Will Windows 10’s Controlled Folder Access Protect Your Data from Ransomware?
With the release of Windows 10 Fall Creators Update, Microsoft added a new feature called Controlled Folder Access (CFA) to Windows Defender Exploit Guard. This features allows users and organizations to control which processes can access certain folders in an attempt to help protect data from malicious programs, such as ransomware or wipers. But, will CFA really keep your data safe? Vera Drobov of Nyotron’s Security Research Team and Rene Kolga, Senior Director of Product Management at Nyotron will discuss why this isn’t likely due to vulnerabilities in the CFA feature. Our team has discovered at least five different ways of exploiting and bypassing CFA, including: - APC Injection; - Windows Management Instrumentation (WMI); - Office Macros.