Windows 10 and Windows 11 have built-in ransomware protection, but it’s not enabled by default. Here’s what you need to know about using Controlled folder access.
Ransomware holds your files hostage by encrypting them. Windows’ controlled folder access feature prevented any unauthorised application from modifying files in critical folders.
Kaspersky Home Security
Keep your online activity safe and private across multiple devices – without compromising speed.
Check out Kaspersky’s new security plans from just £10.99 per year
- Kaspersky
- Money back guarantee
- from £10.99
The Short Version
- Type “ransomware” into the search bar
- Click the Ransomware protection result
- Enable Controlled folder access
- Click yes on the User Account Control screen
Step
1Type “ransomware” into the search bar
Windows’ internal search is the fastest way to find most settings.
Step
2Click the Ransomware protection result
You can also navigate to the anti-ransomware settings via the Windows Security interface, but searching the fastest approach.
Step
3Enable Controlled folder access
The first heading on the Ransomware protection screen reads “Controlled folder access”, with an explanation and a switch below it. If the switch is set to off – coloured grey with the word “off” next to it, as in my screenshot – click on it.
Step
4Click yes
User Account Control will check in to make sure it was really you that requested the settings change. Click yes and you’re ready to go.
Controlled folder access will by default protect your Documents, Pictures, Videos, Music and Favourites folders from being changed by unauthorised applications. You can add new folders to the list by clicking the Protected folders link, and authorise new applications via the Allow an app through Controlled folder access link.
Troubleshooting
This is why Controlled folder access is disabled by default. While native Microsoft apps and those from some known legitimate software publishes are authorised by default, some false positives may occur. This this happens, open Ransomware protection as above, and click “Allow an app through Controlled folder access link”. You’ll be able to check recently blocked apps and browse for any app via the Add an allowed app button.
In the Ransomware protection settings, click the “Protected folders” link . You’ll be able to see all the folders currently protected, and add new ones via the Add a protected folder button. This is great for project folders from development or editing software. Just make sure you don’t go wild and add your entire hard disk, as many programs need to create and destroy files, especially temporary files, on a regular basis, and Controlled folder access is likely to interfere with this.
If you’ve linked your Microsoft OneDrive account to Windows, any files placed in OneDrive’s synced folders may be recoverable from the even if the copies on your hard disk are encrypted by ransomware.
You might like…
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.