Set Up Controlled Folder Access to Stop Ransomware (and Allow Trusted Apps)
Difficulty: Intermediate | Time Required: 15 minutesControlled Folder Access (CFA) is a built-in Windows security feature designed to stop ransomware and other untrusted apps from silently modifying your important files. When enabled, it blocks unauthorized changes to protected folders (like Documents, Pictures, Desktop), while still letting you “allowlist” trusted applications that you know should have write access (backup tools, editors, game launchers, etc..
If you’ve ever worried about ransomware encrypting your files—or you’ve had an app unexpectedly fail to save—this guide will walk you through enabling Controlled Folder Access correctly and configuring it so your trusted apps keep working.
Prerequisites
Before you start, make sure you have the following:- Windows 10 or Windows 11 with Microsoft Defender Antivirus available
- Controlled Folder Access is part of Windows Security (Microsoft Defender).
- Administrator access on the PC (needed to change security settings).
- A few minutes to test your common apps (Office, Photoshop, backup tools, accounting software, game launchers, etc..
Note (Windows editions): Controlled Folder Access is available on most consumer Windows 10/11 editions that include Microsoft Defender. If you use a third-party antivirus, it may disable or hide some Defender features.
Step-by-Step: Turn On Controlled Folder Access
1) Open Windows Security
- Click Start.
- Type Windows Security.
- Open Windows Security.
2) Go to Ransomware protection
- In the left sidebar, click Virus & threat protection.
- Scroll to Ransomware protection.
- Click Manage ransomware protection.
3) Enable Controlled Folder Access
- Find Controlled folder access.
- Switch it On.
- Approve the UAC prompt if asked.
Warning: Once enabled, some legitimate apps may be blocked from saving to protected folders until you allow them. This is normal and is exactly how CFA prevents ransomware.
Step-by-Step: Understand What CFA Protects (and Add/Remove Folders)
By default, Controlled Folder Access protects common user data locations such as:- Documents
- Pictures
- Videos
- Music
- Desktop
- Favorites
4) Review protected folders
- Still in Manage ransomware protection, click Protected folders.
- Review the list.
5) Add a folder you want protected (optional but recommended)
If you store important files somewhere else (e.g.,D:\Work, E:\FamilyPhotos, a synced folder), add it:- Click Add a protected folder.
- Choose the folder and confirm.
Tip: Protect folders where you keep irreplaceable data: project directories, personal photos, exported password vault backups, and local backup destinations.
6) Remove a protected folder (only if necessary)
If a protected folder causes constant issues and you can’t resolve it by allowing apps:- Select the folder.
- Click Remove.
Warning: Removing folders reduces protection. It’s generally safer to keep the folder protected and allow specific trusted apps instead.
Step-by-Step: Allow Trusted Apps (So They Can Save Normally)
The most important part of using CFA smoothly is allowlisting legitimate applications that need to write to protected folders.7) Add an allowed app (recommended method)
- In Manage ransomware protection, click Allow an app through Controlled folder access.
- Click Add an allowed app.
- Choose one of the options:
- Recently blocked apps (best if something was just blocked)
- Browse all apps (to manually select an
.exe)
8) Browse to the correct executable
If you use Browse all apps, select the actual program executable (not a shortcut). Common locations include:C:\Program Files\...C:\Program Files (x86)\...C:\Users\<you>\AppData\Local\...(some apps install per-user)
Tip: If you’re unsure which executable to allow, check the block event first (next section). It will usually show the exact file path that needs permission.
Step-by-Step: Find Out What Got Blocked (Event Viewer + Protection History)
If an app can’t save files, it may be getting blocked by CFA. Here’s how to confirm.9) Check Protection History (quick and user-friendly)
- Open Windows Security.
- Go to Virus & threat protection.
- Click Protection history.
- Look for items related to Controlled folder access or Ransomware protection.
- Open the entry to see details about the blocked app.
Note: Protection history is the fastest way for most users. If you need deeper details (including exact event IDs), use Event Viewer.
10) Check Event Viewer (more technical, more detail)
- Right-click Start → Event Viewer.
- Navigate to:
Applications and Services Logs → Microsoft → Windows → Windows Defender → Operational - Look for events indicating Controlled Folder Access blocks.
- Identify the blocked executable path and add it as an allowed app.
Tip: If you’re troubleshooting repeated blocks, Event Viewer gives you the clearest “who/what/where” data.
Step-by-Step: Verify It’s Working (Quick Test)
11) Test a normal workflow
- Open your common apps (Word/Excel, photo editor, PDF editor, backup tool).
- Try saving a file to:
- Documents
- Desktop
- Any custom folder you protected
- If something fails to save, check Protection history and allow the app if appropriate.
Warning: Only allow apps you trust. If an unknown program suddenly needs access to protected folders, treat that as a red flag and investigate before allowlisting.
Tips, Best Practices, and Troubleshooting
Tip: Keep Defender active if you want CFA protection
Controlled Folder Access is a Microsoft Defender feature. If a third‑party antivirus fully replaces Defender, CFA may not function or may become unavailable.Tip: Common apps that may need allowlisting
Depending on your setup, you may need to allow:- Backup/sync tools (third-party backup, scripting tools)
- Advanced text editors/IDEs
- Accounting or database software
- Older (legacy) applications that write directly into Documents/Desktop
- Game launchers/mod managers that store saves in protected folders
Troubleshooting: “My app is safe but keeps getting blocked”
Try this checklist:- Confirm the block in Protection history or Event Viewer.
- Allow the exact
.exethat’s being blocked (not a shortcut). - If the app updates frequently, it may install a new executable path/version—re-check the block details.
- If the software uses helper processes (launchers, updaters), you may need to allow multiple related executables.
Troubleshooting: CFA breaks a workflow you rely on
If you’re in the middle of critical work:- Temporarily turn CFA Off (Manage ransomware protection → Controlled folder access).
- Complete the urgent task.
- Turn it back On and allow the required apps properly.
Warning: Turning CFA off removes an important ransomware barrier. Use this only as a short-term troubleshooting step.
Best practice: Pair CFA with backups
Controlled Folder Access is prevention, not recovery. For ransomware resilience, also keep:- A 3-2-1 backup strategy (3 copies, 2 media types, 1 offsite/offline)
- At least one offline or disconnected backup (external drive not always plugged in)
Conclusion
Controlled Folder Access is one of the most practical anti-ransomware features in Windows 10/11: it hardens your most important folders against unauthorized changes while still giving you control to allow trusted applications. Once configured, it runs quietly in the background and can significantly reduce the damage ransomware (or rogue software) can do.Enable it, protect the folders that matter, and allow only the apps you truly trust—then test your everyday workflows to make sure everything saves normally.
Key Takeaways:
- Controlled Folder Access helps block ransomware by preventing untrusted apps from modifying protected folders.
- You can add extra folders (like work or photo drives) to extend protection beyond the defaults.
- Use Protection history or Event Viewer to identify blocked apps, then allowlist only trusted executables.
- Pair CFA with strong backups for the best protection and recovery strategy.
This tutorial was generated to help WindowsForum.com users get the most out of their Windows experience.
