Get ransomware protection with Windows 10's Controlled folder access

Ransomware is one of the most dangerous forms of malware. It takes control of your files and folders and forces you to pay large amounts of money to get them back. And even then, you cannot be sure that you can get your data back. Microsoft noticed how dangerous these attacks are for their users, and decided to take measures: in Windows 10, the Microsoft Defender Antivirus includes a feature called "Controlled folder access" explicitly designed to protect users against ransomware attacks. You can access and manage how "Controlled folder access" works to protect your files, folders, and memory areas on your device from the Windows Security app. Without further ado, here's how to get ransomware protection with Windows 10's "Controlled folder access":

NOTE: We created this tutorial using Windows 10 May 2020 Update. If you have an older version of the operating system, some options might be missing on your device, and others might bear different names. Check your Windows 10 build and, if necessary, get the latest Windows 10 update.

What is "Controlled folder access" from Microsoft Defender Antivirus?

In Windows 10, Microsoft Defender Antivirus includes this feature that's called "Controlled folder access." It is designed to protect your important data from unauthorized changes. That means that no program or application, including any form of malware, can alter your protected files or folders.

"Controlled folder access" can take care of the safety of every file found inside the user's folders, but it can also be configured to protect other folders that you manually specify. If you want to give access to a program or app to make changes in those folders, you can whitelist it using the Windows Security app.

If a particular program or app, including ransomware, tries to change the files found inside a protected folder, Microsoft Defender Antivirus notifies you immediately and asks you to confirm that you allow that. If not, you can deny permission, and your files are saved from unwanted changes.

How to get ransomware protection in Windows 10 with "Controlled folder access"

You can enable the "Controlled folder access" protection feature in the Windows Security app. Start by opening it: a fast way to do it to click or tap on its shortcut from the Start Menu. In Windows Security, open "Virus & threat protection."

Virus & threat protection in Windows Security

On the "Virus & threat protection" page from Windows Security, scroll down until you find the "Virus & threat protection settings" section. In it, click or tap on the Manage settings link.

Manage settings under Virus & threat protection settings

On the "Virus & threat protection settings" page, scroll down to locate the feature we are looking for: "Controlled folder access." Here, the Windows Security app also tells you what this feature is all about: you can use it to "Protect files, folders, and memory areas on your device from unauthorized changes by unfriendly applications." Click or tap on the "Manage Controlled folder access" link.

Manage Controlled folder access link from Controlled folder access

The previous action opens a new settings page called Ransomware protection. It starts by telling you what you can do: "Protect your files against threats like ransomware, and see how to restore files in case of an attack." Then, you get to see the same "Controlled folder access" description that we've mentioned earlier and, beneath it, the On/Off switch. Click or tap on the switch to enable Windows 10's built-in ransomware protection.

Turning on the Controlled folder access in Windows 10

NOTE: When you turn on "Controlled folder access," you are asked to confirm the action by a UAC (User Account Control) prompt. Once you confirm, the feature is enabled, and all the default user folders from Windows 10 are protected against ransomware attacks.

How to see the history of ransomware attacks

When you enable the "Controlled folder access" feature, the Windows Security app displays three links beneath the switch. The first one is called Block history. If you click or tap on it, Windows Security loads its Protection history page, where it shows you the history of protection actions taken by Microsoft Defender Antivirus.

Windows 10 Ransomware protection: Check the Block history

How to see which folders are protected against ransomware by Microsoft Defender Antivirus

The next link from the "Controlled folder access" is called simply "Protected folders." Click or tap on it, and you can check and manage the folders that are taken care of by Microsoft Defender Antivirus.

Windows 10 Protected folders

On the "Protected folders" page, the Windows Security app starts by telling you that "Windows system folders are protected by default." and that *"You can also add additional protected folders."*Then, you have a button called "+ Add a protected folder," followed by a relatively long list of folders that are protected. By default, this list contains all the users' folders from Windows 10: Documents, Pictures, Videos, Music, and Favorites.

The list of folders protected by Windows 10 against ransomware

The default protected folders cannot be removed from the list, but you can add new folders to the list so that Microsoft Defender Antivirus can protect them against unauthorized changes.

How to add new folders to the list of "Protected folders"

To add a new folder to the protected list, click or tap on the "+ Add a protected folder" button.

Adding a new folder to the list of folders protected against ransomware

Choose the new folder that you want to protect and then click or tap on the "Select Folder" button.

Choosing the folder that gets ransomware protection in Windows 10

The folder you've selected is then immediately added to the list of folders protected against ransomware threats.

The selected folder is now protected against ransomware

How to remove a folder from the list of "Protected folders"

The default user folders cannot be removed from this list. However, those that you added on your own can be removed. To do that, click or tap on one of your folders from the list of "Protected folders" and then click or tap on the Remove button.

Removing a folder from the ransomware protection list

When you choose to remove a folder from the protected list, you have to confirm your action. The Windows Security app also explicitly tells you that "By removing this folder, Controlled folder access will no longer be protecting it from unauthorized changes." If you still want to do that, click or tap on OK. Otherwise, click/tap Cancel.

Confirming the removal of a folder from the ransomware protection list

How to whitelist an app (or how to allow an app through "Controlled folder access")

Back in the "Controlled folder access" section from the Windows Security app, the third link beneath the On/Off switch lets you "Allow an app through Controlled folder access." Click or tap on it if you want to whitelist an app that you trust so that it can make changes in your protected folders.

Allow an app through Controlled folder access

In the "Allow an app through Controlled folder access" window, we learn that "Most of your apps will be allowed by Controlled folder access without adding them here. Apps determined by Microsoft as friendly are always allowed." That's great, but we wished to know what apps Microsoft thinks are friendly. Unfortunately, we could not find any list either on the internet or in Windows 10. However, if one of your apps is blocked by the "Controlled folder access" feature, you can manually add it here to whitelist it and allow it access to your protected folders.

To do that, click or tap in the "+ Add an allowed app" button.

Whitelist an app in Controlled folder access

When you click or tap on this button, Windows Security shows you a menu with two options: "Recently blocked apps" and "Browse all apps."

Recently blocked apps and Browse all apps options

If you select "Recently blocked apps," Windows Security then shows you a list of apps that were recently denied access to your protected folders. If the app that you want to whitelist is there, click or tap on the plus sign from its left to allow it to make changes in your protected folders.

Whitelist an app in Windows 10's Controlled folder access

If the app you want to whitelist is not there, click or tap on the "Browse all apps" link, or go back and select the same option from the "Add an allowed app" list. Then, browse through your computer or device, select the app you want, and click or tap on the Open button.

Selecting an app that's allowed to make changes in the protected folders

After the app is allowed access to your protected folders, it's displayed in a list on the "Allow an app through Controlled folder access" page from Windows Security.

Apps that are whitelisted in Controlled folder access

How to remove an app from the "Controlled folder access" list

If you no longer want to allow access for an app to your protected folders, click or tap on it and then press the Remove button.

Removing an app from the whitelist

The app is instantly removed from the list of apps that are allowed to make changes inside your protected folders.

Are you using Windows 10's ransomware protection?

Now you know what the "Controlled folder access" ransomware protection feature from Windows 10 is, how to enable, and how to manage it. As you've seen, it's not difficult, and the security you get from using it can be a lifesaver in certain situations. After all, ransomware is one of the greatest plagues of the decade. If you have something to add to our article, do not hesitate to do so in the comments below.