Active Protection

Active Protection protects your system from malicious software known as ransomware that encrypts files and demands a ransom for the encryption key.

The availability of this feature depends on the service quotas that are enabled for your account.

Default setting: Enabled.

Active Protection is enabled by default if the Advanced Security + XDR pack is enabled (from C24.11, Active Protection is included as part of the Advanced Security + XDR pack).

A protection agent must be installed on the protected machine. For more information about the supported operating systems and features, see Supported operating systems for antivirus and antimalware protection.

To configure Active Protection

  1. In the Create protection plan window, expand the Antivirus & Antimalware protection module.
  2. Click Active Protection.
  3. In the Action on detection section, select one of the available options:
    • Notify only—The software generates an alert about the process suspected of ransomware activity.
    • Stop the process—The software generates an alert and stops the process suspected of ransomware activity.
    • Revert using cache—The software generates an alert, stops the process, and reverts the file changes by using the service cache.

    Default setting: Revert using cache

  4. Click Done to apply the selected options to your protection plan.