Active Protection policy

Active Protection policy is a security policy that provides a real-time protection against ransomware and cryptocurrency mining malware.

Note

In Cyber Backup Standard Edition, Active Protection policy is a separate policy of the protection plan. In all other editions, it is a part of the Antivirus and Antimalware protection policy.

For more information on the Active Protection functionality, refer to https://www.acronis.com/en-us/support/documentation/CyberProtectionService/index.html#40173

The following example can be used when creating a protection plan with this protection policy:

Policy example

{
    # Put a unique ID of the policy here.
    "id": "",
    # Active Protection policy type is 'policy.security.active_protection'
    'type': 'policy.security.active_protection',
    'parent_ids': [
        # Put the ID of total protection policy here.
    ],
    'origin': 'upstream',
    'enabled': True,
    'settings_schema': '2.0',
    'settings': {
        'backup_protection_whitelist': [],
        'backup_protection_whitelist_enabled': False,
        # Specify connections that will be allowed to modify any data.
        'connection_whitelist': [],
        # Specify connections that will not be able to modify data.
        'connection_blacklist': [],
        # This option protects against cryptomining malware to prevent unsanctioned using of computer resources.
        'cryptomining_protection_enabled': True,
        # An action to execute when cryptomining malware is detected. 'ALERT_TERMINATE' means that the cryptomining process will be terminated and notification will be shown.
        'cryptomining_action_on_detection': 'ALERT_TERMINATE',
        # This option defines whether Antivirus & Antimalware protection protects network folders that are mapped as local drives. The protection applies to folders shared via SMB or NFS protocols.
        'network_client_protection_enabled': True,
        # Files restored by using the 'Revert using cache' operation will be saved to the following local folder.
        'network_client_protection_restore_path': 'C:\\ProgramData\\Acronis\\Restored Network Files',
        # This option defines whether Antivirus & Antimalware protection protects network folders that are shared by you from the external incoming connections from other servers in the network that may potentially bring threats.
        'network_server_protection_enabled': False,
        # Set to true to enable password protection.
        'password_protection_enabled': False,
        # Specify processes that will never be considered malware. Processes signed by Microsoft are always trusted.
        'process_whitelist': [],
        # Specify processes that will be always blocked.
        'process_blacklist': [],
        # Set to true to enable ransomware protection
        'ransomware_protection_enabled': True,
        # An action to execute when ransomware is detected. 'ALERT_TERMINATE_RECOVER' means that the ransomware process will be terminated, a notification will be sent and the files will be restored using cache.
        'ransomware_action_on_detection': 'ALERT_TERMINATE_RECOVER',
        # Set to true to prevent unauthorized changes to the software's own processes, registry records, executable and configuration files, and backups located in local folders.
        'self_defense_enabled': True,
        # A list of files that are excluded from monitoring.
        'unmonitored_filelist': []
    }
}