"known dangerous" file types

[kochg]

Hi,

I need to know where I can exclude extensions from the Microsoft list of "known dangerous" file types like .exe, .lnk, .reg etc... I get a download warning when trying to open this type of file and I cannot unmark the "always ask before downloading this type of file" because it's a "known dangerous" file by Microsoft.

Does someone know how to exclude extensions from this list?

thanks,

 

[ie6user]

Have a look at

http://www.slovaktech.com/attachmentoptions.htm

- that might be just what you need.. ---
saybibi();
//john
#include <stddiscl.h>

 

[Turkbear]

Hi, You want to make your system vulnerable to mischef because...?

Does not seem to be a good idea...

 

[ie6user]

Hi Turkbear,

To start with: kochg asked a simple question; he just got a possible solution for his problem; he didn't ask for a security audit/analyses or whatever...

(and besides: blocking files based on extensions is a long shot - mostly overkill, *iff* you use just some plain common sense in handling email in general, or in this case attachments in particular...(

(and: almost all decent AV programs will scan executbles (irrespective of how they are executed) - so if you _were_ being sent a malicious attachment, and if you _were_ to execute it (the scanner has probably three shots at it - by means of a POP3 proxy, at the moment the attachment is saved in some temp dir (no email client I know of executes attachments directly from memory), and at the time the program is about to be executed) there would probably no harm being done, assuming you're up to date on your AV software)...

(not that I advocate a way of living like &quot;execute whatever you can, the scanner will probably intercept it anyway&quot; - on the contrary, but - the less careful you are in accepting attachment, the more security alternatives you should have...

(but we're entering one of my favourite discussions here, and these tend to be almost religious in nature sometimes, so let's not digress from the original problem..)

* best wishes, ---
saybibi();
//john
#include <stddiscl.h>

 

[kochg]

Thanks ie6user, the tool looks very convenient, but I haven't tested it for my situation yet. Let me explain:

I'm using folder redirection for my start menu, so this means that when users click on a shortcut in the start menu, they actually launch it from a central location on the server. Problem is that these shortcuts are .lnk files and windows looks at this like a download, and gives me the notification.

So turkbear, it has nothing to do with security, I just want to exclude .lnk files from that list, so my users don't get the anoying warning everytime they execute something out of their start menu.

Probably not an everyday problem...

G

 

[ie6user]

Ok - let's see...

you should be able to modify the EditFlags value in the registry:

at HKCR\lnkfile there should be a 4 byte binary value EditFlags (sometimes changed into a dword - should not make a difference)... If you were to clear (let me think - this is out of my head) b0 (the least significant bit) of the 3rd byte (orig value and 0xfe / 0376) you would enable (or rather not-disable) the Open/Save dialogbox; further more, b2 of the 2nd byte would enable (if cleard) the Set Default button - (orig value and 0xfb / 0373) - combining these two might enable you to get the desired result..

Warning: standard registry editing precautions apply.

Warning2: this is just untested, and a WAG - actually never tried it with .lnk files...
---
saybibi();
//john
#include <stddiscl.h>

 

[kochg]

Ok, I would expect it to be that deep.

Problem is that I see a REG_DWORD EditFlags, with 1 as a decimal value. But I think you're practically on the spot. Do you have more details on this?

Thanks a lot,

G

 

[Marcs41]

Are you sure it is the .lnk which triggers the blocking, or is it the target of the link? What exactly does the .lnk point to? EXE's or so?

If it is for Outlook, it's quite simple actually.
Goto:
HKCU\Software\Microsoft\Office\10.0\Outlook\Security
Add a new String and name it Level1Remove (watch the CAPS).
Edit the String and add the extensions you want de-blocked like mdb;url;zip;rar;doc;lnk

Correct me if this is not what you wanted

 

[kochg]

Hi marcs41, it's not really an outlook problem. Suppose I don't have office installed, then I cannot alter that string but I will still receive the notification. I talked to Microsoft and they are looking into it. I gave them my policies and they didn't see anything wrong with them, so they are a bit puzzled as well. I'll let you know if I find the problem

 

[Marcs41]

Ok, no Outlook.
But you did not reply to the first question:

Are you sure it is the .lnk which triggers the blocking, or is it the target of the link?
What exactly does the .lnk point to? EXE's or so?
The solution is out there.

 

[kochg]

Yes, the shortcuts point mostly to .exe files, like calculator or media player (complete start menu). But the .exe's are already local, it's the shortcuts that he downloads. Besides, .lnk and .exe are equally considered as dangerous file type. I will test a system without policies applied on it and come back with the result.

Tnx,

G

 

[kochg]

After a long mailing with microsoft, the problem is 'solved'. Actually, they've given me a workaround by placing the dfs link where the start menu resides in the list of local intranet sites. This way I don't get the notification. Microsoft told me that it would be fixed in the next service pack of XP. So this problem only exists with XP SP1 because SP1 of IE6 is integrated in it.

Regards,

G