Hi, there is no universal solution that could detect file being encrypted by some software. But it is possible to monitor file rename and also file item being updated (however with file update, ransomware can be smart enough to avoid triggering this event in Windows). Anyway combining this with filter on file types, specific directory and/or file renames/updates per minute can give decent results. Example: focus on rename of JPG and DOCX files and if more than 10 occur in one minute - alert the user. PS. What Windows version ?