[BleepingComputer] : Microsoft announces Controlled Folder Access to stop ransomware

The_Librarian

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
41,546
Reaction score
21,126
Location
Dark room in Adventure. Grues abound.
Microsoft Announces "Controlled Folder Access" to Fend Off Crypto-Ransomware

This fall, Microsoft plans to release a new Windows Defender feature called Controlled Folder Access, which blocks and blacklists unauthorized apps from making changes to files located inside specially-designated folders.

Microsoft shipped the Controlled Folder Access feature as part of the Windows 10 Insider Preview Build 16232, released yesterday evening.
New Windows Defender feature watches over your files

The feature works in a very simple manner. Once turned on (ships disabled), Controlled Folder Access will watch over files stored inside a list of folders.

If an app makes modifications to files, Windows Defender will verify the app against a list of whitelisted applications allowed to edit those documents.
Click to expand...

CFA-1.png


Story here.
 
Interesting new feature. Will have to see if it will help with the scourge that is ransomware.

Of course, world+dog will now jump on the bandwagon and offer their own "improved" version.
 
Interesting, would have been nicer if they changed it to a built-in feature rather than through Windows Defender though.
 
Johnatan56 said:
Interesting, would have been nicer if they changed it to a built-in feature rather than through Windows Defender though.
Click to expand...
The can't do it simple way. Defender is running dynamic scripts implanting new versions of botnets on your system. They just piggy back to the old engine. Just in case you don't know what I am talking about, these dynamic scripts are called "Virus Definition Files".
 
Genisys said:
So essentially permissions?
Click to expand...

Seems more like dynamic blacklisting. If you have permissions to a folder/files, that doesn't mean any application running under your context should make modifications without you knowing.
 
Windows 10 Insider Preview Build 16232 set to fight ransomware

(Tech Xplore)—Something called the Windows 10 Insider Build is offering a peek at what is in store, and the message is clear that Microsoft is fighting the good fight against malware havoc.
The new Windows 10 Inside Preview was released to some Insiders on Wednesday; reports are out about what new features Microsoft has in mind.
With all the recent spotlights on ransomware, it comes as no surprise that, for Insider Preview 16232, most of the new features are aimed at improving security.
Windows Insiders can try out Preview Build 16232, which brings a new 'Controlled Folder Access' feature to the OS, designed to protect your files from ransomware, said TrustedReviews.
Essentially, Windows 10 is fighting ransomware by locking up your data. Windows Latest wrote Friday that "Users could soon hide important files from ransomware soon in Windows 10." Hot Hardware said, Windows 10 Fall Creators Update neutralizes ransomware with controlled folders.
Just what is Controlled Folders—as this seems to be the main talking point about the preview.
Reports said that the Controlled Folder Access feature in the upcoming OS update will prevent malware and untrusted software from making changes to files.
Fortune said the feature aims to protect files from threats by monitoring changes made to contents within a controlled folder. Trusted apps can be added through the Controlled Folder Access Panel.
This is how Dona Sarkar, software engineer, Windows and Devices Group, described the feature to the OS:
"Controlled folder access monitors the changes that apps make to files in certain protected folders." "If an app attempts to make a change to these files, and the app is blacklisted by the feature, you'll get a notification about the attempt."
TrustedReviews: "When turned on, the feature only allows specific apps to access and write to certain folders, with desktop, pictures, movies, and documents folders included on the list of protected folders by default."
Click to expand...

Read More Here: https://techxplore.com/news/2017-07-windows-insider-preview-ransomware.html
 
sajunky said:
The can't do it simple way. Defender is running dynamic scripts implanting new versions of botnets on your system. They just piggy back to the old engine. Just in case you don't know what I am talking about, these dynamic scripts are called "Virus Definition Files".
Click to expand...

Isn't it a more complex version of the permission system, with one being able to allow a program to be a user?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X