New
#21
Yup, but zero-day is still heuristic though..Predesigned whitelists are a serious issue for antiransomware, as any executable can be the bad one, even if it appears to be a totally benign part of the OS or a standard windows "filler" app.
The problem with ransomware is that it targets file areas where even a standard user has full control access - Spoof a suitable OS tool that is included in a whitelist and you have full access to encrypt all the user files. But if a standard OS tool attempts to access a file area and you as the user has not initiated it then you at least have something that needs checking immediately, ( unless you a click everything you see kind of person, and those are beyond help )