Cybereason RansomFree is a program which deliberately creates hidden dummy folders containing randomly named .bmp, .png, .gif, .jpg, .pem, .xls, .mdb, .txt, .sql, .docx, .doc, .xlsx, .xls, .rtf, and .txt files in various locations (and partitions) on your computer as part of its functionality. These are actually trap (bait) folders and "canary" files...patterns of files and hidden virtual files that ransomware is attracted to. They are monitored for any changes and meant to be targeted for encryption by ransomware before actual data files. When the anti-ransomware program detects any of these files has been modified it will display an alert that an attack is occurring and ask if you wish to terminate the process that is trying to access them. This feature is sometimes referred to as "Honeypot Detection" or "Entrapment Protection" but is commonly misidentified by users or incorrectly reported as being related to malware.
This is Nathan Scott's explanation of Entrapment Protection from his now closed EasySync web site in this topic.
Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!
Common dummy folder locations with random names typically include My Documents, Desktop and common folder variables such as %User Profile%, %AppData%, %LocalAppData%, %ProgramData%, %Temp%.
If you attempt to remove these files and folders, RansomFree will re-create them. In fact, any attempt taken to delete (modify) the files or folders most likely will be interpreted as possible ransomware activity and trigger a warning alert or initiate some action by RansomFree.
If you're having unexpected issues, you can contact Cybereason Support or send an email to rf-su...@cybereason.com. You can also ask questions at the Ransomfree Support forum.