Ransomware is a real problem. I despise malware disguised as mainstream antivirus solutions, but we need to protect users from ransomware and that’s a tough problem. I am working in that space.
Ransomware is still malware IMO. Put the conflict of interest aside, if current approach to detect malware does not change, no matter how hard we try, we will still be one step behind.
If we can keep the system up to date, configure the user privileges to lowest possible and grant access only when necessary, take backups as frequently as possible, segregate sensitive networks and most importantly educate the users not to run programs from suspicious sources, most if not all ransomware incident will not happen at all.
The approach I am taking is background sync of all user-created data into git with automatic one-way replication not accessible through SMB. Git has plenty of tools to manage that and I simply automate all this without exposing the user to the commit process. That way I can just reimage the machine and replicate undamaged data back onto it. The problem is detecting data exfiltration and I don't have a solution for that yet.
You were probably right. But I got that from my interactions with one of the AV vendors over a decade ago. Since then, the only AV on my machine is Windows Defender. It's not because I need it or trust it, but rather it cannot be easily removed. I always disable it but it will become active might be after a major update, which was quite annoying.
You can disable with local group policy, in gpedit.msc which is the policy editor. Search for the exact path, it's just 5 clicks away, doesn't come back up.