deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

lint/cleaned evaluate controlled folder

Browse Source
This commit is contained in:
martyav 2019-07-30 15:39:51 -04:00
parent 0b5a47b111
commit c2fe711d1e
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
View File

@ -20,16 +20,16 @@ manager: dansimp
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[Controlled folder access](controlled-folders-exploit-guard.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. [Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
This topic helps you evaluate controlled folder access. It explains how to enable audit mode so you can test the feature directly in your organization. This topic helps you evaluate controlled folder access. It explains how to enable audit mode so you can test the feature directly in your organization.
>[!TIP] > [!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. > You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
## Use audit mode to measure impact ## Use audit mode to measure impact
@ -43,27 +43,28 @@ To enable audit mode, use the following PowerShell cmdlet:
Set-MpPreference -EnableControlledFolderAccess AuditMode Set-MpPreference -EnableControlledFolderAccess AuditMode
``` ```
>[!TIP] > [!TIP]
>If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s). > If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders-exploit-guard.md). You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
## Review controlled folder access events in Windows Event Viewer ## Review controlled folder access events in Windows Event Viewer
The following controlled folder access events appear in Windows Event Viewer under Microsoft/Windows/Windows Defender/Operational folder. The following controlled folder access events appear in Windows Event Viewer under Microsoft/Windows/Windows Defender/Operational folder.
| Event ID | Description | Event ID | Description
| --- | --- | -|-
| 5007 | Event when settings are changed | 5007 | Event when settings are changed
| 1124 | Audited controlled folder access event | 1124 | Audited controlled folder access event
| 1123 | Blocked controlled folder access event | 1123 | Blocked controlled folder access event
## Customize protected folders and apps ## Customize protected folders and apps
During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files. During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files.
See [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP. See [Protect important folders with controlled folder access](controlled-folders.md) for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP.
## Related topics ## Related topics
- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
- [Evaluate Microsoft Defender ATP](evaluate-windows-defender-exploit-guard.md) * [Protect important folders with controlled folder access](controlled-folders.md)
- [Use audit mode](audit-windows-defender-exploit-guard.md) * [Evaluate Microsoft Defender ATP](evaluate-windows-defender.md)
* [Use audit mode](audit-windows-defender.md)