I don't remember seeing this setting before updating to newest Insider version. First I think they have a misprint of the word Change. The option is off by default. Does it actually disallow any tampering or altering of all files and folders or is it just for OS files and folders?
Why wouldn't be on by default is what I wonder. Edit: After you enable that option you get to see what folders are being protected and allows you to add others yourself.
Its not on by default as you have to allow certain apps so if it would be on by default some apps from third parties may not be able to modify these files at all.
It appears to protect documents, pictures, videos, music, desktop and favorites. As an example I tried to delete a picture from my desktop and it gives this warning. And so you still get a chance to screw up since it gives the user a choice as to allow or not.
Seems too basic for me. Does it have more granular control over allowed/blocked apps or it blocks/allows ALL at once?
It sounds, that it blocks apps according to smartscreen, but it works. I have XnView set to save screenshots on desktop and it blocked it and it is obviously not malware. I still prefer to use NTFS permissions directly, it has managed to stop wannacry, when I was testing it, I guess this works the same way, but enforced via Windows Defender
And: "Most of your apps will be allowed by Controlled folder access without adding them there. Apps determined by Microsoft as friendly are always allowed."
It's hard to expect regular users to whitelist all apps that can change personal data. So I see this as additional protection that could make ransomware encrypting your data little less likely. For power users there are other tools and built-in mechanisms that can do much more.
I also wonder about this. Because ransomware is often using process hollowing, did they also think of this?
Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard. I don't much about it yet. It just showed up yesterday as part of an insider update.
Found the exploit protection that also showed up yesterday. https://blogs.technet.microsoft.com...eyond-emet-ii-windows-defender-exploit-guard/ 1 Right-click the WDSC icon in the taskbar notification area and click Open, or search the Start menu for Windows Defender Security Center. 2 From the Windows Defender Security Center, click on App & browser control. 3 Scroll to the bottom of the resulting screen to find Exploit protection settings
Yes, but as said, if malware injects code into a trusted app, it's likely that "Controlled Folder Access", won't protect against all ransomware. I hope someone will test it against the most popular ransomware.
You are probably right but from my screen shots Exploit guard also contains a newer version of EMET. I still have not taken the time to look it over much. Thought maybe others would chime in but I guess not all that many must have updated to Windows version 16281 yet. That is the version all this showed up pn my PC.