1{
2 # Put a unique ID of the policy here.
3 "id": "",
4 # Active Protection policy type is 'policy.security.active_protection'
5 'type': 'policy.security.active_protection',
6 'parent_ids': [
7 # Put the ID of total protection policy here.
8 ],
9 'origin': 'upstream',
10 'enabled': True,
11 'settings_schema': '2.0',
12 'settings': {
13 'backup_protection_whitelist': [],
14 'backup_protection_whitelist_enabled': False,
15 # Specify connections that will be allowed to modify any data.
16 'connection_whitelist': [],
17 # Specify connections that will not be able to modify data.
18 'connection_blacklist': [],
19 # This option protects against cryptomining malware to prevent unsanctioned using of computer resources.
20 'cryptomining_protection_enabled': True,
21 # An action to execute when cryptomining malware is detected. 'ALERT_TERMINATE' means that the cryptomining process will be terminated and notification will be shown.
22 'cryptomining_action_on_detection': 'ALERT_TERMINATE',
23 # This option defines whether Antivirus & Antimalware protection protects network folders that are mapped as local drives. The protection applies to folders shared via SMB or NFS protocols.
24 'network_client_protection_enabled': True,
25 # Files restored by using the 'Revert using cache' operation will be saved to the following local folder.
26 'network_client_protection_restore_path': 'C:\\ProgramData\\Acronis\\Restored Network Files',
27 # This option defines whether Antivirus & Antimalware protection protects network folders that are shared by you from the external incoming connections from other servers in the network that may potentially bring threats.
28 'network_server_protection_enabled': False,
29 # Set to true to enable password protection.
30 'password_protection_enabled': False,
31 # Specify processes that will never be considered malware. Processes signed by Microsoft are always trusted.
32 'process_whitelist': [],
33 # Specify processes that will be always blocked.
34 'process_blacklist': [],
35 # Set to true to enable ransomware protection
36 'ransomware_protection_enabled': True,
37 # An action to execute when ransomware is detected. 'ALERT_TERMINATE_RECOVER' means that the ransomware process will be terminated, a notification will be sent and the files will be restored using cache.
38 'ransomware_action_on_detection': 'ALERT_TERMINATE_RECOVER',
39 # Set to true to prevent unauthorized changes to the software's own processes, registry records, executable and configuration files, and backups located in local folders.
40 'self_defense_enabled': True,
41 # A list of files that are excluded from monitoring.
42 'unmonitored_filelist': []
43 }
44}