The Attachment Manager in Windows, is a service that gets activated whenever you receive with an e-mail message with an attachment and from unsafe files that you might save from the Internet.
Microsoft Outlook Express, Microsoft Windows Messenger and Microsoft Internet Explorer use the Attachment Manager to handle e-mail attachments and Internet downloads.
The Attachment Manager protects you against unsafe attachments and downloads by identifying the file type and the respective security settings. If it identifies an attachment that might be unsafe, it prevents you from opening the file, or it warns you before you open the file.
It uses the IAttachmentExecute application programming interface (API) to find the file type, to find the file association. When one of these applications saves a downloaded file on a disk formatted with NTFS, then it updates the meta data for the file with the zone it was downloaded from. The meta data is saved as an Alternate Data Stream (ADS). If you wish to unblock a downloaded file, you can do so by right clicking it, seecting Properties and clicking on Unblock.
It checks for the following 3 things:
- The type of program that you are using.
- The file type that you are downloading or trying to open
- The security settings of the Web content zone that you are downloading the file from.
It classifies files types as high risk, medium risk, and low risk.
- High Risk – Will block the file from being opened, when the file is from the restricted-zone and give out a Windows Security Warning: Windows found that this file is potentially harmful. To help protect your computer, Windows has blocked access to this file.
- Moderate Risk – Will prompt with a warning: The publisher could not be verified. Are you sure you want to run this software?
- Low Risk – Will open the file with no message.
The Attachment Manager labels the following file types as low risk only when you open them by using Notepad. If you associate another program with this file type, the file type is no longer considered low risk: .log, .text, .txt. The Attachment Manager also labels the following file types as low risk only when you open the file by using the Microsoft Windows Picture and Fax Viewer: .bmp, .dib, .emf, .gif, .ico, .jfif, .jpg, .jpe, .jpeg, .png, .tif, .tiff, .wmf.
When you try to download or open a file from a Web site that is in the restricted Web content zone, you may receive a message that indicates that the file is blocked. When you try to open high-risk file types from sites that belong to the Internet Web content zone, you may receive a warning message, but you may be able to open these select file types of files.
File types that the Attachment Manager does not label as high risk or low risk are automatically labeled as medium risk.
YOU DON’T WANT TO DO IT, but if you wish to disable the Attachment Manager you can do so via Group Policy > User Configuration > Administrative Templates > Windows Components > Attachment Manager.
Double click on Do not preserve zone information in file attachments to open the settings box and Enable the setting here. If you enable this policy setting Windows does not mark file attachments with their zone information.
You can see several other policy settings here for the Attachment Manager. To learn more on how to configure the Attachment Manager, visit KB883260.