Share via

Controlled Folder Access "block disk modification only"

Anonymous
2022-06-30T02:11:13+00:00

Hi,

I was wondering what the Controlled Folder Access option "Block Disk Modification Only" does? The group policy editor path is: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access > Configure Controlled folder access > Enabled (Block Disk Modification Only).

According to the group policy help, "Attempts by untrusted apps to write to disk sectors" will be blocked. However, I was wondering what does it mean by "disk sectors"? Obviously not folders like Documents, Pictures, Desktop. Does it mean places like C:\Program Files? But those places are usually blocked anyways.

Thanks,

Philip

Windows for home | Windows 11 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-06-30T09:17:29+00:00

    Hi,

    Thanks for your post in Microsoft Community.

    A sector is an area divided on a disk. Each track on the disk is divided into several arc segments, these arc segments are the sectors of the disk, and the read and write of the hard disk is based on sectors.

    This is a division of the physical nature of your disk, not the folders you see from the software.

    The files you see are actually located in their respective sectors, so this cannot be understood as restricted access to the folder.

    However, it is possible to restrict access to individual folders by setting, which is also achieved by restricting physical sectors.

    You don't need to delve into the meaning of this term, because it actually accomplishes what you want to restrict access to the folder.

    Here's the relevant documentation, a way to add restricted folder access, maybe you can use it.

    Customize controlled folder access | Microsoft Docs

    Hope it helps you.

    Kirk | Microsoft Community Support Specialist

    Was this answer helpful?

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2022-07-07T05:57:23+00:00

    In theory, when the group policy is configured to "Block Disk Modification Only", writing to the entire disk (including all files and folders on this disk) will be restricted, but modification and deletion will not.

    To restrict folder access, I think it still needs to be configured in Defender.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2022-07-13T12:24:55+00:00

    We value your feedback, click Yes or No to help us improve the support experience.

    If you have any questions in the future, please feel free to post on the Microsoft Forums.

    Was this answer helpful?

    0 comments
  4. Anonymous
    2022-07-11T00:18:37+00:00

    I see, thank you.

    Was this answer helpful?

    0 comments
  5. Anonymous
    2022-07-01T13:52:49+00:00

    Hi Kirk,

    Thank you for your detailed response. What I still don't understand, however, is which folders will be blocked if I set it to "Block Disk Modification Only"? In my testing, when I chose this option, folders that were previously blocked, such as "Documents", "Pictures", etc. are no longer blocked. But which folders will be blocked then?

    Thanks,

    Philip

    Was this answer helpful?

    0 comments