Is anyone using Windows Defender Controlled folder access?

Page 4 of 4 FirstFirst ... 234
  1.    03 Sep 2018 #31

    AndreTen said: View Post
    Only with placing shortcuts on Desktop. I've had no other problems with it.

    Posted a feedback about accessing logs in a simpler way (no way to find exact program to allow it access to restricted folder other than check the Event viewer), but no response..
    I think you will only find the exact file path name in Event Viewer, I asked the same thing. Action center doesn't always show the full file path.
      My ComputerSystem Spec

  2. AndreTen's Avatar
    Posts : 15,282
    Windows 10 (Pro and Insider Pro)
       03 Sep 2018 #32

    Kol12 said: View Post
    I think you will only find the exact file path name in Event Viewer, I asked the same thing. Action center doesn't always show the full file path.
    Exactly. That's why we have to bother MS to include log access from notification center.

    You can add Custom view:
    Code:
    <QueryList>
      <Query Id="0" Path="Microsoft-Windows-Windows Defender/Operational">
        <Select Path="Microsoft-Windows-Windows Defender/Operational">*[System[(EventID=1123 or EventID=1124 or EventID=5007)]]</Select>
        <Select Path="Microsoft-Windows-Windows Defender/WHC">*[System[(EventID=1123 or EventID=1124 or EventID=5007)]]</Select>
      </Query>
    </QueryList>
      My ComputersSystem Spec

  3.    03 Sep 2018 #33

    This would be an absolute pain to me. First, by default, only a few 'standard' folders are protected. So to protect more from being accessed by program or programs unknown, I'd need to add a whole lot of folders/disks? - probably not possible. And then second, as above, I'd need to add a whole load of programs.

    I infinitely prefer a white-listing solution - I use SecureAplus. That acts on a simple one-time prompt to allow or not, couple with options to upload a file for virus checking by multiple engines. (There's more too as regards AV protection alongside a tradition AV solution).

    This is comparatively non-intrusive- i.e. it prompts when you'd expect, and not too often.

    Setting it up is easy- if happy with your system when installing it, simply have it trust everything installed at that time.

    Thus EVERYTHING is protected.

    I recall Zonealarm's firewall, many years ago, used a white list approach.
      My ComputerSystem Spec

  4. AndreTen's Avatar
    Posts : 15,282
    Windows 10 (Pro and Insider Pro)
       03 Sep 2018 #34

    For anybody who's too lazy to open Event viewer every time, and select custom view, or...,
    here is tiny ps script to show events (newest at the top) regarding Controlled folder access. Just copy paste in Notepad, and save file as filename.ps1.

    Run it with right click / run with powershell
    Code:
    Get-WinEvent -LogName "Microsoft-Windows-Windows Defender/Operational" | Where-Object {$_.ID -eq "1123" -or $_.ID -eq "1124"}
    Pause
    Output:
    Click image for larger version. 

Name:	image.png 
Views:	5 
Size:	19.6 KB 
ID:	202101
      My ComputersSystem Spec

  5. Bree's Avatar
    Posts : 9,206
    10 Home x64 (1809) (10 Pro on 2nd pc)
       03 Sep 2018 #35

    AndreTen said: View Post
    Output:
    Click image for larger version. 

Name:	image.png 
Views:	5 
Size:	19.6 KB 
ID:	202101
    You could usefully add event ID 1127 to that list...

    Click image for larger version. 

Name:	image.png 
Views:	2 
Size:	3.0 KB 
ID:	202112
      My ComputersSystem Spec

  6. AndreTen's Avatar
    Posts : 15,282
    Windows 10 (Pro and Insider Pro)
       03 Sep 2018 #36

    Bree said: View Post
    You could usefully add event ID 1127 to that list...

    Click image for larger version. 

Name:	image.png 
Views:	2 
Size:	3.0 KB 
ID:	202112
    Thanks for bringing out that 1127.. This event (blocking memory) isn't listed in Controlled folder access events, yet it occurs from time to time. And I don't notice any side effects of it...

    It is triggered (on my system) by hwinfo, powercfg, UUP2ISO, nothing to do with Controlled folders, but memory.
      My ComputersSystem Spec

  7. Bree's Avatar
    Posts : 9,206
    10 Home x64 (1809) (10 Pro on 2nd pc)
       03 Sep 2018 #37

    AndreTen said: View Post
    This event (blocking memory) isn't listed in Controlled folder access events, yet it occurs from time to time. And I don't notice any side effects of it...
    Yes, it's an odd one - I've not seen it stop anything working either. And after a restart the same actions don't usually trigger it.

    It is described as...
    Controlled folder access Windows Defender (Operational) 1127 Blocked Controlled folder access sector write block event
    in the MS document you linked to in post #33 here...
    Add Protected Folders to Controlled Folder Access in Windows 10 - Page 4 - | Windows 10 Tutorials
      My ComputersSystem Spec

  8. AndreTen's Avatar
    Posts : 15,282
    Windows 10 (Pro and Insider Pro)
       03 Sep 2018 #38

    Bree said: View Post
    Yes, it's an odd one - I've not seen it stop anything working either. And after a restart the same actions don't usually trigger it.

    It is described as...


    in the MS document you linked to in post #33 here...
    Add Protected Folders to Controlled Folder Access in Windows 10 - Page 4 - | Windows 10 Tutorials
    Thanks for the link, couldn't find it with quick search

    About script... it's there, feel free to use it as you like Finding correct name of Defender log was hardest part.

    Event ID 1123 is the only one, that I'm interested in for now.
      My ComputersSystem Spec

  9. Bree's Avatar
    Posts : 9,206
    10 Home x64 (1809) (10 Pro on 2nd pc)
       03 Sep 2018 #39

    AndreTen said: View Post
    Thanks for the link, couldn't find it with quick search ....
    I didn't find it with a search either. I stumbled across it by chance after following the link Cliff S gave in post #25 of this thread, then just read on a bit...
      My ComputersSystem Spec


 
Page 4 of 4 FirstFirst ... 234

Related Threads
How to Add or Remove Protected Folders for Controlled Folder Access in Windows 10 Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus. When Controlled folder access is turned on, it...
Defender Controlled Folder Protection Question in AntiVirus, Firewalls and System Security
Hello There After using Avast for 16 years, and discovering a file was writing a lot to the drive, decided to try Defender longer this time, now if i decide to enable Controlled Folder protection or Ransomware protection after 1803 Released, ...
cannot change CONTROLLED FOLDER ACCESS option in Windows Defender in AntiVirus, Firewalls and System Security
177065
Odd Defender 'Controlled Folder Access' alert in AntiVirus, Firewalls and System Security
Fall Creators Update 1709 introduced a new 'Controlled Folder Access' function in Defender. This is off by default, but I have turned it on to test it. I've had to allow a couple of apps access (VLC was one) but other than that it seem unobtrusive....
Solved About the "Controlled Folder Access" in windows defender... in AntiVirus, Firewalls and System Security
Although not that important, I noticed that when you open Winders Defender, and then click on Virus and threat protection settings, and then scroll down to controlled folder access,.. It states, " Protect your files and folders from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:09.
Find Us