Windows 10 Fall Creators Update to Feature Built-in Ransomware Protection

The new Controlled Folder Access feature in the upcoming OS update will prevent malware and untrusted software from making changes to files.

Microsoft Windows Defender Advanced Threat Protection

In light of recent ransomware outbreaks, concerned IT executives may welcome Microsoft's decision to provide an early look at some of the advanced security features included in the upcoming Windows 10 Fall Creators update.

Build 16232 of Windows 10 is currently available to members of the Windows Insider early-access program who are enrolled in the Fast ring. Among the many new features is a new setting in the built-in Windows Defender anti-malware feature that protects a user's data files from ransomware.

There are lots of reasons for security-conscious Windows users to be on edge these days.

Last month, the WannaCry ransomware attack spread like wildfire, shutting down hospitals in the U.K. and encrypting files at Spanish telecommunications company Telefonica. This week, some European businesses and government agencies fell victim to a widespread attack by the Petya strain of ransomware.

"In this build, we're making it easier for you to protect valuable data from malicious apps and threats, such as ransomware," wrote Dona Sarkar, head of the Windows Insider program at Microsoft, in a blog post., referring to the new Controlled Folder Access setting in the Windows Defender Security Center. "Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you'll get a notification about the attempt."

Users can add exemptions for trusted applications and add new folder locations to limit the impact of potential malware infections. The default list of protected folders, which cannot be altered by users, includes Desktop, Documents, Pictures and Movies.

While preparing to retire the Enhanced Mitigation Experience Toolkit (EMET) next summer, Microsoft also previewed the operating system's new application exploit mitigation settings within Windows Defender Security Center. Although the settings reside within the Windows Defender management hub, users aren't required to use Windows Defender Antivirus to benefit from the new settings.

EMET is a software utility used by Microsoft's commercial customers to guard against attacks on zero-day vulnerabilities that may have gone unaddressed until a major Windows release, typically three to four years. With Windows 10, the software giant has settled on a quicker release cadence and incorporated more security-enhancing technologies directly into the operating system, making EMET somewhat redundant.

Microsoft originally planned to pull support for EMET on Jan. 27 but after receiving feedback from its customers, the company extended the deadline by 18 months. The new end-of-life date is now July 31, 2018. In Windows 10 Fall Creators Update, the new Windows Defender Exploit Guard feature will inherit many of EMET's threat protection capabilities.

To make working with web applications in Edge a little easier while enhancing security, Microsoft has added a Data Persistence feature in Windows Defender Application Guard, a sandboxed environment that uses Hyper-V virtualization technology to isolate web applications from the rest of the operating system. With Data Persistence, saved passwords, favorites and cookies can be used across current and future Application Guard browser sessions.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...