Information: If you utilize a third-party antivirus program, you won't be able to use Controlled Folder Access. However, similar security measures can be achieved with Folder Guard. My guide in Block Malware walks you through using Folder Guard to protect yourself from stealers and ransomware.
Click on the Start menu.
Type Windows Security and press Enter.
In the Windows Security window, click on Virus & threat protection.
Scroll down and under the Ransomware protection section, click on Manage ransomware protection.
Toggle the switch to On under Controlled folder access. If prompted, confirm the action.
Information: Browser hijackers are malware that change browser settings without permission, redirecting users to unwanted sites, altering search engines, and displaying ads. They degrade performance, compromise privacy, and are often bundled with free software or found on malicious sites.
Set Controlled Folder Access to protect
Chrome: C:\Users\[Your Username]\AppData\Local\Google\Chrome
Edge: C:\Users\[Your Username]\AppData\Local\Microsoft\Edge
Firefox: C:\Users\[Your Username]\AppData\Roaming\Mozilla\Firefox
This feature prevents browser hijackers by blocking unrecognized applications from modifying protected browser data folders. It ensures that only trusted apps, like your browser, can alter these folders, protecting your settings, extensions, and personal data. However, CFA only prevents modifications from unrecognized applications; it does not prevent reading the browser data, which is all stealers need to steal your data.
Information: Discord stealers are malicious software designed to steal Discord user tokens, allowing attackers to access accounts without passwords. They can collect sensitive information, including messages and payment details. These stealers often spread through malicious links or software.
Set Controlled Folder Access to protect C:\Users\[Your Username]\AppData\Local\Discord
This feature prevents Discord stealers from modifying application files to steal tokens and data. CFA restricts unauthorized write access to Discord's directories, blocking malware from injecting malicious code into Discord. Only trusted applications can alter Discord's files, preventing persistence through this method. However, it’s important to note that your token is stored physically on disk as a database file, which can be decoded on the fly by malware. Thus, even if the JavaScript injection is blocked, most stealers can still read and steal your data without modifying the application files.
Set Controlled Folder Access to protect C:\Users\[Your Username]\Cloud Storage
This prevents ransomware by blocking unauthorized applications from modifying files. Cloud storage services offer file versioning and rollback features, but CFA adds extra security by ensuring only trusted applications can change, delete, or encrypt files.
The startup folder in Windows contains shortcuts to applications that automatically start when the computer boots up. Programs placed in this folder will launch as soon as the user logs into their account.
C:\Users\[Your Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
This prevents unauthorized applications from making changes to the folder. This ensures that only trusted applications can add or modify startup items.
Important: You may need to allow protected applications through Controlled Folder Access. If you're unsure which executable(s) to exclude, simply wait for Controlled Folder Access to block a protected application. Then, go to the protection history, select the blocked item, and choose "Allow" followed by "Allow on device."