Microsoft KB Archive/829982

= You may receive an &quot;Outlook blocked access to the following potentially unsafe attachments&quot; message in Outlook =

Article ID: 829982

Article Last Modified on 12/20/2007

-

APPLIES TO


 * Microsoft Office Outlook 2003
 * Microsoft Office Outlook 2003 with Business Contact Manager
 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Office Outlook 2007

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista



SUMMARY
Microsoft Outlook includes a feature that blocks attachments that are considered unsafe. If you receive an e-mail message that contains an attachment that contains one of the file types that are considered unsafe, you may receive the following message:

Outlook blocked access to the following potentially unsafe attachments: [...]

Although Outlook blocks access to the attachment, the attachment still exists in the e-mail message.

This article discusses the methods to use if you have to open an attachment that has been blocked in Outlook.



MORE INFORMATION
This security feature provides an additional level of protection against malicious e-mail messages. By default, this feature has been implemented in each version of Outlook since Microsoft Outlook 2000 Service Release 1 (SR1).

Use one of the following recommended methods to open an attachment that was blocked in Outlook:  Request that the sender post or save the attachment to a file share and then send you the link to that file share. Request that the sender use a file compression utility that changes the file name extension. For a list of third-party compression products, click the following article number to view the Microsoft Knowledge Base article:

291637 Attachments are not compressed by Outlook 2002

 Request that the sender rename the file name extension and then resend the attachment to you. After you receive the renamed attachment, you can rename the file with the original file name extension.

If the previously recommended methods do not meet your requirements, use one of the following methods:
 * If you are in a Microsoft Exchange environment and your administrator has configured the Outlook Security settings, ask the administrator to modify the security settings for your mailbox.
 * If you are not in an Exchange environment, modify the Windows Registry to customize the attachment security settings. For more information, see the “How to Customize Attachment Security Behavior&quot; section.

You can modify the attachment security behavior in Outlook if you are using Outlook in one of the following scenarios:
 * You are not using Outlook in an Exchange environment.
 * In an Exchange environment, the administrator has not configured the Outlook Security settings to disallow changes to the attachment security behavior.

In these scenarios, follow these steps to modify the attachment security behavior in Outlook by making a modification to the registry.

How to customize attachment security behavior
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Important Before you can customize the attachment security behavior in Outlook 2000 SR1 and Microsoft Outlook 2000 SR1a, you must first apply either Microsoft Office 2000 Service Pack 2 or Microsoft Office 2000 Service Pack 3.

Note The following steps are intended for advanced computer users. If you are not comfortable with advanced troubleshooting, you might want to ask someone for help or contact support. For more information about how to contact Microsoft support, visit the following Microsoft Web site:

http://support.microsoft.com/contactus

 Exit Outlook if it is running. Click Start, click Run, type regedit, and then click OK. Verify that the following registry key for your version of Outlook exists. If it does, go to step 5.

Microsoft Office Outlook 2007

Microsoft Office Outlook 2003

Microsoft Outlook 2002

Microsoft Outlook 2000

If the registry key does not exist, create it. To create the registry key, follow these steps: <ol style="list-style-type: lower-alpha;"> Locate and then click the following registry key:

</li> Click the Edit menu, click New, and then click Key.</li> Type Office, and then press ENTER.</li> Click the Edit menu, click New, and then click Key.</li> For Outlook 2007, type 12.0, and then press ENTER

For Outlook 2003, type 11.0, and then press ENTER

For Outlook 2002, type 10.0, and then press ENTER

For Outlook 2000, type 9.0, and then press ENTER</li> Click the Edit menu, click New, and then click Key.</li> Type Outlook, and then press ENTER.</li> Click the Edit menu, click New, and then click Key.</li> Type Security, and then press ENTER.</li></ol> </li> Click the Edit menu, click New, and then click String Value.</li> Type the following name for the new value:

Level1Remove

</li> Press ENTER.</li> Right-click the new string value name, and then click Modify.</li> Type the file name extension of the file type that you want to open in Outlook. For example:

.exe

To specify multiple file types, use the following format:

.exe;.com

</li> Click OK.</li> <li>Exit Registry Editor.</li> <li>Restart your computer.</li></ol>

When you start Outlook, you can open the file types that you specified in the registry.

Note We recommend that you enable only the file types that you need. If you rarely receive a particular file type, we recommend that you give Outlook temporary access to the file type that is in question and then reconfigure Outlook to block the file type by undoing the changes to registry.

For more information about how you can configure Outlook to block attachment file name extensions that Outlook does not block by default, click the following article number to view the article in the Microsoft Knowledge Base:

837388 How to configure Outlook to block additional attachment file name extensions

Exchange environment
If you run Outlook in an Exchange environment, your administrator can change the default attachment security behavior.

For more information about how to configure Outlook in an Exchange environment, click the following article numbers to view the articles in the Microsoft Knowledge Base:

290499 Administrator information about e-mail security features

263297 Administrator information about the Outlook E-mail Security update: June 7, 2000

Attachment Behavior
Attachments are divided into three groups based on their file name extension or type. Outlook handles each group in a specific way.

Level 1 (&quot;Unsafe&quot;)
The “unsafe&quot; category represents any file name extension that may have script or code associated with it. You cannot open any attachment that has an “unsafe&quot; file name extension. For a list of the unsafe file name extensions, visit the following Microsoft Web site:

http://office.microsoft.com/en-us/outlook/HA012299521033.aspx

The following list describes how Outlook behaves when you receive or send an &quot;unsafe&quot; file attachment: <ul> <li>Any “unsafe&quot; attachment is unaccessible. You cannot save, delete, open, print, or otherwise work with “unsafe&quot; files. The top of the e-mail message indicates that Outlook has blocked access to the “unsafe&quot; attachment. The attachment is unaccessible from Outlook. However, the attachment is not actually removed from the e-mail message.</li> <li>If you forward an e-mail message that has an “unsafe&quot; attachment, the attachment is not included in the forwarded e-mail message.</li> <li>If you send an e-mail message that contains an “unsafe&quot; attachment, you receive a warning message that states that other Outlook recipients may be unable to access the attachment that you are trying to send. You can either ignore the warning message and send the e-mail message, or you can decide not to send the e-mail message.</li> <li>If you save or close an e-mail message that contains an “unsafe&quot; attachment, you receive a warning message that states that you will be unable to open the attachment in Outlook 2003. You can override the warning message and save the e-mail message.</li> <li>You cannot open objects that are inserted in Microsoft Outlook Rich Text e-mail messages by using the Insert Object command. You do see a visual representation of the object, but you cannot open or activate the object in the e-mail message.</li> <li>You cannot open “unsafe&quot; files that have been directly stored in an Outlook or an Exchange folder. Although these files are not attached to an Outlook item, they are still considered “unsafe.&quot; You receive the following error message in this situation:

Can't open the item. Outlook blocked access to this potentially unsafe item.

</li></ul>

Level 2
Level 2 files are not “unsafe,&quot; but they do require more security than other attachments. When you receive a Level 2 attachment, you are prompted to save the attachment to a disk and you cannot open the attachment in the e-mail message. By default, file name extensions are not associated with this group. However, you can add file name extensions to the Level 2 list.

Note You can only change the list of files that are included in the Level 2 category if you are using Outlook in an Exchange environment and if your mail is being delivered to an Exchange mailbox. An administrator must make these changes.

Other Attachments
When you try to open an attachment other than those in the “unsafe&quot; or the Level 2 lists, you are prompted to either open the file directly or to save it to a disk. When you are prompted, you have the option to turn off future prompts for that file name extension if you click to clear the Always ask before opening this type of file check box.

Note If a program associates itself with a new file name extension, that file name extension is treated as an “other&quot; attachment until you add the file name extension to the &quot;unsafe&quot; list. For example, if you install a program on your computer that uses files that have a .xyz file name extension, whenever you open an attachment that has a .xyz file name extension, the new program opens and runs the attachment. By default, the .xyz file name extension is not on the “unsafe&quot; or the Level 2 list. Therefore, it is treated as an “other&quot; file name extension. If you want attachments that have the .xyz file name extension to be treated as “unsafe,&quot; you must add the .xyz file name extension to the list of “unsafe&quot; file name extensions.

<div class="references_section">