What I'm talking about is a firewall on the PC that profiles executable for suspicious behaviour and then warns via a dialog - allowing user to whitelist or block the process. If an unknown executable should start encrypting (or writing to in any way) every document file, then that would definately make me suspicious, so a firewall with even basic AI capability should be smart enough to think the same way.
It's been a decade since I've used ZoneAlarm on my personal PCs, so I don't know what all features it has today, but when I used it a decade ago on my personal PCs, it would do things like whitelist applications, and warn the user then an application attempts to access the internet, photos, or document files, etc. Looking at their website, it does appear to have this feature called OSFirewall.
".. The ZoneAlarm Application Control module also uses OSFirewall to detect any malicious activity against your computer's operating system. When ZoneAlarm cannot validate a program, or discovers a program that tries a suspicious action, it generates an alert .."
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho