Windows Defender Ransomware Protection - Error: Unauthorised Changes Blocked for App Added to Allowed List

  • Thread starter Thread starter Miss Chief
  • Start date Start date
M

Miss Chief

I'm using: Windows 10 Pro 64-bit


After the recent Windows update I am getting the following error when converting books in Calibre.



I have added all the exe files in C:\Program Files\Calibre2 including calibre-parallel to the Allowed Apps list:




But the error is still coming up.


I can't even exclude the directory in question as there is no option to add an excluded directory and apparently I cannot remove 'Documents' from the list.


I looked in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exploit Guard\Controlled Folder Access​


That only lists the apps and folders I have added.


I had a look in the PowerShell get-MpPreference gives the following:


AttackSurfaceReductionOnlyExclusions :​

AttackSurfaceReductionRules_Actions :​

AttackSurfaceReductionRules_Ids :​

CheckForSignaturesBeforeRunningScan : False​

CloudBlockLevel : 0​

CloudExtendedTimeout : 0​

ComputerID : ####X###-#X##-###X-####-####X#X#X###​

ControlledFolderAccessAllowedApplications : {C:\Program Files (x86)\...}​

ControlledFolderAccessProtectedFolders : {G:\Documents\...}​

DisableArchiveScanning : False​

DisableAutoExclusions : False​

DisableBehaviorMonitoring : False​

DisableBlockAtFirstSeen : False​

DisableCatchupFullScan : True​

DisableCatchupQuickScan : True​

DisableEmailScanning : True​

DisableIntrusionPreventionSystem :​

DisableIOAVProtection : False​

DisablePrivacyMode : False​

DisableRealtimeMonitoring : False​

DisableRemovableDriveScanning : True​

DisableRestorePoint : True​

DisableScanningMappedNetworkDrivesForFullScan : True​

DisableScanningNetworkFiles : False​

DisableScriptScanning : False​

EnableControlledFolderAccess : 1​

EnableNetworkProtection : 0​

ExclusionExtension :​

ExclusionPath : {G:\Documents\...}​

ExclusionProcess :​

HighThreatDefaultAction : 0​

LowThreatDefaultAction : 0​

MAPSReporting : 2​

ModerateThreatDefaultAction : 0​

PUAProtection : 0​

QuarantinePurgeItemsAfterDelay : 0​

RandomizeScheduleTaskTimes : True​

RealTimeScanDirection : 0​

RemediationScheduleDay : 0​

RemediationScheduleTime : 02:00:00​

ReportingAdditionalActionTimeOut : 10080​

ReportingCriticalFailureTimeOut : 10080​

ReportingNonCriticalTimeOut : 1440​

ScanAvgCPULoadFactor : 50​

ScanOnlyIfIdleEnabled : True​

ScanParameters : 1​

ScanPurgeItemsAfterDelay : 15​

ScanScheduleDay : 0​

ScanScheduleQuickScanTime : 00:00:00​

ScanScheduleTime : 02:00:00​

SevereThreatDefaultAction : 0​

SignatureAuGracePeriod : 0​

SignatureDefinitionUpdateFileSharesSources :​

SignatureDisableUpdateOnStartupWithoutEngine : False​

SignatureFallbackOrder : MicrosoftUpdateServer|MMPC​

SignatureFirstAuGracePeriod : 120​

SignatureScheduleDay : 8​

SignatureScheduleTime : 01:45:00​

SignatureUpdateCatchupInterval : 1​

SignatureUpdateInterval : 0​

SubmitSamplesConsent : 1​

ThreatIDDefaultAction_Actions : {6, 6}​

ThreatIDDefaultAction_Ids : {2147609988, 2147717281}​

UILockdown : False​

UnknownThreatDefaultAction : 0​

PSComputerName :​


Again there doesn't seem to be any option for excluding a folder or removing documents from the protected files.

This is ridiculous, I have had to turn off this feature entirely just to use this program, I only installed the update 12 hours ago... how many more of my programs are going to have issues with this?


Please advise of some way of removing Documents from the protected files list or someway of adding an exclusion, presumably this will require editing registry or group policies or perhaps some hidden PowerShell command? Alternatively please advise when a fix will be released so it actually allows apps in the Allowed Apps list?

Continue reading...
 
Back
Top