Anti-ransomware protection in Fall Creators Update

Stevekir said:

Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta • The Register

Should I do this? Why didn't Microsoft make it activated by default?

Bree said:

Up to you, it does help protect you. I have turned it on....



...it also has disadvantages. You start getting notifications that some apps you've been using for ages are being blocked. Imagine suddenly finding out that you can't save to your user folder any more. Then imagine that you are not 'technically minded', don't know why it's happening or how to let an app through Controlled Folder Access.

So far I've had to allow access for six executables, ranging from LibreOffice to Microsoft's own RoboCopy command.

To expand on what Bree said, you will even have to add Windows own apps, programs, accessories, and tools to the list
Here is the list I have so far, notice how many belong to Windows/Microsoft, even Office365
(but for piece of mind, it's worth it, and you can always make a system image so you have a copy, and you can export the registry keys somewhere safe like OneDrive, for "just in case").



See this tutorial and read all the posts in the thread: Change Windows Defender Controlled Folder Access Settings - Windows 10 Security System Tutorials

I have created an Event Viewer Custom View make it easier to find the file you need to add to the allowed list, I also made a short video on how to use it to apply the file.

Steve C said:

I have Kaspersky anti-virus but might uninstall it. I have Defender periodic scanning on but I don't see the option for Controlled Folder Access. Is this because Kaspersky anti-virus is enabled?

Quite probably- real-time scanning is required for the feature to work. See the notes immediately following Brink's tutorial- if he gets confirmation of this effect of a 3rd party AV, he will amend the tutorial on this point

It's not really that hard to use and setup, I know, as I tried it in the beginning then shut it off, as I was too busy to keep letting things through, but then a week or two ago, on a Sunday, I started setting it up again, and added all my programs executables, including the ones for office, and then went through system32 and added Paint, Notepad, WordPad, Regedit(for when I export a key), and so on.

Now I's only a pain, when I'm in the middle of benchmarking and I get that popup, then I just let the benching software run through to get all the parts I need to add to the allowed list.

Some times only the executables are not enough, and .bin files that run sub functions/programs with in a program need to be added.
Like today when I ran PCMark 10, I needed to add C:\ProgramData\Futuremark\PCMark 10\chops\dlc\pcm10-libreoffice\program\soffice.bin for the LibreOffice portion of the benchmark.

Antiransomware is designed to protect data not the OS a complete OS destruction is simple to solve, compared to a state where all your data held on a device is unreadable as it is encrypted by someone other than you..

Always ensure that you have a copy of your actual data on at least one media that is NOT Connected in anyway to your operating system except for actual backup

I forgot to add - Don't forget to add your backup folders to the protected list - just in case the ransomware attack occurs whilst the drive is attached

BTW I do not use the free Windows AntiRansomware system but a paid one from BitDefender - It uses similar set-up of protected folders and whitelist of apps allowed access but has better controls