With the release of the new Windows 10 Creators Fall Update last week, users of the operating system got a new feature that aims to stop ransomware from encrypting the most important files of the computer.
It is called controlled folder access and is part of Windows Defender Exploit Guard, a new protection feature that takes the steps of Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
How does managed folder access work?
Control folder access locks folders, allowing only authorized whitelisted applications to access and modify the files contained in them.
By default, it protects the folders where important data such as documents, images, movies, and desktop is stored.
These folders can not be removed from the list of protected folders, but other folders can be added, even if they are on other disks, shared network files and mapped drives.
“You can also allow apps you trust to access your protected folders, so if you use unique or customletter, your productivity will not be affected,” says Microsoft.
If, instead, an unauthorized application tries to make a change to those folders' files, the new feature it will stop it and the user will get a notification about what happened to their computer.
Enable Controlled Folder Access in Windows 10
The easiest way for home users is to activate through the Windows Defender Security Center, from the "Virus and Threat Protection" menu.
With a click on "Antivirus and Threat Protection Settings" switch to the "On" switch. Immediately after you can add new folders to the list of protected folders and applications that can be accessed. "In business environments, access to the controlled folder can also be enabled and managed using Group Policy, PowerShell or configuration for managing mobile devices," according to Microsoft.
"Controlled folder access is seamlessly integrated with Windows Defender Advanced Threat Protection. Whenever controlled folder access blocks an attempt to make changes to protected folders, a notification appears in Windows Defender ATP. This warns the company's staff to take immediate action. "
Endpoint alerts can be customized so that administrators can include instructions for end users about what should happen next.
Note: to use controlled folder access, real-time protection should be enabled in Windows Defender Antivirus.
Windows 10 CFA Works?
It sounds great but we have not tried it. According others though the new feature seems to work flawlessly…. At the moment, with ransomware circulating to date.