Windows 10 Security Feature Protects Files from Being Encrypted by Ransomware

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
The Windows 10 Fall Creators Update includes a security feature, "Controlled Folder Access," that can prevent ransomware from encrypting your files. It works by only allowing whitelisted apps to access files in the Controlled folder list. Users can add new folders to the protected zone and adjust which apps are authorized to access files in it.

Consumers can enable the feature through the Windows Defender Security Center app by clicking the shield icon and toggling on Controlled folder access. It automatically protects Windows system folders and default locations such as Documents, Pictures, Movies, and Desktop. Users can also add other folders and other drives by clicking the shield icon in the Windows Defender Security Center and clicking through to the Virus and threat protection settings.
 
And what is keeping malicious programs from imitating the ones that are being let through?

I am guessing it is only going to be controlled by program name and nothing that has to do with file hashes as that would end up causing grief any time a program on the whitelist is updated.

Absolutely nothing preventing a malicious program from making a copy of itself that is has the same name as an allowed program.
 
So how long before a program comes out that takes control of this setting, and only whitelists itself for all files? Every system we have in place to protect us can be turned right against us too.
 
This is VERY good news. We had one person get a Ransomware and we lost a lot of data. Whatever is offered, we will take it! Well done.
 
Nukester said:
This is VERY good news. We had one person get a Ransomware and we lost a lot of data. Whatever is offered, we will take it! Well done.
Click to expand...
The VERY good news is that you can implement a regular backup plan that is transparent to the end user. When an inevitable hardware failure happens or the rare virus wipes out your data, no worries.
 
cyclone3d said:
And what is keeping malicious programs from imitating the ones that are being let through?

I am guessing it is only going to be controlled by program name and nothing that has to do with file hashes as that would end up causing grief any time a program on the whitelist is updated.

Absolutely nothing preventing a malicious program from making a copy of itself that is has the same name as an allowed program.
Click to expand...
So just guessing and already dismissing it based on your guess and nothing else?

I mean did you even test it? Use one program that is whitelisted then use a completely different program changing the name to match.
 
Jim Kim said:
The VERY good news is that you can implement a regular backup plan that is transparent to the end user. When an inevitable hardware failure happens or the rare virus wipes out your data, no worries.
Click to expand...

Owner is too cheap. We back up on flash drives. Lol
 
Jim Kim said:
The VERY good news is that you can implement a regular backup plan that is transparent to the end user. When an inevitable hardware failure happens or the rare virus wipes out your data, no worries.
Click to expand...
The end user isn't smart enough to do that, a few clicks to enable it is about as complicated as it can be for them.
 
LogicEarht said:
So just guessing and already dismissing it based on your guess and nothing else?

I mean did you even test it? Use one program that is whitelisted then use a completely different program changing the name to match.
Click to expand...

I had been on the fast track release for quite a while. In the past couple months I had to wipe and redo my machine from scratch twice due to builds failing to install over and over again. Got tired of it trying to do a build update every single time I rebooted my system. I don't have time to wait 30-45 minutes for it to fail the build update and then roll back to what was already there and then keep doing the same thing over and over again.

That also ended up killing my REFS partitions on other drives and I had to end up buying data recovery software to get some of my files back.

Now I am on the regular update schedule so I don't even have that option available to test.
 
When do they make it so it protects against beeing deleted without warning during updates ? that fact that windows update has been a bigger danger of data destruction than cryptyware tells a lot.
 
cyclone3d said:
Now I am on the regular update schedule so I don't even have that option available to test.
Click to expand...
Uhh..., the option being discussed is in the Fall Creator Update, which just released last week to everyone not on the beta builds.
 
Nukester said:
This is VERY good news. We had one person get a Ransomware and we lost a lot of data. Whatever is offered, we will take it! Well done.
Click to expand...

Kick that person in the nut sack for not doing due diligence and have backups.
 
I've had nothing but problems when this thing is turned on.

It seems to work for awhile, and then it decides that explorer.exe and other windows components is malicious and starts blocking it from reading, copying or creating files in any protected folders even if you whitelist it.

Also ran into problems installing programs like LibreOffice when it was on. I would expect that since it's an installer and it could be malicious, but it flat out deny's write instead of at least prompting you to allow or deny, so part of it gets installed while the profile appdata files do not.
 
B00nie said:
Kick that person in the nut sack for not doing due diligence and have backups.
Click to expand...

We would have but Ebineezer doesn’t want to scare anyone into quitting. The owner at 80 is so cheap he turns off the building power once a day for 15 minutes so we have to use our battery backups, save energy.
 
Deathlizard said:
I've had nothing but problems when this thing is turned on.

It seems to work for awhile, and then it decides that explorer.exe and other windows components is malicious and starts blocking it from reading, copying or creating files in any protected folders even if you whitelist it.

Also ran into problems installing programs like LibreOffice when it was on. I would expect that since it's an installer and it could be malicious, but it flat out deny's write instead of at least prompting you to allow or deny, so part of it gets installed while the profile appdata files do not.
Click to expand...

This isn’t good news. We run an antivirus along with malware bytes which offers some protections, albeit not much.
 
Nukester said:
We would have but Ebineezer doesn’t want to scare anyone into quitting. The owner at 80 is so cheap he turns off the building power once a day for 15 minutes so we have to use our battery backups, save energy.
Click to expand...


umm.. thats not saving power.. the UPS has to recharge drawing even more power.
 
You must log in or register to reply here.
Back
Top