From d18b24ccc03763033d4354042c320eacb73dda0c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:03:06 -0800 Subject: [PATCH 01/12] Update customize-controlled-folders.md --- .../microsoft-defender-atp/customize-controlled-folders.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 39b6cd2158..9a895ed9f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -8,9 +8,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium audience: ITPro -author: levinec -ms.author: ellevin -ms.reviewer: +author: denisebmsft +ms.author: deniseb +ms.reviewer: jcedola, dbodorin, vladiso, nixanm, anvascon manager: dansimp --- From 6647f492e35420993b97e8317e0ee86a17631aca Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:04:46 -0800 Subject: [PATCH 02/12] Update customize-controlled-folders.md --- .../customize-controlled-folders.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 9a895ed9f4..27da90e0a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -12,6 +12,7 @@ author: denisebmsft ms.author: deniseb ms.reviewer: jcedola, dbodorin, vladiso, nixanm, anvascon manager: dansimp +ms.date: 12/16/2020 --- # Customize controlled folder access @@ -21,14 +22,14 @@ manager: dansimp **Applies to:** -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients. This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). -* [Add additional folders to be protected](#protect-additional-folders) -* [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) +- [Add additional folders to be protected](#protect-additional-folders) +- [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) > [!WARNING] > Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files. @@ -53,7 +54,6 @@ You can use the Windows Security app or Group Policy to add and remove additiona 1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**. - 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then scroll down to the **Ransomware protection** section. 3. Click the **Manage ransomware protection** link to open the **Ransomware protection** pane. @@ -78,6 +78,7 @@ You can use the Windows Security app or Group Policy to add and remove additiona ### Use PowerShell to protect additional folders 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator** + 2. Enter the following cmdlet: ```PowerShell @@ -161,6 +162,6 @@ For more information about customizing the notification when a rule is triggered ## Related topics -* [Protect important folders with controlled folder access](controlled-folders.md) -* [Enable controlled folder access](enable-controlled-folders.md) -* [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) +- [Protect important folders with controlled folder access](controlled-folders.md) +- [Enable controlled folder access](enable-controlled-folders.md) +- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) From 96031a7053d70c6fcfb01002afa3d4c7c1df311a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:07:07 -0800 Subject: [PATCH 03/12] Update customize-controlled-folders.md --- .../microsoft-defender-atp/customize-controlled-folders.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 27da90e0a9..83fb2372be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -32,9 +32,7 @@ This article describes how to customize the following settings of the controlled - [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) > [!WARNING] -> Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files. -> -> This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender.md) to fully assess the feature's impact. +> Controlled folder access monitors apps for activities that are detected as malicious. Sometimes, legitimate apps are blocked from making changes to your files. If controlled folder access impacts your organization's productivity, you might consider running this feature in [audit mode](audit-windows-defender.md) to fully assess the impact. ## Protect additional folders From cd77fa9eaace9e011cfd7e89e6c8153c4b0f2045 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:07:21 -0800 Subject: [PATCH 04/12] Update customize-controlled-folders.md --- .../microsoft-defender-atp/customize-controlled-folders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 83fb2372be..841d2fe690 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -31,7 +31,7 @@ This article describes how to customize the following settings of the controlled - [Add additional folders to be protected](#protect-additional-folders) - [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) -> [!WARNING] +> [!IMPORTANT] > Controlled folder access monitors apps for activities that are detected as malicious. Sometimes, legitimate apps are blocked from making changes to your files. If controlled folder access impacts your organization's productivity, you might consider running this feature in [audit mode](audit-windows-defender.md) to fully assess the impact. ## Protect additional folders From bfdfe38a070ec5377ab366da665047712fd2129e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:09:19 -0800 Subject: [PATCH 05/12] Update customize-controlled-folders.md --- .../customize-controlled-folders.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 841d2fe690..dba11d836d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -36,12 +36,10 @@ This article describes how to customize the following settings of the controlled ## Protect additional folders - Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, and Movies. You can add additional folders to be protected, but you cannot remove the default folders in the default list. - Adding other folders to controlled folder access can be useful. Some use-cases include if you don't store files in the default Windows libraries, or you've changed the location of the libraries away from the defaults. You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). @@ -62,7 +60,6 @@ You can use the Windows Security app or Group Policy to add and remove additiona 4. Click **Add a protected folder** and follow the prompts to add folders. - ### Use Group Policy to protect additional folders 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. @@ -82,10 +79,9 @@ You can use the Windows Security app or Group Policy to add and remove additiona ```PowerShell Add-MpPreference -ControlledFolderAccessProtectedFolders "" ``` +3. Repeat step 2 until you have added all the folders you want to protect. Folders that are added are visible in the Windows Security app. -Continue to use `Add-MpPreference -ControlledFolderAccessProtectedFolders` to add more folders to the list. Folders added using this cmdlet will appear in the Windows Security app. - -![Screenshot of a PowerShell window with the cmdlet above entered](../images/cfa-allow-folder-ps.png) + ![Screenshot of a PowerShell window with the cmdlet above entered](../images/cfa-allow-folder-ps.png) > [!IMPORTANT] > Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. From dfd386dfcacb4d61c7af441ffb094cba72411fed Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:19:51 -0800 Subject: [PATCH 06/12] Update customize-controlled-folders.md --- .../customize-controlled-folders.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index dba11d836d..4a126e8893 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -95,8 +95,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m You can specify if certain apps are always considered safe and give write access to files in protected folders. Allowing apps can be useful if a particular app you know and trust is being blocked by the controlled folder access feature. > [!IMPORTANT] -> By default, Windows adds apps that it considers friendly to the allowed list—apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. -> You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness. +> By default, Windows adds apps that are considered friendly to the allowed list. Such apps that are added automatically are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness. When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access. @@ -104,9 +103,9 @@ An allowed application or service only has write access to a controlled folder a ### Use the Windows Defender Security app to allow specific apps -1. Open the Windows Security by selecting the shield icon in the task bar or searching the start menu for **Defender**. +1. Open the Windows Security app by searching the start menu for **Security**. -2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Ransomware protection**. +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Manage ransomware protection**. 3. Under the **Controlled folder access** section, select **Allow an app through Controlled folder access** @@ -116,7 +115,7 @@ An allowed application or service only has write access to a controlled folder a ### Use Group Policy to allow specific apps -1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. +1. On your Group Policy management device, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)?preserve=true), right-click the Group Policy Object you want to configure and select **Edit**. 2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. From 8dc7756b2b4d3e573303caae6032bf4871a23fa5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:26:03 -0800 Subject: [PATCH 07/12] Update customize-controlled-folders.md --- .../microsoft-defender-atp/customize-controlled-folders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 4a126e8893..bf71dddad7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -151,7 +151,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications] ## Customize the notification -For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center). +For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Configure alert notifications in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications). ## Related topics From 52296a3f9dc4356e2b1014d92c8b7f7381060ace Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:29:46 -0800 Subject: [PATCH 08/12] Update customize-controlled-folders.md --- .../microsoft-defender-atp/customize-controlled-folders.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index bf71dddad7..12b59f2874 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -28,8 +28,9 @@ Controlled folder access helps you protect valuable data from malicious apps and This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). -- [Add additional folders to be protected](#protect-additional-folders) +- [Protect additional folders](#protect-additional-folders) - [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) +- Allow signed executable to access protected folders > [!IMPORTANT] > Controlled folder access monitors apps for activities that are detected as malicious. Sometimes, legitimate apps are blocked from making changes to your files. If controlled folder access impacts your organization's productivity, you might consider running this feature in [audit mode](audit-windows-defender.md) to fully assess the impact. @@ -149,6 +150,10 @@ An allowed application or service only has write access to a controlled folder a Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders. +## Allow signed executable files to access protected folders + +Microsoft Defender for Endpoint certificate and file indicators can allow signed executable files to access protected folders. For implementation details, see [Create indicators based on certificates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates). + ## Customize the notification For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Configure alert notifications in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications). From 29b5b35d0c9212f461148d5c57fc560e2a3b8d31 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:30:00 -0800 Subject: [PATCH 09/12] Update customize-controlled-folders.md --- .../microsoft-defender-atp/customize-controlled-folders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 12b59f2874..45051e6ec7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -158,7 +158,7 @@ Microsoft Defender for Endpoint certificate and file indicators can allow signed For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Configure alert notifications in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications). -## Related topics +## See also - [Protect important folders with controlled folder access](controlled-folders.md) - [Enable controlled folder access](enable-controlled-folders.md) From 70a5286eaf1fa33fc32908ecfb31f79deebeefb0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Dec 2020 14:38:31 -0800 Subject: [PATCH 10/12] Update customize-controlled-folders.md --- .../customize-controlled-folders.md | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 45051e6ec7..629775a962 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -26,44 +26,43 @@ ms.date: 12/16/2020 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients. -This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). +This article describes how to customize controlled folder access capabilities, and includes the following sections: - [Protect additional folders](#protect-additional-folders) - [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) -- Allow signed executable to access protected folders +- [Allow signed executable files to access protected folders](#allow-signed-executable-files-to-access-protected-folders) +- [Customize the notification](#customize-the-notification) > [!IMPORTANT] > Controlled folder access monitors apps for activities that are detected as malicious. Sometimes, legitimate apps are blocked from making changes to your files. If controlled folder access impacts your organization's productivity, you might consider running this feature in [audit mode](audit-windows-defender.md) to fully assess the impact. ## Protect additional folders -Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, and Movies. +Controlled folder access applies to a number of system folders and default locations, including folders such as **Documents**, **Pictures**, and **Movies**. You can add additional folders to be protected, but you cannot remove the default folders in the default list. -You can add additional folders to be protected, but you cannot remove the default folders in the default list. +Adding other folders to controlled folder access can be helpful for cases when you don't store files in the default Windows libraries, or you've changed the default location of your libraries. -Adding other folders to controlled folder access can be useful. Some use-cases include if you don't store files in the default Windows libraries, or you've changed the location of the libraries away from the defaults. +You can also specify network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). -You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). - -You can use the Windows Security app or Group Policy to add and remove additional protected folders. +You can use the Windows Security app, Group Policy, PowerShell cmdlets, or mobile device management configuration service providers to add and remove additional protected folders. ### Use the Windows Security app to protect additional folders -1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**. +1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Security**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then scroll down to the **Ransomware protection** section. +2. Select **Virus & threat protection**, and then scroll down to the **Ransomware protection** section. -3. Click the **Manage ransomware protection** link to open the **Ransomware protection** pane. +3. Select **Manage ransomware protection** to open the **Ransomware protection** pane. -4. Under the **Controlled folder access** section, click the **Protected folders** link. +4. Under the **Controlled folder access** section, select **Protected folders**. -5. Click **Yes** on the **User Access Control** prompt. The **Protected folders** pane displays. +5. Choose **Yes** on the **User Access Control** prompt. The **Protected folders** pane displays. -4. Click **Add a protected folder** and follow the prompts to add folders. +4. Select **Add a protected folder** and follow the prompts to add folders. ### Use Group Policy to protect additional folders -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. +1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)?preserve=true), right-click the Group Policy Object you want to configure, and then and select **Edit**. 2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. From 375920678f21238835ab6be53dcc9735eaf3fe7d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 17 Dec 2020 12:40:14 -0800 Subject: [PATCH 11/12] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 80ec62a312..077dae7d2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb audience: ITPro -ms.date: 12/10/2020 +ms.date: 12/17/2020 ms.reviewer: v-maave manager: dansimp ms.custom: asr @@ -30,6 +30,9 @@ ms.custom: asr Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices). +> [!NOTE] +> Scripting engines are not trusted and you cannot allow them access to controlled protected folders. For example, PowerShell is not trusted by controlled folder access, even if you add it as an application you trust or allow with [certificate and file indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates). + Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). ## How does controlled folder access work? From 100fa08c85a3cf05ab36cc7b64a095d88d1ab45f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 17 Dec 2020 12:46:48 -0800 Subject: [PATCH 12/12] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 077dae7d2c..d01c44566e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -21,7 +21,6 @@ ms.custom: asr [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)