By default, Outlook restricts access to potentially dangerous attachments (these are executable files and script files such as .exe, .vbs, .bat, .msi, ps1, etc.). Text documents, files with non-standard extensions, and commonly used Microsoft Office formats (such as doc, xlsx, ppt) are not prohibited. Outlook does not enable you to save or view such an attachment when you get an email with one. At the same time, instead of an attachment, the following notice appears in Outlook:
Outlook blocked access to the following potentially unsafe attachments: Scan.001.jar
Outlook blocks the following file types by default:
ADE, ADP, APP, ASP, BAS, BAT, CER, CHM, CMD, CNT, COM, CPL, CRT, CSH, DER, DIAGCAB, EXE, FXP, GADGET, GRP, HLP, HPJ, HTA, INF, INS, ISP, ITS, JAR, JNLP, JS, JSE, KSH, LNK, MAD, MAF, MAG, MAM, MAQ, MAR, MAS, MAT, MAU, MAV, MAW, MCF, MDA, MDB, MDE, MDT, MDW, MDZ, MSC, MSH, MSH1, MSH2, MSHXML, MSH1XML, MSH2XML, MSI, MSP, MST, MSU, OPS, OSD, PCD, PIF, PL, PLG, PRF, PRG, PRINTEREXPORT, PS1, PS1XML, PS2, PS2XML, PSC1, PSC2, PSD1, PSDM1, PST, REG, SCF, SCR, SCT, SHB, SHS, THEME, TMP, URL, VB, VBE, VBP, VBS, VSMACROS, VSW, WEBPNP, WEBSITE, WS, WSC, WSF, WSH, XBAP, XLL, XNK
To open a blocked file, you can ask the sender to rename the file extension to a temporary extension that is not included in the list of blocked files and send it with a new email (for example, the file setup.exe can be renamed to setup.ex_) or pack the file into a ZIP or RAR archive.
If you trust the sender, and are confident that this file is safe, you can unblock certain types of attachment files in Outlook through the registry:
- Close the Outlook;
- Run the registry editor regedit.exe;
- Depending on the Outlook version, go to the one of the following registry keys:
Outlook 2010
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security]
Outlook 2013
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security]
Outlook 2016
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security] - Create a new key type REG_SZ with the name Level1Remove;
- For the Level1Remove key value, specify a list of file types to be unblocked in Outlook, separated by a semicolon, for example: .exe; .hta; .inf; .jar;
Open Outlook. Attachments containing the specified categories of dangerous files are now unblocked.
If you use ADMX templates to control your Office programmes, you may use a policy in the GPO editor section below to manage the list of safe attachments in Outlook: Administrative TemplatesAdministrative PoliciesUser ConfigurationPoliciesUser ConfigurationPoliciesUser ConfigurationPoliciesUser Configuration Security in Microsoft Outlook 2010 Outlook Security Mode > Security Form Settings
If your Outlook is connected to a Microsoft Exchange server, keep in mind that the Exchange administrator can designate which files are prohibited.
A message displays in OWA when an attachment is blocked:
This attachment’s access has been restricted file name >
The following is a list of all sorts of file attachments that are blocked:
Get-OwaMailboxPolicy | Select -ExpandProperty BlockedFileTypes
Or like this for a specific server:
Get-OwaVirtualDirectory -Identity "msgmbx1\owa (Default Web Site)" | Select -ExpandProperty BlockedFileTypesTo enable a specific type of file in OWA, start the Exchange Management Shell console and execute the commands (in this example, we will unblock the CHM files on the msgmbx1 server):
Set-OwaVirtualDirectory -Identity "msgmbx1\owa (Default Web Site)" –blockedfiletypes @{remove = '.chm'}
Set-OwaVirtualDirectory -Identity "msgmbx1\owa (Default Web Site)" –AllowedfileTypes @{add = '.chm'}
Set-OwaVirtualDirectory -Identity "msgmbx1\owa (Default Web Site)" -BlockedMimeTypes @{Remove = "text/chm", "application/chm”}
Set-OwaVirtualDirectory -Identity "msgmbx1\owa (Default Web Site)" -AllowedMimeTypes @{Add = "text/chm", "application/chm”}
Get-OwaMailboxPolicy | Set-Owamailboxpolicy –BlockedFileTypes @{remove = '.chm'}
Get-OwaMailboxPolicy | Set-Owamailboxpolicy –AllowedfileTypes @{add = '.chm'}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedMimeTypes @{Remove = "text/chm", "application/chm”}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy –AllowedMimeTypes @{Add = "text/chm", "application/chm”}
For Office365, you only need to use the last 4 code lines.
