Controlled Folder access - trying to add local folders, mapped network drive, neither are working RRS feed

  • Question

  • Hello experts, I have a quick question about Windows 10 controlled folder access. My boss wants to enable this feature for the malware protection, so we are just starting to explore it and have not enabled any GPO settings. We are running Win 10 1709, and I enabled the feature, but for some reason, when I try to add more protected folders, nothing happens. We have tried this on 3 separate computers, and the result is the same. All of my user profile folders are listed, including c:\users\puglic\<folders> but if I try to add c:\intel for testing, or the UNC path for my "home" drive, I just get the spinning-wheel and then nothing gets added. Am I doing something wrong ?
    Tuesday, January 30, 2018 2:36 PM

All replies

  • Hi tekknyne,

    As far as I know, after we enable Controlled Folder access in Windows Settings, we only need to set two options. Add a protected folder and Add an allowed app.

    Users must have administrative permissions to enable CFA, make any changes to the protected folders list, and allow apps through CFA. Also don’t use other security software.

    The settings for CFA can be found under Administrative Templates > Windows Components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access.

    We recommend that you change the file path of your folders in Controlled Access Folder to the full file path. For example, if you want to protect the files and folders inside the Desktop folder, the file path in Controlled Access Folder must be C:\Users\[username]\Desktop.

    For UNC path, you could add \\server\share as protected folder, writes to mapped driver X:

    Also I suggest that you could create a new user account to check and keep updating to the latest system version KB4073291 (OS Build 16299.201).

    Hope it will be helpful to you

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 31, 2018 9:26 AM
  • We are running Windows 10 1709 Build 16299.192, so maybe that slight version number makes a difference? But that is the latest that windows updates is giving me.

    We are also running SCCM endpoint protection and windows defender is enabled. It shows antimaleware version 4.12.17007.18011 Engine version 1.1.145005.5

    I'll try to see if I can get windows up to date, and see if that makes a difference

    Wednesday, January 31, 2018 1:23 PM
  • Hi carl, thanks for all the help. I tried to run windows10.0-kb4073291-x86_898d588fa98a78fdb7f121f14b74f51df2a9416d.msu

    but looks like that the 32-bit version, and I cannot find the 64 bit version. Sorry I did not specify, but we are using 64 bit Windows 10.

    Wednesday, January 31, 2018 1:27 PM
  • i also tried to add a trusted app, and the result was the same. It does not add anything to the list. I am a local administrator.
    Wednesday, January 31, 2018 1:27 PM
  • Also, Real time protection, Cloud-delivered protection, and Automatic sample submission are all controlled by administrator/GPO. However we have not enabled any GPO's for controlled folder access. Currently, we are just manually testing with a couple power-users to see if they have difficulties.
    Wednesday, January 31, 2018 1:29 PM