Category filter

Script to manage controlled folder access on Windows devices

In the world of cybersecurity, ransomware attacks are widespread, continuing to increase every year. To combat such threats, organizations need to set up a mechanism to protect their valuable data from malicious intrusions. Available with Microsoft Defender Exploit Guard, Controlled folder access is an anti-ransomware feature designed to primarily protect your files from undesirable changes by suspicious software. Once enabled, it tracks and blocks any threat attempts in real time. With Hexnode UEM, device admins can remotely run scripts to manage the controlled folder access using the Execute Custom Script action.

Disclaimer:


The sample scripts provided below are adapted from third-party open-source sites.

Enable controlled folder access

Execute the script below to enable Controlled folder access. Once enabled, you can manage which folders can be modified by untrusted apps. You can also add new applications to a trusted list, permitting only those apps to make changes to specific folders.

Controlled folder access – Enabled

Disable controlled folder access

Execute the script below to disable Controlled folder access.

Controlled folder access – Disabled

Add protection for folder location

Windows system folders such as Documents, Pictures, Videos, Music, Desktop and Favorites are protected by default on enabling Controlled folder access. This means that any unknown or untrusted apps won’t be able to access or modify content in these folders. Furthermore, if you add more folders, they will also receive this same level of protection. Execute the script below to add any other paths you want to protect.

Add protection for folder location

Remove protection for folder location

Windows system folders are protected by default and cannot be avoided. However, you can execute the script below to remove any additional paths you had added for protection.

Allow apps through controlled folder access

Controlled folder access detects unfriendly apps and blocks the write access (to protected folders) for such apps. However, if any apps you trust are blocked, you can execute the script below to allow such apps to access the protected folders.

Allow apps through controlled access

Deny apps from controlled folder access

Execute the script below to deny apps from accessing the protected folders.

Add a folder to Microsoft Defender exclusion

Execute the script below to add folders you want to exclude from Microsoft Defender anti-virus scans.

Add Defender exclusion folder

Remove a folder from Microsoft Defender exclusion

Folders that were previously excluded from Microsoft Defender anti-virus scans can be included by executing the below script. Once the script is executed, these folders will undergo Microsoft Defender anti-virus scans.

Add a file to Microsoft Defender exclusion

Execute the script below to add files you want to exclude from Microsoft Defender anti-virus scans.

Add Defender exclusion files

Remove a file from Microsoft Defender exclusion

Files that were previously excluded from Microsoft Defender anti-virus scans can be included by executing the below script. Once the script is executed, these files will undergo Microsoft Defender anti-virus scans.

Notes:

  • Controlled folder access is an intrusion-prevention feature included in the Microsoft Defender Antivirus suite. Therefore, if you are using a third-party antivirus, this security feature may not be available.
  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository