Discussion has become lively and a very informative thread. Looking forward to the results of further testing. Thanks for the work so far with this.
A side topic while we await further analysis of Zemana...Curious if anyone thinks that a-v/sig based apps ever look for key words in the title of a file like Cerber or another single word that might give away a test sample?
I installed a program called KnowBe4 Ran Sim that simulates ransomeware. 360 TS seemed to know the ten test files before the test started (almost). Grabbed them all in one alert. No surprise since probably the program has been around for some time. I was forced to restore the files to the program to run the test and then rerun with a-v off, which I was planning to do anyway. Still, it's difficult to ascertain which method of detection is being applied with 360. Log says it was File Protection but not the method of detection.