I have a new Windows 11 computer that I share with my son. He tends to be quite curious about the Internet and I worry the system will end up being infected with malware. Worse, I fear ransomware attacks as it also contains lots of important work files. How can I protect my Win11 system from ransomware?
You’re correct in your assessment that your PC is at risk due to your son’s curiosity about the Internet. It’s easy for people to be lured into download malware or infected programs, particularly if they seek free games, “cracked” commercial software, and similar. One solution might be to get a Chromebook or similar for him to use, making your PC off-limits, but that’s a fairly expensive path. Setting up separate user accounts on the PC can be helpful for isolating any malware he might inadvertently install, but it’s not a guaranteed solution either.
What I would do first off is set up Windows Security (formerly known as Windows Defender), the anti-virus and anti-malware software program that is included with Windows 11 and managed by Microsoft. Part of that suite is ransomware protection, so you’ll get that covered too. Let’s focus on the ransomware protection and I’ll show you how to enable the rest of Windows Security along the way…
LAUNCH WINDOWS SECURITY
There are a number of ways you can launch the Windows Defender, uhm, Security program. One easy solution: use the Taskbar search feature to search for ‘windows security’:
Once launched, you’ll see the main view:
Notice that it includes virus and threat protection, account protection, firewall protection, and more. Odds are good that it’s already enabled, in which case you’ll see the green checkmarks as I have shown above. If not, click on each to enable it, a straightforward task!
WINDOWS SECURITY – VIRUS & THREAT PROTECTION
Perhaps the most important of these features is Virus & threat protection, so click on that…
Your virus definitions should be up to date; if it says it isn’t, run the Check for Updates utility to fix that. I run a Quick Scan for viruses and other malware every week or so, and it’s easily launched with the “Quick scan” button. You can see that it is a pretty speedy scan too, checking almost 50,000 files in under 90 seconds.
Scroll down further on this window, however, and you’ll find the Ransomware Protection feature:
Here’s what’s confusing, though: By default, ransomware protection is off, even though it shows “no action needed”.
HOW TO ENABLE RANSOMWARE PROTECTION IN WINDOWS SECURITY
Click on the “Manage ransomware protection” and you’ll see what I mean:
The key feature for protecting yourself against ransomware is to lock down your Document and other folders. If the ransomware app can’t get to your files to encrypt them, it can’t really cause any mayhem. By default, however, this feature is off, as shown. Why? Because enabling it can cause some hassles with legit programs that want to read or write to Documents, Photos, or similar.
I recommend you enable it by changing the setting for Controlled folder access to On, but be aware that if you have lots of problems with your regular suite of apps, this might be the culprit.
Once enabled, you can also change which folders are protected, block history, and similar:
You can also read more about Microsoft’s advice on How to Avoid Ransomware Attacks too.
That should get you set up. Good luck with your son. A bit of education about what’s safe and what’s dangerous in the online world might be time well spent for both of you too.
Pro Tip: I’ve been writing about Windows for many years and now have an extensive Windows 10 & Windows 11 help area. Please check it out to find lots of additional tutorials and guides while you’re here. Thanks!
This tip works in Windows 10-21H too. I followed these instructions in Windows 11, then reset my system back to Windows 10-21H2 (clean install) so I tried it there, and the setting is available and appears to work.
Thank you for posting this item! I have always assumed that because the status of Ransomware Protection was stated as “No Action Needed”, it was enabled, and active. It is good to know which settings have misleading labels. I have enabled this feature, and I’ll see how it goes. There is an option “Allow an app through Controlled folder access” that you did not mention in this item. Perhaps you can do a follow-up and tell us readers what ramifications this setting has on Ransomware Protection. For Example, I use Macrium Reflect to back-up my PC. If I add the partition containing my back-up image files to Protected folders, then add the Macrium Reflect app to Allow an app through Controlled folder access, will those two actions significantly affect my system’s Ransomware/malware protection and will taking these steps make my over-all system security stronger than not doing so?
Thank you for all you do,
Ernie