Thanks — helpful detail. Since the laptop is personal (not managed) and downloads stopped suddenly last week, the most likely causes (in order) are:
- Controlled Folder Access (CFA) / Ransomware protection blocking the browser/WhatsApp from writing to Downloads.
- SmartScreen / reputation‑based protection blocking the download action or marking files as unsafe.
- A browser extension or browser setting (or a corrupted browser profile) preventing downloads.
- Leftover/hidden AV/EDR driver or tamper protection (even if you “paused” the AV the on‑disk driver or tamper protection can still block writes).
- Downloads folder permission / disk space issue or a Windows update that changed security behavior (files flagged with “Mark of the Web” may be treated more strictly).
Below are safe, ordered checks and exact commands you can run. Do them in order and report the first step that shows a change.
1) Quick check — different browser & Incognito
- Open an Incognito / Private window (Edge/Chrome/Firefox) and try downloading a small known file (example: a small PDF from a trusted site).
- If it works in a different browser or private mode, disable extensions in your normal browser and retry. This isolates browser/profile issues.
2) Check Windows Security → Protection history
- Open Settings → Windows Security → Virus & threat protection → Protection history.
- Look for recent blocks that name the browser or WhatsApp and show the reason (Controlled folder access, SmartScreen, blocked file). This often points straight to the cause.
3) Test Controlled Folder Access (CFA)
- Temporarily test by turning CFA OFF (only to test):
- Windows Security → Virus & threat protection → Ransomware protection → Controlled folder access → Off.
- Try the download. If downloads now work, re‑enable CFA and add the browser and WhatsApp as allowed apps (Allow an app through Controlled folder access).
- If the CFA toggle is grayed/managed, run (Admin PowerShell) to see if a policy is present:
- reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /s
If keys exist the setting is enforced by policy (rare on a personal PC, but possible if previously enrolled or left-over).
4) Confirm AV / tamper status (run in Admin PowerShell)
- Run these two commands and paste results here if you want me to read them:
- Get-MpComputerStatus | Select AMServiceEnabled,AntivirusEnabled,RealTimeProtectionEnabled,IsTamperProtected
- Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | Select displayName,productState
These show whether Defender or another AV is active and whether tamper protection is blocking changes. If a third‑party AV remains registered it can still block writes even if “paused.”
5) Test SmartScreen / App & browser control
- Temporarily disable the relevant checks:
- Windows Security → App & browser control → Reputation‑based protection → temporarily turn OFF “Check apps and files” and “Block downloads.”
- Try the download. If it works, re‑enable protections and add exceptions where possible. (Do not leave SmartScreen off permanently.
6) Try a different download destination
- Change the browser download folder to a simple folder like C:\Temp (create it first) and try the download. If writing to C:\Temp works, the Downloads folder permissions are suspect — check: right‑click Downloads → Properties → Security and make sure your user account has Full Control.
7) Safe‑mode with Networking / new local user (isolation)
- Boot to Safe Mode with Networking and try the download. If it works in Safe Mode, a third‑party service/driver is interfering.
- Alternatively, create a new local user (Settings → Accounts → Family & other users → Add account without Microsoft account), sign in there and test. If downloads work in a fresh profile, the problem is profile/config or extension related.
8) Check for recent Windows updates or an update‑related change
- If this started last week, check Update history (Settings → Windows Update → Update history) for anything installed the same day the problem began. Some security fixes changed how files marked “from the Internet” are handled (preview pane / Mark of the Web), which can affect how files are treated after download (more restrictive blocking).
9) If nothing so far helps — capture small diagnostics
Run these (Admin PowerShell / CMD) and paste back the outputs:
- icacls "%userprofile%\Downloads"
- fsutil volume diskfree C:
- powershell: Get-Process -Name chrome,msedge,firefox | Select-Object Name,Path (to show which browser executable the browser is running from)
10) Last resorts (only if you’re comfortable)
- Temporarily uninstall the third‑party AV (use vendor removal tool), reboot, and test. Many stubborn driver/EDR components require full uninstall + reboot. If uninstall helps, reinstall and configure exclusions.
- In‑place repair (Media Creation Tool / ISO run from within Windows) can resolve corruption if system components were damaged by an update — try this only after backups.
Safety notes
- Don’t leave CFA or SmartScreen disabled permanently; they protect against ransomware / malicious downloads. Only disable briefly for testing and then add safe exceptions or re‑enable protections.
What I need from you next
- Results of the quick tests: did a different browser or Incognito work?
- The Protection History entries (a screenshot or the exact text) if present.
- The outputs of the two PowerShell AV checks I gave earlier (or paste them here).
Send those and I’ll give the exact next command(s) or the one‑click fix based on the root cause.
