Since updating Windows 10 Fall Creators Update, the protection feature of the Controlled Folder Access folder that Microsoft introduced since June has officially reached millions of users.
As its name suggests, this feature allows users to control access to certain directories. With the philosophy of 'blocking everything', it can theoretically block ransomware when trying to access and encrypt files inside.
Anti Ransomware with Controlled Folder Access Windows 10
Step 1:
Click the Start button and type Windows Defender Security Center and click. The following window will appear.
Windows Defender Security Center window
If you mistakenly choose Windows Defender Settings, select again the Open Windows Security Center to open the dialog box to find.
Choose again to open the Security Center
Step 2:
At the opened window, select Virus & Threat Protection > Virus & Threat Protection Settings.
Set up virus protection and threats
Step 3:
Go to the Controlled Folder Access section in this section and drag the On / Off slider to turn it on.
Drag the slider to turn it on
Step 4:
In the Protected Folders section , select the additional folders you want to protect. There are already several directories here.
Add folder to protect
Step 5:
In the Allow an app through Controlled folder access section , you choose to whitelist applications that are allowed to access, edit, create or delete files in protected folders.
Put the application to whitelist to give access
See also: 6 remarkable security features on Windows 10 Fall Creators Update
Another way to enable Controlled Folder Access
In addition to the above, there are 2 other ways to enable Controlled Folder Access. The easiest way is to run the PowerShell command.
Set-MpPreference -EnableControlledFolderAccess Enabled
To turn it off, just run the same command but replace it with 'Disabled'.
In addition, system administrators in large organizations can also use Group Policy Management Console to enable this feature for users across the network.
Management for the entire system through the Group Policy Management Console
You can use Group Policy to select the accessed applications and protected folders for each computer in the domain.
Select the directory and application for the computer in the system
When any unauthenticated software tries to edit the file in these folders, the user will receive a warning in the Windows Notification bar . Windows Defender also recorded in event history.
Warning when software tries to access the protected folder
Note that for Controlled Folder Access to work, you must turn on real-time protection in Windows Defender.
Test using Controlled Folder Access to block ransomware
In testing with variants of Asasin malware Locky, x1881 CryptoMix, Comrade HiddenTear and Wyvern BTCWare, Controlled Folder Access did its job well, blocking these ransomware from encrypting files in the protected folder. Other folders are still encrypted as usual.
Unprotected folders are still encrypted by ransomware
Another side effect is that when executable files of whitelisted folders edit files in a protected folder, Controlled Folder Access blocks this and does not display a message indicating.
ncG1vNJzZmismaXArq3KnmWcp51ksq%2BtwaWcZqqRo8CwudaaqZ5lk6S7tb7OpaOenF2bvK2wxKtkmpuTmsC0ec6nZLChnpm8uL%2BMamc%3D