Stopping ransomware where it counts: Protecting your data with Controlled folder access★★★★★★★★★★★★★★★📷
Windows Defender Exploit Guard is a new set of host intrusion prevention capabilities included with Windows 10 Fall Creators Update. One of its features, Controlled folder access, stops ransomware in its tracks by preventing unauthorized access to your important files.
Encryption should protect your data and files. Ransomware twists the power of encryption against you and uses it to take files hostage. This means losing control of your data: documents, precious photos and videos, and other important files.
For enterprises and small businesses, losing access to files can mean disrupted operations. Worse, for critical infrastructure, ransomware infection can halt the delivery of services. Just this year, successive ransomware campaigns and no less than two global outbreaksimmobilized hospitals, transport systems, and other high-tech facilities.
Ransomware continues to evolve and impact many types of devices in different environments. At Microsoft, we continue to harden Windows 10 against ransomware and other threats. Our end-to-end security suite integrates multiple next-generation defense technologies that help our customers prevent, detect, and respond to ransomware attacks.
Controlled folder access adds another layer of real-time protection against ransomware.
Crackdown on unauthorized encryption
Ransomware campaigns continue to grow and thrive as they are a lucrative business for cybercriminals. Ransomware gets into a victim’s device, encrypting files and data. Because these files are held hostage, cybercriminals can extort money from their victims.
Controlled folder access brings you right back in control of determining what programs can access your data. This feature protects your files from tampering, in real-time, by locking folders so that ransomware and other unauthorized apps can’t access them. It’s like putting your crown jewels in a safe whose key only you hold.
Cybercriminals can’t extort money if they can’t encrypt your files. Controlled folder access is a powerful tool that can render ransomware attacks worthless.
How Controlled folder access works
Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including malicious executable files, DLLs, and scripts are denied access to folders.
This feature can be enabled in Windows Defender Security Center app in Windows 10.
By default, Controlled folder access protects common folders where documents and other important data are stored. But it’s also flexible. You can add additional folders to protect, including those on other drives. You can also allow apps that you trust to access protected folders, so if you’re using unique or custom programs, your productivity is not affected.
When enabled, Controlled folder access prevents access by unauthorized apps and notifies you of an attempt to access or modify files in protected folders. It delivers this protection in real-time.
Enabling and managing Controlled folder access in enterprise networks
In enterprise environments, Controlled folder access can also be enabled and managed using Group Policy, PowerShell, or configuration service providers for mobile device management.
The Controlled folder access feature seamlessly integrates with Windows Defender Advanced Threat Protection. Every time Controlled folder access blocks an attempt to make changes to protected folders, an alert is generated on Windows Defender ATP. This notifies security operations personnel to take quick response actions, including quarantining affected machines or blocking the unauthorized app from running on other machines.
As with the other Windows Defender Exploit Guard features, administrators can customize notifications that appear on endpoints in the event of an intrusion attempt. Customized notifications then allow employees to call, email, or IM their company’s help desk.
Controlled folder access and other Windows Defender Exploit Guard features include an audit mode that administrators can use to evaluate these security features in enterprise networks. In audit mode, the Controlled folder feature does not block attempts to modify files on protected folders, but logs all events, so administrators can assess Windows Defender Exploit Guard capabilities without impacting operations.
A comprehensive suite of advanced ransomware protection in Windows 10
Ransomware attacks grow more and more sophisticated every day. To keep you safe, we are continually improving Windows to protect against ransomware and other threats. Windows 10 is the safest version of Windows yet. Controlled folder access is designed to help reduce the risk of ransomware attacks, keeping your user and businesses data safe.