Advice Request [Video] How Controlled Folder Access (Ransomware Protection) works in Windows 10

  • Thread starter ForgottenSeer 85179
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
This thing is garbage. It has been garbage years ago when they first released it and it's still garbage TODAY. And I don't even go into protection vs ransomware. I'm talking how noisy and annoying this thing is because it's either entirely broken or Microsoft's whitelist is pure garbage.

When I run avast!'s Ransomware Shield, only app that even raised Ransomware Shield alert was for FileOptimizer. It's a relatively unknown app designed to trim down files to smallest possible size without decreasing quality. Fair enough. But everything else works seamlessly without any alerts. Paint.NET, MusicBee, CrystalDiskInfo etc. No issues while protecting exact same folders.

However, when I enable this thing in Windows Defender, I'm CONSTANTLY getting alerts for harmless things done by legit programs like above mentioned programs, to a point it's so annoying I always end up turning it off. I mean like COME ON Microsoft, how can you have this feature in your app for so many years and have it broken for so many years because clearly your whitelists are garbage. avast! doesn't have this issue because their whitelists are great. But one would expect that Microsoft would have same capabilities of creating good whitelists given they literally make the OS everything runs on and they certify things. I just wonder what the hell they are whitelisting if it's not commonly used apps that access user drives and documents...
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I use CFA and do not get constant notifications. As far as I know, there is no default Whitelist.. cannot be trusted..?

When I do receive a notification, it is due to not having used the application, and it wants to save into a protected directory. Allowing is a simple process that works on v1909.
 
F

ForgottenSeer 85179

Thread author
When I run avast!'s Ransomware Shield, only app that even raised Ransomware Shield alert was for FileOptimizer. It's a relatively unknown app designed to trim down files to smallest possible size without decreasing quality. Fair enough. But everything else works seamlessly without any alerts. Paint.NET, MusicBee, CrystalDiskInfo etc. No issues while protecting exact same folders.
This only show that the protection doesn't work like it needs.

It doesn't matter if the program is known or not. As Spawn already say, it doesn't exist a whitelist which would be a security problem anyway. That's the reason why even for Windows internal stuff a warning can popup. This is called "No Trust".
 
  • Like
Reactions: Protomartyr

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Microsoft is clearly stating there is a whitelist. I just wonder which one since alertfest is just unbearable.

Microsoft's own documentation:


Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the Microsoft Endpoint Configuration Manager and Intune, for managed devices. Controlled folder access works best with Microsoft Defender Advanced Threat Protection, which gives you detailed reporting into controlled folder access events and blocks as part of the usual alert investigation scenarios.

Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top