Controlled folder access is designed to protect your valuable data from malicious apps and threats, such as ransomware. This feature works by checking apps against a list of known, trusted apps and blocking unauthorized or unsafe apps from accessing or changing files in protected folders.

Learn about privacy concerns with apps having file system access and find out how to allow or deny apps and services from accessing your file system.

In Windows 10 or 11 turn on Controlled Folder Access to protect your important local folders from unauthorized programs like ransomware or other malware. Get ransomware detection and recovery with Microsoft 365 advanced protection.

A vulnerability exists in Windows that allows unauthorized users to view the full file path to a resource they do not have permissions to access. This vulnerability might occur when the user has FILE_LIST_DIRECTORY access rights on a parent folder and obtains directory change notifications.

You can't control most of the permissions for this app in Settings > Privacy. Note that while the app has the ability to access these resources, it might not actually do so.

Label and protect files in File Explorer in Windows by using the Classify and Protect tool.

Learn about User Account Control settings in Windows.

How to access and change the privacy settings in Windows 10 and 11.

Agents typically get access to known folders or specific shared folders, and you can see this reflected in the folder’s access control settings. Each agent has its own workspace and its own permissions—what one agent can access doesn’t automatically apply to others.

After you have set permissions for a library, you may want to set unique permissions on one or more folders in that library. For example, you may want to create a subfolder where anyone could read and add files to a subfolder, but not the root folder or any other subfolder.