Microsoft has announced a significant update regarding the functionality of the File Explorer Preview pane in Windows 11 versions 25H2 and 24H2, as well as in the latest Windows 10 update. The company has disabled the preview feature for files downloaded from the internet, citing security concerns. Users can still preview files created locally, but any attempt to preview internet-downloaded files will be met with a warning.
File Explorer traditionally features two panes: the Details pane and the Preview pane. The Details pane provides essential information about the file, including the author and creation date, while the Preview pane allows users to view file content without opening it. By selecting a document, its preview appears on the right side of the File Explorer window, supporting various file formats such as .docx and .py. However, users will now encounter an error message when trying to preview downloaded files, stating:
The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.
Why does the File Explorer Preview Pane no longer work for some files?
The decision to disable previews for internet-downloaded files stems from a need to prevent potential security vulnerabilities, specifically a quiet NTLM hash leak. Files marked with a “Mark of the Web (MotW)” tag, which indicates they were downloaded from various sources, will be blocked from previewing. These sources include:
- Random internet websites
- Applications like SharePoint
- Email attachments
- Files downloaded using browsers such as Edge or Chrome
When a downloaded file is selected, the Windows preview handler may attempt to load associated elements, such as images or fonts. If any of these reference a UNC path (e.g., server…windows.png) or a file URL, Windows could inadvertently send NTLM credentials over the network during the preview process.
NTLM credentials are essentially hashed authentication data derived from a user’s Windows password, which Windows uses to verify identity to a server. To mitigate this risk, Microsoft has disabled the preview feature for downloaded files, a change that affects both enterprise and consumer users alike. According to Microsoft, “Starting with Windows security updates released on and after October 14, 2025, File Explorer automatically disables the preview feature for files downloaded from the internet.” Users who trust the file and its source can remove the internet security block.
How to unblock previews in File Explorer
For those who wish to preview a file they trust, the process is relatively straightforward. Users can right-click the file in Explorer, select Properties, and check the ‘Unblock’ option under the security section. While this workaround is simple, it somewhat undermines the convenience of quick previews, as it requires multiple clicks. In many cases, it may be quicker to simply open the file directly.
Fortunately, there is a PowerShell script available that allows users to unblock all files in a specific directory. By executing the following command in PowerShell:
Unblock-File -Path "C:Usersadmindownloads*.pdf"
This command will unblock all .pdf files in the downloads folder, including those downloaded in the future. Users can modify the script for different paths or file types as needed. This update is part of the Windows October 2025 Patch Tuesday, which coincides with other changes affecting WinRE (Windows Recovery Environment) and LocalHost.
