Acronis Active Protection is an advanced ransomware protection technology. It actively protects all of the data on your systems – documents, data of all types, and your Acronis Backup Files. (This is currently a Windows-only feature.)
Acronis Active Protection constantly observes patterns in how data files are being changed on a system. One set of behaviors may be typical and expected. Another set of behaviors may signal a suspect process taking hostile action against files. The Acronis approach looks at these actions and compares them to with malicious behavior patterns. This approach can be exceptionally powerful in identifying ransomware attacks, even from ransomware variants that are as-yet unreported
Whitelist and blacklist
Acronis Active Protection is capable of detecting new threats based on already identified patterns as well as learned ones. Results must be adjusted to reduce false positive detection of things that really aren’t ransomware. Acronis Active Protection maintains a whitelist — programs that are allowed and expected to perform certain actions — to prevent authorized activities from being falsely tagged as unauthorized.
Self-defense of backup files
One way that criminals could choose to compromise files would be to attack the backup software itself to corrupt the backup files it creates. To protect against this, Acronis has implemented a robust self-defense mechanism that won’t let criminals disrupt the work of the Acronis application or backup file content.
Additionally, Acronis Active Protection monitors the Master Boot Record of Windows-based computers. It won’t let any illegitimate changes to be made to prevent you from being able to properly boot your computer.