Tag Archives: Anti-Ransomware

Windows Defender Anti-Ransomware Fall Creators Update feature issues

With release of Windows 10 Fall Creators Update, Windows Defender gained new Anti-Ransomware feature named “Controlled folder access”.

What it does is block access to folders for all the apps that aren’t allowed, preventing unauthorized apps from modifying or encrypting your files (it even prevents them from reading files too!). The problem is, it doesn’t seem to work correctly and has annoying limitations that make it rather useless.

Folder control issues

It automatically protects all the usual data folders like Pictures, Music, Documents etc. The problem here is, it also includes Desktop. This by itself is alright since we tend to keep stuff on desktop and we don’t want it encrypted by ransomware. However, at least I prefer to use Desktop as transitional storage for downloads and stuff I save from web. And Windows Defender’s Controlled Folder Access doesn’t like that, throwing warnings at me all the time for each thing I try to do and it interacts with Desktop. To make things worse, you cannot remove or edit default locations. They are hardcoded and cannot be changed, forcing you to either have ALL enabled or be forced to disable the feature entirely because it just doesn’t work because it becomes so damn annoying you can’t even use it.

Whitelisting doesn’t seem to work

Supposedly, this Controlled Folder Access feature is suppose to access some sort of whitelist to automatically allow known safe apps from accessing protected folders. The problem is, it just doesn’t work. It didn’t recognize Paint.NET, it didn’t recognize Opera browser, it even complained over its own Explorer.exe! Which brings us to  third issue…

Allowing apps is rather useless sometimes

For example, Opera is not recognized by the whitelist. However, you can add apps and programs to the allowed list yourself. Only problem there is that paths are absolute and in Opera’s case, that means your allowed path to opera.exe includes a version number, like so: “C:\Program Files\Opera\48.0.2685.39\opera.exe” which means the allowed rule will only work till Opera gets updated. And then it’ll complain again because the allowed path won’t connect anymore to the actual new version after update…

Verdict

I like the idea. This is what I’ve recommended to avast! team like half a year ago and they did it properly. It’s fully configurable and uses their powerful whitelist which makes the use of their Anti-Ransomware protection really convenient as you hardly ever even get a popup for clean apps. Microsoft on the other hand, it’s not configurable enough, it lacks important settings, it’s too locked down and it has a non-functional whitelist system. It has a potential, but in a current form, it’s just not useful. In fact it’s just outright annoying. I kept on manually adding programs to the allowed list and Windows Defender kept on finding new ways to annoy me till I just disabled it again. And seeing how Microsoft only changes such big things between these milestone updates, it’ll take another 4 months to maybe see this fixed. Not cool… So much potential wasted because of stupid design decisions…

Advertisements