i agree that DeepGaurd is one of the best Behavior Blocker out there but,
it is so weak against scripts whose payloads are not a PE/exe file, in this cases DeepGuard can't stop the script
If you don't plan to make it stronger, it can do nothing against new threats
in a test, a .vbs RANSOMWARE encrypted all the files and DeepGaurd did nothing
I can send you screenshots if you want
DeepGaurd can be Bypassed this way easily!
(test done by my friend in Malwaretips forum)
one weakness I've found in F-Secure and other Behavior Blockers is that the most common way to escape the behavior blocker is by using a trusted (but not super well known) process to do your dirty work.
If you use something too popular like Powershell or cmd.exe, behavior blockers are smart, especially thanks to AMSI. However, if you use something just mildly popular like a Node.JS runtime, a copy of Cygwin/MinGW, or in this case, 7-Zip, it seems to be blanket whitelisted by behavior blockers.
This piece of fake "malware", which I'm calling TrojanZipperPOC, does this:
All the files got encrypted even when Ransomware protection is enabled
I don't care how technical one wants to get, the fact remains that certain Ransomeware cannot be stopped. Yesterday one actually infiltrated a Kaspersky users system and locked in. The latest I read was it is unlikely to be decrypted because of its unique flavor.
I keep all important files backed up and let nature take it's course. Then it's not so end of the world.
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions