Document modification date: 08/03/2025

Arcabit Incident Response Plan

The following document describes the procedures implemented within the Arcabit company structure to systematize actions in exceptional situations (including critical incidents) related to the potentially improper operation of Arcabit packages.

Exceptional situations vary in severity depending on their negative impact on the continuity and stability of user systems.

1. False Positives (False Malware Detections)

Each update of Arcabit packages undergoes extensive testing before release in accordance with Safe Deployment Practices (https://arcabit.pl/SDP). One of the key objectives of these tests is the elimination of false positives.
Despite the wide range of tests, we occasionally receive reports from customers regarding false malware detections. These reports typically involve rare, niche solutions used by customers.

False positives are identified through customer reports and anonymous telemetry data. In both cases, the program databases are modified to remove the false detection.

In 99% of cases reported by users, the procedure includes temporarily adding the falsely flagged object to the package exclusions until a new, corrected update is downloaded.

In exceptional cases, it is possible to restore an older, stable version of the package repository that does not cause issues (see the section on emergency repository handling) until a new, corrected version is published.

2. Network Connection Issues

The second category of common problems involves reports of network connection disruptions within applications used by customers.

Most issues stem from the „overhead” caused by packet filtering and possible inaccuracies in network protocol processing. A typical example includes network access to management panels of devices such as switches or routers.

In 99% of cases, adding the device or service address to the network exceptions of the Arcabit package resolves the issue.

As with false positives, it is possible to restore an older, stable version of the package repository that does not cause issues (see the section on emergency repository handling) until a new, corrected version is published.

3. Package Stability Issues

The program features an automatic exception detection mechanism for running modules. Such data (the package’s own DMP files) is anonymously sent to our lab for immediate analysis.

For customer reports, we additionally collect system memory dump files (minidumps and memory.dmp) when necessary.

Faulty program modules are modified, tested, and deployed in accordance with Safe Deployment Practices (https://arcabit.pl/SDP).

In special cases, it is possible to restore an older, stable version of the package repository that does not cause issues (see the section on emergency repository handling) until a new, corrected version is published.

4. System Boot Issues with active Arcabit Modules

This category of issues is extremely rare and almost always results from unusual user system configurations.

As part of customer support, we typically suggest booting the system in safe mode (Arcabit does not interfere with safe mode operation):

https://arcabit.pl/poradniki/poradniki/web-enablingsafemodeinwindows11.pdf

After starting the system in safe mode, we usually follow one of two paths in collaboration with the customer:

a) Updating the package to a stable version
b) Removing faulty package components or completely uninstalling the package

An additional support option for identifying any software-related issues is generating and sending a system audit:

https://arcabit.pl/poradniki/web-av-howtocreateandsendasystemaudit.pdf

Emergency Repository Handling

Emergency repository handling allows for:

a) Immediate restoration of an older, stable, and problem-free version of the repositories on all update servers.
b) Suspending the standard repository generation procedure (as described in Safe Deployment Practices (https://arcabit.pl/SDP)) and publishing a repository with corrected modules.
c) Initiating an emergency procedure for all users to enforce an update to the correct package version.

In most cases, emergency repository handling does not require any additional action from customers.

Contact with Arcabit technical support:

help@arcabit.pl (monitored 24/7)
+48 22 532 69 20 (weekdays, from 8:00 to 14:00 CET)