With the release of the new Windows 10 Creators Fall Update last week, users of the operating system got a new feature that aims to stop ransomware from encrypting the most important files of the computer.
It is called controlled folder access and is part of it Windows Defender Exploit Guard, a new protection feature that follows in the footsteps of Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
How does managed folder access work?
controlled folder access locks folders, allowing only authorized (whitelisted) applications to access and modify archives contained in them.
By default, it protects folders where important data is stored, such as documents, pictures, movies and the desktop.
These folders can not be removed from the list of protected folders, but other folders can be added, even if they are on other disks, shared network files and mapped drives.
"You can also allow trusted applications to access protected folders, so if you use unique or custom programs, your productivity will not be affected." says Microsoft.
If, on the other hand, an unauthorized application tries to make a change to the files of those folders, the new feature will stop it and the user will receive a notification of what happened on his computer.
Enable Controlled Folder Access in Windows 10
The easiest way for home users is to activate through the Windows Defender Security Center, from the "Virus and Threat Protection" menu.
With one click in “Antivirus and threat protection settings” switch the switch to “On”. Immediately after that you can add new folders to the list of protected folders and the apps that will be able to access them. "In business environments, access to the controlled folder can also be enabled and managed using Group Policy, PowerShell or configuration for managing mobile devices," according to Microsoft.
"Controlled folder access is seamlessly integrated with Windows Defender Advanced Threat Protection. Whenever controlled folder access blocks an attempt to make changes to protected folders, a notification appears in Windows Defender ATP. This warns the company's staff to take immediate action. "
Endpoint alerts can be customized so that administrators can include instructions for end users about what should happen next.
Note: to use controlled folder access, real-time protection should be enabled in Windows Defender Antivirus.
Windows 10 CFA Works?
It sounds great but we have not tried it. According others though the new feature seems to work flawlessly…. At the moment, with ransomware circulating to date.