Safe and unsafe file extensions
EMail this article
The following list of file name extensions lists types of files identified by
Microsoft as containing potentially dangerous applications.
Dangerous File Extensions
Extension | File type |
---|---|
.ade | Microsoft Access project extension |
.adp | Microsoft Access project |
.asx | Windows Media Audio / Video |
.bas | Microsoft Visual Basic class module |
.bat | Batch file |
.chm | Compiled HTML Help file |
.cmd | Microsoft Windows NT Command script |
.com | Microsoft MS-DOS program |
.cpl | Control Panel extension |
.crt | Security certificate |
.exe | Program |
.hlp | Help file |
.hta | HTML program |
.inf | Setup Information |
.ins | Internet Naming Service |
.isp | Internet Communication settings |
.js | JScript file |
.jse | Jscript Encoded Script file |
.lnk | Shortcut |
.mda | Microsoft Access add-in program |
.mdb | Microsoft Access program |
.mde | Microsoft Access MDE database |
.mdt | Microsoft Access workgroup information |
.mdw | Microsoft Access workgroup information |
.mdz | Microsoft Access wizard program |
.msc | Microsoft Common Console document |
.msi | Microsoft Windows Installer package |
.msp | Microsoft Windows Installer patch |
.mst | Microsoft Windows Installer transform |
Microsoft Visual Test source file | |
.ops | Office XP settings |
.pcd | Photo CD image; Microsoft Visual compiled script |
.pif | Shortcut to MS-DOS program |
.prf | Microsoft Outlook profile settings |
.reg | Registration entries |
.scf | Windows Explorer command |
.scr | Screen saver |
.sct | Windows Script Component |
.shb | Shell Scrap object |
.shs | Shell Scrap object |
.url | Internet shortcut |
.vb | VBScript file |
.vbe | VBScript Encoded script file |
.vbs | VBScript file |
.wsc | Windows Script Component |
.wsf | Windows Script file |
.wsh | Windows Script Host Settings file |
The following list describes how Outlook functions when you receive or send
an "unsafe" file attachment:
Any file received in an email as an attachment with any of the extensions
listed above should NEVER be opened even if you know the person
that sent the file.
Safe File Extensions
Extension | File type |
---|---|
.gif | Graphics Interchange Format (CompuServe) |
.jpg or .jpeg | Joint Photographic Expert Group |
.tif or .tiff | Tagged Image File Format (Adobe) |
.mpg or .mpeg | Motion Picture Expert Group |
.mp3 | MPEG compressed Audio |
.wav | Microsoft Audio |
Files blocked by Zone Alarm:
Extension | File type |
---|---|
*.ADE | Microsoft Access Project Extension |
*.ADP | Microsoft Access Project |
*.ASX | Windows Media Audio/Video |
*.BAS | Visual Basic® Class Module |
*.BAT | Batch File |
*.CHM | Compiled HTML Help File |
*.CMD | Windows NT® Command Script |
*.COM | MS-DOS® Application |
*.CRT | Security Certificate |
*.DBX | Microsoft Visual Foxpro Table |
*.EXE | Application |
*.HLP | Windows® Help File |
*.HTA | HTML Applications |
*.INF | Setup Information File |
*.INS | Internet Communication Settings |
*.ISP | Internet Communication Settings |
*.JS | JScript® File |
*.JSE | JScript Encoded Script File |
*.LNK | Shortcut |
*.MDA | Microsoft Access Add-in |
*.MDB | Microsoft Access Application |
*.MDE | Microsoft Access MDE Database |
*.MDZ | Microsoft Access Wizard Template |
*.MHT | Web Archive File |
*.MSC | Microsoft Common Console Document |
*.MSI | Windows Installer Package |
*.MSP | Windows Installer Patch |
*.MST | Visual Test Source File |
*.NCH | Outlook Express Folder File |
*.PCD | Photo CD Image |
*.PIF | Shortcut to MS-DOS Program |
*.PRF | Microsoft Outlook Profile Settings |
*.REG | Registration Entries |
*.SCF | Windows Explorer Command |
*.SCR | Screen Saver |
*.SCT | Windows Script Component |
*.SHB | Shell Scrap Object |
*.SHS | Shell Scrap Object |
*.URL | Internet Shortcut (Uniform Resource Locator) |
*.VB | VBScript File |
*.VBE | VBScript Encoded Script File |
*.VBS | VBScript Script File |
*.WMS | Windows Media Skin |
*.WSC | Windows Script Component |
*.WSF | Windows Script File |
*.WSH | Windows Scripting Host Settings File |
*.ZIP | ZIP Archive File |
If an attachment does not have one of these safe extensions its best not to open the attachment. Be especially suspicious of any file that has a doubled extension (for example,image.gif.exe). Normally files have only one three or four letter extension so a file with more than one extension is probably an attempt to trick you into opening the attachment.
Take great care when opening any email attachment.
- Think about who sent it and why.
- Is it relevant or not?
- Always run an up-to-date virus scanner loaded up with the latest virus
signatures