Add Protected Folders to Controlled Folder Access in Windows 10  

Page 6 of 13 FirstFirst ... 45678 ... LastLast

  1. Posts : 119
    Win10
       #50

    Firefox trying to make changes to %userprofile%\Desktop is driving me crazy!

    Since a browser is the first to face the threats, how safe is to add it to the exception list?
    I'm worried about worms and other stuff that could hijack the .exe
      My Computer


  2. Posts : 30,524
    Windows 10 (Pro and Insider Pro)
       #51

    Jack07 said:
    Firefox trying to make changes to %userprofile%\Desktop is driving me crazy!

    Since a browser is the first to face the threats, how safe is to add it to the exception list?
    I'm worried about worms and other stuff that could hijack the .exe
    Same thoughts here... I'm not adding it to exceptions for now. On the other side, if browser is compromised and you're running it as admin, the damage is already done...
      My Computers


  3. Posts : 94
    Windows 10 Pro 64 bit. Ver. 22H2, Xubuntu 22.04
       #52

    Cliff S said:
    Tried it for about 15 minutes then turned it off again

    It was blocking OneDrive & File Explorer from making changes, and if I need to white list Microsoft's own built in software, to me anyhow, disaster is preprogrammed

    Oh, and it even blocked me from restoring something from the recycle bin!
    Sadly this is yet another software from Microsoft that is poorly designed. If one with at least half a brain looked into this mess and redesigned "Protected Folders" it could be a useful software. Now, it's just an nuisance.
      My Computers


  4. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #53

    I disagree - it is perfectly designed, and I'll warrant that a lot of other software could learn from this example.

    When you enable it, it is enabled across the board for all software, even stock Windows software. If you want to make an exception, you have to make it manually.

    It's way better than starting the software with a default set of exceptions, many of which most people will not use, and thus also provide a possible loophole for malicious software to exploit. You want XYZ program to access restricted folders, you have to explicitly allow it - Micro$oft is not going to make any assumption on what you might want to allow and might want to block.

    It's completely simple and effective in that way.
      My Computers


  5. Posts : 4,201
    Windows 10 Pro x64 Latest RP
       #54

    The other thing that some do not realise is that when you whitelist an executable you are whitelisting that application running from that specific location, so if you somehow end up with a rogue application with the same name as the one you have whitelisted, it will throw up an exception message and prevent the application from accessing the data. This assumes that your applications are located correctly in the Program Files or Program Files (x86), and owned by trustedinstaller, and thus cannot be replaced by any lesser process
      My Computers


  6. Posts : 27,162
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #55

    Researcher Bypasses Windows Controlled Folder Access


    Ransomware can use Office OLE objects to bypass CFA
    Jesus says that a ransomware developer could easily bypass Microsoft CFA anti-ransomware feature by adding simple scripts that bypass CFA via OLE objects inside Office files.

    In research published over the weekend, Jesus includes three examples that utilize boobytrapped Office documents (received via spam email) to overwrite the content of other Office documents stored inside CFA folders; password-protect the same files; or copy-paste their content inside files located outside the CFA folder, encrypt those, and delete the originals.

    While the first example is just destructive, the last two will work as an actual ransom, with victims having to pay the ransomware author for the password/decryption code that unlocks the files.

    Jesus displeased with Microsoft
    Jesus said he notified Microsoft about the issue he discovered. In a screenshot of the email he received from Microsoft, Jesus said the OS maker didn't classify the issue as a security vulnerability but said it would improve CFA in future releases to address the reported bypass method.

    "That really means Microsoft will fix the vulnerability that should be classified as Mitigation bypass without acknowledgment," said Jesus, referring to the fact that he'll get no credit or bug bounty reward for the issue he pointed out.
    Researcher Bypasses Windows Controlled Folder Access Anti-Ransomware Protection
      My Computers


  7. Posts : 4,278
    Windows 11 Pro 22H3
       #56

    My CFA is blocking System32 files from making changes to memory, anyone know what that is about?
      My Computers


  8. Posts : 10,929
    Win10 x64
       #57

    There is a reason this is disabled by default. I just turned it on and my goodness it blocks every *** thing lol. Turned off permanently.
      My Computer


  9. Posts : 16,325
    W10Prox64
       #58

    Access Denied said:
    There is a reason this is disabled by default. I just turned it on and my goodness it blocks every *** thing lol. Turned off permanently.
      My Computer


  10. Posts : 2
    win 10 Pro
       #59

    Had to add chkdsk.exe to the allowed list, otherwise ALL my external drives would fail a disk check like this ...

    Microsoft Windows [Version 10.0.16299.371]
    (c) 2017 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>chkdsk /v /f e:
    The type of the file system is NTFS.
    Volume label is 9.

    Stage 1: Examining basic file system structure ...
    26624 file records processed.
    File verification completed.
    0 large file records processed.
    0 bad file records processed.

    Stage 2: Examining file name linkage ...
    51 reparse records processed.
    29070 index entries processed.
    Index verification completed.
    0 unindexed files scanned.
    An unspecified error occurred (696e647863686b2e 1f67).
    An unspecified error occurred (6e74667363686b2e 170d).

    C:\Windows\system32>

    For a time, I thought ALL my drives were failing, I even reinstalled the OS, and then I was thinking my mortherboard was bad.

    THEN I realised it was the CFA setting !!!!
      My Computer


 

Tutorial Categories

Add Protected Folders to Controlled Folder Access in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:30.
Find Us




Windows 10 Forums