Galitaanka galka la xakameeyey^{(Controlled folder access)} waa sifada ka hortagga faragelinta ee laga heli karo Microsoft Defender Exploit Guard , kaas oo qayb ka ah Kahortagaha Difaaca Microsoft^{(Microsoft Defender Antivirus)} . Waxaa loo qorsheeyay ugu horrayn si looga hortago ransomware inay sir xogtaada/faylalkaaga, laakiin sidoo kale waxay ka ilaalisaa faylasha isbeddellada aan loo baahnayn ee codsiyada kale ee xaasidnimada leh. Maqaalkan, waxaan ku tusi doonaa sida loo habeeyo gelitaanka galka la xakameeyey iyadoo la adeegsanayo Siyaasadda Kooxda & PowerShell^{(configure Controlled Folder Access using Group Policy & PowerShell)} gudaha Windows 11/10.

Habkani waa mid ikhtiyaari ah Windows 10 laakiin marka la furo, muuqaalku wuxuu awood u leeyahay inuu raad raaco faylasha la fulin karo, qoraallada, iyo DLLs , kuwaas oo isku dayaya inay isbeddel ku sameeyaan faylasha faylalka la ilaaliyo. Haddii abka ama faylka uu yahay mid xaasidnimo ah ama aan la aqoonsanayn, sifada ayaa xannibi doonta isku dayga wakhtiga dhabta ah, oo waxaad heli doontaa ogeysiin ku saabsan hawsha shakiga leh.

Habbee gelitaanka galka la^{(Folder Access)} xakameeyey adoo isticmaalaya Siyaasadda Kooxda^{(Group Policy)}

Si aad u habayso gelitaanka galka la kantaroolay^{(Controlled Folder Access)} adoo isticmaalaya Siyaasadda Kooxda^{(Group Policy)} , marka hore waxaad u baahan tahay inaad karti u yeelato sifadan . Marka la sameeyo, waxaad sii wadi kartaa habaynta kuwan soo socda:

Kudar meel cusub oo ilaalin ah adoo adeegsanaya tifaftiraha Siyaasadda Kooxda Maxaliga ah^{(Local Group Policy Editor)}

Haddii galitaanka galka la xakameeyey la furo, faylalka aasaasiga ah waxaa lagu daraa si caadi ah. Haddii ay tahay inaad ilaaliso xogta ku taal meel kale, markaa waxaad isticmaali kartaa Configure protected faylalka^{(Configure protected folders)} si aad ugu darto gal cusub.

Waa kan sida:

• Riix Windows key + R si aad ugu yeerto Run dialog
• Ku qor sanduuqa wada hadalka Run gpedit.mscoo ku dhufo Gelida si aad u furto Tifaftiraha Siyaasadda Kooxda^{(open Group Policy Editor)} .
• Gudaha tifaftiraha Siyaasadda Kooxda Maxaliga ah^{(Local Group Policy Editor)} , isticmaal shayga bidix si aad ugu socotid jidka hoose:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

• Laba jeer  dhagsi ku habee siyaasada faylalka la ilaaliyo^{(Configure protected folders)} ee dhinaca midigta si aad wax uga beddesho hantideeda.
• Dooro  badhanka^(Enabled) raadiyaha karti leh.
• Hoosta qaybta ikhtiyaariga^(Options) ah, dhagsii badhanka Show  .
• Sheeg meelaha aad rabto inaad ilaaliso adiga oo gelaya dariiqa galka (tusaale; F:MyData) goobta magaca Qiimaha^{(Value name)} oo ku dara 0 goobta Qiimaha^(Value) . Ku celi talaabadan si aad ugu darto goobo badan.
• Guji   badhanka OK
• Guji   badhanka Codso .^(Apply)
• Guji   badhanka OK

Galka cusub hadda waxaa lagu dari doonaa liiska ilaalinta ee gelitaanka galka la kantaroolay . ^(Controlled)Si aad u soo celiso isbeddelada, raac tilmaamaha kore, laakiin dooro  ikhtiyaarka aan la dejin^{(Not Configured)} ama naafo^(Disabled) .

Liistada abka ee galitaanka galka la xakameeyey iyadoo la adeegsanayo ^(Controlled)tifaftiraha Siyaasadda Kooxda Maxalliga^{(Local Group Policy Editor)}

• Fure Tifaftiraha Siyaasadda Kooxda Maxaliga.
• Gudaha tifaftiraha Siyaasadda Kooxda Maxaliga ah^{(Local Group Policy Editor)} , isticmaal shayga bidix si aad ugu socotid jidka hoose:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

• Laba jeer dhagsii Configure la oggolaaday^{(Configure allowed applications)}  siyaasada codsiyada ee shayga midig si aad wax uga beddesho hantideeda.
• Dooro  badhanka^(Enabled) raadiyaha karti leh.
• Hoosta qaybta ikhtiyaariga^(Options) ah, dhagsii badhanka Show  .
• Sheeg meesha uu ku yaalo faylka .exe ee appka (tusaale; C:Program Files (x86)GoogleChromeApplicationchrome.exe) aad rabto in aad u ogolaato goobta magaca Qiimaha^{(Value name)} oo ku dar 0 goobta Qiimaha^(Value) . Ku celi talaabadan si aad ugu darto goobo badan.
• Guji   badhanka OK
• Guji   badhanka Codso .^(Apply)
• Guji   badhanka OK

Hadda, abka la cayimay lama xannibi doono marka gelitaanka galka la kantaroolay la shido, oo waxay awood u yeelan doontaa inay isbeddel ku samayso faylasha iyo faylalka la ilaaliyo. Si aad u soo celiso isbeddelada, raac tilmaamaha kore, laakiin dooro  ikhtiyaarka aan la dejin^{(Not Configured)} ama naafo^(Disabled) .

Loogu talagalay Windows 11/10 Isticmaalayaasha guriga , waxaad ku ^(Home)dari kartaa qaabka Tifaftiraha Siyaasadda Kooxda Maxaliga^{(add Local Group Policy Editor)} ah ka dibna ful tilmaamaha sida kor lagu sheegay ama waxaad samayn kartaa habka PowerShell ee hoose.

Ku habbee gelitaanka galka^{(Folder Access)} la xakameeyey adoo isticmaalaya PowerShell

Si aad u habayso gelitaanka Folderka la xakameeyey^{(Controlled Folder Access)} iyadoo la isticmaalayo Siyaasadda Kooxda^{(Group Policy)} , marka hore waxaad u baahan tahay inaad karti u yeelato sifada. Marka la sameeyo, waxaad sii wadi kartaa habaynta kuwan soo socda:

Kudar^(Add) meel cusub oo ilaalin ah adoo isticmaalaya PowerShell

• Riix furaha Windows + X si aad u furto Menu User Power^{(open Power User Menu)} .
• Taabo A kiiboodhka si aad u bilawdo PowerShell habka maamulka/sare.
• Gudaha PowerShell console, ku qor amarka hoose oo ku dhufo Gelida^(Enter) .

Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\add"

Amarka, ku beddel F:olderpath oaddmeeleeyaha jidka dhabta ah ee goobta iyo fulinta abka aad rabto inaad oggolaato. Markaa tusaale ahaan, amarkaagu waa inuu u ekaado sidan soo socota:

Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\MyData"

• Si aad meesha uga saarto galka, ku qor amarka hoose oo ku dhufo Gelida^(Enter) :

Disable-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\remove"

Liistada abka ee galitaanka galka la xakameeyey iyadoo la isticmaalayo ^(Controlled)PowerShell

• Ku billow PowerShell^(PowerShell) qaabka maamulka/sare.
• Gudaha PowerShell console, ku qor amarka hoose oo ku dhufo Gelida^(Enter) .

Add-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"

Amarka, ku beddel F:path oappapp.exe meeleeyaha jidka dhabta ah ee goobta iyo fulinta abka aad rabto inaad oggolaato. Markaa tusaale ahaan, amarkaagu waa inuu u ekaado sidan soo socota:

Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

Amarka kore wuxuu Chrome ku dari doonaa liiska abka la ogolyahay abka waxaa loo ogolaan doonaa inuu shaqeeyo oo uu wax ka bedelo faylashaada marka galitaanka galka la kantaroolo la furo.^(Controlled)

• Si aad meesha uga saarto abka, ku qor amarka hoose oo ku dhufo Gelida^(Enter) :

Remove-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"

Taasi waa sida loo habeeyo gelitaanka galka la xakameeyey^{(Controlled Folder Access)} iyadoo la adeegsanayo Siyaasadda Kooxda^{(Group Policy)} & PowerShell gudaha Windows 11/10 !

Configure Controlled Folder Access using Group Policy & PowerShell

Controlled folder access is an intrusion-prevention feature available with Microsoft Defender Exploit Guard, which is part of the Microsoft Defender Antivirus. It’s been designed primarily to prevent ransomware from encrypting your data/files, but it also protects files from unwanted changes from other malicious applications. In this post, we will show you how to configure Controlled Folder Access using Group Policy & PowerShell in Windows 11/10.

This feature is optional on Windows 10 but when enabled, the feature is able to track executable files, scripts, and DLLs, that attempt to make changes to files in the protected folders. If the app or file is malicious or not recognized, the feature will block the attempt in real-time, and you’ll receive a notification of the suspicious activity.

Configure Controlled Folder Access using Group Policy

To configure Controlled Folder Access using Group Policy, you first need to enable this feature. Once done, you can proceed to configure the following:

Add a new location for protection via Local Group Policy Editor

If Controlled folder access is enabled, the basic folders are added by default. If you must protect data located in a different location, then you can use the Configure protected folders policy to add the new folder.

Here’s how:

• Press Windows key + R to invoke the Run dialog
• In the Run dialog box type gpedit.msc and hit Enter to open Group Policy Editor.
• Inside the Local Group Policy Editor, use the left pane to navigate to the path below:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

• Double-click the Configure protected folders policy on the right pane to edit its properties.
• Select the Enabled radio button.
• Under the Options section, click the Show button.
• Specify the locations you want to protect by entering the path of the folder (eg; F:\MyData) in the Value name field and adding 0 in the Value field. Repeat this step to add more locations.
• Click the OK button.
• Click the Apply button.
• Click the OK button.

The new folder(s) will now be added to the protection list of Controlled folder access. To revert the changes, follow the instructions above, but select the Not Configured or Disabled option.

Whitelist apps in Controlled folder access using Local Group Policy Editor

• Open Local Group Policy Editor.
• Inside the Local Group Policy Editor, use the left pane to navigate to the path below:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access

• Double-click the Configure allowed applications policy on the right pane to edit its properties.
• Select the Enabled radio button.
• Under the Options section, click the Show button.
• Specify the location of the .exe file for the app (eg; C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) you want to allow in the Value name field and add 0 in the Value field. Repeat this step to add more locations.
• Click the OK button.
• Click the Apply button.
• Click the OK button.

Now, the specified app(s) won’t be blocked when Controlled folder access is turned on, and it’ll be able to make changes to protected files and folders. To revert the changes, follow the instructions above, but select the Not Configured or Disabled option.

For Windows 11/10 Home users, you can add Local Group Policy Editor feature and then carry out the instructions as provided above or you can do the PowerShell method below.

Configure Controlled Folder Access using PowerShell

To configure Controlled Folder Access using Group Policy, you first need to enable the feature. Once done, you can proceed to configure the following:

Add new location for protection using PowerShell

• Press Windows key + X to open Power User Menu.
• Tap A on the keyboard to launch PowerShell in admin/elevated mode.
• In the PowerShell console, type in the command below and hit Enter.

Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\add"

In the command, substitute the F:\folder\path\to\add placeholder with the actual path for the location and executable of the app you want to allow. So for example, your command should look like the following:

Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\MyData"

• To remove a folder, type the command below and hit Enter:

Disable-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\remove"

Whitelist apps in Controlled folder access using PowerShell

• Launch PowerShell in admin/elevated mode.
• In the PowerShell console, type in the command below and hit Enter.

Add-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"

In the command, substitute the F:\path\to\app\app.exe placeholder with the actual path for the location and executable of the app you want to allow. So for example, your command should look like the following:

Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

The above command will add Chrome to the list of allowed apps and the app will be allowed to run and make changes to your files when Controlled folder access is enabled.

• To remove an app, type the command below and hit Enter:

Remove-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"

That’s it on how to configure Controlled Folder Access using Group Policy & PowerShell in Windows 11/10!

Related posts

• Siyaasadda Kooxda Dib u jahaynta Folder lama dabaqin marka la isticmaalayo SCCM

• Dami Internet Explorer 11 sidii biraawsar u taagan oo kali ah addoo isticmaalaya Siyaasadda Kooxda

• Sida loogu daro Tifaftiraha Siyaasadda Kooxda Windows 11/10 Daabacaadda Guriga

• Kahortagga ku rakibidda Barnaamijyada Isha Warbaahineed ee La Raro

• Beddel Kaydinta Hagaajinta Gaadhsiinta ee Cusbooneysiinta Daaqadaha

• Daar ama dami cusboonaysiinta tooska ah ee Zoom iyadoo la adeegsanayo Siyaasadda Kooxda ama Diiwaanka

• Sida loo awood Audio Sandbox gudaha browserka Edge

• Sida loo dabaqo Siyaasadda Kooxda Lakabay ee gudaha Windows 11/10

• Sida loo Khariideeyo Shabakadda Drive-ka iyadoo la adeegsanayo Siyaasadda Kooxda ee Windows 11/10

• Daar ama dami gelitaanka Maareeyaha Ku-darka Firefox add-ons addoo isticmaalaya Siyaasadda Kooxda

• Khalad markaad furto Tifaftiraha Siyaasadda Kooxda Maxalliga ah gudaha Windows 11/10

• Sida loo joojiyo Picture Password-ka xulashada gudaha Windows 11/10

• Sida loo sahlo ama loo joojiyo hagaajinta degdega ah ee Logon gudaha Windows 11/10

• Dami: Waxaad haysaa apps cusub oo furi kara nooca faylka

• Siyaasadaha Kooxda si loo habeeyo u-jahaynta Microsoft Edge

• Sida loo sameeyo Firefox Bookmarks iyadoo la adeegsanayo Siyaasadda Kooxda iyo Tifaftiraha Diiwaangelinta

• Dami Aaladaha Horumarinta ee Edge addoo isticmaalaya Nidaamka Diiwaangelinta ama Kooxda

• Sida loo quful dhammaan goobaha Taskbar ee Windows 10

• Xaddid Dejinta Bandwidth Reservable ee gudaha Windows 11/10

• Sida Looga Hortago Isticmaalayaasha inay tirtiraan Xogta ogaanshaha gudaha Windows 11/10