ATIH 2017 NG Active Protection - Connecting to the service...
I recently upgraded from ATIH 2017 build 5554 to NG build 6116 then had to disable Active Protection via the System Tray Icon option - this because of the impact on my laptop performance / potential conflict with other security applications installed.
I now find that I cannot re-enable Active Protection because when I try to access the Settings and launch the main ATIH GUI Settings page, the status of Acronis Active Protection is stuck at 'Connecting to the service...' as shown in the attached screen image.
ATIH 2017 is signed in to my Acronis Account correctly and shows the correct status on the Account page of the GUI.
The latest log file for Active Protection from today shows just as below with no obvious errors.
2017-02-02 15:50:46:257 2340 I00000000: Initializing ActiveProtection service...
2017-02-02 15:50:46:259 2340 I00000000: Snapshot drive "C:\" has 30.779GB free, out of 83.1612GB
2017-02-02 15:50:46:259 2340 I00000000: Snapshot size will be 8.31543GB
2017-02-02 15:50:46:438 2340 I00000000: Driver session (389CDDD7-26AD-492A-A9D2-A7FCA68CF16) created successfully
2017-02-02 15:50:46:458 2340 I00000000: Found fixed drive: C:\
2017-02-02 15:50:46:458 2340 I00000000: Found fixed drive: D:\
2017-02-02 15:50:46:458 2340 I00000000: Found fixed drive: E:\
2017-02-02 15:50:46:458 2340 I00000000: Found fixed drive: G:\
2017-02-02 15:50:46:459 2340 I00000000: Found fixed drive: H:\
2017-02-02 15:50:46:459 2340 I00000000: Found fixed drive: I:\
2017-02-02 15:50:46:459 2340 I00000000: Found fixed drive: K:\
Acronis Links : Acronis Scheduler Manager : Acronis VSS Doctor : Backup Archive Compatibility : Cleanup Tool (ATIH 2010-2019) : Cloning Disks : Contact Acronis Support : Difference between Backup and Disk Clone : MVP User Tools - Google Drive
Please open a New Topic in preference to sending private messages to me unless there is a compelling reason for doing so.
Acronis True Image 9.0 - 11.0, 2009 - 2019 Disk Director 12.
Windows 7, 10; (Desktops & Laptops); Dell, Lenovo, Home build;
Ubuntu 18.04 LTS
HI Steve, any chance you disabled the services as well? I had to stop/start the services and then log out of the account in the app and back in before it picked up again.
I've sinced disabled NG protection though as I have a perpetual lifetime license of MalwareBytes Pro and just realized that version 3 has malware protection built in as well.
Hi Rob, I haven't disabled any services myself unless this has happened directly as a result of stopping the Active Protection via the Settings, but I have rebooted several times since doing so. It would look to be a bug if you can stop Active Protection via the System Tray Icon but then are locked out of re-enabling it again by the same means.
I have Cybereason RansomFree installed and running hence one of the reasons I disabled AP initially, but that offers the option of being paused for one hour for when you need to do something that it might object to or interfere with, with a companion option to resume again.
I have raised Support Case # 02906384 for this problem.
Update: Checking the Services via Task Manager does show that the AcronisActiveProtectionService was in Stopped state and starting this service then changes the options shown in the System Tray icon to now give an option to 'Turn on Active Protection' which was not given before!
I am still concerned that this is not being handled within the ATIH application as we should not need users to have to manually start required Acronis Services such as this.
Agreed, if it's not starting the service on it's a own, that is a problem. My scenario was self inflicted as I specifically shut off the services after disabling system protection. Prior to implementing malwarebytes ramsonware protection, I had tested turning NG protection off and on throught the app without disabling the service, and didn't see any issues there though (that I remember). These services were added to the stop/start services scripts on the MVP Drive share though so was wondering if maybe you had grabbed and run the more current version which could have stopped those services from there.
Definitely worth testing to turn it off and on win the app now and see if the service remains stopped or not somewhere along the way.
Rob, I turned on Active Protection and found my system performance hit again with the CPU at 100% and an argument going on between AP and my Cybereason RansomFree, Comodo Internet Security, so I turned if off again to get back to normal CPU levels.
At this point the AcronisActiveProtectionService was still Active / Running as shown in Windows Task Manager on the Services page and there was the option in the System Tray icon to Turn on Active Protection as expected.
I then shutdown everything and did a Restart and after doing so am back to the same issue again where the System Tray icon no longer offers the option to Turn on AP and Windows Task Manager shows the AcronisActiveProtectionService as being Stopped.
Have a look at the Anti Ransomware log file using the new Log File Viewer. It is a huge log but within it is a list of installed apps that can be Trusted. My installed security suite is notated as a trusted app in this list and I suffer none of the effects you note. I did not add the security suite to the Active Protection white list. Apparently that was done automatically during the 2017NG installation.
If your security apps are not listed here then conflict is going to occur I would think and cause the issues you note. Not sure how the Active Protection looks for other securtiy software but whatever the process it must be a short list of apps or possibly other process capability needs to be included in the filter or whatever is used to determine trusted applications.
The list of trusted apps is very long on my install and I have a fairly small number of apps installed, makes me wonder how long the list would be for an average machine.
I have a network printer utility installed on the same machine as 2017NG and had trouble printing. Looking through the log viewer at the Anti Ransomware log I found that the .exe file for the print utility had been marked as "not trusted". Once I added that to the white list as trusted the printing problems went away.
Bob, the performance / max CPU issue is somewhat of a separate point with regard to this topic, as the key issue I was reporting was that I could no longer turn on Acronis Active Protection from within the ATIH GUI Settings page or from the System Tray icon option as these options are not available due to the Service for this function being in a Stopped state following a restart or shutdown/start on my Windows 10 system. This despite the service being set correctly to 'Automatic'.
A scan of the AntiRansomware log file gives me the following 'not trusted' entries on this same system.
Line 153: 2017-02-02 18:32:57:990 2488 I00000000: Setting the trust status of [29 (internal), 2296 (system-wide), "C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe"] to 'not trusted': success
Line 271: 2017-02-02 18:33:08:104 2488 I00000000: Setting the trust status of [59 (internal), 5612 (system-wide), "C:\Program Files (x86)\Moo0\SystemMonitor 1.76\SystemMonitor.exe"] to 'not trusted': success
Line 370: 2017-02-02 18:33:15:963 2488 I00000000: Setting the trust status of [83 (internal), 9136 (system-wide), "C:\PNotes\PNotes.exe"] to 'not trusted': success
Line 9655: 2017-02-02 18:57:24:381 2488 I00000000: Setting the trust status of [180 (internal), 11308 (system-wide), "C:\Windows\System32\rundll32.exe"] to 'not trusted': success
Line 14796: 2017-02-02 19:18:01:127 12176 I00000000: Setting the trust status of [253 (internal), 11956 (system-wide), "C:\Program Files\LibreOffice 5\program\soffice.bin"] to 'not trusted': success
Line 18276: 2017-02-02 19:32:16:982 12176 I00000000: Setting the trust status of [274 (internal), 8004 (system-wide), "C:\Windows\System32\rundll32.exe"] to 'not trusted': success
Perhaps the most alarming of these is the last one though the other entries are a concern too!
I think you certainly have a number of concerns showing in your log file. I certainly do not see anything like that in my log files.
Below I am pasting the one item I found in my log that showed my network print driver as "not trusted" which did cause any print jobs sent to that printer to fail.
2017-02-02 12:52:05:889 8912 I00000000: Verification of "C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe" by embedded certificate: no signature (No signature was present in the subject. (Win32 error code = 2148204800)) (-2146762496)
2017-02-02 12:52:05:905 8912 W00000000: Couldn't retrieve file information of "C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe": The specified resource type cannot be found in the image file. (Win32 error code = 1813)
2017-02-02 12:52:05:905 8912 I00000000: "C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe" can't be trusted
2017-02-02 12:52:05:905 8912 I00000000: Setting the trust status of [46 (internal), 3124 (system-wide), "C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe"] to 'not trusted': success
Below I am pasting what the log shows after I white listed the print driver .exe file in Active Protection which did clear up the print problems on the system.
2017-02-03 13:31:15:815 4108 I00000000: [driver] Process [41 (internal), 2944 (system-wide), "C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe"] has started
2017-02-03 13:31:15:831 4108 I00000000: Verification of "C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe" by embedded certificate: success (0)
2017-02-03 13:31:15:831 4108 I00000000: "C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe" can be trusted
As you can see Active Protection found this .exe file as unsigned as it appears to me and therefore placed the file in a non trusted state. After white listing that all changed presumably due to adminstrator override allowance of the executable.
Have you looked at Windows error logs to see if you could spot some of the same things you see in the log file? Possibly there is another underlying problem on your system, corrupt of missing system files perhaps, that are contributing to the issue? I know that further into the log there are a good number of Reg key checks, may be worth the effort to look there as well for related or even other indicators of system issues.
Bob, I have white listed the items indicated in the log file along with a couple more items related to my security programs and CPU usage is back to normal again with both Active Protection and Cybereason RansomFree plus Comodo Internet Security all enabled and active.
I will keep an eye on the log files and see if anything else shows up but see no other evidence of any problems on this system - the only significant change is the installation of New Generation with Active Protection.
Gald to hear you got your machine back on track! Funny why you had those rundll problems. Were you able to discover what process they were associated with? Just looking at the log possibly Libre Office at fault?
Anyway, glad you got it sorted, not sure what to think about other users with these performance and apparent posssible bug issues though!
Bob, I will probably need to play more with that particular system with NG and Active Protection including reviewing the logs.
Not sure why AP picked on LibreOffice as I do not remember even using that around that time, so it must be scanning all the installed programs to pick up on that?
As you say, how the average non-technical user will fare if faced with CPU turning every action into 'treacle mode' is a concern - we have already seen quite a few posts about poor performance even before AP was introduced with New Gen.
An update on the original issue I reported in this topic: Acronis Active Protection stuck at 'Connecting to the service...'
I initially thought that this might be being caused by having Cybereason RansomFree installed but the problem continued after uninstalling this and was tracked down to the AcronisActiveProtectionService being in Stopped state even though Active Protection was turned on and the service set to Automatic.
I changed the AcronisActiveProtectionService from Automatic to Automatic (delayed) then tested this by restarting the computer and found that the service did run correctly after the restart and I no longer get the 'Connecting to the service...' status shown on the ATIH 2017 NG Settings page.
That's great! Looks like you've got it figured out. Interesting the time delay to start, definitely worth knowing that worked though.
I am confident that Active Protection does scan all Windows applications, in fact you can turn that off in the settings for the app.
I think it best that users report any issues they have to the support staff for investigation. There are workarounds obviously for some issues and white listing will be the remedy for some app conflicts but others like yours not starting correctly need investigation.
Did a Google search for this very issue and found this thread...
Was experiencing the very same issue as the OP, with the difference that the service was actually running in my case, just that Acronis TIH was unable to connect to it, and the taskbar icon was greyed out. I'd disabled the addon since it was preventing me from copying a backup archive set to a removable drive manually.
Also, like the OP, had tried restarting the computer to see if it would resolve the issue.
I managed to get Acronis TIH to successfully 'connect' to the service by opening Windows services, stopping then restarting the service for active protection (Acronis Active Protection (TM) Service) manually via the services GUI.
Have not changed the start type at this stage as it's now working again, but would like to note that in my case, my installed AV (McAfee + Intel TrueKey) was not automatically whitelisted.
Dan, (as the OP) I have not had any further issues with Acronis Active Protection since raising this topic and changing the service start to Automatic (Delayed start).
This feature of ATIH 2017 was only introduced on this version with the New Generation Premium product, so I suspect it is still undergoing active development, especially in the light of the recent worldwide ransomware attacks.
Happy that you've found a solution Steve.
TBH the only reason I posted, was to alert others (and maybe Acronis) that your issue was not unique.
I'm not going to start hacking service start priorities on my system as I've attempted this before with other services and had less than desirable 'knock-on' effects unrelated to the issue I was attempting to fix by delaying said service in the first place. Secondly, the operation I was attempting to complete has now been done, and I won't be needing to repeat it in the near term, so I'm leaving well alone.
If Acronis themselves decide to make changes to the service start priority, that is of course their perogative.
Since I have posted here to alert any Acronis employees who 'may' be monitoring this thread, I have achieved what I set out to do, and will be making no further comment.
I am having this issue with 2018, lates build. I only noticed it because I heard my CPU and case fans whirring for an extended period, and checked HWmonitor only to see my CPU pegged at 4.2GHz, maximum Turbo for the i7-6700K.
Had to kill the little bastard process in task manager. I enabled it earlier today when making a PE flash drive.
Paul, this is a known issue with ATIH 2018 as documented in forum topic: Active Protection Won't Turn On in Build 9660 and circumvention given in KB 60469: Acronis True Image 2018: Active Protection toggle turns off automatically if an empty card reader is connected plus also by simply leaving a spare SD card inserted in the card reader.