Let’s learn how to manage the visibility of the Ransomware Data Recovery area in Windows Security. Windows Security provides a robust suite of built-in protections against malware threats, including ransomware.
One such feature is the Ransomware Data Recovery Area, available within the Virus & Threat Protection page. This component offers guided recovery options when OneDrive files are compromised by ransomware attacks. This feature is crucial for minimizing data loss and aiding recovery without financial impact.
Ransomware Detection and Recovery in Windows Security. When ransomware targets a system, Windows Security may detect the attack and notify the user of file compromise. And, initiate recovery guidance via OneDrive integration, enabling users to restore previous versions of affected files. You can also find Security Settings for Windows 11 Hardening options by clicking – HERE.
These visibility controls are typically enforced through Group Policy or other centralized configuration tools such as Microsoft Endpoint Manager (Intune). By using policy settings, admins can ensure consistent behaviour across devices and enforce role-based access.
Table of Contents
What is Ransomware?
Ransomware is a malicious type of software that encrypts or locks access to a user’s files or systems and demands payment to restore access. It can cause significant data loss and operational disruption, particularly in environments lacking proper backup and recovery protocols.
How to Hide and Show Ransomware Data Recovery Area in Windows Security
Organizations and IT administrators can customize user access to ransomware features for policy, usability, or security reasons. Specifically, hide the entire Virus & Threat Protection page, that prevents users from accessing all associated options, including ransomware protection. Or, hide only the Ransomware Data Recovery area, that retains general malware controls but restricts visibility of the ransomware recovery section.
- Privacy and Security Settings in Windows 11
- Reset Windows Security App in Windows 11
- Enhanced Security with Windows 365 Customer Lockbox
This control is useful in scenarios where the Recovery is managed centrally by IT. Security settings should not be altered by end users. System hardening is necessary for compliance or regulatory purposes. The following listed methods are used to manage the visibility of the Ransomware Data Recovery area in Windows Security.
- Local Group Policy Settings
- Registry File
- Intune Policy
NOTE: You must be signed in as an Administrator to manage the visibility of the Ransomware Data Recovery area in Windows Security.
Local Group Policy Settings
In Windows 11, you can set the Local Group Policy Editor to Block Registry Editor in Windows Devices. Open the Local Group Policy to block or unblock Registry Editor, and follow the process described below.
- Open the Run command and press Win Key + R.
- Type gpedit.msc
- Click OK or press Enter.
When the Group Policy Editor opens, navigate to the following path to access the required policy settings. To make changes, and select Hide the Ransomware data recovery area.
Computer Configuration > Administrative Templates > Windows Components > Windows Security > Virus and threat protection.
Double-click on Hide the Ransomware data recovery area to open the settings. Here, you can see that it needs at least Windows Server 2016, Windows 10 Version 1803. You can choose the following process and press Apply, then press the OK button to apply the changes. You can hide and show Ransomware data recovery in Windows 11 shown in the list below.
- Enabled: The Ransomware data recovery area will be hidden.
- Disabled: The Ransomware data revovery area will be shown.
- Not Configured: Same as Disabled.
Registry File
Using the registry editor, you can manage the visibility of Ransomware Data Recovery area in Windows Security in Windows. This procedure is done using the Registry File. Let’s discuss the step-by-step guidelines for it.
Now, open Run Window, and press Windows Key + R from the keyboard simultaneously. This is the keyboard shortcut to open the run window. Now, type regedit and click on OK to continue. Then, it asks the Admin’s permission to change the Device. Click Yes.
- Window Key + R (To open run command)
- Type ‘regedit‘ and press OK
- Administrator Permission press Yes
NOTE! Take Backup—If any mistake occurs in the Registry Editor, it may affect the system. It is advisable to take a backup of the Registry before proceeding. To back up, go to File in the top left corner of the Registry Editor. Click on it, then select Export and save the backup.
- Go to File
- Right-click on HKEY_LOCAL_MACHINE
- Click on Export
- Please save it
Use the .reg file to Hide Ransomware Data Recovery area in Window Security in Windows 11. To create a .reg file, open NotePad, type the following code, and name it HideRansomwareDaraRecovery. Then, save it on the desktop using the .reg extension.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection]
"HideRansomwareRecovery"=dword:00000001
When the file is saved at your selected location, double-click on it. The User Account Control Window will open; click Yes to continue. Then, the Registry Editor Waring window will open.
Adding information can unintentionally change or delete values and cause components to stop working correctly. If you do not trust the source of this information in the path you created, do not add it to the registry; otherwise, click Yes to continue.
The following window shows that the key and value you added have been successfully added to the registry editor. Now click on OK and restart your PC to add the applicable test.
Again, use the .reg file to show Ransomware Data Recovery area in Windows Security in Windows 11. To create a .reg file, open NotePad, type the following code, and name it ShowRansomwareDaraRecovery. Then, save it on the desktop using the .reg extension.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection]
"HideRansomwareRecovery"=-
When the file is saved at your selected location, double-click on it. The User Account Control Window will open; click Yes to continue. Then, the Registry Editor Waring window will open.
Adding information can unintentionally change or delete values and cause components to stop working correctly. If you do not trust the source of this information in the path you created, do not add it to the registry; otherwise, click Yes to continue.
The following window shows that the key and value you added have been successfully added to the registry editor. Now click on OK and restart your PC to add the applicable test.
Intune Policy
To hide or show the Ransomware Data Recovery area in Windows Security using Intune Policy, you need to configure the Hide Ransomware Data Recovery setting within an Antivirus policy, specifically under the Windows Defender Security Center CSP. This setting allows you to control whether the Ransomware Data Recovery section is visible to users in the Windows Security app, follow the steps.
This setting allows administrators to show or hide ransomware data recovery area in windows security. Let’s have a look on the steps to configure the profile in Intune.
- Log in to the Microsoft Intune Admin Center.
- Navigate to Endpoint security > Antivirus.
- Click on Create Policy
NOTE: Refer to the Intune Settings Catalog policy creation guide to complete the policy creation process – Create Intune Settings Catalog Policy.
Read this guide for more information on Customizing Windows 11 S
After clicking Create Policy the create a profile side appears, select Windows as Platform, then choose Windows Security Experience from the drop-down menu as Profile. The Windows Security app is used by a number of Windows security features to provide notifications about the health and security of hte machine. These include notifications about firewalls, antivirus products, Windows Defender SmaftScreen and othes.
This policy applies to Windows 10, Windows 11, and Windows server. This settings in this policy can be targeted to MDM, MicrosoftSense supported devices. Now put the name as Windows Defender Security Center and click Next.
Configure the setting as find and select the “Hide the Ransomware data recovery option in the Windows Security app” setting. Then select Enable to hides the Ransomware Data Recovery area, along with any related notifications, from users. Select Disable or Not configured to displays the Ransomware Data Recovery area and related notifications in the Windows Security app. Assign the policy to the appropriate device groups and deploy it.
| Action | Description |
|---|---|
| Enable | Hides the Ransomware Data Recovery area, along with any realted notifications, from users. |
| Disable | Displays the Ransomware Data Recovery area and related notifications in the Windows Security app. |
| Not Configured | Same as Disable. |
Important Considerations
- Pre-requisites: Ensure that the “Hide the Virus and threat protection area in the Windows Security app” setting is set to “Disable” or “Not configured” for this setting to take effect.
- User Experience: When the Ransomware Data Recovery area is hidden, users won’t be able to access the functionality for setting up OneDrive backup or recovering from ransomware attacks through the Windows Security app.
- Alternative – Controlled Folder Access: If you want to manage access to specific folders for ransomware protection, you can use the “Controlled folder access” feature within the Virus & threat protection settings in Windows Security.
- Other Security Settings: Intune offers various other settings for managing Windows Security features, such as hiding other areas within the app or managing notifications.
I hope the information on 5 Methods to Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Windows Devices is helpful. Please follow us on the HTMD Community and visit our website, HTMD Forum, if you like our content. Suggest improvements, if any, and we would love to know which topic you want us to explore next.
Sources
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Alok graduated with a Master of Computer Applications (MCA) degree. He loves writing on Windows 11 and related technologies. He likes to share his knowledge, quick tips, and tricks with Windows 11 or Windows 10 with the community.