Jump to content

Controlled Folder Access in win 10

spike6479
By spike6479
in Windows
 Share
Posted

I have turned on controlled file access. When a program violates controlled file access, the path to the program is severely truncated in the notification. Does anyone know how to find the full pathname of the program? I looked in the event logs and could not find anything logged.

I've had to disable this feature because it is so disruptive.

Thanks much.

Link to comment
https://linustechtips.com/topic/871200-controlled-folder-access-in-win-10/
Share on other sites
Link to post
Share on other sites
Posted

CFA operational logs are in the event log under Applications and Services logs > Microsoft > Windows > Windows Defender > Operational. For blocked accesses, you wanna filter by Event ID 1123, which will show all of them.

 

ID 5007 will show when settings are changed, and also shows the registry path where all allowed programs are stored - HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications\*path*.

 

If you need to check the event log regularly for these, I'd recommend creating a custom view so it's easier to just see these entries at a glance.

 

CFA.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Windows

×