Skip to Main Content

Why You Should Use Windows Defender's Ransomware Prevention

Why You Should Use Windows Defender's Ransomware Prevention
Credit: Pixabay

A crucial security feature in Windows Defender comes disabled by default: Ransomware Protection. That’s surprising, since ransomware is a serious threat that locks down your device and blocks you from accessing your data until you pay your attacker. It’s even more surprising when you consider that Ransomware Protection was added way back in the October 2017 Windows 10 update.

The best possible explanation to why Ransomware Protection is disabled by default, as pointed out by gHacks, is that the feature may be prone to false positives. That’s a valid concern, but we sympathize with those who are eager to protect their data given how debilitating ransomware attacks can be.

We’ve covered general ransomware prevention tips before, but Windows 10’s built-in options add an extra layer of protection to your PC. Luckily, not only does Windows Defender include Ransomware Protection, users are able to extend—or limit—its coverage to suit their needs. Here’s how:

Lifehacker Image
Credit: Brendan Hesse - Windows 10
  1. Open the Start Menu, then click the Settings icon.

  2. In the Settings menu, go to Update & Security > Windows Security > Virus & Threat Protection.

  3. Scroll down to Ransomware Protection and click “Manage Ransomware Protection.”

  4. In the next menu, enable “Controlled Folder Access.”

  5. Controlled Folder Access only protects certain folders by default: Documents, Pictures, Videos, Music, Desktop, Favorites. You can extend the Ransomware Protection to other files and folders by clicking “Add a protected folder” in that same window.

  6. Navigate to the folder you wish to add to the ransomware protection. Repeat for each folder you want to have protected.

Now that you’ve set up Controlled Folder Access, Windows Defender will monitor which programs are accessing the protected folders and the files stored within them. It’ll then block blocks suspicious programs from trying to gain access. While this gives you some peace of mind, the problem is that some “suspicious” programs are not actually malicious. To avoid false positives, you can add a program to the Controlled Folder Access’ whitelist.

  1. Open the Start Menu and click the settings icon.

  2. Go to Update & Security > Windows Security > Virus & Threat Protection > Manage Ransomware Protection.

  3. Scroll down and click “Allow an app through controlled folder access,” then find and add the desired program to the list. You’ll have to repeat this process for each app you want to grant access to.

  4. You can also click “Block history” to view a list of programs that Windows Defender has prevented from accessing your protected files. If you don’t recognize a listed program or aren’t sure why one would be trying to access your files, uninstall it.

Even with fine-tuned ransomware protection from Windows Defender, you should also make sure you’re regularly backing up your files (so you don’t get locked out of anything important, if ransomware strikes). You can use an external hard drive, for example, or you can set up data recovery via OneDrive, which can be enabled in the Controlled Folder Access settings—on the same “Ransomware Protection” screen we’ve previously talked about. You’ll need to set up OneDrive if you haven’t already, and you only get 5GB of free space, but you’ll be able to recover your critical data in the event of a ransomware attack.