RTProtectionDaemon is definitely a legit part of the Malwarebytes app, though this does bring attention to a matter I'll discuss with the developers... it looks like there's something wrong with the code signature on that process. We'll definitely look into that. I'm not sure why RansomWhere? is triggering a warning on that, though. If I had to guess, the download of an updated rules file - which is encrypted - and subsequent overwriting of the original rules file with the new one is probab