Advice Request Windows 10 has a built-in ransomware block, you just need to enable it

Please provide comments and solutions that are helpful to the author of this topic.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,205
@Andy Ful Is it possible to get a pop-up window option for this rule which allows the user to make an exception on a case-by-case basis? Thanks.
qxcFbUl.png

I am not sure what do you mean by an exception on a case-by-case basis.:unsure:
How does this differ from making ASR exclusions?
You also can use the Warn setting and unblock the blocked executable for 24 hours. Most of the blocked executables are allowed by Microsoft after 48 hours.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,205
Last edited:

NormanF

Level 8
Verified
Jan 11, 2018
381
The "Controlled folder access" feature in Windows 10 (and 11) is useless, because it blocks even Microsoft services and programs. Besides, you have to manually add each folder/program to the exclusion list, but the most annoying part is that Windows doesn't specify precisely which process was blocked.

I hoped that in Windows 11 Microsoft would have improved the feature, but it's not happened.
Its better for home users to run a third party AR solution. Easier to set up and configure and there's no danger of locking you out of Windows.
 
F

ForgottenSeer 92963

@NormanF Have you tried on Windows 11 also?

It might help to ignore low priority warnings in the Virus & Treat protection settings
1634646496159.png


Also when browsing the Protected Folders History of Windows 11, there was only one low priority warning since installing Windows 11 and updating it. It looks like the warnings for windows own processes are gone. Only one low priority block in 5 days for Rufus (burning ISO to USB)
1634646755549.png
 

NormanF

Level 8
Verified
Jan 11, 2018
381
@NormanF Have you tried on Windows 11 also?

It might help to ignore low priority warnings in the Virus & Treat protection settings
View attachment 261353

Also when browsing the Protected Folders History of Windows 11, there was only one low priority warning since installing Windows 11 and updating it. It looks like the warnings for windows own processes are gone. Only one low priority block in 5 days for Rufus (burning ISO to USB)
View attachment 261354

Its disabled for a reason. Like with SAC, some things in Windows are best left untouched.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,175
I was surprised when Controlled Folder Access blocked Snipping Tool access to my Photos folder because I've never seen this before. I suppose MS has made changes to CFA. It was easily allowed via internal UI.
 

nicos181987

Level 1
Verified
Well-known
Jul 25, 2021
35
I tried again to use only Windows Defender with controlled-access folder after almost 2 years, and I was surprised to see that nothing changed; WD continues to block legitimate softwares.

As soon as I turned on controlled-folder access, Windows Defender instantly blocked the process "Dashboard.exe", the main process of Wester Digital dashboard software.

Really, Microsoft? Now I understand why you keep the option disabled by default...
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,205
Really, Microsoft? Now I understand why you keep the option disabled by default...

Controlled Folder Access (CFA) requires some whitelisting. The user's applications blocked by CFA can be manually excluded. This requires some skills and effort, so CFA is disabled in default settings. If one likes an easy way, the option is Kaspersky (or another paid product) with dedicated anti-ransomware protection.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,175
As soon as I turned on controlled-folder access, Windows Defender instantly blocked the process "Dashboard.exe", the main process of Wester Digital dashboard software.
Did you try whitelisting it? I find that some (maybe many) CFA blocks don't interfere with main application processes and require no whitelisting at all.
 
  • +Reputation
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top