Here's probably a false positive on the latest Beta 6:
What I was doing:
Running XAMPP7 and updated plugins on a localhost install of Wordpress (latest 4.4.2), when Anti-Ransomware detected ransomware activity (see attached screen dump). This was when I fired the autoupdate on the Duplicator plugin from within the Wordpress Admin Dashboard.
I have been running the Ransomware betas for some weeks now, and I'm certain I have done this before, on previous betas - updating plugins in localhost Wordpress, without Ransomware beeing triggered.
Geir
httpd.zip
Malwarebytes Anti-Ransomware.zip