![]() |
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
-
Have you enabled Win10’s ransomware protection?
Home › Forums › AskWoody blog › Have you enabled Win10’s ransomware protection?
- This topic has 56 replies, 24 voices, and was last updated 2 weeks, 4 days ago.
Viewing 20 reply threads-
AuthorPosts
-
-
February 1, 2021 at 1:05 am #2339216
Fred Langa
AskWoody MVP -
February 1, 2021 at 5:07 am #2339281
Wayne
AskWoody PlusThis sounds like a good idea but my Ransomware protection page says “Controlled folder access requires turning on Real-time protection.” What’s that and how do I do it?
Is it related to my having Avira Antivirus (free version) installed and working?
If I don’t like it, what happens if I turn it off?
Thanks!
-
February 1, 2021 at 6:19 am #2339308
PKCano
Manager-
February 8, 2021 at 9:16 am #2341837
-
-
February 1, 2021 at 8:30 am #2339387
Amy Babinchak
Manager-
February 1, 2021 at 8:32 am #2339391
-
February 8, 2021 at 9:18 am #2341845
rc primak
AskWoody_MVP-
February 8, 2021 at 10:12 am #2341879
anonymous
GuestSomewhere you had noted “…Malwarebytes is one of a very few AV programs (possibly also Immunet) which don’t have to take over the Windows Security Center…”
But I found that Immunet does take it over and doesn’t have an option to de-couple.
Cheers,
-Steve
1 user thanked author for this post.
-
February 15, 2021 at 11:25 am #2343821
rc primak
AskWoody_MVPI only said “possibly”. Immunet used to advertise that they’re compatible with Windows Defender and could run simultaneously. I guess that’s changed. This seems to have changed with more recent updates to Windows 10. It wasn’t a change in Immunet. See:
https://support.immunet.com/topic/6942-how-to-run-without-disable-windows-defender/
and
https://support.immunet.com/topic/6573-option-to-enabledisable-security-centre-integration/
Also, the term is “register with the Windows Security Center”. If a third-party program has an option not to do this,it will leave Windows Defender available. Usually not recommended.
-- rc primak
-
-
-
-
February 13, 2021 at 8:46 am #2343269
Ken
AskWoody PlusIf I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct? All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?
I have Malwarebytes which includes ransomware protection: is this not enough?
-
February 13, 2021 at 9:33 am #2343291
b
AskWoody MVPIf I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct?
No. Fred said;
If you use OneDrive, I think the ransomware data recovery option is nice to have — but it’s not a deciding factor in itself. The main protection — Controlled folder access — works just fine with or without OneDrive.
All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?
Yes:
You can also specify network shares and mapped drives.
I have Malwarebytes which includes ransomware protection: is this not enough?
Probably.
-
February 15, 2021 at 11:34 am #2343831
-
-
-
February 1, 2021 at 8:28 am #2339385
iccohen1
AskWoody PlusAlways enjoy reading Fred’s articles. But this one has thrown me for a loop. I have a Win 10 PC Home Edition, and went to enable the Ransomware settings. But when I do, I get the “Page not available – Your IT administrator has limited access to some areas…”.
Well, I didn’t recall seeing THAT message before. So first thing, I disabled the Immunet anti-virus I downloaded (per the suggestion from Deanna McElveen in the last issue of Woody’s), that didn’t work. Reviewed stuff on Google, they all said “Group Policy Settings,, blah blah blah” can’t do that, I have Home Edition.
I have Malwarebytes (Free Edition, passive) CryptoPrevent (which I also disabled) and Windows Defender Firewall, as well as the above-mentioned anti-virus. Should I try using the “hidden” Admin account as noted on this page? https://appuals.com/fix-your-it-administrator-has-limited-access/.
This is quite frustrating.
Cheers,
-Steve Cohen
1 user thanked author for this post.
-
February 1, 2021 at 8:42 am #2339395
Amy Babinchak
Manager -
February 2, 2021 at 12:20 am #2339716
Colorado_Hiker
AskWoody PlusYou might try looking at this post:
Plus what Amy and others said about running multiple AVs.
-
This reply was modified 1 month ago by
Colorado_Hiker.
1 user thanked author for this post.
-
This reply was modified 1 month ago by
-
-
February 1, 2021 at 11:27 am #2339455
PBear.SF
AskWoody PlusNot to mention… many third-party anti-virus/security solutions, like Bitdefender (which I use), provide the same Controlled Folder Access method of protecting against ransomware. So, turning on the feature in Windows Security at the same time would be a duplication of effort — and, basically overkill. 🙂
--
PBear.SF -
February 1, 2021 at 1:16 pm #2339544
tcc089
AskWoody PlusSo, we can’t have a third-party AV solution in place if we want MS’s ransomware protection. With all due respect to Fred who I enjoy reading above all else, perhaps that could have been stated in the article upfront. And the Windows behavior itself in this respect sounds like another example of MS trying to make sure you use their products, and no one else’s. That’s a real shame. Oh well. Many thanks for raising the topic nonetheless Fred.
4 users thanked author for this post.
-
February 1, 2021 at 1:47 pm #2339561
Wayne
AskWoody PlusFor what it’s worth, I have the impression that many if not all of the AskWoody gurus are happy enough with the most recent version of MS Defender to use it in place of their previous antivirus favourites. I recall several occasions and at least one forum discussion stating that MS has upped its antivirus game to match the third-party antivirus programs and therefore does an adequate job of defense—or even better than adequate according to comparison tests. Some gurus mentioned it might integrate better with Windows, causing fewer conflicts or problems and saving the space that third-party programs occupy.
On the other hand, Avira has served me well for years and years (as far as I know anyway) so I’m very reluctant to change horses . . .
2 users thanked author for this post.
-
-
February 1, 2021 at 2:35 pm #2339575
dvhirst865
AskWoody LoungerI just went to turn it on and had no issues (I am using Windows Defender, along with scheduled MalwareBytes manual scans). I have several data storage drives on my pc, which weren’t protected by default at startup. It turns out to be fairly simple to enable protection for these drives, as well. Open Control Panel > (System Properties) System Protection. Click on the drive of interest in the Protection Settings box to select it. Then click on Configure and click the Turn on system protection radio button to enable it. Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK. Repeat as necessary. Done.
All the documention I found via Google referred to OneDrive, which is not what I needed. The above procedure turned the trick for me.
DVH
-
February 1, 2021 at 9:53 pm #2339697
b
AskWoody MVPI have several data storage drives on my pc, which weren’t protected by default at startup. It turns out to be fairly simple to enable protection for these drives, as well. Open Control Panel > (System Properties) System Protection. Click on the drive of interest in the Protection Settings box to select it. Then click on Configure and click the Turn on system protection radio button to enable it. Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK. Repeat as necessary. Done.
That’s to create System Restore points, which don’t include user data files, so it’s unconnected with ransomware protection.
1 user thanked author for this post.
-
February 8, 2021 at 9:23 am #2341851
rc primak
AskWoody_MVPMalwarebytes is one of a very few AV programs (possibly also Immunet) which don’t have to take over the Windows Security Center and prevent using features like Protected Folders (anti-ransomware). Just don’t check the box which allows these programs to “Integrate with the Windows Security Center”.
-- rc primak
-
February 15, 2021 at 11:19 am #2343819
-
-
-
February 1, 2021 at 7:06 pm #2339663
Carl D
AskWoody LoungerBeen using Windows 10’s ransomware protection for some time now.
I have to allow an exception to Paint Shop Pro 9 (which still works with Windows 10 after 15 years or so) or the program refuses to start, I get an error message. Probably because PSP9 needs access to the My PSP Files folder in Documents.
I also can’t save anything scanned with my Epson scanner/printer (the default save location is Documents) unless I allow an exception there (or temporarily disable the ransomware protection).
Also, downloading images with Firefox seems to be a bit of a “hit and miss affair” with W10’s ransomware protection enabled – sometimes it lets me download the image, sometimes it won’t and I get a similar error message to PSP9. I usually just temporarily disable it in these cases.
But, overall I believe the benefits of having the ransomware protection turned on definitely outweighs the possible inconveniences.
PC 1: Gigabyte GA-B250M-D3H Motherboard, Intel i5-7600 CPU, 32GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 20H2 64bit.
PC 2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1030 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 20H2 64bit.
1 user thanked author for this post.
-
February 8, 2021 at 9:24 am #2341852
-
-
February 2, 2021 at 1:27 am #2339729
CardcaptorRLH85
AskWoody PlusI’ve noticed a problem with setting up this ransomware protection. I don’t get notifications when something is blocked. Various programs have just been silently failing in the background when they try to access one of the protected folders. Is there a way to make sure that I actually get prompted to allow apps when they try to access a protected folder?
-
February 3, 2021 at 10:35 am #2340154
Amy Babinchak
ManagerOpen Defender, now called Security. Down at the bottom on the menu there’s a gear. Click that to go into settings. Make sure the slider for Get informational notifications is on. Under it also make sure that the box for Files or Activities are blocked is checked. That should do it.
1 user thanked author for this post.
-
-
February 2, 2021 at 1:31 am #2339735
Paul T
AskWoody MVP-
February 2, 2021 at 2:36 am #2339749
CardcaptorRLH85
AskWoody Plus-
February 8, 2021 at 9:27 am #2341854
rc primak
AskWoody_MVPAre these drives ever connected to the computer(s) when it/they is/are connected to the Internet? Even if not, if a PC EVER connects to the Internet, it can download delayed malware which can encrypt all drives which get attached from then onward. But your scheme seems better than most home networks in preventing unrecoverable ransomware attacks.
-- rc primak
-
-
-
February 2, 2021 at 3:10 am #2339751
Alex5723
AskWoody Plusransomware isn’t exactly at the top of my list of worries
If you have a dormant ransomware on your system, no restore will help as your backups will be contaminated as well.
1 user thanked author for this post.
-
February 5, 2021 at 8:08 am #2340655
rgmwilliams
AskWoody PlusI read Fred Langa’s article on Ransomeware; I appreciated being informed of this security utility within Win10.
I turned on ransomeware. When I first tried running a program, as expected, it had issues with saving. I went into ransomeware and authorized it to read the directory it needed to. This happened to one other program as well. All fine and good.
I notice, however, that it didn’t have problems with Office 365 saving, nor Notepad++. Both of those programs seem to work fine, without any assistance.
I’m on Winver 1909.
Why would this be? Thank you.
1 user thanked author for this post.
-
February 8, 2021 at 9:35 am #2341864
E Pericoloso Sporgersi
AskWoody PlusIt comes down to either you want Defender or you don’t.
I beg to disagree.
See my post
-
February 9, 2021 at 12:09 am #2342083
pastorjoe
AskWoody Plus-
February 9, 2021 at 8:48 am #2342171
b
AskWoody MVPClicking anywhere in the notification takes you to Start, Settings, Update & Security, Windows Security, Virus & threat protection, Manage ransomware protection, Block history where you can click on the latest entry at the top and then Actions, Allow on device (after UAC prompt) as shown in the article: “Click on the popup, and you’re brought to the Protection history dialog (see Figure 2).“
1 user thanked author for this post.
-
-
February 13, 2021 at 10:17 am #2343299
ClearThunder
AskWoody Plus-
February 13, 2021 at 10:23 am #2343301
-
-
February 14, 2021 at 5:31 am #2343485
Mele20
AskWoody Lounger-
February 14, 2021 at 8:15 am #2343501
access-mdb
AskWoody MVPI have well over 20,000 photos with the oldest going back to the 1850s. These are precious to me, so I would be distraught to lose them. They are of no value to anyone else. Similarly a lot of information that’s important to me. I don’t think I have anything that’s dangerous, but wouldn’t want anyone making use of my photos or information to scam other people.
I suspect many others will have similar stories to tell.
-
-
February 14, 2021 at 12:31 pm #2343549
-
February 14, 2021 at 12:59 pm #2343553
Microfix
AskWoody MVPDon’t need to is my answer.
We have NO personal/sensitive files or docs on any of our PC’s
External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen. All that we’d lose is the OS with portable apps that can be restored in 20mins or so.
Our ransomware risk scenario is therefor minimised. -
February 14, 2021 at 1:29 pm #2343567
Alex5723
AskWoody PlusExternal Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen
The moment you connect your USB drives/USB flash the data maybe encrypted by a dormant ransomware app. the dormant ransomware app can be found also on your backup drives/cloud..
-
This reply was modified 2 weeks, 6 days ago by
Alex5723.
-
February 14, 2021 at 2:07 pm #2343572
Microfix
AskWoody MVP-
February 14, 2021 at 2:33 pm #2343579
b
AskWoody MVP-
February 14, 2021 at 2:59 pm #2343582
Microfix
AskWoody MVPI don’t backup W10 when testing/using it, W10 has inbuilt albeit prompted functionality to self heal hence foregoing backups. Which is one of the progressive improving things in W10, specifically DISM
Considering ransomware is primarily actioned against business, my train of thought is it’s scaremongering homeusers into a security frenzy where logic has left the building.-
February 15, 2021 at 11:05 am #2343814
-
-
February 15, 2021 at 11:06 am #2343815
rc primak
AskWoody_MVP(The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)
“eternal drives”? (Yeah, I know it’s a typo, but I wonder just how slow your USB bus must be 🙂 !)
-- rc primak
-
This reply was modified 2 weeks, 5 days ago by
rc primak.
1 user thanked author for this post.
-
This reply was modified 2 weeks, 5 days ago by
-
-
-
This reply was modified 2 weeks, 6 days ago by
-
February 14, 2021 at 6:26 pm #2343620
Mele20
AskWoody Loungerdangerous
It has nothing to do with dangerous.
People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.Why would anyone do what you describe? That’s risky. Keep paper records only and keep copies of those that are irreplaceable in your safety deposit box…you do have one don’t you? If you have lots of photos on your computer surely you make backups to CD/DVD’s and surely you support Dell as one of the few (if not only major computer maker today) which still includes CD/DVD Rom drives on their desktops…you do have a desktop don’t you?
1 user thanked author for this post.
-
February 15, 2021 at 12:07 pm #2343846
rexr
AskWoody PlusLANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
[See the full post at: Have you enabled Win10’s ransomware protection?]Yes, Ransomware protection enabled for a month or two. It asked to allow a few Controlled Folder Access’es and that’s it. A little more protection with no overhead that i notice.
Regular Backups of everything.
Win10 Pro 20H2 19042.804
Backups with Macrium Reflect home edition1 user thanked author for this post.
-
February 16, 2021 at 2:08 am #2344027
Paul T
AskWoody MVPConsidering ransomware is primarily actioned against business
Not so, ransomware targets anyone who can pay.
A home PC owner is likely to have photos, email etc that is as important to them as any business data.cheers, Paul
-
-
AuthorPosts
Viewing 20 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search Newsletters
Search Forums
Recent Replies
areader on Free-form database wanted
25 minutes agoSusan Bradley on Do you still patch on premises Exchange servers?
1 hour, 22 minutes agoAscaris on Trying Linux on your Windows system
3 hours, 10 minutes agoOscarCP on Aren't these the greatest performances of classical music?
5 hours, 20 minutes agoWCHS on Tasks for the weekend – February 20, 2021 – it’s Squirrel away time
5 hours, 26 minutes ago280park on MS-DEFCON 4 – February updates trigger few issues
5 hours, 38 minutes agoOscarCP on AI generated play
5 hours, 43 minutes agoOscarCP on At Least 30,000 U.S. Organizations Newly Hacked Via Microsoft’s Email Software
6 hours, 7 minutes agoKurtSchwan on Using Microsoft OneDrive on your Android device
6 hours, 27 minutes agoRick Corbett on Free-form database wanted
6 hours, 46 minutes agoLHiggins on Battery, Power Management Questions
7 hours, 12 minutes agompw on Getting ready for upgrade to 20H2
7 hours, 28 minutes agoJohn on ‘System’ reports high CPU
7 hours, 30 minutes agoAmy Babinchak on Do you still patch on premises Exchange servers?
8 hours, 4 minutes agoBob99 on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
8 hours, 38 minutes agoDanE1234 on Free-form database wanted
8 hours, 54 minutes agoBob99 on ‘System’ reports high CPU
9 hours, 3 minutes agoabbodi86 on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
9 hours, 9 minutes agoBob99 on Seriously, MBAM?
9 hours, 11 minutes agoRick Corbett on Seriously, MBAM?
9 hours, 34 minutes agoAlex5723 on LinkedIn will stop collecting IDFA data on iOS
9 hours, 38 minutes agoSimon_Weel on Do you still patch on premises Exchange servers?
9 hours, 39 minutes agoCharlie on 117 patches for GRUB2
9 hours, 48 minutes agoPKCano on Windows 10 Home update: wushowhide.diagcab won’t download
9 hours, 56 minutes agoJohn on ‘System’ reports high CPU
10 hours, 1 minute agoMicrofix on Trying Linux on your Windows system
10 hours, 6 minutes agoprestonsmith on Trying Linux on your Windows system
10 hours, 25 minutes agoprestonsmith on Trying Linux on your Windows system
10 hours, 30 minutes agoanonymous on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
10 hours, 34 minutes agob on Do you still patch on premises Exchange servers?
10 hours, 45 minutes ago
Recent Topics
-
Tasks for the weekend March 6 – check your logins
15 minutes ago
-
Why do “print to PDF” articles contain 2 copies of each image?
2 hours, 28 minutes ago
-
ESU 2021 activation “error: product not found”
6 hours, 45 minutes ago
-
Plus member bonus – Exchange security issue
48 minutes ago
-
Encrypted DNS (DoH) now on Win 10 – but better than dnscrypt-proxy?
8 hours, 6 minutes ago
-
Download DVD disk
8 hours, 44 minutes ago
-
Windows 10 Home update: wushowhide.diagcab won’t download
9 hours, 56 minutes ago
-
Macro app for Windows 10?
12 hours, 42 minutes ago
-
Where are we as respects 20H2 Feature Upgrade?
15 hours, 27 minutes ago
-
upgrading method
21 hours, 44 minutes ago
-
At Least 30,000 U.S. Organizations Newly Hacked Via Microsoft’s Email Software
6 hours, 7 minutes ago
-
Telemetry
23 hours, 14 minutes ago
-
Microsoft Security Response Center
1 day, 3 hours ago
-
SRU and SRUDB
1 day, 10 hours ago
-
‘System’ reports high CPU
7 hours, 30 minutes ago
-
AI generated play
5 hours, 43 minutes ago
-
Free-form database wanted
25 minutes ago
-
LinkedIn will stop collecting IDFA data on iOS
9 hours, 38 minutes ago
-
February Update 20H2 – Telemetry changes
21 hours ago
-
KB4603002 – Feb 2021 Patch for .Net Framework.
2 days, 13 hours ago
-
reboot takes forever, normal boot from off is quick
1 day, 11 hours ago
-
Windows 10 Insider Preview build 21327 released to DEV Channel
3 days, 3 hours ago
-
Using IFS function and BETWEEN condition
3 days, 4 hours ago
-
OS upgrade
2 days, 22 hours ago
-
Microsoft.Windows.Remediation failed to start
1 day, 12 hours ago
-
117 patches for GRUB2
9 hours, 48 minutes ago
-
Google says it will stop selling ads based on people’s browsing histories
3 days, 6 hours ago
-
Stuck updates
2 days, 15 hours ago
-
Battery, Power Management Questions
7 hours, 13 minutes ago
-
Avatar
2 days, 18 hours ago
Search for Topics
Recent blog posts
- Tasks for the weekend March 6 – check your logins
- Plus member bonus – Exchange security issue
- March 2021 Office non-Security Updates are now available
- Do you still patch on premises Exchange servers?
- “Stuttering” glitch on a brand-new PC
- Here’s looking at you, kid: the child-cam scam
- The best things in life are copyrighted
- Using Microsoft OneDrive on your Android device
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.