- Ukufinyelela okulawulwayo kumafolda kunciphisa ukuthi yiziphi izinhlelo zokusebenza ezingashintsha amafayela ezindaweni ezivikelwe, okunciphisa umthelela we-ransomware.
- Isebenza ku Windows 10, Windows 11 kanye nezinhlelo ezahlukene ze-Windows Server uma nje i-Microsoft Defender iyi-antivirus esebenzayo.
- Ikuvumela ukuthi ungeze amafolda nezinhlelo zokusebenza ezithembekile, uziphathe kusuka ku-Windows Security noma phakathi nendawo nge-Intune, GPO, Configuration Manager kanye I-PowerShell.
- Ihlanganisa izindlela zokuhlola futhi ikhiqiza imicimbi enemininingwane yokubuyekeza ukukhiya nokulungisa izilungiselelo ngaphandle kokuphazamisa umsebenzi.
Uma ukhathazekile I-Ransomware kanye nokuphepha kwamafayela akho ku-Windows 11Kukhona isici esakhelwe ngaphakathi okungenzeka ukuthi usikhubazile esingenza umehluko omkhulu: Ukufinyelela Kwefolda Elawulwayo. Akuyona imilingo, futhi ayithathi indawo yama-backup, kodwa ingeza ungqimba olwengeziwe lokuvikela, futhi uma udinga ukulungisa izimvume, unga... nika izimvume kumafolda namafayelaokwenza impilo ibe nzima kakhulu I-malware ezama ukubethela noma ukususa amadokhumenti akho abaluleke kakhulu.
Lesi sici sifakiwe ku- I-Windows 11, i-Windows 10, kanye nezinguqulo ezahlukene ze-Windows Server futhi ihlangana ne-Microsoft Defender. Ngokuzenzakalelayo, ivame ukukhutshazwa ngoba ingaba lukhuni futhi ngezinye izikhathi ivimbele izinhlelo ezisemthethweni, kodwa ungayilungisa ngendlela oyithandayo. shintsha indawo ezenzakalelayo, engeza amafolda engeziwe, vumela izinhlelo zokusebenza ezithile futhi uziphathe ngisho nangenqubomgomo yeqembu, i-Intune, i-Configuration Manager noma i-PowerShell, kokubili kumakhompyutha asekhaya nasezindaweni zezinkampani.
Kuyini ngempela ukufinyelela ifolda elawulwayo?
Ukufinyelela ifolda okulawulwayo kuyisici se I-Microsoft Defender Antivirus yenzelwe ukuvimba i-ransomware kanye nezinye izinhlobo ze-malware ezizama ukuguqula noma ukususa amafayela ezindaweni ezithile ezivikelwe. Esikhundleni sokuvimbela konke okusebenzayo, kuvumela kuphela izinhlelo zokusebenza ezibhekwa njengezithembekile ukuthi zenze izinguquko kulawo mafolda.
Empeleni, lokhu kuvikelwa kusekelwe ku- uhlu lwezinhlelo zokusebenza ezithembekile kanye nolunye uhlu lwamafolda avikelwe. I Izinhlelo zokusebenza Izinhlelo zokusebenza ezinedumela elihle kanye nokusabalala okuphezulu ohlelweni lwe-Windows zivunyelwe ngokuzenzakalelayo, kuyilapho izinhlelo zokusebenza ezingaziwa noma ezisolisayo ngeke zikwazi ukuguqula noma ukususa amafayela ezindleleni ezilawulwayo, yize zingawafunda.
Kubalulekile ukuqonda ukuthi lo msebenzi Akuvimbeli i-malware ekukopisheni noma ekufundeni idathaOkukuvimbayo yizenzo zokushintsha, ukubhala ngemfihlo, noma ukususa amafayela avikelwe. Uma umhlaseli ekwazi ukungena ohlelweni lwakho, angase akhiphe ulwazi, kodwa kuzoba nzima kakhulu ngaye ukulimaza amadokhumenti akho ayisihluthulelo.
I-Controlled Folder Access iklanyelwe ukusebenza ngokubambisana ne- I-Microsoft Defender ye-Endpoint kanye ne-Microsoft Defender Portallapho ungabona khona imibiko eningiliziwe yalokho okuvinjiwe noma okuhloliwe, okuwusizo kakhulu ikakhulukazi ezinkampanini ukuphenya izehlakalo zokuphepha.
Izinhlelo zokusebenza ezihambisanayo kanye nezimfuneko
Ngaphambi kokuthi ucabangele ukuyisebenzisa, kuwumqondo omuhle ukwazi ukuthi isebenza kumaphi amapulatifomu. Ukufinyelela kufolda elawulwayo kuyatholakala ku- I-Windows 11, i-Windows 10, kanye nezinhlelo ezahlukene ze-Windows Server, ngaphezu kwezinye izinhlelo ezithile ze-Microsoft ezifana ne-Azure Stack HCI.
Ngokuqondile, umsebenzi usekelwa ku- I-Windows 10 ne-Windows 11 ezinhlelweni zazo nge-Microsoft Defender njenge-antivirus, futhi ohlangothini lweseva isekelwa ku-Windows Server 2016 kanye nezinguqulo zakamuva, i-Windows Server 2012 R2, i-Windows Server 2019 kanye nezalandela, kanye nakuhlelo lokusebenza lwe-Azure Stack HCI kusukela kunguqulo 23H2.
Imininingwane ebalulekile ukuthi ukufinyelela okulawulwayo kumafolda Isebenza kuphela uma i-antivirus esebenzayo iyi-Microsoft Defender.Uma usebenzisa i-antivirus yomuntu wesithathu ekhubaza i-Defender, izilungiselelo zalesi sici zizonyamalala kuhlelo lokusebenza lwe-Windows Security noma zingasebenzi, futhi kuzodingeka uthembele ekuvikelweni kwe-anti-ransomware komkhiqizo owufakile.
Ezindaweni eziphethwe, ngaphezu kwe-Defender, okulandelayo kuyadingeka amathuluzi afana ne-Microsoft Intune, i-Configuration Manager, noma izixazululo ze-MDM ezihambisanayo ukuze ukwazi ukufaka nokuphatha izinqubomgomo zokufinyelela amafolda alawulwayo phakathi kwamadivayisi amaningi.
Indlela ukufinyelela ifolda elawulwayo okusebenza ngayo ngaphakathi
Ukuziphatha kwalo msebenzi kusekelwe ezinsikeni ezimbili: ngakolunye uhlangothi, amafolda abhekwa njengavikelwe futhi ngakolunye uhlangothi izinhlelo zokusebenza ezibhekwa njengezithembekileNoma yimuphi umzamo wohlelo lokusebenza olungathembekile wokubhala, ukuguqula, noma ukususa amafayela kulawo mafolda uvinjelwe noma uhlolwe, kuye ngemodi elungiselelwe.
Uma isici sivuliwe, i-Windows imaka izinto eziningana njengezivikelwe. amafolda abasebenzisi avame kakhuluLokhu kufaka phakathi amafayela afana namadokhumenti, izithombe, amavidiyo, umculo, kanye nezintandokazi, kusukela kumafolda e-akhawunti esebenzayo kanye namafolda omphakathi. Ngaphezu kwalokho, izindlela ezithile zephrofayela yesistimu (isibonelo, amafolda edokhumenti kuphrofayela yesistimu) kanye nezindawo ezibalulekile zesistimu nazo zifakiwe. ibhuthini.
Uhlu lwezinhlelo zokusebenza ezivunyelwe lukhiqizwa kusukela ku- Udumo kanye nokusabalala kwesofthiwe ohlelweni lwe-MicrosoftIzinhlelo ezisetshenziswa kabanzi ezingakaze zibonise ukuziphatha okunonya zibhekwa njengezithembekile futhi zigunyazwa ngokuzenzakalelayo. Ezinye izinhlelo zokusebenza ezingaziwa kangako, amathuluzi e-homebrew, noma ama-executable aphathekayo angase avinjwe uze uzivumele mathupha.
Ezinhlanganweni zebhizinisi, ngaphezu kohlu oluzenzakalelayo, abaphathi bangakwazi engeza noma vumela isofthiwe ethile nge-Microsoft Intune, i-Configuration Manager, izinqubomgomo zeqembu noma ukucushwa kwe-MDM, ukulungisa lokho okuvinjiwe nalokho okungekho ngaphakathi kwesimo senkampani.
Ukuze kuhlolwe umthelela ngaphambi kokusebenzisa i-hard block, kukhona imodi yokuhlola Lokhu kuvumela izinhlelo zokusebenza ukuthi zisebenze ngendlela evamile kodwa kubhala phansi izehlakalo ukuthi yini ebingavinjelwa. Lokhu kuvumela ukubuyekezwa okuningiliziwe kokuthi ukushintshela kwimodi yokuvimba ngokuqinile kungaphazamisa izinqubo zebhizinisi noma izinhlelo zokusebenza ezibucayi.
Kungani kubaluleke kangaka ngokumelene ne-ransomware?
Ukuhlaselwa kweRansomware kuhloswe ngakho bhala amadokhumenti akho bese ucela isihlengo ukubuyisela ukufinyelela kwakho. Ukufinyelela kwefolda elawulwayo kugxila ngqo ekuvimbeleni izinhlelo zokusebenza ezingagunyaziwe ukuthi zishintshe amafayela abaluleke kakhulu kuwe, avame ukutholakala kumadokhumenti, izithombe, amavidiyo, noma amanye amafolda lapho ugcina khona amaphrojekthi akho kanye nedatha yomuntu siqu.
Uma uhlelo lokusebenza olungaziwa luzama ukufinyelela ifayela kufolda evikelwe, iWindows ikhiqiza i- isaziso kudivayisi esixwayisa ngebhulokhiLesi sixwayiso singenziwa ngokwezifiso ezindaweni zebhizinisi ngolwazi lokuxhumana lwangaphakathi ukuze abasebenzisi bazi ukuthi bazoxhumana nobani uma bedinga usizo noma uma bekholelwa ukuthi kuyiphutha.
Ngaphezu kwamafolda abasebenzisi avamile, uhlelo luvikela futhi amafolda esistimu kanye nemikhakha yokuqalisaukunciphisa indawo yokuhlasela ye-malware ezama ukulawula ukuqalisa uhlelo noma izingxenye ezibalulekile ze-Windows.
Enye inzuzo ukukwazi ukusebenzisa okokuqala indlela yokuhlola ukuhlaziya umthelelaNgale ndlela ungabona ukuthi yiziphi izinhlelo ebezizovinjwa, ubuyekeze amalogi, futhi ulungise uhlu lwamafolda nezinhlelo zokusebenza ezivunyelwe ngaphambi kokuthatha isinyathelo sokuvimba okuqinile, ugweme ukumangala endaweni yokukhiqiza.
Amafolda avikelwe ngokuzenzakalelayo ku-Windows
Ngokuzenzakalelayo, i-Windows imaka izindawo eziningi zamafayela ezivamile njengezivikelwe. Lokhu kufaka phakathi kokubili amafolda ephrofayela yomsebenzisi njengamafolda omphakathiukuze iningi lamadokhumenti akho, izithombe, umculo, namavidiyo avikelwe ngaphandle kokuthi ulungiselele noma yini eyengeziwe.
Phakathi kwezinye, imizila efana c:\Abasebenzisi\ \Amadokhumenti kanye no-c:\Abasebenzisi\Omphakathi\Amadokhumentiokulingana kwezithombe, amavidiyo, umculo kanye nezintandokazi, kanye nezindlela ezifanayo ezifanayo zama-akhawunti esistimu njenge-LocalService, i-NetworkService noma i-systemprofile, uma nje amafolda ekhona ohlelweni.
Lezi zindawo zibonakala ngokucacile kuphrofayela yomsebenzisi, ngaphakathi “Le PC” ku-File ExplorerNgakho-ke, lezi ngokuvamile yizo ozisebenzisa nsuku zonke ngaphandle kokucabanga kakhulu ngesakhiwo sangaphakathi sefolda ye-Windows.
Kubalulekile ukuthi unake Amafolda avikelwe ngokuzenzakalelayo awakwazi ukususwa ohlwiniUngangeza amanye amafolda akho kwezinye izindawo, kodwa lawo avela efektri ahlala evikelwe ukuze kuncishiswe ingozi yokukhubaza ukuzivikela ngengozi ezindaweni ezibalulekile.
Indlela yokuvula ukufinyelela kwefolda elawulwayo kusuka ku-Windows Security
Kwabasebenzisi abaningi basekhaya kanye namabhizinisi amaningi amancane, indlela elula yokusebenzisa lesi sici iwukuba Uhlelo lokusebenza lwe-Windows Security lufakiwe ohlelweniAsikho isidingo sokufaka noma yini eyengeziwe, vele ushintshe izinketho ezimbalwa.
Okokuqala, vula imenyu ethi Qala, thayipha “Ukuphepha kweWindows” noma “Ukuphepha kweWindows” bese uvula uhlelo lokusebenza. Kuphaneli eyinhloko, iya esigabeni esithi "Ukuvikelwa kwegciwane kanye nosongo", lapho izinketho ezihlobene ne-malware zeDefender zitholakala khona.
Ngaphakathi kwaleso sikrini, skrola phansi uze uthole isigaba se- "Ukuvikelwa ku-ransomware" bese uchofoza ku-“Phatha ukuvikelwa kwe-ransomware”. Uma usebenzisa i-antivirus yomuntu wesithathu, ungase ubone ireferensi yalowo mkhiqizo lapha futhi Ngeke ukwazi ukusebenzisa lesi sici ngenkathi leyo antivirus isebenza.
Esikrinini sokuvikela i-ransomware uzobona inkinobho yokushintsha ebizwa ngokuthi "Ukufinyelela okulawulwayo kumafolda"Yisebenzise futhi, uma uhlelo lubonisa isexwayiso se-User Account Control (UAC), yamukele ukuze usebenzise izinguquko ngamalungelo okuphatha.
Uma sekuvuliwe, kuzoboniswa izinketho eziningana ezengeziwe: Umlando wokuvimba, amafolda avikelwe kanye nekhono lokuvumela izinhlelo zokusebenza ngokufinyelela kufolda elawulwayo. Ukusuka lapha ungalungisa izilungiselelo njengoba kudingeka.
Lungiselela futhi ulungise ukufinyelela kwefolda elawulwayo
Uma umsebenzi ususebenza, kuvamile ukuthi isikhathi esiningi ungaqapheli lutho olungavamile empilweni yakho yansuku zonkeNoma kunjalo, ngezinye izikhathi ungathola izexwayiso uma uhlelo lokusebenza olusebenzisayo luzama ukubhalela ifolda evikelwe futhi lungekho ohlwini oluthembekile.
Uma uthola izaziso, ungabuyela ku-Windows Security nganoma yisiphi isikhathi bese ufaka Ukuvikelwa kwe-antivirus kanye nezinsongo > Phatha ukuvikelwa kwe-ransomwareUkusuka lapho uzoba nokufinyelela okuqondile kuzilungiselelo zokuvimba, amafolda nezinhlelo zokusebenza ezivunyelwe.
Ingxenye ye "Umlando wamabhulokhi" ubonisa uhlu lwawo wonke amabhulokhi Umbiko uchaza izehlakalo: ukuthi yiliphi ifayela noma i-executable elamiswa, nini, yiliphi ifolda evikelwe eyayizama ukulifinyelela, kanye nezinga lobunzima (eliphansi, eliphakathi, eliphezulu, noma elinzima). Uma uqinisekile ukuthi uhlelo oluthembekile, ungalukhetha bese ukhetha okuthi "Vumela kudivayisi" ukuze uluvule.
Esigabeni esithi "Amafolda Avikelwe", uhlelo lokusebenza lubonisa zonke izindlela okwamanje ezingaphansi kokuvikelwa kokufinyelela kwefolda elawulwayo. Ukusuka lapho ungakwazi engeza amafolda amasha noma ususe lawo owengezileNoma kunjalo, amafolda e-Windows azenzakalelayo, njenge-Documents noma Pictures, awakwazi ukususwa ohlwini.
Uma nganoma yisiphi isikhathi uthola ukuthi lesi sici siphazamisa kakhulu, ungahlala usenza njalo khubaza futhi ukushintsha ukufinyelela kufolda elawulwayo Kusukela esikrinini esifanayo. Ushintsho lushesha futhi konke kubuyela endleleni obekuyikho ngayo ngaphambi kokuyisebenzisa, yize kusobala ukuthi uzolahlekelwa yilowo mgoqo owengeziwe ngokumelene ne-ransomware.
Engeza noma susa amafolda engeziwe avikelwe
Akuwona wonke umuntu ogcina amadokhumenti akhe kulabhulali ejwayelekile ye-Windows. Uma uvame ukusebenza kusuka ku- amanye amadrayivu, amafolda ephrojekthi, noma izindlela ezenziwe ngokwezifisoUnesifiso sokuzifaka ngaphakathi kobubanzi bokuvikelwa kokufinyelela okulawulwayo kumafolda.
Ukusebenzisa uhlelo lokusebenza lwe-Windows Security, inqubo ilula kakhulu: esigabeni sokuvikela i-ransomware, iya ku- “Amafolda avikelwe” bese wamukela isaziso se-UAC Uma kuvela, uzobona uhlu lwamafolda avikelwe njengamanje kanye nenkinobho ethi "Engeza ifolda evikelwe".
Ukucindezela leyo nkinobho kuzovula iwindi lesiphequluli ukuze Khetha ifolda ofuna ukuyengezaKhetha indlela (isibonelo, ifolda kwenye idrayivu, isiqondisi esisebenzayo samaphrojekthi akho, noma ngisho nedrayivu yenethiwekhi emephiwe) bese uqinisekisa. Kusukela ngaleso sikhathi kuqhubeke, noma yimuphi umzamo wokushintsha ifolda kusuka kuhlelo lokusebenza olungathembekile uzovinjelwa noma uhlolwe.
Uma kamuva unquma ukuthi awusafuni ifolda ethile ivikelwe, ungakwazi Khetha ohlwini bese ucindezela okuthi “Susa”Ungasusa kuphela amafolda engeziwe owafakile; lawo i-Windows emaka njengavikelwe ngokuzenzakalelayo awakwazi ukususwa ukuze kugwenywe ukushiya izindawo ezibalulekile zingavikelwe ngaphandle kokuthi uqaphele.
Ngaphezu kwamayunithi endawo, ungacacisa ukwabelana ngenethiwekhi namadrayivu amephuweKungenzeka ukusebenzisa iziguquguquko zemvelo ezindleleni, yize ama-wildcard engasekelwa. Lokhu kunikeza ukuguquguquka okukhulu kokuvikela izindawo ezindaweni eziyinkimbinkimbi kakhulu noma ngezikripthi zokucushwa ezenzakalelayo.
Vumela izinhlelo zokusebenza ezithembekile ezivinjiwe
Kuvamile ukuthi, ngemva kokusebenzisa lesi sici, ezinye izinhlelo zokusebenza ezisemthethweni ziyathinteka, ikakhulukazi uma Igcina idatha kumadokhumenti, izithombe, noma kufolda evikelwe.Imidlalo ye-PC, amathuluzi ehhovisi angadumile kangako, noma izinhlelo ezindala zingase zibhekane nobunzima lapho uzama ukuthayipha.
Kulezi zimo, i-Windows Security ngokwayo inikeza inketho "Vumela uhlelo lokusebenza ngokufinyelela kufolda elawulwayo"Ukusuka kuphaneli yokuvikela ye-ransomware, iya kulesi sigaba bese uchofoza ku-"Engeza uhlelo lokusebenza oluvunyelwe".
Ungakhetha ukwengeza izinhlelo zokusebenza ohlwini lwe- “Izinhlelo zokusebenza ezivinjiwe muva nje” (kulula kakhulu uma into isivele ivinjiwe futhi ufuna ukuyivumela) noma upheqa kuzo zonke izinhlelo zokusebenza ukuze ulindele futhi umake njengezinhlelo ezithile ozaziyo ukuthi kuzodingeka zibhalelwe amafolda avikelwe.
Uma ungeza uhlelo lokusebenza, kubalulekile ukuthi chaza indlela eqondile eya ku-executableYileyo ndawo ethile kuphela ezovunyelwa; uma uhlelo lukhona kwenye indlela enegama elifanayo, ngeke lufakwe ngokuzenzakalelayo ohlwini oluvunyelwe futhi lungase luvinjelwe ukufinyelela kwefolda elawulwayo.
Kubalulekile ukukhumbula ukuthi, ngisho nangemva kokuvumela uhlelo lokusebenza noma isevisi, Izinqubo eziqhubekayo zingase ziqhubeke nokukhiqiza imicimbi kuze kube yilapho bema futhi beqala kabusha. Ngamanye amazwi, kungadingeka ukuthi uqale kabusha uhlelo lokusebenza (noma isevisi uqobo) ukuze okuhlukile okusha kusebenze ngokugcwele.
Ukuphathwa kwebhizinisi okuthuthukisiwe: Intune, Umphathi Wokucushwa, kanye nenqubomgomo yeqembu
Ezimweni zezinkampani, akuvamile ukushintsha izilungiselelo zeqembu neqembu ngesandla, kodwa chaza izinqubomgomo ezimaphakathi ezisetshenziswa ngendlela elawulwayo. Ukufinyelela ifolda elawulwayo kuhlanganiswe namathuluzi ahlukahlukene okuphatha amadivayisi e-Microsoft.
Nge-Microsoft Intune, isibonelo, ungakha Isiqondiso Sokunciphisa Uhlaselo Lomphezulu Ku-Windows 10, Windows 11, kanye ne-Windows Server. Ngaphakathi kwephrofayili, kunenketho ethile yokuvumela ukufinyelela okulawulwayo kumafolda, okukuvumela ukuthi ukhethe phakathi kwezindlela ezifana nokuthi "Kunikwe amandla," "Kukhubazekile," "Imodi yokuhlola," "Ukuguqulwa kwediski yokuvimba kuphela," noma "Ukuguqulwa kwediski yokuhlola kuphela."
Kusukela kulowo myalelo ofanayo ku-Intune kungenzeka engeza amafolda engeziwe avikelwe (ezivumelanisa nohlelo lokusebenza lwe-Windows Security kumadivayisi) futhi zicacise izinhlelo zokusebenza ezithembekile ezizohlala zinemvume yokubhalela lawo mafolda. Lokhu kuhambisana nokutholwa okuzenzakalelayo kwe-Defender okusekelwe edumeni.
Uma inhlangano yakho isebenzisa i-Microsoft Configuration Manager, ungaphinde usebenzise izinqubomgomo ze- Windows Defender Sebenzisa unogadaKusukela ku-“Assets and Compliance > Endpoint Protection > Windows Defender Exploit Guard” kudalwa inqubomgomo yokuvikela ubungozi, kukhethwa inketho yokufinyelela ifolda elawulwayo bese ukhetha ukuthi uvimbele izinguquko, uhlole kuphela, uvumele ezinye izinhlelo zokusebenza noma wengeze amanye amafolda.
Ngakolunye uhlangothi, lo msebenzi ungaphathwa ngendlela eyinkimbinkimbi kakhulu kusetshenziswa i-Group Policy Objects (GPOs). Umhleli Wokuphathwa Kwenqubomgomo YeqembuNgaphakathi kwe-Computer Configuration > Administrative Templates, ungafinyelela izingxenye ze-Windows ezihambisana ne-Microsoft Defender Antivirus kanye nesigaba sayo se-Exploit Guard, lapho kunezinqubomgomo eziningana ezihlobene nokufinyelela okulawulwayo kumafolda.
Lezi zinqubomgomo zifaka okulandelayo: “Lungiselela ukufinyelela okulawulwayo kumafolda”, okukuvumela ukuthi usethe imodi (Enikwe amandla, Ekhutshaziwe, Imodi yokuhlola, Ukuguqulwa kwediski yokuvimba kuphela, Ukuguqulwa kwediski yokuhlola kuphela), kanye nokufakwa "kwamafolda avikelwe amisiwe" noma "Lungisa izinhlelo zokusebenza ezivunyelwe", lapho amafolda nezindlela ezisebenzayo kufakwa khona kanye nenani elibonisiwe ukuze kuphawulwe ukuthi kuvunyelwe.
Ukusebenzisa i-PowerShell ne-MDM CSP ukuze kulungiselelwe ngokuzenzakalelayo ukucushwa
Kubaphathi nabasebenzisi abathuthukile, i-PowerShell inikeza indlela eqondile kakhulu yokwenza yenza kusebenze, vala noma lungisa ukufinyelela okulawulwayo kumafolda usebenzisa ama-cmdlets e-Microsoft Defender. Lokhu kuwusizo ikakhulukazi kuma-script okufakwa, ukwenza ngokuzenzakalelayo, noma ukusebenzisa izinguquko kuma-batches.
Ukuze uqale, vula iwindi le-PowerShell elinamalungelo aphezulu: sesha “PowerShell” kumenyu yokuqala, chofoza kwesokudla bese ukhetha “Run as administrator”Uma usungaphakathi, ungakwazi yenza kusebenze umsebenzi usebenzisa i-cmdlet:
Isibonelo: Set-MpPreference -EnableControlledFolderAccess Enabled
Uma ufuna ukuhlola ukuziphatha ngaphandle kokuvimba noma yini, ungasebenzisa imodi yokuhlola Ngokushintsha i-Enabled nge-AuditMode, futhi uma ufuna ukuyikhubaza ngokuphelele nganoma yisiphi isikhathi, vele ucacise i-Disabled kuleyo pharamitha efanayo. Lokhu kukuvumela ukuthi ushintshe ngokushesha kusuka kwenye imodi uye kwenye njengoba kudingeka.
Ukuze uvikele amafolda engeziwe ku-PowerShell, kukhona i-cmdlet Amafolda Avikelwe Nge-Add-MpPreference -ControlledFolderAccessProtected, lapho udlula khona indlela yefolda ofuna ukuyivikela, isibonelo:
Isibonelo: Add-MpPreference -ControlledFolderAccessProtectedFolders "c:\apps/"
Ngokufanayo, ungavumela izinhlelo zokusebenza ezithile nge-cmdlet I-Add-MpPreference -ControlledFolderAccessAllowedApplicationsecacisa indlela ephelele eya ku-executable. Isibonelo, uma ufuna ukugunyaza uhlelo olubizwa ngokuthi i-test.exe ku-c:\apps, ungasebenzisa:
Isibonelo: Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe"
Ezimweni zokuphatha Amadivayisi eselula (MDM), ukucushwa kuvezwa ngezindlela ezahlukene Abahlinzeki besevisi yokuhlela (CSPs), njenge-Defender/GuardedFoldersList yamafolda avikelwe noma i-Defender/ControlledFolderAccessAllowedApplications yezinhlelo zokusebenza ezivunyelwe, okuvumela lezi zinqubomgomo ukuthi zihlanganiswe nezixazululo ze-MDM ezihambisanayo ngendlela ephakathi.
Ukurekhoda imicimbi kanye nokuqapha izigameko
Ukuze uqonde ngokugcwele ukuthi kwenzekani ngamaqembu akho, kubalulekile ukubuyekeza imicimbi ekhiqizwe ukufinyelela okulawulwayo kumafolda uma ivimba noma ihlola izenzo. Lokhu kungenziwa kokubili kusuka ku-portal ye-Microsoft Defender kanye ngqo ku-Windows Event Viewer.
Ezinkampanini ezisebenzisa iMicrosoft Defender ukuthola ama-endpoints, i-Microsoft Defender portal inikeza imibiko enemininingwane yemicimbi nokuvinjwa okuhlobene nokufinyelela kwefolda elawulwayo, okuhlanganiswe nezimo ezijwayelekile zokuphenya ngesexwayiso. Lapho, ungaqala ngisho nokusesha okuthuthukisiwe (Ukuzingela Okuthuthukisiwe) ukuze uhlaziye amaphethini kuwo wonke amadivayisi.
Isibonelo, a Umbuzo we-DeviceEvents Isibonelo esijwayelekile singaba:
Isibonelo: DeviceEvents | where ActionType in ('ControlledFolderAccessViolationAudited','ControlledFolderAccessViolationBlocked')
Emaqenjini ngamanye, ungathembela ku I-Windows Event ViewerI-Microsoft inikeza umbono wangokwezifiso (ifayela le-cfa-events.xml) elingangeniswa ukuze libuke imicimbi yokufinyelela ifolda elawulwayo kuphela ngendlela egxilile. Lo mbono uqoqa okufakiwe okufana nomcimbi 5007 (ushintsho lokucushwa), 1123 kanye no-1124 (ukuvimba noma ukuhlola ukufinyelela ifolda elawulwayo), kanye no-1127/1128 (ukuvimba noma ukuhlola ukubhala kwesigaba sediski evikelwe).
Uma kwenzeka ibhulokhi, umsebenzisi uvame ukubona futhi isaziso ohlelweni esibonisa ukuthi izinguquko ezingagunyaziwe zivinjelweIsibonelo, ngemiyalezo efana nokuthi “Ukufinyelela kufolda elawulwayo kuvinjelwe C:\…\Igama Lohlelo Lokusebenza… kusukela ekwenzeni izinguquko kumemori”, kanye nomlando wokuvikela ubonisa imicimbi efana nokuthi “Ukufinyelela kumemori evikelwe kuvinjelwe” nosuku nesikhathi.
Ukufinyelela ifolda elawulwayo kuba ithuluzi elinamandla kakhulu ukuvimbela ngokungathi sína i-ransomware nezinye izinsongo ezizama ukubhubhisa amafayela akho, kuyilapho zihlala ziguquguquka ngenxa yezindlela zokuhlola, uhlu lwamafolda nezinhlelo zokusebenza ezivunyelwe, kanye nokuhlanganiswa namathuluzi okuphatha. Uma ilungiselelwe kahle futhi ihlanganiswe nama-backups avamile kanye nesofthiwe ye-antivirus esesikhathini, ingenye yezici ezinhle kakhulu ezinikezwa yi-Windows 11 zokugcina amadokhumenti akho abaluleke kakhulu ephephile.
Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.