Managed folder access in Windows 10 protects against cryptographers

Microsoft released Windows 10 Insider Preview Build 16232 for PC on the Fast Update channel (Fast ring) for Windows Insiders program participants, as well as a new Windows 10 Mobile Insider mobile build Preview Build 15228 (also (Fast ring). A bit earlier, the company announced New security features that will appear in the operating system for the fall update of Fall Creators Update. So, some of the announced security features are implemented right now in these builds, so that you can "touch" them in action.

Protection against exploits

One of the innovations - setting protection against exploits in the Windows Defender Security Center . Now the user can personally check the current settings, change them for the system and individual applications directly from the Windows Defender Security Center, and not from the Windows Defender Antivirus.


')
Microsoft promises to soon release more detailed documentation on the settings for protection against exploits and reminds that this feature is under development and so far may not work quite correctly.

Protection against exploits Windows Defender Exploit Guard is implemented on the basis of the Enhanced Mitigation Experience Toolkit (EMET) system protection. Microsoft says that this technology effectively protects the system not only from known vulnerabilities, but also from unknown ones, that is, 0day. Built-in rules and policies are trying to prevent a malicious program from performing intelligible actions in the system, even after opening a new vulnerability.

Protection of individual applications Windows Defender Application Guard (WDAG) is designed to stop the spread of infection, if it has already entered the system. If someone accidentally downloaded and launched a malware from the Internet, or the malware got into the system through a 0day vulnerability, then WDAG tries to isolate this application so that it does not spread further on the local network and on the local computer. Microsoft writes that this is an additional level of system protection, in addition to firewall and antivirus.

Managed access to folders in Windows Defender Antivirus

This is a completely new option that is designed to protect valuable data on your computer from malicious applications and threats, including cryptographers. To enable this option in the English version of Windows 10, you must run the Windows Defender Security Center, go to the Virus & threat protection settings section and activate the Controlled folder access option.



The setting creates a "white" list of applications that are allowed access to certain folders. When another application attempts to write something to this folder or to change (encrypt) the files in it, the user will receive a notification about an attempted unauthorized access. In the settings of managed access, you can specify arbitrary folders for protection and arbitrary applications for the "white" list.



Although you can add arbitrary directories for protection, you cannot delete the default folders: Documents, Pictures, Movies and Desktop. Also, by default, access to folders of several applications is allowed.

Additional directories are added to the list for protection via the Protected folders folder . Microsoft writes that network resources (network shares) and logical drives (mapped drives) can be made, but environment variables and wildcards are not supported yet.



In theory, managed access to folders should prevent the cryptographer from accessing files. But how reliable this function is in practice - it still needs to be seen. For example, if Word is in the “white” list, will the malicious macros get access to the files?

Other security settings

In addition to the managed access to folders, in the new build, the option of permanent data (Data Persistence) in Microsoft Edge was implemented through group policies of the Application Guard virtual machine, in which the browser works. This feature is disabled by default, but after it is activated (via Windows Components > Windows Defender Application Guard ), all bookmarks, cookies and saved passwords will be saved in all future Application Guard sessions.



Microsoft promises to significantly enhance the protection of the Windows 10 platform by the fall, primarily due to the refinement and implementation of the Windows Defender Advanced Threat Protection (ATP) toolkit.

Microsoft also promises to use the “unique intelligence” Intelligent Security Graph (ISG), data mining and machine learning to process the trillions of signals that come to the cloud from users' computers to enhance protection. For system administrators implement new security analytics features (Security Analytics). They will allow you to track the installation status of critical patches, the status of important system security settings, configurations, etc. By the fall, the API for developers will be added, which will allow third-party systems to instruct Windows Defender ATP to automatically perform the necessary actions in the event of certain conditions.


All this is still in the plans. At the moment, Microsoft has implemented so far only managed access to files, which is also not bad.