Enhance Windows 10 Ransomware Protection with Controlled Folder Access
Controlled folder access adds extra security to Windows 10 by monitoring protected folders for changes that apps attempt to make. Here’s how to turn it on.
Windows 10 continues to include new and enhanced built-in security features. You can access security features via Windows Defender Security Center — now simply called “Windows Security.” One of the enhancements is Controlled Folder Access (CFA). Its purpose is to guard your protected folders against malicious threats such as the increasingly sophisticated ransomware attacks that keep cropping up.
Starting back with Windows 10 Build 16232, CFA monitors changes that apps try to make to files in protected folders. This feature also lets you manually add additional folders that you want to be protected. It also the apps you want to allow access to certain folders.
According to Microsoft exec Dona Sarkar: “Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. You can complement the protected folders with additional locations, and add the apps that you want to allow access to those folders.”
Enable Controlled Folder Access in Windows 10
To enable this extra protection against threats like ransomware, open Windows Security. Hit the Windows key on your keyboard and type: windows security and select the app from the top result.
From the “Security at a glance” page click on the Virus & threat protection button.
Next, scroll down to the “Ransomware Protection” section and click the Manage ransomware protection link.
On the next screen, you’ll have a few options for ransomware protection. The important one here that you want to turn on is Controlled folder access.
Manually Add Folders to Controlled Folder Access
Windows system folders and memory areas on your computer are protected by default. You can also add more folders to be protected manually. To do that, click on the Protected folders link.
On the following page, click Add a protected folder and browse to the folder you want to be added to CFA from File Explorer.
Allow Apps Through Controlled Folder Access
You can choose which apps are allowed to access protected folders. Most trusted and installed apps are allowed through. But sometimes Microsoft will determine an app to be unfriendly. Click the back button and click the Allow an app through Controlled folder access link.
Next, click the Add an allowed app button. Then you will have the option to allow recently blocked apps or browse all apps.
For example, here I clicked Recently blocked apps and found that both Snagit Editor which I use for screenshots, and Samsung Magician, which monitors my NVMe SSD, were blocked.
Click the Browse all apps link on the message and then browse to and select the app’s executable you want to let through.
The apps you choose to allow through will be listed on the “Allow an app through Controlled folder access” page.
It’s worth noting that if an app is blocked from making changes to files in a protected folder, you’ll see a notification on the desktop.
Microsoft is adding more layers of security in each of its Windows 10 updates. It provides users with more control over those settings, too. For instance, check out our article on how to protect files in OneDrive using 2FA with Personal Vault.
Do you like the idea of more built-in security options coming to Windows 10? Let us know in the comments below and for more discussion make sure to check out our free Windows 10 Forums!
This option is missing in my Windows10x64 Home.
it’s currently available in insider testing builds
Will Windows defender work along side or compete against my other antivirus program?
In most cases yes. But, it’s not recommended or needed. Don’t forget, Microsoft is getting data on virus and malware from hundreds of millions of systems. Been running Defender for years with no issues. Highly recommend them on Windows systems to my readers.
Experimenting with / using Controlled folder access (now released). To allow an app to save to any controlled folder, you must add the app (full pathname) to the list AND close and restart the app. When an app encounters the protection, it will show an alert “folder not found” and a popup window will BRIEFLY give the partial app file name. You must find the full app filename and add it to the list.
Surprisingly, some Windows utilities such as Windows Fax and Scan (WFS.exe) are not pre-registered to save items into a controlled folder.
A virus uses controlled folder access to deny use of Quicken.
How does the pc owner remove folders he added to the Protected Folder area?