Enable ransomware Controlled Folder Access on Windows 10
Since updating Windows 10 Fall Creators Update, the protection feature of the Controlled Folder Access folder that Microsoft introduced since June has officially reached millions of users.
Since updating Windows 10 Fall Creators Update, the protection feature of the Controlled Folder Access folder that Microsoft introduced since June has officially reached millions of users.
As its name suggests, this feature allows users to control access to certain directories. With the philosophy of 'blocking everything', it can theoretically block ransomware when trying to access and encrypt files inside.
- Theory - What is Ransomware?
Anti Ransomware with Controlled Folder Access Windows 10
Step 1:
Click the Start button and type Windows Defender Security Center and click. The following window will appear.
Windows Defender Security Center window
If you mistakenly choose Windows Defender Settings, select again the Open Windows Security Center to open the dialog box to find.
Choose again to open the Security Center
Step 2:
At the opened window, select Virus & Threat Protection > Virus & Threat Protection Settings.
Set up virus protection and threats
Step 3:
Go to the Controlled Folder Access section in this section and drag the On / Off slider to turn it on.
Drag the slider to turn it on
Step 4:
In the Protected Folders section , select the additional folders you want to protect. There are already several directories here.
Add folder to protect
Step 5:
In the Allow an app through Controlled folder access section , you choose to whitelist applications that are allowed to access, edit, create or delete files in protected folders.
Put the application to whitelist to give access
See also: 6 remarkable security features on Windows 10 Fall Creators Update
Another way to enable Controlled Folder Access
In addition to the above, there are 2 other ways to enable Controlled Folder Access. The easiest way is to run the PowerShell command.
Set-MpPreference -EnableControlledFolderAccess Enabled
To turn it off, just run the same command but replace it with 'Disabled'.
In addition, system administrators in large organizations can also use Group Policy Management Console to enable this feature for users across the network.
- Step 1: On the Group Policy management machine , open the Group Policy Management Console, right-click on the Group Policy Object you want to select and click Edit.
- Step 2: At Group Policy Management Editor, select Computer Configuration.
- Step 3: Click Policies > Administrative Templates.
- Step 4: Expand Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access.
Management for the entire system through the Group Policy Management Console
- Step 5: Double-click the Configure Controlled acces folder and select Enabled.
You can use Group Policy to select the accessed applications and protected folders for each computer in the domain.
Select the directory and application for the computer in the system
When any unauthenticated software tries to edit the file in these folders, the user will receive a warning in the Windows Notification bar . Windows Defender also recorded in event history.
Warning when software tries to access the protected folder
Note that for Controlled Folder Access to work, you must turn on real-time protection in Windows Defender.
Test using Controlled Folder Access to block ransomware
In testing with variants of Asasin malware Locky, x1881 CryptoMix, Comrade HiddenTear and Wyvern BTCWare, Controlled Folder Access did its job well, blocking these ransomware from encrypting files in the protected folder. Other folders are still encrypted as usual.
Unprotected folders are still encrypted by ransomware
Another side effect is that when executable files of whitelisted folders edit files in a protected folder, Controlled Folder Access blocks this and does not display a message indicating.
You should read it
- 7 kinds of ransomware you didn't expect
- How to use Kaspersky Anti-Ransomware Tool for Business
- List of the 3 most dangerous and scary Ransomware viruses
- Windows 10 brings many security tools in the new update
- Summary of effective Anti-Ransomware software
- How to enable Ransomware Protection on Windows
- [Infographic] 7 effective ways to protect businesses from Ransomware
- Theory - Ransomware part 2
- Windows SMB users should close some ports to prevent WannaCry
- Theory - What is Ransomware?
- How to remove Moba ransomware from the operating system
- What is Ransomware Task Force (RTF)?