In the Windows Security app, you’ll find a setting called Controlled Folder Access. Microsoft recommends keeping this setting enabled to protect your system, but what exactly is it, and how does it keep your data safe from threats like ransomware?
What Is Controlled Folder Access?
Microsoft introduced the Controlled Folder Access setting in Windows 10 as a tool to protect users from ransomware attacks, and it remains in Windows 11. Once enabled, it scans all installed applications against a list of known and trusted applications.
If it determines that an app is unsafe for your device because it might alter important data stored in protected folders, it will block that app from changing protected folders. By default, the Controlled Folder Access setting safeguards the Documents, Pictures, Videos, Music, and Favorites folders, but you can also add other folders to the protected list.
One important thing to note about the Controlled Folder Access setting is that it won’t protect your computer from malware that views and copies data. It only blocks malware from changing or deleting data. This means that if your computer is infected with malware, the malicious software can still duplicate your data and send it elsewhere.
How to Enable Controlled Folder Access
To enable the Controlled Folder Access setting on Windows 11, open the Start menu, type Windows Security, and press Enter. In the Windows Security app, select “Virus & Threat Protection” from the left sidebar, then click “Manage Ransomware Protection” on the right.
Enable the “Controlled Folder Access” toggle on the right. If a UAC prompt appears, click “Yes” to grant permission.
Once the setting is enabled, you’ll see three new options: Block History, Protected Folders, and Allow an App Through Controlled Folder Access. It’s important to configure each properly.
Manage Blocked Files
When you click the “Block History” option, you’ll find all the files that were blocked because they were detected as attempting to modify protected folders. You’ll also see the severity level—low, moderate, high, or severe—next to the file name, along with details like when the file was blocked and the name of the protected folder.
If you believe the file is safe for your computer and want to bypass the Controlled Folder Access protection, click the blocked file, open the “Actions” drop-down menu, and choose “Allow On Device.” You can now try running the app again, and it should no longer encounter interference from Controlled Folder Access protection.
Add or Remove a Folder From the Protected Folders List
The Protected Folders option displays a list of all folders protected by this setting. As mentioned above, by default Windows protects some of its native folders, such as Documents, Videos, and Pictures. You also have the option to add additional folders to the list.
To add a folder, click “Protected Folders” and approve the UAC prompt by clicking “Yes.” Then, click the “Add a Protected Folder” button, navigate to the folder’s location, select the folder, and click “Select Folder”.
Now, whenever an app tries to modify that folder, it will be blocked.
If you want to remove a folder from the Protected Folders list, click on the folder and choose the “Remove” option. Unfortunately, you cannot remove the default Windows native folders in the list. You can only remove additional folders that you have added manually.
Allow Apps to Access the Protected Folders
The Allow an App Through Controlled Folder Access option lets you whitelist an app you don’t want to be restricted by this security setting. This is useful if an app has been blocked from modifying protected folders, but you’re confident it’s safe.
Additionally, it can be helpful when you’re installing an app that you trust but it requires modification of a protected folder to work properly. In this case, you can whitelist the app so it won’t encounter any issues accessing the protected folders.
To configure this option, click “Add an Allowed App” and choose between “Recently Blocked Apps” or “Browse All Apps.”
Select “Recently Blocked Apps” if the app has already been blocked by the setting, or choose “Browse All Apps” if you want to preconfigure an app to avoid interference. Once you’ve selected the app, click “Open.”
Microsoft hasn’t clarified how it determines which apps are trustworthy and which are not. There have been reports in the past indicating that Controlled Folder Access sometimes mistakenly blocks Microsoft-native applications, such as Notepad and Paint, so be aware you may need to manually allow these apps.
Controlled Folder Access is one way to help protect yourself against ransomware attacks. However, to keep your device safe from viruses and other malware, you must ensure that the real-time protection setting in the Windows Security app is enabled and that the app itself is up-to-date.