For those of us proactive admins, who stay up on current news, we may wish to blacklist a specific filename, or extension, before we have the hash of the file (meaning we already have the file, so it may be too late....)
Example, 3 days ago:
"Clicking the link in that email downloads a file named KB3085604 (dot) exe — obviously named to resemble Microsoft patch files and security updates. Detection of this file by the anti-malware engines represented on VirusTotal is poor, with only nine flagging it at the time of this writing."
I sure would love to block that file, but I don't HAVE that file, so can't get the MD5, and so... can't blacklist it in Webroot.
Or some ransomware, that likes to use cutsie specific file extensions. If we blacklisted their extensions, that should stop the initial encryption attempt cold, even if WR doesn't have it in their library yet...