It most likely monitors what software performs the modifications to the files it leaves dropped around the system (therefore the dropped files act as bait); when a modification occurs it most likely performs check-ups to see what the modification was like (e.g. identify encryption) and then depending on the results, block the program which performed the modification.If any of those files gets modified, that triggers it.
I may have to take a look at this in a video at some point It looks very interesting...So no one put some picture, here are some of them (installation, RAM usage, test on Locky and Cerber):
View attachment 127508 View attachment 127509 View attachment 127510 View attachment 127511 View attachment 127512 View attachment 127513 View attachment 127514 View attachment 127515 View attachment 127516 View attachment 127517 View attachment 127518 View attachment 127519
Was the damage to files complete/partial?Petya (Red) win....
So it's bulletproof against ALL types of ransomware since no definitions update is required.It does not have updates/definitions.
I think it's track/watch files for modifications and then it stops when it happens.
Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.
View attachment 127537
It also flag that Ransomware file when you click Stop'n'Clean
View attachment 127538
It's based on dynamic analysis, but that doesn't mean it will detect all ransomware. It's already failed in some tests by @Av Gurus since it failed to protect against Petya, which is a more sophisticated ransomware threat (than your average) which works by targeting the Master Boot Record.It's working on AI? Won't it be interesting to know why no updates is required?