Active Protection is useless
This is how useful (useless) the Active Protection feature in True Image 2021 is.
June 18, 2021
True Image 2021 was installed.
"Vulnerability assessment" was turned on.
"Antiransomware Protection" was turned on.
August 16, 2021
New vulnerabilities detected in applications: Windows 10
Notification panel says: "27 new vulnerabilities detected"
In Windows?... I highly doubt it. This PC is barely used at all. True Image 2021 is not even used for backup. I never had the time to set up backup on it.
August 19, 2021
I notice the notification blabbing about vulnerabilities, so I open True Image to see what was detected. The "Protection exclusions" box is empty, and "Quarantine" box is empty. There are no quarantines items. The log just states that the vulnerabilities were detected in Windows 10.
I don't know what this means, but I know I did recently run some Windows updates and upgrades on this PC. As I said, it's barely used at all, so it was falling behind on updates. Perhaps in some way, True Image was reacting to this or the files that Windows had downloaded as part of the update. It gives me no way of knowing, other than saying that the problem was Windows 10. That's like saying nothing at all.
I would much rather not have this "feature" in a backup program at all.
It screams "wolf!" and makes people jumpy when there is nothing to worry about. I have more confidence in my Windows 10 installation and its built in security features than this "active protection" invention.
Is that what this is?...
That's assuming your assertion is true. Is there no way of telling beyond reasonable doubt what is and what isn't treated as a vulnerability by True Image?
I know my PC had fallen behind on updates, but not as many as 27, I really doubt that. It was still running a supported version of Windows 10 with relatively recent updates added. At most I would estimate it was 8 updates behind. At most!
Just listing "Windows 10" doesn't tell me much. That's like just saying "you have a problem with your PC". And no action is taken? It doesn't say how it has dealt with these vulnerabilities. And since I am kept out of the loop, I can't take any actions of my own since I don't know what the problem is. But apparently, whatever it was, the problem no longer exists (or I am left to believe that) because the subsequent scans are all green.
Samir, if you take a closer look at the 27 vulnerabilities you are most likely going to see that Acronis are listing every CVE known for some particular programs rather than just highlighting that that program has X number of known issues fixed by a later version!
This behaviour made me turn off the vulnerability scan feature in ATI 2021 soon after it was introduced!
How can I know more about these 27 vulnerabilities? I would like to see what True Image has found, even if turns out to be nothing to worry about, like number of missing Windows updates (I have updated to the latest version since).
The "Protection" overview and "Vulnerability assessment" view reveals nothing. It ran last time today and said "there are no vulnerabilities found".
I can't click on "Last scan" to change the date to see what it had found on 16 August, on the eventful day when it reportedly found 27 vulnerabilities. I'm assuming Active Protection has no memory of what happened yesterday, let alone what happened three days ago. Maybe this is a premium feature ("advanced protection") I don't have access to? I would expect of any serious security software to let me go back in time and review things with great level of detail.
Enchantech wrote:
So the second link is to a blog post from 10 September 2020 which is basically a sales pitch for Acronis Cyber Protect. The first link is to a blog post published 24 November 2020 in which Acronis is basically saying that the "vulnerability assessment tool" of Acronis Cyber Protect is now made available in True Image.
Is that what I'm supposed to learn from these links?
Quote from the first link:
The new vulnerability assessment tool and enhanced ransomware engine are both included in all editions of Acronis True Image 2021, the personal solution in the Acronis Cyber Protect family of products. The advanced antimalware capabilities are included with Advanced and Premium licenses, and offered as a three-month trial with Standard and Essential licenses.
I don't understand what they are saying by "the advanced antimalware capabilities are included with Advanced and Premium licenses". They said "vulnerability assessment tool and enhanced ransomware engine are both included in all editions of Acronis True Image 2021". Are they not contradicting themselves now? It seems a lot like FUD to me.
I still don't know what those "27 new vulnerabilities detected" accounts for. What is there that's not patched, or wasn't patched at the time, that this software is or was yelling about? Is this not possible to know? This CVE number or whatever it is only serves to cause panic and hysteria or what? Why does it not keep a detailed history of these detections? Any good software would keep a log of such events if it's something important that's worth logging.
Samir, I don't have an image to post now, but on my system I saw a lot of vulnerabilities and most of them were old Java runtime engines and the old Adobe Flash stuff. These two accounted for many individual vulnerabilities as there were many CVE numbers for them. So one fix or update can eliminate a whole series of listed vulnerabilities.
I was interested to find where the information about them is stored, but I don't have a lot of time right now to pursue it.
Samir, the image below is an example from my PC of last November when it warned me of dozens of vulnerabilities which were all down to Mozilla Thunderbird being downlevel!
You would just need to click on the 'Detected vulnerabilities' link on the Protection page but this only shows the latest scan results.
I turned this feature off after that November scan and regularly update all my apps etc myself using a mix of tools including running 'winget upgrade --all' in Powershell, so running the vulnerability scan again today found no issues and the report is now blank!
This is all very interesting. So there is no way telling what happened in the past? Unless you catch it in the act so to speak, you can't go back later and review what that was all about?
Is 27 CVE/Vulnerabilities a high number? Am I on the low end or high end of the scale? What's the highest number you have observed?
Unlike WinGet, it looks like True Image can't do anything to address these vulnerabilities. Other than yell out a number and then explain that you need to manually go and install updates to whatever software it found to be vulnerable? So it's just there to inform you? Can we get the same functionality from a reputable antivirus software vendor?
The lack of update management tools for third party software applications may be the biggest security flaw in Windows right now. Microsoft can automate Windows updates and its own software such as Office, but they can't do anything about third party software applications. Each of those usually have their own update function, which may or may not update automatically. I believe this is why they have invented the WinGet package manager, but it's still very much work in progress and far from perfect.
I have 67 new detection and nothing in Acronis after running the scan the issue has been like that since i updated to 2021. I keep my computer and programs up to date regularly.
B C, welcome to these public User Forums.
What does the Detected Vulnerabilities panel show for the 67 items detected?
Does it really matter what vulnerabilities you had in the past, if you don't have any now? I'm happy that it doesn't automaticly takes action. I don't want some critical application I use to be broken out of the blue. This way I can choose how the handle the vulnerability (remove, update, accept risk)
They never show what they are when scanned "There are no vulnerabilities found" but show in notification that 67 found.
Sorry but can you post a screen shot showing where you are seeing the notification of 67 vulnerabilities found?
Steve Smith wrote:Sorry but can you post a screen shot showing where you are seeing the notification of 67 vulnerabilities found?
I guess it's one of those notifications that appear in the bottom right corner in Windows. I don't remember exactly if True Image is using the notification panel in Windows 10 (then it's like any other app notification in Windows 10) or if it's using it's own panel for this. What I do remember is that when I opened True Image the last time I encountered this I did not see anything in "Quarantine" or in "Detected vulnerabilities".
Péter Szatmári wrote:Does it really matter what vulnerabilities you had in the past, if you don't have any now? I'm happy that it doesn't automaticly takes action. I don't want some critical application I use to be broken out of the blue. This way I can choose how the handle the vulnerability (remove, update, accept risk)
It does matter if you want to be scientific about it and seek the truth. You want to be able to verify the claim. If you have one scientist... Acronis in this case... claiming to have found a way to... oh, I don't know... time travel? You would want to see the evidence, do your own tests and verify that what is claimed is really true.
For all I know, you could create a software that puts up banners with the text "YOUR PC IS INFECTED" or maybe "YOUR PC IS RUNNING SLOW" in all uppercase letters, of course. If you have used the Internet for any reasonable amount of time you must have run into these ads that scare people into clicking on things they should not. It's called scareware!
[Link redacted: "You are not allowed to place hyperlinks inside the text, please, clear them." Look for "scareware" on Wikipedia.]
What's worse still is that there is a category of scareware that goes beyond the realm of your web browser and is installed on your operating system, to supposedly help you with the many security problems. They are known as "rogue security software".
[Link redacted: "You are not allowed to place hyperlinks inside the text, please, clear them." Look for "rogue security software" on Wikipedia.]
Have a look at MacSweeper for example.
"MacSweeper is a rogue application that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system"
[Link redacted: "You are not allowed to place hyperlinks inside the text, please, clear them." Look for "MacSweeper" on Wikipedia.]
This all reminds me a lot of what True Image has been doing lately, screaming "27 new vulnerabilities detected", and when I go to look at the evidence I see a blank page.
It shows in windows 11 notification on bottom of taskbar right side
I'm aware of those types of software.
It also feels to me that there's a really high negative disposition towards Acronis protection features purely because it's supposed to be a Backup solution.
I guess you could recreate a "vulnerable scenario". Install an older version of say 7zip with a known cve and see what Acornis finds.
I find "vulnerabilities detected" a far more general wording than "your pc is infected". Not many options that can't be interpreted as being scared into action. "Found some stuff of interest, you may want to have a look. They might be right...or wrong. You decide!" would be rather vague and generally unhelpful.
Detected vulnerabilities in many cases is simply a matter of not having yet installed the latest Windows Updates. I have seen the same when using the winget tool in Powershell where it lists various updates but repeating the same after running Windows Update removes most updates from the winget list.
It's a matter of perspective. I am not the one using "Acronis Cyber Backup" or the new "Acronis Cyber Protect Home Office".
I do object to having these fancy-pants features in my backup software. They are only good for as long as you are willing to pay the monthly fee to stay up to date and stay connected to the mothership in the form of Acronis Cloud. The recent TLS update rollout clearly shows that (update or else!). You may prefer this over running standalone programs that don't connect anywhere, programs that don't even require Internet connection to function years on end. But I personally don't want a program that needs Internet connection to function, and I certainly don't want a backup software that mandates Internet connection. However, there is no choice now. Whatever choice there was has been removed when Acronis decided to push subscriptions on everyone.
I understand that True Image is no longer a backup software. Therefore, Acronis needs to stop pretending that it is and remove the word "backup" from the name. They have recently done just that: "Acronis Cyber Protect Home Office".
However, Acronis' recent push for subscriptions is not the reason for my negative disposition. That's another topic altogether. Neither is the fact that "Active Protection" is part of a backup program. The reason for my negative disposition is because the program fails to display a log of these supposed "vulnerabilities detected".
I don't see the value in my investment if you can't do a simple thing like show me what you have done for me. It's like marching into a board of directors meeting and declaring "our sales are up by 175%" without presenting any sort of data to back that up (no pun intended). For all I know, your program could be just faking it, like those many rogue security programs do.
Would it kill them to show me a log?...
Steve Smith wrote:Detected vulnerabilities in many cases is simply a matter of not having yet installed the latest Windows Updates. I have seen the same when using the winget tool in Powershell where it lists various updates but repeating the same after running Windows Update removes most updates from the winget list.
Thanks for the screenshot Steve! It's nice to see people use winget. I haven't started using winget yet, I'm waiting for Microsoft to give it some more polish and work out the kinks.
What we see here is all the more reason for Acronis to change the name of their program, i.e. remove all mentions of "backup" in the name of it, as not to confuse people. It takes time getting used to thinking about Acronis and True Image as a everything else but a backup software. It's a mental shift where "cyber" is now the main meal, and "backup" is just a side dish. Thankfully they have already done so, starting with "Acronis Cyber Protect Home Office".
What you are seeing is merely an echo or imprint of what once was. What would be really useful and helpful is to have True Image display a log of these things, so we don't need to use third party tools to get a sense of what is or what once was there.
The key difference between the Acronis vulnerability scan and using such as WinGet is that the former only tells you that there is an issue but the latter gives you the option to fix that issue!
I understand that. But it sounds like something that Microsoft should be responsible for handling rather than Acronis. In other words, those vulnerability notifications should be coming from Windows itself. That way, there would be no need for a third party software from Acronis to do what is naturally a Windows and Microsoft concern. Or, alternatively, have Acronis finish the job: not only notify you about vulnerabilities but also initiate a Windows update or otherwise urge you to do so manually.