Best way to use Controlled Folder Access on a file server

Question

I have a file server with one share on it. The root of that share would be C:\Shares. Would it be best practice to add that as a protected folder in Defender? The only things in that share are documents and files. No applications. It is strictly used to share documents per AD restrictions to the users.

My concern is a user puts a file infected with ransomware out there and this would help protect the files from it. But I don't want to suddenly cause all sorts of access issues as well.

Thank you.

Answer 1

Hi Jim

I guess adding the root share folder (C:\Shares) to the Windows Defender Antivirus's Controlled Folder Access is good practice to protect your files from ransomware. this helps feature in Windows Defender helps prevent unauthorized changes to files . so yes it is indeed a good practice and your approach is correct I would say.

but also keep in mind that the access permissions to the shared folder are properly configured. Users who need to modify files in that folder should have the necessary permissions.

If this helps kindly accept the answer thanks much.

Answer 2

Hi Jim,

Welcome to the Microsoft Q&A community.

For your concerned issue, when you add the petential thread file in the foloder, Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It will not block access to the entire folder or affect other apps to access other folder but block the ransomeware and report in the Windows Defender. See the reference:

https://support.microsoft.com/en-us/office/ransomware-protection-in-windows-security-445039d6-537a-488a-ad53-48906f346363

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.