Advice Request Windows 10 has a built-in ransomware block, you just need to enable it

Please provide comments and solutions that are helpful to the author of this topic.

Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Telos said:
@Andy Ful Is it possible to get a pop-up window option for this rule which allows the user to make an exception on a case-by-case basis? Thanks.
qxcFbUl.png
Click to expand...

I am not sure what do you mean by an exception on a case-by-case basis.:unsure:
How does this differ from making ASR exclusions?
You also can use the Warn setting and unblock the blocked executable for 24 hours. Most of the blocked executables are allowed by Microsoft after 48 hours.
 
Last edited:
  • Like
Reactions: oldschool, Nevi, Gandalf_The_Grey and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, plat, Nevi and 2 others
N

NormanF

Level 9
Verified
Jan 11, 2018
404
nicos181987 said:
The "Controlled folder access" feature in Windows 10 (and 11) is useless, because it blocks even Microsoft services and programs. Besides, you have to manually add each folder/program to the exclusion list, but the most annoying part is that Windows doesn't specify precisely which process was blocked.

I hoped that in Windows 11 Microsoft would have improved the feature, but it's not happened.
Click to expand...
Its better for home users to run a third party AR solution. Easier to set up and configure and there's no danger of locking you out of Windows.
 
F

ForgottenSeer 92963

@NormanF Have you tried on Windows 11 also?

It might help to ignore low priority warnings in the Virus & Treat protection settings
1634646496159.png


Also when browsing the Protected Folders History of Windows 11, there was only one low priority warning since installing Windows 11 and updating it. It looks like the warnings for windows own processes are gone. Only one low priority block in 5 days for Rufus (burning ISO to USB)
1634646755549.png
 
  • Like
  • +Reputation
Reactions: cryogent, Zartarra, oldschool and 2 others
N

NormanF

Level 9
Verified
Jan 11, 2018
404
ForgottenSeer 92963 said:
@NormanF Have you tried on Windows 11 also?

It might help to ignore low priority warnings in the Virus & Treat protection settings
View attachment 261353

Also when browsing the Protected Folders History of Windows 11, there was only one low priority warning since installing Windows 11 and updating it. It looks like the warnings for windows own processes are gone. Only one low priority block in 5 days for Rufus (burning ISO to USB)
View attachment 261354
Click to expand...

Its disabled for a reason. Like with SAC, some things in Windows are best left untouched.
 
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,697
I was surprised when Controlled Folder Access blocked Snipping Tool access to my Photos folder because I've never seen this before. I suppose MS has made changes to CFA. It was easily allowed via internal UI.
 
  • Like
  • Sad
Reactions: nicos181987, roger_m and Andy Ful
N

nicos181987

Level 1
Verified
Well-known
Jul 25, 2021
39
I tried again to use only Windows Defender with controlled-access folder after almost 2 years, and I was surprised to see that nothing changed; WD continues to block legitimate softwares.

As soon as I turned on controlled-folder access, Windows Defender instantly blocked the process "Dashboard.exe", the main process of Wester Digital dashboard software.

Really, Microsoft? Now I understand why you keep the option disabled by default...
 
  • Like
Reactions: oldschool and brambedkar59
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
nicos181987 said:
Really, Microsoft? Now I understand why you keep the option disabled by default...
Click to expand...

Controlled Folder Access (CFA) requires some whitelisting. The user's applications blocked by CFA can be manually excluded. This requires some skills and effort, so CFA is disabled in default settings. If one likes an easy way, the option is Kaspersky (or another paid product) with dedicated anti-ransomware protection.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: simmerskool, oldschool, Gandalf_The_Grey and 1 other person
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,697
nicos181987 said:
As soon as I turned on controlled-folder access, Windows Defender instantly blocked the process "Dashboard.exe", the main process of Wester Digital dashboard software.
Click to expand...
Did you try whitelisting it? I find that some (maybe many) CFA blocks don't interfere with main application processes and require no whitelisting at all.
 
  • +Reputation
Reactions: simmerskool

Similar threads

lokamoka820
    • Like
Hot Take How to Safeguard Your Windows PC Against Ransomware
Replies
1
Views
196
General Security Discussions
Bot
Bot
Gandalf_The_Grey
    • +Reputation
    • Applause
    • Like
Malware News New ShrinkLocker ransomware decryptor recovers BitLocker password
Replies
0
Views
370
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
Replies
0
Views
848
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top