Not all users know that Windows 10 and Windows 11 anti-ransomware protection is included in their operating systems to help protect your device from ransomware attacks. However, by default, ransomware protection is disabled on the computer.
Ransomware Protection is a useful feature that is included with the Security Module in Windows 11 and in Windows 10 starting with version 1709 (Fall Creators Update). The built-in Windows Security antivirus (Windows Defender, Windows Defender, Microsoft Defender) is responsible for the function.
If your computer is dealing with frequent freezes, scan it for a possible ransomware attack. Now viruses are created mainly for the purpose of profit or theft of information.
Malicious software infiltrates the operating system and disables the protection of your PC. As a result, programs, files, registry keys, and other important system functions can be damaged. The virus disables the Windows security system, preventing it from scanning and removing malware.
What is ransomware
The main reason for ransomware attacks is to take your data and your PC hostage. Malicious software (cryptovirus, ransomware, ransomware, ransomware) encrypts your files, making them unusable and inaccessible, or locks your computer for a ransom until the victim transfers money to the attacker.
In other cases, malware can corrupt your data, delete or destroy it. Some of the ransomware can steal your data.
Initially, attackers will demand a ransom for your files and extort money from you before returning access to them. They can also steal your data even though you paid the ransom. In the vast majority of cases, unlocking does not occur even if you pay the required money to the blackmailer.
Ransomware enters a computer in different ways, for example, in situations like these:
- After opening files from a connected external device.
- On fake sites that make them look like official resources.
- In attachments or links in emails, instant messengers, social networks, and so on.
To neutralize such threats and save important files and documents, you need protection against ransomware on your computer.
How to enable ransomware protection in Windows 11 and Windows 10
With the Controlled Folder Access feature of Windows 10/11, you can protect data from changes in protected folders that malicious software will try to make.
Before making changes to Windows settings, make sure you are using an administrator account. Guest users do not have access to this feature.
Go through the steps:
- Click on the start menu with the right mouse button.
- In the context menu that opens, click on the “Settings” item.
- In the Options window, select “Privacy and Security”.
- Go to the “Windows Security” menu.
- Click the “Open Windows Security Service” button.
- A new Windows Security window will open. Here, open the “Virus and Threat Protection” tab.
- Scroll down with the mouse wheel to find the Ransomware Protection option.
- Click Manage Ransomware Protection for a list of options related to these threats.
- Locate the “Controlled Folder Access” option in the right pane.
- Move the switch slider to the On position.
Ransomware protection is enabled on the computer.
How to allow applications to access controlled folders
After activating ransomware protection, you will need to whitelist some of the installed programs on your computer so that they can access controlled folders. These steps will help you avoid false positives on PC.
Most of your programs will be allowed to use the controlled folder by default without adding them to the allowed applications. For example, Windows applications created by Microsoft always have security permission to access a protected folder.
If a Controlled Folder has blocked a program you trust, you can add that application to the allowed list.
Do the following:
- In the Controlled Folder Access section, click on the “Allow an application through Controlled Folder Access” option.
- In the “Allow an application through controlled folder access” window, click the “Add an allowed application” button.
- From the menu that opens, select View All Apps or Recently Blocked Apps.
- When you select “View All Applications”, an Explorer window opens in which you can select executable program files with the “.exe” extension.
- The program will be added to the white list of allowed applications.
Programs access folders automatically based on their distribution and reputation. Therefore, add to this list only those applications that have been blocked if you are sure of their reliability.
If you click on the name of the added application, then you can remove the program from this list.
The Recently Blocked Apps section displays untrusted apps. You can remove malicious or unwanted apps or restore the ones you want to keep.
How to Enable Controlled Folder Access in Windows 11 or Windows 10
By default, the list of protected folders automatically includes Windows system folders: Documents, Pictures, Videos, Music, Favorites. You can add other additional folders on your computer to this list.
Do the following to enable controlled access to a folder:
- In the “Virus and threat protection” tab, in the “Ransomware protection” section, in the “Controlled folder access” option, click on “Protected folders”.
- In the Protected Folders window, click the Add Protected Folder button.
- In the “Select Folder” window, add the desired folder from your computer, which will become controlled.
You can later remove this folder from the protected list by clicking on it and then selecting “Delete”. This note does not apply to system-wide folders, which cannot be removed from this list.
Using the protection log
You can open the “Protection History” section to view suspicious files blocked by your antivirus software.
Do the following:
- In the “Protection against ransomware” window, in the “Controlled access to folders” option, click on “Lock log”.
- The Protection History window displays recent actions and recommendations.
- Here you can set “Filters” to view objects and manage elements.
In addition, you will receive messages about blocked unauthorized changes.
How to disable ransomware protection
If necessary, you can disable the ransomware protection feature on your computer in Windows 11 or Windows 10.
Follow a few steps to disable Controlled Folder Access:
- In the Settings app, go to the Privacy and Security tab.
- Click on Windows Security.
- In the Windows Security window, under Protection Options, click on Virus and Threat Protection.
- In the new Ransomware Protection window, select the Manage Ransomware Protection option.
- In the “Controlled folder access” option, move the switch to the “Disabled” position.
Why ransomware protection is disabled by default
By default, Ransomware Protection is disabled to prevent false positives from Windows security. As a precaution, this prevents the built-in antivirus from marking normal programs as malicious or unwanted.
Therefore, many programs that require controlled access to folders can perform their functions without problems.
If you are using a third party antivirus then this feature will not work on your computer. A third-party antivirus program automatically takes over the functions of Windows Defender. In this case, your new antivirus software takes over the responsibility of accessing the folders and protecting your computer from ransomware.
Most ransomware extorts money by denying users access to files or locking down computers. Enabling ransomware protection prevents possible attacks on your computer. Windows 11 and Windows 10 have a built-in Controlled Folder Access feature that protects your data from malware by deleting it before it damages your computer.