment and assigning the Updater role to them. Thus, the dedicated agents will connect to the Internet and download updates. All other agents will connect to the dedicated updater agents by using peer-to-peer technology, and then download the updates from them.

The agents without the Updater role will connect to the Internet if there is no dedicated updater agent in the environment, or if the connection to a dedicated updater agent cannot be established for about five minutes.

Before assigning the Updater role to an agent, ensure that the machine on which the agent runs is powerful enough, and has a stable high-speed Internet connection and enough disk space.

To prepare a machine for the Updater role

  1. On agent machine where you plan to enable the Updater role, apply the following firewall rules:
    • Inbound (incoming) "updater_incoming_tcp_ports": allow connection to TCP ports 18018 and 6888 for all firewall profiles (public, private, and domain).
    • Inbound (incoming) "updater_incoming_udp_ports": allow connection to UDP port 6888 for all firewall profiles (public, private, and domain).

  2. Restart the Acronis Agent Core Service.

  3. Restart the Firewall Service.

If you do not apply these rules and the firewall is enabled, peer agents will download the updates from the Cloud.

To assign the Updater role to a protection agent

  1. In the service console, go to Settings > Agents.
  2. Select the machine to which you want to assign the Updater role.
  3. Click Details, and then enable the Use this agent to download and distribute patches and updates switch.

The peer-to-peer update works as follows.

  1. The agent with the Updater role checks by schedule the index file provided by the service provider to update the core components.
  2. The agent with the Updater role starts to download and distribute updates to all agents.

You can assign the Updater role to multiple agents in the environment. Thus, if an agent with the Updater role is offline, other agents with this role can serve as the source for definition updates.

Updating the Cyber Protection definitions by schedule

On the Schedule tab, you can set up the schedule for automatic update of the Cyber Protection definitions for each of the following components:

  • Antimalware
  • Vulnerability assessment
  • Patch management

To change the definition updates setting, navigate to Settings > Protection > Protection definitions update > Schedule.

Schedule type:

  • Daily – define on which days of a week to update definitions.

    Start at – you can select at what time to update definitions.

  • Hourly – define more granular hourly schedule for definition updates.

    Run every – define the periodicity for running definition updates.

    From ... To – define a specific time range within which the automatic definition updates will be performed.

Updating the Cyber Protection definitions on-demand

To update Cyber Protection Definitions for a particular machine on-demand

  1. In the service console, go to Settings > Agents.
  2. Select the machines on which you want to update the Cyber Protection definitions and click Update definitions.

Cache storage

Location of cached data:

  • On Windows machines: C:\ProgramData\Acronis\Agent\var\atp-downloader\Cache
  • On Linux machines: /opt/acronis/var/atp-downloader/Cache
  • On MacOS machines: /Library/Application Support/Acronis/Agent/var/atp-downloader/Cache

To change the cache storage setting, navigate to Settings > Protection > Protection definitions update > Cache Storage

In Outdated update files and patch management data, specify after what period to remove cached data.

Maximum cache storage size (GB) for agents:

  • Updater role – define storage size for cache on the machines with the Updater role.
  • Other roles – define storage size for cache on other machines.

Remote connection

Click Remote desktop connection, to enable the remote connection to machines via RDP client or HTML5 client. If it is disabled, then the Connect via RDP client / Connect via HTML5 client options will be hidden in the service console, and users will not be able to connect to machines remotely. This option affects all users of your organization.

Click Share remote desktop connection, to enable sharing the remote connection with users. As a result, the new option Share remote connection will appear in the right menu when you select a machine, and you will be able to generate a link to be shared with users for accessing the remote machine.