How to Configure Controlled Folder Access in your Windows 10 Device

Last Updated by Unyime Etim on Sept. 14, 2020, 7:38 a.m.

What is Controlled Folder Access?

Microsoft, with the release of the Fall Creators Update, added a new feature called the Controlled Folder Access (CFA) to Windows 10 operating system and Windows Server 2019. This addition works by restricting the ability of untrusted programs from making changes to files within protected folders. 

Outstanding feature! but how is it useful?

In a few short words, Controlled Folder Access is really bad news for Ransomware. Since only  known safe apps will have access to protected folders, malicious programs - like ransomware and wipers - will find it pretty much difficult to perform.

However, there's an important point you need to take note of.  Since Controlled Folder Access does not stop malware from reading or copying your files, you can still suffer a serious breach if you're not careful with your device security.

How to Enable/Disable Controlled Folder Access

Controlled Folder Access requires you to enable real-time protection from within the Windows defender app, which may need you to deactivate your current antivirus software. Quite a difficult decision, right? I totally understand. 

However, the latest version of the Windows defender is a very decent antivirus on its own, so you're very much covered.

To enable Controlled Folder Access, follow the guidelines below.

Step 1: Go to your search bar and search for Windows Security.

Step 2: Open the Windows Security app.

Step 3: Click the Virus & Threat Protection tab on the left-hand side of the screen.

Controlled folder access configuration

Step 4: Scroll down and click the ‘manage settings’ option of  Virus & Threats Protection.

How to configure controlled folder access

Step 5: Scroll down and click on ‘manage controlled folder access. 

configure controlled folder access

Step 6: In the next window, turn on the switch if you want to enable, or turn off the switch if you want to disable controlled folder access.

controlled folder access configuration

Note: You have to enable Windows Defender real-time protection before CSF can be set up. By default, some important folders like document, pictures, and music will be set up for you, but if you need to add another folder, follow the guidelines below.

Step 1: Just under the Controlled Folder Access switch found in step 6 above, select the protected folders option.

Step 2: Click the add a protected folder to add more folders.

How to Allow/Disallow an App through Control Folder Access

Windows Defender by default will allow some known safe application access to the protected folders. Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution. 

When this happens, you can let any safe app through by following the guidelines below:

Step 1: From your Windows defender Window, click the Virus & Protection tab on the left-hand side of the screen.

Step 2: Click the Virus & Threats Protection Settings option.

Step 3: Click on ‘manage ransomware protection.

controlled folder access configuration

Step 4: Under the Controlled Folder Access section, click the ‘allow an app through controlled access option’.

Step 5: Navigate to the executable file of the app you need to allow and click on it.

How to Enable/Disable Controlled Folder Access (CFA) with Windows PowerShell

In addition to the Windows Defender, you can also configure the Controlled Folder Access from through the Windows PowerShell.

To enable the CFA, follow the guidelines below.

Step 1: Go to the search bar and type  PowerShell. 

Step 2: Right-click on the PowerShell app and click run as administrator.

Step 3: Type in the following code and press Enter.

Set-MpPreference -EnableControlledFolderAccess Enabled

controlled folder access configuration with powershell

Step 4: To disable the CFA feature, follow the steps above, but at step 3, type the following code and press Enter.

Set-MpPreference -EnableControlledFolderAccess Disabled

controlled folder access configuration with powershell

How to Add Protected Folder to Controlled Folder Access (CFA) with Windows PowerShell

Follow the guidelines below to add a protected folder with PowerShell.

Step 1: Go to the search bar and type  PowerShell. 

Step 2: Right-click on the PowerShell app and select run as administrator.

Step 3: Type in the following code and press Enter.

Add-MpPreference -ControlledFolderAccessProtectedFolders "D:\folder\path\to\add"

controlled folder access configuration with powershell

To remove a folder, use the code below:

 Disable-MpPreference -ControlledFolderAccessProtectedFolders "D:\folder\path\to\remove"

How to Allow/Disallow an App through Control Folder Access with PowerShell

Follow the guidelines below to allow an app.

Step 1: Go to the search bar and type  PowerShell. 

Step 2: Right-click on the PowerShell app and select run as administrator.

Step 3: Type in the following code and press Enter.

Add-MpPreference -ControlledFolderAccessAllowedApplications "D:\path\to\app\app.exe"

To remove an app, use the following code:

Remove-MpPreference -ControlledFolderAccessAllowedApplications "D:\path\to\app\app.exe"

Closing Thoughts

With the exponential rise in ransomware attacks, the controlled folder access feature is really what you need at this point to keep your data safe. However, don't forget to have a solid backup plan. Nothing beats a good backup plan.

Did you find the post useful? Please consider sharing.

If you have any questions, tips, or contributions, use the comment form below. I'd very much like to hear from you. 

Related Guides: