File Explorer: The file you are attempting to preview could harm your computer

After installing the October 15 (2025), cumulative update for Windows 11, File Explorer turns off the preview feature for files downloaded from the internet. After the October 2025 or a later Windows security update is installed, the File Explorer preview pane will display the following message:

The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.

Cause

This change of behavior applies to files marked with Mark of the Web (MotW) after download from the internet, and to files viewed on an Internet Zone file share. This is a security measure that prevents a vulnerability that could leak NTLM hashes when users preview potentially unsafe files. For more details, review the following frequently asked questions about this change.


Resolution

Option 1: Unblock each file using the Properties dialog

If you trust the source of the file you want to preview, unblock the file. To remove the block for a downloaded file, right-click the file in File Explorer, select Properties, select Unblock, and click OK.

Unblock file using Properties- MoTw. NTFS

Option 2: Bulk unblock downloaded files using PowerShell or Streams.exe

If you have many downloaded files and want to unblock them en masse (i.e., bulk unblock), you can use Microsoft’s Streams.exe tool or PowerShell. Please check out the following article for more information:

How to Bulk Unblock Files Downloaded from the Internet

What about files in a network share? I can’t unblock them.

Note: To remove the block for files on a file share, use the Internet Options control panel’s Security tab to add the file share’s address to either the Local intranet or Trusted sites security zone.

To launch the Internet Options dialog, press Win + R, type inetcpl.cpl and click OK. Select the “Security” tab, and click Trusted sites. Click “Sites” and add the website or UNC share path (which hosts the files) there.

Internet Explorer options - Trusted sites zone

Option 3: Move the files to a FAT32 disk and then move them back

Saving downloaded files to a FAT32 partition should workaround the problem. Mark of the Web (MotW) is not saved when you save the files to a non-NTFS (e.g, FAT32) partition. If you have hundreds of files, you can move them to a FAT32 disk and then move them back to the original location. That way, you erase the NTFS ADS data, where MotW is stored.


Workaround

To turn on Previews back on regardless of file source and without having to unblock each file, you may use the IE zones registry workaround by Eric Lawrence of the Microsoft Web Defense team. Please create a System Restore point and employ the registry edit here.

Turn Shell Previews back on regardless of file source – GitHub

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"180F"=dword:00000000
Important: Note the caveat mentioned on that link. It suggests disabling NTLM over SMB if you apply that registry edit.
Quoting Eric Lawrence:



Warning, this exposes you to the risk of NTLM hash leaks: https://textslashplain.com/2019/10/09/navigating-to-file-urls/#:~:text=to%20Edge%2095%2B.-,What%E2%80%99s%20the%20Risk%3F,-The%20most%20obvious

You should disable NTLM over SMB to address that risk: Set-SMbClientConfiguration -BlockNTLM $true from PowerShell.

To accomplish the above task using command-line, run these commands from admin Command Prompt.

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 180F /d 0 /t REG_DWORD /f

PowerShell.exe -Command "& {Set-SMbClientConfiguration -BlockNTLM $true}

Reference: Block NTLM connections on SMB in Windows Server 2025 | Microsoft Learn

The 180F registry value corresponds to the following security zone setting:

Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer

The above setting is not displayed in the user interface in Internet Explorer Options (inetcpl.cpl)

Reference: IE security zones registry entries for advanced users – Internet Explorer | Microsoft Learn


References

Windows Shell Previews – Restricted – text/plain

How to Bulk Unblock Files Downloaded from Internet

IE security zones registry entries for advanced users – Internet Explorer | Microsoft Learn

How to Solve the Issue That File Explorer Is Unable to Preview PDF Files and Displays the Warning


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time.

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a ten-time recipient of the Microsoft MVP award in Windows Desktop Experience (Windows Shell), from 2003 to 2012. Ramesh founded Winhelponline.com in 2005.

Leave a Comment