Enable ransomware Controlled Folder Access on Windows 10

Since updating Windows 10 Fall Creators Update, the protection feature of the Controlled Folder Access folder that Microsoft introduced since June has officially reached millions of users.

As its name suggests, this feature allows users to control access to certain directories. With the philosophy of 'blocking everything', it can theoretically block ransomware when trying to access and encrypt files inside.

1. Theory - What is Ransomware?

Anti Ransomware with Controlled Folder Access Windows 10

Step 1:

Click the Start button and type Windows Defender Security Center and click. The following window will appear.

Windows Defender Security Center window

If you mistakenly choose Windows Defender Settings, select again the Open Windows Security Center to open the dialog box to find.

Choose again to open the Security Center

Step 2:

At the opened window, select Virus & Threat Protection > Virus & Threat Protection Settings.

Set up virus protection and threats

Step 3:

Go to the Controlled Folder Access section in this section and drag the On / Off slider to turn it on.

Drag the slider to turn it on

Step 4:

In the Protected Folders section , select the additional folders you want to protect. There are already several directories here.

Add folder to protect

Step 5:

In the Allow an app through Controlled folder access section , you choose to whitelist applications that are allowed to access, edit, create or delete files in protected folders.

Put the application to whitelist to give access

See also: 6 remarkable security features on Windows 10 Fall Creators Update

Another way to enable Controlled Folder Access

In addition to the above, there are 2 other ways to enable Controlled Folder Access. The easiest way is to run the PowerShell command.

Set-MpPreference -EnableControlledFolderAccess Enabled

To turn it off, just run the same command but replace it with 'Disabled'.

In addition, system administrators in large organizations can also use Group Policy Management Console to enable this feature for users across the network.

1. Step 1: On the Group Policy management machine , open the Group Policy Management Console, right-click on the Group Policy Object you want to select and click Edit.
2. Step 2: At Group Policy Management Editor, select Computer Configuration.
3. Step 3: Click Policies > Administrative Templates.
4. Step 4: Expand Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access.

Management for the entire system through the Group Policy Management Console

1. Step 5: Double-click the Configure Controlled acces folder and select Enabled.

You can use Group Policy to select the accessed applications and protected folders for each computer in the domain.

Select the directory and application for the computer in the system

When any unauthenticated software tries to edit the file in these folders, the user will receive a warning in the Windows Notification bar . Windows Defender also recorded in event history.

Warning when software tries to access the protected folder

Note that for Controlled Folder Access to work, you must turn on real-time protection in Windows Defender.

Test using Controlled Folder Access to block ransomware

In testing with variants of Asasin malware Locky, x1881 CryptoMix, Comrade HiddenTear and Wyvern BTCWare, Controlled Folder Access did its job well, blocking these ransomware from encrypting files in the protected folder. Other folders are still encrypted as usual.

Unprotected folders are still encrypted by ransomware

Another side effect is that when executable files of whitelisted folders edit files in a protected folder, Controlled Folder Access blocks this and does not display a message indicating.