How-To

Enhance Windows 10 Ransomware Protection with Controlled Folder Access

Windows 10 continues to include new and enhanced built-in security features. You can access security features via Windows Defender Security Center — now simply called “Windows Security.” One of the enhancements is Controlled Folder Access (CFA). Its purpose is to guard your protected folders against malicious threats such as the increasingly sophisticated ransomware attacks that keep cropping up.

Starting back with Windows 10 Build 16232, CFA monitors changes that apps try to make to files in protected folders. This feature also lets you manually add additional folders that you want to be protected. It also the apps you want to allow access to certain folders.

According to Microsoft exec Dona Sarkar: “Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. You can complement the protected folders with additional locations, and add the apps that you want to allow access to those folders.”

Enable Controlled Folder Access in Windows 10

To enable this extra protection against threats like ransomware, open Windows Security. Hit the Windows key on your keyboard and type: windows security and select the app from the top result.

windows security

From the “Security at a glance” page click on the Virus & threat protection button.

virus and threat protection

Next, scroll down to the “Ransomware Protection” section and click the Manage ransomware protection link.

ransomware protection

On the next screen, you’ll have a few options for ransomware protection. The important one here that you want to turn on is Controlled folder access.

controlled folder access

Manually Add Folders to Controlled Folder Access

Windows system folders and memory areas on your computer are protected by default. You can also add more folders to be protected manually. To do that, click on the Protected folders link.

protected folders

On the following page, click Add a protected folder and browse to the folder you want to be added to CFA from File Explorer.

add protected folder controlled access

Allow Apps Through Controlled Folder Access

You can choose which apps are allowed to access protected folders. Most trusted and installed apps are allowed through. But sometimes Microsoft will determine an app to be unfriendly. Click the back button and click the Allow an app through Controlled folder access link.

allow app controlled folder access

Next, click the Add an allowed app button. Then you will have the option to allow recently blocked apps or browse all apps.

allowed apps

For example, here I clicked Recently blocked apps and found that both Snagit Editor which I use for screenshots, and Samsung Magician, which monitors my NVMe SSD, were blocked.

blocked apps

Click the Browse all apps link on the message and then browse to and select the app’s executable you want to let through.

find app exe to allow

The apps you choose to allow through will be listed on the “Allow an app through Controlled folder access” page.

apps allowed through

It’s worth noting that if an app is blocked from making changes to files in a protected folder, you’ll see a notification on the desktop.

notification

Microsoft is adding more layers of security in each of its Windows 10 updates. It provides users with more control over those settings, too. For instance, check out our article on how to protect files in OneDrive using 2FA with Personal Vault.

Do you like the idea of more built-in security options coming to Windows 10? Let us know in the comments below and for more discussion make sure to check out our free Windows 10 Forums!

7 Comments

7 Comments

  1. ramu kaviyoor

    This option is missing in my Windows10x64 Home.

    • murli

      it’s currently available in insider testing builds

  2. Sasha99

    Will Windows defender work along side or compete against my other antivirus program?

    • Steve Krause

      In most cases yes. But, it’s not recommended or needed. Don’t forget, Microsoft is getting data on virus and malware from hundreds of millions of systems. Been running Defender for years with no issues. Highly recommend them on Windows systems to my readers.

      gP

  3. dwmc2

    Experimenting with / using Controlled folder access (now released). To allow an app to save to any controlled folder, you must add the app (full pathname) to the list AND close and restart the app. When an app encounters the protection, it will show an alert “folder not found” and a popup window will BRIEFLY give the partial app file name. You must find the full app filename and add it to the list.

    Surprisingly, some Windows utilities such as Windows Fax and Scan (WFS.exe) are not pre-registered to save items into a controlled folder.

  4. Arthur Mussman

    A virus uses controlled folder access to deny use of Quicken.

  5. Dale Newcomer

    How does the pc owner remove folders he added to the Protected Folder area?
    Dale

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top