Advice Request Controlled Folder Access in May 2020 Update?

[Ink]

I have used the Controlled Folder Access (aka Windows Defender Antivirus Ransomware Protection) in earlier builds, but turned it off due to being unable to whitelist applications properly.

In the latest Windows 10 May 2020 Update (Version 2004), is it worth re-visiting?

 

[LDogg]

I think it's worth visiting, like with any other software that has a significant update.

~LDogg

 

[DSD27]

Who does this type of approach react when malware disguises itself using a legit process name?

 

[plat]

I install and delete too much software too often. This was a PITA when I made an honest effort to use it before. Can't imagine it's getting any more friendly now. GPO and OSA fill in nicely, plus my image. I don't trust me implicitly.

So, I say "yes," it's worth trying. Demo it like any other monitoring software with the potential to get on your nerves. NOTE: I have not used CFA since the Anniversary Update.

 

[ForgottenSeer 85179]

I use it for many month's (under 1909) and don't see any reason why it shouldn't be used.
You can't blame it if programs are coded bad. Works fine here

 

[Gandalf_The_Grey]

It's sometimes annoying, but if you go for Windows 10 built-in security, I believe you should use it.
Test in the HUB confirm its effectiveness/need.

 

[Protomartyr]

I have CFA enabled on my laptop currently and I'm looking forward to any improvements in the May 2020 update. It's definitely a pain to setup. However, once you have it configured correctly for your needs, the only time I'm aware of it is when updating applications. Sometimes I may have to whitelist the installer temporarily for it to complete successfully.

 

[ChoiceVoice]

it tells you things ... like google chrome trying to snoop through your folders.

 

[Digmor Crusher]

Its more a pain than its worth for me at least.

 

[oldschool]

don't see any reason why it shouldn't be used.
... Works fine here

It's sometimes annoying, but if you go for Windows 10 built-in security, I believe you should use it.
Test in the HUB confirm its effectiveness/need.

Sometimes I may have to whitelist the installer temporarily for it to complete successfully.

Absolutely. Why wouldn't you use it? Maybe if you have a bunch of 3rd party apps to update. Then it can be a real pain, but it depends on user's setup ....

I know I've gotten block notifications for browser updates but they usually are for updates that use Temp folder.

Plus, there are these nifty CFA tweaks (see posts #57 & 58) compliments of @Windows_Security & @Andy Ful. Who else?

 

[Andy Ful]

...
Sometimes I may have to whitelist the installer temporarily for it to complete successfully.

CFA will block the creation of shortcuts on Desktop (with error alert) but the installation should finish without problems. The shortcuts are usually created without problems on Start Menu. One can drag & drop the shortcut from there to Desktop if needed.
CFA can produce some alerts when something wants to access the protected boot sectors on the disk - most applications can do it without a serious reason, so they can work well with CFA even with blocked access.
Did you notice other possible issues?

 

[Protomartyr]

Did you notice other possible issues?

Nope! I haven't experienced any other issues.
I've come to like CFA and hope that Microsoft makes even more improvements so that others can take advantage of it. At its current stage, I don't think it's ready to be enabled by default on systems since most users probably aren't computer savvy enough to set it up properly or troubleshoot any false positives that may come up.

 

[SeriousHoax]

CFA will block the creation of shortcuts on Desktop (with error alert) but the installation should finish without problems.

Desktop has actually been removed from CFA's default folders quite a while ago. I mean 3-4 months at least on my PC.
Personally I never had any problem with apps updating due to CFA like some users face This can only happen if the particular apps use Documents folder to store some files.

 

[Andy Ful]

Desktop has actually been removed from CFA's default folders quite a while ago. I mean 3-4 months at least on my PC.
Personally I never had any problem with apps updating due to CFA like some users face This can only happen if the particular apps use Documents folder to store some files.

For children and casual users, protecting Desktop can be important. They usually keep files on Desktop (like women tend to keep everything in their handbags).
But in fact, I missed somehow this change in CFA. I was too busy with the new version of H_C.

 

[SeriousHoax]

For children and casual users, protecting Desktop can be important. They usually keep files on Desktop (like women tend to keep everything in their handbags).
But in fact, I missed somehow this change in CFA. I was too busy with the new version of H_C.

It's easy to miss this change if no new apps are installed. I noticed one day when I saw a desktop shortcut made by an app that I installed.
You're correct about casual user. Personally I like clean desktop but I've seen a lot of messed up desktop filled with files. But most people prefer desktop shortcuts for applications so it's understandable why it was removed.

 

[plat]

Well, based on some thoughtful and well-meaning posts, I went ahead and enabled CFA on here on a trial basis. I'll apply some of those settings, thank you for posting that, SeriousHoax. I'll see how it works out. I enabled this right when it first debuted, I think--not the AU but 1803? Way back then. Didn't work out then, seriously got on my nerves and exclusions weren't very flexible nor did they always kick in.

Times change, so minds should also.

 

[oldschool]

most users probably aren't computer savvy enough to set it up properly

I wonder about this. Setting up the usual protected files is not difficult (already done by default on Admin account), and whitelisting apps should be straight-forward enough for folks who can read the GUI.

troubleshoot any false positives that may come up.

I agree. This can be more challenging for the casual user.

 

[Andy Ful]

...
At its current stage, I don't think it's ready to be enabled by default on systems since most users probably aren't computer savvy enough to set it up properly or troubleshoot any false positives that may come up.

That is also my opinion, so it is still not included in ConfigureDefender High settings.

 

[South Park]

I do a lot of photo editing, but I could never get CFA to allow my various free/open source editing programs. With GIMP/Glimpse, one or more executables, which are not obvious, have to be separately whitelisted for each image format being used.

 

[oldschool]

I do a lot of photo editing, but I could never get CFA to allow my various free/open source editing programs. With GIMP/Glimpse, one or more executables, which are not obvious, have to be separately whitelisted for each image format being used.

Your experience highlights the particular weak point of CFA.