Active Protection is represented as a module of a protection plan if you have one of the following editions:
As Active Protection is a part of a protection plan, it can be configured differently and applied to different devices or group of devices.
For all other editions of the Cyber Protection service, Active Protection is part of the Antivirus & Antimalware protection module.
Active Protection protects a system from ransomware and cryptocurrency mining malware. Ransomware encrypts files and demands a ransom for the encryption key. Cryptomining malware performs mathematical calculations in the background, thus stealing the processing power and network traffic.
Active Protection is available for machines running Windows 7 and later, Windows Server 2008 R2 and later. Agent for Windows must be installed on the machine.
Active Protection is available for agents starting with version 12.0.4290. To update an agent, follow the instructions in "Updating agents".
How it works
Active Protection monitors processes running on the protected machine. When a third-party process tries to encrypt files or mine cryptocurrency, Active Protection generates an alert and performs additional actions, if those are specified by the configuration.
In addition, Active Protection prevents unauthorized changes to the backup software's own processes, registry records, executable and configuration files, and backups located in local folders.
To identify malicious processes, Active Protection uses behavioral heuristics. Active Protection compares the chain of actions performed by a process with the chains of events recorded in the database of malicious behavior patterns. This approach enables Active Protection to detect new malware by its typical behavior.
Active Protection settings
The Active Protection module has the following settings:
To learn more about the Active Protection settings, refer to "Antivirus & Antimalware protection settings".