I wrote about Controlled Folder Access not long ago. Since then, I’ve seen it throw a few dialogs telling me that a particular application was blocked from doing something, but I generally didn’t pay much attention unless I found something that didn’t work. The desktop notification doesn’t show the full path of the blocked executable if it’s anywhere in \program files or \users\appdata. There just isn’t enough room.
Today I saw a message pop up that had some Chinese characters in it– you’d better believe that got my attention. I wanted to see what CFA had blocked. A little digging around led me to an article that explains how to easily create a custom view that shows CFA events. Sure enough, here’s what it showed:
Someone’s up to no good
Since I don’t use Internet Explorer, it’s pretty clear that something is on my machine that shouldn’t be, but, at least for now, CFA has prevented it from doing anything too nefarious. Off to the malware scanner I go!
Paul's Down-Home Page 