勒索软件(Ransomware)是最危险的恶意软件形式之一。它控制您的文件和文件夹,并迫使您支付大量资金才能将它们取回。即便如此,您也无法确定能否取回您的数据。微软(Microsoft)注意到这些攻击对其用户来说有多么危险,并决定采取措施:在Windows 10中,Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)包含一项名为“受控文件夹访问”("Controlled folder access")的功能,专门用于保护用户免受勒索软件攻击。您可以访问和管理“受控文件夹访问”("Controlled folder access")如何保护您设备上的文件、文件夹和内存区域免受Windows 安全(Windows Security)应用程序。事不宜迟,以下是使用Windows 10的“受控文件夹访问”("Controlled folder access")获得勒索软件保护的方法:
注意:(NOTE:)我们使用Windows 2020 年 5 月 10 日更新(Windows 10 May 2020 Update)创建了本教程。如果您使用的是较旧版本的操作系统,则您的设备上可能缺少某些选项,而其他选项可能具有不同的名称。检查您的 Windows 10 版本(Check your Windows 10 build),如有必要,获取最新的 Windows 10 更新(get the latest Windows 10 update)。
什么是Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)的“受控文件夹访问” ?
在 Windows 10 中,Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)包括称为“受控文件夹访问”的此功能。("Controlled folder access.")它旨在保护您的重要数据免受未经授权的更改。这意味着任何程序或应用程序(包括任何形式的恶意软件)都无法更改您受保护的文件或文件夹。
“受控文件夹访问”("Controlled folder access")可以保护用户文件夹中的每个文件的安全,但也可以将其配置为保护您手动指定的其他文件夹。如果您想授予对程序或应用程序的访问权限以在这些文件夹中进行更改,您可以使用Windows 安全(Windows Security)应用程序将其列入白名单。
如果特定程序或应用程序(包括勒索软件)试图更改在受保护文件夹中找到的文件,Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)会立即通知您并要求您确认您允许这样做。如果没有,您可以拒绝权限,并且您的文件不会被不需要的更改保存。
如何通过“受控文件夹访问”在Windows 10中获得勒索软件保护(Windows 10)
您可以在Windows 安全(Windows Security)应用中启用“受控文件夹访问”("Controlled folder access")保护功能。从打开它开始:从“(Start by opening it)开始”菜单(Start Menu)中单击或点击其快捷方式的快速方法。在Windows 安全(Windows Security)中心中,打开“病毒和威胁防护”。("Virus & threat protection.")
在Windows 安全中心的(Windows Security)“病毒和威胁防护”("Virus & threat protection")页面上,向下滚动直到找到“病毒和威胁防护设置”("Virus & threat protection settings")部分。在其中,单击或点击“管理设置(Manage settings)”链接。
在“病毒和威胁防护设置”("Virus & threat protection settings")页面上,向下滚动以找到我们正在寻找的功能:“受控文件夹访问”。("Controlled folder access.")在这里,Windows 安全(Windows Security)应用程序还告诉您此功能的全部内容:您可以使用它来“保护设备上的文件、文件夹和内存区域免受不友好应用程序未经授权的更改”。("Protect files, folders, and memory areas on your device from unauthorized changes by unfriendly applications.")单击或点击“管理受控文件夹访问”("Manage Controlled folder access")链接。
上一个操作会打开一个名为Ransomware protection的新设置页面。它首先告诉您可以做什么:“保护您的文件免受勒索软件等威胁,并了解如何在受到攻击时恢复文件。” ("Protect your files against threats like ransomware, and see how to restore files in case of an attack.")然后,您会看到我们之前提到的相同的“受控文件夹访问”描述,以及在其下方的("Controlled folder access")On/Off开关。单击(Click)或点击开关以启用Windows 10的内置勒索软件保护。
注意:(NOTE:)当您打开“受控文件夹访问”("Controlled folder access,")时,系统会要求您通过UAC(用户帐户控制)(UAC (User Account Control))提示确认操作。确认后,该功能将启用,并且Windows 10中的所有默认用户文件夹都受到保护,免受勒索软件攻击。
如何查看勒索软件攻击的历史
当您启用“受控文件夹访问”("Controlled folder access")功能时,Windows 安全(Windows Security)应用程序会在开关下方显示三个链接。第一个称为Block history。如果单击或点击它,Windows 安全(Windows Security)中心会加载其保护历史记录页面,其中会显示(Protection history)Microsoft Defender Antivirus采取的保护操作的历史记录。
如何查看Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)保护了哪些文件夹免受勒索软件的侵害
“受控文件夹访问”("Controlled folder access")中的下一个链接简称为“受保护文件夹”。("Protected folders.") 单击(Click)或点击它,您可以检查和管理由Microsoft Defender Antivirus管理的文件夹。
在“受保护的文件夹”("Protected folders")页面上,Windows 安全(Windows Security)应用程序首先告诉您“Windows 系统文件夹默认受保护”。("Windows system folders are protected by default.")并且 *“您还可以添加其他受保护的文件夹。”*然后,您有一个名为"+ Add a protected folder,"然后是一个相对较长的受保护文件夹列表。默认情况下,此列表包含Windows 10中的所有用户文件夹:文档、图片、视频、音乐(Documents, Pictures, Videos, Music,)和收藏夹(Favorites)。
无法从列表中删除默认受保护文件夹,但您可以将新文件夹添加到列表中,以便Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)可以保护它们免受未经授权的更改。
如何将新文件夹添加到“受保护文件夹”列表中
要将新文件夹添加到受保护列表中,请单击或点击"+ Add a protected folder"按钮。
选择要保护的新文件夹,然后单击或点击“选择文件夹”("Select Folder")按钮。
然后,您选择的文件夹会立即添加到受勒索软件威胁保护的文件夹列表中。
如何从“受保护文件夹”列表中删除文件夹
无法从此列表中删除默认用户文件夹。但是,可以删除您自己添加的那些。为此,请单击或点击“受保护文件夹”("Protected folders")列表中的其中一个文件夹,然后单击或点击“删除(Remove)”按钮。
当您选择从受保护列表中删除文件夹时,您必须确认您的操作。Windows 安全(Windows Security)应用程序还明确告诉您“通过删除此文件夹,受控文件夹访问将不再保护它免受未经授权的更改。” ("By removing this folder, Controlled folder access will no longer be protecting it from unauthorized changes.")如果您仍想这样做,请单击或点击OK。否则,单击/点击取消(Cancel)。
如何将应用列入白名单(或如何通过“受控文件夹访问”允许应用)
回到Windows 安全应用程序的(Windows Security)“受控文件夹访问”("Controlled folder access")部分,On/Off开关下方的第三个链接可让您“允许应用程序通过受控文件夹访问”。("Allow an app through Controlled folder access.")如果您想将您信任的应用程序列入白名单,请单击(Click)或点击它,以便它可以在受保护的文件夹中进行更改。
在“允许应用程序通过受控文件夹访问”("Allow an app through Controlled folder access")窗口中,我们了解到“您的大多数应用程序都将通过受控文件夹访问权限而无需在此处添加它们。始终允许 Microsoft 确定为友好的应用程序。” ("Most of your apps will be allowed by Controlled folder access without adding them here. Apps determined by Microsoft as friendly are always allowed.")这很好,但我们想知道微软(Microsoft)认为哪些应用程序是友好的。不幸的是,我们在 Internet 或Windows 10(Windows 10)中都找不到任何列表。但是,如果您的某个应用程序被“受控文件夹访问”("Controlled folder access")功能阻止,您可以在此处手动将其添加以将其列入白名单并允许其访问受保护的文件夹。
为此,请单击或点击"+ Add an allowed app"按钮。
当您单击或点击此按钮时,Windows 安全(Windows Security)中心会显示一个包含两个选项的菜单:“最近阻止的应用程序”("Recently blocked apps")和“浏览所有应用程序”。("Browse all apps.")
如果您选择“最近被阻止的应用程序”,("Recently blocked apps,") Windows 安全(Windows Security)中心会显示最近被拒绝访问受保护文件夹的应用程序列表。如果您要列入白名单的应用程序在那里,请单击或点击其左侧的加(plus)号以允许它在受保护的文件夹中进行更改。
如果您要列入白名单的应用程序不存在,请单击或点击“浏览所有应用程序”("Browse all apps")链接,或返回并从“添加允许的应用程序”("Add an allowed app")列表中选择相同的选项。然后,浏览您的计算机或设备,选择所需的应用程序,然后单击或点击“打开(Open)”按钮。
允许应用访问受保护的文件夹后,它会显示在Windows 安全中心的(Windows Security)“允许应用通过受控文件夹访问”("Allow an app through Controlled folder access")页面上的列表中。
如何从“受控文件夹访问”列表中删除应用程序
如果您不想再允许应用程序访问受保护的文件夹,请单击或点击它,然后按“删除(Remove)”按钮。
该应用程序会立即从允许在受保护文件夹中进行更改的应用程序列表中删除。
您是否正在(Are)使用Windows 10的勒索软件保护?
现在您知道Windows 10的(Windows 10)“受控文件夹访问”("Controlled folder access")勒索软件保护功能是什么,如何启用以及如何管理它。正如您所看到的,这并不难,而且在某些情况下,使用它所获得的安全性可以成为救命稻草。毕竟,勒索软件是十年来最大的瘟疫之一。如果您有什么要添加到我们的文章中,请不要犹豫,在下面的评论中这样做。
Get ransomware protection with Windows 10's Controlled folder access
Ransomware іs one of thе most dangerous forms of malware. It takes control of your filеs and folders and forces you to pay large amounts of money to get them bаck. And even then, you cannot be sure that you can get your data back. Micrоsoft noticed how dangerous these аttacks are for their users, and decided to take measures: in Windows 10, the Microsoft Defender Antivirus includes a feature called "Controlled folder access" explicitly designed to protect users against ransomware attacks. You can access and manage how "Controlled folder access" works to protect your files, folders, and memory areas on your device from the Windows Security app. Without further ado, here's how to get ransomware protection with Windows 10's "Controlled folder access":
NOTE: We created this tutorial using Windows 10 May 2020 Update. If you have an older version of the operating system, some options might be missing on your device, and others might bear different names. Check your Windows 10 build and, if necessary, get the latest Windows 10 update.
What is "Controlled folder access" from Microsoft Defender Antivirus?
In Windows 10, Microsoft Defender Antivirus includes this feature that's called "Controlled folder access." It is designed to protect your important data from unauthorized changes. That means that no program or application, including any form of malware, can alter your protected files or folders.
"Controlled folder access" can take care of the safety of every file found inside the user's folders, but it can also be configured to protect other folders that you manually specify. If you want to give access to a program or app to make changes in those folders, you can whitelist it using the Windows Security app.
If a particular program or app, including ransomware, tries to change the files found inside a protected folder, Microsoft Defender Antivirus notifies you immediately and asks you to confirm that you allow that. If not, you can deny permission, and your files are saved from unwanted changes.
How to get ransomware protection in Windows 10 with "Controlled folder access"
You can enable the "Controlled folder access" protection feature in the Windows Security app. Start by opening it: a fast way to do it to click or tap on its shortcut from the Start Menu. In Windows Security, open "Virus & threat protection."
On the "Virus & threat protection" page from Windows Security, scroll down until you find the "Virus & threat protection settings" section. In it, click or tap on the Manage settings link.
On the "Virus & threat protection settings" page, scroll down to locate the feature we are looking for: "Controlled folder access." Here, the Windows Security app also tells you what this feature is all about: you can use it to "Protect files, folders, and memory areas on your device from unauthorized changes by unfriendly applications." Click or tap on the "Manage Controlled folder access" link.
The previous action opens a new settings page called Ransomware protection. It starts by telling you what you can do: "Protect your files against threats like ransomware, and see how to restore files in case of an attack." Then, you get to see the same "Controlled folder access" description that we've mentioned earlier and, beneath it, the On/Off switch. Click or tap on the switch to enable Windows 10's built-in ransomware protection.
NOTE: When you turn on "Controlled folder access," you are asked to confirm the action by a UAC (User Account Control) prompt. Once you confirm, the feature is enabled, and all the default user folders from Windows 10 are protected against ransomware attacks.
How to see the history of ransomware attacks
When you enable the "Controlled folder access" feature, the Windows Security app displays three links beneath the switch. The first one is called Block history. If you click or tap on it, Windows Security loads its Protection history page, where it shows you the history of protection actions taken by Microsoft Defender Antivirus.
How to see which folders are protected against ransomware by Microsoft Defender Antivirus
The next link from the "Controlled folder access" is called simply "Protected folders." Click or tap on it, and you can check and manage the folders that are taken care of by Microsoft Defender Antivirus.
On the "Protected folders" page, the Windows Security app starts by telling you that "Windows system folders are protected by default." and that *"You can also add additional protected folders."*Then, you have a button called "+ Add a protected folder," followed by a relatively long list of folders that are protected. By default, this list contains all the users' folders from Windows 10: Documents, Pictures, Videos, Music, and Favorites.
The default protected folders cannot be removed from the list, but you can add new folders to the list so that Microsoft Defender Antivirus can protect them against unauthorized changes.
How to add new folders to the list of "Protected folders"
To add a new folder to the protected list, click or tap on the "+ Add a protected folder" button.
Choose the new folder that you want to protect and then click or tap on the "Select Folder" button.
The folder you've selected is then immediately added to the list of folders protected against ransomware threats.
How to remove a folder from the list of "Protected folders"
The default user folders cannot be removed from this list. However, those that you added on your own can be removed. To do that, click or tap on one of your folders from the list of "Protected folders" and then click or tap on the Remove button.
When you choose to remove a folder from the protected list, you have to confirm your action. The Windows Security app also explicitly tells you that "By removing this folder, Controlled folder access will no longer be protecting it from unauthorized changes." If you still want to do that, click or tap on OK. Otherwise, click/tap Cancel.
How to whitelist an app (or how to allow an app through "Controlled folder access")
Back in the "Controlled folder access" section from the Windows Security app, the third link beneath the On/Off switch lets you "Allow an app through Controlled folder access." Click or tap on it if you want to whitelist an app that you trust so that it can make changes in your protected folders.
In the "Allow an app through Controlled folder access" window, we learn that "Most of your apps will be allowed by Controlled folder access without adding them here. Apps determined by Microsoft as friendly are always allowed." That's great, but we wished to know what apps Microsoft thinks are friendly. Unfortunately, we could not find any list either on the internet or in Windows 10. However, if one of your apps is blocked by the "Controlled folder access" feature, you can manually add it here to whitelist it and allow it access to your protected folders.
To do that, click or tap in the "+ Add an allowed app" button.
When you click or tap on this button, Windows Security shows you a menu with two options: "Recently blocked apps" and "Browse all apps."
If you select "Recently blocked apps," Windows Security then shows you a list of apps that were recently denied access to your protected folders. If the app that you want to whitelist is there, click or tap on the plus sign from its left to allow it to make changes in your protected folders.
If the app you want to whitelist is not there, click or tap on the "Browse all apps" link, or go back and select the same option from the "Add an allowed app" list. Then, browse through your computer or device, select the app you want, and click or tap on the Open button.
After the app is allowed access to your protected folders, it's displayed in a list on the "Allow an app through Controlled folder access" page from Windows Security.
How to remove an app from the "Controlled folder access" list
If you no longer want to allow access for an app to your protected folders, click or tap on it and then press the Remove button.
The app is instantly removed from the list of apps that are allowed to make changes inside your protected folders.
Are you using Windows 10's ransomware protection?
Now you know what the "Controlled folder access" ransomware protection feature from Windows 10 is, how to enable, and how to manage it. As you've seen, it's not difficult, and the security you get from using it can be a lifesaver in certain situations. After all, ransomware is one of the greatest plagues of the decade. If you have something to add to our article, do not hesitate to do so in the comments below.