Here we can see, “How to Use Windows Defender’s New “Controlled Folder Access” to Protect Your Files From Ransomware”
“Controlled folder access” is an intrusion-prevention function included in Microsoft Defender Exploit Guard, which is part of Microsoft Defender Antivirus, on Windows 10. Its primary purpose is to prevent ransomware from encrypting and enslaving your data, but it also protects files from undesired changes caused by other harmful programmes.
On Windows 10, the anti-ransomware functionality is optional. It employs a technique to track applications (executable files, scripts, and DLLs) that attempt to modify files in protected directories when activated. If the programme is malicious or unidentified, the functionality will stop the attempt in real-time and notify you of the suspicious behaviour.
Controlled folder access can be enabled and customised using the Windows Security programme, Group Policy, and even PowerShell if you want an extra layer of security to protect your data.
How to use Security Center to activate ransomware protection
Follow these steps to enable Controlled folder access in Windows 10:
- Start the programme.
- To access the app, search for Windows Security and pick the top result.
- Select Virus and Threat Protection from the drop-down menu.
- Select Manage ransomware protection from the “Ransomware protection” section.
- Toggle the Controlled folder access switch on.
After you’ve finished the procedures, Microsoft Defender Antivirus will begin safeguarding your files and folders against harmful programmes such as ransomware.
Block history is available to view.
Follow these procedures to get a list of objects that the anti-ransomware solution has blocked:
- Start the programme.
- To access the app, search for Windows Security and pick the top result.
- Select Virus and Threat Protection from the drop-down menu.
- Select Manage ransomware protection from the “Ransomware protection” section.
- Select Block history from the drop-down menu.
- Verify the objects that have been restricted.
The page is the same as the one used to view the protection history on the Microsoft Defender Antivirus home page. However, when you access it from this location, a filter is applied, allowing you to see only the history of “Controlled folder access.”
Add a new place for security.
The Documents, Pictures, Videos, Music, Desktop, and Favorites folders are all protected by default. Although it is not feasible to change the default list, you can manually add alternative paths if you have files in a different location.
Follow these steps to add a new folder location for protection:
- Start the programme.
- To access the app, search for Windows Security and pick the top result.
- Select Virus and Threat Protection from the drop-down menu.
- Select Manage ransomware protection from the “Ransomware protection” section.
- Select Protected Folders from the drop-down menu.
- Add a protected folder by clicking the Add a protected folder button.
- Choose a new place.
- Select a folder by clicking the Select Folder button.
The anti-ransomware feature will monitor and safeguard the new sites once you’ve completed the instructions.
If the storage arrangement changes and you need to delete a location, repeat the steps above, but pick the location and click the Remove button on step 5.
Controlled folder access with an allowlist of programmes
Controlled folder access in Windows 10 can recognise the apps that may safely access your files, but if one of the apps you trust is blocked, you’ll have to manually authorise it.
Follow these instructions to allow an app with Controlled folder access:
- Start the programme.
- To access the app, search for Windows Security and pick the top result.
- Select Virus and Threat Protection from the drop-down menu.
- Select Manage ransomware protection from the “Ransomware protection” section.
- Allow an app through Controlled folder access by clicking the Allow an app through Controlled folder access option.
- Add an allowed app by clicking the Add an allowed app button.
- To allowlist an app you trust that has been identified as harmful select the Recently blocked apps option. Alternatively, you may use the Browse all apps option.
- Choose the programme executable you want to allow through this feature (for example, chrome.exe).
- Select the Open option.
The feature will no longer be prevented by the feature and will be allowed to modify files once you’ve completed the steps.
How to use Group Policy to provide ransomware protection
Follow these steps to enable Windows 10‘s ransomware protection via Group Policy:
- Start the programme.
- To open the Local Group Policy Editor, search for gpedit and click the top result.
- Take the following route:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access
Note that the path is significantly different if you’re still using Windows 10 version 1909 or earlier: Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access
4. On the right side, double-click the Configure Controlled folder access policy.
5. Select Enabled from the drop-down menu.
6. Select the Block option from the drop-down menu under the “Options” section.
7. Then press the Apply button.
8. Press the OK button.
Controlled folder access will enable you to begin monitoring and protecting your files stored in the default system directories once you’ve completed the steps.
The only drawback to this strategy is that any future configuration must be done via Group Policy. The “This setting is governed by your administrator” statement will appear when you open Windows Security, and the Controlled folder access option will be greyed out.
You can undo the settings by following the same steps as before, but at step 5, select the Not Configured option.
Add a new place for security.
If you need to safeguard data in a different place, you can add a new folder using the “Configure protected folders” policy.
Follow these steps to add a new place for protection with Control folder access:
- Start the programme.
- To open the Local Group Policy Editor, search for gpedit and click the top result.
- Take the following route:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access
4. On the right side, double-click the Configure protected folders policy.
5. Select Enabled from the drop-down menu.
6. Click the Show button in the “Options” section.
7. Enter the path of the folder in the “Value name” box and 0 in the “Value” field to specify the locations you want to protect.
For safety, the “MyData” folder is added to the “F” drive in this example:
F:\MyData
8. To add more places, repeat steps 7.
9. Press the OK button.
10. Press the Apply button.
11. Press the OK button.
Once you’ve completed the procedures, the new folder will be added to the Controlled folder access protection list.
To undo the changes, follow the steps as before, but at step 5, select the Not Configured option.
Whitelist apps with Controlled folder access
Follow these procedures to whitelist an app in Windows 10’s anti-ransomware feature:
- Start the programme.
- To open the Local Group Policy Editor, search for gpedit and click the top result.
- Take the following route:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access
4. On the right side, double-click the Configure authorised applications policy.
5. Select Enabled from the drop-down menu.
6. Click the Show button in the “Options” section.
7. In the “Value name” box, specify the location of the.exe file for the programme you want to allow (such as C:\path\to\app\app.exe) and 0 in the “Value” field.
When Controlled folder access is allowed, this example allows the Chrome app to:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
8. To add more places, repeat steps 7 and 8.
9. Press the OK button.
110. Press the Apply button.
11. Press the OK button.
The software will no longer be prohibited and will be allowed to modify protected files and folders when you finish the procedures.
How to use PowerShell to enable ransomware protection
You may also use PowerShell commands to activate and configure Controlled folder access.
Follow these steps to enable Controlled folder access using PowerShell:
- Start the programme.
- Right-click the top result in the search for PowerShell and select Run as administrator.
- To enable the feature, type the following command and press Enter:
Set-MpPreference -EnableControlledFolderAccess Enabled
4. (Optional) To disable the security function, type the following command and press Enter:
Set-MpPreference -EnableControlledFolderAccess Disabled
Controlled folder access will be enabled on your computer once you’ve completed the instructions, protecting your files and folders from ransomware assaults.
Add a new place for security.
Follow these procedures to grant Controlled folder access to safeguard an additional folder:
- Start the programme.
- Right-click the top result in the search for PowerShell and select Run as administrator.
- To add a new location, type the following command and press Enter:
Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\add"
Make careful to modify the path to the location and executable of the programme you wish to enable in the command.
This command, for example, adds the “MyData” folder on the “F” drive to the protected folder’s list:
Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\MyData"
4. (Optional) To remove a folder, type the following command and press Enter:
Disable-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\remove"
The anti-ransomware feature will protect the contents inside the new place once you’ve completed the instructions.
Whitelist apps with Controlled folder access
Use PowerShell to grant access to an app in the Controlled folder:
- Start the programme.
- Right-click the top result in the search for PowerShell and select Run as administrator.
- To allow an app, type the following command and click Enter:
Add-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"
Make careful to modify the path to the location and executable of the programme you wish to enable in the command.
This command, for example, adds Chrome to the list of permitted apps:
Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
4. (Optional) To delete an app, use the following command and hit Enter:
Remove-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"
When the feature is ready, the programme will execute and make changes to your files after you complete the steps.
Controlled folder access is one of the Microsoft Defender Exploit Guard’s intrusion-prevention capabilities, including Microsoft Defender Antivirus. This means that if you use a third-party antivirus, you won’t use the security feature.
Conclusion
I hope you found this information helpful. Please fill out the form below if you have any queries or comments.
User Questions:
- Does limiting folder access protect you against ransomware?
Controlled folder access keeps your data safe from fraudulent software and threats like ransomware. Controlled folder access safeguards your information by comparing programmes to a list of known and trusted apps.
- Should you enable Windows Defender’s controlled folder access?
Normally, any software on your computer could do whatever it wanted with these folders. Malware will not be able to see or copy your files if folder access is restricted, and it merely prevents viruses from altering these files.
- Is it safe to disable folder access control?
The Windows event log will contain a notification. The Controlled folder access option will not operate if you disable (default). All apps have access to files in password-protected folders. If a malicious or suspicious app tries to modify a file in a secured folder, changes will be allowed.
- Do you have Windows Defender Ransomware Protection installed on your computer? If so, does it produce a lot of blockages? What do you use instead if you don’t have one?
Do you use Windows Defender Ransomware Protection? If yes, doesn’t cause too many blockages? If not, what do you use instead? from Windows10
- How will Windows 10 Ransomware Protection work?