How to Enable Ransomware Protection in Windows Defender

Enable Ransomware Protection Featured

Windows Defender, the built-in real-time antivirus in Windows 10, has a critical security feature that’s disabled by default: Ransomware Protection. Strangely though, the feature was added in a Windows 10 version 1709 update in October 2017, which comes as a surprise for many users who may not have known about it until now.

What’s worse is that ransomware is a serious threat that has implications as it silently encrypts your data and locks down your PC, eventually blocking access to your data unless you pay the attacker. There’s no guarantee, though, that once you pay, the attacker will decrypt your files and restore access to you.

Why is Ransomware Protection disabled?

Ransomware Protection has been available as a native option, but it’s not active until you enable it.

Among the concerns that may have led to this is that Windows Defender may identify legitimate apps as threats and block them, so it may be prone to false positives, as are a few other third-party anti-ransomware programs. This isn’t something users would want as much as they’re eager to protect their data given the devastating impact ransomware attacks can have.

The built-in Windows 10 option adds an extra layer of protection to your PC, plus you can extend or limit its coverage to your liking. Below are the steps to take to enable Ransomware Protection in Windows Defender:

1. Click Start and select Settings.

2. Click “Update & Security.”

Enable Ransomware Protection Windows Defender Update Security

3. On the left pane of the new window, click “Windows Security.”

Enable Ransomware Protection Windows Defender Windows Security

4. Click “Virus & Threat Protection” on the left pane.

Enable Ransomware Protection Windows Defender Windows Security Virus Threat Protection

5. Scroll down to the “Ransomware Protection” option.

Enable Ransomware Protection Windows Defender Virus Threat Protection Ransomware Protection

6. Click “Manage Ransomware Protection.” If a UAC popup appears, click OK. If not, proceed to the next step.

Enable Ransomware Protection Windows Defender Virus Threat Protection Ransomware Protection Manage Ransomware Protection

7. In the new window, find “Controlled Folder Access.”

Enable Ransomware Protection Windows Defender Ransomware Protection Manage Controlled Folder Access

8. Toggle it ON if it’s off to enable the option.

Enable Ransomware Protection Windows Defender Ransomware Protection Manage Controlled Folder Access On

That’s it. Ransomware Protection is now enabled in Windows Defender on your PC.

Windows Defender will now keep monitoring any programs that access your protected folders and the files stored therein, to prevent access by suspicious programs and protect your files and data.

As mentioned earlier, not all programs are suspicious, and Windows Defender is prone to giving false positives, but you can avoid this by adding whitelisted programs to the Controlled Folder Access. To do this:

1. In the same Controlled Folder Access window, click “Allow an app through Controlled folder” access.

Enable Ransomware Protection Windows Defender Controlled Folder Access Allow App Through

2. Click Add to include the programs you want to the list. You’ll have to do this for every program you want to add and grant access to.

Enable Ransomware Protection Windows Defender Controlled Folder Access Allow App Through Add App

3. You can also “Block history” to see the programs Windows Defender has blocked from accessing your files and data. Uninstall any program you don’t recognize or aren’t sure about.

Enable Ransomware Protection Windows Defender Ransomware Protection Manage Controlled Folder Access Block History

4. In the new Protection History window, click on Filters to see the various categories of actions Windows Defender has taken.

Enable Ransomware Protection Windows Defender Ransomware Protection Manage Controlled Folder Access Block History Filters

Note: to secure other folders that ransomware could target, use Protected Folders. Add a protected folder, and pick the folder you want Windows Defender to protect. They’ll be secured regardless of their location on your PC.

Enable Ransomware Protection Windows Defender Ransomware Protection Manage Controlled Folder Access On Protected Folders

Conclusion

Having Ransomware Protection is a good thing, and you can use it alongside your other antivirus program. However, it’s always advisable to back up your files regularly just so you’re not locked out of your own files and data in case of an attack. You can also set up data recovery using OneDrive (via Controlled Folder access setting) or use an external hard drive.

The Complete Windows 10 Customization Guide

The Complete Windows 10 Customization Guide

In this ebook we’ll be exploring the multitude of options to fully customize Windows 10. By the end of this ebook you’ll know how to make Windows 10 your own and become an expert Windows 10 user.

Get it now! More ebooks »

3 comments

  1. Only problem all your apps are now unfriendly, you can not save any files to disk get file not found on save or save as in of all apps ms word!! Rather than add add my apps to filter list I just shut the dam thing off.

  2. Whilst a step in the right direction, Microsoft really need to put more work in to this feature.
    Many legitimate programs make use of rundll32.exe to carry out tasks by calling functions that reside in dll (dynamic link library) files.
    So now you have to add rundll32.exe to the exclusion list. So guess what happens if ransomware uses rundll32.exe to do its dirty work? Bang, all your files still get encrypted.
    :-(
    This feature is ill thought out and lacking. Right now, it’s about as much use as a chocolate teapot.

  3. My copy of Win10 Pro v1903 does not have the ransomware options you described in the VIRUS & THREAT section of SETTINGS. Was it dropped?
    Dan

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.