Microsoft tackles ransomware, targeted attacks in the next Windows 10

Microsoft is preparing new features in the Fall Creators Update that should help enterprise reduce the threat of ransomware and other malicious threats. 

One of the features should make it easier less painful for users to run Edge with Application Guard enabled. Application Guard creates a virtualized container for Edge that protects the host and network if the browser is exposed to web attack, such as watering hole attack, or if users download malware through the browser. 

Until now things like favorites, cookies and saved passwords only lasted as long as each container did, but a new feature called Data Persistence will allow these settings survive across Application Guard sessions.  

Microsoft rolled out the feature to Windows Insiders on the fast ring this week, and it should reach all users in September with the Windows 10 Fall Creators Update general release. 

Data Persistence isn’t enabled by default so admins will need to enable through Group Policy for Application Guard. 

Windows 10 is also getting more protection against ransomware and other malware that attempt to change files and folders. The feature, dubbed Controlled folder access, is part of Windows Defender Antivirus. Admins will be able to select folders they want protected. If a non-approved app attempts to change the files in these folders, it will notify the user about the attempt. Apps that Microsoft determine are "friendly" will always have access to the folders, however admins will also be able to add other approve apps that can access controlled folders. 

The default list of folders in Controlled access include Documents, Pictures, Movies, and Desktop. These can’t be removed, but other folders can be added to the protected list.  

Controlled folder access is off by default so users will need to visit the Windows Defender Security Center and switch on the setting in Virus and threat protection settings. 

Earlier this week Microsoft outlined several other new security features coming to the Fall Creators Update, including the reintroduction of parts of its EMET or the Enhanced Mitigation Experience Toolkit, which will reach end-of-life (EOL) in mid-2018.  

Microsoft planned to shelve EMET on the belief that Windows 10 was so secure that it was unnecessary. However, Will Dorrman of Carnegie Mellon University’s CERT showed that Windows 7 with EMET covered more exploit mitigations than plain Windows 10, even though Windows 10 included many more built-in mitigations than Windows 7 without EMET. Customers were also not pleased with Microsoft’s original planned EOL for EMET of January 2017, prompting to extend support until July 31, 2018. 

Many of EMET’s features will now be available as Windows Defender Exploit Guard, which resides in the Windows Defender Security Center. It is available even if built-in Windows Defender Antivirus not enabled. The feature promises to make vulnerabilities “dramatically more difficult to exploit”, according to Microsoft, and includes intrusion prevention rules and policies that rely on Microsoft’s Intelligent Security Graph.