do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode
Won't ?:\* block many other actions too?
Then quite less program would be working in the auto-sandbox.
And \Device\KsecDD? might help to block this particular GPCode sample but your files are still not protected, other ransomware or viruses might still be able to alter your personal files.
The best solution is IMO simply adding your important files to the protected ones, this will always be safe.