The post provides instructions on how to manage controlled folder access in Microsoft Defender Antivirus on Windows 11 for enhanced protection against ransomware and malicious apps. The guide details turning on/off both the Controlled folder access setting and the cloud-delivered protection in Group Policy, alongside specifying different options to control the access.
This post shows students and new users steps to restrict or allow controlled folder access in Microsoft Defender Antivirus in Windows 11. You also want to enable ransomware protection and controlled folder access when using Microsoft Defender Antivirus.
Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking the known trusted apps list and only allowing access to protected folders to apps on the list.
Scripting engines like PowerShell and others are also untrustworthy and cannot access controlled protected folders. This is especially useful in helping to protect your documents and information from viruses and malware, including ransomware.
Below is how to restrict or allow controlled folder access with Microsoft Defender Antivirus in Windows 11.
How to turn on the controlled access folder with Microsoft Defender Antivirus in Windows 11
As mentioned above, Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware.
Below is how to turn On or Off controlled folder access in Microsoft Defender Antivirus in Windows Security app in Windows 11.
Change Controlled folder access setting:
In the search box on the taskbar, type Windows Security and select Windows Security in the results list.
In Windows Security, select Virus & threat protection.
On the Virus & threat protection settings page, under Ransomware protection, select Manage ransomware settings.
Change the Controlled folder access setting to On or Off.
How to turn on or off cloud-delivered protection in Group Policy
In Windows 11, open Local Group Policy Editor by clicking on the Start menu and searching for Edit group policy, as highlighted below. Under Best match, select Edit group policy to launch Local Group Policy Editor.
In the left pane of Local Group Policy Editor, expand the tree:
Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Microsoft Defender Exploit Guard>Controlled folder access
In the Controlled Folder Access details pane on the right, local and double-click Configure Controlled folder access.
Set Configure Controlled folder access setting option to Enabled.
In the options section, you must specify one of the following options:
- Enable – Malicious and suspicious apps won’t be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log.
- Disable (Default) – The Controlled folder access feature won’t work. All apps can make changes to files in protected folders.
- Audit Mode – Changes will be allowed if a malicious or suspicious app attempts to make a change to a file in a protected folder. However, it will be recorded in the Windows event log where you can assess the impact on your organization.
- Block disk modification only – Attempts by untrusted apps to write to disk sectors will be logged in the Windows Event log. These logs can be found in Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123.
- Audit disk modification only – Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). Attempts to modify or delete files in protected folders won’t be recorded.
Close Local Group Policy Editor.
That should do it!
This post showed you how to turn on or off Microsoft Defender Antivirus-controlled folder access in Windows 11. Please use the comment form below if you find any errors above or have something to add.