The Attachment Manager in Windows is a service that gets activated whenever you receive an e-mail message with an attachment and from unsafe files that you might save from the Internet. In this post, we will see how to configure High risk, Medium risk, Low-risk files.
Microsoft Outlook Express, Microsoft Windows Messenger, and Microsoft Internet Explorer use the Attachment Manager to handle e-mail attachments and Internet downloads.
Attachment Manager in Windows 10/8/7
The Attachment Manager protects you against unsafe attachments and downloads by identifying the file type and the respective security settings. If it identifies an attachment that might be unsafe, it prevents you from opening the file, or it warns you before you open the file.
It uses the IAttachmentExecute application programming interface (API) to find the file type, to find the file association. When one of these applications saves a downloaded file on a disk formatted with NTFS, then it updates the metadata for the file with the zone it was downloaded from. The metadata is saved as an Alternate Data Stream (ADS). If you wish to unblock a downloaded file, you can do so by right-clicking it, selecting Properties and clicking on Unblock.
It checks for the following 3 things:
- The type of program that you are using.
- The file type that you are downloading or trying to open
- The security settings of the Web content zone that you are downloading the file from.
It classifies files types as high risk, medium risk, and low risk.
- High Risk – Will block the file from being opened, when the file is from the restricted-zone and give out a Windows Security Warning: Windows found that this file is potentially harmful. To help protect your computer, Windows has blocked access to this file.
- Moderate Risk – Will prompt with a warning: The publisher could not be verified. Are you sure you want to run this software?
- Low Risk – Will open the file with no message.
The Attachment Manager labels the following file types as low risk only when you open them by using Notepad. If you associate another program with this file type, the file type is no longer considered low risk: .log, .text, .txt. The Attachment Manager also labels the following file types as low risk only when you open the file by using the Microsoft Windows Picture and Fax Viewer: .bmp, .dib, .emf, .gif, .ico, .jfif, .jpg, .jpe, .jpeg, .png, .tif, .tiff, .wmf.
When you try to download or open a file from a Web site that is in the restricted Web content zone, you may receive a message that indicates that the file is blocked. When you try to open high-risk file types from sites that belong to the Internet Web content zone, you may receive a warning message, but you may be able to open these select file types of files.
File types that the Attachment Manager does not label as high risk or low risk are automatically labeled as medium risk.
Disable Unblocking feature of Attachment Manager. Automatically Unblock downloaded files.
YOU DON’T WANT TO DO IT, but if you wish to disable this feature of the Attachment Manager you can do so via Group Policy > User Configuration > Administrative Templates > Windows Components > Attachment Manager.
Double click on Do not preserve zone information in file attachments to open the settings box and Enable the setting here. If you enable this policy setting Windows does not mark file attachments with their zone information.
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
If you enable this policy setting, Windows does not mark file attachments with their zone information. If you disable this policy setting, Windows marks file attachments with their zone information. If you do not configure this policy setting, Windows marks file attachments with their zone information.
You could instead, also open Registry Editor and navigate to the following registry key;
Change the value of SaveZoneInformation from the default 2 to 1.
You can see several other policy settings here for the Attachment Manager. To learn more about how to configure the Attachment Manager, visit KB883260.