Privacy and Security Add or Remove Allowed Apps for Controlled Folder Access in Windows 11


Windows_Security_banner.png

This tutorial will show you how to add and remove allowed apps for Controlled Folder Access in Microsoft Defender Antivirus in Windows 11.

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. In a ransomware attack, your files can get encrypted and held hostage.

Controlled folder access protects your data by checking apps against a list of known, trusted apps. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder.

Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.

Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the list are prevented from making any changes to files inside protected folders.

By default, Windows adds apps that are considered friendly to the allowed list. Such apps that are added automatically are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.

Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked.

You can specify if certain apps are always considered safe and give write access to files in protected folders. Allowing apps can be useful if a particular app you know and trust is being blocked by the controlled folder access feature.

When you add an app, you have to specify the app's full path location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access.

An allowed application only has write access to a controlled folder after it starts. For example, an app will continue to trigger events after it's allowed until it is stopped and restarted.

References:


You must be signed in as an administrator to add or remove allowed apps or Controlled folder access.

It is required to turn on Controlled Folder Access to be able to add and remove allowed apps.



Contents

  • Option One: Add or Remove Allowed Apps for Controlled Folder Access in Windows Security
  • Option Two: Add or Remove Allowed Apps for Controlled Folder Access using Command
  • Option Three: Configure Allowed Apps Policy for Controlled Folder Access in Local Group Policy Editor
  • Option Four: Configure Allowed Apps Policy for Controlled Folder Access in Registry Editor




Option One

Add or Remove Allowed Apps for Controlled Folder Access in Windows Security


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Microsoft_Defender_Controlled_Folder_Access-1.png

3 Perform one of the following actions below: (see screenshots below)
  • Click/tap on the Manage ransomware protection link under Ransomware protection.
  • Click/tap on the Manage settings link under Virus & threat protection settings, and click/tap on the Manage Controlled folder access link under Controlled folder access.

Microsoft_Defender_Controlled_Folder_Access-2.png
Microsoft_Defender_Controlled_Folder_Access-3.png

4 Click/tap on the Allow an app through Controlled folder access link. (see screenshot below)

Microsoft_Defender_Controlled_Folder_Access-4.png

5 If prompted by UAC, click/tap on Yes to approve.

6 Do step 7 (add) or step 8 (remove) below for what you want.


 7. Add Allowed Apps to Controlled Folder Access for Microsoft Defender Antivirus

A) Perform one of the following actions below: (see screenshots below)​
  • Click/tap on Recently blocked apps, and select a blocked app to allow.
  • Click/tap on Browse all apps, navigate to and select an app (ex: "notepad.exe") to allow, and click/tap on Open.
B) Go to step 9

Microsoft_Defender_Controlled_Folder_Access-5.png
Microsoft_Defender_Controlled_Folder_Access-6.png
Microsoft_Defender_Controlled_Folder_Access-7.png


 8. Remove Allowed Apps from Controlled Folder Access for Microsoft Defender Antivirus

A) Click/tap on the allowed app app (ex: "notepad.exe") you want to remove to expand it open. (see screenshot below)​

B) Click/tap on Remove.​

C) Go to step 9.​

Microsoft_Defender_Controlled_Folder_Access-8.png

9 When finished adding or removing allowed apps, you can close Windows Security if you like.




Option Two

Add or Remove Allowed Apps for Controlled Folder Access using Command


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Type the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)

(Add Allowed Apps to Controlled Folder Access)
PowerShell Add-MpPreference -ControlledFolderAccessAllowedApplications "<full path>"

OR​

(Remove Allowed Apps from Controlled Folder Access)
PowerShell Remove-MpPreference -ControlledFolderAccessAllowedApplications "<full path>"

Substitute <full path> in the commands above with the actual full path of the app (ex: "C:\Windows\notepad.exe") you want to add or remove as an allowed app.

For example:
PowerShell Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\notepad.exe"

PowerShell Remove-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\notepad.exe"


3 You can now close Windows Terminal (Admin) if you like.

Add_allowed_app_command.png

Remove_allowed_app_command.png





Option Three

Configure Allowed Apps Policy for Controlled Folder Access in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Microsoft Defender Exploit Guard>Controlled folder access

Microsoft_Defender_Controlled_Folder_Access_gpedit-1.png

3 In the right pane of Controlled folder access in the Local Group Policy Editor, double click/tap on the Configure allowed applications policy to edit it. (see screenshot above)

4 Do step 5 (add), step 6 (remove), or step 7 (default) below for what you want.


5 Add Allowed Apps to Controlled Folder Access for Microsoft Defender Antivirus

Apps added using this option cannot be removed using Option One and Option Two.


A) Select (dot) Enabled. (see left screenshot below)​

B) Click/tap on the Show button for Enter the applications that should be trusted under Options. (see left screenshot below)​

C) In the Value name column, type the full path of the app (ex: "C:\Windows\notepad.exe) you want to add as an allowed app. (see right screenshot below)​

You will need to double click/tap in the field to be able to enter the full path.


D) In the Value column to the right of the added drive or folder, type the number 0. (see right screenshot below)​

You will need to double click/tap in the field to be able to enter the number.


E) When finished adding apps, click/tap on OK. (see right screenshot below)​

F) Click/tap on OK. (see left screenshot below)​

G) Go to step 8.​

Microsoft_Defender_Controlled_Folder_Access_gpedit-3.png
Microsoft_Defender_Controlled_Folder_Access_gpedit-4.png

6 Remove Allowed Apps from Controlled Folder Access for Microsoft Defender Antivirus

Apps added using Option One and Option Two will not be listed here.


A) Select (dot) Enabled. (see left screenshot above)​

B) Click/tap on the Show button for Enter the applications that should be trusted under Options. (see left screenshot above)​

C) Delete the Value name column and Value column for the app (ex: "C:\Windows\notepad.exe) you want to remove. (see right screenshot above)​

D) When finished removing allowed apps, click/tap on OK. (see right screenshot above)​

E) Click/tap on OK. (see left screenshot above)​

F) Go to step 8.​

7 Undo Configure Allowed Apps Policy

This is the default setting.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK.​

C) Go to step 8.​

Microsoft_Defender_Controlled_Folder_Access_gpedit-2.png

8 You can now close the Local Group Policy Editor if you like.




Option Four

Configure Allowed Apps Policy for Controlled Folder Access in Registry Editor


1 Do step 2 (add), step 3 (remove), or step 4 (default) below for what you want.


2 Add Allowed Apps to Controlled Folder Access for Microsoft Defender Antivirus

Apps added using this option cannot be removed using Option One and Option Two.


A) Click/tap on the Download button below to download the file below to add the needed registry keys and values.​

Configure_allowed_applications_group_policy.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"ExploitGuard_ControlledFolderAccess_AllowedApplications"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications]

B) Save the .reg file to your desktop.​

C) Double click/tap on the downloaded .reg file to merge it.​

D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.​

E) You can now delete the downloaded .reg file if you like.​

F) Open Registry Editor (regedit.exe).​

G) Navigate to the key below in the left pane of Registry Editor. (see screenshot below step 2H)​

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications

H) In the right pane of the AllowedApplications key, right click on an empty space, click/tap on New, and click/tap on String Value. (see screenshot below)​

Microsoft_Defender_Controlled_Folder_Access_regedit-1.png

I) Type the full path of the app (ex: "C:\Windows\notepad.exe") you want to add as the name of this string value, and press Enter. (see screenshot below step 2J)​

J) Double click/tap on this string value (ex: "C:\Windows\notepad.exe") to modify it. (see screenshot below)​

Microsoft_Defender_Controlled_Folder_Access_regedit-2.png

K) Type the number 0, and click/tap on OK. (see screenshot below)​

Microsoft_Defender_Controlled_Folder_Access_regedit-3.png

L) When finished adding apps, you can close Registry Editor if you like.​

3 Remove Allowed Apps from Controlled Folder Access for Microsoft Defender Antivirus

Apps added using Option One and Option Two will not be listed here.


A) Open Registry Editor (regedit.exe).​

B) Navigate to the key below in the left pane of Registry Editor. (see screenshot below step 3H)​

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications

C) In the right pane of the AllowedApplications key, right click on the string value (REG_SZ) of the app (ex: "C:\Windows\notepad.exe") you want to remove, and click/tap on Delete. (see screenshot below)​

Microsoft_Defender_Controlled_Folder_Access_regedit-4.png

D) Click/tap on Yes to confirm. (see screenshot below)​

Microsoft_Defender_Controlled_Folder_Access_regedit-5.png

E) When finished removing apps, you can close Registry Editor if you like.​

4 Undo Configure Allowed Apps Policy

This is the default setting.


A) Click/tap on the Download button below to download the file below.​

Undo_Configure_allowed_applications_group_policy.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"ExploitGuard_ControlledFolderAccess_AllowedApplications"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications]

B) Save the .reg file to your desktop.​

C) Double click/tap on the downloaded .reg file to merge it.​

D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.​

E) You can now delete the downloaded .reg file if you like.​


That's it,
Shawn Brink


 

Attachments

Last edited:
Hi Shawn, je$u$, after this last Cumulative update(KB5014668 (OS Build 22000.778) Preview) CFA really blocks Windows own stuff.
I had to allow three system32 exxies(.exe's)
What is up at Redmond?
1656079757812.png


1656079785607.png


1656079815306.png
 

My Computer

System One

  • OS
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
    Computer type
    PC/Desktop
    Manufacturer/Model
    ۞ΞЖ†ԘΜΞ۞
    CPU
    Intel Core i9 9900K
    Motherboard
    ASUS ROG Maximus X Hero
    Memory
    32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
    Sound Card
    (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
    Monitor(s) Displays
    BenQ BL2711U(4K) and a hp 27vx(1080p)
    Hard Drives
    C: Samsung 960 EVO NVMe M.2 SSD
    E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
    D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
    G: System Images -> Samsung 860 Pro 2TB
    PSU
    Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
    Case
    Phanteks Enthoo Pro TG
    Cooling
    Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phanteks
    Keyboard
    Trust GTX THURA
    Mouse
    Trust GTX 148
    Internet Speed
    25+/5+ (+usually faster)
    Browser
    Edge; Chrome;
    Antivirus
    Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS
    Other Info
    Router: FRITZ!Box 7590 AX V2
    Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
    Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
And another one today after OneDrive updated :eek1::ffs: (n))My OneDrive has its own disk)
1656176040252.png
 

My Computer

System One

  • OS
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
    Computer type
    PC/Desktop
    Manufacturer/Model
    ۞ΞЖ†ԘΜΞ۞
    CPU
    Intel Core i9 9900K
    Motherboard
    ASUS ROG Maximus X Hero
    Memory
    32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
    Sound Card
    (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
    Monitor(s) Displays
    BenQ BL2711U(4K) and a hp 27vx(1080p)
    Hard Drives
    C: Samsung 960 EVO NVMe M.2 SSD
    E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
    D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
    G: System Images -> Samsung 860 Pro 2TB
    PSU
    Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
    Case
    Phanteks Enthoo Pro TG
    Cooling
    Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phanteks
    Keyboard
    Trust GTX THURA
    Mouse
    Trust GTX 148
    Internet Speed
    25+/5+ (+usually faster)
    Browser
    Edge; Chrome;
    Antivirus
    Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS
    Other Info
    Router: FRITZ!Box 7590 AX V2
    Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
    Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
Back
Top Bottom