This is how all anti-ransomware software works. It does not matter who wrote it, it all works the same way by instituting a default "go slow" on everything which would other do I/O "too fast". (Where the definition of "too fast" varies by each software makers opinion, but is usually IOPD (IO per day) rather than IOPS (IO per second)). Unless you MANUALLY designate the program or directory as "not ransomware". This is on the theory that: - most people "live to click" - the average computer user IQ is on par with their shoe size - ransomware must do "lots of I/O really fast" be effective - unlike TCP there is no "evil bit" in the PE header so there is no way to detect evil software - it is easier to spend mucho dollaro on a fast computer and then even more money on software to make it go slow, than it is to engage the brain The prevalence of ransomware and of software specifically designed to make everything "go slow" is an indicator of the overall success of these strategies.