• Have you enabled Win10’s ransomware protection?

    Home » Forums » Newsletter and Homepage topics » Have you enabled Win10’s ransomware protection?

    Author
    Topic
    #2339216

    LANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
    [See the full post at: Have you enabled Win10’s ransomware protection?]

    3 users thanked author for this post.
    Viewing 34 reply threads
    Author
    Replies
    • #2339281

      This sounds like a good idea but my Ransomware protection page says “Controlled folder access requires turning on Real-time protection.” What’s that and how do I do it?

      Is it related to my having Avira Antivirus (free version) installed and working?

      If I don’t like it, what happens if I turn it off?

      Thanks!

      • #2339308

        Many anti-virus programs turn off Defender real-time protection so as not to have a conflict and/or over-use resources (running 2 AVs at the same time).
        That might be the case with your Avira installation.

        2 users thanked author for this post.
        • #2341837

          I had Avira for awhile. That is indeed the case — it’s one of the third party AV programs which turn off Windows Defender. Ransomware protection would have to come from the Avira Premium version in this case.

          -- rc primak

        • #2433382

          PK: We are talking about a different case: 3rd party AV uses Defender. In that case, how does one turn on Windows Security and enable Win 10 Ransomware protection?

          • #2433451

            If you’re using Malwarebytes Premium, it has to be unregistered.

            See #2433120

            Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      • #2339387

        In order to take advantage of the advanced security offering in Defender you can’t run a third party anti-virus too. It comes down to either you want Defender or you don’t.

        8 users thanked author for this post.
      • #2343269

        If I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct? All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?

        I have Malwarebytes which includes ransomware protection: is this not enough?

        • #2343291

          If I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct?

          No. Fred said;

          If you use OneDrive, I think the ransomware data recovery option is nice to have — but it’s not a deciding factor in itself. The main protection — Controlled folder access — works just fine with or without OneDrive.

           

          All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?

          Yes:

          You can also specify network shares and mapped drives.

          Protect additional folders

           

          I have Malwarebytes which includes ransomware protection: is this not enough?

          Probably.

          Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        • #2343831

          I have Malwarebytes which includes ransomware protection: is this not enough?

          It is enough. As good as or better than Windows Security Center’s protections.

           

          -- rc primak

    • #2339385

      Always enjoy reading Fred’s articles. But this one has thrown me for a loop. I have a Win 10 PC Home Edition, and went to enable the Ransomware settings. But when I do, I get the “Page not available – Your IT administrator has limited access to some areas…”.

      Well, I didn’t recall seeing THAT message before. So first thing, I disabled the Immunet anti-virus I downloaded (per the suggestion from Deanna McElveen in the last issue of Woody’s), that didn’t work. Reviewed stuff on Google, they all said “Group Policy Settings,, blah blah blah” can’t do that, I have Home Edition.

       

      I have Malwarebytes (Free Edition, passive) CryptoPrevent (which I also disabled) and Windows Defender Firewall, as well as the above-mentioned anti-virus. Should I try using the “hidden” Admin account as noted on this page? https://appuals.com/fix-your-it-administrator-has-limited-access/.

      This is quite frustrating.

      Cheers,

      -Steve Cohen

      1 user thanked author for this post.
    • #2339455

      Not to mention… many third-party anti-virus/security solutions, like Bitdefender (which I use), provide the same Controlled Folder Access method of protecting against ransomware.  So, turning on the feature in Windows Security at the same time would be a duplication of effort — and, basically overkill.  🙂

      --
      PBear.SF

      3 users thanked author for this post.
    • #2339544

      So, we can’t have a third-party AV solution in place if we want MS’s ransomware protection.  With all due respect to Fred who I enjoy reading above all else, perhaps that could have been stated in the article upfront.  And the Windows behavior itself in this respect sounds like another example of MS trying to make sure you use their products, and no one else’s.  That’s a real shame.  Oh well.  Many thanks for raising the topic nonetheless Fred.

      6 users thanked author for this post.
      • #2339561

        For what it’s worth, I have the impression that many if not all of the AskWoody gurus are happy enough with the most recent version of MS Defender to use it in place of their previous antivirus favourites. I recall several occasions and at least one forum discussion stating that MS has upped its antivirus game to match the third-party antivirus programs and therefore does an adequate job of defense—or even better than adequate according to comparison tests. Some gurus mentioned it might integrate better with Windows, causing fewer conflicts or problems and saving the space that third-party programs occupy.

        On the other hand, Avira has served me well for years and years (as far as I know anyway) so I’m very reluctant to change horses . . .

         

        3 users thanked author for this post.
      • #2433379

        RG:

        Could you explain how you enabled Controlled Folder Access?

        I have the same setup as you do with Windows Defender enabled but get error message. Unfortunately Fred does not explain this in his article. In fact, he implies one should be able to enable Controlled Folder Access as long as Windows Defender is enabled.

    • #2339575

      I just went to turn it on and had no issues (I am using Windows Defender, along with scheduled MalwareBytes manual scans).  I have several data storage drives on my pc, which weren’t protected by default at startup.  It turns out to be fairly simple to enable protection for these drives, as well.  Open Control Panel > (System Properties) System Protection.  Click on the drive of interest in the Protection Settings box to select it.  Then click on Configure and click the Turn on system protection radio button to enable it.  Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK.  Repeat as necessary.  Done.

      All the documention I found via Google referred to OneDrive, which is not what I needed.  The above procedure turned the trick for me.

      DVH

      • #2339697

        I have several data storage drives on my pc, which weren’t protected by default at startup.  It turns out to be fairly simple to enable protection for these drives, as well.  Open Control Panel > (System Properties) System Protection.  Click on the drive of interest in the Protection Settings box to select it.  Then click on Configure and click the Turn on system protection radio button to enable it.  Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK.  Repeat as necessary.  Done.

        That’s to create System Restore points, which don’t include user data files, so it’s unconnected with ransomware protection.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        1 user thanked author for this post.
      • #2341851

        Malwarebytes is one of a very few AV programs (possibly also Immunet) which don’t have to take over the Windows Security Center and prevent using features like Protected Folders (anti-ransomware). Just don’t check the box which allows these programs to “Integrate with the Windows Security Center”.

        -- rc primak

        1 user thanked author for this post.
        • #2343819

          Slight error in terminology. The term is “register with the Windows Security Center”. Thanks to Will Fastie for pointing that out to me in a different Lounge thread.

          -- rc primak

    • #2339663

      Been using Windows 10’s ransomware protection for some time now.

      I have to allow an exception to Paint Shop Pro 9 (which still works with Windows 10 after 15 years or so) or the program refuses to start, I get an error message. Probably because PSP9 needs access to the My PSP Files folder in Documents.

      I also can’t save anything scanned with my Epson scanner/printer (the default save location is Documents) unless I allow an exception there (or temporarily disable the ransomware protection).

      Also, downloading images with Firefox seems to be a bit of a “hit and miss affair” with W10’s ransomware protection enabled – sometimes it lets me download the image, sometimes it won’t and I get a similar error message to PSP9. I usually just temporarily disable it in these cases.

      But, overall I believe the benefits of having the ransomware protection turned on definitely outweighs the possible inconveniences.

      PC1: Gigabyte B560M D2V Motherboard, Intel i5 11400 CPU, 16GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 22H2 64bit.
      PC2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 22H2 64bit.

      1 user thanked author for this post.
    • #2339729

      I’ve noticed a problem with setting up this ransomware protection.  I don’t get notifications when something is blocked.  Various programs have just been silently failing in the background when they try to access one of the protected folders.  Is there a way to make sure that I actually get prompted to allow apps when they try to access a protected folder?

      • #2340154

        Open Defender, now called Security. Down at the bottom on the menu there’s a gear. Click that to go into settings. Make sure the slider for Get informational notifications is on. Under it also make sure that the box for Files or Activities are blocked is checked. That should do it.

        1 user thanked author for this post.
    • #2339735

      An alternative to using Controlled Folder Access is to buy one of the backup programs that include ransomware protection. They are less than $50 and you get a backup as well as protection.

      cheers, Paul

      • #2339749

        To be fair, I am already backing up my system using Macrium for on-site backups to my NAS and BackBlaze for offsite cloud backups so, ransomware isn’t exactly at the top of my list of worries but, I thought that an extra layer of protection couldn’t hurt.

        • #2341854

          Are these drives ever connected to the computer(s) when it/they is/are connected to the Internet? Even if not, if a PC EVER connects to the Internet, it can download delayed malware which can encrypt all drives which get attached from then onward. But your scheme seems better than most home networks in preventing unrecoverable ransomware attacks.

          -- rc primak

    • #2339751

      ransomware isn’t exactly at the top of my list of worries

      If you have a dormant ransomware on your system, no restore will help as your backups will be contaminated as well.

      1 user thanked author for this post.
    • #2340655

      I read Fred Langa’s article on Ransomeware; I appreciated being informed of this security utility within Win10.

      I turned on ransomeware. When I first tried running a program, as expected, it had issues with saving. I went into ransomeware and authorized it to read the directory it needed to. This happened to one other program as well. All fine and good.

      I notice, however, that it didn’t have problems with Office 365 saving, nor Notepad++. Both of those programs seem to work fine, without any assistance.

      I’m on Winver 1909.

      Why would this be? Thank you.

      1 user thanked author for this post.
      • #2341861

        Microsoft likely whitelists their own trusted programs. I don’t know about Notepad++, but my best guess is that it leverages Windows Notepad.

        -- rc primak

        • This reply was modified 2 years, 3 months ago by rc primak.
        • #2342090

          Notepad++ has nothing to do with Notepad and does not leverage it.
          It is a long established quality product and is therefore safe to allow free access.

          cheers, Paul

          1 user thanked author for this post.
    • #2341864

      It comes down to either you want Defender or you don’t.

      I beg to disagree.

      See my post

      https://www.askwoody.com/forums/topic/more-on-win10s-ransomware-protection/#post-2341838

      1 Desktop W11
      1 Laptop W10
      Both tweaked to look, behave and feel like Windows 95
    • #2342083

      I enabled protection per the instructions, so far so good.  It blocked access first time I ran a non MS program. So far so good. I received a notification.  NO ACTION BUTTON! How do I allow access if it has no button to do so?

       

      • #2342171

        Clicking anywhere in the notification takes you to Start, Settings, Update & Security, Windows Security, Virus & threat protection, Manage ransomware protection, Block history where you can click on the latest entry at the top and then Actions, Allow on device (after UAC prompt) as shown in the article: “Click on the popup, and you’re brought to the Protection history dialog (see Figure 2).

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        1 user thanked author for this post.
    • #2343299

      The most effective and cost efficient protection against Ransomware is knowledge.

      "War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

      4 users thanked author for this post.
      • #2343301

        Controlled Folder Access is free and protects your data files even when you’re not present.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        1 user thanked author for this post.
    • #2343485

      Wow! I had no idea so many ordinary folks had such extremely precious and dangerous to the world stuff on their computers!

      • #2343501

        I have well over 20,000 photos with the oldest going back to the 1850s. These are precious to me, so I would be distraught to lose them. They are of no value to anyone else. Similarly a lot of information that’s important to me. I don’t think I have anything that’s dangerous, but wouldn’t want anyone making use of my photos or information to scam other people.

        I suspect many others will have similar stories to tell.

        Eliminate spare time: start programming PowerShell

        2 users thanked author for this post.
    • #2343549

      dangerous

      It has nothing to do with dangerous.
      People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.

      2 users thanked author for this post.
    • #2343553

      Don’t need to is my answer.
      We have NO personal/sensitive files or docs on any of our PC’s
      External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen. All that we’d lose is the OS with portable apps that can be restored in 20mins or so.
      Our ransomware risk scenario is therefor minimised.

      Keeping IT Lean, Clean and Mean!
    • #2343567

      External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen

      The moment you connect your USB drives/USB flash the data maybe encrypted by a dormant ransomware app. the dormant ransomware app can be found also on your backup drives/cloud..

      • This reply was modified 2 years, 3 months ago by Alex5723.
      4 users thanked author for this post.
      • #2343572

        Thanks for the reminder, it’s minimised even more, we dont have such a thing as ‘dormant’ apps on Win7/ Win8.1/ XP Pro(offline/ transfer device) or Linux. NOTHING personal/sensitive gets anywhere near W10 when testing/using it

        Keeping IT Lean, Clean and Mean!
        • #2343579

          And the backup drives you connect to image Windows 10 don’t contain anything you wouldn’t want to lose? (The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)

          Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

          1 user thanked author for this post.
          • #2343582

            I don’t backup W10 when testing/using it, W10 has inbuilt albeit prompted functionality to self heal hence foregoing backups. Which is one of the progressive improving things in W10, specifically DISM
            Considering ransomware is primarily actioned against business, my train of thought is it’s scaremongering homeusers into a security frenzy where logic has left the building.

            Keeping IT Lean, Clean and Mean!
            • #2343814

              No. This is simply not the case for anything not part of the Windows System itself. Most of what people would lose is not in that category.

              -- rc primak

          • #2343815

            (The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)

            “eternal drives”? (Yeah, I know it’s a typo,  but I wonder just how slow your USB bus must be 🙂 !)

            -- rc primak

            • This reply was modified 2 years, 3 months ago by rc primak.
            1 user thanked author for this post.
            b
    • #2343620

      dangerous

      It has nothing to do with dangerous.
      People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.

      Why would anyone do what you describe? That’s risky. Keep paper records only and keep copies of those that are irreplaceable in your safety deposit box…you do have one don’t you? If you have lots of photos on your computer surely you make backups to CD/DVD’s and surely you support Dell as one of the few (if not only major computer maker today) which still includes CD/DVD Rom drives on their desktops…you do have a desktop don’t you?

      1 user thanked author for this post.
      • #2343672

        Keeping your important stuff on your PC is very sensible.
        Having proper backups is an absolute necessity.
        Using one of the backup apps with ransomware protection is even more sensible.

        cheers, Paul

        5 users thanked author for this post.
        • #2343817

          Equally sensible is to have hard copies and off-site backups if the stuff is that important. For photos, cloud storage is also a practical safeguard. Encrypt before uploading anything, even image files, if you don’t want prying eyes to see it.

          -- rc primak

          1 user thanked author for this post.
    • #2343846

      LANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
      [See the full post at: Have you enabled Win10’s ransomware protection?]

      Yes, Ransomware protection enabled for a month or two. It asked to allow a few Controlled Folder Access’es and that’s it. A little more protection with no overhead that i notice.

      Regular Backups of everything.

      Win10 Pro 20H2,backups with Macrium Reflect home edition
      1 user thanked author for this post.
      b
    • #2344027

      Considering ransomware is primarily actioned against business

      Not so, ransomware targets anyone who can pay.
      A home PC owner is likely to have photos, email etc that is as important to them as any business data.

      cheers, Paul

    • #2367801

      I’ve enabled this and for the most part, no problem. I receive an notice from time to time referring to a known application, related to what I know is happening. So sweat. However, I also get odd ones that are a puzzle, such as:

      Protected memory access blocked
      App or process blocked: taskhostw.exe
      Protected folder: \Device\CdRom0

      Where the heck does this come from?

      • #2367928

        CFA must use a database of allowed actions, but some actions will have been missed, or are considered both good and bad.
        I’m sure MS have a document on this, but I’m also sure you don’t want to wander through it to understand some minor technical detail.

        If things are still working and you think you need the protection, ignore the errors.

        Note: this is not a substitute for regular backups.

        cheers, Paul

    • #2368035

      In Norton 360, their “Data Protection” feature is configured as shown here.
      I’ve never heard a peep out of it, so not sure if it works.

      I would think that somewhere along the line i would have used a web app that would not be in their whitelist that created a file that I saved to my docs folder.

      Or maybe it just has a very comprehensive whitelist.

      Or maybe it’s smart enough to know that if I am using the download/Save To function, that it is not a risk?

      https://support.norton.com/sp/en/us/home/current/solutions/v130571264

       

      1 user thanked author for this post.
    • #2375483

      This has been such an interesting and very useful thread. Thanks, Fred, for starting it. Because of it I’ve discovered that I only have Windows Firewall With Advanced Security, which shows no option for ransomware protection, so I need to install something like Malwarebytes or Avira that will provide it.

      I have an OEM refurb laptop that had Win 10 installed in 2016. Is that why I have Windows Firewall instead of Windows Security?

      Thanks,

      Hamsa

      • #2375499

        No, I think you are looking in the wrong place. The option about ransomware is under the security section, not the firewall section.

        Susan Bradley Patch Lady

    • #2375519

      No Ransomware entry on my W10 Pro 21H1.

      Running Kaspersky A/V

      When I search for Ransomware Protection I get ‘page not available’ notice.

      • #2375531

        In order to take advantage of the advanced security offering in Defender you can’t run a third party anti-virus too. It comes down to either you want Defender or you don’t.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        • #2433380

          “In order to take advantage of the advanced security offering in Defender you can’t run a third party anti-virus too. It comes down to either you want Defender or you don’t.”

          Like many people, I have Defender with third party AV.

          Fred is not clear on this issue: running Defender with third party AV–how does one turn on Windows Security?

          • #2433448

            It’s difficult to grasp what you didn’t understand about Amy’s clarification.

            Fred’s article this week is about exactly that situation.

            Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

            • #2433499

              No, Fred’s article says you have to be running Windows Defender. I am looking for a solution to the problem, not an exegesis of Fred’s article.

    • #2375536

      Hey Y’all,

      I’ve been running Defender as my main A/V and Malwarebytes Premium as secondary (non registered) for years w/o issue on multiple machines. I’ve just successfully enabled Controlled Folder Access with no issues on my main driver. I’ll report back if any problems arise.

      HTH 😎

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

    • #2433184

      When I click on Ransomware Protection, I get the message “Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT help desk for more information” even though I am using Windows Defender.

      • #2433445

        But you aren’t using only Defender.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #2433188

      “Win10’s optional ransomware protection is a part of Windows Security. which is on by default in new Win10 setups. (If you’ve turned it off, you’ll need to re-enable it before using ransomware protection.) ”

      Fred, how does one turn on Windows Security?

    • #2433497

      So using third party AV in addition to Defender turns off Windows Security? I didn’t read that in Fred’s article.

    • #2433568

      I am looking for a solution to the problem

      The solution to the problem is to run Defender.
      3rd party A/Vs usually disable Defender.

    • #2433573

      So using third party AV in addition to Defender turns off Windows Security?

      3rd party A/Vs usually disable Defender. I find some are better than Defender so no lost security.
      Some A/Vs like Malwarebytes work with Defender ON so you have double security.

    • #2433920

      Does this security option work In Win 10 HOME version?

    • #2433926

      I have Emsisoft AV and Windows Defender running but no Windows Security.

      • #2433987

        Where do you see that Microsoft Defender is running if not at Windows Security?

        Nevertheless, if for some reason you really want to use Controlled Folder Access in conjunction with Emsisoft Anti-Malware, simply:

        Open the Start Menu
        Type “Emsisoft Anti-Malware
        Open the app
        Click Settings
        In the Windows Integration section, untick Activate Security Center Integration

        This will reactivate Windows Defender and you will gain access to Controlled Folder Access. Emsisoft Anti-Malware will not be listed in the Windows Defender Security Center, but it will still be functioning and protecting you as usual. However, as mentioned, it is not necessary to have both activated and we recommend against doing so.

        By default, Controlled Folder Access is disabled. If you wish to enable it, follow these steps:

        Open the Start Menu
        Type “Windows Defender Security Center” and open the app
        Select Virus & threat protection
        Click Virus & threat protection settings
        Scroll down until you find the Controlled folder access section
        Click the on/off toggle to enable the feature

        Once Controlled Folder Access is enabled, you can use the Protected folders sub-option to select which folders you wish to protect (e.g. folders containing important photos, documents and other personal files). Windows system folders are protected by default. You can also use the Allow an app through Controlled folder access section to create a whitelist of trusted programs that are allowed to modify files in the protected folders.

        EMSISOFT Blog: What does Windows’ new Ransomware protection actually do?

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        1 user thanked author for this post.
    • #2434095

      b: Thanks for the detailed advice on using EAM with Controlled folder access.

      However, this is what I read on Emsisoft forum from 11/2017

      “Despite Microsoft making some improvements to its security software in recent years, Windows Defender remains far from a perfect solution. In fact, in a recent AV-Test assessment of 18 security Windows 10 security suites, Windows Defender tied for last place due to sub-par protection and performance. The vast majority of our users do not need to worry about activating Controlled Folder Access because Emsisoft Anti-Malware provides much better protection against ransomware. Controlled Folder Access also requires Windows Defender to be activated in order to work, and we generally recommend not using two antivirus products at the same time.”

      This 2017 post is a bit out of date as EAM now uses Windows Defender as firewall.

      Thanks, cma

    • #2434161

      This 2017 post is a bit out of date

      but still true.
      Defender isn’t up to the best 3rd party A/Vs.
      https://www.askwoody.com/forums/topic/microsoft-defender-home-failed-av-test-best-anti-virus-2021/

    • #2434211

      I don’t use controlled folder access, I use a library of partition images (in triplicate, two offline) as well as a couple of sets of full drive images, also stored offline.

      As for Microsoft Defender and Malwarebytes Premium, I have Malwarebytes Premium registered with Security Center Integration activated and it does NOT turn off Microsoft Defender in my setup, not in Windows 10 and not in Windows 11.

      Malwarebytes

      Defender-AV-Network

      Defender-AV-Servide

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

    Viewing 34 reply threads
    Reply To: Have you enabled Win10’s ransomware protection?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: