When Microsoft rolled out Windows 10 Fall Creators Update, they claimed that it is the most secure version of Windows ever released, and they did bet big when it comes to Windows Defender Security System. Its known that Windows Defender, the antivirus & security software baked into the system, is now able to protect your files from Ransomware, this has been proved now.
Ransomware is worst than a virus. They disable your access to your computer files, and unless you pay them, you cannot get this back. Windows 10 made sure that this problem can be kept at bay using Controlled Folder Access. This feature protects any app making changes to the protected folders.
In a series of tweets from GrumpSec Spottycat @kyhwana it was revealed how it worked against “Locky” Ransomware. This is a 2016 ransom malware which usually shows in an email with an attached Microsoft Word document and uses macros to take over your PC. Here are the details that were shared about this experience:
- It appears the new anti-ransomware feature in Windows 10 Fall Update does work against current ransomware if you turn it on.
- Oop no, I fucked that up. Disabling defender in win10 FCU disables protected folders? AV bypassed the locky exe, so it runs but the..protected folders access actually worked! (Tho everything else got ransomwared)
- Locky encrypted downloads folder: (Bypassed Defender with Shelltier) but documents folder all good! (Win10 FCU)
#InfoSec It works!
- So if you’re running win10, upgrade to the Fall Creators update and enable + add to the Controlled Folder access. Leave defender on.
- If you’re not an IT pro and concerned about being ransomwared. Don’t forget offline backups tho!
The golden rule is to make sure to keep the Defender on and enable protection for all the folders which are important. So even if the Ransomware slips the check, your folders will not be locked down by the Ransomware i.e. the protected folders will* be protected *(until they bypass that!)
How to Enable “Controlled Folder Access” to protect against Ransomware
Windows Defender Security Center reviews apps that can make changes to files in protected folders. With the intent to help protect your PC, occasionally an app that is safe to use may be incorrectly blocked by Windows Defender. If this happens, you can temporarily turn off real-time protection to prevent apps from being blocked.
- Select Start > Settings .
- Choose Update & security > Windows Defender.
- Select Open Windows Defender Security Center.
- Select Virus & threat protection, and then choose Virus & threat protection settings.
- Under Controlled folder access, turn it on or off.
If there is no other reason to use Windows Defender, this is one solid case to give you a strong reason why you should turn it on right away. Since Windows Defender works with third-party antivirus, I don’t see any reason to see it disabled.