Will Windows 10’s Controlled Folder Access Protect Your Data from Ransomware?

Presented by

Nyotron’s Vera Drobov, Security Researcher, & Rene Kolga, Sr. Director, Product Management

About this talk

With the release of Windows 10 Fall Creators Update, Microsoft added a new feature called Controlled Folder Access (CFA) to Windows Defender Exploit Guard. This features allows users and organizations to control which processes can access certain folders in an attempt to help protect data from malicious programs, such as ransomware or wipers. But, will CFA really keep your data safe? Vera Drobov of Nyotron’s Security Research Team and Rene Kolga, Senior Director of Product Management at Nyotron will discuss why this isn’t likely due to vulnerabilities in the CFA feature. Our team has discovered at least five different ways of exploiting and bypassing CFA, including: - APC Injection - Windows Management Instrumentation (WMI) - Office Macros During this interactive webinar, you will see multiple exploits in action.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (28)
Subscribers (2831)
Nyotron pioneers a new generation of automatic Endpoint Detection and Response with integrated protection called Endpoint Prevention and Response (EPR). Our product prevents damage from malware that evades existing security layers and offers granular visibility into the attack. Based on the OS-Centric Positive Security, Nyotron's PARANOID automatically whitelists trusted operating system behavior and rejects everything else. No manual threat hunting, baselining, machine learning or cloud connectivity required. With PARANOID organizations gain true defense-in-depth protection against the most advanced attacks. Nyotron is headquartered in Santa Clara, CA with an R&D office in Israel. To learn more, visit www.nyotron.com.