Windows Defender Ransomware Protection

Windows Defender Ransomware Protection by default is turned off. It’s off because there is a good chance that the protection will return false positives, but saying that any more kind of protection against this ruthless beast of Ransomware is good in any measure. So let’s step into turning it on.

 

  1. Open the Start Menu, then click the Settings icon.
  2. In the Settings menu, go to Update & Security > Windows Security > Virus & Threat Protection.
  3. Scroll down to Ransomware Protection and click Manage Ransomware Protection.
  4. In the next menu, enable Controlled Folder Access.
  5. Controlled Folder Access only protects certain folders by default: Documents, Pictures, Videos, Music, Desktop, Favorites. You can extend the Ransomware Protection to other files and folders by clicking Add a protected folder in that same window.
  6. Navigate to the folder you wish to add to the ransomware protection. Repeat for each folder you want to have protected.

Now that you’ve set up Controlled Folder Access, Windows Defender will monitor which programs are accessing the protected folders and the files stored within them. It’ll then block suspicious programs from trying to gain access.

While this gives you some peace of mind, the problem is that some suspicious programs are not actually malicious. To avoid false positives, you can add a program to the Controlled Folder Access whitelist.

  1. Open the Start Menu and click the settings icon.
  2. Go to Update & Security > Windows Security > Virus & Threat Protection > Manage Ransomware Protection.
  3. Scroll down and click Allow an app through controlled folder access, then find and add the desired program to the list. You’ll have to repeat this process for each app you want to grant access to.
  4. You can also click Block history to view a list of programs that Windows Defender has prevented from accessing your protected files. If you don’t recognize a listed program or aren’t sure why one would be trying to access your files, uninstall it.