Windows 10: Add Protected Folders to Controlled Folder Access in Windows 10  

Page 1 of 11 123 ... LastLast
    Add Protected Folders to Controlled Folder Access in Windows 10

    Add Protected Folders to Controlled Folder Access in Windows 10

    How to Add or Remove Protected Folders for Controlled Folder Access in Windows 10
    Published by Category: Security System
    19 Jul 2018
    Designer Media Ltd

    Published by


    Brink's Avatar
    Administrator

    Posts: 32,219

    Show Printable Version 


    How to Add or Remove Protected Folders for Controlled Folder Access in Windows 10


    Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

    When Controlled folder access is turned on, it helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

    Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop.

    You can add additional folders to be protected, but you cannot remove the default folders in the default list.

    Adding other folders to Controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults.

    You can also add network shares and mapped drives.

    For more details about Controlled folder access, see:

    This tutorial will show you how to add and remove protected folders for the Controlled folder access feature of Windows Defender Exploit Guard in Windows 10.

    You must be signed in as an administrator to add or remove protected folders for Controlled folder access.


     CONTENTS:

    • Option One: Add Protected Folders to Controlled Folder Access in Windows Defender Security Center
    • Option Two: Remove Protected Folders from Controlled Folder Access in Windows Defender Security Center
    • Option Three: Add Protected Folders to Controlled Folder Access in PowerShell
    • Option Four: Remove Protected Folders from Controlled Folder Access in PowerShell
    • Option Five: Configure Protected Folders Policy for Controlled Folder Access in Local Group Policy Editor
    • Option Six: Configure Protected Folders Policy for Controlled Folder Access in Registry Editor


    EXAMPLE: Windows Defender Exploit Guard Controlled Folder Access








    Add Protected Folders to Controlled Folder Access in Windows 10 OPTION ONE Add Protected Folders to Controlled Folder Access in Windows 10
    Add Protected Folders to Controlled Folder Access in Windows Defender Security Center


    The list of allowed apps is stored in the registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

    1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-1.jpg
Views: 7626
Size:  48.0 KB

    2. Click/tap on the Manage ransomware protection link under the Ransomware protection section. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-2.jpg
Views: 7529
Size:  61.6 KB

    3. Click/tap on the Protected folders link. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-3.jpg
Views: 7551
Size:  58.2 KB

    4. Click/tap on Yes when prompted by UAC to approve.

    5. Click/tap on Add a protected folder. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-4.jpg
Views: 7524
Size:  56.9 KB

    6. Navigate to and select the folder (ex: "D:\My protected folder") you want to add as a protected folder, and click/tap on Select Folder. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-5.png
Views: 7516
Size:  42.4 KB

    7. When finished adding folders, you can close Windows Defender Security Center if you like.






    Add Protected Folders to Controlled Folder Access in Windows 10 OPTION TWO Add Protected Folders to Controlled Folder Access in Windows 10
    Remove Protected Folders from Controlled Folder Access in Windows Defender Security Center

    1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-1.jpg
Views: 7626
Size:  48.0 KB

    2. Click/tap on the Manage ransomware protection link under the Ransomware protection section. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-2.jpg
Views: 7529
Size:  61.6 KB

    3. Click/tap on the Protected folders link. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-3.jpg
Views: 7551
Size:  58.2 KB

    4. Click/tap on Yes when prompted by UAC to approve.

    5. Click/tap on an added folder (ex: "D:\My protected folder") you want to remove, and click/tap on Remove. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-5.jpg
Views: 7538
Size:  95.5 KB

    5. Click/tap on OK to confirm. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access-6.png
Views: 7530
Size:  13.4 KB

    7. When finished removing folders, you can close Windows Defender Security Center if you like.






    Add Protected Folders to Controlled Folder Access in Windows 10 OPTION THREE Add Protected Folders to Controlled Folder Access in Windows 10
    Add Protected Folders to Controlled Folder Access in PowerShell

    1. Open an elevated PowerShell.

    2. Enter the command below into the elevated PowerShell, and press Enter. (see screenshot below)

    Add-MpPreference -ControlledFolderAccessProtectedFolders "Full path of folder"

    Substitute Full path of folder in the command above with the actual full path of the folder (ex: "D:\My protected folder") you want to add as a protected folder.

    For example: Add-MpPreference -ControlledFolderAccessProtectedFolders "D:\My protected folder"

    3. You can now close the elevated PowerShell if you like.

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_PowerShell-1.jpg
Views: 7507
Size:  26.7 KB






    Add Protected Folders to Controlled Folder Access in Windows 10 OPTION FOUR Add Protected Folders to Controlled Folder Access in Windows 10
    Remove Protected Folders from Controlled Folder Access in PowerShell

    1. Open an elevated PowerShell.

    2. Enter the command below into the elevated PowerShell, and press Enter. (see screenshot below)

    Remove-MpPreference -ControlledFolderAccessProtectedFolders "Full path of folder"

    Substitute Full path of folder in the command above with the actual full path of the folder (ex: "D:\My protected folder") you want to remove as a protected folder.

    For example: Remove-MpPreference -ControlledFolderAccessProtectedFolders "D:\My protected folder"

    3. You can now close the elevated PowerShell if you like.

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_PowerShell-2.jpg
Views: 7506
Size:  25.9 KB






    Add Protected Folders to Controlled Folder Access in Windows 10 OPTION FIVE Add Protected Folders to Controlled Folder Access in Windows 10
    Configure Protected Folders Policy for Controlled Folder Access in Local Group Policy Editor


    Protected folders you add using this option cannot be removed using Option Two and Option Four.

    The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Six below for this policy.

    1. Open the Local Group Policy Editor.

    2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

    Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_gpedit-1.png
Views: 7515
Size:  45.3 KB

    3. In the right pane of Controlled Folder Access in Local Group Policy Editor, double click/tap on the Configure protected folders policy to edit it. (see screenshot above)

    4. Do step 5 (default) or step 6 (configure) below for what you would like to do.


     5. To Not "Configure protected folders" for Controlled Folder Access

    A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see left screenshot below)

    Not Configured is the default setting.


     6. To "Configure protected folders" for Controlled Folder Access

    A) Select (dot) Enabled, and click/tap on the Show button in Options. (see left screenshot below)

    B) In the Value name column, type the full path of the folder (ex: "D:\My protected folder") you want to add as a protected folder. (see right screenshot below)

    You will need to double click/tap in the field to be able to enter the full path.

    C) In the Value column to the right of the added app, type the number 0. (see right screenshot below)

    You will need to double click/tap in the field to be able to enter the number.

    D) If you want to remove an added folder, double click/tap on the Value name and Value fields for the app you want to remove, and edit them out until blank. (see right screenshot below)

    E) When finished adding and removing folders, click/tap on OK. (see right screenshot below)

    F) Click/tap on OK, and go to step 7 below. (see left screenshot below)

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_gpedit-2.jpg
Views: 7584
Size:  99.4 KB Name:  Windows_Defender_Controlled_folder_access_protected_folders_gpedit-3.png
Views: 7513
Size:  25.8 KB

    7. When finished, close the Local Group Policy Editor.






    Add Protected Folders to Controlled Folder Access in Windows 10 OPTION SIX Add Protected Folders to Controlled Folder Access in Windows 10
    Configure Protected Folders Policy for Controlled Folder Access in Registry Editor


    Protected folders you add using this option cannot be removed using Option Two and Option Four.

    This option is for the same policy in Option Five.


    1. Do step 2 (default), step 3 (add apps), or step 4 (remove apps) below for what you would like to do.


     2. To Not "Configure protected folders" for Controlled Folder Access

    This is the default setting. It will remove all apps added using this policy.

    A) Click/tap on the Download button below to download the file below.

    Undo_Configure_protected_folders_group_policy.reg

    download

    B) Save the .reg file to your desktop.

    C) Double click/tap on the downloaded .reg file to merge it.

    D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.


     3. "Configure protected folders" to Add Protected Folders

    A) Click/tap on the Download button below to download the file below.

    This downloadable .reg file will add the registry keys for you to make it easier to set in this step.

    Configure_protected_folders_group_policy.reg

    download

    B) Save the .reg file to your desktop.

    C) Double click/tap on the downloaded .reg file to merge it.

    D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    E) Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

    F) Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_regedit-1.jpg
Views: 7538
Size:  61.2 KB

    G) In the right pane of the ProtectedFolders key, right click on an empty space, click/tap on New, and click/tap on String Value. (see screenshot above)

    H) Type the full path of the folder (ex: "D:\My protected folder") you want to add as the name of this string value, and press Enter. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_regedit-2.jpg
Views: 7519
Size:  54.5 KB

    I) Double click/tap on this string value (ex: "D:\My protected folder") to modify it. (see screenshot above)

    J) Type the number 0, and click/tap on OK. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_regedit-3.png
Views: 7515
Size:  16.3 KB

    K) Repeat steps 3G to 3J if you want to add anymore folders as protected folders.

    L) When finished adding folders, you can close Registry Editor if you like.


     4. "Configure protected folders" to Remove Protected Folders

    A) Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

    B) Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_regedit-4.jpg
Views: 7518
Size:  57.8 KB

    C) In the right pane of the ProtectedFolders key, right click on the string value (REG_SZ) of the folder (ex: "D:\My protected folder") you want to remove, and click/tap on Delete. (see screenshot above)

    D) Click/tap on Yes to confirm. (see screenshot below)

    Name:  Windows_Defender_Controlled_folder_access_protected_folders_regedit-5.png
Views: 7521
Size:  13.2 KB

    E) When finished removing folders, you can close Registry Editor if you like.


    That's it,
    Shawn





  1. Cliff S's Avatar
    Posts : 21,197
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       21 Oct 2017 #1

    Tried it for about 15 minutes then turned it off again

    It was blocking OneDrive & File Explorer from making changes, and if I need to white list Microsoft's own built in software, to me anyhow, disaster is preprogrammed

    Oh, and it even blocked me from restoring something from the recycle bin!
      My ComputersSystem Spec

  2. Brink's Avatar
    Posts : 32,219
    64-bit Windows 10 Pro build 18242
    Thread Starter
       21 Oct 2017 #2

    Yep, it'll literally block everything for a protected folder until allowed.
      My ComputersSystem Spec

  3. Cliff S's Avatar
    Posts : 21,197
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       21 Oct 2017 #3

    Brink said: View Post
    Yep, it'll literally block everything for a protected folder until allowed.
    That makes it only good for work PC's(running SAP) and kiosk mode then(both where there will be no changes or deletions made), because it doesn't at least present you with a link to the .exe to white list something, like restore from recycle bin, or to whatever OneDrive process.
      My ComputersSystem Spec

  4. Brink's Avatar
    Posts : 32,219
    64-bit Windows 10 Pro build 18242
    Thread Starter
       21 Oct 2017 #4

    It would be nice if it had some sort if UAC style Yes/No to approve for a controlled folder instead of just this below.

    Name:  Controlled_folder_Unauthorized_changes_blocked.png
Views: 35688
Size:  33.4 KB
      My ComputersSystem Spec

  5. TairikuOkami's Avatar
    Posts : 3,326
    10.5 Home 1803 x64
       21 Oct 2017 #5

    Has not the registry path and value changed or is it just for Home?

    Code:
    reg add "HKLM\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "1" /f
      My ComputerSystem Spec

  6. Brink's Avatar
    Posts : 32,219
    64-bit Windows 10 Pro build 18242
    Thread Starter
       21 Oct 2017 #6

    TairikuOkami said: View Post
    Has not the registry path and value changed or is it just for Home?

    Code:
    reg add "HKLM\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "1" /f

    It's the registry key and value you posted now. The only issue is that you have to take ownership of the key before you'll be able to modify the value of the DWORD.

    Thank you for the heads up. :)
      My ComputersSystem Spec

  7.    25 Oct 2017 #7

    Hi Brink, I've just read this post:
    Controlled folder access is greyed out - Windows 10 Forums
    I don't have the FCU, but am wondering if the option would be greyed out if a 3rd party AV were installed and real-time scanning by Defender were disabled. What do you think?

    Configure Controlled Folder Access in Windows 10 - gHacks Tech News
      My ComputerSystem Spec

  8. Caledon Ken's Avatar
    Posts : 9,713
    Windows 10 Pro x64 Build 1803
       25 Oct 2017 #8

    Hi Brink.

    Was on this thread. Member reported you needed to reboot to make changes and mentioned that sub processes may be doing the saving. Might be worth checking on reboot comment and adding mention of sub process in a "Tip"

    Controlled folder access problems

    Ken
      My ComputerSystem Spec

  9. Brink's Avatar
    Posts : 32,219
    64-bit Windows 10 Pro build 18242
    Thread Starter
       25 Oct 2017 #9

    dalchina said: View Post
    Hi Brink, I've just read this post:
    Controlled folder access is greyed out - Windows 10 Forums
    I don't have the FCU, but am wondering if the option would be greyed out if a 3rd party AV were installed and real-time scanning by Defender were disabled. What do you think?

    Configure Controlled Folder Access in Windows 10 - gHacks Tech News

    That would be a very good possibility if the 3rd party AV disabled Windows Defender.

    If it has a "This setting is managed by your administrator" message above this setting, then a group policy has been configured for it instead.

    Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access
    Last edited by Brink; 25 Oct 2017 at 10:12.
      My ComputersSystem Spec


 
Page 1 of 11 123 ... LastLast

Tutorial Categories

Add Protected Folders to Controlled Folder Access in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Xbox Windows Phone


Related Threads
How to Create a Windows Defender Settings shortcut in Windows 10 Windows Defender helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC without your...
Hi, I just build up a new pc and changed from W7 to new era of W10 :-) Was not that easy and pleasant experience as I thought. I have huge storage capability with this new pc but since I'm using very fast Intel 512Gb 600p M.2 SSD as C drive, I...
Hey all, I've been using the tutorials and tips here for a bit now, but I've run into a problem I can't seem to find anywhere. I use List view to help me sort music. However, my folders are spread across different drives, so I have to use a...
I upgraded my custom PC a while ago (a couple months) from Windows 7 Home to Windows 10 Home and when I go into Windows update to enable insider features but it's greyed out and at the top it says "Some settings are controlled by your operator" this...
Following instructions from a game manufacturer I changed the 'read only' settings for users / documents folder. Win 10 now disfunctions (instable, search unavailable, chrome closing incorrectly, etc). How should I proceed to restore the folder...

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:38.
Find Us