Hi- I'm running RansomWhere in addition to MalwareBytes. I recently came up with a warning that a process called RTProtectionDaemon is locking files and was suspicious, acting like ransomware. I'm wondering whether it's a part of MalwareBytes, or whether I should try to find and delete it.
RTProtectionDaemon is definitely a legit part of the Malwarebytes app, though this does bring attention to a matter I'll discuss with the developers... it looks like there's something wrong with the code signature on that process. We'll definitely look into that.
I'm not sure why RansomWhere? is triggering a warning on that, though. If I had to guess, the download of an updated rules file - which is encrypted - and subsequent overwriting of the original rules file with the new one is probab