Windows 10 offers ransomware protection – but should you use it?

Did you know that Windows 10 has a ransomware protection feature? If you answered no, you’re not alone. Most people are not aware that on Windows 10, users have the option of activating “Controlled folder access”, a feature available with the Microsoft Defender Exploit Guard (part of Microsoft Defender Antivirus).

When turned on it prevents ransomware from encrypting your data and protects files from malicious apps trying to make unwanted changes. Considering this type of cyberthreat is on the rise – and increasingly for Windows PC users – now is a good time to familiarize yourself with this optional feature and decide if it makes sense for you to activate it.

How does a Windows PC get infected with ransomware? 

A ransomware attack starts with a cybercriminal infecting a victim’s computer with malware that encrypts files. This can be achieved by exploiting vulnerabilities in outdated software, but often a user is tricked into installing malware via clicking on a malicious link or email attachment.  

Once the target device has been infected, the attackers will demand a ransom for the release of the files and threaten to destroy or leak the documents if they don’t get paid. If you want to learn more, read this blog article with five helpful tips on how to prevent ransomware attacks.

How to enable Windows ransomware protection 

First, make sure you are running the latest version of Windows 10. To find the ransomware protection, type “Windows Security” in the lower-left search bar to open the Windows Security Center app. Once there, you’ll see the Virus & threat protection, and under that “Virus & threat protection settings” where you can click on Manage settings. You get to these settings faster by clicking on Manage ransomware protection at the bottom of the page. 

In either case, find the Controlled folder access, then click on Manage Controlled folder access and switch the toggle onBy activating this feature, Windows 10 will monitor changes made by an app to files in protected folders. If an unknown or suspicious program tries to access a protected file, access will be blocked, and you will receive an alert of the activity. 

If you click underneath on Block history, you can access the “Protection history” page to view which folders have blocked access. Clicking on Protected folders displays what folders are protected and allows you to add or remove folders from the list. Documents, Pictures, Videos, Music, Desktop, Favorites are protected by default, to include more click on + Add a protected folder, select the relevant folder in the Explorer window that appears and choose Select Folder. 

You also have the option to let apps you trust make changes on the protected folders when you click Allow an app by Controlled folder access. However, this is only necessary in special cases. For example, when the protection blocks a trusted program from working properly, like when a photo is saved in a protected storage folder by an image editor. If the folder access has already blocked a trusted program, you’ll see that after clicking Recently blocked apps. 

Why is Windows ransomware protection not on by default? 

Now that you know about this feature you might be asking: if it’s so great why is it not turned on by default? Well for starters, the feature often detects false positives, which can lead to another set of problems. For example, if a program you do trust is targeted as being suspicious, the warning might come at an inconvenient moment. It might crash the program or leave you with no way to save your work.  

It’s not possible to know which programs Microsoft finds dubious in advance so it’s hard to predict if your typical apps or games will work with the ransomware protection activated. A potential solution to avoid trusted programs being targeted as suspicious is to add them to the Controlled folder access whitelist. But that’s not exactly a simple solution either – especially for those who are not so technically inclined as it requires finding the executable file that runs the program. Another potential drawback is that any files in a shared network or on an external hard drive must be manually added to the list of protected folders, which again, is not necessarily quick or easy for everyone.  

So, while there are some advantages to opting-in to the Windows ransomware protection, you might want to think twice. Especially if you are not in the mood to make many manual adjustments if things don’t work as per normal. In the end, it might be easier to toggle Controlled Access folder back to off and get yourself a powerful antivirus for Windows that blocks threats like ransomware in real-time.

Avira logo

Block ransomware, spyware and more with Avira Free Antivirus for Windows