New
#21
It's not a panic scare, it's a real scare. THEY are the ones who have encrypted your data - the dosh is demanded for a key to (if they're feeling generous) decrypt it.
Controlled Folder Access is part of the WD you praise so highly, is a no-cost option that protects your data from being encrypted and is unobtrusive once set up. And what good is a backup of your data if it was (unbeknown to you) encrypted before you had a chance to back it up?
I honestly can't think of a good reason NOT to turn on Defender's ransomware protection.
Neither can I, Bree, once I understand how it works.
Secondly, methinks Jimbo's preaching to the choir, since this thread is all about a Microsoft solution.
BTW, I recently acquired a self-built computer with an Asus MSA78L-M Plus USB 3 motherboard. It was working fine when taken down, but has no side or front panels. Sooooo, I'll have to get a new case for it, but it should make a pretty good server/NAS, whatever. There is a 1 TB SSD and two 1 TB spinners in it, so it should work just fine for backups.
I have some older cases, but I'm thinking they're not up to snuff for this thing. Going to Asus to see what I have.
I agree with @Bree and @Wynona and use Controlled Folder Access with out any problems. M$'s GUI implementation of ransomware protection is definitely clunky, just like the rest of Windows Defender. You definitely need to allow relevant apps to exclusions. I also customize CFA by adding these folders:
I also use ConfigureDefender to manage Windows Defender much more easily. This app enables a user to easily harden and manage Windows Defender. You may find more info here GitHub - AndyFul/ConfigureDefender: Utility for configuring Windows 10 built-in Defender antivirus settings.
This thread has encouraged me to start using WD's Controlled Folder Access. So I'm first studying the procedures in
Enable or Disable Controlled Folder Access - TenForumsTutorials
Add Protected Folders to Controlled Folder Access - TenForumsTutorials
Add or Remove Allowed Apps for Controlled Folder Access - TenForumsTutorials
About adding 'apps' to the allowed list, there were some aspects that were not mentioned -
1 Will I face any additional hurdles when trying to add scripts [batch files, vbs, ps] or is adding them just like adding proper applications?
2 Will the automatic / manual 'allowed' status given to Excel-Access include VBA or is allowing VBA within Excel-Access files a different matter? I have some VBA that makes copies of key files [as an immediate form of backup to protect me from my own mistakes].
3 How do I 'allow' WinKey+PrntScrn to save files within protected folders or are standard Windows items like that allowed automatically?
Denis
No, it should be the app that runs the script (eg Cmd.exe or Excel) that is checked to see if it is allowed, not the scrip itself.
3 How do I 'allow' WinKey+PrntScrn to save files within protected folders or are standard Windows items like that allowed automatically?
Normal Windows functions should be allowed automatically, certainly WinKey+PrtScrn works with ransomware protection turned on. I have occasionally found an exception to that rule. At one time I had a problem with chkdsk in 1809, though that is now resolved in 1903/1909.
You're welcome. As I said before, I've had ransomware protection turned on since it was first introduced in version 1803. It was a bit clunky and awkward to configure back then (much improved now). Even so, once configured I found it hardly ever got in the way. I routinely turn it on for all my machines these days.
Please be aware that WD some anti-exploit settings, i.e. Attack Surface Reduction rules, allow exclusions but others do not. And a couple of the more restrictive rules may cause issues, depending on other installed software unique to your machine. For example, I use almost no 3rd party softs and have no issues with all rules enabled. So YMMV!