With Windows 10 is a security option known as Controlled Folder Access. It is off by default, but when enabled, with certain options certain file access predicates give unexpected results.
References:
Protect important folders with controlled folder access
Configure Controlled Folder Access in Windows 10
Enable controlled folder access
Registry Key:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access
The setting for Controlled Folder Access is located by
- Right click Windows Start Button in lower left of screen.
- Select Settings
- Click Update & Security
- Select Windows Security
- Select Virus & threat protection
- Under Ransomware protection click Manage ransomware protection
You should see a page with Controlled folder access and a GUI on/off toggle.
The default option for Controlled folder access is off.
When Controlled folder access is off the file access predicates work as expected.
When Controlled folder access is on and no other Controlled folder access options are changed, then the predicates
- open/3
-
access_file/2 with
write
no longer work as expected when used with a default protected folder such as documents folder but instead result in errors or unexpected results.
When Controlled folder access is on and swipl-win.exe is allowed for a controlled folder, including the default controlled folders such as documents folder, then the file access predicates work as expected.
Scenarios
- With Controlled Folder Access off (default)
- With Controlled Folder Access on
C:\Users\<User>\Documents - A protected folder
swipl-win.exe - Not allowed through Controlled folder access - With Controlled Folder Access on
C:\Users\<User>\Documents - A protected folder
swipl-win.exe - Allowed through Controlled folder access
Note: You have to manually delete the created file between each scenario. Also you have to manually set the changes noted in the scenarios, e.g. turn controlled folder access on or off, or adding swipl-win.exe as an allowed application.
Code used with scenarios; each write_test is run in order for a scenario.
write_test_1 :-
Windows_file_path = 'C:\\Users\\Eric\\Documents\\Controlled Folder Access Test\\prolog_write_test_1.txt',
prolog_to_os_filename(Prolog_file_path,Windows_file_path),
assertion( \+ exists_file(Prolog_file_path) ).
write_test_2 :-
Windows_file_path = 'C:\\Users\\Eric\\Documents\\Controlled Folder Access Test\\prolog_write_test_1.txt',
prolog_to_os_filename(Prolog_file_path,Windows_file_path),
assertion( \+ exists_file(Prolog_file_path) ),
open(Prolog_file_path,write,Out,[]),
write(Out,'Hello, World!!!'),
close(Out).
write_test_3 :-
Windows_file_path = 'C:\\Users\\Eric\\Documents\\Controlled Folder Access Test\\prolog_write_test_1.txt',
prolog_to_os_filename(Prolog_file_path,Windows_file_path),
assertion( access_file(Prolog_file_path,write) ).
For scenario 1: All three test examples work as expected.
For scenario 2.
write_test_1 works as expected
write_test_2
ERROR: source_sink `'c:/Users/Eric/Documents/Controlled Folder Access Test/prolog_write_test_1.txt'' does not exist (No such file or directory)
ERROR: In:
ERROR: [11] open('c:/Users/Eric/Documents/Controlled Folder Access Test/prolog_write_test_1.txt',write,_8416,[])
ERROR: [10] write_test_2 at d:/example.pl:839
ERROR: [9] <user>
write_test_3 runs, but was expecting it to fail because the file does not exist.
For scenario 3: All three test examples work as expected.
I am not reporting this as a bug because I don’t know if it can really be considered a bug. The OS changed not the application, and it only becomes prevalent under certain conditions.
So for now I am just posting it here so that others can find it.
It would also be nice to know if others get the same results because I have had this option on for a while and have made some changes so I am not sure if what I am taking as the default settings are correct.
To see further examples of how this can cause problems related to writing code and configuring production systems see StackOverflow questions with tag controlled-folder-access