Support for Windows 10 will end in October 2025
After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.
Attachment Manager is a built-in security feature in Microsoft Windows that helps protect your device from potentially unsafe files. It works by identifying files downloaded from the internet or received via email that may pose a security risk.
When such a file is detected, Attachment Manager may either block the file from opening or display a warning before you proceed. This article explains how to configure Attachment Manager settings and offers workarounds if you're unable to download a file or program.
For detailed technical information, view More Information section.
Workarounds when you cannot download a file or a program
Many people encounter issues when they try to download a file or a program from the Internet. This could be caused by a number of reasons. Here we provide two general solutions for you to try if you are getting an error that your download is blocked, or if you get "virus scan failed" or "virus detected" messages.
You cannot download any file if the "File download" option is disabled in the Internet security settings. Follow these steps to check the Internet security settings:
-
From the Start screen, type inetcpl.cpl, and then press Enter to open Internet Properties window.
-
Go to the Security tab, select the Internet zone (globe icon), and click the Custom level button.
-
In the Security Settings window:
-
Scroll down to Downloads > File download and select Enable.
-
Continue scrolling to Miscellaneous > Launching applications and unsafe files, then select Prompt (recommended).
-
-
Click OK.
You may receive a Virus scan failed or Virus detected error message when you try to open or save a file or a program from Internet. This issue is typically caused by your antivirus software—not the Windows operating system. If you're confident the file source is safe and trusted, you can temporarily disable virus scanning as a workaround. Be sure to re-enable virus scanning immediately after the download is complete to maintain your system's protection.
Important: Modifying the registry can cause serious problems if not done correctly. Be sure to follow these steps carefully. Otherwise, you may be exposed to virus attacks.
-
Start Registry Editor: From the Start screen, type regedit.exe, and then press Enter.
-
Locate the following registry subkeys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
-
If you do not see the Attachments subkey, create it by right clicking Policies, select New, click Key, and then type Attachments as the key name.
-
Right click Attachments, select New, and then click DWORD (32-bit) Value.
-
Type ScanWithAntiVirus as the value name, and then press Enter.
-
Right-click the new ScanWithAntiVirus DWORD value, and then click Modify.
-
In the Value data box, type 1, and then click OK.
-
Exit Registry Editor.
-
Log off and log in Windows to make the change take effect.
-
Open or save the program or file that you failed before.
Note: We suggest you change the value of ScanWithAntiVirus subkey to 3 to enable the virus scan right after you completely open or save the program or file.
Configuring the Attachment Manager
There are several features of the Attachment Manager that can be configured by using Group Policy or the local registry.
Default risk level for file types
This policy setting lets you manage the default risk level for file types.
-
High Risk: If the attachment is in the list of high risk file types and from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.
-
Moderate Risk: If the attachment is in the list of moderate risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information.
-
Low Risk: If the attachment is in the list of low risk file types, Windows will not prompt the user before accessing the file, regardless of the file’s zone information.
Note: Enabling this policy lets you set the default risk level for file types. If disabled or not configured, Windows defaults to a moderate risk level.
Configuration details
-
Group Policy: User Configuration\Administrative Templates\Windows Components\Attachment Manager
-
Registry Subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
-
Registry Entry: DefaultFileTypeRisk
-
Entry Values:
-
High: 6150
-
Moderate (default): 6151
-
Low: 6152
-
Zone Information for Attachments
This policy setting lets you manage whether Windows marks file attachments with their zone of origin (e.g., Internet, intranet, local). It requires the NTFS file system and won’t work on FAT32. Without zone info, Windows can't assess file risks properly. If this policy setting is,
-
Enabled: Windows does not mark files with zone info.
-
Disabled/Not Configured: Windows marks files with zone info.
Configuration Details:
-
Group Policy: User Configuration\Administrative Templates\Windows Components\Attachment Manager
-
Registry Subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
-
Registry Entry: SaveZoneInformation
-
Entry Values:
-
On: 1
-
Off (default): 2
-
Hide mechanisms to remove zone information
This policy setting manages whether you can manually remove zone information by using the Unblock option in file Properties or the Security Warning dialog box. If this policy setting is:
-
Enabled: Hides the Unblock option.
-
Disabled/Not configured: Shows the Unblock option.
Configuration Details:
-
Group Policy: User Configuration\Administrative Templates\Windows Components\Attachment Manager
-
Registry Subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
-
Registry Entry: HideZoneInfoOnProperties
-
Entry Values:
-
Off (default): 0
-
On: 1
-
Custom Risk Lists
This policy setting lets you define custom lists for low, moderate, and high-risk file types. The High list overrides the others. If a file extension appears in more than one list, the most restrictive setting applies. If this policy setting is:
-
Enabled: Allows custom risk lists.
-
Disabled/Not configured: Uses built-in risk lists.
Configuration Details:
-
Group Policy: User Configuration\Administrative Templates\Windows Components\Attachment Manager
-
Registry Subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
-
Registry Entries:
-
HighRiskFileTypes
-
ModRiskFileTypes
-
LowRiskFileTypes
-
Trust Logic for Attachments
To fully customize the risk level for file attachments, you may also have to configure the trust logic for file attachments. This setting determines whether Windows evaluates the risk based on file handler, file type, or both.
-
File Type (1): Trust based on file extension.
-
Handler (2) - Default: Trust based on the application used.
-
Both (3): Most restrictive; both file type and handler are evaluated.
Configuration Details
-
Group Policy: User Configuration\Administrative Templates\Windows Components\Attachment Manager
-
Registry Subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
-
Registry Entry: UseTrustedHandlers
-
Entry Values:
-
File Type: 1
-
Handler (default): 2
-
Both: 3
-
Antivirus Notification for Attachments
This policy controls whether Windows notifies registered antivirus programs to scan file attachments when opened. If multiple antivirus programs are registered, all are notified. If this setting is:
-
Enabled: Windows prompts the antivirus to scan attachments when opened. If the scan fails, the file is blocked.
-
Disabled/Not Configured: Windows does not notify antivirus programs when attachments are opened.
Note: If the antivirus already scans files on arrival (e.g., via email server), this setting may be redundant.
Configuration Details
-
Group Policy: User Configuration\Administrative Templates\Windows Components\Attachment Manager
-
Registry Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
-
Registry Entry: ScanWithAntiVirus
-
Entry Values:
-
Off (1) - Default
-
Optional (2)
-
On (3)
-
Note: When the value is set to Optional (2), all scanners are called even after one report a detection.
For more information, see Internet Explorer security zones registry entries for advanced users.
More Information
Whether you are prevented from opening a file—or receive a warning before doing so—depends on the following factors:
-
The type of program that you are using.
-
The file type that you are downloading or trying to open.
-
The security settings of the Web content zone that you are downloading the file from.
Note: You can configure the Web content zones in Microsoft Internet Explorer on the Security tab. To view the Web content zones, click Tools, click Internet Options, and then click the Security tab.
The following are the four Web content zones:
-
Internet
-
Local intranet
-
Trusted sites
-
Restricted sites
The Attachment Manager uses the IAttachmentExecute application programming interface (API) to find the file type, to find the file association, and to determine the most appropriate action. Microsoft Outlook Express and Microsoft Internet Explorer use the Attachment Manager to handle e-mail attachments and Internet downloads.
Attachment Manager classifies downloaded or received files based on their extension and type into the following risk categories: High risk, Moderate risk, and Low risk.
When you save a file from an email or the web, the file’s source zone information is also saved—if your hard drive uses the NTFS file system. For example, saving a .zip file from an email will preserve its web content zone metadata. If the zone is considered unsafe, you may be blocked from extracting or executing files within that .zip.
You can open a blocked file from a known source and here's how:
-
Right-click the blocked file, and then click Properties.
-
In the General tab, click Unblock.
When you try to download or open a file from a Web site that is in the restricted Web content zone, you may receive a message that indicates that the file is blocked. When you try to open high-risk file types from sites that belong to the Internet Web content zone, you may receive a warning message, but you may be able to open these types of files. The file types that the Attachment Manager labels as high-risk include the following:
-
.ade
-
.adp
-
.app
-
.asp
-
.bas
-
.bat
-
.cer
-
.chm
-
.cmd
-
.com
-
.cpl
-
.crt
-
.csh
-
.exe
-
.fxp
-
.hlp
-
.hta
-
.inf
-
.ins
-
.isp
-
.its
-
.js
-
.jse
-
.ksh
-
.lnk
-
.mad
-
.maf
-
.mag
-
.mam
-
.maq
-
.mar
-
.mas
-
.mat
-
.mau
-
.mav
-
.maw
-
.mda
-
.mdb
-
.mde
-
.mdt
-
.mdw
-
.mdz
-
.msc
-
.msi
-
.msp
-
.mst
-
.ops
-
.pcd
-
.pif
-
.prf
-
.prg
-
.pst
-
.reg
-
.scf
-
.scr
-
.sct
-
.shb
-
.shs
-
.tmp
-
.url
-
.vb
-
.vbe
-
.vbs
-
.vsmacros
-
.vss
-
.vst
-
.vsw
-
.ws
-
.wsc
-
.wsf
-
.wsh
File types that the Attachment Manager does not label as high risk or low risk are automatically labeled as medium risk. When you open a medium-risk file from the Internet Web content zone or from the restricted sites Web content zone, you will be able to open these types of files without warning message.
The Attachment Manager labels the following file types as low risk only when you open them by using Notepad. If you associate another program with this file type, the file type is no longer considered low risk.
-
.log
-
.text
-
.txt
The Attachment Manager labels the following file types as low risk only when you open the file by using the Microsoft Windows Picture and Fax Viewer:
-
.bmp
-
.dib
-
.emf
-
.gif
-
.ico
-
.jfif
-
.jpg
-
.jpe
-
.jpeg
-
.png
-
.tif
-
.tiff
-
.wmf
Note: Associating a file type with Notepad or with the Windows Picture and Fax Viewer does not add that file type to the list of low-risk file types.
