Category: At least Windows XP Professional with SP2

This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file’s property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening. If you enable this policy setting Windows hides the check box and Unblock button. If you disable this policy setting Windows shows the check box and Unblock button. If you do not configure this policy setting Windows hides the check box and Unblock button.

This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted Internet intranet local). This requires NTFS in order to function correctly and will fail without notice on FAT32. By not preserving the zone information Windows cannot make proper risk assessments. If you enable this policy setting Windows does not mark file attachments with their zone information. If you disable this policy setting Windows marks file attachments with their zone information. If you do not configure this policy setting Windows marks file attachments with their zone information.

This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments. Preferring the file handler instructs Windows to use the file handler data over the file type data. For example trust notepad. exe but don’t trust . txt files. Preferring the file type instructs Windows to use the file type data over the file handler data. For example trust . txt files regardless of the file handler. Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options. If you enable this policy setting you can choose the order in which Windows processes risk assessment data. If you disable this policy setting Windows uses its default trust logic which prefers the file handler over the file type. If you do not configure this policy setting Windows uses its default trust logic which prefers the file handler over the file type.

This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer’s email server additional calls would be redundant. If you enable this policy setting Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails the attachment is blocked from being opened. If you disable this policy setting Windows does not call the registered antivirus programs when file attachments are opened. If you do not configure this policy setting Windows does not call the registered antivirus programs when file attachments are opened.