How to Enable or Disable Controlled Folder Access for Microsoft Defender Antivirus in Windows 11

Option 1Use Windows Security Settings

1. Open Windows Security.
2. Click on Virus & threat protection.
3. Do one of these:

   • Click Manage ransomware protection under Ransomware protection, OR
4. Click Manage settings under Virus & threat protection settings, then click Manage Controlled folder access
5. ⚠️ Admin Required: Turn Controlled folder access On or Off (the default setting).
6. If a dialog box appears asking for permission, click Yes.
7. Close Windows Security when finished.

Option 2Use Command Line

1. ⚠️ Admin Required: Open Windows Terminal (Admin) and choose either Windows PowerShell or Command Prompt.
2. Copy and paste one of the commands below, then press Enter:

   • To Turn On Controlled Folder Access:
     
     Set-MpPreference -EnableControlledFolderAccess Enabled
3. To Turn Off Controlled Folder Access (default):
   
   Set-MpPreference -EnableControlledFolderAccess Disabled
4. Close Windows Terminal when finished.

Option 3Use Local Group Policy Editor

Note: This option only works on Windows 11 Pro, Enterprise, and Education editions. Use Option Four if you have Windows 11 Home.

1. ⚠️ Admin Required: Open the Local Group Policy Editor (gpedit.msc).
2. In the left panel, navigate to this location:
   
   Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled folder access
3. In the right panel, double-click the Configure Controlled folder access policy.
4. Choose one of these options:
   

   To Always Turn On Controlled Folder Access:

   
   
   1. Select Enabled.


5. In the Configure the guard my folders feature dropdown, select Block.


6. Click OK.

To Turn Off Controlled Folder Access:

1. Select Enabled.


2. In the Configure the guard my folders feature dropdown, select Disable (Default).


3. Click OK.

To Use Default Settings:

1. Select Not Configured.
2. Click OK.

Option 4Use Registry Editor

⚠️ Admin Required: Use this method on all Windows 11 editions, including Home.

To Always Turn On Controlled Folder Access:

Click the Download button below to ⬇️ download the file, then follow the installation steps.

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v EnableControlledFolderAccess /t REG_DWORD /d 1 /f

To Turn Off Controlled Folder Access:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v EnableControlledFolderAccess /t REG_DWORD /d 0 /f

To Use Default Settings:

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v EnableControlledFolderAccess /f

Summary

What is Controlled Folder Access? It is a security feature in Windows 11 that prevents dangerous apps from changing your files.

Why should you use it? It protects your important documents and personal files from ransomware and other malicious software.

How do you turn it on? You have four options: use Windows Security settings, run a command, edit Group Policy (Pro/Enterprise/Education only), or edit the Registry. All methods require administrator access.

What happens when it is on? Trusted apps can access your protected folders normally. Untrusted apps are blocked, and you receive a warning when they try to access protected files.