[Windflier]

That will make it at least a little more likely that the virus writers will write a workaround for this "protection".

The FoolishIT protection tool installs a set of commands that disallow any encryption of your files. Not sure what sort of workaround you could come up with the get around that.

It's also possible to do it manually. See here:

Software Restriction Policies (SRPs) allow you to control or prevent the execution of certain programs through the use of Group Policy. You can use SRPs to block executable files from running in the specific user-space areas that Cryptolocker uses to launch itself in the first place. The best place to do this is through Group Policy, although if you're a savvy home user or a smaller business without a domain, you can launch the Local Security Policy tool and do the same thing.

[palmer]

Looks like some sort of change in the registry under policy settings. It would be fairly trivial for the virus writer to change the policy back before doing their dirty deed. Whether that makes sense for them depends on how many people use this form of “protection”. Remember Windows is “protected” to begin with but that doesn’t stop virus writers or even slow them down much.