This tutorial will show you how to add and remove allowed apps for Controlled Folder Access in Microsoft Defender Antivirus in Windows 11.
Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.
Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. In a ransomware attack, your files can get encrypted and held hostage.
Controlled folder access protects your data by checking apps against a list of known, trusted apps. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder.
Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.
Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the list are prevented from making any changes to files inside protected folders.
By default, Windows adds apps that are considered friendly to the allowed list. Such apps that are added automatically are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.
Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked.
You can specify if certain apps are always considered safe and give write access to files in protected folders. Allowing apps can be useful if a particular app you know and trust is being blocked by the controlled folder access feature.
When you add an app, you have to specify the app's full path location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access.
An allowed application only has write access to a controlled folder after it starts. For example, an app will continue to trigger events after it's allowed until it is stopped and restarted.
References:
Allow an app to access controlled folders - Microsoft Support
Customize controlled folder access - Microsoft Defender for Endpoint
You must be signed in as an administrator to add or remove allowed apps or Controlled folder access.
It is required to turn on Controlled Folder Access to be able to add and remove allowed apps.
- Option One: Add or Remove Allowed Apps for Controlled Folder Access in Windows Security
- Option Two: Add or Remove Allowed Apps for Controlled Folder Access using Command
- Option Three: Configure Allowed Apps Policy for Controlled Folder Access in Local Group Policy Editor
- Option Four: Configure Allowed Apps Policy for Controlled Folder Access in Registry Editor
1 Open Windows Security.
2 Click/tap on Virus & threat protection. (see screenshot below)
3 Perform one of the following actions below: (see screenshots below)
- Click/tap on the Manage ransomware protection link under Ransomware protection.
- Click/tap on the Manage settings link under Virus & threat protection settings, and click/tap on the Manage Controlled folder access link under Controlled folder access.
4 Click/tap on the Allow an app through Controlled folder access link. (see screenshot below)
5 If prompted by UAC, click/tap on Yes to approve.
6 Do step 7 (add) or step 8 (remove) below for what you want.
- Click/tap on Recently blocked apps, and select a blocked app to allow.
- Click/tap on Browse all apps, navigate to and select an app (ex: "notepad.exe") to allow, and click/tap on Open.
9 When finished adding or removing allowed apps, you can close Windows Security if you like.
1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.
2 Type the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)
PowerShell Add-MpPreference -ControlledFolderAccessAllowedApplications "<full path>"
PowerShell Remove-MpPreference -ControlledFolderAccessAllowedApplications "<full path>"
Substitute <full path> in the commands above with the actual full path of the app (ex: "C:\Windows\notepad.exe") you want to add or remove as an allowed app.
For example:
PowerShell Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\notepad.exe"
PowerShell Remove-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\notepad.exe"
3 You can now close Windows Terminal (Admin) if you like.
Configure Allowed Apps Policy for Controlled Folder Access in Local Group Policy Editor
The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.
All editions can use Option Four for the same policy.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)
3 In the right pane of Controlled folder access in the Local Group Policy Editor, double click/tap on the Configure allowed applications policy to edit it. (see screenshot above)
4 Do step 5 (add), step 6 (remove), or step 7 (default) below for what you want.
Apps added using this option cannot be removed using Option One and Option Two.
You will need to double click/tap in the field to be able to enter the full path.
You will need to double click/tap in the field to be able to enter the number.
Apps added using Option One and Option Two will not be listed here.
This is the default setting.
8 You can now close the Local Group Policy Editor if you like.
1 Do step 2 (add), step 3 (remove), or step 4 (default) below for what you want.
Apps added using this option cannot be removed using Option One and Option Two.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"ExploitGuard_ControlledFolderAccess_AllowedApplications"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications]
Apps added using Option One and Option Two will not be listed here.
This is the default setting.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"ExploitGuard_ControlledFolderAccess_AllowedApplications"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications]
That's it,
Shawn Brink