Windows 10 Fall Creators Update offers ransomware protection with Controlled Folder Access
Ransomware is one of the most concerning, and the most prevalent, forms of malware around at the moment. While there are numerous security tools out there that you can install to keep yourself protected, if you have upgraded to Windows 10 Fall Creators Update you have a built-in tool at your disposal.
Called Controlled Folder Access, the feature locks down files and folders to protect them against unwanted changes -- including encryption by ransomware. It's not enabled by default, so here's what you need to do.
If you've been involved in the Windows Insider program, you may well be aware of Controlled Folder Access, but it's only with the official rollout of Fall Creators Update that the feature is reaching a wider audience. To enable it, you'll need to access Windows Defender either via the icon in the notification area of the taskbar, or via Update & Security in Windows' Settings.
Once in the Windows Defender Security Center, click Virus & threat protection followed by Virus & threat protection settings. Locate the Controlled folder access setting and flick the toggle to the On position.
It is also possible to Use Group Policy to enable Controlled folder access, as Microsoft explains:
- On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.
- In the Group Policy Management Editor go to Computer configuration.
- Click Policies then Administrative templates.
- Expand the tree to Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access.
- Double-click the Configure Controlled folder access setting and set the option to Enabled. In the options section you must specify one of the following:
- Enable -- Malicious and suspicious apps will not be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log
- Disable (Default) -- The Controlled folder access feature will not work. All apps can make changes to files in protected folders.
- Audit Mode -- If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.