Windows defender ransomware protection

Windows 10 is pretty cautious about security and lets you Enable Windows Defender Ransomware Protection. There are a number of antimalware software that claims to provide safeguard against the ransoms demanding threats and attacks. But the built-in tool has an edge over all those as it provides a shield staying on Windows 10 very easily.

What is a ransomware?

Ransomware is a more dangerous and stubborn form of Virus. Unlike normal infections, the ransomware threat causes you to pay money to repair the damage it does. Its function is based on its ability to nastily lock your files and then asking for ransoms if you wish to get them back. Being a victim of a ransomware disaster leaves you with two choices, firstly restore the stuff by paying out, secondly, get a software engine to remove the virus. These options, however, do not guarantee the permanent removal of the virus; hence the problems just take on a toll on your system and peace of mind.

The ransomware uses the encryption method to lock the data into a system. Regardless any other virus attack, the ransomware works in a way where the victim is properly informed and provided with instructions on how to recover. The mode through which payment is demanded is generally virtual in order to hide the identity of the cyber criminal.

How to Enable Windows Defender Ransomware Protection in Windows 10

Thankfully, the Windows 10 developers have already realized the bullying threat of a ransomware virus. If you have an updated version, you can enable windows defender ransomware protection in Windows 10. This feature is called the Controlled folder access which is introduced in the Falls Creator Update of Windows 10. Under this, the changes in apps are monitored. It sends you a notification as soon as a blacklisted app tries to make changes to a file or folder. Here’s how you can enable this feature:

Turn on Controlled folder access

Step-1: Simply open the Settings (Win+I) on your system and navigate Update & Security.

Step-2: Click on Windows Security (also known as Windows Defender). Select Virus & threat protection here in the right side panel.

Step-3: Go downward furthermore press Ransomware protection.

Step-6: On the next page, toggle the Controlled folder access to on, turning it blue. After you get a User account prompt, click Yes to enable the protection completely.

Step-7: Press the Protected folders link to see the list of System folders that are under safeguard.

Step-8: Click on the Add a protected folder icon which you wish to be saved from a ransomware virus.

Step-9: Choose an item and click Select Folder.

Note: You can add folders to the default list of the system folders, but you cannot remove that are already present such as documents, pictures or system folders.

Step-10: Click on Back icon on the top right corner to go back to the  Ransomware protection again.

Step-11: Select Allow an app through controlled folder access.

Step-12: Click on Add an allowed app to include an application for protection.

Step-13: In the dialog box, select a file (having either .exe or .com extension) and press Open. Select Yes on UAC popup.

This way, you can manually choose folders and application simultaneously for Windows Defender Ransomware Protection in Windows 10.

Though this is the safe and secure way of enabling windows defender ransomware protection, there are some unknown disadvantages that come with this method. For instance, you will get a number of notifications when you run certain apps like Kindle or your webcam after applying the method. This is because certain apps run directly from system’s AppData directory source. Hence they automatically appear under the controlled folder access as a system file. These applications will need notifications to be allowed every now and again you start them.

As this is the part of the newest update of Windows 10, this feature might simply get unbalanced in the next update we get.

Alternatively, one can use another method which provides a much easier way to protect ransomware. One such software is the PowerShell which lets you enable controlled access in an easier way.

How to Enable Windows Defender Ransomware Protection in Windows 10 via cmdlet on PowerShell

Press Win+X and select Windows PowerShell from the list of options.

Click on Yes on the User account control prompt locking the screen.

To Enable Windows Defender Ransomware Protection in Windows 10 you can copy paste the syntax and press Enter –

Set-MpPreference -EnableControlledFolderAccess Enabled

To add folders to the list of protected app, use the cmdlet:

Add-MpPreference -ControlledFolderAccessProtectedFolders “<the folder to be protected>”

Under the ‘<>’ area, you can write the address of the folder you wish to add.

Conclusion

The ransomware virus seems to be quite treacherous simply by just knowing its function. For anyone, money is important and should not be invested in handling a hazard that could have been prevented. Windows 10 has given users an easy way to stay out of danger with controlled access.
Though the methods might not be for the tech-savvies, gaining knowledge about it and knowing how to use it can certainly save bucks in the process. The method to Enable Windows Defender Ransomware Protection in Windows 10 might is quite easy and worth learning.

In our increasingly digital world, the threat posed by ransomware attacks has become a major concern for individuals and organizations alike. Ransomware can cripple systems and cause devastating financial and data losses. Fortunately, Microsoft’s Windows Defender, which is integrated into the Windows operating system, offers a robust set of tools and features designed to help protect your system from ransomware. This article will provide an in-depth guide on enabling and configuring ransomware protection in Windows Defender, along with best practices to enhance your overall security.

Understanding Ransomware

Ransomware is a type of malicious software that encrypts a victim’s files, thereby locking them out of their data until a ransom is paid to the attacker. Common methods of distribution include phishing emails, malicious websites, and software vulnerabilities. The impact of a ransomware attack can be significant, leading to financial losses, reputational damage, and the potential loss of valuable data. Given this landscape, it becomes imperative to adopt preventative measures.

Windows Defender: An Overview

Windows Defender, now known as Microsoft Defender Antivirus (MDAV), is Microsoft’s integrated antivirus solution in Windows 10 and Windows 11. It provides real-time protection against malware and threats, including ransomware, using various features to ensure system security. One such feature includes the capability of implementing ransomware protection settings that can help mitigate the risk of an attack.

How Ransomware Protection Works in Windows Defender

Windows Defender incorporates a feature known as Controlled Folder Access, which is part of the broader ransomware protection system. Controlled Folder Access helps keep your important files safe from unauthorized changes by ransomware and other unwanted applications. When this feature is enabled, only allowed apps can access protected folders, thereby preventing potentially harmful software from making changes to your critical files.

Step-by-Step Guide to Enable and Configure Ransomware Protection

Step 1: Access Windows Security Settings

1. Open Windows Security:

   • Click on the Start Menu and type Windows Security.
   • Select the Windows Security app from the list.

2. Navigate to Virus & Threat Protection:

   • In the Windows Security interface, click on «Virus & threat protection.»

Step 2: Check for Updates

Before enabling ransomware protection, ensure that your Windows Defender is up-to-date to provide the best protection against the latest threats.

1. Update the Antivirus:
   • In the «Virus & threat protection» section, click on «Check for updates.»
   • Install any available updates to ensure your system has the latest definitions and features.

Step 3: Enable Ransomware Protection

1. Locate Ransomware Protection Settings:

   • In the «Virus & threat protection» section, scroll down to find the «Ransomware protection» heading.

2. Turn on Controlled Folder Access:

   • Click on «Manage ransomware protection.»
   • Toggle the switch for «Controlled folder access» to On.

Step 4: Configure Controlled Folder Access

After enabling Controlled Folder Access, you can configure it to suit your needs. The configuration drives better protection by restricting which applications can access your important files.

1. Add Protected Folders:

   • Under the Controlled folder access settings, you will find the option to add folders that you want to protect.
   • Click on «Add a protected folder» and select the folder(s) you want to keep safe from unauthorized changes. Common choices may include Documents, Pictures, and other sensitive directories.

2. Allow Apps through Controlled Folder Access:

   • Under the same settings, you can also add applications that you trust and want to allow access to your protected folders. Click on «Allow an app through Controlled folder access.»
   • Click the «Add an allowed app» button.
   • You can choose an app from the list or browse to locate it on your system.

Step 5: Review Your Settings

After configuring the necessary settings, it’s essential to review your configuration to ensure everything is in place and working as intended:

1. Revisit the «Virus & threat protection» section.
2. Confirm that Controlled Folder Access is on and that your chosen folders and apps are correctly listed.

Best Practices to Enhance Ransomware Protection

While Windows Defender provides robust ransomware protection features, supplementing them with best security practices can significantly boost your defenses.

Regular Backups

Always maintain regular backups of your data. Use an external hard drive or cloud storage solutions to keep a copy of important files. In case you fall victim to ransomware, having backups ensures you can restore your data without paying the ransom.

1. Use built-in tools like File History or third-party applications for automated backups.
2. Ensure that your backup is not accessible from your main network to avoid ransomware from potentially encrypting backup files.

Keep Your Software Updated

Keeping your operating system and all applications updated may help reduce vulnerabilities that ransomware could exploit.

• Enable automatic updates in Windows and ensure applications are updated frequently.
• Implement security patches as they become available.

Utilize Additional Security Software

Consider using additional security tools alongside Windows Defender for layered protection:

• Web filters: Use web-filtering software to block access to known malicious sites.
• Network firewalls: Ensure that your router and devices employ network-level firewalls for additional safeguards.

Educate Yourself and Your Team

If you are in a workplace setting, make sure that all team members are trained on recognizing phishing attempts and suspicious links.

• Conduct regular training sessions on cybersecurity awareness.
• Share resources that provide information about the latest ransomware trends.

Monitor Your System

Use Windows Defender’s built-in monitoring and reporting tools to stay informed about potential security threats and decide on actions needed to enhance your security.

• Regularly check the Windows Security dashboard for alerts or security recommendations.
• Review reports on detected threats and follow the suggested actions to mitigate risks.

What to Do If You Fall Victim to Ransomware

Should the unfortunate situation arise where your system is attacked by ransomware, take immediate action:

1. Disconnect from the Internet: This limits the ransomware’s ability to communicate with the attacker’s server.

2. Isolate the Infected Device: Remove any connected devices (like USB sticks) to prevent the spread of the infection.

3. Do Not Pay the Ransom: Paying does not guarantee the recovery of your files. Instead, it supports the crime, potentially making you a target again.

4. Contact Law Enforcement: Report the attack to appropriate authorities. This can help authorities in tracking down cybercriminals.

5. Recover Files via Backup: If you have backups, use them to restore your systems and files after a thorough security check.

6. Reinstall Your Operating System: If you cannot recover your data, wiping and reinstalling the OS may be the only option to ensure full security.

Conclusion

Ransomware is a growing threat that necessitates constant vigilance and proactive measures to protect personal and organizational data. Microsoft Defender provides effective tools to configure ransomware protection, particularly through Controlled Folder Access, to secure your files against unauthorized changes from malicious software. By following the steps outlined, you can enable and configure Windows Defender to provide robust protection against ransomware threats.

Combining these protections with regular data backups, software updates, education, monitoring, and a firm response plan can empower you to defend against the ever-evolving landscape of cyber threats effectively. In a world where security is paramount, Microsoft Defender can be a valuable ally on the road towards a more secure digital experience.

Windows Defender has been gaining a foothold steadily for the past few years. But there is one flaw in the antivirus that ships with Windows 10.

The option for Ransomware Protection is disabled by default even though it is available as a native option since the release of Windows 10 version 1709.

Initially I was bemused by this, but then I thought it is possible that Windows Defender could identify a legitimate application as a threat and block it, which is not something the user would want.

Quite a few third-party anti-ransomware programs exist and they do suffer from false positive issues as well. Check out our reviews of AppCheck AntiRansomware, Acronis Ransomware Protection, TrendMicro Ransombuster, or our overview of Anti-Ransomware software for Windows to get started.

Картинка с сайта: www.ghacks.net

For those unaware, ransomware is one the deadliest form of malware. It silently encrypts your data (pictures, videos, documents are commonly targeted), thus preventing you from accessing them.

It may even lock the bootloader when you reboot/turn off the computer. The malware displays a screen demanding a ransom from the user which usually involves a crypto-currency payment address that you have to send money to.

There is no guarantee that a payment will provide the unlock key required to regain access to files that the ransomware encrypted while it ran on the system. Ransomware attacks are often accompanied by a timer to add another pressure layer to the ransomware demand. Affected users are asked to pay the amount in time as they won’t be able to decrypt their files anymore once the timer runs out.

Decryption tools are available for some ransomware types but these are released after an outbreak usually and not available right from the get-go.

Many companies, hospitals, and users fell victim to ransomware already. You may have heard of the ruckus caused world-wide by the WannaCry ransomware back in 2017, and that is just one example of ransomware causing havoc worldwide.

Besides being very cautious when using the computer, there are only a few options to protect against ransomware attacks. Two of the most effective are backups and security software that protects against ransomware.

How to enable Ransomware Protection in Windows Defender

1. Open the Windows Security Dashboard by double-clicking on the Defender taskbar icon (or use the Settings app and select Update & Security > Windows Security).

2. Click on Virus & Threat Protection.

Картинка с сайта: www.ghacks.net

3. Scroll down to Ransomware Protection.

4. Click on Manage Ransomware Protection (click Okay on the UAC pop-up if it is displayed).

Картинка с сайта: www.ghacks.net

5. On the next page, you will find a toggle for Controlled Folder Access. Enable the option. That’s it.

Most antivirus programs use behavioral scanning to prevent zero-day attacks (new or unidentified malware). In other words, they monitor your computer’s services, applications, anything in the background, for suspicious activity. For example, when an otherwise harmless file tries to gain access to your documents folder to execute a script that encrypt the files in it, Windows Defender will stop the malware to protect your data. It’s a sort of intrusion prevention or anti-exploit method.

By default, the Ransomware Protection only covers specific folders. To view the ones that are secured, click on the Protected Folders option. It’s just the User folders like Documents, Pictures, Videos, Music, Desktop, Favorites by default.

Tip: Add blocked programs to Controlled Folder Access’ whitelist

So, what happens if a ransomware targets files in other folders? The files are affected unless the ransomware is quarantined before it starts to encrypt files on the device. Fortunately, there is a way to secure them.

There is an option on the top of the Protected Folders screen, which says «Add a protected folder». Click on it and choose any folder you want and it will be protected by Windows Defender. The folders can be on any partition or hard drive: they will be secured by the feature.

Картинка с сайта: www.ghacks.net

This method is not completely fool-proof but it’s better than nothing. You might want to backup your data to an external drive regularly as well. Don’t forget to checkout ConfigureDefender for more control.

Usually we ask you to share what programs you use. This time, I want to ask you something else. Have you ever seen a computer affected by ransomware? How was it dealt with?

Advertisement