In brief: Windows 10 now includes an anti crypto-ransomware feature
Date : October 08, 2017
The latest update of Windows 10 (known as "Fall Creators Update (version 1709)", available since 17-Oct-2017, brings new security features, and in particular an anti-ransomware protection called "Controlled folder access".
Note: this protection is available within "Windows Defender", the Microsoft's free antivirus program. You must activate "Windows Defender" to use "Controlled folder access" feature.
This protection was announced in June 2017. It allows you to limit the processes allowed to write into the protected folders (by default, the "Documents", "Images" and "Videos" folders). This way, if an unknown process (e. g."CryptoLocker.exe") tries to modify files in these folders, it will be blocked by Windows. It is of course possible to change the list of allowed applications and protected folders.
We haven't tested this feature but it seems quite interesting. In addition, Windows Defender now includes a series of protection mechanisms called "Windows Defender Exploit Guard". It would be interesting to study this new features set more generally and see in particular:
- If it is compatible with the use of an antivirus program other than Microsoft's one (some technical articles indicate that using Windows Defender in a passive mode is possible).
- What the discontinuation of Microsoft's EMET tool implies (because EMET is stopped by Microsoft for the benefit of "Exploit Guard").
For more information:
- Microsoft announcement: https://blogs.technet.microsoft.com/mmpc/2017/10/23/stopping-ransomware-where-it-counts-protecting-your-data-with-controlled-folder-access/
- Articles describing the "Controlled folder access" feature:
https://www.theregister.co.uk/2017/10/23/fyi_windows_10_ransomware_protection/
https://www.malekal.com/activer-protection-anti-ransomware-de-windows-10/ (French)