Table of Content
    Windows Data Recovery - Standard

    Methods to Enable Controlled Folder Access on Windows 10/11


    Table of Content

      Summary: Did you know Windows 10 and 11 come baked-in with a controlled folder access feature – a mechanism to protect critical folders and files from ransomware? Let’s find out more about it and ways to enable it to use to your advantage.

      Free Download Windows Free Download100% secure

      Ransomware and malware have become quite advanced in the recent years. They exploit user files and data by holding them hostage. To tackle this issue, Microsoft devised an ingenious way to protect user data from such malicious attacks. The controlled folder access feature was developed to protect user files and data from ransomware and other kinds of malware.

      Let’s dive further to learn more about controlled folder access and the ways to enable it on windows 10/11.

      What is Controlled Folder Access and How it Works?

      Controlled Folder Access is an anti-intrusion feature developed by Microsoft to safeguard user data and the computer on which the data is stored. Enabling this feature prevents malware and ransomware to hold the data hostage and exploit it for fulfilling malicious intents.

      It comes added in the list of features of Windows Defender, now known as Windows Security on Windows 10/11 devices. It helps in stopping malware from exploiting your data and protects unwanted file changes from malicious apps. Though it is a feature that works once it is enabled, by default, it already protects certain system folders like c:\users\<username>\documents, etc.

      Enable controlled folder on Windows 10 and 11

      Once configured and enabled, controlled folder access works by only allowing trusted apps to access protected folders. It tracks apps and their activities, and blocks any attempts from the apps that are not on its trusted application list. The feature is supported on Windows server 2019, 2022, 10, and 11.

      Note - Users can also try the Audit mode, which is like a testing ground to see what will happen if controlled folder access is enabled on the computer. Users can test it according to their requirements to understand how this will protect against suspected apps and ransomware.

      How to Enable Controlled Folder Access?

      Now that we know what controlled folder access is, let’s look at the methods to enable and use controlled folder access, which is a part of the Exploit Guard feature in Windows Defender.

      Method 1: Enable Controlled Folder Access Using Windows Security App

      • Open Windows Settings app by pressing Windows + I.
      • Click on Update & Security.
      Open windows 10 settings
      • Click on Windows Security in the left pane.
      • Click on Virus & threat protection under Protection areas.
      open virus and threat protection settings
      • Navigate to the Ransomware protection section and click on Manage ransomware protection under it.
      click on change ransomware protection settings to enable controlled folder access
      • Enable controlled folder access by toggling the switch under it to ON state.

      NoteThis method is not available on Windows Server 2012R2 and 2016.

      Method 2: Enable Using Microsoft Intune

      Microsoft Intune is a cloud-based endpoint management solution, which simplifies user access and device management across many devices like mobile devices, desktop computers, and virtual endpoints. Controlled folder access feature is used in this software to protect data and minimize data leakage. Let’s see how to enable controlled folder access using Microsoft Intune –

      • Sign in to the Microsoft Intune administrator center.
      • Open Endpoint Security.
      • Go to Attack Surface Reduction and then Policy.
      • Select Platform and choose Windows 10 and later.
      • Select the profile Attack Surface Reduction rules and click Create.
      • Name the policy, add its description, and then click on Next.
      • Scroll down, click on the Enable Folder Protection drop-down and choose Enable.
      • Select List of additional folders that need to be protected and add folders to it.
      • Select List of apps that have access to protected folders and apps to it.
      • Select Exclude files and paths from attack surface reduction rules and files and paths to it.
      • Select the profile Assignments, assign to All Users & All Devices and click on Save.
      • Click Next and then Create.

      Method 3: Using Microsoft Configuration Manager

      Microsoft Configuration Manager is an integrated IT solution developed as a part of Microsoft Intune, which helps with effective system and device management. You can learn how to install it.

      Once it is installed, follow the steps listed below –

      • Launch Microsoft Configuration Manager.
      • Go to Asset and Compliance, then Endpoint Protection and then Windows Defender Exploit Guard.
      • Select Home and click on Create Exploit Guard Policy.
      • Give it a name and enter its description.
      •  Select Controlled folder access and click on Next.
      • Choose different settings like block or audit changes, add allowed apps and folders. Click on Next once done.
      • Review the settings and click Next to create the policy.
      • Close the wizard once the policy has been created.

      Method 4: Using Group Policy

      Group policy editor is an administrative tool in Windows 10/11 which is used for configuring important system policies. You can use group policy to enable controlled folder access on your windows 10/11 computer. Follow the steps below to do so –

      • Press WIN + R and type gpedit.msc and hit Enter. This will open the Local Group Policy Editor window.
      open group policy editor using RUN

      Tip - You can also open it by searching for edit group policy in the search bar present near Cortana button.

      open group policy editor from the search bar
      • In the left pane, expand Computer configuration > Administrative Templates.
      open group policy editor to enable controlled folder access
      • Expand Windows Components and then Microsoft Defender Antivirus.
      microsoft defender antivirus group policy editor
      • Double-click on Microsoft Defender Exploit Guard in the right pane.
      open microsoft defender exploit guard settings to enable controlled folder access
      • Double-click on the Controlled Folder Access in the Right Pane.
      click on controlled folder access settings
      • Double-click on the Configure Controlled folder access setting.
      open controlled folder access settings in group policy editor
      • Click on Enable.
      • Under the Options section, click on the drop-down menu and select the folder guard configuration.
      configure controlled folder access to to enable controlled folder access
      • Once everything is done, click on Apply and OK.

      Method 5: Use Windows PowerShell

      • Press WIN + R to open RUN.
      • Type PowerShell and press CTRL + SHIFT + ENTER to open it with administrator privileges.
      open powershell using RUN
      • Type the following command in the terminal -

      Set-MpPreference -EnableControlledFolderAccess Enabled

      use powershell command to enable controlled folder access
      • Press Enter to execute it.

      NoteYou can type the same command and replace Enabled with Disabled to disable controlled folder access. You can also use AuditMode instead of Enabled to test controlled folder access feature.

      What to Do If You have Lost Your Data Due to a Cyberattack?

      Malware, ransomware and viruses are destructive lines of code that target the user data and try to edit them or hold them hostage. This can cause data corruption and even data loss in many cases.

      Using Windows Defender or a third-party antivirus software can help you safeguard your files from basic malware attacks. But there are certain advanced viruses that get past these filters and attack system files. These attacks cause data corruption and loss.

      If your data is lost or missing from your computer due to a malware, then you can use a data recovery software to recover your lost data. In such a case a powerful data recovery software like Stellar Data Recovery can help you do this.

      Stellar windows data recovery standard

      This software can easily recover lost or missing data from malware infected drives and computers. It can also recover any type of data from crashed computer drives, crashed partitions, and from other data loss scenarios like accidental deletion, corruption, etc. Stellar Data Recovery is powered by its advanced data recovery mechanism, which makes it capable of handling numerous data loss scenarios like data corruption, accidental deletion, malware infection, and more.

      Final Verdict

      We understand how important the data stored on our computers is. From photos to videos to important documents, we use our Windows computers to store it all. While surfing the internet or connecting from an untrusted network, we should be cautious as they could possibly infect our computer with malware and ransomware. We should also avoid downloading or installing any apps and files from untrusted or flagged websites.

      To fend of attacks from such malicious programs, Windows 10/11 offers a great tool called Controlled Folder Access, which helps in protecting the data from such external attacks. In this post, we discussed about the controlled folder access feature in Windows 10/11 and various methods to enable it. Which method did you find the easiest to employ? Do let us know in the comments.

      FAQs

      Q. What does the controlled folder access feature do?

      A. Controlled folder access feature protects the selected folders and their contents from ransomware attacks.

      Q. How do I enable ransomware protection in Windows 10/11?

      A. Open Windows Security App > Virus & Threat Protection > Ransomware protection > Manage ransomware protection > Toggle the switch to ON state.

      Q. Is controlled folder access enabled by default in Windows 10/11?

      A. No, controlled folder access is not enabled by default on Windows 10/11. You have to enable it manually.

      Was this article helpful?

      No NO

      About The Author

      Keshav Katyal linkdin

      A passionate writer driven by his interest in everything tech, Keshav Katyal has always been captivated by the latest gadgets since childhood. His interest in technology grew when he got his first gaming console, the Nintendo Game Boy Advanced. Hours and days of tinkering with old & new gadgets made his inner geek passionate about technology.

      6 comments

        1. You can add the app or program to the list of allowed apps in the Controlled Folder Access settings in the Windows Security app. Alternatively, you can temporarily turn off Controlled Folder Access while you make the necessary changes and then turn it back on afterwards.

        1. Enabling Controlled Folder Access may cause a slight decrease in system performance, as it requires additional processing power to monitor and restrict access to protected folders. However, the impact should be minimal and should not noticeably affect normal computer use.

        1. Yes, you can customize the folders that are protected by Controlled Folder Access by adding or removing folders from the list of protected folders in the Windows Security app.

      Leave a comment

      Your email address will not be published. Required fields are marked *

      Image Captcha
      Refresh Image Captcha

      Enter Captcha Here :

      Related Posts

      WHY STELLAR® IS GLOBAL LEADER

      Why Choose Stellar?

      • 0M+

        Customers

      • 0+

        Years of Excellence

      • 0+

        R&D Engineers

      • 0+

        Countries

      • 0+

        PARTNERS

      • 0+

        Awards Received