Skip to main content

Acronis Active Protection and Adobe Premiere Pro ransomware detection

Thread solved
Beginner
Posts: 2
Comments: 2

hello

I use Acronis True Image 2019 for backup/recovery, and it includes Acronis Active Protection. When i started Premiere Pro (v 13.0) today a warning from the Active Protection popped up, and it paused the start up of Premiere Pro. The warning said 'Possible ransomware detected'  and 'Acronis Active Protection paused the program that modified your files.File content has been changed by using a known suspicious pattern'. it listed 7 affected files:

 

\Settings\EssentialSound\Default\sfx\(Config).essentialsound

\Settings\EssentialSound\Default\music\(Config).essentialsound

\Settings\EssentialSound\Default\generic\(Config).essentialsound

\Settings\EssentialSound\Default\ambience\(Config).essentialsound

\AppData\Roaming\Adobe\PremierePro\13.0\DebugDatabase.txt

\AppData\Local\Adobe\OOBE\opm.db

 

The Active Protection dialogue gives me 2 options:

Trust. This program will be added to the whitelist

Block: This program will be added to the blacklist and affected files will be recovered.

 

Has anybody else experienced this issue? What is your advice about the 2 options?

 

thanks very much

Bill

0 Users found this helpful
Legend
Posts: 105
Comments: 24728

Bill, welcome to these public User Forums.

If you are happy that the items found / highlighted by Acronis Active Protection are all good, valid parts of your Adobe application, then you should click on the option to Trust these files.

AAP tries to detect potential ransomware but needs guidance at time when it encounters new applications.

See KB 60193: Acronis True Image 2018 and 2019: Active Protection blocks legitimate applications - for more information.

Beginner
Posts: 2
Comments: 2

Thanks Steve!

Beginner
Posts: 0
Comments: 2

This is the most absurd response I have heard from a company that provides security software. It is your job to determine if the software is ransomware it is not the customer's job.  If we could determine what was ransomware we would not need your software!  Update your frigging signatures or your whitelists Adobe is one of the largest and most successful software publishers I am getting tons alerts from adobe json files are they infected or not!

HOW ARE WE SUPPOSE TO DETERMINE THE SOFTWARE IS RANSOMWARE BEFORE WE LOOSE ALL OUR DATA!

Forum Star
Posts: 186
Comments: 4219

Paul, I understand your annoyance. Unfortunately, I suspect the issue is rather complex - how do you deal with the possibility that someone has reengineered the executable to contain malware but spoofs the signature of the legitimate version. It may be possible to develop a Wizard that goes through the common programs and asks "Did you install this program from a legitimate source".

May I suggest that you make in app feedback (it is oddly under help) outlining your concerns.

Ian

Beginner
Posts: 0
Comments: 2

 Your comment doesn’t make sense.  From what you are saying I understand it to mean that it’s impossible to make any type of scanner that can differentiate legitimate software from modified malware.  There are many techniques used to detect malware it’s true none are 100% and they all require active ongoing updates by their respective publishers.  But by using signatures, heuristic scanning and other techniques they are very effective. The fact Acronis told me to  exclude the files without asking me to send samples and doing an analysis means they have no interest in protecting their customer and properly maintaining a viable product.  Their product is a joke and should be taken off the market.

Forum Moderator
Posts: 186
Comments: 6067

Hello Paul,

we'll be grateful for an opportunity to investigate this issue and find the reason of the false positive detection. Would you mind sending us the samples of the flagged executables and Acronis system report from the machine in question? Acronis system report with logs can be sent via Feedback option in the product https://kb.acronis.com/content/57216 and for samples I can send you an FTP link for upload. Thank you! 

Beginner
Posts: 0
Comments: 1

I just started having this same problem a few weeks ago and it annoys the hell out of me. It's turned me from a happy Acronis user to a very unhappy one because my options seem to be suffering through repeated interruptions of my work (not to mention frequent forced reboots when the "protection" causes the entire computer to freeze up); the other option is to turn off the protection altogether. But if I'm going to turn off the protection, why even have it.

I assume Acronis is well-intentioned...but I would prefer that they stick with backup-related things and let the folks who are experts in security-related things do that.

At the moment, I am not inclined to renew my Acronis license - I need to use my computer, not trouble-shoot non-existent problems that none of my other security applications are concerned about.

Beginner
Posts: 5
Comments: 9

I am having problems with this Acronis ransomware also. It has shut down my machine abnormally twice. Screenshot of the options I am presented will be attached. There is no option as best I can tell to "trust" these files per Steve's comment above. When I try and get past the message, it abnormally terminates my machine and all applications.

If anyone has a solution, please let me know.

I also would go with an option to just turn off the ransomware stuff ... I bought Acronis and use it for backup. Feel free to sell a ransomware add on if you like, but I need the backup to work and giving me the screen of death is causing a loss of work. At least, for now, I know to shut everything down before trying to get out of this.

Just FYI, this is also showing up on the Adobe forums.

Cheers

- Pete

Attachment Size
576353-249096.jpg 107.68 KB
Legend
Posts: 105
Comments: 24728

Pete, I would strongly recommend all users seeing these issues with the new Acronis Cyber Protect features to open support cases direct with Acronis so that they know what issues users are seeing and can take some actions to resolve them!  I doubt that any of the actual Acronis developers are looking at these forums - it is rare to see anyone from Acronis visiting here, let alone contributing!  At a minimum Feedback should be submitted for the issues!