Types of files that cannot be added to a list or library

As a server administrator, you can use Central Administration to restrict certain kinds of files from being uploaded or retrieved, based on the file extension. For example, a file with the .exe file extension can potentially contain code that runs on client computers when the file is downloaded. If files with the .exe file extension are blocked, users can neither upload nor download a file with the .exe extension. By blocking this file type, potentially dangerous content in the .exe file cannot be downloaded and run on client computers. This feature does not prevent all exploits based on file types, nor is it designed to do so.

Note: It is helpful for site owners and other users of a site to know what file types are being blocked so that they understand why they cannot upload certain kinds of files. If you are unsure what file types are being blocked, talk to your server administrator.

By default, several standard file extensions are blocked, including any file extensions that are treated as executable files by Windows Explorer. Files with curly braces { or } are also automatically blocked. The file extensions blocked by default are shown in the following table.

File extension	File type
.ade	Microsoft Access project extension
.adp	Microsoft Access project
.app	Application file
.asa	ASP declarations file
.ashx	ASP.NET Web handler file. Web handlers are software modules that handle raw HTTP requests received by ASP.NET.
.asmx	ASP.NET Web Services source file
.asp	Active Server Pages
.bas	Microsoft Visual Basic class module
.bat	Batch file
.cdx	Compound index
.cer	Certificate file
.chm	Compiled HTML Help file
.class	Java class file
.cmd	Microsoft Windows NT command script
.com	Microsoft MS-DOS program
.config	Configuration file
.cpl	Control Panel extension
.crt	Security certificate
.csh	Script file
.dll	Windows dynamic link library
.exe	Program
.fxp	Microsoft Visual FoxPro compiled program
.hlp	Help file
.hta	HTML program
.htr	Script file
.htw	HTML document
.ida	Internet Information Services file
.idc	Internet database connector file
.idq	Internet data query file
.ins	Internet Naming Service
.isp	Internet Communication settings
.its	Internet Document Set file
.jse	JScript Encoded script file
.ksh	Korn Shell script file
.lnk	Shortcut
.mad	Shortcut
.maf	Shortcut
.mag	Shortcut
.mam	Shortcut
.maq	Shortcut
.mar	Shortcut
.mas	Microsoft Access stored procedure
.mat	Shortcut
.mau	Shortcut
.mav	Shortcut
.maw	Shortcut
.mda	Microsoft Access add-in program
.mdb	Microsoft Access program
.mde	Microsoft Access MDE database
.mdt	Microsoft Access data file
.mdw	Microsoft Access workgroup
.mdz	Microsoft Access wizard program
.msc	Microsoft Common Console document
.msh	Microsoft Agent script helper
.msh1	Microsoft Agent script helper
.msh1xml	Microsoft Agent script helper
.msh2	Microsoft Agent script helper
.msh2xml	Microsoft Agent script helper
.mshxml	Microsoft Agent script helper
.msi	Microsoft Windows Installer package
.msp	Windows Installer patch package file
.mst	Visual Test source files
.ops	Microsoft Office profile settings file
.pcd	Photo CD image or Microsoft Visual Test compiled script
.pif	Shortcut to MS-DOS program
.prf	System file
.prg	Program source file
.printer	Printer file
.pst	Microsoft Outlook personal folder file
.reg	Registration entries
.rem	ACT! database maintenance file
.scf	Windows Explorer command file
.scr	Screen saver
.sct	Script file
.shb	Windows shortcut
.shs	Shell Scrap object
.shtm	HTML file that contains server side directives
.shtml	HTML file that contains server side directives
.soap	Simple Object Access Protocol file
.stm	HTML file that contains server side directives
.url	Uniform Resource Locator (Internet shortcut)
.vb	Microsoft Visual Basic Scripting Edition (Visual Basic Scripting Edition (VBScript)) file
.vbe	VBScript Encoded Script file
.vbs	VBScript file
.ws	Windows Script file
.wsc	Windows Script Component
.wsf	Windows Script file
.wsh	Windows Script Host settings file

Server administrators can use Central Administration to choose which file extensions to block for the entire server or server farm. Because the list of blocked file types is maintained by file extension, any file that uses a file extension on the list cannot be uploaded or downloaded, regardless of the file's intended use. For example, if .asp is on the list of extensions to block, the feature blocks all .asp files on the server, even if they are used to support Web site features on another server in the server farm. If a file ends in a period (.), the preceding characters are checked against the list of blocked file extensions as well. For example, if .exe is on the list of blocked file extensions, a file called "filename.exe" is also blocked. The following list shows different ways of representing the same file, all of which are blocked if the .hta extension is on the list of blocked file extensions.

• filename.hta

• filename.hta.

• filename.hta.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}

• filename.hta::$DATA

You can determine which files are blocked for Web sites on your servers by modifying the list of blocked file extensions in Central Administration. You can block additional file extensions (up to 1,024 file types) by adding them to the list in the Central Administration pages, or you can remove a block by deleting the file extension from the list. When you change the list of file extensions, the change affects both new files being added to a Web site and files already posted to a Web site. For example, if a document library contains a .doc file, and you add the .doc file extension to the list of blocked file extensions, users will no longer be able to open the .doc file in the document library. Users will be able to rename or delete a file with a blocked file extension but will not be able to perform any other actions.