Secure My Stuff Now

Simple Advice to Secure Your Life

Simple home and digital security advice to secure your life

How To Use Windows Controlled Folder Access & Protect Against Ransomware

by

controlled folder access

Ransomware has become a big enough threat for Microsoft to build in some security measures on their basic Windows 10 and 11 operating systems to specifically counter this risk. The Microsoft Controlled Folder Access is a good measure to take on your Windows machines. But you should also read about other complementary measures you can take to protect yourself from ransomware infection.

What is Controlled Folder Access?

Controlled folder access provides an added layer of protection for your treasured documents, safeguarding them from malicious programs and ransomware attacks. This is achieved by assessing each application against a list of trusted applications that have been pre-approved. This means non-approved applications and malware are not allowed to access your files.

It’s advisable to use Microsoft Defender with controlled folder access to get the most out of it. This will allow reports to be produced about controlled folder access and any alerts that are triggered.

Trending
Point-of-Sale Credit Card Security Threats: Prilex Malware Is Back

How to Set Up Controlled Folders

Controlled folder access is not turned on by default. That means, if you want to protect against ransomware using this feature, you’ll have to activate it. Once activated, you can select which applications you want to add to the controlled folder whitelist, in addition to the ones that will be protected by default when you initially turn Controlled Folder Access on.

Open Windows Security

Accessing Windows Security is the only way to turn it on, but this is easy to do in Windows 10 and 11 using one of these three methods below:

  1. Navigate to the left side of your taskbar and click on the upward-pointing arrow. Then, simply locate and select the shield icon labeled “Windows Security.”
  2. Click Start > Settings on your computer. Then select either Update & Security > Windows Security in Windows 10 or Privacy & Security > Windows Security in Windows 11
  3. You can use Windows Search. In Windows 10, you will find the search box in the taskbar (next to the Start button). In Windows 11, on the taskbar click the search icon (this has a magnifying glass and is labelled “search”). Now type “windows security” into the search box. Click on Windows Security from the results.

You are now in Windows Security. It will look something like this:

go to use windows security to begin using controlled folder access

Once in Windows Security:

So you’re in Windows Security.

Now select “Virus & threat protection”.

Scroll all the way down to the last option called “Ransomware protection”. There is an option to “manage ransomware protection. Click it. You will now come to the following screen:

turn on controlled folder access

Now you see the option to turn the “Controlled folder access” on by clicking the toggle switch

Windows will prompt you with a warning about making changes to your computer. Click “Yes”.

Don’t stop here- you need to add other folders

You are not done yet though. There’s probably folders you would like to protect that are not yet protected by default. Controlled Folder Access protects system folders and their subfolders by default. These usually take the form C:\Users\UserName\Documents, where UserName is your user name for Windows. Other system folders include Pictures, Music, Videos and Desktop. These take the form:

c:\Users\<username>\Documents

c:\Users\Public\Documents

c:\Users\<username>\Pictures

c:\Users\Public\Pictures

c:\Users\Public\Videos

c:\Users\<username>\Videos

c:\Users\<username>\Music

c:\Users\Public\Music

c:\Users\<username>\Favorites

This means that all other folders on your computer are still accessible… to ransomware. That includes your shared and synced folders like OneDrive, Google Drive, Dropbox etc.

If you want to add folders and protect them, click the Protected folders link that appears after you switch on controlled folder access. Shown below.

select protected folders under Ransomware protection

A prompt will appear inquiring whether you wish to make the change. Select “Yes”. Then, hit the “Add a protected folder” button that is located at the top of your list of safeguarded folders and navigate from there to locate the particular folder you would like to secure – after doing so, click on Select Folder.

add a protected folder to protect against ransomware

Repeat these steps to add add folders. Be mindful that when you protect a folder all its subfolders are protected too, so you don’t need to add them individually.

Removing a folder from Controlled Folder Access

There may be reasons to unprotect a folder and remove it from controlled folder access. To do so, go back to the “Protected folders” screen. Select the folder you want to remove, and click Remove.

It’s impossible to remove any of the Windows system folders that are protected when you turn the feature on. You’ll only be able to remove those that you yourself added to the list.

Whitelist applications to use protected folders

Now you have your protected folders, you need to allow certain applications to access the files in a folder. This is called whitelisting. For example, let’s say you have a folder you protected called “graphics”. And in this folder you store and edit photoshop files. That means you will have to whitelist the Photoshop application.

To do this, return to screen where you turned on controlled folder access. Click “Allow an app through Controlled folder access”. A prompt will pop up, giving you the option of whether or not to make the change. Click Yes.

A new screen will pop up. Click “Add an allowed app”. From here navigate to the executable file of the program you want to add. These files typically have an “exe” file extension name. Click “Open” on the desired program. Confirm you want to add the file. The application is now whitelisted and can access the protected folders.

Removing an application from the whitelist

Similar to adding the application, you can also remove it from the whitelist. Go back to the As with adding folders to the list of protected folders, you can remove the app by getting back to the screen with the approved a[plications, find the program you want to remove, and click “remove”.

If you’re havign trouble locating the executable files for the programs you want to whitelist, then navigate to Windows\Program Files or Windows\Program Files (x86) , then search for the executable file for the program there.

Warnings in using Microsoft’s Controlled Folder Access

So controlled folder access sounds like a great option against ransomware, right? And it can be a useful weapon in your arsenal to combat ransomware. It is very helpful and also very simple. However, you should be aware that it isn’t always a straightforward process. Very occasionally, it can cause considerable frustration.

Unintended consequences of controlled folder access

There can sometimes be side effects of rolling out controlled folder access. You will come across some stories where users have implemented protection and then ended up with strange behaviour on their computer caused by the security feature. It will likely take the form of a program not working as anticipated. This revolves around the program being denied access to the folder in which it needs to access a file. Users point to a couple of reasons for this…

  • Not all connections between programs and folders are straightforward. Usually you will receive a notification, but sometimes these can be missed.
  • Another culprit could be an update to the program that seemingly can go unnoticed by Windows, and loses it’s status on the Whitelisting, meaning that its access to folders are now denied.
  • Other functions may also be problematic under controlled folder access, like remote access and remote management of the computer.

The user interface of controlled folder access is limited, so discovering controlled folder conflicts on a computer is mostly done by monitoring alerts that appear in the system tray when a protected folder is accessed. Beyond that, tracking issues can quickly get a lot more involved!

Take it slowly

Controlled folder access may be a great option, but rather than just sticking all your folders and programs on this list, take it slowly. Add them one at a time and give yourself time to check how each program functions. If things look good, add another folder / application.

The Final Score: Ransomware protection on Windows using Controlled Folder Access

As always, the first recommendation I have to avoid malware, viruses and the new purge of ransomware is to use common sense. For example, don’t click on suspicious links, open odd emails or visit sketchy sites. There are antivirus software that do a decent job at limiting ransomware risks as well. But there’s also the free option found in Windows 10 and 11 itself. It’s called Controlled Folder Access. You simply need to turn it on, add folders to protect and then whitelist programs you want to access those folders. However, take it slowly and test as you go so you’re sure your programs work as intended. Coupled with Windows Defender, Controlled Folder Access is another helpful layer of protection in the battle with malware.