Release date:April, 2023

Table of contents

What's new

Acronis Cyber Protect Cloud

Advanced Security + EDR General Availability

Ensure business continuity with unique pre-integrated IDENTIFY, PROTECT and RECOVER capabilities to DETECT, analyze and RESPOND to advanced attacks that sneak past other endpoint defense systems.

Acronis Advanced Security + Endpoint Detection and Response (EDR) is an advanced pack that supports Per workload and Per gigabyte licensing models.

Acronis Advanced Security + Endpoint Detection and Response (EDR) enables you to:

Detect advanced persistent and zero-day attacks that sneak past other endpoint defenses.

Rapidly analyze and respond with a guided attack interpretation mapped to the MITRE ATT&CK framework.

Enjoy true business continuity with pre-integrated, best-of-breed backup and disaster recovery capabilities.

As a Partner or Customer administrator, you can:

View a list of all incidents detected by EDR, together with various widgets that provide useful statistics in a single interface.

Investigate individual incidents with full visibility into the activities carried out by the suspicious or malicious threat.

View assets, such as files and registry entries, that were modified by the malicious threat, and decide on the response actions to take.

Remediate an incident:

Within an incident, you can choose to remediate the entire incident (Single click response) or to remediate specific nodes within the cyber kill chain graph.

Response actions include rollback changes, quarantine processes/files, isolate the workload, add to a blocklist, and many others.

Perform automated searches for Indicators of Compromise (IoCs), using threat intelligence data from Acronis CPOC.

Searches are conducted on all workloads protected by EDR.

Any discovered IoCs will be quarantined and deleted.

RMM/PSA Integrations

ConnectWise Asio version 2.1

ConnectWise RMM is a ConnectWise Asio platform service. Many MSPs use ConnectWise RMM with its Network Operations Center (NOC) services. ConnectWise NOC technicians perform routine and low-level tasks, allowing the MSP to focus on high-value tasks. Until now, NOC engineers did not have direct access to the Acronis management portal. Starting with release C23.04, ConnectWise can use the portal to extend its NOC services to manage Acronis services on behalf of their MSPs, helping to grow both Acronis and NOC services.

Partners can outsource Acronis management to ConnectWise NOC services, allowing partners to grow faster.

ConnectWise NOC engineers can access the Acronis management portal for the customers they manage on behalf of Acronis partners. For example, when an Acronis alert is generated, it is converted to a ticket in ConnectWise Asio. NOC engineers can access the Customer tenant account in Acronis by pressing a button.

ConnectWise can now sell Acronis products, together with its NOC services.

End of support for macOS versions 10.10, 10.11, and 10.12

Starting in July 2023, with the release of Acronis Cyber Protect Cloud 23.07, we will end the support of the following macOS versions:

  • OS X 10.10 Yosemite
  • OS X 10.11 El Capitan
  • macOS 10.12 Sierra

Updated Components

Cyber Protection agent

The Acronis Cyber Protection agent has new versions as follows.

  • Acronis Cyber Protection Agent for Windows (v.15.0.32XXX)
  • Acronis Cyber Protection Agent for Mac (v.15.0.32XXX)
  • Acronis Cyber Protection Agent for Linux (v.15.0.32XXX)

See the release notes for the Acronis Cyber Protection agent here.

Changes in Acronis Cyber Cloud API

You can find the history of changes in Acronis Cyber Cloud API in the dedicated API change log document.

Fixed issues

This section describes issues that have been fixed in this update.

Acronis Cyber Protect Cloud

  • Advanced Disaster Recovery

    • [DRAAS-26857] Site-to-site VPN configuration improvements.
    • [DRAAS-26823] Multiple tasks of type "runvm_gateway_port_delete" failed with error "Failed to delete port for network".
    • [DRAAS-27865] Scheduled backups do not run at the expected time.
    • [DRAAS-28206] Test failover fails with error "UnhandledPanic".
    • [DRAAS-28135] Test failover fails with error " RunVmOsMissing".
    • [DRAAS-27792] Unable to turn off Disaster Recovery in protection plan for disk/volume.
    • [DRAAS-28199] Disaster Recovery icon is visible with in a customer with enabled "Enhanced security mode".
    • [DRAAS-28151] Link caption is wrong for OpenVPN Client download link.
    • [DRAAS-27718] Production failover fails to stop due to non-cancelled backup.
    • [DRAAS-28347] Production failover fails with finalization error.
    • [DRAAS-27594] Custom period filter for Activities does not work.
    • [DRAAS-28129] VPN Gateway deployment fails.
  • Advanced Security + EDR

    • [AMP-16707][AMP-15551] High disk usage on Temp files when Antimalware Protection is enabled.
  • Backup and recovery

    • [ABR-365598] Backup fails with error "Credentials object not found".
    • [ABR-199059] Backup fails with error "The backup has failed because 'System Writer' has timed out during the snapshot creation."

    • [ABR-337268] [Plesk] The protection plan cannot be applied or updated as the existing quota of the device does not allow the requested functionality.
    • [ABR-361576][ABR-365534] The "Next Backup" field shows date in the past.
    • [ABR-364459] A new backup fails to be created for a tenant if there is a corrupted archive in the tenant's directory.
    • [ABR-365015] The "acrocmd" utility selects wrong volume for a backup.
    • [ABR-363582] "There are no backups" is displayed in the backup storage after backup succeed.
    • [ABR-364598] The "acrocmd" utility's "list archives" command fails to list archives in Cloud location.
    • [ABR-364035] Upgrading ASRM activity is shown as "Deactivating ASRM" in Activities log.
    • [PLTFRM-45490] [Microsoft 365] Performance of Microsoft 365 degraded on EU1 datacenter.
    • [DEV-10317] [Microsoft 365] Backup of Microsoft 365 fails with error "[Archive Server]: internal error".
    • [ABR-363137] [Microsoft 365] Backup of Microsoft 365 fails with error "The following quota is reached: Number of protected Microsoft 365 seats" even though the quota is set to "Unlimited".
    • [ABR-361980] [Microsoft 365] Backup of Microsoft 365 fails with error "unknown license error".
    • [ABR-364497] [Microsoft 365] Deletion of Microsoft 365 backup fails with "internal error".
    • [ABR-364862] [Google Workspace] Backup of Google Workspace fails with error "Cannot get the list of files stored in Google Drive: '[Archive Server]: server instance mismatch".
    • [ARC-522] [Microsoft 365] Backup of Microsoft 365 fails with error "[Archive Server]: server instance mismatch".
    • [ARC-168] Backups to NAS fail with data corruption or CRC mismatch errors.

    • [ABR-364189] [Microsoft 365] Backup of Microsoft 365 fails with error "[Archive Server]: net/http: request canceled (Client.Timeout exceeded while awaiting headers)".
    • [ABR-362881] [Microsoft 365] Browsing of a huge (9TB+) Microsoft SharePoint Online site archive fails via UI of Cyber Protection console.
    • [ABR-363336] [Microsoft 365] Backup of Microsoft 365 fails due to catalog indexing error "Failed to read diffItems".
    • [DF-3718] [Microsoft 365] Indexing metadata is randomly fails for a specific Microsoft SharePoint Online site.
    • [ABR-364332][ABR-364760] [Microsoft 365] Backup of Microsoft SharePoint Online site stuck or fails with error "[Archive Server]: archive session not found".
    • [ABR-365136] [Microsoft 365] Incorrect date for the last weekly backup of a Microsoft SharePoint Online site.
    • [ABR-365735] [Microsoft 365] Agent crashed during the backup of Microsoft Teams due to a change in the Microsoft API.
    • [ABR-362784] Backup validation via "acrocmd" utility's fails with error "The password for the protected backup is incorrect".
    • [ABR-364749] [Virtualization] Editing of a virtual machine replication plan fails with error "Failed to get the instance with ID".
  • Common

    • [ABR-365503] Editing of a protection plan fails with error "The encryption password was not found in the credentials store".
    • [ABR-364027] Creation of a protection plan with main group and resources in a device simultaneously fails via the Management tab.
    • [ABR-365666] Adding a comment to a workload fails in Settings → Agent tab.
    • [ABR-365633] Alerts fail to load at Monitoring → Alerts page.
    • [PLTFRM-49900] Adding a new protection plan is slow.
    • [ABR-361906][ABR-361908] Selection of specific files and folders is lost when expanding network folders during protection plan editing.
    • [ABR-362911] Exclusions are reset when a protection plan is applied to a group via the Plans.
    • [ABR-364000] The button "Search for solution" leads to instead of
  • Cyber Protection Agent

    • [ABR-364157] [macOS] The Cyber Protect Monitor crashes when manually started on a Mac with an ARM CPU (M1, M2, etc).
    • [ABR-357106] Registration of an agent on Windows XP fails with the error "x509certificate signed by unknown authority".
    • [ABR-199115] Installation fails with unclear error "An error occurred".
  • Dashboards and reports

    • [ADP-19569] Moving tenants can result in some monitoring widgets becoming unavailable for parent tenants.
    • [ADP-27803] Custom report not sent due to temporary issue in EU2 datacenter.
  • File Sync & Share

    • [PLTFRM-50989] Registration of the File Sync & Share agent fails with an error about insufficient service quota, while the actual reason is insufficient user rights.
  • Management

    • [ADP-27667] Patches that are not applicable are reported as warnings instead of being ignored.
    • [ADP-27685] Patch Management updates HP Firmware without permission.
  • Security

    • [ADP-26996] Network Isolation Unit crashes if it cannot initialize wdf_plugin.dll.
    • [PLTFRM-50885] Threat feed fails to load if there no Advanced Security + EDR pack enabled for a customer.
    • [ADP-27053] Update of Cyber protect definitions fails with error "Failed to apply NGMP definitions".
    • [PLTFRM-50857][ADP-27704] There is high CPU usage when enabling Active Protection.
    • [ADP-27155] [Linux] No vulnerabilities displayed under "Software Management" → "Vulnerabilities" after running vulnerabilities scan.
    • [AMP-15967][AMP-16045] There is high CPU usage when enabling Real-time protection.
  • Management Portal and Platform Core

    • [PLTFRM-50022] No option to reset 2FA in Management Portal.
    • [PLTFRM-50750] After restoring a tenant, 2FA status of a user is disabled, even though 2FA was enabled on tenant level.
    • [PLTFRM-50718] Login fails after password reset.
    • [PLTFRM-50514] The Let's Encrypt custom URL branding configuration is stuck in a 'Configuration in progress' state.
    • [PLTFRM-36639] The "Immutable storage" option can be enabled for a tenant without configured 2FA.
    • [PLTFRM-48531] Personal tenant can be disabled separately from the user via API.

Known issues and limitations

This section describes issues that are currently known and provides solutions to avoid the issues where possible.

Acronis Cyber Protect Cloud

  • Common

    • [ABR-306459] Backup finished with error "A device attached to the system is not functioning" on specified machine.
    • [ABR-228827] If some backup is removed via the Data Recovery (Web Restore) console, this change is not reflected in the service console while browsing the backup location, until the service console is refreshed.
    • [ABR-196710] The backup location on the network share usage is duplicated in the case when there is a different network share with the same name registered as a backup location (shares rotation scenario).
    • [ABR-189620] The "Activities summary" widget shows activities out of the defined date "Range" scope (excessive activities may be shown).
    • [ABR-184900] Local backup usage is not reported for backups stored on a network share with enabled deduplication.
    • [ABR-183764] Local backup usage is not updated for all virtual machine backups after deleting and re-adding a network location.
    • [ABR-182313] Local backup usage size is duplicated after reconnecting a locally attached storage (LAS) to a new Agent for VMware (Virtual Appliance).
    • [ABR-178648] The installer does not remove/update old libraries if the previous update was interrupted.
    • [ABR-154655] The protection plan may have the "Backup succeeded" status, even if this plan is completed with warnings. Alerts and activities still show the proper status of the plan.
    • [ABR-190404] It is not possible to recover from the Large Scale Recovery backup produced by the "LSR" tool if the backup is split into multiple separate files (multi-volume).
    • [ABR-158677] "Intel(R) 82574L Gigabit Network Connection" NIC is not properly recognized by Windows 10 after recovery of an image to a VMware Workstation virtual machine by using the bootable media.
    • [ADP-17122] Backups Scanning does not work properly with orphaned archives.
  • Cyber Protection Agent

    • [ABR-87244] File-level recovery from a disk/volume backup of NTFS volumes with the enabled native deduplication does not work.
  • macOS protection

    • [ABR-207057] The Bulgarian language is missing in the "Recovery HD" menu (bootable media for Mac), due to a lack of support for the Bulgarian language in macOS.
    • [ABR-141823] There are incorrect backup items in a protection plan after updating Mac OS X to 10.13 High Sierra with conversion from HFS+ to APFS (some backup items are missing).
    • [ABR-137886] Backing up Mac with Apple RAID configured fails with the "No volumes were found when processing the 'Fixed Volumes' template" error. Apple RAIDs are not supported.
    • [ABR-115270] The "[All Profiles Folder]" template in a file-level backup does not support a custom profile path.
  • Microsoft 365, Google Workspace, and other applications protection

    • [ABR-74984] The "Next backup" time is not displayed for a machine that has only application-level protection plans applied to it.

    • [PLTFRM-18969] It is not possible to protect Microsoft SQL on a machine with a workstation operating system, in case Agent for Hyper-V is also installed among local agents.

    • [ABR-255521] The number of total runs and successful runs is zero for the Microsoft Office 365 resources.

  • Virtualization protection

    • [ABR-320237] Debian 10 EFI VM with enabled Secure Boot is not bootable after recovery of backup captured from VMware ESXi to VM on Scale Computing HC3

      • Solution: disable Secure Boot in EFI boot manager configuration after recovery

    • [ABR-320149] Recovery of backup for machine which contains a mix of IDE and SCSI drives, to Scale Computing VM, produces a VM which misses 1 disk (non-system SCSI disk is not restored)

    • [ABR-242166] An application-aware backup of a Hyper-V virtual machine may fail when executing the WMI query, with the "WMI 'ExecQuery' failed executing query." or "Failed to create a new process via WMI" errors, when the backup is performed on a host under a high load, due to no response from WMI.

    • [ABR-235983] A protection plan using policy rules such as "/dev/sdaX" or "/sdaX" applied to a VMware or Hyper-V virtual machine fails with the "Nothing to back up. The operation has been terminated." error, when performed by Agent for VMware/Hyper-V.

    • [ABR-234935] There are duplicated activities in the Activities summary, after the backup of a virtual machine running on a Hyper-V cluster.

    • [ABR-234935] An incorrect number of Total runs/Number of successful runs for a Hyper-V cluster is shown on the Operations tab.

    • [ABR-234935] The number of email notifications is equal to the number of Hyper-V cluster nodes for one VM backup activity.

    • [ABR-192213] VMware virtual machines with an empty "vc.uuid" (InstanceUUID) vSphere property are not listed in the service console.

    • [ABR-189882] Backup of a Hyper-V virtual machine fails if it contains an ampersand symbol in the names of its virtual disks.

    • [ABR-173002] Run VM from a backup on a Hyper-V host fails, if the backup is located on the same volume as the path selected for the mounted VM disks.

      • Solution: Select a different volume for the mounted VM disk path. The space will be consumed only for changes generated inside the mounted VM and it will not occupy the entire size of the virtual disk.

    • [ABR-137564] Cross-platform recoveries (when the backup was created not by Agent for Hyper-V) into a new Hyper-V virtual machine by Agent for Hyper-V always produces the Gen 1 version of virtual machine.

    • [ABR-115430] A "backup is missing for X days" alert is activated even if the backup plan is not scheduled, but has this alert option enabled in its settings.

    • [ABR-104081] A VM replication plan may fail due to network disconnects between source and target ESXi hosts even if the "Error handling" option is enabled.

    • [ABR-85645] Backup of a virtual machine with Active Directory may complete with warning "MFT bitmap is corrupted."

    • [ABR-183082] Recovery of a Linux machine having some volumes with the XFS file system completes with the "Failed to process the boot loader configuration." warning. The machine is bootable despite the warning.

  • Data Loss Prevention and Device control

    • [DEVLOCK-1558] In rare cases, Acronis Cyber Protect Agent setup hangs at upgrading due deadlock in Agent for DLP.
    • [DEVLOCK-4028] There is no control of chats for Zoom desktop agent.
    • [DEVLOCK-3717] Automatic internal hosts recognition fails in some scenarios for HTTP servers.
    • [DEVLOCK-3930] There is no control for copy text operation (Clipboard, Redirected clipboard) in Adobe Acrobat reader DC Windows 10 x86.
    • [DEVLOCK-2728] In some scenarios system may become unstable when copying many files to Removable and SMB simultaneously.
    • [DEVLOCK-2512] In rare cases Acronis Cyber Protect Agent can't be stopped.
    • [DEVLOCK-3717] Automatic internal/external destination detection for HTTP within a domain with hostname access does not work correctly (detected as External).
    • [DEVLOCK-4481] Google Chrome does not start with DLP Agent installed.
    • [DEVLOCK-4235] No file sharing control if uploading files via api using python.
    • [DEVLOCK-4028] There is no control for the group chats in Zoom desktop agent.
    • [DEVLOCK-4070] The USB allowlist not working on a physical MacBook computer (applies to Device control module on macOS).
    • [DEVLOCK-4117] HID Bluetooth devices denied by service when "Bluetooth HID" checked in the Device types allowlist (applies to Device control module on Windows computers).
    • [DEVLOCK-4451] HTTP Communication error while a client software on a computer with the Advanced DLP agent tries to connect to the Sage database.
    • [DEVLOCK-4016] Sender's friendly name and ID are not captured for GMX Web Mail in case of an email draft creation.
    • [DEVLOCK-4447] No Justification dialog is presented to the sender for Naver WebMail in case of an email draft creation.
    • [DEVLOCK-4025] Recipient's friendly name and ID are not captured for ICQ desktop agent (applies to Windows 10 x86).
    • [DEVLOCK-4045] Sender's friendly name and ID are not captured for Mail.

Management Portal and Platform Core

  • The read-only role is available for selection while customer tenant is in Cyber Backup - Standard and Cyber Protect - Standard editions, yet it should not be due to licensing limitations.
  • [ABR-136810] An unclear error is shown if a destination tenant was not found while moving a tenant.
  • [ABR-136694] The "Bad request" message appears if a large number is specified for the Storage quota.
  • [ABR-203902] The error message "The number of registered and deleted storage registrations exceeds 50" is shown during storage re-registration.
  • [ABR-203243] Logout is done correctly while a user is logged in via a branded URL; however, logout is not done for a non-branded URL.
  • [ABR-173628] Active Directory Connector - mapping is not saved when one or more Distinguished Names (DNs) are invalid.
  • [ABR-131711] Lack of salutation text in the "Quota exceeded" email notification.
  • [PLTFRM-2340] The "Tenant was moved" audit event description shows tenant IDs instead of names.
  • [PLTFRM-18229] Improve the error message for the RPC GetRedirect method, in case a customer has no storage.