Have you enabled Win10’s ransomware protection?

[Fred Langa]

LANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
[See the full post at: Have you enabled Win10’s ransomware protection?]

3 users thanked author for this post.

rexr, Wayne, abbodi86

Reply | Quote

[Wayne]

This sounds like a good idea but my Ransomware protection page says “Controlled folder access requires turning on Real-time protection.” What’s that and how do I do it?

Is it related to my having Avira Antivirus (free version) installed and working?

If I don’t like it, what happens if I turn it off?

Thanks!

Reply | Quote

[PKCano]

Many anti-virus programs turn off Defender real-time protection so as not to have a conflict and/or over-use resources (running 2 AVs at the same time).
That might be the case with your Avira installation.

2 users thanked author for this post.

rc primak, Wayne

Reply | Quote

[rc primak]

I had Avira for awhile. That is indeed the case — it’s one of the third party AV programs which turn off Windows Defender. Ransomware protection would have to come from the Avira Premium version in this case.

-- rc primak

Reply | Quote

[Amy Babinchak]

In order to take advantage of the advanced security offering in Defender you can’t run a third party anti-virus too. It comes down to either you want Defender or you don’t.

7 users thanked author for this post.

rc primak, analogkid, klang, wavy, Goldie Oldie, RockFox, iccohen1

Reply | Quote

[iccohen1]

Amy-

Clearly I missed where it said it was part of Defender. That explains it!

Thanks for the quick reply.

-Steve

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

The one exception is Malwarebytes Premium. It will allow the Windows Security Center to continue to operate, but only if you do NOT check off the setting to “Integrate with the Windows Security Center”.

-- rc primak

Reply | Quote

[anonymous]

Somewhere you had noted “…Malwarebytes is one of a very few AV programs (possibly also Immunet) which don’t have to take over the Windows Security Center…”

 

But I found that Immunet does take it over and doesn’t have an option to de-couple.

Cheers,

-Steve

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

I only said “possibly”. Immunet used to advertise that they’re compatible with Windows Defender and could run simultaneously. I guess that’s changed. This seems to have changed with more recent updates to Windows 10. It wasn’t a change in Immunet. See:

https://support.immunet.com/topic/6942-how-to-run-without-disable-windows-defender/

and

https://support.immunet.com/topic/6573-option-to-enabledisable-security-centre-integration/

Also, the term is “register with the Windows Security Center”. If a third-party program has an option not to do this,it will leave Windows Defender available. Usually not recommended.

 

-- rc primak

• This reply was modified 2 weeks, 5 days ago by rc primak.
• This reply was modified 2 weeks, 5 days ago by rc primak.

Reply | Quote

[Ken]

If I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct? All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?

I have Malwarebytes which includes ransomware protection: is this not enough?

Reply | Quote

[b]

Ken wrote:

If I read the first ransomware protection advice correctly, it requires the use of One Drive and moving all data files to a central controlled folder. Am I correct?

No. Fred said;

If you use OneDrive, I think the ransomware data recovery option is nice to have — but it’s not a deciding factor in itself. The main protection — Controlled folder access — works just fine with or without OneDrive.

 

Ken wrote:

All my data are in an external drive, I never use One Drive as I do not really trust the cloud. Can the entire external drive be the “controlled folder”?

Yes:

You can also specify network shares and mapped drives.

Protect additional folders

 

Ken wrote:

I have Malwarebytes which includes ransomware protection: is this not enough?

Probably.

Reply | Quote

[rc primak]

I have Malwarebytes which includes ransomware protection: is this not enough?

It is enough. As good as or better than Windows Security Center’s protections.

 

-- rc primak

Reply | Quote

[iccohen1]

Always enjoy reading Fred’s articles. But this one has thrown me for a loop. I have a Win 10 PC Home Edition, and went to enable the Ransomware settings. But when I do, I get the “Page not available – Your IT administrator has limited access to some areas…”.

Well, I didn’t recall seeing THAT message before. So first thing, I disabled the Immunet anti-virus I downloaded (per the suggestion from Deanna McElveen in the last issue of Woody’s), that didn’t work. Reviewed stuff on Google, they all said “Group Policy Settings,, blah blah blah” can’t do that, I have Home Edition.

 

I have Malwarebytes (Free Edition, passive) CryptoPrevent (which I also disabled) and Windows Defender Firewall, as well as the above-mentioned anti-virus. Should I try using the “hidden” Admin account as noted on this page? https://appuals.com/fix-your-it-administrator-has-limited-access/.

This is quite frustrating.

Cheers,

-Steve Cohen

1 user thanked author for this post.

stewagreen

Reply | Quote

[Amy Babinchak]

You’ll probably have to uninstall those third party tools. Most of them disable Defender security so as to avoid conflicts.

1 user thanked author for this post.

rc primak

Reply | Quote

[Colorado_Hiker]

You might try looking at this post:

https://answers.microsoft.com/en-us/protect/forum/all/virus-threat-protection-is-missing-from-windows/15d32fa1-c5e8-453b-a9f6-22da0bb36eea

Plus what Amy and others said about running multiple AVs.

• This reply was modified 1 month ago by Colorado_Hiker.

1 user thanked author for this post.

rc primak

Reply | Quote

[PBear.SF]

Not to mention… many third-party anti-virus/security solutions, like Bitdefender (which I use), provide the same Controlled Folder Access method of protecting against ransomware.  So, turning on the feature in Windows Security at the same time would be a duplication of effort — and, basically overkill.  🙂

--
PBear.SF

2 users thanked author for this post.

rc primak, analogkid

Reply | Quote

[tcc089]

So, we can’t have a third-party AV solution in place if we want MS’s ransomware protection.  With all due respect to Fred who I enjoy reading above all else, perhaps that could have been stated in the article upfront.  And the Windows behavior itself in this respect sounds like another example of MS trying to make sure you use their products, and no one else’s.  That’s a real shame.  Oh well.  Many thanks for raising the topic nonetheless Fred.

4 users thanked author for this post.

MHCLV941, analogkid, stewagreen, Goldie Oldie

Reply | Quote

[Wayne]

For what it’s worth, I have the impression that many if not all of the AskWoody gurus are happy enough with the most recent version of MS Defender to use it in place of their previous antivirus favourites. I recall several occasions and at least one forum discussion stating that MS has upped its antivirus game to match the third-party antivirus programs and therefore does an adequate job of defense—or even better than adequate according to comparison tests. Some gurus mentioned it might integrate better with Windows, causing fewer conflicts or problems and saving the space that third-party programs occupy.

On the other hand, Avira has served me well for years and years (as far as I know anyway) so I’m very reluctant to change horses . . .

 

2 users thanked author for this post.

rc primak, Amy Babinchak

Reply | Quote

[rc primak]

If you have Avira’s Premium product, you should have a ransomware protection option.

-- rc primak

Reply | Quote

[b]

Free version was mentioned in the first reply in this thread.

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

I was making a distinction. I know the free product was the one mentioned, and that this version has no ransomware protections.

-- rc primak

Reply | Quote

[dvhirst865]

I just went to turn it on and had no issues (I am using Windows Defender, along with scheduled MalwareBytes manual scans).  I have several data storage drives on my pc, which weren’t protected by default at startup.  It turns out to be fairly simple to enable protection for these drives, as well.  Open Control Panel > (System Properties) System Protection.  Click on the drive of interest in the Protection Settings box to select it.  Then click on Configure and click the Turn on system protection radio button to enable it.  Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK.  Repeat as necessary.  Done.

All the documention I found via Google referred to OneDrive, which is not what I needed.  The above procedure turned the trick for me.

DVH

Reply | Quote

[b]

dvhirst865 wrote:

I have several data storage drives on my pc, which weren’t protected by default at startup.  It turns out to be fairly simple to enable protection for these drives, as well.  Open Control Panel > (System Properties) System Protection.  Click on the drive of interest in the Protection Settings box to select it.  Then click on Configure and click the Turn on system protection radio button to enable it.  Next, set an amount of Disk Space Usage (say 5%), and finally, click on OK.  Repeat as necessary.  Done.

That’s to create System Restore points, which don’t include user data files, so it’s unconnected with ransomware protection.

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

Malwarebytes is one of a very few AV programs (possibly also Immunet) which don’t have to take over the Windows Security Center and prevent using features like Protected Folders (anti-ransomware). Just don’t check the box which allows these programs to “Integrate with the Windows Security Center”.

-- rc primak

Reply | Quote

[rc primak]

Slight error in terminology. The term is “register with the Windows Security Center”. Thanks to Will Fastie for pointing that out to me in a different Lounge thread.

-- rc primak

Reply | Quote

[Carl D]

Been using Windows 10’s ransomware protection for some time now.

I have to allow an exception to Paint Shop Pro 9 (which still works with Windows 10 after 15 years or so) or the program refuses to start, I get an error message. Probably because PSP9 needs access to the My PSP Files folder in Documents.

I also can’t save anything scanned with my Epson scanner/printer (the default save location is Documents) unless I allow an exception there (or temporarily disable the ransomware protection).

Also, downloading images with Firefox seems to be a bit of a “hit and miss affair” with W10’s ransomware protection enabled – sometimes it lets me download the image, sometimes it won’t and I get a similar error message to PSP9. I usually just temporarily disable it in these cases.

But, overall I believe the benefits of having the ransomware protection turned on definitely outweighs the possible inconveniences.

PC 1: Gigabyte GA-B250M-D3H Motherboard, Intel i5-7600 CPU, 32GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 20H2 64bit.

PC 2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1030 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 20H2 64bit.

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

I’ve even had issues when a version changes, like CCleaner updates. I have to allow the App all over again.

-- rc primak

Reply | Quote

[CardcaptorRLH85]

I’ve noticed a problem with setting up this ransomware protection.  I don’t get notifications when something is blocked.  Various programs have just been silently failing in the background when they try to access one of the protected folders.  Is there a way to make sure that I actually get prompted to allow apps when they try to access a protected folder?

Reply | Quote

[Amy Babinchak]

Open Defender, now called Security. Down at the bottom on the menu there’s a gear. Click that to go into settings. Make sure the slider for Get informational notifications is on. Under it also make sure that the box for Files or Activities are blocked is checked. That should do it.

1 user thanked author for this post.

rc primak

Reply | Quote

[Paul T]

An alternative to using Controlled Folder Access is to buy one of the backup programs that include ransomware protection. They are less than $50 and you get a backup as well as protection.

cheers, Paul

Reply | Quote

[CardcaptorRLH85]

To be fair, I am already backing up my system using Macrium for on-site backups to my NAS and BackBlaze for offsite cloud backups so, ransomware isn’t exactly at the top of my list of worries but, I thought that an extra layer of protection couldn’t hurt.

Reply | Quote

[rc primak]

Are these drives ever connected to the computer(s) when it/they is/are connected to the Internet? Even if not, if a PC EVER connects to the Internet, it can download delayed malware which can encrypt all drives which get attached from then onward. But your scheme seems better than most home networks in preventing unrecoverable ransomware attacks.

-- rc primak

Reply | Quote

[Alex5723]

CardcaptorRLH85 wrote:

ransomware isn’t exactly at the top of my list of worries

If you have a dormant ransomware on your system, no restore will help as your backups will be contaminated as well.

1 user thanked author for this post.

rc primak

Reply | Quote

[rgmwilliams]

I read Fred Langa’s article on Ransomeware; I appreciated being informed of this security utility within Win10.

I turned on ransomeware. When I first tried running a program, as expected, it had issues with saving. I went into ransomeware and authorized it to read the directory it needed to. This happened to one other program as well. All fine and good.

I notice, however, that it didn’t have problems with Office 365 saving, nor Notepad++. Both of those programs seem to work fine, without any assistance.

I’m on Winver 1909.

Why would this be? Thank you.

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

Microsoft likely whitelists their own trusted programs. I don’t know about Notepad++, but my best guess is that it leverages Windows Notepad.

-- rc primak

• This reply was modified 3 weeks, 5 days ago by rc primak.

Reply | Quote

[Paul T]

Notepad++ has nothing to do with Notepad and does not leverage it.
It is a long established quality product and is therefore safe to allow free access.

cheers, Paul

1 user thanked author for this post.

rc primak

Reply | Quote

[rc primak]

Then it must be a program which hasn’t caused conflicts by pure chance.

-- rc primak

Reply | Quote

[E Pericoloso Sporgersi]

Amy Babinchak wrote:

It comes down to either you want Defender or you don’t.

I beg to disagree.

See my post

More on Win10’s Ransomware protection

Reply | Quote

[pastorjoe]

I enabled protection per the instructions, so far so good.  It blocked access first time I ran a non MS program. So far so good. I received a notification.  NO ACTION BUTTON! How do I allow access if it has no button to do so?

 

Reply | Quote

[b]

Clicking anywhere in the notification takes you to Start, Settings, Update & Security, Windows Security, Virus & threat protection, Manage ransomware protection, Block history where you can click on the latest entry at the top and then Actions, Allow on device (after UAC prompt) as shown in the article: “Click on the popup, and you’re brought to the Protection history dialog (see Figure 2).“

1 user thanked author for this post.

rc primak

Reply | Quote

[ClearThunder]

The most effective and cost efficient protection against Ransomware is knowledge.

4 users thanked author for this post.

Steve, rc primak, Microfix, RetiredGeek

Reply | Quote

[b]

Controlled Folder Access is free and protects your data files even when you’re not present.

1 user thanked author for this post.

rc primak

Reply | Quote

[Mele20]

Wow! I had no idea so many ordinary folks had such extremely precious and dangerous to the world stuff on their computers!

Reply | Quote

[access-mdb]

I have well over 20,000 photos with the oldest going back to the 1850s. These are precious to me, so I would be distraught to lose them. They are of no value to anyone else. Similarly a lot of information that’s important to me. I don’t think I have anything that’s dangerous, but wouldn’t want anyone making use of my photos or information to scam other people.

I suspect many others will have similar stories to tell.

2 users thanked author for this post.

rexr, rc primak

Reply | Quote

[Alex5723]

Mele20 wrote:

dangerous

It has nothing to do with dangerous.
People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.

2 users thanked author for this post.

rexr, rc primak

Reply | Quote

[Microfix]

Don’t need to is my answer.
We have NO personal/sensitive files or docs on any of our PC’s
External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen. All that we’d lose is the OS with portable apps that can be restored in 20mins or so.
Our ransomware risk scenario is therefor minimised.

Reply | Quote

[Alex5723]

Microfix wrote:

External Drives/ USB flash only connected when required to read/transfer for emailing later or updating them (offline) and having regular system image backups as a failsafe should anything happen

The moment you connect your USB drives/USB flash the data maybe encrypted by a dormant ransomware app. the dormant ransomware app can be found also on your backup drives/cloud..

• This reply was modified 2 weeks, 6 days ago by Alex5723.

3 users thanked author for this post.

rexr, rc primak, Microfix

Reply | Quote

[Microfix]

Thanks for the reminder, it’s minimised even more, we dont have such a thing as ‘dormant’ apps on Win7/ Win8.1/ XP Pro(offline/ transfer device) or Linux. NOTHING personal/sensitive gets anywhere near W10 when testing/using it

Reply | Quote

[b]

And the backup drives you connect to image Windows 10 don’t contain anything you wouldn’t want to lose? (The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)

1 user thanked author for this post.

rc primak

Reply | Quote

[Microfix]

I don’t backup W10 when testing/using it, W10 has inbuilt albeit prompted functionality to self heal hence foregoing backups. Which is one of the progressive improving things in W10, specifically DISM
Considering ransomware is primarily actioned against business, my train of thought is it’s scaremongering homeusers into a security frenzy where logic has left the building.

Reply | Quote

[rc primak]

No. This is simply not the case for anything not part of the Windows System itself. Most of what people would lose is not in that category.

-- rc primak

Reply | Quote

[rc primak]

(The dormant app would be the unknown ransomware which could wait for eternal drives to be connected.)

“eternal drives”? (Yeah, I know it’s a typo,  but I wonder just how slow your USB bus must be 🙂 !)

-- rc primak

• This reply was modified 2 weeks, 5 days ago by rc primak.

1 user thanked author for this post.

b

Reply | Quote

[Mele20]

Alex5723 wrote:

Mele20 wrote:

dangerous

It has nothing to do with dangerous.
People have bank documents, stock documents, confidential lawyers documents, company documents…A lose / lockout could be disastrous.

Why would anyone do what you describe? That’s risky. Keep paper records only and keep copies of those that are irreplaceable in your safety deposit box…you do have one don’t you? If you have lots of photos on your computer surely you make backups to CD/DVD’s and surely you support Dell as one of the few (if not only major computer maker today) which still includes CD/DVD Rom drives on their desktops…you do have a desktop don’t you?

1 user thanked author for this post.

rc primak

Reply | Quote

[Paul T]

Keeping your important stuff on your PC is very sensible.
Having proper backups is an absolute necessity.
Using one of the backup apps with ransomware protection is even more sensible.

cheers, Paul

4 users thanked author for this post.

cmptrgy, rexr, rc primak, Alex5723

Reply | Quote

[rc primak]

Equally sensible is to have hard copies and off-site backups if the stuff is that important. For photos, cloud storage is also a practical safeguard. Encrypt before uploading anything, even image files, if you don’t want prying eyes to see it.

-- rc primak

Reply | Quote

[rexr]

Fred Langa wrote:

LANGALIST Have you enabled Win10’s ransomware protection? By Fred Langa This free, optional feature is disabled by default but, if enabled, can help p
[See the full post at: Have you enabled Win10’s ransomware protection?]

Yes, Ransomware protection enabled for a month or two. It asked to allow a few Controlled Folder Access’es and that’s it. A little more protection with no overhead that i notice.

Regular Backups of everything.

Win10 Pro 20H2 19042.804
Backups with Macrium Reflect home edition

1 user thanked author for this post.

b

Reply | Quote

[Paul T]

Microfix wrote:

Considering ransomware is primarily actioned against business

Not so, ransomware targets anyone who can pay.
A home PC owner is likely to have photos, email etc that is as important to them as any business data.

cheers, Paul

Reply | Quote

[Author]

Posts