Results 1 to 2 of 2

Thread: controlled folder access

  1. #1
    .NET Framework
    .NET 4.5
    Join Date
    Dec 2005
    Location
    Norway
    Posts
    15,207
    Reputation
    2859

    controlled folder access

    Some thoughts about new Defender feature controlled folder access.

    Windows 10 Fall Creators Update includes a new feature for Defender called "controlled folder access", which means folders can be protected from unauthorized changes. By default it is not enabled, but enabled it will protect standard user folders like Documents, Pictures, Desktop etc and user can add other folders including network shares to add protection for their documents. When enabled applications can not write to these locations unless they are explicitly whitelisted (elevated admin prompt). Some applications are allowed implicitly, like MS Office and MS Notepad. Also, standard folders can't be excluded from this protection.

    From what I read in articles a notification about block should appear and give user option to add the application to whitelist, that is not what happens on my machine, the notification appears but no option to whitelist it there. Also in Defender settings there is no blocklist with option to whitelist. There is a dialog where I can browse manually to an .exe to add it to whitelist (or paste a path), this can only get better.

    The block notification truncates the path, I've found hidden deep in event lists a Defender event list that shows the block event, and also includes the full path. What about Clickonce installed applications? As you know their path is convoluted, and also changes if updated. No way users will be able to whitelist them manually.

    So if you thought your application could safely write to user Documents and such folders think again, prepare for FileNotFoundException of all things.

    If you have VS projects in Documents folder they are affected by this as well when debugging.
    [xcode=vb] code here [/xcode] - see bbcode list or use formatting buttons in posting editor.

    Visual Studio Community 2017

  2. #2
    .NET Framework
    .NET 4.5
    Join Date
    Dec 2005
    Location
    Norway
    Posts
    15,207
    Reputation
    2859
    Just saw the installation of a commercial application crash and burn because it wasn't allowed to put app icon on desktop. LOL

    On top, the installation was run from a network share, I tried to allow the mapped path to setup file, but Defender CFA would only let it through when I used the UNC path to the setup file. "Temporarily disable CFA" is what I should have done - I just tested this as well and it appears the folder and whitelisted apps are preserved when I re-enable it.
    [xcode=vb] code here [/xcode] - see bbcode list or use formatting buttons in posting editor.

    Visual Studio Community 2017

Similar Threads

  1. Question How to make a remotelly controlled webbrowser ?
    By k@$f in forum Windows Forms
    Replies: 5
    Last Post: 03-18-2013, 2:46 PM
  2. [HOW TO ?]Open default browser in a controlled window
    By k@$f in forum VB.NET General Discussion
    Replies: 1
    Last Post: 06-09-2012, 11:26 AM
  3. Access to protected folder
    By rtss in forum Security
    Replies: 0
    Last Post: 02-06-2011, 4:52 AM
  4. FtpWebRequest only has access to a specific folder
    By Ahren in forum Net / Sockets
    Replies: 8
    Last Post: 08-06-2009, 7:08 PM
  5. Folder/file Access Denied...
    By WellsCarrie in forum ASP.NET General Discussion
    Replies: 2
    Last Post: 09-14-2005, 11:14 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •