Stop downloaded files running without warning

By Tony Wilson

Senior consultant

We are often asked how to prevent, or alert the user that, an untrusted file has been downloaded from the internet. This is a requirement of Cyber Essentials and relates to question 4.5 of our questionnaire.

It is often a good idea to check your anti-virus programme as it may have options to prevent such files running – or at least provide sufficient warning about the file you are about to run.

Windows allows Software Restriction Policies (SRPs) to be deployed. As the name suggests, software can be prevented from running under certain conditions (such as from the downloads area. Be careful with this as it is possible, if badly configured, to actually  stop every file from running on the computer (including Operating System files)  and effectively locking you out of the device. For further information on SRPs please check out this Microsoft link:

Attachment manager has been a well kept secret by Microsoft since its inclusion in all Windows Operating Systems since XP. This feature controls the behaviour associated with downloaded files from the internet. More information can be found here: though we have included a simplified overview here.