Inclusion list for high risk file types

This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).

If you enable this policy setting, you can create a custom list of high-risk file types.

If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk.

If you do not configure this policy setting, Windows uses its built-in list of high-risk file types.

Supported on: At least Windows XP Professional with SP2

Specify high risk extensions (include a leading period, e.g. .cmd;.exe;).

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Microsoft\Windows\CurrentVersion\Policies\Associations
Value NameHighRiskFileTypes
Value TypeREG_SZ
Default Value

attachmentmanager.admx

Administrative Templates (Computers)

Administrative Templates (Users)