Policy

Inclusion list for high risk file types

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassUser
CategoryWindows Components > Attachment Manager
Supported onAt least Windows XP Professional with SP2

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list). If you enable this policy setting, you can create a custom list of high-risk file types. If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk. If you do not configure this policy setting, Windows uses its built-in list of high-risk file types.

Internal name
AM_SetHighRiskInclusion
Policy ID
89798404a8f6
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Specify high risk extensions (include a leading period, e.g. .cmd;.exe;).
ID AM_InstructHighRiskInclusionList
text
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\HighRiskFileTypes
Type REG_SZ
None

Other policies in this category

Explore related policies at the same level.