Protect Data from Encryption with “Controlled Folder Access” Feature

by Ugnius Kiguolis - -

Windows 10 Fall Creators Update is the fourth major feature update for Windows 10 OS. It was released in October, 2017 and brought a handful of improvements, new services, and features. The “Controlled Folder Access” is one of them.Controlled Folder Access

Massive ransomware virus attacks initiated in the past year pushed Microsoft to strengthen the security forces. WannaCry, Petya, and Bad Rabbit are just a few examples of global ransomware attack[1] that causes turmoil among home users, organizations, and business.

While some of the attacks were not that “successful,” the others chewed up millions of dollars by demanding huge ransom for decrypting personal information and infecting hundreds of thousands of PCs. Cyber security experts and tech giants like Microsoft are currently devoting much time and finances to supress villains and ensure the security of people‘s personal data.

The “Controlled Folder Access” is a part of Windows Defender Security Center.[2] It's a useful precautionary measure that is supposed to protect data stored in particular system’s folders. It protects folders from any uncontrolled access by reviewing the apps that can make changes to data stored in protected folders.

The controlled folder access feature is not enabled by default. Therefore, in order to protect important data from encryption by ransomware or other unauthorized access, the PC‘s owner has to enable the feature manually (the guide below).

Once enabled, Controlled Folder Access will block unauthorized programs from initiating any changes on the files located on the controlled folders. Windows Notifications Center will return a warning if an unauthorized application is trying to modify the files on Controlled Folder Access. The more detailed information about an intruder will be listed in Windows Defender event log.

The only condition for enabling Control Folder Access is to ensure that the real-time protection[3] in Windows Defender is enabled. To enable it, you have to open Windows Defender Security Center -> Virus & Threat Protection -> Virus & Threat Protection Settings. Here make sure that Real-time protection is turned on.

It‘s important to stress the fact that Controlled Folder Access does not function as anti-ransomware feature. It‘s not capable of identifying and removing the threat. Thus, in case of ransomware attack, the PC, even with the Controlled Folder Access enabled, will still exhibit all ransomware infection traits, i.e. uncontrolled folders will be encrypted, ransomware note will be provided, and similar. Besides, the PC's user will have to remove the virus with a powerful antivirus tool.

Nevertheless, enabling Controlled Folder Access can prevent the loss of the most important data. BleepingComputer experts have tested[4] the Controlled Folder Access feature and spread a report that it successfully saved files from Locky, CryptoMix, Comrade HiddenTear, and Wyvern BTCWare ransomware attacks. To enable this data protection feature in Windows 10 Fall Creators Update, you have to perform these steps:

  • Press Windows key and type Windows Defender Security Center.
  • Open the Security Center and go to Virus & threat protection.Open Windows Defender Security Center
  • Click on Virus & threat protection settings link and look for Controlled folder access section.
  • Slide the toggle to On.
  • After that, open the Protected folders sub-option and add the folders that you want to protect.
  • Now open Allow an app through Controlled folder access. Here you can exclude the apps from blocked list. If you want Windows Defender, Paint or another secure app to be able to access or edit files stored in Controlled Folder Access, simply place them in the whitelist. Turn Controlled Folder Access feature on

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

References