6 new and noteworthy security features in Windows 10 Fall Creators Update

The Fall Creators Update for Windows 10 debuts tools and changes that affect computer security. Here’s how to access them.

CSO |

Table of Contents

1. Cortana
2. Exploit guard
3. Phone
4. Protected folders
5. Reset Microsoft account password from the lock screen
6. Web browse more safely with Edge inside a virtual machine

Among the new features that the Windows 10 Fall Creators Update offers are six new ways to enhance or better manage security settings. They include options to limit app access to your personal data and the ability to better protect folders, devices and executables, The step-by-step instructions below show how to make the best use of the new security features.

1. Cortana

The settings for Microsoft’s intelligent agent have been relocated to the Settings app. (When you click the Settings icon on the Cortana tool’s panel, it now jumps to the Settings app.)

Windows 10 Fall Creator Cortana 1 — Find Cortana under Windows Settings

Under the Cortana settings category, click "Permissions & history" to manage how Cortana accesses your personal information as you’re using Windows 10 and Microsoft online services.

Cortana Windows 10 Fall Creator 2 — Manage Cortana settings under "Permissions & history"

2. Exploit guard

EMET (Enhanced Mitigation Experience Toolkit) was a Microsoft tool which would prevent malicious code from exploiting security flaws in Windows systems. Microsoft retired it, but has implemented several of its features into the Fall Creators Update. Most of the tools of Exploit Guard are turned on by default. To see what they are and to adjust them individually, launch the Windows Defender Security Center app. (It’s listed on the app list in the Start menu.) Click "App & browser control."

Exploit Guard Windows 10 fall creator 1 — Click "App & browser control" to access Exploit Guard

Scroll the panel down to "Exploit protection" and click "Exploit protection settings".

Exploit Guard Windows 10 fall creator 2 — Find "Exploit protection settings" under "Exploit protection"

Under “System settings,” you can turn off or on six exploit protection tools: control-flow guard, data execution prevention, force randomization for images (mandatory ASLR), randomize memory allocations (bottom-up ASLR), validate exception chains (SEHOP), validate heap integrity.

Exploit guard windows 10 fall creator 3 — Turn "Exploit protection" tools on or off under "System settings"

Under "Program settings," you can add an executable/program to tweak its functionalities to prevent it from being exploited by malware or intrusions. The 21 settings include the six under "System settings" and others such as block remote images, disable Win32k system calls, and validate API invocation.

exploit guard windows 10 fall creator 4 — Protect executables from exploitation under "Program settings"

Exploit guard Windows 10 fall creator 5 — Some of the 21 settings to protect from malware or intrusions

3. Phone

This is another new category in the Settings app, and it addresses a possible security issue. For example, your Android phone running certain Microsoft apps (like the Android app version of Cortana) can send notifications to your Windows 10 computer that you've authorized to receive from this phone.

Under the "Phone" category, the Fall Creators Update adds an "Unlink this PC" function. You can click this to quickly cut off your Windows 10 computer from a linked phone.

Phone Windows 10 fall creator 1 — Choose "Phone"

Phone windows 10 fall creators 2 — Select "Unlink this PC"

4. Protected folders

To thwart ransomware or other malware from hijacking your files, the Fall Creators Update lets you restrict chosen folders so only apps that are considered safe by Microsoft, or that you have whitelisted, can access them. These apps will also be able to access and change documents (and other files) in these folders. You could lock down the Documents folder so that only Microsoft Word can access it.

To use this feature, launch the Windows Defender Security Center app. Click "Virus & threat protection" and in the next panel "Virus & threat protection settings."

Protected folders windows 10 fall creators 1 — Select "Virus & threat protection"

Protected folders Windows 10 fall creators 2 — Select "Virus & threat protection settings"

You’ll have to scroll down to see "Controlled folder access." Click to switch this on.

Protected folders windows 10 fall creators 3 — Make sure "Controlled folder access" is on

Click "Protected folders" to open a list of folders that can be set for restricted access. By default, the Desktop, Documents, Favorites, Music, Pictures, and Video folders appear here. You can add other folders to this list by clicking "Add a protected folder."

Protected folders windows 10 fall creators 4 — Add protected folders

When you turn on the controlled folder access switch, the Fall Creators Update automatically decides which apps are safe to allow access to the folders you’ve designated as protected. However, if this feature blocks a particular app that you know is safe, you can let it through by clicking "Allow an app through Controlled folder access."

Protected folders Windows 10 fall creators 5 — Add an allowed app

5. Reset Microsoft account password from the lock screen

If you use a Microsoft account (like an email account from Outlook.com) to sign in to your Windows 10 computer, and you forget this account’s password, you can now recover it from the lock screen. (Previously, you could only do this from another browser capable computer or mobile device.)

From the lock screen, click "I forgot my password." This loads a recovery tool app. The email of the Microsoft account you used to sign in to your Windows 10 computer will be listed. (But you can enter in place of it another Microsoft account of yours to reset its password.) After passing the captcha, you can choose either to have a password reset number sent by text messaging to a phone or emailed to a recovery email address that you previously assigned to the Microsoft account.

Reset password Windows 10 fall creators 1 — Load the recovery tool app

If you selected PIN entry under "Sign-in options," then you’ll see an "I forgot my PIN” option on the lock screen instead. You’ll be prompted to enter the password of your Microsoft user account that you used to originally sign in to this Windows 10 system. After this, you’ll be sent a text message or email with a code you can enter in this tool to reset your PIN.

Reset password windows 10 fall creators 2 — Enter your password

6. Web browse more safely with Edge inside a virtual machine

This feature is only in the Enterprise edition of Windows 10, and your computer’s processor must be able to support Hyper-V, Microsoft’s virtual machine tool. If your system meets both requirements, the Fall Creators Update lets you open an Edge browser window that runs inside a virtual machine. If malicious code attacks the browser, it will be contained within the virtual machine and not spread to your computer’s main operations.

This option for Edge isn’t available by default. The Microsoft Tech Community post “Windows Defender Application Guard Standalone mode” shows you how to turn it on.