This tutorial will show you how to add and remove protected folders for Controlled Folder Access in Microsoft Defender Antivirus in Windows 11.
Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.
Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. In a ransomware attack, your files can get encrypted and held hostage.
Controlled folder access protects your data by checking apps against a list of known, trusted apps. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder.
Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.
Windows system folders are protected by default, along with several other folders:
- C:\Users\<username>\Documents
- C:\Users\Public\Documents
- C:\Users\<username>\Pictures
- C:\Users\Public\Pictures
- C:\Users\Public\Videos
- C:\Users\<username>\Videos
- C:\Users\<username>\Music
- C:\Users\Public\Music
- C:\Users\<username>\Favorites
Reference:
Customize controlled folder access - Microsoft Defender for Endpoint
You must be signed in as an administrator to add or remove protected folders for Controlled folder access.
It is required to turn on Controlled Folder Access to be able to add and remove protected folders.
- Option One: Add or Remove Protected Folders for Controlled Folder Access in Windows Security
- Option Two: Add or Remove Protected Folders for Controlled Folder Access using Command
- Option Three: Configure Protected Folders Policy for Controlled Folder Access in Local Group Policy Editor
- Option Four: Configure Protected Folders Policy for Controlled Folder Access in Registry Editor
Add or Remove Protected Folders for Controlled Folder Access in Windows Security
1 Open Windows Security.
2 Click/tap on Virus & threat protection. (see screenshot below)
3 Perform one of the following actions below: (see screenshots below)
- Click/tap on the Manage ransomware protection link under Ransomware protection.
- Click/tap on the Manage settings link under Virus & threat protection settings, and click/tap on the Manage Controlled folder access link under Controlled folder access.
4 Click/tap on the Protected folders link. (see screenshot below)
5 If prompted by UAC, click/tap on Yes to approve.
6 Do step 7 (add) or step 8 (remove) below for what you want.
9 When finished adding or removing protected folders, you can close Windows Security if you like.
Add or Remove Protected Folders for Controlled Folder Access using Command
1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.
2 Type the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)
PowerShell Add-MpPreference -ControlledFolderAccessProtectedFolders "<full path>"
PowerShell Remove-MpPreference -ControlledFolderAccessProtectedFolders "<full path>"
Substitute <full path> in the commands above with the actual full path of the drive or folder you want to add or remove as a protected folder.
For example:
PowerShell Add-MpPreference -ControlledFolderAccessProtectedFolders "Z:\"
PowerShell Remove-MpPreference -ControlledFolderAccessProtectedFolders "Z:\"
3 You can now close Windows Terminal (Admin) if you like.
Configure Protected Folders Policy for Controlled Folder Access in Local Group Policy Editor
The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.
All editions can use Option Four for the same policy.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)
3 In the right pane of Controlled folder access in the Local Group Policy Editor, double click/tap on the Configure protected folders policy to edit it. (see screenshot above)
4 Do step 5 (add), step 6 (remove), or step 7 (default) below for what you want.
Folders added using this option cannot be removed using Option One and Option Two.
You will need to double click/tap in the field to be able to enter the full path.
You will need to double click/tap in the field to be able to enter the number.
Folders added using Option One and Option Two will not be listed here.
This is the default setting.
8 You can now close the Local Group Policy Editor if you like.
Configure Protected Folders Policy for Controlled Folder Access in Registry Editor
1 Do step 2 (add), step 3 (remove), or step 4 (default) below for what you want.
Folders added using this option cannot be removed using Option One and Option Two.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"ExploitGuard_ControlledFolderAccess_ProtectedFolders"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders]
Folders added using Option One and Option Two will not be listed here.
This is the default setting.
(Contents of REG file for reference)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"ExploitGuard_ControlledFolderAccess_ProtectedFolders"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders]
That's it,
Shawn Brink