Active Protection policy

Active Protection policy is a security policy that provides a real-time protection against ransomware and cryptocurrency mining malware.

Note

In Cyber Backup Standard Edition, Active Protection policy is a separate policy of the protection plan. In all other editions, it is a part of the Antivirus and Antimalware protection policy.

For more information on the Active Protection functionality, see this section of the Acronis Cyber Protection User Guide.

The following example can be used when creating a protection plan with this protection policy:

Policy example

 1{
 2    # Put a unique ID of the policy here.
 3    "id": "",
 4    # Active Protection policy type is 'policy.security.active_protection'
 5    'type': 'policy.security.active_protection',
 6    'parent_ids': [
 7        # Put the ID of total protection policy here.
 8    ],
 9    'origin': 'upstream',
10    'enabled': True,
11    'settings_schema': '2.0',
12    'settings': {
13        'backup_protection_whitelist': [],
14        'backup_protection_whitelist_enabled': False,
15        # Specify connections that will be allowed to modify any data.
16        'connection_whitelist': [],
17        # Specify connections that will not be able to modify data.
18        'connection_blacklist': [],
19        # This option protects against cryptomining malware to prevent unsanctioned using of computer resources.
20        'cryptomining_protection_enabled': True,
21        # An action to execute when cryptomining malware is detected. 'ALERT_TERMINATE' means that the cryptomining process will be terminated and notification will be shown.
22        'cryptomining_action_on_detection': 'ALERT_TERMINATE',
23        # This option defines whether Antivirus & Antimalware protection protects network folders that are mapped as local drives. The protection applies to folders shared via SMB or NFS protocols.
24        'network_client_protection_enabled': True,
25        # Files restored by using the 'Revert using cache' operation will be saved to the following local folder.
26        'network_client_protection_restore_path': 'C:\\ProgramData\\Acronis\\Restored Network Files',
27        # This option defines whether Antivirus & Antimalware protection protects network folders that are shared by you from the external incoming connections from other servers in the network that may potentially bring threats.
28        'network_server_protection_enabled': False,
29        # Set to true to enable password protection.
30        'password_protection_enabled': False,
31        # Specify processes that will never be considered malware. Processes signed by Microsoft are always trusted.
32        'process_whitelist': [],
33        # Specify processes that will be always blocked.
34        'process_blacklist': [],
35        # Set to true to enable ransomware protection
36        'ransomware_protection_enabled': True,
37        # An action to execute when ransomware is detected. 'ALERT_TERMINATE_RECOVER' means that the ransomware process will be terminated, a notification will be sent and the files will be restored using cache.
38        'ransomware_action_on_detection': 'ALERT_TERMINATE_RECOVER',
39        # Set to true to prevent unauthorized changes to the software's own processes, registry records, executable and configuration files, and backups located in local folders.
40        'self_defense_enabled': True,
41        # A list of files that are excluded from monitoring.
42        'unmonitored_filelist': []
43    }
44}