Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Microsoft Defender Antivirus assesses all apps (any executable file, including .exe, .scr, .dll files and others) and then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then the app can't make changes to any files in any protected folder.
Download and run this setup script. Before running the script, set execution policy to Unrestricted by using this PowerShell command:
PowerShell
Set-ExecutionPolicy Unrestricted
Or, you can perform these manual steps instead:
Create a folder under c: named demo, as in c:\demo.
Save this clean file into c:\demo (we need something to encrypt).
Run the PowerShell commands listed earlier in this article.
Next, check that status of the Aggressive Ransomware Prevention ASR rule and disable it for the duration of this test if it's enabled:
PowerShell
$idx = $(Get-MpPreference).AttackSurfaceReductionRules_Ids.IndexOf("C1DB55AB-C21A-4637-BB3F-A12568109D35")
if ($idx -ge0) {Write-Host"Rule Status: " $(Get-MpPreference).AttackSurfaceReductionRules_Actions[$idx]} else {Write-Host"Rule does not exist on this machine"}
If the rule exists and the status is 1 (Enabled) or 6 (Warn), it must be disabled to run this test:
Prevention against ransomware is essential because such an attack can lead to major disruption for you or your business. In this module, you'll learn about best practices to protect yourself against ransomware and other extortion-based attacks.
Shows how Network protection prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.