Among the new features that the Windows 10 Fall Creators Update offers are six new ways to enhance or better manage security settings. They include options to limit app access to your personal data and the ability to better protect folders, devices and executables, The step-by-step instructions below show how to make the best use of the new security features.
The settings for Microsoft’s intelligent agent have been relocated to the Settings app. (When you click the Settings icon on the Cortana tool’s panel, it now jumps to the Settings app.)
Under the Cortana settings category, click "Permissions & history" to manage how Cortana accesses your personal information as you’re using Windows 10 and Microsoft online services.
2. Exploit guard
EMET (Enhanced Mitigation Experience Toolkit) was a Microsoft tool which would prevent malicious code from exploiting security flaws in Windows systems. Microsoft retired it, but has implemented several of its features into the Fall Creators Update. Most of the tools of Exploit Guard are turned on by default. To see what they are and to adjust them individually, launch the Windows Defender Security Center app. (It’s listed on the app list in the Start menu.) Click "App & browser control."
Scroll the panel down to "Exploit protection" and click "Exploit protection settings".
Under “System settings,” you can turn off or on six exploit protection tools: control-flow guard, data execution prevention, force randomization for images (mandatory ASLR), randomize memory allocations (bottom-up ASLR), validate exception chains (SEHOP), validate heap integrity.
Under "Program settings," you can add an executable/program to tweak its functionalities to prevent it from being exploited by malware or intrusions. The 21 settings include the six under "System settings" and others such as block remote images, disable Win32k system calls, and validate API invocation.
This is another new category in the Settings app, and it addresses a possible security issue. For example, your Android phone running certain Microsoft apps (like the Android app version of Cortana) can send notifications to your Windows 10 computer that you've authorized to receive from this phone.
Under the "Phone" category, the Fall Creators Update adds an "Unlink this PC" function. You can click this to quickly cut off your Windows 10 computer from a linked phone.
4. Protected folders
To thwart ransomware or other malware from hijacking your files, the Fall Creators Update lets you restrict chosen folders so only apps that are considered safe by Microsoft, or that you have whitelisted, can access them. These apps will also be able to access and change documents (and other files) in these folders. You could lock down the Documents folder so that only Microsoft Word can access it.
To use this feature, launch the Windows Defender Security Center app. Click "Virus & threat protection" and in the next panel "Virus & threat protection settings."
You’ll have to scroll down to see "Controlled folder access." Click to switch this on.
Click "Protected folders" to open a list of folders that can be set for restricted access. By default, the Desktop, Documents, Favorites, Music, Pictures, and Video folders appear here. You can add other folders to this list by clicking "Add a protected folder."
When you turn on the controlled folder access switch, the Fall Creators Update automatically decides which apps are safe to allow access to the folders you’ve designated as protected. However, if this feature blocks a particular app that you know is safe, you can let it through by clicking "Allow an app through Controlled folder access."
5. Reset Microsoft account password from the lock screen
If you use a Microsoft account (like an email account from Outlook.com) to sign in to your Windows 10 computer, and you forget this account’s password, you can now recover it from the lock screen. (Previously, you could only do this from another browser capable computer or mobile device.)
From the lock screen, click "I forgot my password." This loads a recovery tool app. The email of the Microsoft account you used to sign in to your Windows 10 computer will be listed. (But you can enter in place of it another Microsoft account of yours to reset its password.) After passing the captcha, you can choose either to have a password reset number sent by text messaging to a phone or emailed to a recovery email address that you previously assigned to the Microsoft account.
If you selected PIN entry under "Sign-in options," then you’ll see an "I forgot my PIN” option on the lock screen instead. You’ll be prompted to enter the password of your Microsoft user account that you used to originally sign in to this Windows 10 system. After this, you’ll be sent a text message or email with a code you can enter in this tool to reset your PIN.
6. Web browse more safely with Edge inside a virtual machine
This feature is only in the Enterprise edition of Windows 10, and your computer’s processor must be able to support Hyper-V, Microsoft’s virtual machine tool. If your system meets both requirements, the Fall Creators Update lets you open an Edge browser window that runs inside a virtual machine. If malicious code attacks the browser, it will be contained within the virtual machine and not spread to your computer’s main operations.
This option for Edge isn’t available by default. The Microsoft Tech Community post “Windows Defender Application Guard Standalone mode” shows you how to turn it on.
More Windows 10 security articles
- How Windows 10 data collection trades privacy for security
- Microsoft adds another layer to the Windows 10 patching onion
- The paranoid user’s guide to Windows 10 privacy
- The 10 Windows group policy settings you need to get right
- Microsoft unveils a bonanza of security capabilities