Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.os.windows-10 > #182538 > unrolled thread

Dealing with Windows Security's "Ransomware protection"

Back to article view | Back to alt.comp.os.windows-10

Contents

  Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-25 05:14 -0800
    Re: Dealing with Windows Security's "Ransomware protection" Frank Slootweg <this@ddress.is.invalid> - 2025-02-25 13:52 +0000
      Re: Dealing with Windows Security's "Ransomware protection" Ed Cryer <ed@somewhere.in.the.uk> - 2025-02-25 15:23 +0000
        Re: Dealing with Windows Security's "Ransomware protection" Paul <nospam@needed.invalid> - 2025-02-25 13:35 -0500
          Re: Dealing with Windows Security's "Ransomware protection" Ed Cryer <ed@somewhere.in.the.uk> - 2025-02-25 19:02 +0000
            Re: Dealing with Windows Security's "Ransomware protection" Paul <nospam@needed.invalid> - 2025-02-25 16:09 -0500
        Re: Dealing with Windows Security's "Ransomware protection" ant@zimage.comANT (Ant) - 2025-02-25 21:27 +0000
    Re: Dealing with Windows Security's "Ransomware protection" VanguardLH <V@nguard.LH> - 2025-02-25 10:08 -0600
      Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 06:32 -0800
        Re: Dealing with Windows Security's "Ransomware protection" wasbit <wasbit@nowhere.com> - 2025-02-28 09:37 +0000
    Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-25 11:37 -0500
      Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 06:35 -0800
        Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-27 10:20 -0500
          Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 07:31 -0800
            Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-27 12:11 -0500
              Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-28 05:17 -0800
                Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-28 11:21 -0500
                  Re: Dealing with Windows Security's "Ransomware protection" "Allan Higdon" <allanh@vivaldi.net> - 2025-02-28 15:39 -0600
                    Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-28 22:29 -0500
                      Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 05:59 -0800
                    Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 05:55 -0800
                Re: Dealing with Windows Security's "Ransomware protection" VanguardLH <V@nguard.LH> - 2025-02-28 11:55 -0600
                  Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 06:03 -0800
                    Re: Dealing with Windows Security's "Ransomware protection" ant@zimage.comANT (Ant) - 2025-03-03 00:46 +0000
                      Re: Dealing with Windows Security's "Ransomware protection" Hank Rogers <Hank@nospam.invalid> - 2025-03-02 19:19 -0600
          Re: Dealing with Windows Security's "Ransomware protection" Frank Slootweg <this@ddress.is.invalid> - 2025-02-27 16:12 +0000
        Re: Dealing with Windows Security's "Ransomware protection" VanguardLH <V@nguard.LH> - 2025-02-27 14:03 -0600
    Re: Dealing with Windows Security's "Ransomware protection" ...w¡ñ§±¤ñ  <winstonmvp@gmail.com> - 2025-02-25 11:57 -0700
      Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 06:38 -0800
        Re: Dealing with Windows Security's "Ransomware protection" ...w¡ñ§±¤ñ  <winstonmvp@gmail.com> - 2025-02-28 10:56 -0700
          Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 06:05 -0800

Page 1 of 2  [1] 2  Next page →

#182538 — Dealing with Windows Security's "Ransomware protection"

Windows Security's "Ransomware protection" is about as much of a PITA as
User Account Control.

I have this protection on, but man, I really don't like the way it
blocks so many of the programs I have on my system from doing things.

To allow an "app" (God I hate that corruption of the word APPLICATION),
here's what you do (in case you don't know):

1. Open Windows Security
2. Click on "Virus & threat protection"
3. Scroll down all the way so that you can see "Ransomware protection"
4. Click on "Manage ransomware protection"
5. Under "Controlled folder access" (which at this point should be in
the "On" position), click on "Allow an app through Controlled folder access"
6. Click on the "Add an allowed app" button
7. Take it from there to add an application to the list.

Does this PITA actually outweigh having Ransomware protection? That's a
question I'm asking myself. As long as Windows Security doesn't actually
remove a program before I have a chance to do this for a program, I can
probably live with it. However, if a program actually DOES get removed,
I will disable this protection.

I've already turned UAC down to the lowest possible setting because it
was distracting me way too often.

What do YOU think about Ransomware protection?

TIA.

-- 
John C.

Take back Microsoft from India.

[toc] | [next] | [standalone]

#182539

John C. <r9jmg0@yahoo.com> wrote:
> Windows Security's "Ransomware protection" is about as much of a PITA as
> User Account Control.
[...]
> What do YOU think about Ransomware protection?

  Not much. On my Windows 11 system, 'Controlled folder access' is *off*
and I don't think I turned it off, so I assume 'off' is the default.

  I also checked on my wife's Windows 10 system and 'Controlled folder
access' is off on that system as well. So the default *is* 'off',
because I would never lessen security on that system.

[toc] | [prev] | [next] | [standalone]

#182540

Frank Slootweg wrote:
> John C. <r9jmg0@yahoo.com> wrote:
>> Windows Security's "Ransomware protection" is about as much of a PITA as
>> User Account Control.
> [...]
>> What do YOU think about Ransomware protection?
> 
>    Not much. On my Windows 11 system, 'Controlled folder access' is *off*
> and I don't think I turned it off, so I assume 'off' is the default.
> 
>    I also checked on my wife's Windows 10 system and 'Controlled folder
> access' is off on that system as well. So the default *is* 'off',
> because I would never lessen security on that system.

It's off in my Win10 as well; default setting.
I wonder how it actually functions to detect ransomware?

My own protection is a well-kept backup image.

Ed

[toc] | [prev] | [next] | [standalone]

#182546

On Tue, 2/25/2025 10:23 AM, Ed Cryer wrote:
> Frank Slootweg wrote:
>> John C. <r9jmg0@yahoo.com> wrote:
>>> Windows Security's "Ransomware protection" is about as much of a PITA as
>>> User Account Control.
>> [...]
>>> What do YOU think about Ransomware protection?
>>
>>    Not much. On my Windows 11 system, 'Controlled folder access' is *off*
>> and I don't think I turned it off, so I assume 'off' is the default.
>>
>>    I also checked on my wife's Windows 10 system and 'Controlled folder
>> access' is off on that system as well. So the default *is* 'off',
>> because I would never lessen security on that system.
> 
> It's off in my Win10 as well; default setting.
> I wonder how it actually functions to detect ransomware?
> 
> My own protection is a well-kept backup image.
> 
> Ed

Ransomware attack vectors and methods:

Originally, naively named executables, blockable by AppLocker.

Most common attack vector today, is targeted phishing (hospitals, town governments).

Used to have a "service model". The infected punter was given an email
address, to converse with. Talk the service agent "down from three
Bitcoins to two Bitcoins". (That tells you this happened quite a long
time ago -- Bitcoins were at a low of $3 each at one time.) The service
agent would send you your key, you would decrypt your files.

The Black Hats found this model too expensive. It took a lot of service
agents. The service agent took a cut, and so on.

Information on the latest (personalized) threats is slim.

Likely to be via phishing (clicking the GoDaddy attachment concerning domain renewal).

Ransomware hides stealthily for one month. It no longer attacks immediately.
It seeks to understand what defenses you have (such as backup drives).

Attack can be file-by-file, but that is old fashioned. Each file has
an extension added to the end of it, indicating it has been attacked.
The .xls and .doc are attacked first, as OS files are worthless.

    taxes.xls.osirus      myproposal.doc.osirus

A second attack mechanism, is to change the FDE key and cause
the drive to instantly wink out. The part that I don't understand,
is why would the previous FDE key be readable ? Making it readable,
encourages this sort of attack.

*******

The proposed defense mechanisms don't appear to address all the
attack methods. Some will be hidden to us (such as Windows Defender
being "curious" about any agent approaching an FDE key). They tell us
that root kits are not all that common any more, but who knows whether
they go as a one-two punch for Ransomware.

Maybe a safer backup, is to manually boot a Macrium CD and make
a full to the external drive. Then shut down and disconnect the external
until next time.

What possibilities exist, for attack via UEFI ?

   Paul

[toc] | [prev] | [next] | [standalone]

#182549

Paul wrote:
> On Tue, 2/25/2025 10:23 AM, Ed Cryer wrote:
>> Frank Slootweg wrote:
>>> John C. <r9jmg0@yahoo.com> wrote:
>>>> Windows Security's "Ransomware protection" is about as much of a PITA as
>>>> User Account Control.
>>> [...]
>>>> What do YOU think about Ransomware protection?
>>>
>>>     Not much. On my Windows 11 system, 'Controlled folder access' is *off*
>>> and I don't think I turned it off, so I assume 'off' is the default.
>>>
>>>     I also checked on my wife's Windows 10 system and 'Controlled folder
>>> access' is off on that system as well. So the default *is* 'off',
>>> because I would never lessen security on that system.
>>
>> It's off in my Win10 as well; default setting.
>> I wonder how it actually functions to detect ransomware?
>>
>> My own protection is a well-kept backup image.
>>
>> Ed
> 
> Ransomware attack vectors and methods:
> 
> Originally, naively named executables, blockable by AppLocker.
> 
> Most common attack vector today, is targeted phishing (hospitals, town governments).
> 
> Used to have a "service model". The infected punter was given an email
> address, to converse with. Talk the service agent "down from three
> Bitcoins to two Bitcoins". (That tells you this happened quite a long
> time ago -- Bitcoins were at a low of $3 each at one time.) The service
> agent would send you your key, you would decrypt your files.
> 
> The Black Hats found this model too expensive. It took a lot of service
> agents. The service agent took a cut, and so on.
> 
> Information on the latest (personalized) threats is slim.
> 
> Likely to be via phishing (clicking the GoDaddy attachment concerning domain renewal).
> 
> Ransomware hides stealthily for one month. It no longer attacks immediately.
> It seeks to understand what defenses you have (such as backup drives).
> 
> Attack can be file-by-file, but that is old fashioned. Each file has
> an extension added to the end of it, indicating it has been attacked.
> The .xls and .doc are attacked first, as OS files are worthless.
> 
>      taxes.xls.osirus      myproposal.doc.osirus
> 
> A second attack mechanism, is to change the FDE key and cause
> the drive to instantly wink out. The part that I don't understand,
> is why would the previous FDE key be readable ? Making it readable,
> encourages this sort of attack.
> 
> *******
> 
> The proposed defense mechanisms don't appear to address all the
> attack methods. Some will be hidden to us (such as Windows Defender
> being "curious" about any agent approaching an FDE key). They tell us
> that root kits are not all that common any more, but who knows whether
> they go as a one-two punch for Ransomware.
> 
> Maybe a safer backup, is to manually boot a Macrium CD and make
> a full to the external drive. Then shut down and disconnect the external
> until next time.
> 
> What possibilities exist, for attack via UEFI ?
> 
>     Paul

Thanks for the reply, Paul.
May I pose two questions?
1. Why can't normal AV detect those lurking ransomware files?
2. Do you think my Macrium backup image and Macrium Reflect booting will 
be sufficient in the event of ransomware?


Ed

[toc] | [prev] | [next] | [standalone]

#182551

On Tue, 2/25/2025 2:02 PM, Ed Cryer wrote:

> 
> Thanks for the reply, Paul.
> May I pose two questions?
> 1. Why can't normal AV detect those lurking ransomware files?
> 2. Do you think my Macrium backup image and Macrium Reflect booting will be sufficient in the event of ransomware?
> 
> 
> Ed

In the event of real Ransomware, your backup is gone, from when the
backup drive was connected to the Hot OS. If you never connect the
backup drive, except when backing up with the Macrium CD, then I see
less opportunity for damage to the backup drive.

Right now, I don't know if your backup image is encrypted, or it is infected.
Maybe upon restoration, it encrypts itself again.

A zero day is sufficient, to remain dormant on the machine and have
no signature available in Windows Defender. Microsoft likes to celebrate the
cases, where a Black Hat scans their prized plum with Virustotal, giving
everyone a heads up of incoming malware. But nation state actors aren't
that stupid, and there will be no advance warning "on radar". If the ransomware
doesn't tip anything over, it can hide and wait for a month if it wants. Maybe
it will be "dllhost" or "rundll" or any number of other anonymous executables.
It could even be a "svchost" and blend in with the crowd.

I see no reason to be "high-fiving" one another about how safe you are.
But generally speaking, with exceptions, you aren't really a target.
Attacking you is not "cost effective". Yes, they could make money off
you, but they would sooner make money off a hospital.

   Paul

[toc] | [prev] | [next] | [standalone]

#182552

Ed Cryer <ed@somewhere.in.the.uk> wrote:
> Frank Slootweg wrote:
> > John C. <r9jmg0@yahoo.com> wrote:
> >> Windows Security's "Ransomware protection" is about as much of a PITA as
> >> User Account Control.
> > [...]
> >> What do YOU think about Ransomware protection?
> > 
> >    Not much. On my Windows 11 system, 'Controlled folder access' is *off*
> > and I don't think I turned it off, so I assume 'off' is the default.
> > 
> >    I also checked on my wife's Windows 10 system and 'Controlled folder
> > access' is off on that system as well. So the default *is* 'off',
> > because I would never lessen security on that system.

> It's off in my Win10 as well; default setting.
> I wonder how it actually functions to detect ransomware?

> My own protection is a well-kept backup image.

And being smart not to do something stupid like click on and run bad stuff. Also, keeping everything updated!
-- 
"The Lord will fulfill his purpose for me; your steadfast love, O Lord, endures forever--do not abandon the works of your hands." --Psalm 138:8. Poopy Monday!
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
  /\___/\   Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
 / /\ /\ \                      Please nuke ANT if replying by e-mail.
| |o   o| |
   \ _ /
    ( )

[toc] | [prev] | [next] | [standalone]

#182541

"John C." <r9jmg0@yahoo.com> wrote:

> Windows Security's "Ransomware protection" is about as much of a PITA as
> User Account Control.

You were warned in the "How to boot into Windows 10 Safe Mode" thread
when you mentioned you would enable Defender's ransomware protection.
It is similar to 3rd-party firewalls with an option to block all
outgoing network connections unless you choose to block always, allow
temporarily, or allow always.  In both, you get an option to throttle
what can connect by the firewall, and what can access what for
Defender's ransomware protection.  You get more protection, and you
choose to do the additional control.  Both come with whitelists, so some
programs are exempted, but you'll keep getting nagged until you decide
on block always or allow always.  Eventually the nags wane as you keep
making those decisions unless, of course, you keep installing more
software that requires more of your decisions which you opted into
getting.

[toc] | [prev] | [next] | [standalone]

#182596

VanguardLH wrote:
> John C. wrote:
>> 
>> Windows Security's "Ransomware protection" is about as much of a PITA as
>> User Account Control.
> 
> You were warned in the "How to boot into Windows 10 Safe Mode" thread
> when you mentioned you would enable Defender's ransomware protection.

Yes, and it caused me grief this morning when I attempted to get some
photographs off of my camera using the freeware Cam2PC. Even though I
added the application to the "Allowed Apps" list, I still can't get my
pictures off of the camera other than by doing it manually in File Explorer.

> It is similar to 3rd-party firewalls with an option to block all
> outgoing network connections unless you choose to block always, allow
> temporarily, or allow always.

Yes, FWs like Kerio 2.1.5, which I loved. But Kerio didn't munge program
function after you okayed one like PFA does.

> In both, you get an option to throttle
> what can connect by the firewall, and what can access what for
> Defender's ransomware protection.  You get more protection, and you
> choose to do the additional control.  Both come with whitelists, so some
> programs are exempted, but you'll keep getting nagged until you decide
> on block always or allow always.  Eventually the nags wane as you keep
> making those decisions unless, of course, you keep installing more
> software that requires more of your decisions which you opted into
> getting.

Too true. And eventually, a lot of people just turn off Ransomware
Protection in Windows Security. Like I just had to do.

-- 
John C.

Take back Microsoft from India.

[toc] | [prev] | [next] | [standalone]

#182623

On 27/02/2025 14:32, John C. wrote:
> VanguardLH wrote:
>> John C. wrote:
>>>
>>> Windows Security's "Ransomware protection" is about as much of a PITA as
>>> User Account Control.
>>
>> You were warned in the "How to boot into Windows 10 Safe Mode" thread
>> when you mentioned you would enable Defender's ransomware protection.
> 
> Yes, and it caused me grief this morning when I attempted to get some
> photographs off of my camera using the freeware Cam2PC. Even though I
> added the application to the "Allowed Apps" list, I still can't get my
> pictures off of the camera other than by doing it manually in File Explorer.
> 
 > snip <
> 

Why use software to connect a camera (or mobile phone) to a PC?
A USB memory card reader or connection by wire is my preferred method.


-- 
Regards
wasbit

[toc] | [prev] | [next] | [standalone]

#182542

On 2/25/2025 8:14 AM, John C. wrote:
> Windows Security's "Ransomware protection" is about as much of a PITA as
> User Account Control.
> 
> I have this protection on, but man, I really don't like the way it
> blocks so many of the programs I have on my system from doing things.
> 
> To allow an "app" (God I hate that corruption of the word APPLICATION),
> here's what you do (in case you don't know):
> 
> 1. Open Windows Security
> 2. Click on "Virus & threat protection"
> 3. Scroll down all the way so that you can see "Ransomware protection"
> 4. Click on "Manage ransomware protection"
> 5. Under "Controlled folder access" (which at this point should be in
> the "On" position), click on "Allow an app through Controlled folder access"
> 6. Click on the "Add an allowed app" button
> 7. Take it from there to add an application to the list.
> 
> Does this PITA actually outweigh having Ransomware protection? That's a
> question I'm asking myself. As long as Windows Security doesn't actually
> remove a program before I have a chance to do this for a program, I can
> probably live with it. However, if a program actually DOES get removed,
> I will disable this protection.
> 
> I've already turned UAC down to the lowest possible setting because it
> was distracting me way too often.
> 
> What do YOU think about Ransomware protection?
> 
> TIA.
> 

     I have UAC and LUA both disabled. I don't know from
ransomware protection. Win10 never bugs
me. If anything does, I hunt it down and kill it without
mercy. But I like to work without interruption. I don't like
potholes in the road. You seem to prefer luxuriating in
indignation. Given that, it seems to me that whatever
you paid for Win10 was a bargain. If used properly, Win10
can provide endless indignation fun for the whole family. :)

[toc] | [prev] | [next] | [standalone]

#182597

On 25/02/25 08:37 AM, Newyana2 wrote:
> On 2/25/2025 8:14 AM, John C. wrote:
>> Windows Security's "Ransomware protection" is about as much of a PITA as
>> User Account Control.
>>
>> I have this protection on, but man, I really don't like the way it
>> blocks so many of the programs I have on my system from doing things.
>>
>> To allow an "app" (God I hate that corruption of the word APPLICATION),
>> here's what you do (in case you don't know):
>>
>> 1. Open Windows Security
>> 2. Click on "Virus & threat protection"
>> 3. Scroll down all the way so that you can see "Ransomware protection"
>> 4. Click on "Manage ransomware protection"
>> 5. Under "Controlled folder access" (which at this point should be in
>> the "On" position), click on "Allow an app through Controlled folder
>> access"
>> 6. Click on the "Add an allowed app" button
>> 7. Take it from there to add an application to the list.
>>
>> Does this PITA actually outweigh having Ransomware protection? That's a
>> question I'm asking myself. As long as Windows Security doesn't actually
>> remove a program before I have a chance to do this for a program, I can
>> probably live with it. However, if a program actually DOES get removed,
>> I will disable this protection.
>>
>> I've already turned UAC down to the lowest possible setting because it
>> was distracting me way too often.
>>
>> What do YOU think about Ransomware protection?
>>
>> TIA.
>>
> 
>     I have UAC and LUA both disabled. I don't know from
> ransomware protection. Win10 never bugs
> me. If anything does, I hunt it down and kill it without
> mercy. But I like to work without interruption. I don't like
> potholes in the road. You seem to prefer luxuriating in
> indignation. Given that, it seems to me that whatever
> you paid for Win10 was a bargain. If used properly, Win10
> can provide endless indignation fun for the whole family. :)

I'm blundering my way through all the W10 nonsense as best I can. This
morning, I finally gave up and turned off PFA just like I did UAC.

What gets me is that M$ seems to believe that those two clusterfucks are
acceptable and that everybody will put up with the inconveniences that
they impose. Instead, what's actually happening is that they M$ is
killing itself as usership of W11 is actually dropping off.

-- 
John C.

Take back Microsoft from India.

[toc] | [prev] | [next] | [standalone]

#182602

On 2/27/2025 9:35 AM, John C. wrote:

> 
> I'm blundering my way through all the W10 nonsense as best I can. This
> morning, I finally gave up and turned off PFA just like I did UAC.
> 
    PFA?

[toc] | [prev] | [next] | [standalone]

#182604

Newyana2 wrote:
> John C. wrote:
>>
>> I'm blundering my way through all the W10 nonsense as best I can. This
>> morning, I finally gave up and turned off PFA just like I did UAC.
>
>    PFA?

"Protected Folder Access". I meant CFA (Controlled Folder Access.)

I turned off Ransomware Protection completely, as seems to be the
default now with a fresh W10 or W11 install. This, in turn, disabled CFA.

Sorry about the confusion.

-- 
John C.

Take back Microsoft from India.

[toc] | [prev] | [next] | [standalone]

#182606

On 2/27/2025 10:31 AM, John C. wrote:
> Newyana2 wrote:
>> John C. wrote:
>>>
>>> I'm blundering my way through all the W10 nonsense as best I can. This
>>> morning, I finally gave up and turned off PFA just like I did UAC.
>>
>>     PFA?
> 
> "Protected Folder Access". I meant CFA (Controlled Folder Access.)
> 
> I turned off Ransomware Protection completely, as seems to be the
> default now with a fresh W10 or W11 install. This, in turn, disabled CFA.
> 
> Sorry about the confusion.
> 

     I'd never heard of that. I'd never heard of ransomware
protection. I recently set up a new computer with dual boot
of Win10 and 11, but never noticed anything about RP. Odd.
But when I install a system I imediately set about cleaning it
up, so maybe that's why.

   Looking now at my 1 year old Win10 22H2, there's no mention
of RP in the lower catacombs of the ridiculous Settings app.
I guess it must be new. A page online says it should be listed
there.

  These convoluted settings, intertwined with control panel,
are even more confusing with Win11, since MS have shuffled
everything around.

   Settings -> Udates and Security -> Windows Security ->
Open Windows Security. If I had MP that would be yet
another step. Why? MS don't make a cellphone OS, yet they
seem to be trying to design Windows GUI for a cellphone. Big,
gaint, empty windows with little functionality, and lots of
slide controls. Maybe there's something they're not telling us.

[toc] | [prev] | [next] | [standalone]

#182625

Newyana2 wrote:
> John C. wrote:
>> Newyana2 wrote:
>>> John C. wrote:
>>>>
>>>> I'm blundering my way through all the W10 nonsense as best I can. This
>>>> morning, I finally gave up and turned off PFA just like I did UAC.
>>>
>>>     PFA?
>>
>> "Protected Folder Access". I meant CFA (Controlled Folder Access.)
>>
>> I turned off Ransomware Protection completely, as seems to be the
>> default now with a fresh W10 or W11 install. This, in turn, disabled CFA.
>>
>> Sorry about the confusion.
>>
> 
>     I'd never heard of that. I'd never heard of ransomware
> protection. I recently set up a new computer with dual boot
> of Win10 and 11, but never noticed anything about RP. Odd.
> But when I install a system I imediately set about cleaning it
> up, so maybe that's why.
> 
>   Looking now at my 1 year old Win10 22H2, there's no mention
> of RP in the lower catacombs of the ridiculous Settings app.
> I guess it must be new. A page online says it should be listed
> there.
> 
>  These convoluted settings, intertwined with control panel,
> are even more confusing with Win11, since MS have shuffled
> everything around.
> 
>   Settings -> Udates and Security -> Windows Security ->
> Open Windows Security. If I had MP that would be yet
> another step. Why? MS don't make a cellphone OS, yet they
> seem to be trying to design Windows GUI for a cellphone. Big,
> gaint, empty windows with little functionality, and lots of
> slide controls. Maybe there's something they're not telling us.

Ransomware Protection has been in Windows Security since 2017. It was
added when Windows 10 was updated to Version 1703.

Settings
  Update & Security
    Windows Security
      Virus & threat protection
        Scroll down and click on "Manage ransomware protection
          Either turn off or on the Controlled Folder Access button.

If you turn it on, then you'll see "Allow an app through Controlled
folder access", when you can do what it describes.

It's a PITA to have to deal with this until all the APPLICATIONS (GOD I
hate the term "app") I use are allowed, so I've turned the button off
for now. Still trying to decide whether or not it's worth the effort and
frustration of adding programs to the allowed list.

-- 
John C.

Take back Microsoft from India.

[toc] | [prev] | [next] | [standalone]

#182628

On 2/28/2025 8:17 AM, John C. wrote:
> Newyana2 wrote:
>> John C. wrote:
>>> Newyana2 wrote:
>>>> John C. wrote:
>>>>>
>>>>> I'm blundering my way through all the W10 nonsense as best I can. This
>>>>> morning, I finally gave up and turned off PFA just like I did UAC.
>>>>
>>>>      PFA?
>>>
>>> "Protected Folder Access". I meant CFA (Controlled Folder Access.)
>>>
>>> I turned off Ransomware Protection completely, as seems to be the
>>> default now with a fresh W10 or W11 install. This, in turn, disabled CFA.
>>>
>>> Sorry about the confusion.
>>>
>>
>>      I'd never heard of that. I'd never heard of ransomware
>> protection. I recently set up a new computer with dual boot
>> of Win10 and 11, but never noticed anything about RP. Odd.
>> But when I install a system I imediately set about cleaning it
>> up, so maybe that's why.
>>
>>    Looking now at my 1 year old Win10 22H2, there's no mention
>> of RP in the lower catacombs of the ridiculous Settings app.
>> I guess it must be new. A page online says it should be listed
>> there.
>>
>>   These convoluted settings, intertwined with control panel,
>> are even more confusing with Win11, since MS have shuffled
>> everything around.
>>
>>    Settings -> Udates and Security -> Windows Security ->
>> Open Windows Security. If I had MP that would be yet
>> another step. Why? MS don't make a cellphone OS, yet they
>> seem to be trying to design Windows GUI for a cellphone. Big,
>> gaint, empty windows with little functionality, and lots of
>> slide controls. Maybe there's something they're not telling us.
> 
> Ransomware Protection has been in Windows Security since 2017. It was
> added when Windows 10 was updated to Version 1703.
> 
> Settings
>    Update & Security
>      Windows Security
>        Virus & threat protection
>          Scroll down and click on "Manage ransomware protection
>            Either turn off or on the Controlled Folder Access button.
> 
> If you turn it on, then you'll see "Allow an app through Controlled
> folder access", when you can do what it describes.
> 
    Ah. I see. Boy is that buried! I have it turned off.
I have most all of that stuff turned off. Windows Defender
seems to be trying to look busy. I haven't bothered to
figure out how to stop it. Maybe there's some value there.
But in general it seems pretty much useless. It thinks I have
  all kinds of malware because I left a HOSTS file copy
on the Desktop at one point.

[toc] | [prev] | [next] | [standalone]

#182639

On Fri, 28 Feb 2025 10:21:55 -0600, Newyana2 <newyana@invalid.nospam> wrote:

>     Ah. I see. Boy is that buried! I have it turned off.
> I have most all of that stuff turned off. Windows Defender
> seems to be trying to look busy. I haven't bothered to
> figure out how to stop it. Maybe there's some value there.
> But in general it seems pretty much useless. It thinks I have
>   all kinds of malware because I left a HOSTS file copy
> on the Desktop at one point.
>
>

If you're like me, an on-demand standalone AV scanner is enough.
One really good one is Emsisoft Emergency Kit.
https://www.emsisoft.com/en/home/emergency-kit/

I've been using Hellzerg Optimizer to disable Windows Defender.
https://github.com/hellzerg/optimizer/#--how-to-disable-defender-in-windows-10-1903-and-later

I disable Tamper Protection with a .Reg file.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000

You can use Winaero Tweaker to verify that Tamper Protection and Windows Defender are disabled.
https://winaero.com/winaero-tweaker/

[toc] | [prev] | [next] | [standalone]

#182653

On 2/28/2025 4:39 PM, Allan Higdon wrote:

> 
> If you're like me, an on-demand standalone AV scanner is enough.
> One really good one is Emsisoft Emergency Kit.
> https://www.emsisoft.com/en/home/emergency-kit/
> 
> I've been using Hellzerg Optimizer to disable Windows Defender.
> https://github.com/hellzerg/optimizer/#--how-to-disable-defender-in-windows-10-1903-and-later 
> 
> 
> I disable Tamper Protection with a .Reg file.
> 
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
> "TamperProtection"=dword:00000000
> 
> You can use Winaero Tweaker to verify that Tamper Protection and Windows 
> Defender are disabled.
> https://winaero.com/winaero-tweaker/

   Thanks. Good notes to check out. I have occasionally
downloaded something like Clam to do a one-time check
when I feel a bt of paranoia. I don't think I've ever tried
Emsisoft.

[toc] | [prev] | [next] | [standalone]

#182712

On 25/02/28 07:29 PM, Newyana2 wrote:
> On 2/28/2025 4:39 PM, Allan Higdon wrote:
> 
>>
>> If you're like me, an on-demand standalone AV scanner is enough.
>> One really good one is Emsisoft Emergency Kit.
>> https://www.emsisoft.com/en/home/emergency-kit/
>>
>> I've been using Hellzerg Optimizer to disable Windows Defender.
>> https://github.com/hellzerg/optimizer/#--how-to-disable-defender-in-windows-10-1903-and-later
>>
>> I disable Tamper Protection with a .Reg file.
>>
>> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
>> "TamperProtection"=dword:00000000
>>
>> You can use Winaero Tweaker to verify that Tamper Protection and
>> Windows Defender are disabled.
>> https://winaero.com/winaero-tweaker/
> 
>   Thanks. Good notes to check out. I have occasionally
> downloaded something like Clam to do a one-time check
> when I feel a bt of paranoia. I don't think I've ever tried
> Emsisoft.

I used to use Trendmicro's "Housecall" free online scanner a long time
ago. Still would probably work for somebody who doesn't mind knowingly
exposing their soft underbelly to a corporation.

-- 
John C.

Take back Microsoft from India.

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | alt.comp.os.windows-10

csiph-web