Windows 10: Change Windows Defender Controlled Folder Access Settings - Windows 10  

Page 6 of 7 FirstFirst ... 4567 LastLast
  1.    02 Feb 2018 #50

    Firefox trying to make changes to %userprofile%\Desktop is driving me crazy!

    Since a browser is the first to face the threats, how safe is to add it to the exception list?
    I'm worried about worms and other stuff that could hijack the .exe
      My ComputerSystem Spec

  2. Posts : 11,792
    Windows 10 (Pro and Insider Pro)
       02 Feb 2018 #51

    Jack07 said: View Post
    Firefox trying to make changes to %userprofile%\Desktop is driving me crazy!

    Since a browser is the first to face the threats, how safe is to add it to the exception list?
    I'm worried about worms and other stuff that could hijack the .exe
    Same thoughts here... I'm not adding it to exceptions for now. On the other side, if browser is compromised and you're running it as admin, the damage is already done...
      My ComputerSystem Spec

  3. Posts : 34
    Windows 10 Pro 64 bit Creators Update
       04 Feb 2018 #52

    Cliff S said: View Post
    Tried it for about 15 minutes then turned it off again

    It was blocking OneDrive & File Explorer from making changes, and if I need to white list Microsoft's own built in software, to me anyhow, disaster is preprogrammed

    Oh, and it even blocked me from restoring something from the recycle bin!
    Sadly this is yet another software from Microsoft that is poorly designed. If one with at least half a brain looked into this mess and redesigned "Protected Folders" it could be a useful software. Now, it's just an nuisance.
      My ComputersSystem Spec

  4. Posts : 1,466
    WinX Pro x64 IP current
       04 Feb 2018 #53

    I disagree - it is perfectly designed, and I'll warrant that a lot of other software could learn from this example.

    When you enable it, it is enabled across the board for all software, even stock Windows software. If you want to make an exception, you have to make it manually.

    It's way better than starting the software with a default set of exceptions, many of which most people will not use, and thus also provide a possible loophole for malicious software to exploit. You want XYZ program to access restricted folders, you have to explicitly allow it - Micro$oft is not going to make any assumption on what you might want to allow and might want to block.

    It's completely simple and effective in that way.
      My ComputersSystem Spec

  5. Posts : 2,325
    Windows 10 Pro x64 FCU - XP/Vista/Win7/Win8.1 in VM for testing
       04 Feb 2018 #54

    The other thing that some do not realise is that when you whitelist an executable you are whitelisting that application running from that specific location, so if you somehow end up with a rogue application with the same name as the one you have whitelisted, it will throw up an exception message and prevent the application from accessing the data. This assumes that your applications are located correctly in the Program Files or Program Files (x86), and owned by trustedinstaller, and thus cannot be replaced by any lesser process
      My ComputerSystem Spec

  6. Posts : 19,709
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       07 Feb 2018 #55

    Researcher Bypasses Windows Controlled Folder Access

    Ransomware can use Office OLE objects to bypass CFA
    Jesus says that a ransomware developer could easily bypass Microsoft CFA anti-ransomware feature by adding simple scripts that bypass CFA via OLE objects inside Office files.

    In research published over the weekend, Jesus includes three examples that utilize boobytrapped Office documents (received via spam email) to overwrite the content of other Office documents stored inside CFA folders; password-protect the same files; or copy-paste their content inside files located outside the CFA folder, encrypt those, and delete the originals.

    While the first example is just destructive, the last two will work as an actual ransom, with victims having to pay the ransomware author for the password/decryption code that unlocks the files.

    Jesus displeased with Microsoft
    Jesus said he notified Microsoft about the issue he discovered. In a screenshot of the email he received from Microsoft, Jesus said the OS maker didn't classify the issue as a security vulnerability but said it would improve CFA in future releases to address the reported bypass method.

    "That really means Microsoft will fix the vulnerability that should be classified as Mitigation bypass without acknowledgment," said Jesus, referring to the fact that he'll get no credit or bug bounty reward for the issue he pointed out.
    Researcher Bypasses Windows Controlled Folder Access Anti-Ransomware Protection
      My ComputersSystem Spec

  7. Posts : 777
    Win 10 Pro v1803 Build 17133.1
       1 Week Ago #56

    My CFA is blocking System32 files from making changes to memory, anyone know what that is about?
      My ComputerSystem Spec

  8.    1 Week Ago #57

    There is a reason this is disabled by default. I just turned it on and my goodness it blocks every *** thing lol. Turned off permanently.
      My ComputersSystem Spec

  •    1 Week Ago #58

    Access Denied said: View Post
    There is a reason this is disabled by default. I just turned it on and my goodness it blocks every *** thing lol. Turned off permanently.
      My ComputerSystem Spec

  •    4 Days Ago #59

    Had to add chkdsk.exe to the allowed list, otherwise ALL my external drives would fail a disk check like this ...

    Microsoft Windows [Version 10.0.16299.371]
    (c) 2017 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>chkdsk /v /f e:
    The type of the file system is NTFS.
    Volume label is 9.

    Stage 1: Examining basic file system structure ...
    26624 file records processed.
    File verification completed.
    0 large file records processed.
    0 bad file records processed.

    Stage 2: Examining file name linkage ...
    51 reparse records processed.
    29070 index entries processed.
    Index verification completed.
    0 unindexed files scanned.
    An unspecified error occurred (696e647863686b2e 1f67).
    An unspecified error occurred (6e74667363686b2e 170d).


    For a time, I thought ALL my drives were failing, I even reinstalled the OS, and then I was thinking my mortherboard was bad.

    THEN I realised it was the CFA setting !!!!
      My ComputerSystem Spec

    Page 6 of 7 FirstFirst ... 4567 LastLast

    Tutorial Categories

    Change Windows Defender Controlled Folder Access Settings - Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Xbox Windows Phone

    Related Threads
    How to Create a Windows Defender Settings shortcut in Windows 10 Windows Defender helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC without your...
    Hi, I just build up a new pc and changed from W7 to new era of W10 :-) Was not that easy and pleasant experience as I thought. I have huge storage capability with this new pc but since I'm using very fast Intel 512Gb 600p M.2 SSD as C drive, I...
    Hey all, I've been using the tutorials and tips here for a bit now, but I've run into a problem I can't seem to find anywhere. I use List view to help me sort music. However, my folders are spread across different drives, so I have to use a...
    I upgraded my custom PC a while ago (a couple months) from Windows 7 Home to Windows 10 Home and when I go into Windows update to enable insider features but it's greyed out and at the top it says "Some settings are controlled by your operator" this...
    Following instructions from a game manufacturer I changed the 'read only' settings for users / documents folder. Win 10 now disfunctions (instable, search unavailable, chrome closing incorrectly, etc). How should I proceed to restore the folder...
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 22:19.
    Find Us