deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 06:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fixed images

Browse Source
This commit is contained in:
Justin Hall
2019-05-09 15:25:34 -07:00
parent ba436136a4
commit 66d6f8f183
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 04/29/2019 ms.date: 05/09/2019
--- ---
# Enable controlled folder access # Enable controlled folder access
@ -59,9 +59,12 @@ For more information about disabling local list merging, see [Prevent or allow u
![Create endpoint protection profile](images/create-endpoint-protection-profile.png) ![Create endpoint protection profile](images/create-endpoint-protection-profile.png)
1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. 1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.
1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. 1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.
![Enable controlled folder access in Intune](images/enable-cfa-intune.png) ![Enable controlled folder access in Intune](images/enable-cfa-intune.png)
>[!NOTE] >[!NOTE]
>Wilcard is supported for applications, but not for folders. Subfolders are not protected. >Wilcard is supported for applications, but not for folders. Subfolders are not protected.
1. Click **OK** to save each open blade and click **Create**. 1. Click **OK** to save each open blade and click **Create**.
1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. 1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
@ -93,7 +96,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
- **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders. - **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders.
- **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization. - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png) ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png)
>[!IMPORTANT] >[!IMPORTANT]
>To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. >To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu.