System Admin Stuff

Useful Posts Related to Windows,Unix,VMware,Veritas,Networking,Cluster etc.

Friday 7 August 2020

Protect your data with Controlled folder access on Windows 10

Windows 10 can protect your files from ransomware and other malicious programs, and this guide outlines the different ways to enable the security feature.

On Windows 10, "Controlled folder access" is an intrusion-prevention feature available with Microsoft Defender Exploit Guard, which is part of the Microsoft Defender Antivirus. It's been designed primarily to stop ransomware from encrypting and taking your data hostage, but it also protects files from unwanted changes from other malicious applications.

The anti-ransomware feature is optional on Windows 10. When enabled, it uses a mechanism to track the apps (executable files, scripts, and DLLs), trying to make changes to files in the protected folders. If the app is malicious or not recognized, the feature will block the attempt in real-time, and you'll receive a notification of the suspicious activity.

If you want an extra layer of security to safeguard your data, you can enable and customize Controlled folder access using the Windows Security app, Group Policy, and even PowerShell.

In this Windows 10 guide, we walk you through the steps to enable the Controlled folder access feature to prevent ransomware attacks on your device.

How to enable ransomware protection using Security Center

To enable Controlled folder access on Windows 10, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.

  4. Under the "Ransomware protection" section, click the Manage ransomware protection option.

  5. Turn on the Controlled folder access toggle switch.

Once you complete the steps, Microsoft Defender Antivirus will start protecting your files and folders from unauthorized access by malicious programs like ransomware.

View block history

To view a list of blocked items by the anti-ransomware solution, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.

  4. Under the "Ransomware protection" section, click the Manage ransomware protection option.

  5. Click the Block history option.

  6. Confirm the items that have been blocked.

The page is the same page to view the protection history available through the main page of the Microsoft Defender Antivirus. However, accessing it from this area applies a filter to list only the history of "Controlled folder access."

Add new location for protection

By default, the security feature protects the Documents, Pictures, Videos, Music, Desktop, and Favorites folders. Although it's not possible to modify the default list, if you have files in a different location, you can manually add other paths.

To add a new folder location for protection, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.

  4. Under the "Ransomware protection" section, click the Manage ransomware protection option.

  5. Click the Protected folders option.

  6. Click the Add a protected folder button.

  7. Select the new location.
  8. Click the Select Folder button.

After you complete the steps, the anti-ransomware feature will monitor and protect the new locations.

If the storage configuration changes and you need to remove a location, you can follow the same instructions, but on step No. 5, select the location and click the Remove button.

Whitelist apps with Controlled folder access

On Windows 10, Controlled folder access can detect the apps that can safely access your files, but in the case one of the apps you trust is blocked, you'll need to allow the app manually.

To whitelist an app with Controlled folder access, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.

  4. Under the "Ransomware protection" section, click the Manage ransomware protection option.

  5. Click the Allow an app through Controlled folder access option.

  6. Click the Add an allowed app button.

  7. Select the Recently blocked apps option to whitelist an app you trust has been flagged as malicious. Or click the Browse all apps option.

  8. Select the app executable (for example, chrome.exe) you want to allow through this feature.
  9. Click the Open button.

Once you complete the steps, the app won't be blocked by the feature, and it'll be able to make changes to files.

How to enable ransomware protection using Group Policy

To enable Windows 10's ransomware protection with Group Policy, use these steps:

  1. Open Start.
  2. Search for gpedit and click the top result to open the Local Group Policy Editor.

  3. Browse the following path:

    Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

    Quick note: If you're still on Windows 10 version 1909 or earlier, the path is slightly different: Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access

  4. Double-click the Configure Controlled folder access policy on the right side.

  5. Select the Enabled option.

  6. Under the "Options" section, use the drop-down menu and select the Block option.

  7. Click the Apply button.
  8. Click the OK button.

After you complete the steps, Controlled folder access will enable you to start monitoring and protecting your files stored in the default system folders.

The only caveat of using this method is that any future configuration will have to be made through Group Policy. If you open Windows Security, you'll notice the "This setting is managed by your administrator" message, and the Controlled folder access option will appear grayed out.

You can revert the changes using the same instructions, but on step No. 5, select the Not Configured option.

Add new location for protection

If you must protect data located in a different location, you can use the "Configure protected folders" policy to add the new folder.

To include a new location for protection with Control folder access, use these steps:

  1. Open Start.
  2. Search for gpedit and click the top result to open the Local Group Policy Editor.

  3. Browse the following path:

    Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

  4. Double-click the Configure protected folders policy on the right side.

  5. Select the Enabled option.

  6. Under the "Options" section, click the Show button.

  7. Specify the locations you want to protect by entering the path of the folder in the "Value name" field and adding 0 in the "Value" field.

    This example adds the "MyData" folder in the "F" drive for protection:

    F:\MyData

  8. Repeat step No. 7 to add more locations.
  9. Click the OK button.
  10. Click the Apply button.
  11. Click the OK button.

Once you complete the steps, the new folder will be added to the protection list of Controlled folder access.

To revert the changes, use the same instructions, but on step No. 5, select the Not Configured option.

Whitelist apps with Controlled folder access

To whitelist an app through the anti-ransomware feature on Windows 10, use these steps:

  1. Open Start.
  2. Search for gpedit and click the top result to open the Local Group Policy Editor.

  3. Browse the following path:

    Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

  4. Double-click the Configure allowed applications policy on the right side.

  5. Select the Enabled option.

  6. Under the "Options" section, click the Show button.

  7. Specify the location of the .exe file for the app (such as C:\path\to\app\app.exe) you want to allow in the "Value name" field and add 0 in the "Value" field.

    This example allows the Chrome app when Controlled folder access is enabled:

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  8. Repeat step No. 7 to add more locations.
  9. Click the OK button.
  10. Click the Apply button.
  11. Click the OK button.

After you complete the steps, the app won't be blocked, and it'll be able to make changes to protected files and folders.

How to enable ransomware protection using PowerShell

Alternatively, you can also enable and configure Controlled folder access using PowerShell commands.

To enable Controlled folder access with PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and click the Run as administrator option.

  3. Type the following command to enable the feature and press Enter:

    Set-MpPreference -EnableControlledFolderAccess Enabled

  4. (Optional) Type the following command to disable the security feature and press Enter:

    Set-MpPreference -EnableControlledFolderAccess Disabled

Once you complete the steps, Controlled folder access will enable on your computer to protect files and folders from ransomware attacks.

Add new location for protection

To allow Controlled folder access to protect an additional folder, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and click the Run as administrator option.

  3. Type the following command to add a new location and press Enter:

    Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\add"

    In the command, make sure to change the path for the location and executable of the app you want to allow.

    For example, this command adds the "MyData" folder in the "F" drive to list of protected folders:

    Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\MyData"

  4. (Optional) Type the following command to remove a folder and press Enter:

    Disable-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\remove"

After you complete the steps, the anti-ransomware feature will protect the contents inside the new location.

Whitelist apps with Controlled folder access

To allow an app in Controlled folder access with PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and click the Run as administrator option.

  3. Type the following command to allow an app and press Enter:

    Add-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"

    In the command, make sure to change the path for the location and executable of the app you want to allow.

    For example, this command adds Chrome to the list of allowed apps:

    Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

  4. (Optional) Type the following command to remove an app and press Enter:

    Remove-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"

Once you complete the steps, the app will be allowed to run and make changes to your files when the feature is available.

Controlled folder access is one of the intrusion-prevention features of the Microsoft Defender Exploit Guard, which is part of the Microsoft Defender Antivirus. This means that the security feature won't be available if you use a third-party antivirus.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ShortNewsWeb

Loading...

Blog Archive

Categories

'The Woks of Life' Reminded Me to Cook With All the Flavors I Love (1) 13 of the Best Spooky Episodes From (Mostly) Un-Spooky Shows (1) 1Password Now Generates QR Codes to Share Wifi Passwords (1) 2024 (12) 30 Movies and TV Shows That Are Basically 'Competence Porn' (1) 30 of the Most Obscenely Patriotic Movies Ever (1) 40 Netflix Original Series You Should Watch (1) Active Directory (1) Adobe's AI Video Generator Might Be as Good as OpenAI's (1) AIX (1) and Max Bundle Isn't a Terrible Deal (1) Apache (2) Apple Intelligence Is Running Late (1) Apple Intelligence's Instructions Reveal How Apple Is Directing Its New AI (1) August 18 (1) August 4 (1) August 5 (1) Backup & Restore (2) best practices (1) bleepingcomputer (42) Blink Security Cameras Are up to 68% Off Ahead of Prime Day (1) CentOS (1) Configure PowerPath on Solaris (1) Documents (2) Don't Rely on a 'Monte Carlo' Retirement Analysis (1) Eight Cleaning Products TikTok Absolutely Loves (1) Eight of the Best Methods for Studying so You Actually Retain the Information (1) Eight Unexpected Ways a Restaurant Can Mislead You (1) Elevate Your Boring Store-Bought Pretzels With This Simple Seasoning Technique (1) Everything Announced at Apple's iPhone 16 Event (1) file system (6) Find (1) Five Red Flags to Look for in Any Restaurant (1) Flappy Bird's Creator Has Nothing to Do With Its 'Remake' (1) Four Signs Thieves Are Casing Your House (1) gaming (1) Hackers Now Have Access to 10 Billion Stolen Passwords (1) How I Finally Organized My Closet With a Digital Inventory System (1) How to Cancel Your Amazon Prime Membership After Prime Day Is Over (1) How to Choose the Best Weightlifting Straps for Your Workout (1) How to Keep Squirrels Off Your Bird Feeders (1) How to Take a Screenshot on a Mac (1) How to Take Full Control of Your Notifications on a Chromebook (1) Hulu (1) If You Got a Package You Didn't Order (1) Important Questions (17) Install and Configure PowerPath (1) interview questions for linux (2) Is ‘Ultra-Processed’ Food Really That Bad for You? (1) Is Amazon Prime Really Worth It? (1) It Might Be a Scam (1) July 14 (1) July 21 (1) July 28 (1) July 7 (1) June 30 (1) LifeHacker (88) Linux (36) Meta Releases Largest Open-Source AI Model Yet (1) Monitoring (3) music (688) My Favorite 14TB Hard Drive Is 25% Off Right Now (1) My Favorite Amazon Deal of the Day: Apple AirPods Max (2) My Favorite Amazon Deal of the Day: Google Nest Mesh WiFi Router (1) My Favorite Amazon Deal of the Day: Google Pixel 8 (1) My Favorite Amazon Deal of the Day: SHOKZ OpenMove Bone Conduction Headphones (1) My Favorite Tools for Managing Cords and Cables (1) Nagios (2) Newtorking (1) NFS (1) OMG! Ubuntu! (688) Oracle Linux (1) oracleasm (3) osnews (21) Password less communication (1) Patching (2) Poaching Is the Secret to Perfect Corn on the Cob (1) powerpath (1) Prioritize Your To-Do List By Imagining Rocks in a Jar (1) Red Hat Exam (1) register (36) Rsync (1) Safari’s ‘Distraction Control’ Will Help You Banish (Some) Pop Ups (1) Samba (1) Scrcpy (1) September 1 (1) September 15 (1) September 2 (1) September 8 (1) Seven Home 'Upgrades' That Aren’t Worth the Money (1) ssh (1) Swift Shift Is the Window Management Tool Apple Should Have Built (1) System hardening (1) Target’s Answer to Prime Day Starts July 7 (1) Tech (9531) Tech CENTRAL (14) Technical stories (88) technpina (5) The 30 Best Movies of the 2020s so Far (and Where to Watch Them) (1) The 30 Best Sports Movies You Can Stream Right Now (1) The Best Deals on Robot Vacuums for Amazon’s Early Prime Day Sale (1) The Best Deals on Ryobi Tools During Home Depot's Labor Day Sale (1) The Best Early Prime Day Sales on Power Tools (1) The Best Places to Go When You Don't Want to Be Around Kids (1) The Best Strategies for Lowering Your Credit Card Interest Rate (1) The Best Ways to Store All Your Bags and Purses (1) The New Disney+ (1) The Two Best Times of Year to Look for a New Job (1) These Milwaukee Tools Are up to 69% off Right Now (1) This Google Nest Pro Is 30% Off for Prime Day (1) This Peanut Butter Latte Isn’t As Weird As It Sounds (1) This Tech Brand Will Get the Biggest Discounts During Prime Day (1) Three Quick Ways to Shorten a Necklace (1) Today’s Wordle Hints (and Answer) for Monday (2) Today’s Wordle Hints (and Answer) for Sunday (10) Try 'Pile Cleaning' When Your Mess Is Overwhelming (1) Ubuntu News (344) Ubuntu! (1) Unix (1) Use This App to Sync Apple Reminders With Your iPhone Calendar (1) veritas (2) Videos (1) Was ChatGPT Really Starting Conversations With Users? (1) Watch Out for These Red Flags in a Realtor Contract (1) Wayfair Is Having a '72-Hour Closeout' Sale to Compete With Prime Day (1) We Now Know When Google Will Roll Out Android 15 (1) What Is the 'Die With Zero' Movement (and Is It Right for You)? (1) What Not to Do When Training for a Marathon (1) What's New on Prime Video and Freevee in September 2024 (1) Windows (5) You Can Easily Add Words to Your Mac's Dictionary (1) You Can Get 'World War Z' on Sale for $19 Right Now (1) You Can Get a Membership to BJ's for Practically Free Right Now (1) You Can Get Beats Studio Buds+ on Sale for $100 Right Now (1) You Can Get Microsoft Visio 2021 Pro on Sale for $20 Right Now (1) You Can Get This 12-Port USB-C Hub on Sale for $90 Right Now (1) You Can Get This Roomba E5 Robot Vacuum on Sale for $170 Right Now (1) You Can Hire Your Own Personal HR Department (1) You Can Set Different Scrolling Directions for Your Mac’s Mouse and Trackpad (1)

Recent Comments

Popular Posts

Translate

My Blog List

Popular

System Admin Share

Loading...

Total Pageviews

Copyright © System Admin Stuff | Powered by Blogger
Published By Blogger Template | Design By ThemePix.com | Blogger Theme By Premium Blogger Templates