Add Protected Folders to Controlled Folder Access in Windows 10  

Page 1 of 11 123 ... LastLast
    Add Protected Folders to Controlled Folder Access in Windows 10

    Add Protected Folders to Controlled Folder Access in Windows 10

    How to Add or Remove Protected Folders for Controlled Folder Access in Windows 10
    Published by Category: Security System
    08 Jun 2019
    Designer Media Ltd
     

    How to Add or Remove Protected Folders for Controlled Folder Access in Windows 10


    Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

    When Controlled folder access is turned on, it helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

    Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop.

    You can add additional folders to be protected, but you cannot remove the default folders in the default list.

    Adding other folders to Controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults.

    You can also add network shares and mapped drives.

    For more details about Controlled folder access, see:

    This tutorial will show you how to add and remove protected folders for the Controlled folder access feature of Windows Defender Exploit Guard in Windows 10.

    You must be signed in as an administrator to add or remove protected folders for Controlled folder access.


     CONTENTS:

    • Option One: Add Protected Folders to Controlled Folder Access in Windows Defender Security Center
    • Option Two: Remove Protected Folders from Controlled Folder Access in Windows Defender Security Center
    • Option Three: Add Protected Folders to Controlled Folder Access in PowerShell
    • Option Four: Remove Protected Folders from Controlled Folder Access in PowerShell
    • Option Five: Configure Protected Folders Policy for Controlled Folder Access in Local Group Policy Editor
    • Option Six: Configure Protected Folders Policy for Controlled Folder Access in Registry Editor





    OPTION ONE

    Add Protected Folders to Controlled Folder Access in Windows Defender Security Center



    The list of allowed apps is stored in the registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

    1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-1.jpg

    2. Click/tap on the Manage ransomware protection link under the Ransomware protection section. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-2.jpg

    3. Click/tap on the Protected folders link. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-3.jpg

    4. Click/tap on Yes when prompted by UAC to approve.

    5. Click/tap on Add a protected folder. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-4.jpg

    6. Navigate to and select the folder (ex: "D:\My protected folder") you want to add as a protected folder, and click/tap on Select Folder. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-5.png

    7. When finished adding folders, you can close Windows Defender Security Center if you like.






    OPTION TWO

    Remove Protected Folders from Controlled Folder Access in Windows Defender Security Center


    1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-1.jpg

    2. Click/tap on the Manage ransomware protection link under the Ransomware protection section. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-2.jpg

    3. Click/tap on the Protected folders link. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-3.jpg

    4. Click/tap on Yes when prompted by UAC to approve.

    5. Click/tap on an added folder (ex: "D:\My protected folder") you want to remove, and click/tap on Remove. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-5.jpg

    5. Click/tap on OK to confirm. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access-6.png

    7. When finished removing folders, you can close Windows Defender Security Center if you like.






    OPTION THREE

    Add Protected Folders to Controlled Folder Access in PowerShell


    1. Open an elevated PowerShell.

    2. Enter the command below into the elevated PowerShell, and press Enter. (see screenshot below)

    Add-MpPreference -ControlledFolderAccessProtectedFolders "Full path of folder"

    Substitute Full path of folder in the command above with the actual full path of the folder (ex: "D:\My protected folder") you want to add as a protected folder.

    For example: Add-MpPreference -ControlledFolderAccessProtectedFolders "D:\My protected folder"

    3. You can now close the elevated PowerShell if you like.

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_powershell-1.jpg






    OPTION FOUR

    Remove Protected Folders from Controlled Folder Access in PowerShell


    1. Open an elevated PowerShell.

    2. Enter the command below into the elevated PowerShell, and press Enter. (see screenshot below)

    Remove-MpPreference -ControlledFolderAccessProtectedFolders "Full path of folder"

    Substitute Full path of folder in the command above with the actual full path of the folder (ex: "D:\My protected folder") you want to remove as a protected folder.

    For example: Remove-MpPreference -ControlledFolderAccessProtectedFolders "D:\My protected folder"

    3. You can now close the elevated PowerShell if you like.

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_powershell-2.jpg






    OPTION FIVE

    Configure Protected Folders Policy for Controlled Folder Access in Local Group Policy Editor



    Protected folders you add using this option cannot be removed using Option Two and Option Four.

    The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Six below for this policy.

    1. Open the Local Group Policy Editor.

    2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

    Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_gpedit-1.png

    3. In the right pane of Controlled Folder Access in Local Group Policy Editor, double click/tap on the Configure protected folders policy to edit it. (see screenshot above)

    4. Do step 5 (default) or step 6 (configure) below for what you would like to do.


     5. To Not "Configure protected folders" for Controlled Folder Access

    A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see left screenshot below)

    Not Configured is the default setting.


     6. To "Configure protected folders" for Controlled Folder Access

    A) Select (dot) Enabled, and click/tap on the Show button in Options. (see left screenshot below)

    B) In the Value name column, type the full path of the folder (ex: "D:\My protected folder") you want to add as a protected folder. (see right screenshot below)

    You will need to double click/tap in the field to be able to enter the full path.

    C) In the Value column to the right of the added app, type the number 0. (see right screenshot below)

    You will need to double click/tap in the field to be able to enter the number.

    D) If you want to remove an added folder, double click/tap on the Value name and Value fields for the app you want to remove, and edit them out until blank. (see right screenshot below)

    E) When finished adding and removing folders, click/tap on OK. (see right screenshot below)

    F) Click/tap on OK, and go to step 7 below. (see left screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_gpedit-2.jpg Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_gpedit-3.png

    7. When finished, close the Local Group Policy Editor.






    OPTION SIX

    Configure Protected Folders Policy for Controlled Folder Access in Registry Editor



    Protected folders you add using this option cannot be removed using Option Two and Option Four.

    This option is for the same policy in Option Five.


    1. Do step 2 (default), step 3 (add apps), or step 4 (remove apps) below for what you would like to do.


     2. To Not "Configure protected folders" for Controlled Folder Access

    This is the default setting. It will remove all apps added using this policy.

    A) Click/tap on the Download button below to download the file below.

    Undo_Configure_protected_folders_group_policy.reg

    Download

    B) Save the .reg file to your desktop.

    C) Double click/tap on the downloaded .reg file to merge it.

    D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.


     3. "Configure protected folders" to Add Protected Folders

    A) Click/tap on the Download button below to download the file below.

    This downloadable .reg file will add the registry keys for you to make it easier to set in this step.

    Configure_protected_folders_group_policy.reg

    Download

    B) Save the .reg file to your desktop.

    C) Double click/tap on the downloaded .reg file to merge it.

    D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    E) Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

    F) Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_regedit-1.jpg

    G) In the right pane of the ProtectedFolders key, right click on an empty space, click/tap on New, and click/tap on String Value. (see screenshot above)

    H) Type the full path of the folder (ex: "D:\My protected folder") you want to add as the name of this string value, and press Enter. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_regedit-2.jpg

    I) Double click/tap on this string value (ex: "D:\My protected folder") to modify it. (see screenshot above)

    J) Type the number 0, and click/tap on OK. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_regedit-3.png

    K) Repeat steps 3G to 3J if you want to add anymore folders as protected folders.

    L) When finished adding folders, you can close Registry Editor if you like.


     4. "Configure protected folders" to Remove Protected Folders

    A) Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

    B) Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_regedit-4.jpg

    C) In the right pane of the ProtectedFolders key, right click on the string value (REG_SZ) of the folder (ex: "D:\My protected folder") you want to remove, and click/tap on Delete. (see screenshot above)

    D) Click/tap on Yes to confirm. (see screenshot below)

    Add Protected Folders to Controlled Folder Access in Windows 10-windows_defender_controlled_folder_access_protected_folders_regedit-5.png

    E) When finished removing folders, you can close Registry Editor if you like.


    That's it,
    Shawn



  1. Cliff S's Avatar
    Posts : 25,576
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #1

    Tried it for about 15 minutes then turned it off again

    It was blocking OneDrive & File Explorer from making changes, and if I need to white list Microsoft's own built in software, to me anyhow, disaster is preprogrammed

    Oh, and it even blocked me from restoring something from the recycle bin!
      My Computers

  2. Brink's Avatar
    Posts : 56,483
    64-bit Windows 10 Pro for Workstations build 21364
    Thread Starter
       #2

    Yep, it'll literally block everything for a protected folder until allowed.
      My Computers

  3. Cliff S's Avatar
    Posts : 25,576
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #3

    Brink said:
    Yep, it'll literally block everything for a protected folder until allowed.
    That makes it only good for work PC's(running SAP) and kiosk mode then(both where there will be no changes or deletions made), because it doesn't at least present you with a link to the .exe to white list something, like restore from recycle bin, or to whatever OneDrive process.
      My Computers

  4. Brink's Avatar
    Posts : 56,483
    64-bit Windows 10 Pro for Workstations build 21364
    Thread Starter
       #4

    It would be nice if it had some sort if UAC style Yes/No to approve for a controlled folder instead of just this below.

    Add Protected Folders to Controlled Folder Access in Windows 10-controlled_folder_unauthorized_changes_blocked.png
      My Computers

  5. TairikuOkami's Avatar
    Posts : 4,698
    Windows Home Dev 21xxx x64
       #5

    Has not the registry path and value changed or is it just for Home?

    Code:
    reg add "HKLM\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "1" /f
      My Computer

  6. Brink's Avatar
    Posts : 56,483
    64-bit Windows 10 Pro for Workstations build 21364
    Thread Starter
       #6

    TairikuOkami said:
    Has not the registry path and value changed or is it just for Home?

    Code:
    reg add "HKLM\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "1" /f

    It's the registry key and value you posted now. The only issue is that you have to take ownership of the key before you'll be able to modify the value of the DWORD.

    Thank you for the heads up. :)
      My Computers

  7. dalchina's Avatar
    Posts : 30,115
    Win 10 Pro (1903)
       #7

    Hi Brink, I've just read this post:
    Controlled folder access is greyed out - Windows 10 Forums
    I don't have the FCU, but am wondering if the option would be greyed out if a 3rd party AV were installed and real-time scanning by Defender were disabled. What do you think?

    Configure Controlled Folder Access in Windows 10 - gHacks Tech News
      My Computers

  8. Caledon Ken's Avatar
    Posts : 24,275
    Windows 10 Pro x64 Version 2004
       #8

    Hi Brink.

    Was on this thread. Member reported you needed to reboot to make changes and mentioned that sub processes may be doing the saving. Might be worth checking on reboot comment and adding mention of sub process in a "Tip"

    Controlled folder access problems

    Ken
      My Computer

  9. Brink's Avatar
    Posts : 56,483
    64-bit Windows 10 Pro for Workstations build 21364
    Thread Starter
       #9

    dalchina said:
    Hi Brink, I've just read this post:
    Controlled folder access is greyed out - Windows 10 Forums
    I don't have the FCU, but am wondering if the option would be greyed out if a 3rd party AV were installed and real-time scanning by Defender were disabled. What do you think?

    Configure Controlled Folder Access in Windows 10 - gHacks Tech News

    That would be a very good possibility if the 3rd party AV disabled Windows Defender.

    If it has a "This setting is managed by your administrator" message above this setting, then a group policy has been configured for it instead.

    Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access
    Last edited by Brink; 25 Oct 2017 at 10:12.
      My Computers


 
Page 1 of 11 123 ... LastLast

Tutorial Categories

Add Protected Folders to Controlled Folder Access in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:17.
Find Us




Windows 10 Forums