Configure protected folders

Supported on: At least Windows Server 2016, Windows 10 Version 1709

Registry

HKLM Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access

Value name: ExploitGuard_ControlledFolderAccess_ProtectedFolders

Options

List (registry values) list - list under Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders

Description

Specify additional folders that should be guarded by the Controlled folder access feature. Files in these folders cannot be modified or deleted by untrusted applications. Default system folders are automatically protected. You can configure this setting to add additional folders. The list of default system folders that are protected is shown in Windows Security. Enabled: Specify additional folders that should be protected in the Options section. Disabled: No additional folders will be protected. Not configured: Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting.