Microsoft has introduced a new security feature that automatically blocks file previews in File Explorer for documents downloaded from the Internet.
The change aims to prevent hackers from stealing user credentials through malicious files. It is now active for users who have installed this month’s Patch Tuesday updates on Windows 11 and Windows Server systems.
According to Microsoft, this update affects files marked with the “Mark of the Web” (MotW) tag — meaning they were downloaded through a browser, received via email, or obtained from other online sources. When users try to preview such files in File Explorer, they will now see a warning message that says, “The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.”
This new protection prevents attackers from exploiting vulnerabilities that could leak NTLM hashes — encrypted credentials used in Windows authentication — through files containing HTML tags such as <link> or <src>. Previously, attackers could trick users into exposing sensitive information simply by getting them to select a file in File Explorer’s preview pane, without opening it.
Starting with the October 2025 security update, this protection is enabled automatically, meaning most users don’t need to make any changes. However, if you need to preview a trusted file from a reliable source, you can manually unblock it. To do so, right-click the file, choose “Properties,” and click the “Unblock” button under the General tab. In some cases, you may need to sign out and back in for the change to take effect.
For network-shared files, administrators can also allow previews by adding the file share’s address to the Trusted sites or Local intranet zones in the Internet Options settings.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
