Attachments Blocked by Outlook

Attachment Behavior

Attachments are divided into three groups based on their file name extension, or type. Outlook handles each group in a specific way.

Level 1 ("Unsafe")

The "unsafe" category represents any extension that may have script or code associated with it. You cannot open any attachment with an "unsafe" extension if you use a version of Outlook that has the security patch applied to it. The following list contains attachments that are considered unsafe:

Extension       File type
---------------------------------------------------
.ade            Microsoft Access project extension 
.adp            Microsoft Access project 
.asx            Windows Media Audio / Video
.bas            Microsoft Visual Basic class module 
.bat            Batch file 
.chm            Compiled HTML Help file 
.cmd            Microsoft Windows NT Command script 
.com            Microsoft MS-DOS program 
.cpl            Control Panel extension 
.crt            Security certificate 
.exe            Program 
.hlp            Help file 
.hta            HTML program
.inf            Setup Information 
.ins            Internet Naming Service 
.isp            Internet Communication settings 
.js             JScript file 
.jse            Jscript Encoded Script file 
.lnk            Shortcut 
.mda            Microsoft Access add-in program 
.mdb            Microsoft Access program 
.mde            Microsoft Access MDE database 
.mdt            Microsoft Access workgroup information  
.mdw            Microsoft Access workgroup information 
.mdz            Microsoft Access wizard program 
.msc            Microsoft Common Console document 
.msi            Microsoft Windows Installer package 
.msp            Microsoft Windows Installer patch 
.mst            Microsoft Windows Installer transform; Microsoft Visual                     Test source file 
.ops            Office XP settings 
.pcd            Photo CD image; Microsoft Visual compiled script 
.pif            Shortcut to MS-DOS program 
.prf            Microsoft Outlook profile settings
.reg            Registration entries 
.scf            Windows Explorer command
.scr            Screen saver 
.sct            Windows Script Component 
.shb            Shell Scrap object
.shs            Shell Scrap object 
.url            Internet shortcut 
.vb             VBScript file 
.vbe            VBScript Encoded script file 
.vbs            VBScript file 
.wsc            Windows Script Component 
.wsf            Windows Script file 
.wsh            Windows Script Host Settings file 
					

The following list describes how Outlook functions when you receive or send an "unsafe" file attachment:

• Any "unsafe" attachment is not accessible. You cannot save, delete, open, print, or otherwise work with "unsafe" files. The top of the e-mail message indicates that Outlook has blocked access to the "unsafe" attachment. The attachment is not accessible from Outlook; however, the attachment is not actually removed from the e-mail message.
• If you forward an e-mail message with an "unsafe" attachment, the attachment is not included in the forwarded e-mail message.
• If you send an e-mail message that contains an "unsafe" attachment, you receive a warning message that says other Outlook recipients may not be able to access the attachment that you are trying to send. You can either ignore the warning message and send the e-mail message, or you can choose to not send the e-mail message.
• If you save or close an e-mail message that contains an "unsafe" attachment, you receive a warning message that says you will not be able to open the attachment in Outlook. You can override the warning message and save the e-mail message.
• You cannot open objects that are inserted into Microsoft Outlook Rich Text messages by using the Insert Object command. You do see a visual representation of the object, but you cannot open or activate the object in the e-mail message.
• You cannot open "unsafe" files that have been directly stored in an Outlook or Exchange folder. Although these files are not attached to an Outlook item, they are still considered "unsafe." The following error message occurs in this situation:
   
  Can't open the item. Outlook blocked access to this potentially unsafe item.

Level 2

Level 2 files are not "unsafe" but they do require more security than other attachments. When you receive a Level 2 attachment, you are prompted to save the attachment to a disk; you cannot open the attachment in the e-mail message. By default, extensions are not associated with this group; however, you can add extensions to the Level 2 list.

NOTE: You can only change the list of files that are included in the Level 2 category if you are using Outlook in an Exchange environment and your mail is being delivered to an Exchange mailbox. An administrator must make these changes.

Other Attachments

When you try to open an attachment other than those in the "unsafe" or Level 2 lists, you are prompted to either open the file directly or to save it to a disk. You can turn off future prompts for that extension if you click to clear the Always ask before opening this type of file check box.

NOTE: If a program associates itself with a new extension, that extension is treated as an "other" attachment until you add the extension to the "unsafe" list. For example, if you install a program on your computer that uses files with an .xyz extension, whenever you open an attachment that has an .xyz extension, the new program opens and runs the attachment. By default, the .xyz extension is not on the "unsafe" or Level 2 list, so it is treated as an "other" extension. If you want attachments with the .xyz extension to be treated as "unsafe," you must add the .xyz extension to the list of "unsafe" extensions.