+Warwagon MVC Posted November 15, 2017 MVC Share Posted November 15, 2017 So, I have the fall creators update and would LOVE to try "Controlled folder access" but It can't be enabled if Windows Defender real-time protection is turned off. I use a 3rd party AV Secureaplus and so Windows Defender has disabled real-time protection, thus I'm unable to turn on "Controlled folder access". This should be separate from Windows Defender. Does anyone know of a workaround? Submitted some feedback if anyone cares to upvote it "Separate Controlled folder access from Windows Defender" https://aka.ms/Nfunab Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted November 16, 2017 Supervisor Share Posted November 16, 2017 Hello, My best guess is that Controlled Folder relies on HIPS rules managed/enforced by the Windows Defender engine. so if you disable Windows Defender, you disable the program which manages CFA. Regards, Aryeh Goretsky DConnell 1 Share Link to comment Share on other sites More sharing options...
Mando Posted November 16, 2017 Share Posted November 16, 2017 the work around is, use an Av vendor that supports its function mate. goretsky is correct. All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder. If your non compatible Av forces Defender to run in a limited state (as in not doing realtime protection) it renders controlled folders inactive also. currently bitdefender and a couple of others are implementing the integration. Any half decent AV should do this kind of monitoring itself anyways, without the need for Microsoft's solution. It is the responsibility of the 3rd party vendors to be compliant, not MS, they dont know how each AV engine operates or does realtime protection. +Matthew S. and DConnell 2 Share Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted November 17, 2017 Supervisor Share Posted November 17, 2017 Hello, From what I've read (it was a while ago), Controlled Folder Access works by first allowing the user to select a folder to deny access to, and then create a "whitelist" of applications which are allowed access to that folder. I don't think the Windows Defender engine makes any determination as to what is allowed, other than normal checks to see if an infected object is running (it would not be good if a whitelisted application was infected or injected by a malicious process). Any anti-malware program should allow you to do this with HIPS rules, of course. Microsoft's innovation is to provide a simple and easy-to-use interface on functionality that was previously geared at advanced users. Regards, Aryeh Goretsky 19 hours ago, Mando said: the work around is, use an Av vendor that supports its function mate. goretsky is correct. All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder. If your non compatible Av forces Defender to run in a limited state (as in not doing realtime protection) it renders controlled folders inactive also. currently bitdefender and a couple of others are implementing the integration. Any half decent AV should do this kind of monitoring itself anyways, without the need for Microsoft's solution. It is the responsibility of the 3rd party vendors to be compliant, not MS, they dont know how each AV engine operates or does realtime protection. +Warwagon 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts