Windows Defender Anti-Ransomware Fall Creators Update feature issues

With release of Windows 10 Fall Creators Update, Windows Defender gained new Anti-Ransomware feature named “Controlled folder access”.

What it does is block access to folders for all the apps that aren’t allowed, preventing unauthorized apps from modifying or encrypting your files (it even prevents them from reading files too!). The problem is, it doesn’t seem to work correctly and has annoying limitations that make it rather useless.

Folder control issues

It automatically protects all the usual data folders like Pictures, Music, Documents etc. The problem here is, it also includes Desktop. This by itself is alright since we tend to keep stuff on desktop and we don’t want it encrypted by ransomware. However, at least I prefer to use Desktop as transitional storage for downloads and stuff I save from web. And Windows Defender’s Controlled Folder Access doesn’t like that, throwing warnings at me all the time for each thing I try to do and it interacts with Desktop. To make things worse, you cannot remove or edit default locations. They are hardcoded and cannot be changed, forcing you to either have ALL enabled or be forced to disable the feature entirely because it just doesn’t work because it becomes so damn annoying you can’t even use it.

Whitelisting doesn’t seem to work

Supposedly, this Controlled Folder Access feature is suppose to access some sort of whitelist to automatically allow known safe apps from accessing protected folders. The problem is, it just doesn’t work. It didn’t recognize Paint.NET, it didn’t recognize Opera browser, it even complained over its own Explorer.exe! Which brings us to  third issue…

Allowing apps is rather useless sometimes

For example, Opera is not recognized by the whitelist. However, you can add apps and programs to the allowed list yourself. Only problem there is that paths are absolute and in Opera’s case, that means your allowed path to opera.exe includes a version number, like so: “C:\Program Files\Opera\48.0.2685.39\opera.exe” which means the allowed rule will only work till Opera gets updated. And then it’ll complain again because the allowed path won’t connect anymore to the actual new version after update…

Verdict

I like the idea. This is what I’ve recommended to avast! team like half a year ago and they did it properly. It’s fully configurable and uses their powerful whitelist which makes the use of their Anti-Ransomware protection really convenient as you hardly ever even get a popup for clean apps. Microsoft on the other hand, it’s not configurable enough, it lacks important settings, it’s too locked down and it has a non-functional whitelist system. It has a potential, but in a current form, it’s just not useful. In fact it’s just outright annoying. I kept on manually adding programs to the allowed list and Windows Defender kept on finding new ways to annoy me till I just disabled it again. And seeing how Microsoft only changes such big things between these milestone updates, it’ll take another 4 months to maybe see this fixed. Not cool… So much potential wasted because of stupid design decisions…

Advertisements

4 thoughts on “Windows Defender Anti-Ransomware Fall Creators Update feature issues

  1. I think I’ll hold off on the FCU for a little while longer.

    There’s two things that W10 got right: Bash on Ubuntu and better PowerShell functionality. Everything else is in the gutter. Still sticking with W7 on my main machine, sorry Microsoft.

    Like

    1. Actually, I’d say that isn’t the case. I had a rant about Windows 10 in the beginning, probably one of the most read posts I’ve ever made. I’ve changed the opinion a lot since then. There are still things in transition where you can see old Windows 7 style menus and elements, but large majority of most used ones have Win10 design. Things seem to work well too. I’m frankly having WAY less issues with Win10 now than I did with Windows 7. Back then bunch of random things just kept on breaking. Here, there are few glitches, but nothing really annoying. And the way Windows Defender evolved is also interesting. It got cloud, anti-ransom feature, they made updates more frequent and the speed has been increased as well. Did I mention it scored better than many paid AV’s in AV-Comparatives test? We need few more to see the trend, but it’s finally moving seriously in a correct direction.

      Liked by 1 person

      1. Yes, I read that post. You described an issue with forced driver updates from Windows Update. But W10 has many issues that are much more serious than that. Perhaps some of them have been solved in the FCU, but I’m skeptical of that.

        1) Telemetry. Its scope has been extended to such measures that it can interfere with normal PC operation. Can never be fully disabled unless you’re using Enterprise.
        2) Automated forced app installs. Congratulations, you got Candy Crush Saga installed at OS install. You removed the app? Don’t worry, we’ll auto-reinstall it for you the next time you boot up the PC. Can be disabled by delving into the GPO.
        3) Universal Apps built from scratch that have less functionality than their predecessors. Windows Live Mail is gone, say hello to Mail. Windows Photo Viewer is gone, say hello to Photos, an app that takes 30 seconds to open a photo on a PC that only needed half a second with Photo Viewer. Windows Media Player is gone, say hello to “Groove” (ugh, don’t even get me started with that mess).
        4) Microsoft Account synchronization not being intelligent. Look, if I use an EN-US layout on one PC and a SL keyboard layout on another, that’s probably for a reason and my choice, OK? You don’t need to “unify” this setting across all of my PCs, Microsoft!
        5) OneDrive. If you don’t use it, tough luck. You’ll need to hack the registry, delete some files, and set some settings in the GPO to get rid of it … until the next user creates their account. Then it will auto-install regardless.
        6) Windows Store. A pile of dogshit, enough said.
        7) Sysprep. Did you by any chance add or remove any of the Universal Apps before sysprep? Tough luck, now you’ll need to run a bunch of commands to get sysprep to run properly.
        8) Windows Update. Can’t hide (disable) updates individually. At least not on Pro. Probably possible with Enterprise via GPO. I’m not a company, though. Also: impossible to delay or disable Windows Update on Home.
        9) Settings. This “immersive” interface as they like to call it is even more confusing than Metro! There’s a term in user interface design that describes the number of mouse clicks it takes to get to the thing you want, I can’t recall it at the moment. But I can without a doubt assert that this distance has far increased in 10 compared to 7 when it comes to computer settings!
        10) Cortana. Forget Cortana, I can’t use her, because my combination of regional settings and language is incompatible with her system. Well fine, at least the search engine works, right? No. No, it doesn’t. It’s worse in 10 than it is in 7, much worse, much less intelligent, it doesn’t show findings or related items for even the simplest of terms.

        All in all, not a pleasant experience.

        Like

  2. Hello RejZoR,

    I had to stop using Controlled Folder Access as well because it was stopping Steam from saving my video game saves, which caused me to lose progress in Skyrim, I am surprised that they released it with such a weak whitelist and in such an annoying state; that it a terrible way to release something, now some people may never use it again.

    Thank you for sharing this post,
    -John Jr

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s