Now your Windows Defender Antivirus helps you to prevent ransomware attack. Let us see how!

After WannaCry and Petya, it seems like Microsoft has realized the potential harm that ransomware can cause to its operating systems and its customers' sensitive information. Microsoft is making some interesting security-related changes to Windows 10 with the next Fall Creators Update, expected to debut in September. Windows 10 testers can now access a preview of the changes that include a new controlled folder access feature. It’s designed to only allow specific apps to access and read / write to a folder.

Windows Defender Antivirus is your default security software on Windows 10 to protect your system against viruses, spyware, rootkits, and other types of malware out-of-the-box, including ransomware. Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus, to make it easier to protect your data from malicious programs and threats like ransomware. 

This new feature essentially monitors the changes that apps make to files in certain folders that are protected. If an app is blacklisted and tries to make changes to files in the protected folders, the user will get a notification about the attempt. Certain applications will be white-listed automatically, though the company doesn't specify which applications. To allow certain apps through the feature, users need to click Allow an app through Controlled folder access and locate and add the app. Think of it as a layer of protection against manipulation of files that are stored in protected folders.

Controlled Folder Access is not enabled by default. First thing you need to do is enable the feature by flipping its preference to on, and adding at least one folder that you want the feature to protect on the device. You can add additional folders to the list of protected folders, but you cannot alter the default list, which includes folders such as Documents, Pictures, Movies, and Desktop. Adding other folders to Controlled folder access can be handy, for example, if you don’t store files in the default Windows libraries or you’ve changed the location of the libraries away from the defaults.

You must be signed in as an administrator to change Controlled folder access settings.

Option 1: To Turn On or Off  Windows Defender Controlled Folder Access

Note: Turning on or off Controlled folder access will modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exploit Guard\Controlled Folder Access

GuardMyFolders DWORD

0 = Off               1 = On

1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon.
2. Click/tap on the Virus & threat protection settings link.
3. Turn On or Off (default) Controlled folder access for what you want.
4. Click/tap on Yes when prompted by UAC to approve.
5. When finished, you can close Windows Defender Security Center if you like.

Option 2: To Add or Remove Protected Folders for Windows Defender Controlled Folder Access

Note: The list of added protected folders is stored in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exploit Guard\Controlled Folder Access\GuardedFolders

1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. 
2. Click/tap on the Virus & threat protection settings link. 
   
3. Click/tap on the Protected folders link under Controlled folder access.
4. Do step 5 (add) or step 6 (remove) below for what you would like to do.
5. To add a protected folder.
6. Click/tap on the Add a protected folder + button.
7. Navigate to and select the folder (ex: "Documents") you want to add, click/tap on Select Folder, and go to step 10 below.
8. To remove a protected folder.
9. Click/tap on a listed folder (ex: "Documents") you want to remove, click/tap on the Remove button, and go to step 10 below. 
10. Click/tap on Yes when prompted by UAC to approve.
11. When finished, you can close Windows Defender Security Center if you like.

Option 3: To Add or Remove Allowed Apps through Windows Defender Controlled Folder Access

Note: The list of allowed apps is stored in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exploit Guard\Controlled Folder Access\AllowedApplications

1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. 
2. Click/tap on the Virus & threat protection settings link.
3. Click/tap on the Allow an app through Controlled folder access link under Controlled folder access.
4. Do step 5 (add) or step 6 (remove) below for what you would like to do.
5. To add a allowed app
6. Click/tap on the Add an allowed app + button.
7. Navigate to and select the folder (ex: "notepad.exe") you want to allow, click/tap on Open, and go to step 10 below.
8. To remove a allowed app
9. Click/tap on a listed folder (ex: "notepad.exe") you want to remove, click/tap on the Remove button, and go to step 10 below. 
10. Click/tap on Yes when prompted by UAC to approve.
11. When finished, you can close Windows Defender Security Center if you like.

That's it!