Q&A Controlled folders access blocking legitimate Windows processes, even after whitelisting them

Discussion in 'Microsoft' started by TheMalwareMaster, Oct 27, 2017.

  1. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    I've tried to use the new controlled folders access feature, but it's a comple disaster! It's blocking pickerhost.exe when I'm trying to save files using Microsoft Edge. I've whitelisted that, rebooted and nothing changes! Always blocked. It's also blocking the tool for making screenshots!
    Any idea of why is this happening?

    bug.PNG bug2.jpg
     
  2. VecchioScarpone

    VecchioScarpone Level 3

    Aug 19, 2017
    142
    436
    Retired
    Melbourne VIC
    #2 VecchioScarpone, Oct 27, 2017
    Last edited: Oct 27, 2017
    I had an issue in regard the snapping tools not working. That was solved by running Windows Updates Repaid tool, wu170509 or the latest. Downloadable from Microsoft.
    Started to use the Process folders feature again after I stopped for a while, wanting to give it another try, it is very chatty and I have to constantly figure out the warnings it gives. Hope it will stop soon once I add all the apps I use that it gives warnings for.

    Errata corrige & Edit: (snapping) Snipping Tools windows owns and third party screenshots tool too not working.
     
    Weebarra and TheMalwareMaster like this.
  3. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    The strange facts are that
    1) This blocked files are made by Microsoft itself
    2) The whitelist doesn't work
     
  4. VecchioScarpone

    VecchioScarpone Level 3

    Aug 19, 2017
    142
    436
    Retired
    Melbourne VIC
    #4 VecchioScarpone, Oct 28, 2017
    Last edited: Oct 28, 2017
    Unfortunately I'm not an expert. All what I know is that after some googling investigation I came across that, the snipping tool and the Screenshots apps may not be working due to a failed update.
    I'm giving myself some more time with the process folders protection feature, though I don't understand why I get warnings about changes I make on the computer telling me that WD blocked that process but nothing is blocked.
    For example, while reinstalling VS the warning say that the process blocked VS to make changes on my computer, but factually there was not blocks, VS installed fine. Same for others instances.
    Maybe I'm missing something here or it is just that this WD feature is above may pay grade, in which case I probably better do without it.
     
    Weebarra and TheMalwareMaster like this.
  5. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    Actually the screenshot tools works for me if I disabled Controlled folders access...

    I know the one of VoodooShield because it happened on my desktop, and I can explain you. Basically, VoodooShield on installation creates a desktop shortcut. The controlled folders access blocked its creation (you will see you don't have it)
     
    Weebarra and VecchioScarpone like this.
  6. VecchioScarpone

    VecchioScarpone Level 3

    Aug 19, 2017
    142
    436
    Retired
    Melbourne VIC
    #6 VecchioScarpone, Oct 28, 2017
    Last edited by a moderator: Oct 28, 2017
    As for the screenshot tools, if the Controlled folder feature came as default enable, with 1709 upgrade, that was the problem then. If it need to be enabled after upgrade it was something else. I can recollect that when I did run the WU repair tool it gave a failed update error and I had to run the repair tool. After that no more problems.
    Possibly it may have been a failed update error that had nothing to do with snipping tools, who knows.

    Thanks for the VS desktop issue explanation. I did add VS to control process folders, and so on as I get the warning and I know it is a legit App.

    Some users have no issues at all, some do. It maybe a learning curve, or it may depend on how much stuff one has on his computer that may somehow conflict.
     
    TheMalwareMaster likes this.
  7. Insecurity

    Insecurity Level 1

    Nov 3, 2016
    6
    36
    Germany
    Windows 10
    Microsoft
    I also had many problems with this feature, explained here:
    Poll - Who has already played with new W10 security features?

    Kinda weird, especially because legitimate software should be allowed automatically. At least that's what Microsoft is saying. At the end I even got notifications without doing anything because some Windows processes tried to access some folders I added to the controlled folders list.

    Maybe they'll improve it in the future, but right now it's not usable for me and as it seems it's not usable for many others, too. But it's really strange that some people aren't having any problems with it.
     
  8. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    I have really few programs on my PC (13), of which some are drivers or Microsoft programs (one drive and other stuff). The other security software is COMODO Firewall
     
    VecchioScarpone and Weebarra like this.
  9. VecchioScarpone

    VecchioScarpone Level 3

    Aug 19, 2017
    142
    436
    Retired
    Melbourne VIC
    #9 VecchioScarpone, Oct 28, 2017
    Last edited: Oct 28, 2017
    @TheMalwareMaster
    Non tutte le ciambelle escono col buco (Not all donuts come out with the hole). We may be the unlucky ones, though I'm coming to think of that WD feature as a bit raw. It need more cooking.

    Guten Sonntag
    Buona domenica
     
    TheMalwareMaster and upnorth like this.
  10. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    Now everything is working, but look at my whitelist! I had to whitelist evry single program that touches files
    whitelist.PNG
     
    shmu26 and VecchioScarpone like this.
  11. VecchioScarpone

    VecchioScarpone Level 3

    Aug 19, 2017
    142
    436
    Retired
    Melbourne VIC
    #11 VecchioScarpone, Oct 29, 2017
    Last edited: Oct 29, 2017
    Yes it make not good marketing stating that most of well known apps will be allowed when MS owns need to be added. I had to add Firefox, really obscure app that one.
     
  12. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,708
    11,871
    AppGuard LLC Virginia, U.S.
    That's the point. It's supposed to be a file vault.
     
  13. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,282
    13,630
    Utopia
    And after the user has added file explorer and his browser and who knows what else windows processes, how safe is it anymore?
     
    upnorth and Av Gurus like this.
  14. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    Guys, I still have issues...
    But just with pickerhost.exe. After whitelisting it, it works after the first reboot. After some reboots though, it will be blocked even if whitelisted
     
Loading...