Protect your data from ransomware with Controlled Folder Access in Windows 10

Home / Protect your data from ransomware with Controlled Folder Access in Windows 10

Protect your data from ransomware with Controlled Folder Access in Windows 10

With the Windows 10 Fall Creators Update released in October 2017, Microsoft introduced a new feature called Controlled Folder Access,  designed to protect your data from unauthorised changes. In this article, we’re looking at how to protect your data from attacks such as the WannaCry ransomware that affected the NHS earlier this year.

Controlled Folder Access works on the theory of block everything, except applications that you specifically grant permission to make changes to your files. If you’re unfortunate to fall victim to ransomware, or any other malware for that matter, this new feature prevents your data from being changed, encrypted or deleted. These types of attacks are not new and are becoming more and more frequent. Whilst you might think attacks like this only affect large organisations, here’s a case in point of a small business in Glasgow that was affected by ransomware, which cost the business 1,000 euros to have their data unlocked.

I’ve been trialling Controlled Folder Access on each of my systems now for a while and I would definitely recommend it to home users and small businesses, alike. The feature is still relatively new and I expect it will become more common and simpler with future updates to Windows 10. However, with data security becoming a real concern and the upcoming changes to legislation around data protection, and in particular data breaches, now is a good time as ever to look at your data security again. Its part of Windows Defender and is only available if Windows Defender is switched on and enabled as your antivirus program.

Most popular applications that are well-known, such as Microsoft Office, are automatically whitelisted by Controlled Folder Access, so you may not notice any difference by enabling the feature. Lesser well-known applications, however, will be blocked and you may run in to issues until you add them to the whitelist. We’ll look at how to do this in this article though. Businesses, or advanced users, might want to consider auditing mode to trial the feature without actually fully enabling it but it should be pointed out that auditing mode only simulates the protection that you would receive if the feature was turned on and enabled and records all events in the Event Viewer for you to review prior to fully enabling protection. You should bear in mind that whilst in auditing mode, no blocking actually takes place.

Otherwise, if you’re interested in Controlled Folder Access, it is simple enough to switch on and if you notice any problems, you can whitelist applications that you use, or switch it off completely just as easily.

Check your version of Windows

The Fall Creators Update is the latest major free update to Windows 10. If you don’t already have it installed, simply run Windows Update or download it from the Microsoft web site.

To check if it’s already installed, right click on your Start button and choose System. Under Windows specifications, your version number should be 1709 or greater.

Enable Windows Defender

Controlled Folder Access is a feature of Windows Defender – the built-in malware and threat protection for Windows 10. Whilst the bulk of Windows Defender’s purpose is to detect and prevent malware in the first place, most scams take place due to unwanted programs that you may have inadvertently given permission to be installed and this is where Controlled Folder Access protects you.

Windows Defender needs to be switched on and enabled. Controlled Folder Access is not available as a separate feature. There have been all sorts of arguments about the effectiveness of Windows Defender but I favour it over other third-party antivirus software as it does not eschew system resources causing your computer to slow down, nor does it serve you annoying pop-ups or adverts and it’s free.

To open Windows Defender, simply type its name into Cortana’s search box and open Windows Defender Security Centre. From here, it will tell you whether it’s switched on and protecting your device or whether you are using a third-party program.

Search for Windows Defender in Cortana

Switch on Controlled Folder Access

To switch the feature on, open the Windows Defender Security Centre by searching in the Cortana search box.

From there, click Virus & threat protection.

Windows Defender Security Centre

Next, click Virus & threat protection settings.

Virus and threat protection

Scroll down and toggle Controlled Folder Access on. This is also the switch if you later decide to turn the feature off.

Controlled Folder Access is now switched on and protecting your default folders.

Choose which folders to protect

By default, Windows Defender automatically protects your Desktop, Documents, Pictures, Music and Videos folders but you might choose to add additional locations or a network location if you store data in other places. It is advisable that you do not add system folders to this list. Remember the purpose is to protect your data in the event of the system being breached and protecting system folders could cause other problems.

From the Virus & Threat Protection Settings screen above, click the link Protected folders. This will show you the folders currently being protected or you can add more if you wish.

Test it out

Now that Controlled Folder Access is enabled, I would recommend you try out the programs that you use most frequently to open and save your files. Whenever a program tries to write to any of your protected folders, you’ll receive a notification like the one below advising you that Windows Defender has blocked the program from changing your data.

Controlled Folder Access is working

Allow a program to make changes

Most popular programs are automatically whitelisted but occasionally, Windows Defender will block a genuine program that you wish to use. In this case, simply whitelist the application to let it through.

To do this, open the Windows Defender Security Centre by searching in the Cortana search box. Click through Virus & threat protectionVirus & threat protection settings and scroll down to Controlled folder access. From here, click the link Allow an app through controlled folder access.

Allow an app through controlled folder access

Click on the Add an allowed app button and you will need to browse your computer and add the application file to the list. Most applications are installed within your Program Files folders and it needs to be the executable file that is added as permission is granted to that program.

Now, this is where I would like to see future updates make Controlled Folder Access easier with a simple Allow button on the notification but in the meantime, there is an easy way to find the executable if you’re unsure.

Open your Start menu and right click on the application you want to whitelist. Point to More and then choose Open file location.

Open file location from the Start menu

This will open Windows Explorer with the Start menu shortcuts and it will highlight the shortcut you were trying to find.

Open file location in Windows Explorer

If you right click this selection and choose Open file location again, it will take you to the executable path.

Program File Location in Windows Explorer

The path shown in the address bar is what to follow in Controlled Folder Access to then add the selected application to the whitelist. So, in this example, in Controlled Folder Access, we would click the button Add an allowed app and browse This PC > Local Disk (C:) > Program Files (x86) > TeamViewer > Version9 and select TeamViewer.exe to add TeamViewer to our whitelist.

If you run in to problems…

Once you have Controlled Folder Access configured, it works seamlessly and you can be assured that unscrupulous programs cannot change your data. However, you should still take precautions to prevent unscrupulous programs from getting on to your computer in the first place.

As previously mentioned, Controlled Folder Access is still new and I think it will only become more and more common to use this feature and for applications to be granted permission, given the increase in ransomware threats. If you do experience problems, you can follow the steps above for toggling the feature off, in the same way that you toggled it on.

Help-Desk