Microsoft announces ransomware-stopping Windows 10 feature

With the Windows 10 Fall Creators Update now rolling out, Microsoft has offered a first look at its anti-ransomware feature called "Controlled folder access". 

The new security feature can be enabled from the Windows Defender Security Center. Enabling Controlled folder access will isolate and lock down select folders, as well as restrict unauthorized apps from access accessing them. 

As Microsoft explains in a new blog, the feature is “like putting your crown jewels in a safe whose key only you hold”. 

Once Controlled folder access is enabled, it automatically covers common folders where documents are stored. Users can also added other folders they want protected, including folders from multiple drives. sets can also whitelist apps they trust to access the protected folders. The feature also notifies users if an app attempts to access or modify files in a protected folder. 

The feature would have been helpful for individuals and enterprises who lost files in this year's WannaCry and  NotPetya outbreaks. The feature and possibility of another outbreak will likely offer organizations an incentive to migrate systems to Windows 10. 

Enterprises can enable Controlled folder access using Group Policy and PowerShell too. It also integrates with the enterprise-only Windows Defended Advanced Threat Protection (ATP) service. The feature is part of Windows Defender Exploit Guard in the enterprise. Admins can also use audit mode to see how it would affect the organization prior to enabling it. 

The Fall Creators Update brings numerous other ransomware-related protections, including a new feature in the Windows 10 Edge browser that opens web pages in “low privilege app containers”. Microsoft took another dig at Google by highlighting its Edge apps for iOS and Android offer users of these platforms “browser security beyond sandboxing”. 

Google in September paid researchers from Microsoft’s Offensive Security Research and ChakraCore team $7,500 for a remote code execution (RCE) bug the search firm rated as a “high” severity issue. 

Last week, Microsoft’s Offensive Security Research team posted a detailed blog explaining the Chrome bug it found, and defended its focus in Edge on mitigating RCEs through Control Flow Guard — an approach that differs to the Chrome security team’s focus on isolating browser processes using sandboxing. 

Microsoft pointed out that Chrome’s “relative lack of RCE mitigations” allow them to quickly exploit a memory corruption bug. The Chrome security team’s lead had previously described Microsoft’s RCE mitigations as “relatively unproven technologies” whereas its isolation work on Chrome “appears to be a more effective strategy over the long term”.      


Tags MicrosoftGoogleWindows 10Advanced Threat Protection (ATP)NotPetya

Show Comments