Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,788 questions
Have you tried add Onedrive to allowed app list in Controlled Folders?
Enable Controlled Folder Access blocks Onedrive.exe
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 69%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
IMK
421
Reputation points
Hi
I have Enabled Controlled Folder Access (Endpoint Manager -> Endpoint security -> Attack surface reduction -> Attack Surface Reduction Rules (policy) -> Enable Controlled Folder Access).
In Windows 11 device, this resulted onedrive.exe to be blocked and Known Folder Move didn't work for Documents and Pictures folders, which are default folders in Controlled Folder Access.
This haven't been a problem before and I noticed with this one new device, which happened to be Windows 11. All other devices are Windows 10.
Why Controlled Folder Access now started to block onedrive.exe? Is this some Win 10/11 difference?
3 answers
Sort by: Most helpful
-
Pavel yannara Mirochnitchenko 12,391 Reputation points MVP2023-02-21T21:15:40.32+00:00 -
IMK 421 Reputation points
2023-02-22T09:38:57.85+00:00 Yes I have, and it works.
But the question why I have to do it now when it hasn't been a need before? Why Controlled Folders in now started to block OneDrive?
-
Pavel yannara Mirochnitchenko 12,391 Reputation points MVP
2023-02-22T11:32:08.8066667+00:00 Yea, same happend for me with OneDrive when I was applying Applocker. OneDrive lives inside user profile, it is not typical app.
Sign in to comment -
-
IMK 421 Reputation points
2023-02-22T15:14:44.0466667+00:00 This was a new device.
Could it be possible that the onedrive started in user profile after OOBE but changed to machine-wide installation of onedrive?
What I have understood, if OneDrive.exe resides in user profile, Defender is not considering as safe. But if it is a machine-wide installation, OneDrive.exe is in Program Files -folder, it is considered as safe.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,081 Reputation points2023-02-23T09:46:45.6866667+00:00 Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query
When you enable Controlled Folder Access (CFA) in Windows Defender Security [1], Onedrive.exe will be blocked from modifying or creating files in certain folders. CFA is designed to help protect your files from ransomware and other malicious software by restricting access to protected folders and their subfolders. To enable CFA, open the Windows Security app, and select Virus & Threat Protection > Manage Settings > Controlled Folder Access > On. You can then select the folders you want to protect and add them to the protected list.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.