Microsoft has updated File Explorer to automatically block file previews for items downloaded from the internet, aiming to prevent credential theft via malicious documents.
The feature, active after the October 2025 security update, disables previews for files marked with “Mark of the Web” or accessed from other places on the Internet.
This change protects against NTLM hash leaks that can occur when previewing compromised files, though users can manually unblock trusted items if needed.
This update addresses a security flaw that could expose NTLM hashes when users preview files containing HTML elements like <link> or <src> that connect to external resources. Attackers could exploit this behavior in File Explorer’s preview pane to intercept authentication data and steal user credentials.
Table Of Contents
Coming with October 2025 Update
Starting with the October 2025 Windows security update, File Explorer will now display a warning message in the preview pane for certain files:
“The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.”
This message appears for files tagged with the Mark of the Web (MotW), indicating they were downloaded from the internet—or those accessed from an Internet Zone file share. The update is designed to enhance user protection by restricting previews of potentially unsafe files.
How to Disable This?
If you trust the file and its origin, Windows allows you to remove the Internet security block. To do this for a downloaded file, right-click it in File Explorer, choose Properties, and select Unblock.
Note that this change may not apply instantly, it becomes active after your next login.
For files stored on an Internet Zone network share, open the Internet Options control panel, go to the Security tab, and add the file share’s address to the Local intranet or Trusted sites zone.
However, keep in mind that doing this reduces security for all files from that source, so it should only be used for trusted locations.
