Add Protected Folders to Controlled Folder Access in Windows 10  

Programs are beginning to pop up that'll make use of controlled folders a bit easier..

sordum | defender-injector-v1-0 is free, as far as I'm seeing, it's portable and also adds context menu for adding and removing programs to/ from allowed apps..

It's clean according to Virustotal

Folder protection should not allow any exception of files, if it is to work then the exceptions should be by whitelisting apps only. which in addition should fully "fingerprint" the apps whitelisted

The problem with file exceptions is that the way that Humans behave will lead to the situation of them deciding that they do not want their most important data files "messed with" and will exclude them. The major issue with that is the very files that they want protected will be left open to attack by ransomware

Barman58 said:

Folder protection should not allow any exception of files, if it is to work then the exceptions should be by whitelisting apps only. which in addition should fully "fingerprint" the apps whitelisted

The problem with file exceptions is that the way that Humans behave will lead to the situation of them deciding that they do not want their most important data files "messed with" and will exclude them. The major issue with that is the very files that they want protected will be left open to attack by ransomware

Should have said allowed app. But, of course, agree with you.. too many allowed apps and this approach have no sense any more..

I do not use windows protected folders as I use the Bitdefender which is a lot easier to use - it fully fingerprints the application or App in use noting file size, location, and other forensic items to ensure that a re coded clone of a whitelisted executable cannot access the data as the whitelisted executable - it also prompts you if an executable tries to access data files and is not whitelisted and allows you to make a decision to whitelist the executable or not, (which allows you to check and decide), it retains a message about suspect items so it's easy to control what's controlled. I found the initial windows version very clunky in use so kept using Bitdefender

snickie said:

I don't argue with that. But one example of poor design; When I get a notification of an app being stopped, I can't see the whole path because it shows three dots (...) so I have to open Event viewer to see where the actual app resides. That is too cumbersome in my opinion.

I use the similar, but more mature, version of this protection included in my Bitdefender subscription - This pops up a proper dialogue with an option to continue blocking or open the control dialogue and add the executable, (in that location and with the exact digital fingerprint), to the exception list - so it can be done better

Ground Sloth said:

Controlled Folder Access seems to have improved in 1803. Unfortunately, whitelisting is still inconvenient.

I had to turn it off on my clean install of 1803. It was working great with only the hassle of needed reboot on some allowed programs. Then all of a sudden it started blocking EVERYTHING including Windows own programs like svchost, etc.

I had rebooted so many times before that started, it has to be that it is still just buggy. Needs more work and the ability for it to white list it's own programs/files that are signed by MS and only block if they change.

Once that is confirmed, I will try it again. :)

Unfortunately I don't think that pre-installation white lists will ever be a viable option in the folder protection systems.

Due to the way that ransomware operates you need strong fingerprinting of executables to prevent malware versions of the Whitelisted executables from gaining access to User Data.

Part of the problem is that you will rarely if ever see two identical setups of Windows, If a user is involved in the system they will notice if an executable that they never use tries to access a file, if it's a preloaded exception the human input is lost, and BANG! there goes all your data

Is the way that folder protection works a right Royal PITA, yes of course it is, but it's less so that losing all your data

Access Denied said:

I had to turn it off on my clean install of 1803. It was working great with only the hassle of needed reboot on some allowed programs. Then all of a sudden it started blocking EVERYTHING including Windows own programs like svchost, etc.

I had rebooted so many times before that started, it has to be that it is still just buggy. Needs more work and the ability for it to white list it's own programs/files that are signed by MS and only block if they change.

Once that is confirmed, I will try it again. :)

I've noticed this too. From time to time, system has trouble to identify properly installed apps and services, MS Office was problematic for today After some time (very different - could be minutes or half an hour) everything goes back into order....

Barman58 said:

Unfortunately I don't think that pre-installation white lists will ever be a viable option in the folder protection systems.

Due to the way that ransomware operates you need strong fingerprinting of executables to prevent malware versions of the Whitelisted executables from gaining access to User Data.

Part of the problem is that you will rarely if ever see two identical setups of Windows, If a user is involved in the system they will notice if an executable that they never use tries to access a file, if it's a preloaded exception the human input is lost, and BANG! there goes all your data

Is the way that folder protection a right Royal PITA, yes of course it is, but it's less so that losing all your data

Agree. Very well put. Not much to add