Windows 10 is testing a way to make it harder for ransomware to encrypt files. The optional feature would only allow approved apps to access, read from or write to a particular folder.
“Controlled folder access” is planned to be part of Windows Defender and is already being tested by some users in the Windows Insider program.
If users choose to enable the feature, some folders will be protected by default, including Documents and the Desktop. It won’t be possible to “unprotect” these folders without disabling the feature completely. Other than this, users can choose which additional folders to protect.
Although Microsoft uses the term “blacklisting”, the description suggests that app access will actually be whitelisting with only designated apps being allowed to alter or add files in the folder in question. It also appears users will have complete control over which apps to whitelist.
As well as blocking file modification from apps not on the list, Windows will also display a notification about the attempt.
Insider Program users will need to manually switch on the feature. It’s not clear if it will be enabled by default if and when it rolls out to the wider userbase.
As Arstechnica notes, the approach does have some significant limits, the main one being that it doesn’t deal with exploits that hijack “trusted” apps such as rogue Word macros changing files.