How to Protect Your PC from Ransomware on Windows 10 or 11


Controlled folder access adds extra security to Windows 10 and 11 by monitoring protected folders and protect your PC against Ransomware.

Windows 10 continues to include new and enhanced built-in security features. You can access security features via Windows Security. One of the enhancements is Controlled Folder Access (CFA). Its purpose is to guard your protected folders against malicious threats such as the increasingly sophisticated ransomware attacks that keep cropping up.

Starting back with Windows 10 Build 16232, CFA was introduced to monitor changes that apps try to make to files in protected folders. This feature also lets you manually add additional folders that you want to be protected. You can allow specific app access to certain folders, too.

Protecting your PC against ransomware via CFA can be done on Windows 10 or 11 from the Windows Security app that’s built into the OS. Controlled folder access monitors changes apps make to files in your protected folders. So, if an unspecified app tries to make changes to files, it is blacklisted and you’ll get a notification.

Turn on Ransomware Protection on Windows 11 with controlled Folder Access

Keeping ransomware off your Windows 11 system is straightforward by enabling controlled folder access using the following steps.

  1. Press the Windows key, type Windows Security, and click the top result.launch windows security from start
  2. Click the Virus & threat protection option in the left panel.virus and threat protection
  3. Scroll down to the Ransomware protection section on the right and click the Manage ransomware protection link.
    Note: If you haven’t set up OneDrive yet, ensure to sign in with your account and set up your OneDrive Personal Vault for your most sensitive files.manage ransomware protection windows security
  4. Toggle on the Controlled folder access switch.toggle on controlled folder access

It’s important to mention that managing CFA is virtually identical on Windows 10 and 11 once it’s enabled. For instance, you can add folders to CFA and allow apps through using the same steps shown below in the Windows 10 examples.

Enable Controlled Folder Access on Windows 10

Turning on Ransomware protection via the controlled folder option on Windows 10 is also straightforward using the following steps.

  1. To enable this extra protection against threats like ransomware, open Windows Security. Hit the Windows key on your keyboard and type Windows Security and select the app from the top security on Windows 10 start menu
  2. From the “Security at a glance” page click on the Virus & threat protection button.virus and threat protection
  3. Next, scroll down to the “Ransomware Protection” section and click the Manage ransomware protection link.manage ransomware protection
  4. On the next screen, you’ll have a few options for ransomware protection. The important one here that you want to turn on is Controlled folder access.toggle on controlled folder access

Manually Add Folders to Controlled Folder Access

One of the benefits of CFA is the ability to manually add your own folders.

  1. Windows system folders and memory areas on your computer are protected by default. You can also add more folders to be protected manually. To do that, click on the Protected folders link.protected folders
  2. On the following page, click Add a protected folder and browse to the folder you want to be added to CFA from File Explorer.add protected folder controlled access

Allow Apps Through Controlled Folder Access

You can choose which apps are allowed to access protected folders. Most trusted and installed apps are allowed through. But sometimes Microsoft will determine an app to be unfriendly.

  1. Click the back button and click the Allow an app through Controlled folder access link.allow app controlled folder access
  2. Next, click the Add an allowed app button. Then you will have the option to allow recently blocked apps or browse all apps.allowed apps
  3. For example, here I clicked Recently blocked apps and found that my screenshot editing app, SnagIt, and Samsung Magician, which monitors my NVMe SSD, were blocked.blocked apps
  4. Click the Browse all apps link on the message and then browse to and select the app’s executable you want to let through.find app exe to allow
  5. The apps you choose to allow through will be listed on the “Allow an app through Controlled folder access” page.apps allowed through
  6. It’s worth noting that if an app is blocked from making changes to files in a protected folder, you’ll see a notification on the desktop.controlled folder access notification

Microsoft is adding more layers of security in each of its Windows 10 updates. It provides users with more control over those settings, too. For instance, check out our article on how to protect files in OneDrive using 2FA with Personal Vault. Also, for a modern and secure passwordless option, check out how to enable Passkeys for a Microsoft account.

Protecting Yourselft from Ransomware on Windows

Unlike virus and malware that can steal personal data and are generally annoying, ransomware takes things to a new level. It’s nasty malware that encrypts your data and requests a ransom to unlock it — typically paid with bitcoin. It essentially holds your files and folders hostage until you cough up money to free them.

The good news is Windows has built-in ransomware protection. With a bit of diligence, you can take proactive steps to avoid ransomware by following the above steps and turn on controlled folder access on Windows 10 or 11.



  1. ramu kaviyoor

    July 13, 2017 at 7:48 am

    This option is missing in my Windows10x64 Home.

    • murli

      July 14, 2017 at 3:01 pm

      it’s currently available in insider testing builds

  2. Sasha99

    July 20, 2017 at 6:03 am

    Will Windows defender work along side or compete against my other antivirus program?

    • Steve Krause

      July 21, 2017 at 2:31 pm

      In most cases yes. But, it’s not recommended or needed. Don’t forget, Microsoft is getting data on virus and malware from hundreds of millions of systems. Been running Defender for years with no issues. Highly recommend them on Windows systems to my readers.


  3. dwmc2

    October 23, 2017 at 8:33 am

    Experimenting with / using Controlled folder access (now released). To allow an app to save to any controlled folder, you must add the app (full pathname) to the list AND close and restart the app. When an app encounters the protection, it will show an alert “folder not found” and a popup window will BRIEFLY give the partial app file name. You must find the full app filename and add it to the list.

    Surprisingly, some Windows utilities such as Windows Fax and Scan (WFS.exe) are not pre-registered to save items into a controlled folder.

  4. Arthur Mussman

    April 16, 2018 at 8:39 am

    A virus uses controlled folder access to deny use of Quicken.

  5. Dale Newcomer

    July 22, 2018 at 11:00 am

    How does the pc owner remove folders he added to the Protected Folder area?

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top