Ransomware is nasty stuff. This type of malware encrypts files on your PC so that you can’t access them—unless you must pay the attacker to unlock the data. In other words, your files are held hostage until you cough up the demanded ransom.
The best defense against ransomware is avoiding sites and downloads riddled with it, but you can take other protective measures, too. Modern antivirus software often restrict which apps can change files in folders commonly targeted by ransomware. Microsoft Defender, which is built into Windows, can do this too. (Microsoft changed the name from Windows Defender several years ago, but it’s the same program.) Some antivirus suites also run automatic backups, in case you need to restore your files.
The catch? Unlike third-party antivirus software, these extra safeguards are not turned on by default in Microsoft Defender. You have to enable them yourself.
Further reading: Tech Advisor’s top picks for best antivirus software 2024.
How to turn on ransomware protection in Windows
Step One: Open Windows Security
Open the Windows Security app on your PC. You can access it in one of several ways:
- Press Alt + Spacebar on your keyboard, type in windows security, then hit Enter
- Open your Start Menu and type in windows security, then press Enter
- Open your Settings app, then choose Windows Security in the left pane
Step Two: Find your ransomware settings
In the Windows Security app, click on Virus & threat protection. Then click Manage ransomware protection at the bottom of the screen.
Next, turn on Controlled folder access. This setting restricts app access to your PC’s default OneDrive, Documents, Pictures, Videos, Music, and Favorites folders. You can also manually add other folders to the list.
Not all apps will be barred from these areas in Windows—Microsoft Office programs are automatically allowed to open and alter files. But if it’s not on Microsoft’s internal list of trusted apps, a program can’t see anything in those folders until explicit permission is granted in Windows Security.
Step three: Make sure you’re logged into OneDrive
Limiting access to files and folders won’t completely protect them. Another important method of defense is to have good backups—which Windows automatically does if you’re logged into OneDrive. (You can either connect a Microsoft account to your whole Windows PC, or just the OneDrive app specifically.)
To confirm that this protection is on, you can look at Ransomware protection > Ransomware data recovery.
Of course, for the purpose of warding off ransomware’s worst effects, the safest backup of your files is the one you keep offline. You should make one in addition to anything stored in the cloud—if you only have one copy of your data, you’re not properly backed up after all.
Should you turn on ransomware protection in Windows?
Security and convenience live on opposite ends of a spectrum, and that’s the case here, too. Controlling folder access in Windows can keep attackers out of your important folders, but it can also be slightly inconvenient. Gamers, for example, may find that access to save files might be blocked by default, as they’re often saved in your Documents folder.
You can solve this problem with minimal work—add the app to the access list. Or save game files to a different folder on your PC that does not have controlled access to it. (You’ll just have to use third-party software to set up a schedule for regular backups.)
This article originally appeared on PCWorld.