Zero Day testing - ransomware

I’ve been performing testing in an effort to determine the effectiveness of various end point protection software at blocking zero day ransomware.

As part of my testing process I’ve written an AutoIt script that encrypts file trees. It’s not so sophisticated as to actually give a ransomware message. Recompiling gives different hashes for the software making it possible to perform multiple tests.

I have two versions, one which changes the files to .enc, the other keeps the names the same.

So far this has gone well, but wondering if there are some other options to add to my tests? I don’t know C so can’t write something in that. I do wonder if being in AutoIt this is “helping” the software being tested (although TBH most fail this test). I do have another AutoIt script that we run that simply copies a file tree. This tests if the end point software is simply blocking AutoIt scripts.