Windows Defender Antivirus: Controlled Folder Access

[Batu69]

Controlled Folder Access is a new feature of Windows Defender Antivirus that is currently being tested on the most recent Windows 10 Insider Builds.

If things go well, it will be one of the new features of Windows 10 Fall Creators Update upgrade that is out later this year.

 

The main idea behind Controlled Folder Access is to protect certain folders and the files they contain from unauthorized access. Think of it as a layer of protection against manipulation of files that are stored in protected folders.

Controlled Folder Access

 

Controlled Folder Access is not enabled by default. First thing you need to do is enable the feature by flipping its preference to on, and adding at least one folder that you want the feature to protect on the device.

 

Note: You may get one or multiple UAC prompts during the process. You need to accept those to make the necessary changes to the system.

1. Use Windows-I to open the Settings application on the Windows 10 device.
2. Go to Update & Security > Windows Defender.
3. Activate "Open Windows Defender Security Center".
4. Select Virus & Threat Protection when the Windows Defender Security Center interface opens.
5. Locate Controlled Folder Access on the page, and flip it to on.
6. Select Protected folders afterwards, and add one or multiple folders to the list of folders that you want Windows Defender to protect.

You may add local folders, network shares and mapped drives to the list of protected folders.

So how does this work, and what level of protection can you expect?

 

Microsoft notes that Windows system folders are protected by default, and that you may add other folders to the list of protected folders.

Windows 10 does not prevent most programs or apps from making changes to protected folders or files that are stored in these folders. Microsoft seems to maintain a list of allowed applications that it considers friendly, and there is nothing that users may do about that. Apps on Microsoft's whitelist -- which is not revealed -- will always bypass the protection.

Most of your apps will be allowed by Controlled folder access without adding them here. Apps determined by Microsoft as friendly are always allowed.

 

If Windows Defender blocks an application from making changes to a folders or its files, it will display a notification on the screen. You may then add it to the list of allowed applications to avoid that this happens again in the future.

 

It is unclear how well the protection works. I ran some tests but any software (apps or Win32 programs) I tried on the test machine was allowed to change files in protected folders.

Verdict

It is too early to tell how much of a benefit Controlled Folder Access is to the security of a Windows 10 device. I'd recommend that you create regular backups of important data regardless of that.

 

Article source

[manju]

found that "new" feature on build 16226 to have some flaws...

i use LibreOffice and after upgrading to 5.3.4 it flagged soffice.exe and soffice.bin and blockhead access to files.

 

also it lock my acesse to NFS Shift save game... so it need some tunning Microsoft!

[tao]

 

 

 

Ransomware Ransomware Everywhere Not a Single Place to Hide!

But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.

Two massive ransomware attacks — WannaCry and Petya (also known as NotPetya) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations.

Most ransomware in the market, including WannaCry and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats.

But not now!

In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform.

To tackle this serious issue, the tech giant has introduced a new anti-ransomware feature in its latest Windows 10 Insider Preview Build (16232) yesterday evening, along with several other security features.

Microsoft is planning to introduce these security features in Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017.

The anti-ransomware feature, dubbed Controlled Folder Access, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain "protected" folders.

Applications on a whitelist can only access Protected folders. So you can add or remove the apps from the list. Certain applications will be whitelisted automatically, though the company doesn't specify which applications.

Once turned on, "Controlled folder access" will watch over files stored inside Protected folders and any attempt to access or modify a protected file by non-whitelisted apps will be blocked by Windows Defender, preventing most ransomware to encrypt your important files.

So, whenever an application tries to make changes to Protected files but is blacklisted by the feature, you will get a notification about the attempt.
 

How to Enable Controlled Folder Access, Whitelist Apps and Add or Remove Protected Folders

Here's how to enable the Controlled folder access feature:
 

• Go to Start menu and Open the Windows Defender Security Center
• Go to the Virus & Threat Protection settings section
• Set the switch to On

 

Here's how to allow apps that you trust is being blocked by the Controlled folder access feature to access Protected folders:

 

• Go to Start menu and Open the Windows Defender Security Center
• Go to the Virus & Threat Protection settings section
• Click 'Allow an app through Controlled folder access' in the Controlled folder access area
• Click 'Add an allowed app' and select the app you want to allow

Windows library folders like Documents, Pictures, Movies, and Desktop are designated as being compulsorily "protected" by default, which can not be removed.
 

However, users can add or remove their personal folders to the list of protected folders. Here's how to add folders to Protected folders list:
 

• Go to Start menu and Open the Windows Defender Security Center
• Go to the Virus & Threat Protection settings section
• Click 'Protected folders' in the Controlled folder access area
• Enter the full path of the folder you want to monitor

Users can also enter network shares and mapped drives, but environment variables and wildcards are not supported at this moment.
 

Other Security Feature Introduced in Windows 10 Insider Program

With the release of Windows 10 Insider Preview Build 16232, Windows Defender Application Guard (WDAG) for Edge — a new system for running Microsoft Edge in a special virtual machine in order to protect the OS from browser-based flaws — also received improvements in usability.

Windows 10 Insider Preview Build also comes with support for Microsoft Edge data persistence when using WDAG.

"Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions," Microsoft explains.
"The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions."

Another new security feature called Exploit Protection has been introduced in Windows 10 16232, which blocks cyber attacks even when security patches are not available for them, which means the feature will be useful particularly in the case of zero-day vulnerabilities.

Exploit Protection works without Microsoft's Windows Defender Antivirus tool, but you can find the feature in Windows Defender Security Center → App & Browser Control → Exploit Protection.

In the Fall Creators Update for Windows 10, Microsoft has also planned to use a broad range of data from Redmond's cloud services, including Azure, Endpoint, and Office, to create an AI-driven Antivirus (Advanced Threat Protection) that can pick up on malware behavior and protect other PCs running the operating system.

Also, we reported about Microsoft's plan to build its EMET or Enhanced Mitigation Experience Toolkit into the kernel of the upcoming Windows 10 to boost the security of your PC against complex threats such as zero-day vulnerabilities.

Also, the company is planning to remove the SMBv1 (Server Message Block version 1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — from the upcoming Windows 10 (1709) Redstone 3 Update.

Besides this, some other changes and improvements have also been introduced with the release, along with patches for several known issues.

 

< Here >

 

 

[Recruit]

33 minutes ago, adi said:

Microsoft is planning to introduce these security features in Windows 10 Creator Update (also known as RedStone 3),

 

Wonder what idiot wrote this article :

 

1. Windows 10 Creators Update (aka RS2) has been released already since April
2. Windows 10 Fall Update (aka RS3) will be released to this autumn

 

The world is full of imbeciles...

[lordi]

this is great addition for windows

but since ransomware thread growing rapidly, they should push this update faster

[pc71520]

35 minutes ago, lordi said:

this is great addition for windows but since ransomware thread growing rapidly, they should push this update faster.

Agreed.

[steven36]

On undefined at 9:32 AM, lordi said:

they should push this update faster

Last they done that was  the 1st release of Windows 10 and it caused a load of problems and TH2 was much better , Redstone 1 had a lot off bugs in it but most are gone now except  updates are slow , Redstone 2 has been a failure because of bugs by the time  Redstone 3 comes out they will be lucky too have updated over 70% too  Redstone 2.   65% are still on older versions of windows 10 as it stands. So it's never going too happen and 2 releases a year is too much for me as it is and that is why i went back too Windows 8.1. 

 

 

If you want too use buggy RS3  faster signup up too be a insider none is stopping you ..There is no real RTM anymore there is only General Release too the public  there all betas expect for the versions  LTSB Enterprise gets witch the last one is 1607  and the next  one will be 2019 . As long as you can push updates back  on a General Release is 18mths  So Microsoft could bypass auto updates for 3 versions of windows 10  if they deem you're system not compatible . And if you force upgrade before its on auto updates if something happens it's on you .

 

2019 the year before Windows 7 runs out of update will be the next time it will really matter too Microsoft because they can make money off of peoples fears of not having updates  and  fine businesses if they don't update too  newer windows by 2020.

 

People dont buy new hardware about once every 5 or 6 years and Microsoft  is releasing 2 versions of windows 10 a year meaning chances are if you buy a PC with windows 10  it wont have the latest one on it . It's insane  because they got most of there users the 1st year using old hardware and edging  forward like a snail every since.  Most PCs  new by vendors with Windows 10 most likely will stay in stock like Windows 8x did tell people are faced with no more updates like they were on XP..

 

Microsoft was pushing out this same horseshit about vista  11 years ago the same as they are with Windows 10 today and still  most skipped vista  and did not update tell they was faced with no more updates and went right too windows 7.

 

Proof : Microsoft: Vista Most Secure OS Ever

https://betanews.com/2006/06/15/microsoft-vista-most-secure-os-ever/

What is old is new again!

[lordi]

no steven36, not the whole RS3 update, I mean only this specific windows defender update 

rather than combine it with RS3 update, they should push this security update only little bit faster

[mjall]

I look forward to see if it's good enough protection