With the recent increases in cyberattacks Windows has released a new feature designed to protect users against new strains of Ransomware and other malware. This feature, called Controlled Folder Access, is being tested in the latest Windows 10 Insider Builds. If successful this feature will roll out to the Creators Update in the fall and eventually make to general release. For those unaware, Ransomware functions by gaining access to your computer via the traditional methods of bad emails, phishing pages, and other methods (recently this includes NSA leaked looks like EternalBlue and others). Once on your computer the Ransomware begins to encrypt your files and folders in the background without your knowledge. After this process of encryption is completed the key to decrypt your data is then sent off to the malicious party and a message will appear asking you for a ransom to decrypt your files.
Enter Windows 10 Controlled Folder Access
The premise behind controlled folders in Windows 10 is to protect specific files and folders from unauthorized access (i.e. unauthorized encryption). Ideally, this protection will prevent Ransomware from being able to encrypt your files without your knowledge. The new Windows 10 feature allows for the protection of local folders and mapped network shares. Microsoft also specifies that Windows system folders are protected by default. According to a Microsoft TechNet article,
“Microsoft recognizes the threat to productivity that brazen modern cybercrime represents and invests significantly in a thoughtful and simple strategy that is proving to be effective as new attacks emerge. We protect by hardening our software and devices; leveraging hardware-based security and exploit mitigations to significantly raise the cost of attack on Windows 10. We recognize that history has demonstrated that highly skilled and well-funded attackers can find unanticipated paths to their objectives. We detect and help prevent against these threats with advanced protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection. We enable customers and security experts to respond to these threats that may have impacted them with tools like Windows Defender ATP. Enterprise security operations personnel must act quickly with completeness of information to remediate an attack that may have impacted them.”
How Does Controlled Folder Access Work in Windows 10
By default, Windows 10 doesn’t prevent most applications from making changes to protected files and folders. It appears that Microsoft may maintain a list of allowed applications that it considers friendly. This list, however, is not configurable by the end user and if a program is on this list all protection will be bypassed to allow the app to run unhindered.