News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Have you enabled Win10’s ransomware protection?

    Home Forums AskWoody blog Have you enabled Win10’s ransomware protection?

    Viewing 20 reply threads
    • Author
      Posts
      • #2339216
        Fred Langa
        AskWoody MVP

        LANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
        [See the full post at: Have you enabled Win10’s ransomware protection?]

        3 users thanked author for this post.
      • #2339281
        Wayne
        AskWoody Plus

        This sounds like a good idea but my Ransomware protection page says “Controlled folder access requires turning on Real-time protection.” What’s that and how do I do it?

        Is it related to my having Avira Antivirus (free version) installed and working?

        If I don’t like it, what happens if I turn it off?

        Thanks!

        • #2339308
          PKCano
          Manager

          Many anti-virus programs turn off Defender real-time protection so as not to have a conflict and/or over-use resources (running 2 AVs at the same time).
          That might be the case with your Avira installation.

          2 users thanked author for this post.
          • #2341837
            rc primak
            AskWoody_MVP

            I had Avira for awhile. That is indeed the case — it’s one of the third party AV programs which turn off Windows Defender. Ransomware protection would have to come from the Avira Premium version in this case.

            -- rc primak

        • #2339387
          Amy Babinchak
          Manager

          In order to take advantage of the advanced security offering in Defender you can’t run a third party anti-virus too. It comes down to either you want Defender or you don’t.

          7 users thanked author for this post.
          • #2339391
            iccohen1
            AskWoody Plus

            Amy-

            Clearly I missed where it said it was part of Defender. That explains it!

            Thanks for the quick reply.

            -Steve

            1 user thanked author for this post.
          • #2341845
            rc primak
            AskWoody_MVP

            The one exception is Malwarebytes Premium. It will allow the Windows Security Center to continue to operate, but only if you do NOT check off the setting to “Integrate with the Windows Security Center”.

            -- rc primak

        • #2343269
          Ken
          AskWoody Plus

          If I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct? All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?

          I have Malwarebytes which includes ransomware protection: is this not enough?

          • #2343291
            b
            AskWoody MVP

            If I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct?

            No. Fred said;

            If you use OneDrive, I think the ransomware data recovery option is nice to have — but it’s not a deciding factor in itself. The main protection — Controlled folder access — works just fine with or without OneDrive.

             

            All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?

            Yes:

            You can also specify network shares and mapped drives.

            Protect additional folders

             

            I have Malwarebytes which includes ransomware protection: is this not enough?

            Probably.

          • #2343831
            rc primak
            AskWoody_MVP

            I have Malwarebytes which includes ransomware protection: is this not enough?

            It is enough. As good as or better than Windows Security Center’s protections.

             

            -- rc primak

      • #2339385
        iccohen1
        AskWoody Plus

        Always enjoy reading Fred’s articles. But this one has thrown me for a loop. I have a Win 10 PC Home Edition, and went to enable the Ransomware settings. But when I do, I get the “Page not available – Your IT administrator has limited access to some areas…”.

        Well, I didn’t recall seeing THAT message before. So first thing, I disabled the Immunet anti-virus I downloaded (per the suggestion from Deanna McElveen in the last issue of Woody’s), that didn’t work. Reviewed stuff on Google, they all said “Group Policy Settings,, blah blah blah” can’t do that, I have Home Edition.

         

        I have Malwarebytes (Free Edition, passive) CryptoPrevent (which I also disabled) and Windows Defender Firewall, as well as the above-mentioned anti-virus. Should I try using the “hidden” Admin account as noted on this page? https://appuals.com/fix-your-it-administrator-has-limited-access/.

        This is quite frustrating.

        Cheers,

        -Steve Cohen

        1 user thanked author for this post.
      • #2339455
        PBear.SF
        AskWoody Plus

        Not to mention… many third-party anti-virus/security solutions, like Bitdefender (which I use), provide the same Controlled Folder Access method of protecting against ransomware.  So, turning on the feature in Windows Security at the same time would be a duplication of effort — and, basically overkill.  🙂

        --
        PBear.SF

        2 users thanked author for this post.
      • #2339544
        tcc089
        AskWoody Plus

        So, we can’t have a third-party AV solution in place if we want MS’s ransomware protection.  With all due respect to Fred who I enjoy reading above all else, perhaps that could have been stated in the article upfront.  And the Windows behavior itself in this respect sounds like another example of MS trying to make sure you use their products, and no one else’s.  That’s a real shame.  Oh well.  Many thanks for raising the topic nonetheless Fred.

        4 users thanked author for this post.
        • #2339561
          Wayne
          AskWoody Plus

          For what it’s worth, I have the impression that many if not all of the AskWoody gurus are happy enough with the most recent version of MS Defender to use it in place of their previous antivirus favourites. I recall several occasions and at least one forum discussion stating that MS has upped its antivirus game to match the third-party antivirus programs and therefore does an adequate job of defense—or even better than adequate according to comparison tests. Some gurus mentioned it might integrate better with Windows, causing fewer conflicts or problems and saving the space that third-party programs occupy.

          On the other hand, Avira has served me well for years and years (as far as I know anyway) so I’m very reluctant to change horses . . .

           

          2 users thanked author for this post.
          • #2341846
            rc primak
            AskWoody_MVP

            If you have Avira’s Premium product, you should have a ransomware protection option.

            -- rc primak

            • #2341860
              b
              AskWoody MVP

              Free version was mentioned in the first reply in this thread.

              1 user thanked author for this post.
              • #2343828
                rc primak
                AskWoody_MVP

                I was making a distinction. I know the free product was the one mentioned, and that this version has no ransomware protections.

                -- rc primak

      • #2339575
        dvhirst865
        AskWoody Lounger

        I just went to turn it on and had no issues (I am using Windows Defender, along with scheduled MalwareBytes manual scans).  I have several data storage drives on my pc, which weren’t protected by default at startup.  It turns out to be fairly simple to enable protection for these drives, as well.  Open Control Panel > (System Properties) System Protection.  Click on the drive of interest in the Protection Settings box to select it.  Then click on Configure and click the Turn on system protection radio button to enable it.  Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK.  Repeat as necessary.  Done.

        All the documention I found via Google referred to OneDrive, which is not what I needed.  The above procedure turned the trick for me.

        DVH

        • #2339697
          b
          AskWoody MVP

          I have several data storage drives on my pc, which weren’t protected by default at startup.  It turns out to be fairly simple to enable protection for these drives, as well.  Open Control Panel > (System Properties) System Protection.  Click on the drive of interest in the Protection Settings box to select it.  Then click on Configure and click the Turn on system protection radio button to enable it.  Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK.  Repeat as necessary.  Done.

          That’s to create System Restore points, which don’t include user data files, so it’s unconnected with ransomware protection.

          1 user thanked author for this post.
        • #2341851
          rc primak
          AskWoody_MVP

          Malwarebytes is one of a very few AV programs (possibly also Immunet) which don’t have to take over the Windows Security Center and prevent using features like Protected Folders (anti-ransomware). Just don’t check the box which allows these programs to “Integrate with the Windows Security Center”.

          -- rc primak

          • #2343819
            rc primak
            AskWoody_MVP

            Slight error in terminology. The term is “register with the Windows Security Center”. Thanks to Will Fastie for pointing that out to me in a different Lounge thread.

            -- rc primak

      • #2339663
        Carl D
        AskWoody Lounger

        Been using Windows 10’s ransomware protection for some time now.

        I have to allow an exception to Paint Shop Pro 9 (which still works with Windows 10 after 15 years or so) or the program refuses to start, I get an error message. Probably because PSP9 needs access to the My PSP Files folder in Documents.

        I also can’t save anything scanned with my Epson scanner/printer (the default save location is Documents) unless I allow an exception there (or temporarily disable the ransomware protection).

        Also, downloading images with Firefox seems to be a bit of a “hit and miss affair” with W10’s ransomware protection enabled – sometimes it lets me download the image, sometimes it won’t and I get a similar error message to PSP9. I usually just temporarily disable it in these cases.

        But, overall I believe the benefits of having the ransomware protection turned on definitely outweighs the possible inconveniences.

        PC 1: Gigabyte GA-B250M-D3H Motherboard, Intel i5-7600 CPU, 32GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 20H2 64bit.

        PC 2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1030 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 20H2 64bit.

        1 user thanked author for this post.
        • #2341852
          rc primak
          AskWoody_MVP

          I’ve even had issues when a version changes, like CCleaner updates. I have to allow the App all over again.

          -- rc primak

      • #2339729
        CardcaptorRLH85
        AskWoody Plus

        I’ve noticed a problem with setting up this ransomware protection.  I don’t get notifications when something is blocked.  Various programs have just been silently failing in the background when they try to access one of the protected folders.  Is there a way to make sure that I actually get prompted to allow apps when they try to access a protected folder?

        • #2340154
          Amy Babinchak
          Manager

          Open Defender, now called Security. Down at the bottom on the menu there’s a gear. Click that to go into settings. Make sure the slider for Get informational notifications is on. Under it also make sure that the box for Files or Activities are blocked is checked. That should do it.

          1 user thanked author for this post.
      • #2339735
        Paul T
        AskWoody MVP

        An alternative to using Controlled Folder Access is to buy one of the backup programs that include ransomware protection. They are less than $50 and you get a backup as well as protection.

        cheers, Paul

        • #2339749
          CardcaptorRLH85
          AskWoody Plus

          To be fair, I am already backing up my system using Macrium for on-site backups to my NAS and BackBlaze for offsite cloud backups so, ransomware isn’t exactly at the top of my list of worries but, I thought that an extra layer of protection couldn’t hurt.

          • #2341854
            rc primak
            AskWoody_MVP

            Are these drives ever connected to the computer(s) when it/they is/are connected to the Internet? Even if not, if a PC EVER connects to the Internet, it can download delayed malware which can encrypt all drives which get attached from then onward. But your scheme seems better than most home networks in preventing unrecoverable ransomware attacks.

            -- rc primak

      • #2339751
        Alex5723
        AskWoody Plus

        ransomware isn’t exactly at the top of my list of worries

        If you have a dormant ransomware on your system, no restore will help as your backups will be contaminated as well.

        1 user thanked author for this post.
      • #2340655
        rgmwilliams
        AskWoody Plus

        I read Fred Langa’s article on Ransomeware; I appreciated being informed of this security utility within Win10.

        I turned on ransomeware. When I first tried running a program, as expected, it had issues with saving. I went into ransomeware and authorized it to read the directory it needed to. This happened to one other program as well. All fine and good.

        I notice, however, that it didn’t have problems with Office 365 saving, nor Notepad++. Both of those programs seem to work fine, without any assistance.

        I’m on Winver 1909.

        Why would this be? Thank you.

        1 user thanked author for this post.
        • #2341861
          rc primak
          AskWoody_MVP

          Microsoft likely whitelists their own trusted programs. I don’t know about Notepad++, but my best guess is that it leverages Windows Notepad.

          -- rc primak

          • This reply was modified 3 weeks, 5 days ago by rc primak.
          • #2342090
            Paul T
            AskWoody MVP

            Notepad++ has nothing to do with Notepad and does not leverage it.
            It is a long established quality product and is therefore safe to allow free access.

            cheers, Paul

            1 user thanked author for this post.
            • #2343812
              rc primak
              AskWoody_MVP

              Then it must be a program which hasn’t caused conflicts by pure chance.

              -- rc primak

      • #2341864
        E Pericoloso Sporgersi
        AskWoody Plus

        It comes down to either you want Defender or you don’t.

        I beg to disagree.

        See my post

        More on Win10’s Ransomware protection


      • #2342083
        pastorjoe
        AskWoody Plus

        I enabled protection per the instructions, so far so good.  It blocked access first time I ran a non MS program. So far so good. I received a notification.  NO ACTION BUTTON! How do I allow access if it has no button to do so?

         

        • #2342171
          b
          AskWoody MVP

          Clicking anywhere in the notification takes you to Start, Settings, Update & Security, Windows Security, Virus & threat protection, Manage ransomware protection, Block history where you can click on the latest entry at the top and then Actions, Allow on device (after UAC prompt) as shown in the article: “Click on the popup, and you’re brought to the Protection history dialog (see Figure 2).

          1 user thanked author for this post.
      • #2343299
        ClearThunder
        AskWoody Plus

        The most effective and cost efficient protection against Ransomware is knowledge.

        4 users thanked author for this post.
        • #2343301
          b
          AskWoody MVP

          Controlled Folder Access is free and protects your data files even when you’re not present.

          1 user thanked author for this post.
      • #2343485
        Mele20
        AskWoody Lounger

        Wow! I had no idea so many ordinary folks had such extremely precious and dangerous to the world stuff on their computers!

        • #2343501
          access-mdb
          AskWoody MVP

          I have well over 20,000 photos with the oldest going back to the 1850s. These are precious to me, so I would be distraught to lose them. They are of no value to anyone else. Similarly a lot of information that’s important to me. I don’t think I have anything that’s dangerous, but wouldn’t want anyone making use of my photos or information to scam other people.

          I suspect many others will have similar stories to tell.

          2 users thanked author for this post.
      • #2343549
        Alex5723
        AskWoody Plus

        dangerous

        It has nothing to do with dangerous.
        People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.

        2 users thanked author for this post.
      • #2343553
        Microfix
        AskWoody MVP

        Don’t need to is my answer.
        We have NO personal/sensitive files or docs on any of our PC’s
        External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen. All that we’d lose is the OS with portable apps that can be restored in 20mins or so.
        Our ransomware risk scenario is therefor minimised.

      • #2343567
        Alex5723
        AskWoody Plus

        External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen

        The moment you connect your USB drives/USB flash the data maybe encrypted by a dormant ransomware app. the dormant ransomware app can be found also on your backup drives/cloud..

        • This reply was modified 2 weeks, 6 days ago by Alex5723.
        3 users thanked author for this post.
        • #2343572
          Microfix
          AskWoody MVP

          Thanks for the reminder, it’s minimised even more, we dont have such a thing as ‘dormant’ apps on Win7/ Win8.1/ XP Pro(offline/ transfer device) or Linux. NOTHING personal/sensitive gets anywhere near W10 when testing/using it

          • #2343579
            b
            AskWoody MVP

            And the backup drives you connect to image Windows 10 don’t contain anything you wouldn’t want to lose? (The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)

            1 user thanked author for this post.
            • #2343582
              Microfix
              AskWoody MVP

              I don’t backup W10 when testing/using it, W10 has inbuilt albeit prompted functionality to self heal hence foregoing backups. Which is one of the progressive improving things in W10, specifically DISM
              Considering ransomware is primarily actioned against business, my train of thought is it’s scaremongering homeusers into a security frenzy where logic has left the building.

              • #2343814
                rc primak
                AskWoody_MVP

                No. This is simply not the case for anything not part of the Windows System itself. Most of what people would lose is not in that category.

                -- rc primak

            • #2343815
              rc primak
              AskWoody_MVP

              (The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)

              “eternal drives”? (Yeah, I know it’s a typo,  but I wonder just how slow your USB bus must be 🙂 !)

              -- rc primak

              • This reply was modified 2 weeks, 5 days ago by rc primak.
              1 user thanked author for this post.
              b
      • #2343620
        Mele20
        AskWoody Lounger

        dangerous

        It has nothing to do with dangerous.
        People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.

        Why would anyone do what you describe? That’s risky. Keep paper records only and keep copies of those that are irreplaceable in your safety deposit box…you do have one don’t you? If you have lots of photos on your computer surely you make backups to CD/DVD’s and surely you support Dell as one of the few (if not only major computer maker today) which still includes CD/DVD Rom drives on their desktops…you do have a desktop don’t you?

        1 user thanked author for this post.
        • #2343672
          Paul T
          AskWoody MVP

          Keeping your important stuff on your PC is very sensible.
          Having proper backups is an absolute necessity.
          Using one of the backup apps with ransomware protection is even more sensible.

          cheers, Paul

          4 users thanked author for this post.
          • #2343817
            rc primak
            AskWoody_MVP

            Equally sensible is to have hard copies and off-site backups if the stuff is that important. For photos, cloud storage is also a practical safeguard. Encrypt before uploading anything, even image files, if you don’t want prying eyes to see it.

            -- rc primak

      • #2343846
        rexr
        AskWoody Plus

        LANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
        [See the full post at: Have you enabled Win10’s ransomware protection?]

        Yes, Ransomware protection enabled for a month or two. It asked to allow a few Controlled Folder Access’es and that’s it. A little more protection with no overhead that i notice.

        Regular Backups of everything.

        Win10 Pro 20H2 19042.804
        Backups with Macrium Reflect home edition
        1 user thanked author for this post.
        b
      • #2344027
        Paul T
        AskWoody MVP

        Considering ransomware is primarily actioned against business

        Not so, ransomware targets anyone who can pay.
        A home PC owner is likely to have photos, email etc that is as important to them as any business data.

        cheers, Paul

    Viewing 20 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Have you enabled Win10’s ransomware protection?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.