HarfangLab Ransomware Detection Engine Ransomguard is a specialized component within HarfangLab's EDR platform that focuses on identifying and blocking ransomware attacks through behavioral analysis. The engine operates as part of the broader endpoint detection and response solution. The detection engine employs two complementary methods for ransomware identification. First, it deploys canary files throughout the system and monitors for their modification or deletion, which can indicate ransomware activity. Second, it uses operating system activity heuristics to identify ransomware-related behaviors such as abnormal file read, write, or delete speeds, and suspicious file extension changes. The engine can be configured to automatically block malicious processes when ransomware behavior is detected. This automated response capability allows organizations to stop ransomware attacks in progress without requiring manual intervention. Ransomguard functions as one of several detection engines within the HarfangLab EDR platform, working alongside other components including YARA signature-based detection, Sigma behavioral rules, IOC matching, and AI-powered analysis engines.