Published by


Brink's Avatar
Administrator

Posts: 30,693

Show Printable Version 


How to Add or Remove Allowed Apps through Controlled Folder Access in Windows 10


Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

When Controlled folder access is turned on, it helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the Controlled folder access feature.

By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app. You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.

When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by Controlled folder access.

For more details about Controlled folder access, see:

This tutorial will show you how to add and remove if specific apps are allowed through the Controlled folder access feature of Windows Defender Exploit Guard in Windows 10.

You must be signed in as an administrator to add or remove an allowed app through Controlled folder access.


 CONTENTS:

  • Option One: Add an Allowed App through Controlled Folder Access in Windows Defender Security Center
  • Option Two: Remove Allowed App from Controlled Folder Access in Windows Defender Security Center
  • Option Three: Add an Allowed App through Controlled Folder Access in PowerShell
  • Option Four: Remove Allowed App from Controlled Folder Access in PowerShell
  • Option Five: Configure Allowed Apps Policy for Controlled Folder Access in Local Group Policy Editor
  • Option Six: Configure Allowed Apps Policy for Controlled Folder Access in Registry Editor


EXAMPLE: Windows Defender Exploit Guard Controlled Folder Access








Add or Remove Allowed Apps for Controlled Folder Access in Windows 10 OPTION ONE Add or Remove Allowed Apps for Controlled Folder Access in Windows 10
Add an Allowed App through Controlled Folder Access in Windows Defender Security Center


The list of allowed apps is stored in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications

1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-1.jpg
Views: 158
Size:  48.0 KB

2. Click/tap on the Manage ransomware protection link under the Ransomware protection section. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-2.jpg
Views: 151
Size:  61.6 KB

3. Click/tap on the Allow an app through Controlled folder access link. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-3.jpg
Views: 156
Size:  57.5 KB

4. Click/tap on Yes when prompted by UAC to approve.

5. Click/tap on Add an allowed app, and click/tap on Browse all apps (build 17704 and later). (see screenshot below)

Starting with Windows 10 build 17704, when an app is blocked, it will appear in a recently blocked apps list. Click/tap on the plus Add an allowed app button and choose Recently blocked apps. Select any of the apps to add them to the allowed list. You can also Browse all apps from this page as well to manually add a selected app.

Name:  Windows_Defender_Controlled_folder_access-4.jpg
Views: 146
Size:  45.2 KB

6. Navigate to and select the app (ex: "notepad.exe") you want to allow through Controlled folder access, and click/tap on Open. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-5.png
Views: 150
Size:  54.4 KB

7. When finished adding apps, you can close Windows Defender Security Center if you like. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-6.jpg
Views: 152
Size:  41.4 KB






Add or Remove Allowed Apps for Controlled Folder Access in Windows 10 OPTION TWO Add or Remove Allowed Apps for Controlled Folder Access in Windows 10
Remove Allowed App from Controlled Folder Access in Windows Defender Security Center

1. Open the Windows Defender Security Center, and click/tap on the Virus & threat protection icon. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-1.jpg
Views: 158
Size:  48.0 KB

2. Click/tap on the Manage ransomware protection link under the Ransomware protection section. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-2.jpg
Views: 151
Size:  61.6 KB

3. Click/tap on the Allow an app through Controlled folder access link. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-3.jpg
Views: 156
Size:  57.5 KB

4. Click/tap on Yes when prompted by UAC to approve.

5. Click/tap on an added app (ex: "notepad.exe") you want to remove, and click/tap on Remove. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access-7.jpg
Views: 150
Size:  46.2 KB

6. When finished removing apps, you can close Windows Defender Security Center if you like.






Add or Remove Allowed Apps for Controlled Folder Access in Windows 10 OPTION THREE Add or Remove Allowed Apps for Controlled Folder Access in Windows 10
Add an Allowed App through Controlled Folder Access in PowerShell

1. Open an elevated PowerShell.

2. Enter the command below into the elevated PowerShell, and press Enter. (see screenshot below)

Add-MpPreference -ControlledFolderAccessAllowedApplications "Full path of app's .exe or .com file"

Substitute Full path of app's .exe or .com file in the command above with the actual full path (ex: "C:\Windows\notepad.exe") of the app (Notepad) you want to allow through Controlled folder access.

For example: Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\notepad.exe"

3. You can now close the elevated PowerShell if you like.

Name:  Windows_Defender_Controlled_folder_access_allowed_app_PowerShell-1.jpg
Views: 147
Size:  25.5 KB






Add or Remove Allowed Apps for Controlled Folder Access in Windows 10 OPTION FOUR Add or Remove Allowed Apps for Controlled Folder Access in Windows 10
Remove Allowed App from Controlled Folder Access in PowerShell

1. Open an elevated PowerShell.

2. Enter the command below into the elevated PowerShell, and press Enter. (see screenshot below)

Remove-MpPreference -ControlledFolderAccessAllowedApplications "Full path of app's .exe or .com file"

Substitute Full path of app's .exe or .com file in the command above with the actual full path (ex: "C:\Windows\notepad.exe") of the allowed app (Notepad) you want to remove from Controlled folder access.

For example: Remove-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\notepad.exe"

3. You can now close the elevated PowerShell if you like.

Name:  Windows_Defender_Controlled_folder_access_allowed_app_PowerShell-2.jpg
Views: 147
Size:  26.4 KB






Add or Remove Allowed Apps for Controlled Folder Access in Windows 10 OPTION FIVE Add or Remove Allowed Apps for Controlled Folder Access in Windows 10
Configure Allowed Apps Policy for Controlled Folder Access in Local Group Policy Editor


Apps you add using this option to allow through Controlled folder access cannot be removed using Option Two and Option Four.

The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

All editions can use Option Six below for this policy.

1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access

Name:  Windows_Defender_Controlled_folder_access_allowed_app_gpedit-1.png
Views: 148
Size:  44.9 KB

3. In the right pane of Controlled Folder Access in Local Group Policy Editor, double click/tap on the Configure allowed applications policy to edit it. (see screenshot above)

4. Do step 5 (default) or step 6 (configure) below for what you would like to do.


 5. To Not "Configure allowed applications" for Controlled Folder Access

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see left screenshot below)

Not Configured is the default setting.


 6. To "Configure allowed applications" for Controlled Folder Access

A) Select (dot) Enabled, and click/tap on the Show button in Options. (see left screenshot below)

B) In the Value name column, type the full path (ex: "C:\Windows\notepad.exe") of the app's .exe or .com file you want to add and allow through Controlled folder access. (see right screenshot below)

You will need to double click/tap in the field to be able to enter the full path.

C) In the Value column to the right of the added app, type the number 0. (see right screenshot below)

You will need to double click/tap in the field to be able to enter the number.

D) If you want to remove an added app, double click/tap on the Value name and Value fields for the app you want to remove, and edit them out until blank. (see right screenshot below)

E) When finished adding and removing apps, click/tap on OK. (see right screenshot below)

F) Click/tap on OK, and go to step 7 below. (see left screenshot below)

Name:  Windows_Defender_Controlled_folder_access_allowed_app_gpedit-2.jpg
Views: 149
Size:  83.8 KB Name:  Windows_Defender_Controlled_folder_access_allowed_app_gpedit-3.png
Views: 147
Size:  26.4 KB

7. When finished, close the Local Group Policy Editor.






Add or Remove Allowed Apps for Controlled Folder Access in Windows 10 OPTION SIX Add or Remove Allowed Apps for Controlled Folder Access in Windows 10
Configure Allowed Apps Policy for Controlled Folder Access in Registry Editor


Apps you add using this option to allow through Controlled folder access cannot be removed using Option Two and Option Four.

This option is for the same policy in Option Five.


1. Do step 2 (default), step 3 (add apps), or step 4 (remove apps) below for what you would like to do.


 2. To Not "Configure allowed applications" for Controlled Folder Access

This is the default setting. It will remove all apps added using this policy.

A) Click/tap on the Download button below to download the file below.

Undo_Configure_allowed_applications_group_policy.reg

download

B) Save the .reg file to your desktop.

C) Double click/tap on the downloaded .reg file to merge it.

D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.


 3. "Configure allowed applications" to Add App and Allow through Controlled Folder Access

A) Click/tap on the Download button below to download the file below.

This downloadable .reg file will add the registry keys for you to make it easier to set in this step.

Configure_allowed_applications_group_policy.reg

download

B) Save the .reg file to your desktop.

C) Double click/tap on the downloaded .reg file to merge it.

D) When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

E) Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

F) Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications

Name:  Windows_Defender_Controlled_folder_access_allowed_app_regedit-1.jpg
Views: 149
Size:  55.9 KB

G) In the right pane of the AllowedApplications key, right click on an empty space, click/tap on New, and click/tap on String Value. (see screenshot above)

H) Type the full path (ex: "C:\Windows\notepad.exe") of the app you want to add as the name of this string value, and press Enter. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access_allowed_app_regedit-2.jpg
Views: 149
Size:  53.7 KB

I) Double click/tap on this string value (ex: "C:\Windows\notepad.exe") to modify it. (see screenshot above)

J) Type the number 0, and click/tap on OK. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access_allowed_app_regedit-3.png
Views: 147
Size:  16.7 KB

K) Repeat steps 3G to 3J if you want to add anymore apps to allow through Controlled folder access.

L) When finished adding apps, you can close Registry Editor if you like.


 4. "Configure allowed applications" to Remove Added App Allowed through Controlled Folder Access

A) Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

B) Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications

Name:  Windows_Defender_Controlled_folder_access_allowed_app_regedit-4.png
Views: 149
Size:  107.2 KB

C) In the right pane of the AllowedApplications key, right click on the string value (REG_SZ) of the app (ex: "C:\Windows\notepad.exe") you want to remove, and click/tap on Delete. (see screenshot above)

D) Click/tap on Yes to confirm. (see screenshot below)

Name:  Windows_Defender_Controlled_folder_access_allowed_app_regedit-5.png
Views: 148
Size:  13.2 KB

E) When finished removing apps, you can close Registry Editor if you like.


That's it,
Shawn