Use File Block Settings to enforce your file format policy , not to fix a one-off error. If a user complains they cannot open a .prn file from 1992, do not globally unblock .prn . Convert the file for them. Your security posture is only as strong as your oldest allowed file format. Have you been bitten by an aggressive File Block policy? Or are you using it to successfully block legacy macro malware? Let us know in the comments below.
If you have ever tried to open an old .xls file from 1998, received a corrupted .pptx , or watched a user panic because an email attachment opened as a wall of garbled text, you have witnessed File Block Settings in action.
Modern ransomware campaigns specifically target older formats because security tools often scan new .docx files rigorously but ignore a .xls file from 2003. If you are in IT support, you know the ticket. A senior executive tries to open a 15-year-old budget file. They see: "Microsoft Excel cannot open or save any more documents because there is not enough available memory or disk space." (This error is a lie. The problem isn't memory; it is the File Block Settings.) file block settings in the trust center
When Microsoft introduced the Open XML formats ( .docx , .xlsx , .pptx ) in 2007, they fixed structural security, but billions of legacy files remained in the wild.
Set File Block Settings to "Open selected file types in Protected View" . Users can still view and copy-paste data, but they cannot edit or save. This forces them to consciously choose "Enable Editing" and then "Save As" a modern format. Use File Block Settings to enforce your file
You can deploy specific GUIDs for each file type. For example, the policy setting for blocking legacy Excel 2.0 spreadsheets is a simple registry key under: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileBlock
For legacy formats you must support (e.g., .xls files from a legacy ERP system), set the behavior to Protected View , not Hard Block . For truly dangerous formats ( .xla macro sheets, .wbk Word backup files), set the behavior to Hard Block . The "Save" Block: A Compliance Nightmare Most admins focus on "Open" blocks. The real policy drama comes from "Save" blocks. Your security posture is only as strong as
This is the "graceful compromise." It allows the file to open, but inside a sandboxed window where Editing, Saving, Printing, and Macros are disabled.
