Sunday, January 27, 2019

Controlled Folder Access - Windows 10 1809

I've been a big fan of Windows' Controlled Folder Access. Some of my coworkers have been "surprised" when it was enabled without their knowledge but I haven't experienced that. In fact I turn it on immediately when I build a new Windows system.

Over a recent long weekend I got on a tear upgrading 4 systems, desktops and laptops, to Windows 10 1809. I still haven't experienced any problems.

I've been posting about several new features in Windows 10 1809 that I think haven't gotten much press here, here, and here.

After my mass upgrade I've run into another unannounced feature that is valuable in relation to Controlled Folder Access.

In Windows 10 if a program violates the Controlled Folder Access you have established you get an ambiguous notification without enough information to act.


I Googled this and found that there is an event in the Event Viewer that has more information (archive.is). Here's how to get to it:

  1. Right-click on the Start button and select Event Viewer.
  2. Navigate to Applications and Services > Microsoft > Windows > Windows Defender > Operational
  3. Filter for (or just look for): Event ID 1123

Or you could just upgrade to Windows 10 1809.

Here's what the Controlled Folder Access Settings screen shows after an exception in 1803:


Not much help.

In 1809 here's what you get:


When you click on "Recently blocked apps" you get:


Nice.




No comments: