Re: Unsafe Attachments

From: Diane Poremsky [MVP] (info_at_cdolive.com)
Date: 06/09/04 

Date: Tue, 8 Jun 2004 20:55:40 -0400

it sends them - you just can't access them.

See http://www.slipstick.com/outlook/esecup/getexe.htm for more information.

For more information on the security features, see
http://www.slipstick.com/outlook/esecup.htm 

-- 
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)
Outlook Tips: http://www.outlook-tips.net/
Outlook & Exchange Solutions Center: http://www.slipstick.com
Join OneNote Tips mailing list: http://www.onenote-tips.net/
Vote for your favorite Outlook and Exchange utilities in the
Slipstick Ratings Raffle at http://www.slipstick.com/contest/
"Ron" <anonymous@discussions.microsoft.com> wrote in message 
news:1996001c44d96$1cbe1930$a601280a@phx.gbl...
>I can not send links or .exe files in updated Outlook 2000
> and Oficce XP.  It will not send them.  I have edited the
> registry and added the extensions .exe;.aspx;htm etc in
> level1add and remove string values as talekd about here:
>
> It still does not [work- can anyone help
>
> thanks in advance- Ron
>
> Why do I get "Outlook blocked access to the following
> potentially unsafe attachments: [...]" error messages
> opening my email?
>
> Problem
>
> Outlook 2002 includes a new security feature that blocks
> attachments considered unsafe. If you receive an e-mail
> message that contains one of the blocked file types, you
> may see the following warning message:
>
>
>
> Outlook blocked access to the following potentially unsafe
> attachments: [.]
>
>
>
> Although access to the attachment has been blocked, the
> attachment still exists in the message. This article
> summarizes what to do if you need to access the
> attachment.
>
> Discussion
>
> This security feature provides an additional level of
> protection against malicious e-mail messages. Updates were
> available for earlier versions of Microsoft Outlook, but
> in Outlook 2002 this security feature is implemented by
> default.
>
> Use one of the following recommended methods to obtain
> access to the attached file:
>
> Request that the sender post or save the attachment to a
> file share and send you the link to it.
> Request that the sender use a file compression utility
> that changes the file extension.
> Request that the sender rename the file extension and send
> it to you. Once you receive the renamed attachment, you
> can rename the file with the original extension.
> If the previously recommended methods do not meet your
> needs, you may use one of the following alternate methods:
>
> If you are in a Microsoft Exchange Server environment and
> your administrator has configured the Outlook Security
> settings, ask the administrator to modify the security
> settings for your mailbox.
> If you are not in an Exchange Server environment, modify
> the registry to customize the attachment security
> settings.
> Microsoft Exchange Server Environment
>
> If you run Outlook in an Exchange Server environment, your
> administrator can change the default attachment security
> behavior.
>
>
>
> Attachment Behavior
>
> Attachments are divided into three groups based on their
> file extension, or type. Outlook handles each group in a
> specific way.
>
>
>
> Level 1 ("Unsafe")
>
> The "unsafe" category represents any extension that may
> have script or code associated with it. Any attachment
> with an "unsafe" file extension is inaccessible if you use
> a version of Outlook that has the security patch applied
> to it. The following list contains attachments that are
> considered unsafe:
>
> File extension  File type
>
> .ade             Microsoft Access project extension
> .adp             Microsoft Access project
> .asx              Windows Media Audio / Video
> .bas              Microsoft Visual Basic class module
> .bat              Batch file
> .chm             Compiled HTML Help file
> .cmd             Microsoft Windows NT Command script
> .com             Microsoft MS-DOS program
> .cpl              Control Panel extension
> .crt              Security certificate
> .exe              Program
> .hlp              Help file
> .hta              HTML program
> .inf               Setup Information
> .ins               Internet Naming Service
> .isp               Internet Communication settings
> .js                JScript file
> .jse              Jscript Encoded Script file
> .lnk               Shortcut
> .mdb             Microsoft Access program
> .mde             Microsoft Access MDE database
> .msc             Microsoft Common Console document
> .msi              Microsoft Windows Installer package
> .msp             Microsoft Windows Installer patch
> .mst             Microsoft Windows Installer transform;
> Microsoft Visual Test source file
> .pcd             Photo CD image; Microsoft Visual compiled
> script
> .pif               Shortcut to MS-DOS program
> .prf               Microsoft Outlook profile settings
> .reg              Registration entries
> .scf              Windows Explorer command
> .scr              Screen saver
> .sct              Windows Script Component
> .shb              Shell Scrap object
> .shs              Shell Scrap object
> .url               Internet shortcut
> .vb               VBScript file
> .vbe             VBScript Encoded script file
> .vbs              VBScript file
> .wsc             Windows Script Component
> .wsf              Windows Script file
> .wsh             Windows Script Host Settings file
>
> The following list describes how Outlook functions when
> you receive an "unsafe" file attachment:
>
> Any "unsafe" attachment is not accessible. You cannot
> save, delete, open, print, or otherwise
> manipulate "unsafe" files. The top of the e-mail message
> indicates that Outlook has blocked access to the "unsafe"
> attachment; the attachment is not accessible from Outlook,
> however, the attachment is not actually removed from the e-
> mail message.
> If you forward an e-mail message with an "unsafe"
> attachment, the attachment is not included in the
> forwarded e-mail message.
> If you send an e-mail message that contains an "unsafe"
> attachment, you receive a warning message that says other
> Outlook recipients may not be able to access the
> attachment that you are trying to send. You can either
> disregard the warning message and send the e-mail message,
> or you can choose to not send the e-mail message.
> If you save or close an e-mail message that contains
> an "unsafe" attachment, you receive a warning message that
> says you will not be able to access the attachment from
> Outlook. You can override the warning message and save the
> e-mail message.
> You cannot open objects that are inserted into Microsoft
> Outlook Rich Text messages by using the Insert Object
> command. You do see a visual representation of the object,
> but you cannot open or activate the object in the e-mail
> message.
> You cannot open "unsafe" files that have been directly
> stored in an Outlook or Exchange Server folder. Although
> these files are not attached to an Outlook item, they are
> still considered "unsafe." The following error message
> occurs in this situation:
> Can't open the item. Outlook blocked access to this
> potentially unsafe item.
> Level 2
>
> Level 2 files are not "unsafe" but they do require more
> security than other attachments. When you receive a Level
> 2 attachment, you are prompted to save the attachment to a
> disk; you cannot open the attachment from within the e-
> mail message. By default, file extensions are not
> associated with this group, however, you can add file
> extensions to the Level 2 list.
>
> NOTE: The list of files that are included in the Level 2
> category can only be changed if you are using Outlook in a
> Microsoft Exchange Server environment and your mail is
> being delivered to an Exchange Server mailbox. These
> changes must be made by an administrator.
>
>
> Other Attachments
>
> When you try to open an attachment other than those in
> the "unsafe" or Level 2 lists, you are prompted to either
> open the file directly or to save it to a disk. You can
> turn off future prompts for that extension if you click to
> clear the Always ask before opening this type of file
> check box.
>
> NOTE: If a program associates itself with a new file
> extension, that file extension is treated as an "other"
> attachment until you add the file extension to
> the "unsafe" list. For example, if you install a program
> on your computer that uses files with an .xyz file
> extension, whenever you open an attachment that has
> an .xyz file extension, the new program opens and runs the
> attachment. By default, the .xyz file extension is not on
> the "unsafe" or Level 2 list, so it is treated as
> an "other" file extension. If you want attachments with
> the .xyz file extension to be treated as "unsafe," you
> must add the .xyz file extension to the list of "unsafe"
> file extensions.
>
> Solution
>
> You can modify the attachment security behavior in Outlook
> 2002 if you are using Outlook in one of the following
> scenarios:
>
> Outlook is run outside of an Exchange Server environment.
> In an Exchange Server environment, the administrator has
> not configured the Outlook Security settings to disallow
> changes to the attachment security behavior.
> In these scenarios, modify the attachment security
> behavior by making a modification to the registry. Perform
> the following steps to modify the registry:
>
> NOTICE: The following procedure contains information about
> editing the Windows registry. Dell does not guarantee
> success or support these actions. Any use of the
> information provided herein, is performed at your own
> risk. You should make a backup copy of the registry files
> prior to executing any of the following steps. Incorrect
> use of the registry editor and editing the registry files
> can cause serious problems that may require a complete
> reinstall of your operating system. Dell assumes no
> responsibility, expressed or implied, regarding the
> consequences of any action taken as a result of the
> information provided herein.
>
> Exit Outlook 2002, if running.
> Click the Windows Start button, then click Run, in the
> Open box, type regedit, and then click OK.
> In the left pane, click on the plus next to the following
> registry keys:
> HKEY_CURRENT_USER
> Software
> Microsoft
> Office
> 10.0
> Outlook
> Security
> Click Edit, click New, and then click String Value.
> Type the following name for the new value:
> Level1Remove
> Press the <Enter> key.
> Right-click the new string value name, and then left-click
> Modify.
> Type the extension of the file type that you would like to
> access with Outlook 2002 as follows:
> .exe
> To specify multiple file types, separate them with a
> semicolon, using the following format:
> .exe;.com
> When finished, click OK.
> Exit the Registry Editor program.
> When you start Outlook 2002, the file types specified in
> the Windows Registry are accessible.
>
> NOTE: It is recommended that only the necessary file types
> be enabled for access. If a particular file type is
> received rarely, it is recommended that Outlook 2002 be
> given temporary access to the file type in question and
> then reconfigured to the blocked state by undoing the
> changes made to the Windows Registry.
>
>
>
> The information contained in the above document consists
> of excerpts from Microsoft Knowledge Base. Any content
> editing was done for space considerations. Where possible,
> the document was left in its entirety. The technical
> information and troubleshooting described herein are for
> informational purposes only. For additional information or
> the complete document, please go to:
> http://support.microsoft.com/directory/
> Article ID: Q290497 Title " OL2002: Cannot Access
> Attachments"
>
>
>
>
>
> -----------------------------------------------------------
> ---------------------
>
>
Quantcast