i dont know. what i know is that on xcitium endpoint they managed to introduce 2 options to block unknow dlls from being called by any exe. with this they can prevent the ransomware showed on my videos, but no one knows how these options are going to affect the windows itself.
another thing we all know is that the dll is now marked as dangerous but this doesnt seem to mean anything as the same exe can be executed and the ransomware destroys cis as you can see here: The Ransomware DLL is marked as dangerous but it has no effect on CIS and it fully destroys CIS
but these are two different products (even with the same base). we are just hoping they will fix this in a better way for handling dlls both on cis and xcitium. or, atleast, bring this new option added to xcitium into cis too and we, users, will find our way out 