Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

How to protect Windows against ransomware

Windows 10 and Windows 11 have built-in ransomware protection, but it’s not enabled by default. Here’s what you need to know about using Controlled folder access.

Ransomware holds your files hostage by encrypting them. Windows’ controlled folder access feature prevented any unauthorised application from modifying files in critical folders.

Kaspersky Home Security

Kaspersky Home Security

Keep your online activity safe and private across multiple devices – without compromising speed.

Check out Kaspersky’s new security plans from just £10.99 per year

  • Kaspersky
  • Money back guarantee
  • from £10.99
Buy now

The Short Version

  1. Type “ransomware” into the search bar
  2. Click the Ransomware protection result
  3. Enable Controlled folder access
  4. Click yes on the User Account Control screen
  1. Step

    Windows’ internal search is the fastest way to find most settings.Ransomware is typed into the Windows search bar

  2. Step

    Click the Ransomware protection result

    You can also navigate to the anti-ransomware settings via the Windows Security interface, but searching the fastest approach.The Ransomware protection search result is highlighted

  3. Step

    Enable Controlled folder access

    The first heading on the Ransomware protection screen reads “Controlled folder access”, with an explanation and a switch below it. If the switch is set to off – coloured grey with the word “off” next to it, as in my screenshot – click on it.The switch to enabled Controlled folder access is highlighted int the Ransomware protection settings

  4. Step

    Click yes

    User Account Control will check in to make sure it was really you that requested the settings change. Click yes and you’re ready to go.The yes option is highlighted on a Windows user account control challenge

Controlled folder access will by default protect your Documents, Pictures, Videos, Music and Favourites folders from being changed by unauthorised applications. You can add new folders to the list by clicking the Protected folders link, and authorise new applications via the Allow an app through Controlled folder access link.


I’m using a program I trust, but Windows says “App is blocked”.

This is why Controlled folder access is disabled by default. While native Microsoft apps and those from some known legitimate software publishes are authorised by default, some false positives may occur. This this happens, open Ransomware protection as above, and click “Allow an app through Controlled folder access link”. You’ll be able to check recently blocked apps and browse for any app via the Add an allowed app button.

How do I add a new folder to Controlled folder access?

In the Ransomware protection settings, click the “Protected folders” link . You’ll be able to see all the folders currently protected, and add new ones via the Add a protected folder button. This is great for project folders from development or editing software. Just make sure you don’t go wild and add your entire hard disk, as many programs need to create and destroy files, especially temporary files, on a regular basis, and Controlled folder access is likely to interfere with this.

What does the Ransomware data recovery section mean?

If you’ve linked your Microsoft OneDrive account to Windows, any files placed in OneDrive’s synced folders may be recoverable from the even if the copies on your hard disk are encrypted by ransomware.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words