Microsoft has built-in protection that prevents any suspicious application from modifying protected files. Here’s how to activate and set up this new feature.
With Windows 10 Fall Creators Update, Microsoft now offers protection against ransomware, called “Controlled Access Device Folders.” Its operating principle is quite simple: any suspicious application will be blocked by default in writing on a set of folders to protect. Thus, a ransomware that has managed to find its way to your system will not be able to quietly encrypt the files you care about.
To take advantage of this feature, you have to dig into the Windows settings.
Go to “Settings -> Update and Security -> Windows Defender” and open the “Windows Defender Security Center”.
Then go to the “Virus and Threat Protection” section and click “Virus and Threat Protection Settings.”
You then come across a page with a multitude of options in which you have to activate the famous “Controlled Access Device Folders.”
Two types of settings are possible.
The first: the files to protect. By default, Windows protects system folders and user-related folders: Desktop, Documents, Pictures, Music, and so on. In most cases, this should be enough. Otherwise, it is possible to define others by clicking on “Add a protected folder“.
Second setting: the applications to allow. This whitelist contains by default all Microsoft applications, as well as those that the publisher deems to be trustworthy. These, moreover, do not appear and can not be deleted from the list. The day an application you use is blocked, simply go to this menu, click on “Add an authorized application” and select the corresponding executable. This is usually located in the “Program Files (x86)” folder at the root of drive C.
When an application is blocked, it can not create or modify files in protected folders. Such an action generates a more or less understandable error alert, as well as a message in the notification center (located at the bottom right). So you will be warned.