- Jul 27, 2015
- 5,458
Much appreciated.
Controlled Folder Access in May 2020 Update?
- Thread starter Ink
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 24, 2016
- 7,415
- Mar 29, 2018
- 7,698
Abused powershell command from the test link:Yes, didn't you quoted my post with that test link or are you talking/thinking about something else?
Also again, I'm getting confused. Simple Powershell command?
(MISS) Encryption started
Quoted from post #42 @Gandalf_The-Grey clipped from the findings of Solarquest: "too late for desktop files)
Final status: System infected-> files encrypted "
Thanks very much, this told me all I needed to know.
Final status: System infected-> files encrypted "
Thanks very much, this told me all I needed to know.
- Apr 24, 2016
- 7,415
I don't think CFA was used here, only Configure Defender on high settings (mains CFA off).Abused powershell command from the test link:
(MISS) Encryption started
Another option can be adding PowerShell protection in the form of Simple Windows Hardening, Hard_Configurator or SysHardner or VoodooShield.
- Apr 1, 2019
- 2,868
Didn’t Windows 7 teach us not to store files on the desktop?Quoted from post #42 @Gandalf_The-Grey clipped from the findings of Solarquest: "too late for desktop files)
Final status: System infected-> files encrypted "
Thanks very much, this told me all I needed to know.
I’ve always hated a cluttered desktop.
- Apr 24, 2016
- 7,415
You're so very welcome, but I would take another part to quote: yes, but not in protected foldersQuoted from post #42 @Gandalf_The-Grey clipped from the findings of Solarquest: "too late for desktop files)
Final status: System infected-> files encrypted "
Thanks very much, this told me all I needed to know.
- Mar 16, 2019
- 3,868
Btw, are you referring to this point mainly? In that case, CFA used to have the desktop as protected folders in the past but they removed it from default protected folders almost a year ago at least. I think Solarquest didn't notice that desktop isn't included in the protected folders anymore so he wrote "too late for desktop files". While in reality CFA actually did its job and protected files in the protected folders.
- Apr 24, 2016
- 7,415
We need a more recent test on version 2004...
Than that would be an error on my part. Thanks SeriousHoax for making that clear, that point of desktop folders removed from CFA is very important.
- Apr 1, 2019
- 2,868
Probably removed due to the volume of warnings people got.
- Mar 16, 2019
- 3,868
Yes, surely that's the reason. It was pretty annoying and I always wanted the ability to remove that.
- Mar 29, 2018
- 7,698
Thanks. I guess I didn't look closely.
desktop shortcuts..
Every new entry result in failure and CFA popup. And most programs add by default shortcuts on desktop
HWINFO64 and Controlled Folder Access in Windows 2004
Hello. I'm running Windows 10 v. 2004, or build 19041.388. HWINFO64 version is 6.26-4160. I enabled Defender's Controlled Folder Access, which I set to monitor Documents, Videos and Pictures, basically. When I launch HWINFO64 .exe from taskbar and choose Sensors, CFA pops up about 3-4...
www.hwinfo.com
Let's see what the developer says, if anything. If someone thinks of additional questions or better -phrased ones, let me know and I'll add it to the post.
Might be a very simple explanation, but frankly, when it comes to ransomware, there should be no grey areas.
- Dec 23, 2014
- 8,592
CFA can protect against two different actions:
There is a possibility to apply the policy to allow actions of point 1 and block only actions from point 2. So the info about changes in memory is not related to RAM but to disk memory (disk sectors).
- Modifications or removing files from the protected folders.
- Writing directly to disk sectors.
There is a possibility to apply the policy to allow actions of point 1 and block only actions from point 2. So the info about changes in memory is not related to RAM but to disk memory (disk sectors).
Well, the HWINFO developer responded to my post and what ended up happening was I allowed HWINFO64 thru as a Trusted App. What I didn't know was that there was a "hidden" protected folder called Device\CdRom0 that HWINFO64 tried to access.
This info is obtained from Protection History and you can allow the app in question to be whitelisted directly from there in "Controlled folder access settings."
As usual, another mysterious thing courtesy of Microsoft.
For crying out loud. But I'm keeping it enabled for now, just need to be aware of off-the-wall things like this.
This info is obtained from Protection History and you can allow the app in question to be whitelisted directly from there in "Controlled folder access settings."
As usual, another mysterious thing courtesy of Microsoft.
For crying out loud. But I'm keeping it enabled for now, just need to be aware of off-the-wall things like this. 
- Jul 22, 2014
- 2,525
Quick info on my test results: memory doesn't help but luckily my comments in the summary as in the dynamic test report.
As you can see files were not encrypted in protected folders but some were on desktop...so WD detected this sample too late (some files on desktop were encrypted) but CFA worked and protected files in protected folders.
File encrypted: yes, but not in protected folders (*WD blocked encryption but too late for desktop files)
Final status: System infected-> files encrypted
Dynamic test:
fun.bat- files in protected folders were not encrypted, but on desktop.
Last edited:
Did you add desktop to protected folder? It's no longer protected by default
- Nov 26, 2016
- 699
Controlled Folder Access has to be the dumbest, most broken feature in existence. Ben trying it since it's first debut years ago and it's just as useless as it was back then. Microsoft claims they use whitelists so that known good programs have access to things but bad don't yet I still have to find this "whitelist". Since the beginning it was constantly whining over super popular things like Steam accessing game files in Documents. Whining about Paint.NET doing the same. In fact it has been whining over EVERYTHING accessing Documents folders. It was always so god damn annoying I've always disabled it. Guess how much changed in all these years. NONE. It's the same useless annoying garbage it was on day 1.
If you want good ransomware protection with this method, then use avast!. At least their "controlled folder access" actually uses whitelist and you'll actually rarely see it annoy you over things. So far only FileOptimizer raised a dialog. Nothing else. Like NOTHING ELSE. And now they are even giving Ransomware Shield to free users.
I just can't understand how Microsoft of all companies can't put their ##### together properly. I'd suggest anyone to use this feature to keep their files safer, but not when it's this broken and this annoying. Now i know why it's disabled by default. Where avast!'s Ransomware Shield I can easily recommend anyone using it by default. It's that seamless.
If you want good ransomware protection with this method, then use avast!. At least their "controlled folder access" actually uses whitelist and you'll actually rarely see it annoy you over things. So far only FileOptimizer raised a dialog. Nothing else. Like NOTHING ELSE. And now they are even giving Ransomware Shield to free users.
I just can't understand how Microsoft of all companies can't put their ##### together properly. I'd suggest anyone to use this feature to keep their files safer, but not when it's this broken and this annoying. Now i know why it's disabled by default. Where avast!'s Ransomware Shield I can easily recommend anyone using it by default. It's that seamless.
Similar threads
- Microsoft Threat Intelligence
- Microsoft Defender
- Amanda Langowski
- Windows 11
