Advice Request Windows 10 has a built-in ransomware block, you just need to enable it

Please provide comments and solutions that are helpful to the author of this topic.
Telos said:
@Andy Ful Is it possible to get a pop-up window option for this rule which allows the user to make an exception on a case-by-case basis? Thanks.
qxcFbUl.png
Click to expand...

I am not sure what do you mean by an exception on a case-by-case basis.:unsure:
How does this differ from making ASR exclusions?
You also can use the Warn setting and unblock the blocked executable for 24 hours. Most of the blocked executables are allowed by Microsoft after 48 hours.
 
Last edited:
  • Like
Reactions: oldschool, Nevi, Gandalf_The_Grey and 1 other person
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, plat, Nevi and 2 others
nicos181987 said:
The "Controlled folder access" feature in Windows 10 (and 11) is useless, because it blocks even Microsoft services and programs. Besides, you have to manually add each folder/program to the exclusion list, but the most annoying part is that Windows doesn't specify precisely which process was blocked.

I hoped that in Windows 11 Microsoft would have improved the feature, but it's not happened.
Click to expand...
Its better for home users to run a third party AR solution. Easier to set up and configure and there's no danger of locking you out of Windows.
 
@NormanF Have you tried on Windows 11 also?

It might help to ignore low priority warnings in the Virus & Treat protection settings
1634646496159.png


Also when browsing the Protected Folders History of Windows 11, there was only one low priority warning since installing Windows 11 and updating it. It looks like the warnings for windows own processes are gone. Only one low priority block in 5 days for Rufus (burning ISO to USB)
1634646755549.png
 
  • Like
  • +Reputation
Reactions: cryogent, Zartarra, oldschool and 2 others
ForgottenSeer 92963 said:
@NormanF Have you tried on Windows 11 also?

It might help to ignore low priority warnings in the Virus & Treat protection settings
View attachment 261353

Also when browsing the Protected Folders History of Windows 11, there was only one low priority warning since installing Windows 11 and updating it. It looks like the warnings for windows own processes are gone. Only one low priority block in 5 days for Rufus (burning ISO to USB)
View attachment 261354
Click to expand...

Its disabled for a reason. Like with SAC, some things in Windows are best left untouched.
 
I tried again to use only Windows Defender with controlled-access folder after almost 2 years, and I was surprised to see that nothing changed; WD continues to block legitimate softwares.

As soon as I turned on controlled-folder access, Windows Defender instantly blocked the process "Dashboard.exe", the main process of Wester Digital dashboard software.

Really, Microsoft? Now I understand why you keep the option disabled by default...
 
  • Like
Reactions: oldschool and brambedkar59
nicos181987 said:
Really, Microsoft? Now I understand why you keep the option disabled by default...
Click to expand...

Controlled Folder Access (CFA) requires some whitelisting. The user's applications blocked by CFA can be manually excluded. This requires some skills and effort, so CFA is disabled in default settings. If one likes an easy way, the option is Kaspersky (or another paid product) with dedicated anti-ransomware protection.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: simmerskool, oldschool, Gandalf_The_Grey and 1 other person
nicos181987 said:
As soon as I turned on controlled-folder access, Windows Defender instantly blocked the process "Dashboard.exe", the main process of Wester Digital dashboard software.
Click to expand...
Did you try whitelisting it? I find that some (maybe many) CFA blocks don't interfere with main application processes and require no whitelisting at all.
 
  • +Reputation
Reactions: simmerskool

You may also like...