Windows

How to Configure Windows Attachment Manager for File Security

Learn to protect your PC from potentially harmful downloads by customizing Windows Attachment Manager settings for high, medium, and low-risk files.

By Shivamm 3 min read
How to Configure Windows Attachment Manager for File Security

Windows Attachment Manager is a crucial security feature that helps safeguard your computer from potentially dangerous file attachments and downloads. By classifying files into risk categories, it allows you to control how your system handles different types of files. In this guide, we’ll explore how to configure the Attachment Manager for optimal security.

What is Windows Attachment Manager?

Attachment Manager is a built-in Windows service that activates when you receive email attachments or download files from the internet. It works with various applications, including Microsoft Outlook, Windows Messenger, and Internet Explorer, to manage file attachments and downloads securely.

The core function of Attachment Manager is to identify file types and apply appropriate security settings. It uses the IAttachmentExecute API to determine file types and associations. When a file is downloaded to an NTFS-formatted drive, the Attachment Manager updates the file’s metadata with information about its source zone. This metadata is stored as an Alternate Data Stream (ADS).

How Attachment Manager Classifies Files

Attachment Manager categorizes files into three risk levels:

  • High Risk: Files in this category are blocked when they originate from a restricted zone. If the file comes from the Internet zone, Windows prompts the user before allowing access.
  • Medium Risk: For these files, Windows displays a warning prompt before allowing access, regardless of the file’s origin zone.
  • Low Risk: These files can be opened without any warning messages.

The classification is based on three key factors:

  • The program you’re using to open the file
  • The file type and extension
  • The security settings of the web content zone where the file originated

Configuring Attachment Manager Settings

To customize Attachment Manager settings, you’ll need to use the Group Policy Editor or modify the Windows Registry. Here’s how to do it:

Method 1: Using Group Policy Editor

Step 1: Open the Group Policy Editor by pressing Windows + R, typing gpedit.msc, and pressing Enter.

Step 2: Navigate to User Configuration > Administrative Templates > Windows Components > Attachment Manager.

Step 3: Double-click on “Do not preserve zone information in file attachments” to open its settings.

Step 4: Choose “Enabled” to prevent Windows from marking files with zone information, or “Disabled” to maintain the default behavior of marking files.

Step 5: Click “Apply” and then “OK” to save your changes.

Method 2: Using Registry Editor

Step 1: Open the Registry Editor by pressing Windows + R, typing regedit, and pressing Enter.

Step 2: Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Step 3: Look for the “SaveZoneInformation” value. If it doesn’t exist, right-click in the right pane, select New > DWORD (32-bit) Value, and name it “SaveZoneInformation”.

Step 4: Double-click the “SaveZoneInformation” value and set it to 1 to disable zone information preservation, or 2 to enable it (default).

Step 5: Click “OK” and close the Registry Editor.

Customizing Risk Levels for File Types

Attachment Manager allows you to customize risk levels for specific file types. Here’s how:

Step 1: In the Group Policy Editor, navigate to User Configuration > Administrative Templates > Windows Components > Attachment Manager.

Step 2: Double-click on “Default risk level for file attachments” to open its settings.

Step 3: Choose “Enabled” and select the desired risk level (High, Moderate, or Low) from the dropdown menu.

Step 4: Click “Apply” and then “OK” to save your changes.

Handling Low-Risk File Types

Attachment Manager treats certain file types as low-risk under specific conditions:

  • When opened with Notepad: .log, .text, .txt
  • When opened with Windows Picture and Fax Viewer: .bmp, .dib, .emf, .gif, .ico, .jfif, .jpg, .jpe, .jpeg, .png, .tif, .tiff, .wmf

Note that if you associate these file types with different programs, they may no longer be considered low-risk.

Manually Unblocking Files

If you need to unblock a specific file that Attachment Manager has blocked, you can do so manually:

Step 1: Right-click on the blocked file and select “Properties”.

Step 2: At the bottom of the Properties window, look for a section that says “This file came from another computer and might be blocked to help protect this computer.”

Step 3: Check the box next to “Unblock” and click “Apply” then “OK”.

By configuring Windows Attachment Manager, you’ve taken an important step in securing your system against potentially harmful files. Remember to keep your antivirus software updated and exercise caution when downloading files from unknown sources for comprehensive protection.