Last night I tested SpSFW against Cerber and CTB Locker. Cerber - managed to damage the Windows boot loader and I had to clean install W7. As I sit here I'm 7 hours into waiting for Windows Update to complete. The sample used bcdedit.exe to modify the system to boot into Safe Mode with Networking. I selected "Deny" in all the bcdedit alerts - but I can't definitively determine what and why it happened. CTB Locker - encrypts all User Space unprotected folders. CTB Locker sample I used employs its own process to encrypt files - so its one of those ransomware variants that once you execute it then there is nothing that can be done about it; its not SpyShelter's fault as it doesn't have rapid-file modification detection and termination. If you have protected folders, then those files won't be encrypted - so there is a mechanism in SpS products to protect your most valuable files. And it doesn't make a difference if you run the CTB Locker as a Restricted App. Same result. Use SpS as default-deny and all of this is a moot point. * * * * * More malware testing does indeed need to be done. However, when I did it and made videos and procedures to replicate - and submitted each one to Datpol with care - well... you already know what happened. I told you.