Detections
Analytics

1.26 Set 'Remove file extensions blocked as Level 1' to 'Disabled'

Information

This policy setting controls which types of attachments (determined by file extension)
Outlook prevents from being delivered.
Outlook uses two levels of security to restrict users' access to files attached to e-mail
messages or other items. Files with specific extensions can be categorized as Level 1 (users
cannot view the file) or Level 2 (users can open the file after saving it to disk). Users can
freely open files of types that are not categorized as Level 1 or Level 2.
If you enable this policy setting, you can specify the removal of file type extensions as that
Outlook classifies as Level 1--that is, to be blocked from delivery--by entering them in the
text field provided separated by semicolons.
If you disable or do not configure this policy setting, Outlook classifies a number of
potentially harmful file types (such as those with .exe, .reg, and .vbs extensions) as Level 1
and blocks files with those extensions from being delivered. (See Attachment file types
restricted by Office 2010 at
http-//officeredir.microsoft.com/r/rlidGPOutlkAdminAndUserSet2O14?clid=1033 for the
full list.)
Important- This policy setting only applies if the 'Outlook Security Mode' policy setting
under 'Microsoft Outlook 2010\Security\Security Form Settings' is configured to 'Use
Outlook Security Group Policy.' The recommended state for this setting is- Disabled.

*Rationale*

Malicious code is often spread through e-mail. Some viruses have the ability to send copies
of themselves to other people in the victim's Address Book or Contacts list, and such
potentially harmful files can affect the computers of unwary recipients.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Disabled.

User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security
Form Settings\Attachment Security\Remove file extensions blocked as Level 1\- Removed
Extensions-

Impact-Disabling this setting will cause any extensions that are already on the list to be ignored,
which means that Outlook 2010 will block access to them again. This configuration could
cause disruptions for users who are accustomed to sending and receiving such files.
Note You can also configure Exchange Security Form settings by enabling the 'Outlook
Security Mode' setting in

User Configuration\Administrative Templates\Classic
Administrative Templates (ADM)\Microsoft Office Outlook 2010\Security\Security Form
Settings\Microsoft Office Outlook 2010 Security and selecting Use Outlook Security Group
Policy from the drop-down list.

See Also

https://workbench.cisecurity.org/files/530

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: e3b76ece1c1ae0e6c77f3f2db5fb3531b885c4aa73af0199bff6c152d33ee038