How to Protect Files from Ransomware with Windows 10 Defender
Read about using Windows Defender to enable controlled access for folders, choose protected folders, recover files encrypted by ransomware etc. The latest Windows 10 update, Fall Creators, includes a new function of Windows Defender meant to protect user files from encryption by various ransomware. This function is called “Controlled folder access” and is disabled by default. In this article, we will show you how to enable this protection and how it works.
Though regular backup is believed to be the best protection from this kind of virus, the function “Controlled folder access” can be used as a preventive measure. A backup copy will not only ensure maximal protection for your files, but also help remove the virus in an easiest way.
- How “Controlled Folder Access” Works
- How to Enable “Controlled Folder Access”
- How to Select Folders to be Protected
- How to Grant Access to Your Files
- How to Recover Computer Files Encrypted by Ransomware
- Questions and answers
This function is a part of Windows Defender and adds more protection for such personal folders as Documents, Pictures and Desktop. As a rule, any program installed on your computer can edit files in these folders. When protection is enabled, then only the “apps determined by Microsoft as friendly” or applications for which you grant access specifically, will be able to make changes to your personal files in these folders.
Such approach prevents you from becoming a victim of some ransomware that encrypted your data, and makes sure that user data is never deleted or damaged in any other way. However, you should always remember that Defender does not stop viruses from viewing or copying your personal data. Malware can copy your personal photos or banking data and send this information elsewhere, and it is also a nasty thing.
In order to enable this function, open Windows Defender Security Center. To find it, click Start, enter Windows Defender and launch Windows Defender Security Center.
Then click on the shield-shaped icon (Virus & threat protection) in the side panel. After that, click on Virus & Threat Protection settings.
Scroll down and set the option “Controlled folder access” to “On” position. Confirm the changes. If you don’t see this option, it is possible that your PC has not received Fall Creator Update yet. You can force this update by using a special wizard by Microsoft or wait until the system installs the update automatically.
After you enabled this function, click the Protected folders link in the Controlled folder access section to manage folder settings.
You can see that by default Windows protects system locations and personal folders, such as Documents, Pictures, Videos, Music, Desktop and Quick Access, which are located in your user account folder.
If you keep important data in a different location, you should click Add a protected folder and specify other folders containing important files.
Setting up access to these folders for every program installed on the computer would require lots of effort from the user. That is why Windows Defender automatically allows known applications to make changes to files contained in these folders, so you don’t have to worry about settings for every program to access such files.
However, any attempt to edit the files coming from a program unknown to Windows Defender will be blocked. At such moments, you will see notices about “unauthorized changes” specifying which program was refused access to a certain folder. The program which was refused access may notify you of an error as well.
If you see such notice but you are sure the program is safe to use, you can grant access. Go to Windows Defender Security Center > Virus & threat protection > Virus & threat protection settings and click on Allow an app through Controlled folder access in the Controlled folder access section.
Also, to go directly to this window you can just click the notice that is shown in the Action Center, if you haven’t refused it yet.
Click Add an allowed app and go to the program for which you want to grant access. You will have to find an .exe file related to such program, and it is probably located somewhere in the Program Files folder.
Any time you see a notice and want to unlock access for an application, go back and add it to the white list. You will not have to do it for all programs, because Windows grants such access automatically to popular applications when they try working with the controlled folders.
System administrators in charge of PC networks can use group policies, PowerShell or mobile device management (MDM) servers to enable this function for all computers within a network. For extra information on the issue, see official Microsoft documentation.
It is next to impossible to recover them without knowing the encryption key. Sending your money somewhere in the hope of getting this key is a bad idea either. There is little chance of getting the key, but you will certainly attract more attention to your humble person. Once you get experienced hackers interested, you risk losing more than just your files.
Let’s have a closer look at how ransomware works. Having infected the system, such virus scans user folders to find documents, photos and other files. It creates an encrypted copy of every file, and then deletes the originals. This process continues until all files are encrypted.
You can use a data recovery program by Hetman Software to try recovering the deleted original versions of your files. This approach is not 100% guaranteed as deleted files may be completely or partially overwritten with the new ones. However, there is no other reliable way to bring your data back.
Download, install and launch Hetman Partition Recovery. Specify the disk where deleted files used to be stored and wait for the scan to be over. The free version of the program will show all files available for recovery. To save the files, you will have to buy a registration key.