Thanks for the quick reply. As for the RTFM bit, I completely understand, and figure there is some of that, but I feel that good UI design should all but eliminate the need to do so for most functions. For example, I could undoubtedly take the time to look up certain things, like the full cleanup option, and I would if I was going to use the program long-term (and I still might, though I'm still unsure), but just because I can look in help or do a web search doesn't mean it shouldn't be made immediately and clearly apparent what it does through the interface. And for that matter, AFAICT there's not any help or instructions in the program. So I don't even know what exactly the "ransomware protection" does or what the "backup and restore protection" does and how (or if) it's related to the ransomware protection or how exactly it works. Does it create a backup of everything on the drive(s), or everything in the protected folders, or only certain things (in which case, how does it decide what to backup and when)? These are questions I would love answers to, and could probably find at least some of them by searching the web, but I shouldn't have to hunt them down, they should be readily accessible in the program itself. Don't get me wrong, I realize it's a free program, and don't mean to sound ungrateful, but free or not it would be nice to have that info.
As for inheritance, I understand your point, though I wonder if it could be an option, or perhaps better managed. The fact is, most people are going to get sick of the constant pop-ups and just start clicking allow, or they will be confused by them. The conundrum with security software is that the more a person understands how to use it, the less they actually need it. So to actually protect those that need the protection, it's simply not (IMO) viable to have it pop up so many times. If there were an option to allow inheritance, it would be better than nothing, which is what would happen if/when the protection were just disabled. Also, assuming it were done on a temporary basis, it seems to me it should be fine. That is, if I launch a.exe, which launches process b.exe, after allowing a.exe, it should see that b.exe is not only a child of it, but that it's being launched very soon after allowing it. This is quite different from b.exe occurring as a child some time after the fact. It seems it should be smart enough to see the first instance as safe, being so close in time to allowing a.exe, and the second action as being suspicious.
As for the alerts, I would get a good mix of app lockdown and HIPS-lite alerts whenever running an installer.
This is in a VirtualBox Win10 VM with only a dozen or so programs installed, mostly various anti-exe and anti-ransomware programs. Also, while I certainly understand the potential conflicts happening due to this, and that it's practically impossible to make a program completely stable despite all of that, all the other programs have seemed fine, and only this one has had issues. And IMO a program should still be stable, at least as much as possible, even when conflicting with other programs. Maybe it's something unique to RO, but I'd like to think that if all the other programs can operate without issue, it should be able to as well. Granted, there was only the one case of instability, but it was severe enough to cause me to have to reboot, which I hate doing (luckily it was just a VM). And of course, I can't say for sure that it was even RO that caused the problem, but it was the one that was affected. I'm willing to write it off as a fluke at this point, and if RO ends up in the final running I'll set it up for further testing without potential conflicts, but I wanted to mention it.
Basically, at this point, I'm trying to decide between this and/or AppCheck (though maybe I could just run both...), Trend Micro Ransom Buster, and TEMASOFT Ranstop, and there are definitely some things I like, but there are of course things I don't like. I'd say probably the biggest thing is that when it blocks an activity related to a protected folder, it should show a meaningful notification that not only explains exactly what was blocked, but provides an easy way to perform various actions (allow, whitelist, deny, blacklist, with the ability to expand to multiple folders or the whole drive or computer). It's frustrating to have an error pop up that not only doesn't tell you what the problem is, but then requires you (once you realize what it is) to dig through settings and manually add exceptions.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
