Microsoft announces ransomware-stopping Windows 10 feature

With the Windows 10 Fall Creators Update now rolling out, Microsoft has offered a first look at its anti-ransomware feature called "Controlled folder access". 

The new security feature can be enabled from the Windows Defender Security Center. Enabling Controlled folder access will isolate and lock down select folders, as well as restrict unauthorized apps from access accessing them. 

As Microsoft explains in a new blog, the feature is “like putting your crown jewels in a safe whose key only you hold”. 

Once Controlled folder access is enabled, it automatically covers common folders where documents are stored. Users can also added other folders they want protected, including folders from multiple drives. sets can also whitelist apps they trust to access the protected folders. The feature also notifies users if an app attempts to access or modify files in a protected folder. 

The feature would have been helpful for individuals and enterprises who lost files in this year's WannaCry and  NotPetya outbreaks. The feature and possibility of another outbreak will likely offer organizations an incentive to migrate systems to Windows 10. 

Enterprises can enable Controlled folder access using Group Policy and PowerShell too. It also integrates with the enterprise-only Windows Defended Advanced Threat Protection (ATP) service. The feature is part of Windows Defender Exploit Guard in the enterprise. Admins can also use audit mode to see how it would affect the organization prior to enabling it. 

The Fall Creators Update brings numerous other ransomware-related protections, including a new feature in the Windows 10 Edge browser that opens web pages in “low privilege app containers”. Microsoft took another dig at Google by highlighting its Edge apps for iOS and Android offer users of these platforms “browser security beyond sandboxing”. 

Google in September paid researchers from Microsoft’s Offensive Security Research and ChakraCore team $7,500 for a remote code execution (RCE) bug the search firm rated as a “high” severity issue. 

Last week, Microsoft’s Offensive Security Research team posted a detailed blog explaining the Chrome bug it found, and defended its focus in Edge on mitigating RCEs through Control Flow Guard — an approach that differs to the Chrome security team’s focus on isolating browser processes using sandboxing. 

Microsoft pointed out that Chrome’s “relative lack of RCE mitigations” allow them to quickly exploit a memory corruption bug. The Chrome security team’s lead had previously described Microsoft’s RCE mitigations as “relatively unproven technologies” whereas its isolation work on Chrome “appears to be a more effective strategy over the long term”.      


Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosoftGoogleransomwarecyber securityWindows 10Advanced Threat Protection (ATP)NotPetya

More about AdvancedATPEnablingGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts