 Hello everybody! In this video, I'm going to tell you about controlled folder access, why we need it, how it works, how it can be enabled and how to set up certain folders for protection. Controlled folder access is a function of Windows Defender meant to protect user files from encryption by various ransomware. According to Microsoft, any executable file is examined by the Windows Defender antivirus element to see if the application is dangerous or safe. If such application is rated as malware, it cannot modify any files in the protected folders. Hello friends! If you need to recover deleted data, view or restore removed browser history. Hetman software products will help you. Follow the link in the description. Download the necessary program for free. Install it and analyze the disk. The utility will show you the data you can recover, so you will be able to view it or get it back. In our channel and blog, you will find solutions to any problem, from installing an operating system or configuring it to fixing possible bugs and errors or optimizing mobile gadgets. Our specialists will answer any questions you ask in your comments under the videos or articles. This function prevents modifying personal folders such as documents, pictures, music, videos and desktop. As a rule, any program installed on your computer can modify files in these folders. If you enable this function, only the programs recognized as friendly will be able to make any changes. To enable it, go to Settings, Update and Security, Windows Defender, Windows Defender Security Center, Virus and Thread Protection. In the window that opens, go to Virus and Thread Protection settings, make sure that real-time protection is on, and then enable Controlled Folder Access. When you do that, two new tabs will appear – Protected Folders and Allow an App through Controlled Folder Access. By default, the Protected Folders list includes the documents, pictures, videos, music, desktop and favorites folders. You can't change the default list of directories, but you can add a new folder pass manually by clicking on the plus icon. In the other tab, Allow an App through Controlled Folder Access, you can add to the white list an application which was blocked by the Windows Defender as untrusted. To do it, click the Add an Allow an App button and choose the pass to the program's executable file. If you encounter an Access denied error, when a program tries to access such folders, you will have to add it into the list. And that's all. In Windows 10, you can configure this function with group policies. It's only possible on a Pro version, and it doesn't work in Windows Home. To do it, enter gpedit.msc into the search field and run it. In the window that opens, go to Computer Configuration, Administrative Templates, Windows Components, Windows Defender, Windows Defender exploit guard, Controlled Folder Access. Open Controlled Folder Access and enable it here. In the options, you can select the block option so that untrusted apps won't be able to modify or delete files in protected folders, for example, documents. Another option is Audit Mode. The apps usually seen as untrusted will be able to modify or delete files in protected folders, however, each event will be recorded to Windows Event Log. If you choose Disabled, all apps will be able to modify or delete files in protected folders. You can also configure trusted apps in protected folders. You can also enable and configure Controlled Folder Access using PowerShell. To run it, right-click on the start menu and select Windows PowerShell, Administrator. Alternatively, enter PowerShell in the search field and run it while holding down Control and Shift to start it as Administrator. To turn the function on, enter the following command. And there are three options for this function – Enabled, Disabled, or Audit Mode. To add a folder into the protected list, enter the command in the end, give the folder name to be protected. To add an application into the white list, use this command and in the end, give the app name to be allowed, including the path. In the event log, Windows records any changes in the settings, as well as all cases when events are triggered by Audit Mode and block options. By following the logs, you can monitor all changes made to folders and control any suspicious activities. Type event viewer in the start menu to open the Windows Event Viewer. In the top Custom View, you can create your own views. You can also download a ready-made file with settings and import it. To view controlled folder access events, download the Archive Exploit Guard Evaluation Package from the Microsoft official website. You can find the link in the description. Extract the file CFA Events XML to your desktop. This is the file containing view settings for controlled folder access. On the left panel, under Actions, click Import Custom View, specify the path to the file on the desktop, click Open and OK. After that, control folder access view will open. You can visit the Microsoft website to read about meanings of all event IDs. Find the link in the description. In my case, Event ID 5007 means that settings are changed. That is all for now. Hit the Like button and subscribe to our channel. Leave comments to ask questions. Thank you for watching. Good luck.