Windows 10: Odd Defender 'Controlled Folder Access' alert

Discus and support Odd Defender 'Controlled Folder Access' alert in AntiVirus, Firewalls and System Security to solve the problem; Fall Creators Update 1709 introduced a new 'Controlled Folder Access' function in Defender. This is off by default, but I have turned it on to test it.... Discussion in 'AntiVirus, Firewalls and System Security' started by Bree, Nov 2, 2017.

  1. Bree New Member

    Odd Defender 'Controlled Folder Access' alert


    Fall Creators Update 1709 introduced a new 'Controlled Folder Access' function in Defender. This is off by default, but I have turned it on to test it. I've had to allow a couple of apps access (VLC was one) but other than that it seem unobtrusive.

    However, very occasionally (and with no apparent pattern, I've even seen it once visiting TenForums) I've seen a very strange alert for Internet Explorer....


    Odd  Defender 'Controlled Folder Access' alert [​IMG]


    I have two problems with this. First, I don't read Chinese (Japanese, or whatever).
    Second, there appears to be no such folder as %desktopdirectory%


    Odd  Defender 'Controlled Folder Access' alert [​IMG]


    Anyone got any idea what this means?

    :)
     
    Bree, Nov 2, 2017
    #1
  2. whbecker Win User
    Controlled Folder Access - Odd Warning

    Rob,

    Thanks for your prompt and informative reply. Yes, I see the problem, and I suspected as much. But I'm not a programmer so I am still wondering:

    - Why does Windows flag a Windows system executable rather than the program that is using (calling?) that executable?

    - Should I turn of Controlled folder access when installing a trusted program just to be sure that it won't fail due to using system API calls or executable code that a better-written installer would avoid?

    Bill
     
    whbecker, Nov 2, 2017
    #3
  3. Barman58 Win User

    Odd Defender 'Controlled Folder Access' alert

    The whole concept of Anti ransomware using Controlled Folder Access is always going to be intrusive due to the way that ransomware works - you have to use the "deny everything access to everywhere approach" and then build a personal whitelist over time, ( the "default list concept" is a potential issue as until a user is prompted that, for example, Notepad (which they are not using) is trying to access File x then they may not be aware that they have a rouge Notepad.exe setting ransom locks on files).

    Anyway with your specific message I would first case think of some addon in the browser that has set-up it's own user variable to work with the desktop ( the language looks more Korean to me if that helps (but don't quote me on it))

    Edit

    Not the first time that developers have used their own system variables ... how to point to current user desktop in command line ?
     
    Barman58, Nov 2, 2017
    #4
  4. Bree New Member
    (I can't read Korean either *Smile)

    The only addon in my IE is a Skype plugin that pre-dates the upgrade to Win10 - and that is set as 'disabled'. The only other things I have added are a few accelerators (Map with Google, Translate with Google, etc.). As these are just small xml files I can look at their code - nothing there that would explain this.

    Yes, that's what I wanted to test. So far it seems the answer is 'not as much as I had feared'. I had to grant MS's own RoboCopy access so it could reset archive attributes on user files (I use it in my backup .bat file) - strangely, the Attrib command get's a 'free pass' when doing the same thing.

    Those few I have had to grant access were allowed to save/modify documents, it was their %appdata% that got blocked. These included VLC and Libre Office.
     
    Bree, Nov 2, 2017
    #5
  5. Bree New Member
    Identified now as Chinese. Tracked down the entry in the Event Viewer then I could search for the symbols online.

    These Controled Folder Access events are recorded as Event ID 1123 in...
    Application and Service Logs/Microsoft/Windows/Windows Defender/Operational

    That too I have now identified by the simple expedient of trying to save to the Desktop from PaintShop Pro (and in the process found another app that I need to grant access to). %desktopdirectory% is indeed Defender's internal variable for my Desktop.

    The only remaining question is why on earth was IE trying to modify something on the Desktop? A scan with AdwCleaner found nothing untoward. *Think
     
    Bree, Nov 5, 2017
    #6
  6. MrHudson Win User
    The past 3 days now I have been getting that message for Control Folder Access Blocked C\...\ Youcam6_webcam_c... from making changes % userprofile %\ documents.......
     
    MrHudson, Nov 6, 2017
    #7
  7. Bree New Member

    Odd Defender 'Controlled Folder Access' alert

    That is to be expected if you turn on Controlled Folder Access and are running third-party software that's not in Defenders 'whitelist' of known trusted apps.

    If you know and trust the app that's being blocked you can add it as an allowed app in Defender's 'Virus & threat protection settings'.

    If you don't recognise the app concerned, then Controlled Folder Access is doing it's job properly *Smile
     
    Bree, Nov 6, 2017
    #8
  8. MrHudson Win User
    I didn't turn nothing on, Win10 is new to me, I am use to Win7. The fall update was installed on Oct 28th. now the past 3 days access block comes up, started off with Ccleaner %userprofile%\ documents, I uninstalled it and reinstalled. now its Youcam6.
     
    MrHudson, Nov 6, 2017
    #9
  9. Bree New Member
    Controlled Folder Access is a new feature in the Fall update. You can turn it off, or leave it on and allow access for the apps you want to use. See this tutorial for more details.

    Change Windows Defender Controlled Folder Access Settings - Windows 10
     
  10. MrHudson Win User
    Youcam6 came preinstalled. I was told it was for use to upload videos I make on YouTube.
     
    MrHudson, Nov 6, 2017
    #11
  11. Barman58 Win User
    3rd party is anything that does not come as a built-in part of Windows itself - a lot of laptop and other systems add their own preferred cameras, specialist keyboards etc.

    Controlled Folder access is something that has been around for some time (as part of the Bitdefender Suite that I use for one), and it has to be a total block on all software accessing critical areas to be a viable anti-ransomware system.

    The way it works can be quite informative as many programs access files in areas which you would not expect.

    It must also block every attempted access by every application as Malware will often replace known safe applications including those supplied as part of windows.

    This means that if you are performing a task using a windows application and the app is flagged then you can accept and whitelist, but what about when an unknown or unused windows application is flagged - then you have to investigate or get your backups out or maybe even your wallet to recover your system

    It is much better to take the time, as access attempts are flagged, to add them to the Whitelist on your system and also to add any non standard data storage areas to the protected .

    Its better to lose a minute or two as the system learns your system than switch the protection off and lose every piece of personal data you have on the system, which is the risk you take if you do not use the protection available
     
    Barman58, Nov 6, 2017
    #12
  12. Bree New Member

    Odd Defender 'Controlled Folder Access' alert

    It's curious, but there's been no recurrence of the strange "C:\Program Files\internet explorer\iexplore.exe has been blocked from modifying %desktopdirectory%\䔀鶸翿 by Controlled Folder Access." notification these past three weeks. There's no change that I've made, so whether that's due to the cumulative update to 16299.64 or Defender updates I can't tell - perhaps we'll never know...
     
Thema:

Odd Defender 'Controlled Folder Access' alert

Loading...
  1. Odd Defender 'Controlled Folder Access' alert - Similar Threads - Odd Defender 'Controlled

  2. Defender controlled folder access

    in AntiVirus, Firewalls and System Security
    Defender controlled folder access: while i was using my system i got a message saying "Unauthorized changes blocked" and it was explorer.exe what is happening and what should i do please advice...
  3. Microsoft Defender Control Folder Access Threat History:

    in AntiVirus, Firewalls and System Security
    Microsoft Defender Control Folder Access Threat History:: Why doesn't Microsoft simply add a "DELETE" button to threats listings in Control Folder Access Threats History and even on the Antivirus Threat History Listings. Why do we have to click on start actions now and do this or that to delete the threats found and clear out the...
  4. Windows Defender Controlled Folder Access Turn off

    in AntiVirus, Firewalls and System Security
    Windows Defender Controlled Folder Access Turn off: Conrolled folder access turns it self off when i click it to turn it on. i need help [Original Title: Windows defender] https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-controlled-folder-access-turn-off/67e73935-1c11-4e63-b5b3-6be93eebe7b2
  5. Details of controlled folders alert

    in AntiVirus, Firewalls and System Security
    Details of controlled folders alert: I've been getting alerts from controlled folder access about svchost.exe accessing one of my user folders. Unfortunately svchost.exe means it's a service, which doesn't tell much. Is there a way to determine which service triggered the alert? I've tried looking into Windows...
  6. Problem with Windows Defender/Controlled Folder Access

    in AntiVirus, Firewalls and System Security
    Problem with Windows Defender/Controlled Folder Access: When I'm trying to save a file in a portable application, I'm getting an error that the file couldn't be found. Based on my searching, I've found that it's a problem with "Controlled Folder Access" in Windows Security (new update renamed Windows Defender I guess). I was just...
  7. Windows Defender and Controlled Folder Access and Exclusions

    in AntiVirus, Firewalls and System Security
    Windows Defender and Controlled Folder Access and Exclusions: I just recently started using Windows Defender as my antivirus software expired and I was looking for another option other than paying for another program. I don't totally understand how to use it and reading thru tutorials is somewhat foreign to me so please understand my...
  8. Controlled folder access

    in AntiVirus, Firewalls and System Security
    Controlled folder access: For the last week the controlled folder access is blocking my Quicken program from updating or downloading anything. When I click on the notice it takes me to the allow app but when I open that to choose to allow app nothing is there! I really need to use my Quicken. How do...
  9. Is anyone using Windows Defender Controlled folder access?

    in AntiVirus, Firewalls and System Security
    Is anyone using Windows Defender Controlled folder access?: I spoke too soon. Some Microsoft apps are now being blocked from making changes. It would be nice to know what's whitelisted by default.
  10. About the "Controlled Folder Access" in windows defender...

    in AntiVirus, Firewalls and System Security
    About the "Controlled Folder Access" in windows defender...: Although not that important, I noticed that when you open Winders Defender, and then click on Virus and threat protection settings, and then scroll down to controlled folder access,.. It states, " Protect your files and folders from unauthorized CHANGED by unfriendly...