Power User Insights are guest blogs written by advanced users who share their tips, tactics and techniques so you can get the most out of Acronis products.
Bob Huffman has used Acronis True Image for a number years and has served as a Forum MVP for the past 3+ years helping users. He brings over 30 years of experience as an enthusiast and custom computer builder with a passion for data handling and storage. The WannaCry attack in May highlighted the threat ransomware poses to computer users around the world. Yet months before that attack happened, Acronis introduced a technology that kept its customers safe. A feature of Acronis True Image 2017 New Generation (and enabled by default during installation), Acronis Active Protection™ protects your data against the threat of ransomware by identifying, isolating and defeating malicious code based on behavior patterns. Unlike other forms of malware, ransomware acts in certain ways, exhibiting specific patterns of behavior. Acronis Active Protection monitors your computer on a real-time basis, watching for those malicious patterns – and stops the offending process if those behaviors are detected. This pattern-based approach makes Acronis Active Protection exceptionally powerful in identifying ransomware attacks, even from variants that have not yet been reported. More Than Monitoring, Acronis Counter-Punches One way that criminals could try to compromise your files would be to attack Acronis True Image itself and the backup files it generates. To protect against this, Acronis has implemented a robust self-defense mechanism that won’t let criminals disrupt the work of True Image or corrupt the backup files it creates. Acronis Active Protection also monitors the Master Boot Record of Windows-based computers and stops any illegitimate changes that would prevent you from being able to properly boot your computer. If ransomware begins to encrypt files, Acronis quickly detects and halts this process – and because Acronis is a backup solution, any data that was exposed and encrypted before the process was halted can be recovered from a variety of backup sources. That’s where Acronis offers a truly unique advantage. Other anti-ransomware solutions commonly cannot stop an attack once it has started, and they have no way to recover any files encrypted by the attack. Acronis True Image with Acronis Active Protection detects, deflects, and restores files of any size! Make Sure Active Protection Is Enabled To ensure Acronis Active Protection is enabled on your system, click the “Settings” icon in the True Image interface. There you will see the options for Acronis Active Protection. The graphic above shows the default settings for Acronis Active Protection: As long as it is enabled, all data on the computer is protected against ransomware attacks. The third option you can select will automatically recover any affected files from a ransomware attack, without requiring any additional actions by you. Correcting False Positives Occasionally a harmless application on your computer might perform actions that trigger Acronis Active Protection. If that occurs, you can manage permission lists and exclusions: Simply identify the safe executable file and add it to the permissions list to instruct Acronis Active Protection to disregard future detections from that application. The exclusion list is used to identify folders and files that you do not want to provide ransomware protection for, such as files in a temporary folder. Examples of how these options work are shown below. You retain complete control over the permissions and exclusions lists, ensuring you get the best experience with Acronis Active Protection and maximum compatibility with your needs. Detecting Ransomware In the event that Acronis Active Protection detects potential ransomware activity, it immediately halts the process and alerts you through a dialog box. The offending behavior is then dealt with in an appropriate manner (as shown below).