Acronis Protection Updater active when Protection permanently off!

Steve, I think this is just another manifestation of what I've been saying here... ATI is checking for protection updates every five minutes regardless of whether protection is on or off.

I have tried to disable the internal tasks that do these checks, but if I do so and reboot ATI will just recreate them. I have not yet found a way to reliably kill these things and make it stick.

The best I've found is to just change the five minute interval to something much longer. Not a solution, but at least it can lessen the impact.

Meanwhile, I will stick with ATI 2019 on my important systems.

Bruno, I am seeing C:\Program Files (x86)\Acronis\Agent\bin\updater.exe active full time not just every 5 minutes and this .exe is not listed in Schedule Manager.

The schedule manager entries are:

C:\Program Files (x86)\Acronis\Agent\bin\adp-rest-util.exe post /av/check-update
C:\Program Files (x86)\Acronis\Agent\bin\adp-rest-util.exe post /components/check-update
C:\Program Files (x86)\Acronis\TrueImageHome\prl_stat.exe for_scheduler
C:\Program Files (x86)\Acronis\TrueImageHome\ga_antimalware_gatherer.exe
C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe

Procmon shows very large numbers of entries for update.exe

The key issue here is that Protection is 'stopped permanently'! So why is this update activity active?

Steve, it's worse than I thought. I just ran ProcMon on my system in which I'd changed the 5 minute task to only run once a day. But I'm still seeing what you have, running every minute. I see a lot of logging so take a look at the Active Core Managers logs.

I don't know who starts updater.exe but I suspect it might be the /av/check-update task (indirectly).

Regardless, the point we've been trying to make is that if protection is turned off... turn it OFF!

Steve and Bruno,

I agree with your findings.

I have 2 important Desktop and One Laptop I use and ... here comes the kicker...  I use TIH2016 on all three.

I do not schedule nor do I use cloning.  TIH2016 has performed perfectly for me since day one...and believe me, it has been tested over and over with file, system and disk recoveries with my Win10/64 systems.

I am not in favor of forcing any kind of A/V or Malware programs being run against my wishes so I do not use 2020 or 2021 with anything important.

Steve F.

Here are screenshots of Process Monitor Activity Summary and Process Timeline of the updater.exe.  

There is a lot going on but total resource usage is not over the top. 

These were taken on my 7 year old laptop just upgraded to latest version of TI 2021 with all protection off except Ransomware and Cryptomining protection (default installation)

Bob, the issue is not about the resource usage but the fact that Protection is said to be permanently off and yet is running update activities!

Within the PROTECTION screen (interface) there is also a SETTINGS button which seems to allow one to turn the malware protection on or off despite the protection being disabled.

One would think it would be greyed out

If Protection is turned off permanently (as shown in my earlier image) then there is no Settings button.  This is a change since updating to build 32010.

Steve, 

So you are saying that you expect no a activity from the update service if Cyber Protect is off even though the service may deliver updates to other product features?

I admit that activity appears excessive but if the majority are say connection verification with the cloud then I ask is that not expected?

It would be nice to know what exactly the updater is doing I suppose but does it really matter?

Bob, the process is described as mentioned above quoting from KB 65464 which describes this process as:

If I have Protection turned off permanently, why should I need any protection updates for a non active feature?

Steve, 

I cannot definitely answer this question however, I would be surprised if the only function it has is to check for antivirus updates.  It would be more logical that the updater performed all update functions.

I have noticed for example, when TI version updates are available I get a notification of that about 5 minutes after PC startup suggesting that the updater has run on schedule and found an update. 

Maybe running every 5 minutes is excessive, maybe not.  Case in point, my current protection product checks for updates on e per day.  When this happens it takes several minutes to run through the process and download and install any updates which is always the case.  If this app checked more frequently the process would be shorter. 

I believe that if the protection is turned off, Ati should not check for updates every few minutes. 
@Ekaterina, can you possibly bring us some clarification ? 

Fully agree!  If I am using ATI 2021 with all Protection permanently stopped then there should be no need for any updating going on!  In essence, I have an idle Backup & Recovery application installed with no Acronis antiransomware or antivirus activity enabled.

So then you are saying an updater  service running within an application ATI or otherwise should not function except when manually invoked by the user?

Bob, there is a key difference here:  Updater.exe is clearly described in the Acronis KB as having the function: Manages protection updates.

I have no issue with ATI doing other checks for updates to the application itself, but even this should only run at defined intervals such as 'on launch' of the GUI or once a day.  Updater.exe is running continually all the time that Windows is active regardless of Protection being turned off permanently!  I understand that there may be minimal resource usage but this is still an unnecessary function when Protection is supposedly disabled!

It seems to me that Acronis is loosing sight of what is expected to be their main objective for TIH.

TIH is backup and restore software first and foremost. To me, that means TIH should strive to be "Rock Solid" in their core functions of backup and restore.

  By watching the forums over the past decade, that does not seem to be the case anymore.  Every year it seems that more backup/restore issues arise and are now complicated with the addition of malware and/or built-in protection software.  

I feel that Acronis would have been better served if they marketed their protection software as a totally separate product that was compatible with TIH but not dependent on it.

Steve F.

Perdido Beach wrote:

I feel that Acronis would have been better served if they marketed their protection software as a totally separate product that was compatible with TIH but not dependent on it.

Fully agree Steve F!

In ATI 2018 topic here: Ekaterina wrote:

The services active_protection_service.exe and cyber-protect-service.exe specifically are always installed together with the agent. We do have an incoming feature request to exclude Antimalware components from being installed (internal ID for reference RM-1409 Allow Agent installation without Antimalware components). I've added your feedback as a vote for this change, thank you!

I have asked for my vote to be added to this incoming feature request too!

As for anti-anything - check out the price for Bitdefender. 15 devices for 2 years for $69. I had a current 5 device subscription, challenged their renewal price, and got this as a price match. Why Acronis chooses to compete with an industry standard is beyond me.  https://downloadcrewstore.co.uk/p35659-bitdefender_family_pack_2021_15-…   Wonder if Acronis would give us 15 devices for two years for $69?

Anthony, I have not paid for any antivirus software in more than 10 years and would not pay for this new Cyber Protect either other than it being gifted to me as an Acronis MVP.

I am more than happy using Windows Defender integrated into Windows 10 and have not had any virus infections etc.

I would just like ATI 2021 to be focussed purely on Backup, Recovery, Clone and to do these functions as the 'best in industry' instead of allowing them to suffer more bugs due to the focus being side-tracked into a completely different industry direction!

Acronis should launch a separate Cyber Protect application with all the features of any well established security suite along with full integration with their other applications for those users who want to have these features.  The customer should be the one to decide this, not the Acronis Marketing team who are driving customers away to their competitors like Macrium, Easeus etc.

Perdido Beach wrote:

It seems to me that Acronis is loosing sight of what is expected to be their main objective for TIH.

TIH is backup and restore software first and foremost. To me, that means TIH should strive to be "Rock Solid" in their core functions of backup and restore.

  By watching the forums over the past decade, that does not seem to be the case anymore.  Every year it seems that more backup/restore issues arise and are now complicated with the addition of malware and/or built-in protection software.  

I feel that Acronis would have been better served if they marketed their protection software as a totally separate product that was compatible with TIH but not dependent on it.

Steve F.

+1