This post shows students and new users steps to enable or disable controlled folder access in Microsoft Defender Antivirus in Windows 11. When using Microsoft Defender Antivirus, and you also want to enable ransomware protection and controlled folder access.
Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking known trusted apps list, and only allowing access to protected folders to apps on the list.
Scripting engines, such as PowerShell and others are also not trusted and not allowed to access controlled protected folders. This is especially useful in helping to protect your documents and information from viruses and malware, including ransomware.
Below is how to enable or disable controlled folder access with Microsoft Defender Antivirus in Windows 11.
How to turn on controlled access folder with Microsoft Defender Antivirus in Windows 11
As mentioned above, Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware.
Below is how to turn On or Off controlled folder access in Microsoft Defender Antivirus in Windows Security app in Windows 11.
Change Controlled folder access setting:
In the search box on the taskbar, type Windows Security and then select Windows Security in the list of results.
In Windows Security, select Virus & threat protection.
On the Virus & threat protection settings page, under Ransomware protection, select Manage ransomware settings.
Change the Controlled folder access setting to On or Off.
How to enable or disable cloud-delivered protection in Group policy
In Windows 11, open Local Group Policy Editor by clicking on the Start menu and searching for Edit group policy as highlighted below. Under Best match, select Edit group policy to launch Local Group Policy Editor.
In the left pane of Local Group Policy Editor, expand the tree:
Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Microsoft Defender Exploit Guard>Controlled folder access
In the Controlled Folder Access details pane on right, local and double-click Configure Controlled folder access.
Set Configure Controlled folder access setting option to Enabled.
In the options section you must specify one of the following options:
- Enable – Malicious and suspicious apps won’t be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log.
- Disable (Default) – The Controlled folder access feature won’t work. All apps can make changes to files in protected folders.
- Audit Mode – Changes will be allowed if a malicious or suspicious app attempts to make a change to a file in a protected folder. However, it will be recorded in the Windows event log where you can assess the impact on your organization.
- Block disk modification only – Attempts by untrusted apps to write to disk sectors will be logged in Windows Event log. These logs can be found in Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123.
- Audit disk modification only – Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). Attempts to modify or delete files in protected folders won’t be recorded.
Close Local Group Policy Editor.
That should do it!
This post showed you how to turn on or off Microsoft Defender Antivirus controlled folder access in Windows 11. If you find any error above or have something to add, please use the comment form below.