Paubox blog: HIPAA compliant email made easy

Turning on Window’s built-in ransomware protection

Written by Tshedimoso Makhene | March 11, 2024

Windows has a built-in ransomware protection feature known as Controlled Folder Access. This feature is available in Windows 10 and Windows 11. This feature can be manually turned on on your PC.

 

How does controlled folder access work?

Controlled folder access works by restricting access to designated folders on your system, allowing only authorized applications to change the files within those folders. When enabled, it creates a list of trusted applications permitted to access the protected folders. Any attempt by an unauthorized application to modify or encrypt files within these folders will be blocked, helping to prevent ransomware attacks.

Here's how controlled folder access generally operates:

  • Enabling controlled folder access: Once controlled folder access is activated, it monitors specified folders for any suspicious activity.
  • Defining protected folders: Users can designate which folders they want to protect. Important directories containing documents, photos, and other sensitive files are typically selected for protection.
  • Trusted applications: Controlled folder access maintains a list of trusted applications allowed to access the protected folders. These are usually system processes and applications considered safe by default.
  • Blocking unauthorized access: If an application not on the trusted list attempts to access or modify files within the protected folders, controlled folder access will block the action and generate a notification alerting the user of the attempted breach.
  • User control: Users have the flexibility to manage the list of trusted applications, adding or removing programs as needed. They can also review logs and notifications to monitor any attempted unauthorized access.

See also

 

How to turn on controlled folder access

Open Windows Security

Open the Windows Security app on your PC. You can access it in one of several ways:

  • Press Alt + Spacebar on your keyboard, type in Windows security, then hit Enter
  • Open your Start Menu and type in Windows security, then press Enter
  • Open your Settings app, then choose Windows Security in the left pane

 

Find the ransomware settings

  • Click on "Virus & Threat Protection" in the Windows Security application. Then, from the bottom of the screen, select Manage Ransomware Protection.
  • Next, turn on controlled folder access. The default OneDrive, Documents, Pictures, Videos, Music, and Favorites folders on your PC are no longer accessible to apps thanks to this change. Other folders can be manually added to the list as well.
  • Not all Windows apps will be blocked; Microsoft Office applications can open and modify files by default. If the app is not part of Microsoft’s list of trusted apps, the ransomware protection program will not be able to access it until it is granted permission to do so.

 

Log onto OneDrive

  • Another important method of defense is to have good backups, and Windows takes care of this for you if you're connected to OneDrive. 
  • To confirm that this protection is on, you can look at Ransomware protection > Ransomware data recovery.

Read moreWindows includes built-in ransomware protection. Here’s how to turn it on

 

FAQs

Does controlled folder access protect against all types of malware?

Controlled folder access is primarily designed to protect against ransomware attacks that attempt to encrypt files for ransom. While it can provide some protection against other types of malware, such as viruses and trojans, it's not a comprehensive solution for all types of malware threats.

See alsoWhy antivirus software isn’t enough

 

Does a Windows reset remove ransomware?

While a Windows reset can help remove some instances of ransomware, it's not a foolproof method, and prevention measures should be prioritized to avoid ransomware infections in the first place.