Starting with Windows 10 build 16232, Controlled Folder Access was introduced into Windows Defender Antivirus.
Controlled Folder Access helps you protect valuable data from malicious applications and threats, such as ransomware. It is part of Windows Defender Exploit Guard.
Controlled Folder Access in Windows Defender Security Center examines applications that can make changes to files in protected folders. Occasionally, an application that is safe to use will be determined to be harmful. This happens because Microsoft wants to keep you safe and sometimes makes the mistake of being too cautious. However, this may affect the way you use your PC normally. You can add an application to the list of safe or allowed applications to prevent them from being blocked.
You can add additional folders to the list of protected folders, but you cannot change the default list, including folders like Documents, Pictures, Movies and Desktop. Adding other folders to Controlled Folder Access can be helpful, for example if you have not stored files in the default Windows library or you have changed the library’s location from the default.
This guide will show you how to enable or disable the Controlled Folder Access feature of Windows Defender Exploit Guard in Windows 10.
Fight Ransomware with Controlled Folder Access Windows 10
Open Windows Security and click on the icon Virus & threat protection.
Click on the link Manage ransomware protection in section Ransomware protection.
Turn on or off (default) Controlled Folder Access, depending on what you want.
Click Yes when prompted for approval by UAC.
When done, you can close Windows Defender Security Center if you want.
See also: 6 notable security features on the Windows 10 Fall Creators Update
Another way to turn on Controlled Folder Access
In addition to the above, there are 2 other ways to enable Controlled Folder Access. The easiest way is to run the PowerShell command.
Set-MpPreference -EnableControlledFolderAccess Enabled
To turn it off, just run the same command but replace it with “Disabled”.
Alternatively, system administrators in large organizations can use the Group Policy Management Console to enable this feature for users across the network.
- Step 1: On the manager machine Group Policy, open Group Policy Management Console, Right click Group Policy Object you want to select and click Edit.
- Step 2: In Group Policy Management Editor, choose Computer Configuration.
- Step 3: Click Policies > Administrative Templates.
- Step 4: Extend Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access.
Management for the whole system via Group Policy Management Console
- Step 5: Double-click Configure Controlled folder acces and select Enabled.
Group Policy can be used to select accessed applications and protected folders for each computer in the domain.
Select folders and applications for computers in the system
When any unauthenticated software tries to edit files in these folders, the user will receive a warning in the bar. Windows Notification. Windows Defender Also recorded in event history.
Warning when software tries to access protected folders
Note that for Controlled Folder Access to work, real-time protection must be enabled in Windows Defender.
Test using Controlled Folder Access to block ransomware
In testing with Asasin Locky, x1881 CryptoMix, Comrade HiddenTear, and Wyvern BTCWare malware variants, Controlled Folder Access did a good job of blocking these ransomware from encrypting files in protected folders. The other folders are still encrypted as usual.
The unprotected folder is still encrypted by the ransomware
As a side effect, when executables of whitelisted folders attempt to edit files in the protected folder, Controlled Folder Access will block this and do not display a message.
Source content: Enable Anti-ransomware Controlled Folder Access in Windows 10