Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Display file extensions" parameter #6

Open
Harvester57 opened this issue Jan 24, 2022 · 0 comments
Open

"Display file extensions" parameter #6

Harvester57 opened this issue Jan 24, 2022 · 0 comments
Assignees
@Harvester57
Labels
enhancement New feature or request

Comments

@Harvester57
Copy link
Owner

When extensions for known file types are hidden, an adversary can more easily use social engineering techniques to convince users to execute malicious email attachments. For example, a file named vulnerability_assessment.pdf.exe could appear as vulnerability_assessment.pdf to a user. To reduce this risk, hiding extensions for known file types should be disabled. Showing extensions for all known file types, in combination with user education and awareness of dangerous email attachment file types, can help reduce the risk of users executing malicious email attachments.

The following registry entry can be implemented using Group Policy preferences to prevent extensions for known file types from being hidden.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt

REG_DWORD 0x00000000 (0)

Taken from : https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-windows-10-version-21h1-workstations
@Harvester57 Harvester57 self-assigned this Jan 24, 2022
@Harvester57 Harvester57 added the enhancement New feature or request label Jan 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Harvester57 Harvester57

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Harvester57