RejZoR

Level 14
Verified
This thing is garbage. It has been garbage years ago when they first released it and it's still garbage TODAY. And I don't even go into protection vs ransomware. I'm talking how noisy and annoying this thing is because it's either entirely broken or Microsoft's whitelist is pure garbage.

When I run avast!'s Ransomware Shield, only app that even raised Ransomware Shield alert was for FileOptimizer. It's a relatively unknown app designed to trim down files to smallest possible size without decreasing quality. Fair enough. But everything else works seamlessly without any alerts. Paint.NET, MusicBee, CrystalDiskInfo etc. No issues while protecting exact same folders.

However, when I enable this thing in Windows Defender, I'm CONSTANTLY getting alerts for harmless things done by legit programs like above mentioned programs, to a point it's so annoying I always end up turning it off. I mean like COME ON Microsoft, how can you have this feature in your app for so many years and have it broken for so many years because clearly your whitelists are garbage. avast! doesn't have this issue because their whitelists are great. But one would expect that Microsoft would have same capabilities of creating good whitelists given they literally make the OS everything runs on and they certify things. I just wonder what the hell they are whitelisting if it's not commonly used apps that access user drives and documents...
 

Spawn

Administrator
Verified
Staff member
I use CFA and do not get constant notifications. As far as I know, there is no default Whitelist.. cannot be trusted..?

When I do receive a notification, it is due to not having used the application, and it wants to save into a protected directory. Allowing is a simple process that works on v1909.
 

security123

Level 24
Verified
When I run avast!'s Ransomware Shield, only app that even raised Ransomware Shield alert was for FileOptimizer. It's a relatively unknown app designed to trim down files to smallest possible size without decreasing quality. Fair enough. But everything else works seamlessly without any alerts. Paint.NET, MusicBee, CrystalDiskInfo etc. No issues while protecting exact same folders.
This only show that the protection doesn't work like it needs.

It doesn't matter if the program is known or not. As Spawn already say, it doesn't exist a whitelist which would be a security problem anyway. That's the reason why even for Windows internal stuff a warning can popup. This is called "No Trust".
 

RejZoR

Level 14
Verified
Microsoft is clearly stating there is a whitelist. I just wonder which one since alertfest is just unbearable.

Microsoft's own documentation:


Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the Microsoft Endpoint Configuration Manager and Intune, for managed devices. Controlled folder access works best with Microsoft Defender Advanced Threat Protection, which gives you detailed reporting into controlled folder access events and blocks as part of the usual alert investigation scenarios.

Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders.
 
Top