Active Protection policy

Active Protection policy is a security policy that provides a real-time protection against ransomware and cryptocurrency mining malware.

Note

In Cyber Backup Standard Edition, Active Protection policy is a separate policy of the protection plan. In all other editions, it is a part of the Antivirus and Antimalware protection policy.

For more information on the Active Protection functionality, refer to https://www.acronis.com/en-us/support/documentation/CyberProtectionService/index.html#40173

The following example can be used when creating a protection plan with this protection policy:

Policy example

 1{
 2    # Put a unique ID of the policy here.
 3    "id": "",
 4    # Active Protection policy type is 'policy.security.active_protection'
 5    'type': 'policy.security.active_protection',
 6    'parent_ids': [
 7        # Put the ID of total protection policy here.
 8    ],
 9    'origin': 'upstream',
10    'enabled': True,
11    'settings_schema': '2.0',
12    'settings': {
13        'backup_protection_whitelist': [],
14        'backup_protection_whitelist_enabled': False,
15        # Specify connections that will be allowed to modify any data.
16        'connection_whitelist': [],
17        # Specify connections that will not be able to modify data.
18        'connection_blacklist': [],
19        # This option protects against cryptomining malware to prevent unsanctioned using of computer resources.
20        'cryptomining_protection_enabled': True,
21        # An action to execute when cryptomining malware is detected. 'ALERT_TERMINATE' means that the cryptomining process will be terminated and notification will be shown.
22        'cryptomining_action_on_detection': 'ALERT_TERMINATE',
23        # This option defines whether Antivirus & Antimalware protection protects network folders that are mapped as local drives. The protection applies to folders shared via SMB or NFS protocols.
24        'network_client_protection_enabled': True,
25        # Files restored by using the 'Revert using cache' operation will be saved to the following local folder.
26        'network_client_protection_restore_path': 'C:\\ProgramData\\Acronis\\Restored Network Files',
27        # This option defines whether Antivirus & Antimalware protection protects network folders that are shared by you from the external incoming connections from other servers in the network that may potentially bring threats.
28        'network_server_protection_enabled': False,
29        # Set to true to enable password protection.
30        'password_protection_enabled': False,
31        # Specify processes that will never be considered malware. Processes signed by Microsoft are always trusted.
32        'process_whitelist': [],
33        # Specify processes that will be always blocked.
34        'process_blacklist': [],
35        # Set to true to enable ransomware protection
36        'ransomware_protection_enabled': True,
37        # An action to execute when ransomware is detected. 'ALERT_TERMINATE_RECOVER' means that the ransomware process will be terminated, a notification will be sent and the files will be restored using cache.
38        'ransomware_action_on_detection': 'ALERT_TERMINATE_RECOVER',
39        # Set to true to prevent unauthorized changes to the software's own processes, registry records, executable and configuration files, and backups located in local folders.
40        'self_defense_enabled': True,
41        # A list of files that are excluded from monitoring.
42        'unmonitored_filelist': []
43    }
44}