Outlook Blocks Attachments

‘Outlook blocked access to the following potentially unsafe attachments

KB ID 0000058

Problem

Yes it is annoying, someone tries to send you a copy of an program, a database r you are the one doing the sending, and your Outlook client blocks it, but this is done for a good reason. Microsoft have classified 39 different file types as being “dangerous” to your system and have categorized them into two levels. Level 1 files are blocked completely, and level two files show up as an icon in your Email but when you try to open them outlook forces you to save them.

If your reading this the chances are you are having problems with Level 1 blocked files?

Level 1 Blocked Files

.ade Microsoft Access project extension
.adp Microsoft Access project
.bas Microsoft Visual Basic class module
.bat Batch file
.chm Compiled HTML Help file
.cmd Microsoft Windows NT Command Script
.com Microsoft MS-DOS program
.cpl Control Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.lnk Shortcut
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdz Microsoft Access wizard program
.msc Microsoft Common Console Document
.msi Microsoft Windows Installer package
.msp Windows Installer patch
.mst Visual Test source files
.pcd Photo CD image/Microsoft Visual Test compiled script
.pif Shortcut to MS-DOS program
.reg Registry entries
.scr Screen savers
.sct Windows Script Component
.shs Shell Scrap Object
.url Internet shortcut
.vb VBScript file
.vbe VBScript Encoded Script file
.vbs VBScript file
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file

OK so now you know WHY your files have been blocked, you need to decide what you are going to do about it.

Solution

The simplest option is to get the files “Re-sent” and change the file extension to something that wont be blocked (like .txt for example) OR put your files in something else like a 7-Zip or WinZIP file and send them.

If you want to disable the feature completely read on…..

Outlook Express (Blocks Attachments)

1. Start Outlook Express.

2. On the Tools > Options.

3. Click the Security tab, click to clear the Do not allow attachments to be saved or opened that could potentially be a virus check box under Virus Protection, and then click OK.

Outlook 2013, 2010, 2007, 2003, 2002, and 2000 (SP3) Blocking Attachments

1. Windows Key +R > Regedit {enter}
2. Navigate to;

[box]HKEY_CURRENT_USER > Software > Microsoft > Office > {version} > Outlook > Security[/box]

NOTE for each version of Outlook, the number in the registry path is different.

  • Outlook 2000 (SP3) 9.0
  • Outlook XP/2002 10.0
  • Outlook 2003 11.0
  • Outlook 2007 12.0
  • Outlook 2010 14.0
  • Outlook 2013 15.0

In NEWER Versions of Outlook you will need to manually create the Security key.

3. Right click in the right Pane and select New > String Value.

4. Call the new string Level1Remove.

5. Now you need to tell the registry what you want to allow through, and you need to do it for EACH file extension you want to let through, for this example I’m going to let through executable programs, and MS Access Databases. Double click the Level1Remove string you just created.

NOTE: You need to type every extension (preceded by the full stop) and separate each with a colon (no spaces).

7. When you are done, click OK and close the registry editor.

Related Articles, References, Credits, or External Links

Original Article Written: 09/11/09

Groupshield 7 – Blocking Keywords

KB ID 0000438 

Problem

You would like Groupshield to block email containing certain keywords, for example you are getting a lot of spam containing certain words and phrases, in either the the subject line or message body.

Solution

Related Articles, References, Credits, or External Links

NA

McAfee ePO – Client Firewall Exceptions to Allow Agent Deployment

KB ID 0000952 

Problem

It’s been a while, since I deployed ePO, and as I’ve got a big McAfee roll-out coming up I thought I’d better run it up on the test bench and see how much it’s changed since version 4. As the prospective client is going to use Server 2012 and Windows 8, that’s what I tested it with.

Despite my best efforts the the McAfee agent (8.6) refused to deploy to the clients as long as I had the windows firewall on. A quick Google turned up a myriad of suggestions for ports and services, and most of them were for older versions of ePO or were simply incorrect.

Solution

Basically you need to to do two things with the firewall;

  • Allow in ICMP echo requests
  • Allow in File and Printer sharing

Set Firewall to Allow McAfee Agent deployment via Group Policy

This is the simplest option, especially if you have a lot of client to deploy to.

1. On your Domain Controller > Launch the Group Policy Management Console > Create a new policy (or edit an existing one), that is linked either to the root of the domain, or the OU that your computers are in.

2. Edit The policy, and navigate to;

[box]Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain ProfileWindows Firewall: Allow ICMP exceptions[/box]

3. Set to Enabled > Select ‘Allow inbound echo request’ > Apply > OK.

4. In the same location select ‘Windows Firewall: Allow inbound file and printer sharing exception’.

5. Enable this policy > Then enter the IP address of the ePO server > Apply > OK.

6. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them. Then Re-deploy your McAfee agent.

Set Firewall to Allow McAfee Agent deployment on an Individual Machine

1. Windows Key +R > cmd {Enter} > firewall.cpl {Enter}.

2. Allow an app or feature though Windows Firewall.

3. Locate ‘File and Printer Sharing’ and enable (Note: Here I’ve enabled for Domain, Public, and Private, you may only want to select Domain) > OK.

4. Advanced Settings > Inbound Rules > New Rule.

5. Custom > Next.

6. All Programs > Next.

7. Protocol Type = ICMPv4 > Customize > Echo Request > OK > Next.

8. Enter the IP address of your ePO server > Next.

9. Allow the connection > Next.

10. Select as appropriate > Next.

11. Give the rule a sensible name > Finish.

12. Re-deploy your McAfee agent.

Related Articles, References, Credits, or External Links

NA