Detect when Controlled Folder Access is active

Question

On Win10, the "anti-ransomware" feature Controlled Folder Access impedes accessing non-whitelisted softwares to certain folders.

Is there a way (API) to know if that feature is in place when you get an error in some file operation?, so far I could find none.

Specifically what I am after is adding in de Desktop a link/icon to the app during installation. As far as I know, innoSetup is not aware of this and throws an error so my idea is to create the link myself and, in case of error inform the user, but I'd like to confirm that the real cause of the problem is CFA.

Answer 1

Try PowerShell: Get-MpPreference | Select-Object -ExpandProperty EnableControlledFolderAccess

Also, you may check protected folders and allowed apps: Get-MpPreference | Select-Object -ExpandProperty ControlledFolderAccessProtectedFolders Get-MpPreference | Select-Object -ExpandProperty EnableControlledFolderAccess

However, if you need it just for you setup, try to run the installer with the admin rights.

Answer 2

You can find in registry if the feature is enabled or not:

In key \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access, there is a read-only property EnableControlledFolderAccess equals to 1 if anti-ransomware is enabled, 0 otherwise.

Subkey AllowedApplications lists full .exe path of applications already allowed.

Subkey ProtectedFolders lists folders manually added by user (Documents, Pictures, Favorites, Videos and Music directories are defacto protected).