How to Configure Protected Folders for Controlled Folder Access in Windows 10

  • Last updated
How to Configure Protected Folders for Controlled Folder Access blog banner image
  • Last updated

In this guide, we discuss the necessary steps to configure controlled folder access, a built-in security feature in Windows 10 designed to defend your important files from ransomware and unauthorized access. As its name suggests, controlled folder access prevents unapproved applications, including malicious software, from changing protected folders. By restricting access to your most important folders, controlled folder access adds an additional—and essential—layer of defense against the most common cyberattacks.

Deliver safer Windows IT services with the top-rated RMM software solution.

Discover NinjaOne Windows RMM.

Step-by-step guide to configuring protected folders

Before configuring controlled folder access, ensure that your folder meets the following requirements:

  • Windows Security is enabled and up-to-date: Make sure your Windows Security application is running the latest updates to provide optimal protection.
  • Administrator privileges: You’ll need administrative rights to enable and configure this feature.

Steps to enable controlled folder access for sensitive data

  1. Open the Start menu and search for Windows Security.
  2. Select Virus & Threat Protection from the menu.
  3. Scroll down and click on Manage Ransomware Protection under the Ransomware Protection section.
  4. Toggle the switch to enable Controlled Folder Access.

Controlled folder access toggled on

Adding protected folders

By default, controlled folder access protects essential system folders like Documents, Pictures, and Videos. However, you can manually add additional folders to ensure comprehensive coverage:

  1. In the Controlled Folder Access, click Protected Folders.
  2. Select Add a protected folder and navigate to the directory you want to protect.
  3. Repeat this process for all folders containing sensitive data, such as Downloads, custom project directories, or financial documents.

Add protected folder list on Windows Security

Managing allowed apps

Sometimes, legitimate applications may be blocked by controlled folder access. To allow trusted apps:

  1. Click Allow an app through Controlled Folder Access in the settings menu.
  2. Browse to the application’s executable file and select it.
  3. Confirm your choice, ensuring only trusted software is permitted.

How does controlled folder access work?

Controlled folder access monitors applications in real-time, blocking unauthorized attempts to modify files in designated folders. When enabled, the feature creates a virtual field around selected directories, allowing only trusted applications to access them.

As such, it immediately blocks and notifies you of any unrecognized or potentially harmful program it detects trying to make changes. This proactive approach is one of many Windows 10 security features, significantly reducing the risk of file tampering and malware.

How does it compare with other security features?

Controlled folder access complements other Windows Security features like antivirus and firewall protection. While full disk encryption (e.g., BitLocker) secures data at rest, controlled folder access focuses on preventing unauthorized file modifications.

Benefits of knowing how to configure controlled folder access

Even with the best software solutions, it’s still essential that you take every measure available to protect your endpoints and their data. The latest Cyber Insights 2025 report by SecurityWeek warns of evolving cyber threats that exploit security vulnerabilities, often worsened by human error.

Knowing how to protect specific folders in Windows 10 has many benefits. Let’s discuss five of them:

  1. Enhanced ransomware protection: Controlled folder access provides a robust defense against ransomware, one of the most destructive types of malware. By blocking unauthorized programs from modifying files, it prevents attackers from encrypting your data and demanding ransom payments. (Note: In the Cyber Insights report, it was found that modern threat actors can now simply “wipe” your data (or completely delete it), rather than simply encrypting it.) The added protection ensures that your essential files remain safe even in the face of advanced threats.
  2. Preservation of data integrity: Ensuring the integrity of your files is crucial for both personal and professional use. Knowing how to configure controlled folder access prevents unauthorized changes, reducing the risk of data corruption or loss due to malicious software. This is particularly important for maintaining the accuracy of financial records, legal documents, and project files, as well as ensuring compliance with various regulations, such as GDPR and HIPAA.
  3. Simplified security management: As a built-in feature of Windows Security, controlled folder access integrates seamlessly into your system without requiring additional software. This convenience allows users to configure and manage folder protection easily.
  4. Protection for critical files: Controlled folder access secures business-critical files from accidental modification or malicious attacks caused by insider threats.
  5. Compliance with security standards: Controlled folder access helps organizations meet compliance standards by providing additional protection for sensitive files. This feature enhances overall cybersecurity strategies and supports adherence to legal and industry-specific regulations.

Troubleshooting controlled folder access issues

In this section, we’ll discuss troubleshooting controlled folder access issues, including why these scenarios occur.

1. Legitimate application blocked

Sometimes, a trusted application may be prevented from accessing a protected folder, causing it to malfunction or fail to save files.

Why this happens: Controlled folder access, as part of its ransomware protection in Windows 10, may block trusted apps if they are not recognized as safe by Windows Security.

How to resolve it: Add the application to the allowed list by navigating to the controlled folder access settings and selecting Allow an app through Controlled Folder Access. Locate the app’s executable file and add it manually.

2. Protected folder not updating automatically

Certain applications may be unable to save changes or update files within protected folders.

Why this happens: Some applications fail to save changes to files in protected folders due to restricted access.

How to resolve it: Confirm that the app is added to the allowed list and ensure it has the correct permissions. If necessary, restart the application.

3. Notifications about blocked activity

Frequent notifications may indicate that an application or process has been blocked from accessing a protected folder.

Why this happens: Controlled folder access frequently blocks unauthorized access attempts, generating notifications to inform you.

How to resolve it: Review the notifications in Windows Security. If the blocked app is legitimate, add it to the allowed list to stop further notifications.

4. Difficulty adding a protected folder

Users may encounter issues when attempting to add certain folders to the protected list, such as error messages or unresponsive settings.

Why this happens: Restricted folder paths or insufficient administrative privileges may prevent adding folders.

How to resolve it: Run Windows Security as an administrator and ensure the folder path is accessible. Avoid adding system-critical folders to prevent conflicts.

5. False positives for malware detection

Controlled folder access may incorrectly identify a legitimate application as malicious.

Why this happens: Controlled folder access may misidentify legitimate apps as potential threats due to outdated security definitions or unusual application behavior.

How to resolve it: Ensure that Windows Security is updated. You may also try temporarily disabling controlled folder access for testing and re-enabling it immediately afterward. If the false positive reports persist, it’s best to report directly to Microsoft.

Best practices for folder security in Windows 10

  1. Use strong passwords and multi-factor authentication (MFA): Always secure your Windows 10 account with a strong, unique password. Consider enabling MFA for an added layer of security, requiring a secondary verification step to access your account.
  2. Regularly update Windows and software: Ensure your system and installed applications are up-to-date with the latest security patches. Consider using a Windows RMM tool like NinjaOne to automate patch management.
  3. Enable controlled folder access: Activate controlled folder access to safeguard your most important directories from unauthorized modifications. Regularly review and update the list of protected folders to cover all critical data.
  4. Use reliable antivirus software: To protect against a wide array of malware threats, complement controlled folder access with a robust antivirus program.
  5. Limit user permissions: Restrict access to sensitive folders by limiting user permissions. Enforce a least privilege access policy.
  6. Back up data regularly: Maintain regular backups of your important data on external drives or cloud storage.
  7. Avoid downloading unverified files: Be cautious when downloading files or software from suspicious sources.
  8. Monitor access logs: Use Windows Security features to monitor access logs and detect any unauthorized attempts to modify your files.
  9. Educate users about security risks: Regularly train employees or family members to recognize phishing scams and avoid risky behaviors, such as clicking on unknown links. We’ve written a guide on building a culture of security here. 
  10. Utilize file encryption: For highly sensitive data, consider using encryption tools to secure files.

Should I configure controlled folder access?

Configuring protected folders within controlled folder access is an essential step toward safeguarding your data against ransomware and unauthorized access. This feature’s seamless integration into Windows 10 makes it accessible and easy to use for individuals and businesses alike. While it is not necessary for you to configure Windows Security, it is highly recommended that you do so.

Frequently Asked Questions (FAQs)

1. What types of files should I protect with controlled folder access?

Prioritize directories containing sensitive personal or business data, such as documents, pictures, and financial records.

2. Can controlled folder access block legitimate apps?

Yes, but you can manually allow trusted apps through the settings menu.

3. How does this feature perform against advanced ransomware threats?

Controlled Folder Access is highly effective in blocking unauthorized changes, significantly mitigating ransomware risks.

4. Is this feature available in all editions of Windows 10?

Controlled folder access is included in Windows 10 Pro and Home editions but requires Windows Security to be active.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

Start your Free Trial

You might also like

How to Change Windows Defender Exploit Protection Settings in Windows blog banner image

How to Change Windows Defender Exploit Protection Settings in Windows

How to Use the Program Install and Uninstall Troubleshooter in Windows blog banner image

How to Use the Program Install and Uninstall Troubleshooter in Windows

How to Convert GPT Disk to MBR Disk in Windows blog banner image

How to Convert GPT Disk to MBR Disk in Windows 10 and Windows 11

How to Convert NTFS to FAT32 without Data Loss blog banner image

How to Convert NTFS to FAT32 without Data Loss in Windows

How to Change User Rights Assignment Security Policy in Windows blog banner image

How to Change User Rights Assignment Security Policy Settings in Windows 10

How to Configure Narrator in Windows 10 blog banner image

How to Configure Narrator in Windows 10

Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept