Windows 10 Ransomware protection

I got hit by ransomware once, maybe 10 years ago. All the files on my hard drive – except for the Windows installation – disappeared, and a popup asked for a VISA number. It’s about the most aggravating thing you can think of.

Ransomware wasn’t as sophisticated back then; this one just set the ‘hidden’ attribute on my files, and I was eventually able to get them all back. Today, they’d be encrypted and I wouldn’t have a chance.

Windows 10 has built-in protection against ransomware, but by default, it’s turned off. Maybe that’s because it’s intended for corporate IT, and they don’t want to deal with supporting it for ordinary users. It’s a bit techy, and the interface is pretty bad, but it’s serious protection and doesn’t complicate your life once it’s set up.

What it does is monitor file accesses in folders you specify, and if the program requesting the access isn’t on a white list you created, it gets denied. Any program can still read a file in those folders, or create a new one, but it can’t modify an existing file unless you’ve approved it.

That sounded good. The only stuff I worry about is my photography work, and some personal documents; anything else I can just reinstall if necessary. So I went through the setup and enabled the protection. And here’s a step-by-step which will save you some time and aggravation.

Start with Win-Q (the Windows key and “Q”) and enter “Ransomware Protection”. You’ll get this:

\

Set “Controlled folder access” to “On”, with the switch. Then click “Protected folders” to get this:

Clicking “Add a protected folder” brings up a File Explorer; choose a folder you want to protect, and click “Select Folder” at the bottom of the Explorer window. As you do this for each folder, they’ll show up in the list. Some common folders are already there by default.

Next you specify the programs (executable files) that will be allowed to modify files in those folders. Click the “back” arrow at the upper left corner to return to the main Ransomware Protection screen (previous image above), and click on “Allow an app through Controlled folder access”. Ignoring the fractured grammar, what this lets you do is browse for an executable and add it to the approved list. And that’s a bit of a pain, because those executables are buried deep under Program Files, and you may not know their names. In fact, an application may have multiple executables under the hood – for example, many image processing programs use ExifTool.exe for metadata access. So forget that route, there’s an easier way.

If you just go ahead and use a program that tries to write a protected file, you’ll get a popup like this:

You might think this popup will give you an option to approve the program on the spot – dream on, that would be too easy. Click on the popup and you get this, which at first glance makes no sense:

But you’re almost there. You’re seeing a list of blocked access attempts, and the one that just occurred is on top of the list. Click it, and you’ll get another popup:

And finally: the Actions dropdown includes an option to “”allow on this device”. Click that, and the program is whitelisted.

Repeat this for each application you want to allow, and you’re set. Note that you won’t get the warning until the program actually tries to modify and save a file, not when it’s first opened; so be prepared to run the fire drill described above or you’ll lose your work.

Leave a Reply

Your email address will not be published.