Detections
Analytics

5.1.6 Set 'Display Level 1 attachments' to 'Disabled'

Information

This policy setting controls whether Outlook blocks potentially dangerous attachments
designated Level 1. To protect users from viruses and other harmful files, Outlook uses two
levels of security, designated Level 1 and Level 2, to restrict access to files attached to e-
mail messages or other items. Potentially harmful files can be classified into these two
levels by file type extension, with all other file types considered safe. See Attachment file
types restricted by Office 2010
(http-//officeredir.microsoft.com/r/rlidGPOutlkAdminAndUserSet2O14?clid=1033) for
the full list of file types classified Level 1 by default.
If you enable this policy setting, Outlook users can gain access to Level 1 file type
attachments by first saving the attachments to disk and then opening them, as with Level 2
attachments.
If you disable this policy setting, Level 1 attachments will not display under any
circumstances.
If you do not configure this policy setting, Outlook completely blocks access to Level 1 files,
and requires users to save Level 2 files to disk before opening them.
Important- This policy setting only applies if the 'Outlook Security Mode' policy setting
under 'Microsoft Outlook 2010\Security\Security Form Settings' is configured to 'Use
Outlook Security Group Policy.' The recommended state for this setting is- Disabled.

*Rationale*

To protect users from viruses and other harmful files, Outlook 2010 uses two levels of
security, designated Level 1 and Level 2, to restrict access to files attached to e-mail
messages or other items. Potentially harmful files can be classified into these two levels by
file type extension, with all other file types considered safe.
By default, Outlook completely blocks access to Level 1 files, and requires users to save
Level 2 files to disk before opening them. If this configuration is changed, users will be able
to open and execute potentially dangerous attachments, which can affect their computers
or compromise the confidentiality, integrity, or availability of data.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Disabled.

User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security
Form Settings\Attachment Security\Display Level 1 attachments

Impact-See Attachment file types restricted by Office 2010 for the full list of file types classified
Level 1 by default.Important- For this setting to apply, you must also enable the 'Outlook Security Mode'
setting in

User Configuration\Administrative Templates\Classic Administrative Templates
(ADM)\Microsoft Office Outlook 2010\Security\Security Form Settings\Microsoft Office
Outlook 2010 Security and select Use Outlook Security Group Policy from the drop-down
list.

See Also

https://workbench.cisecurity.org/files/530

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: c8f58ad79962272ab5a587f5961bae8847a84d75cd34166be145fe7531e76134