How to Block Ransomware Using Controlled Folder Access on Your PC | Tripwire

How to Block Ransomware Using Controlled Folder Access on Your PC

Posted on October 23, 2017
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Microsoft has released a new feature called "Controlled Folder Access" that helps Windows users protect their data against ransomware. First announced in June 2017, Controlled Folder Access is an option in Windows Defender Security Center that went live in mid-October. Its purpose is to protect files contained in designated folders against unauthorized changes. Users can therefore activate Controlled Folder Access in order to prevent ransomware from encrypting their files and changing those documents' file names. Microsoft explains the feature as follows:
"Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. You can complement the protected folders with additional locations, and add the apps that you want to allow access to those folders."
To enable Controlled Folder Access, Windows users should select Start > Settings (the gear symbol). They should then choose Update & security > Windows Defender. At that point, they should open the security center of Microsoft's native malware protection program, view their "Virus & threat protection" settings, and turn on "Controlled folder access."
40c50c273d49e89f73ca6a562e536ed8.png
Source: Microsoft Once they've activated the feature, users can click the "Protected folders" sub-option and add any folders to which they'd like to restrict access. They should then follow up by selecting "Allow an app through Controlled folder access." This course of action lets users whitelist certain applications that they know regularly use their protected folders. In the event an unapproved application like crypto-malware attempts to make changes to one of the protected folders, Windows displays an alert message in the Windows Notifications sidebar. It also logs the activity in its events log.
WCFA-Error.jpg
A warning message displayed by Windows Defender Security Center through its Controlled folder access feature. (Source: Bleeping Computer) Controlled Folder Access is an excellent way for users to protect themselves against ransomware. But it should not be the only way. Regardless of the OS they're using, people should invest some time in preventing a ransomware infection by following these strategies. They should also back up their critical data on a regular basis just in case they fall victim to an attack.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!