Skip to main content

Where is the quarantine file located?

Thread needs solution
Beginner
Posts: 4
Comments: 11

Where is the quarantine file located for True Image Active Protection?

Also, what happens to a file that is blocked and then "restored"?

 

Further, I have "white listed" several files but there remain seeming duplicates of these files in the suspicious list.

Windows 10, 64 bit

0 Users found this helpful
Beginner
Posts: 4
Comments: 11

#1

Correction:  After restarting the program, there are no longer duplicates in the suspicious list.

However, I am unable to remove conhost.exe from the suspicious file because Active Protection cannot "see" it.  I tried entering it in manually into the "white list" to no avail.

Forum Moderator
Posts: 118
Comments: 4546

#2

Hello Kristin,

Thank you for raising this topic! 

A quarantine is created in the root folder of the partition where the attacked files were stored, for example C:\Acronis Active Protection Storage\Quarantine\.

When you place a file in the quarantine, you can still operate it as an ordinary file—move it to another location, copy, or delete it. Be aware, that Acronis True Image 2018 moves files to quarantine—it does not copy them. When you delete a file from quarantine, you delete it permanently, and it cannot be restored. If you place an application file in quarantine by mistake, you can still copy or move the file to its original location on your computer. The application will continue working normally.

However, I am unable to remove conhost.exe from the suspicious file because Active Protection cannot "see" it.  I tried entering it in manually into the "white list" to no avail.

According to the information I've found in our internal sources it's a known issue in the product's behavior. I'll discuss the status of the issue with my colleagues and get back to you once I have more details. 

Thank you,  

In reply to by Ekaterina

Beginner
Posts: 0
Comments: 3

#3

This is a major problem and Acronis should simply remove this feature completely or at the VERY least do not set it to enabled by default.

I installed Acronis True Image 2018 on a Point of Sale client yesterday and completely knocked out their ability to process credit cards.  They are still trying to recover from this fiasco.  It is nearly impossible to disable this stupid "feature."  In fact I can't be sure it is disabled so I have simply uninstalled ATI 2018 and will not install it anywhere again until I can be certain that this rogue feature is disabled.

Why would Acronis think that they should just throw in virus protection into their backup process?  Someone should lose their job over this.  I'm sure I have lost my client at this point.  They hired me to protect their data not randomly delete it!

Forum Moderator
Posts: 118
Comments: 4546

#4

Hello bdf2723,

I'm very sorry to know that your client has to cope with such difficulties. Cannot say what happened without investigation, because Acronis Active Protection doesn't delete anything on its own. The feature monitors the processes on the device it is installed on and if suspicious processes are found - informs the user. Then the user is prompted to choose, if the reported process should be blocked or added to a white list. I'd recommend raising a support ticket for this issue, so that our engineers can help.