Inspired by the discussion about GPcode.exe in this thread https://www.wilderssecurity.com/showthread.php?t=214166 I did some testing with another ransomware Trojan Arhiveus. http://www.secureworks.com/research/threats/arhiveus/ When I run it on my system, it eats up ALL files in MY Documents and put them in a single file with a password. GesWall passed as expected. CFP Defence Plus failed( execution of trojan allowed) ThreatFire failed Neoava Guard failed( execution allowed)- No alerts unlike the case with GPcode trojan where it aws atleast able to give some alerts. I don,t find any classical HIPS/ behav blocker able to counter act such a malware.