When Microsoft rolled out Windows 10 Fall Creators Update, they claimed that it is the most secure version of Windows ever released. They said that because of Windows Defender Security System. Its known that Windows Security, the antivirus & security software baked into the system, is now able to protect your files from Ransomware; this has been proved. In this post, we will share how you can Enable Controlled Folder Access in Windows to fight against Ransomware.
What is Ransomware?
Ransomware is worse than a virus. It disables your access to your computer files, and unless you pay them. Windows 10 made sure that this problem can be kept at bay using Controlled Folder Access. This feature protects any app making changes to the protected folders.
Windows 10 Protection against Ransomware Actually Works
In a series of tweets from GrumpSec Spottycat @kyhwana, it was revealed how it worked against “Locky” Ransomware. It is a 2016 Ransomeware malware that usually shows in an email with an attached Microsoft Word document and uses macros to take over your PC. Here are the details that were shared about this experience:
- It appears the new anti-ransomware feature in Windows 10 does work against current ransomware if you turn it on.
- Oop no, I messed that up. Disabling defender in Windows 10 disables protected folders? AV bypassed the locky exe, so it runs, but the..protected folders access worked! (Tho everything else got ransomwared)
- Locky encrypted downloads folder: (Bypassed Defender with Shelltier), but documents folder all good! (Win10 FCU)
#InfoSec It works!
- So if you’re running win10, upgrade lates version to enable + add to the Controlled Folder access. Leave Defender turned on.
- If you’re not an IT pro and concerned about being ransomwareDon’t forget offline backups tho!
The golden rule is to make sure to keep the Windows Security or Defender on and enable protection for all the essential folders. So even if the Ransomware slips the check, your folders will not be locked down by the Ransomware, i.e., the protected folders will* be protected *(until they bypass that!)
Enable Controlled Folder Access in Windows 10 to protect against Ransomware
Windows Security reviews apps that can make changes to files in protected folders. With the intent to help protect your PC, occasionally, an app that is safe to use may be incorrectly blocked by Windows Defender. If this happens, you can temporarily turn off real-time protection to prevent apps from being blocked.
Enable Controlled Folder Access using Windows Settings
- In the start menu, look for Windows Security and open it.
- Select Virus & threat protection > click on Manage Ransomware protection
- Toggle on the button so it can protect files, folders, and memory areas on your device for unauthorized access.
- Also, make sure to link your OneDrive account. OneDrive takes a continuous backup of these files.
Enable Controlled folder access using Group Policy
- Type gpedit.msc in the Run Prompt followed by the return key.
- In the Group Policy Editor, navigate to Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access.
- Double click to edit the police, and set it as Enable.
If you want to keep a log of applications that access the folder, then choose audit mode.
How to Add Folders & give applications access to Protected Folders
When you turn on the Controlled folder, you have three links to make use.
- Block History
- Protected Folders
- Allow an app through Controller Folder access.
Click on Protected folders link and select a set of folders that need to be protected — the default folders, including Library folders. However, if you need to give an app access to controlled folders, then click on the”Allow an app” link to whitelist application. Many a time there are applications which need access, i.e., in case of backup or sync.
Block History will display a list of programs that tried to access the folders but were denied access.
If there is no other reason to use Windows Security, this is one solid case to give you a firm idea of why you should turn it on right away. Since Windows Security works with third-party antivirus, I don’t see any reason to see it disabled.