While ransomware protection features are built into our Windows 10 machines, Windows Server 2016 machines lacked those features. Starting with Windows Server 2019, Microsoft has introduced a new ransomware protection policy on virtual desktops. On your virtual/remote desktop hosted with us, this policy is already enabled by default.
Before you install your application(s) and migrate data to new folders that you may create, you need to follow the below steps to add the folder (where you have placed the data) to the protected folder list and add the permission for the specific application(s) to allow changes to files within the protected folder.
Steps to add/define protected folders and adding trusted/known application in the exception list:
- Click on Settings in the Start menu.
- Navigate to Windows Security.
- Click on Virus & threat protection.
- Click on Manage ransomware protection.
- By default, the Controlled folder access is enabled.
- Click on Protected folders.
- Click on Add a protected folder and select the appropriate folder or entire drive that you want to be protected.
If a change is attempted to be made in protected folders, users will be prompted with a security warning. Users must authorize applications to access files in these protected folders.
For example, if you have QuickBooks company files in a protected folder, you need to add the QuickBooks application in the exception/allowed list of applications to make changes to files in protected folders.
Another example is, if you have Excel or Word files in a protected folder, you need to add Microsoft Excel and Microsoft Word, to be added in the exception/allowed list of applications to make changes to files in protected folders.
- Right-click the application to be granted access.
- Go to Properties>Shortcut.
- Copy the content within the quotes in the Target box (excluding the .exe file).
- Navigate to Settings>Virus & threat protection>Manage ransomware protection.
- Click on Allow an app through Controlled folder access.
- Click on Add an allowed app>Browse all apps.
- Paste the copied content in the address bar, remove the .exe name. Within the folder, highlight/select the application and click on open. Below is an example to add the Team Viewer application to the allowed list of applications.