Microsoft has updated File Explorer to block previews of files downloaded from the internet, enhancing security against credential-theft attacks. This new setting is in effect for Windows 11 and Windows Server users with the latest security updates installed as of 2025-10-14.
Securing File Explorer
Windows File Explorer now automatically disallows file previews for downloads marked with the Mark of the Web (MotW) or stored in Internet Zone file shares. This measure aims to stop attackers from exploiting vulnerabilities that could leak NTLM hashes when users preview files containing HTML elements like images or iframes pointing to external locations.
This modification has taken effect as part of October's Patch Tuesday security updates. Affected users will see a warning message when attempting to preview such files, indicating potential harm and suggesting opening trusted files directly.
User Impact and Options
For the majority of users, no extra steps are required. However, those needing to preview trusted files can bypass the block by right-clicking the file, selecting Properties, and clicking "Unblock." Further, to avoid this restriction on all files from specific sources, users can add those file share addresses to the Trusted sites or Local intranet zone through Internet Options.
The change only affects files sourced from the internet and is designed to minimize the risk without disrupting trusted workflows. Microsoft emphasizes that this default setting significantly reduces the threat without requiring user intervention.
