Windows Defender, the built-in real-time antivirus in Windows 10, has a critical security feature that’s disabled by default: Ransomware Protection. Strangely though, the feature was added in a Windows 10 version 1709 update in October 2017, which comes as a surprise for many users who may not have known about it until now.
What’s worse is that ransomware is a serious threat that has implications as it silently encrypts your data and locks down your PC, eventually blocking access to your data unless you pay the attacker. There’s no guarantee, though, that once you pay, the attacker will decrypt your files and restore access to you.
Why is Ransomware Protection disabled?
Ransomware Protection has been available as a native option, but it’s not active until you enable it.
Among the concerns that may have led to this is that Windows Defender may identify legitimate apps as threats and block them, so it may be prone to false positives, as are a few other third-party anti-ransomware programs. This isn’t something users would want as much as they’re eager to protect their data given the devastating impact ransomware attacks can have.
The built-in Windows 10 option adds an extra layer of protection to your PC, plus you can extend or limit its coverage to your liking. Below are the steps to take to enable Ransomware Protection in Windows Defender:
Click Start and select Settings.
Click “Update & Security.”
- On the left pane of the new window, click “Windows Security.”
- Click “Virus & Threat Protection” on the left pane.
- Scroll down to the “Ransomware Protection” option.
- Click “Manage Ransomware Protection.” If a UAC popup appears, click OK. If not, proceed to the next step.
- In the new window, find “Controlled Folder Access.”
- Toggle it ON if it’s off to enable the option.
That’s it. Ransomware Protection is now enabled in Windows Defender on your PC.
Windows Defender will now keep monitoring any programs that access your protected folders and the files stored therein, to prevent access by suspicious programs and protect your files and data.
As mentioned earlier, not all programs are suspicious, and Windows Defender is prone to giving false positives, but you can avoid this by adding whitelisted programs to the Controlled Folder Access. To do this:
- In the same Controlled Folder Access window, click “Allow an app through Controlled folder” access.
- Click Add to include the programs you want to the list. You’ll have to do this for every program you want to add and grant access to.
- You can also “Block history” to see the programs Windows Defender has blocked from accessing your files and data. Uninstall any program you don’t recognize or aren’t sure about.
- In the new Protection History window, click on Filters to see the various categories of actions Windows Defender has taken.
Note: to secure other folders that ransomware could target, use Protected Folders. Add a protected folder, and pick the folder you want Windows Defender to protect. They’ll be secured regardless of their location on your PC.
Having Ransomware Protection is a good thing, and you can use it alongside your other antivirus program. However, it’s always advisable to back up your files regularly just so you’re not locked out of your own files and data in case of an attack. You can also set up data recovery using OneDrive (via Controlled Folder access setting) or use an external hard drive. Considering new Changes in Windows 10 1903 and Insiders, Windows 10 Defender is the best call besides any other A/V, if you have it configured as mentioned above and running Updated windows on time to time, you shouldn’t worry about any such deep attack unless you open backdoor for attacker via any other tool that makes hole to let them get in. Truth never trusts unknown tool or program.