Cannot open any attachments to email, and cannot save

G

Guest

I really need some help. When I open up an email on my yahoo account, I
cannot view or download any attachments. I have restored the date on my
computer. Run Windows defender, defraged..... Help! Does anyone have a clue?

Nothing can be opened that is attached. Thanks!
 
B

Bill Sanderson MVP

There was an issue with earlier beta versions of Windows Defender which had
this result, and I think the fix for that will help you, but I'm unable to
find it at the moment and am pressed for time--later this evening I should
be able to find the notes. One thing to try would actually be uninstalling
Windows Defender. Did you run the earlier beta versions? Did you have any
trouble uninstalling them?
 
G

Guest

Hi Bill,

I think this is what you are looking for. Bill, you have a good memory, I
forgot about this one.

By: Mike Treit [Msft]


If you are seeing an issue with Windows Defender where email attachments are
no longer working, downloads of files in Internet Explorer are broken, or
you can no longer open ZIP files:

Try setting the following registry value to "2" instead of "3."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

We plan to address this automatically in a future update, but for now if you
try the above it should get downloads working agªin.

The issue that many people are encountering is that various other security
products have registered themselves with the system as AV scanners. This
means they are invoked for attachments and other downloads, if the above
policy is set.

In the case where these application are no longer present or are not working
properly (but are still registered as AV scanners), the operating system
disallows the attachments from being ºpened.

The reason this issue happens for users of Windows Defender is that this
policy is enabled as part of the installation process for Windows Defender.

Note that setting this policy to 2 is technically less secure than setting
it to 3. The value 2 means "scan with the registered AV scanners, but open
the attachment even if they say it is malicious." The value 3 means "scan
with the registered AV scanners and disallow opening the attachment if they
say it is mªlicious."

The reason for the problem is that the system treats errors executing the
registered scanner the same as if the scanner had reported "This file is
malicious." This is a bug in Windows and the behavior will be fixed in
Windows Vista. Of course, until Windows Defender was installed it is likely
that this policy was never configured (it was poorly documented until
recently) so it is certainly better to change this value than to, say,
uninstall Windows Defender. For other scanners that are invoked as a result
of having this policy configured, if those scanners are configured to delete
the attachment instead of simply reporting it, then the value "2" is not any
less secure than the value "3."

For the more technically inclined, here is another approach you can take if
you want to find out which "bad" AV scanner registration is causing the
problem on your machine, and want to fix it without setting the attachment
scanning policy to a less secure setting:

1. Look for the value "{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" in the
registry.
2. For any CLSID that points to this value under a key called "Implemented
Categories", that is possibly your culprit.
3. Note the CLSID value(s) discovered in step 2.
4. If the CLSID is "{2781761E-28E0-4109-99FE-B9D127C57AFE}" ignore it. (This
is the Windows Defender CLSID.)
5. Otherwise, you have probably identified the registration that is causing
the prºblem.

Here is an example of a registration that may be causing the problem :
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E477B43-8F85-11D0-B11F-00A0C90F2732}\Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}]

Given this information, you can either delete the "Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" key from under the CLSID
that is causing the problem (and reboot), or perhaps investigate further to
see if the application associated with the CLSID in question is having some
other issues (for instance, a repair or reinstall might also resolve the
issue.)

Thanks

-Mike

I hope to save you time with this ºne. ;-)

Еиçеl

--
 
B

Bill Sanderson MVP

Thanks very much, Engel--that's exactly what I think is needed. Not sure
why I couldn't find it searching today, except that it may have aged out of
the NNTP servers.

--

Engel said:
Hi Bill,

I think this is what you are looking for. Bill, you have a good memory, I
forgot about this one.

By: Mike Treit [Msft]


If you are seeing an issue with Windows Defender where email attachments
are
no longer working, downloads of files in Internet Explorer are broken, or
you can no longer open ZIP files:

Try setting the following registry value to "2" instead of "3."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

We plan to address this automatically in a future update, but for now if
you
try the above it should get downloads working agªin.

The issue that many people are encountering is that various other security
products have registered themselves with the system as AV scanners. This
means they are invoked for attachments and other downloads, if the above
policy is set.

In the case where these application are no longer present or are not
working
properly (but are still registered as AV scanners), the operating system
disallows the attachments from being ºpened.

The reason this issue happens for users of Windows Defender is that this
policy is enabled as part of the installation process for Windows
Defender.

Note that setting this policy to 2 is technically less secure than setting
it to 3. The value 2 means "scan with the registered AV scanners, but open
the attachment even if they say it is malicious." The value 3 means "scan
with the registered AV scanners and disallow opening the attachment if
they
say it is mªlicious."

The reason for the problem is that the system treats errors executing the
registered scanner the same as if the scanner had reported "This file is
malicious." This is a bug in Windows and the behavior will be fixed in
Windows Vista. Of course, until Windows Defender was installed it is
likely
that this policy was never configured (it was poorly documented until
recently) so it is certainly better to change this value than to, say,
uninstall Windows Defender. For other scanners that are invoked as a
result
of having this policy configured, if those scanners are configured to
delete
the attachment instead of simply reporting it, then the value "2" is not
any
less secure than the value "3."

For the more technically inclined, here is another approach you can take
if
you want to find out which "bad" AV scanner registration is causing the
problem on your machine, and want to fix it without setting the attachment
scanning policy to a less secure setting:

1. Look for the value "{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" in the
registry.
2. For any CLSID that points to this value under a key called "Implemented
Categories", that is possibly your culprit.
3. Note the CLSID value(s) discovered in step 2.
4. If the CLSID is "{2781761E-28E0-4109-99FE-B9D127C57AFE}" ignore it.
(This
is the Windows Defender CLSID.)
5. Otherwise, you have probably identified the registration that is
causing
the prºblem.

Here is an example of a registration that may be causing the problem :
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E477B43-8F85-11D0-B11F-00A0C90F2732}\Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}]

Given this information, you can either delete the "Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" key from under the
CLSID
that is causing the problem (and reboot), or perhaps investigate further
to
see if the application associated with the CLSID in question is having
some
other issues (for instance, a repair or reinstall might also resolve the
issue.)

Thanks

-Mike

I hope to save you time with this ºne. ;-)

??ç?l
 
G

Guest

What I am wondering is: Does this resolution apply to Loribelle given that
she has not provided the WD version she is using in her post? If it is the
latest then, for some, there are still problems.

Stu

Bill Sanderson MVP said:
Thanks very much, Engel--that's exactly what I think is needed. Not sure
why I couldn't find it searching today, except that it may have aged out of
the NNTP servers.

--

Engel said:
Hi Bill,

I think this is what you are looking for. Bill, you have a good memory, I
forgot about this one.

By: Mike Treit [Msft]


If you are seeing an issue with Windows Defender where email attachments
are
no longer working, downloads of files in Internet Explorer are broken, or
you can no longer open ZIP files:

Try setting the following registry value to "2" instead of "3."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

We plan to address this automatically in a future update, but for now if
you
try the above it should get downloads working agªin.

The issue that many people are encountering is that various other security
products have registered themselves with the system as AV scanners. This
means they are invoked for attachments and other downloads, if the above
policy is set.

In the case where these application are no longer present or are not
working
properly (but are still registered as AV scanners), the operating system
disallows the attachments from being ºpened.

The reason this issue happens for users of Windows Defender is that this
policy is enabled as part of the installation process for Windows
Defender.

Note that setting this policy to 2 is technically less secure than setting
it to 3. The value 2 means "scan with the registered AV scanners, but open
the attachment even if they say it is malicious." The value 3 means "scan
with the registered AV scanners and disallow opening the attachment if
they
say it is mªlicious."

The reason for the problem is that the system treats errors executing the
registered scanner the same as if the scanner had reported "This file is
malicious." This is a bug in Windows and the behavior will be fixed in
Windows Vista. Of course, until Windows Defender was installed it is
likely
that this policy was never configured (it was poorly documented until
recently) so it is certainly better to change this value than to, say,
uninstall Windows Defender. For other scanners that are invoked as a
result
of having this policy configured, if those scanners are configured to
delete
the attachment instead of simply reporting it, then the value "2" is not
any
less secure than the value "3."

For the more technically inclined, here is another approach you can take
if
you want to find out which "bad" AV scanner registration is causing the
problem on your machine, and want to fix it without setting the attachment
scanning policy to a less secure setting:

1. Look for the value "{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" in the
registry.
2. For any CLSID that points to this value under a key called "Implemented
Categories", that is possibly your culprit.
3. Note the CLSID value(s) discovered in step 2.
4. If the CLSID is "{2781761E-28E0-4109-99FE-B9D127C57AFE}" ignore it.
(This
is the Windows Defender CLSID.)
5. Otherwise, you have probably identified the registration that is
causing
the prºblem.

Here is an example of a registration that may be causing the problem :
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E477B43-8F85-11D0-B11F-00A0C90F2732}\Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}]

Given this information, you can either delete the "Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" key from under the
CLSID
that is causing the problem (and reboot), or perhaps investigate further
to
see if the application associated with the CLSID in question is having
some
other issues (for instance, a repair or reinstall might also resolve the
issue.)

Thanks

-Mike

I hope to save you time with this ºne. ;-)

??ç?l
 
B

Bill Sanderson MVP

I'm not sure of the precise cause in Loribelle's case, but the solution
would be the same--any add or removal of an antimalware product which fails
to properly update the chain of entries for this API would have this
effect--I was never clear whether this was a Defender bug, or something
relating to the remove operation of the other vendor involved--and I believe
that multiple vendors were seen in entries on machines having this symptom.

So--I'd look at the registry change as a quick way out of being stuck and
unable to download anything--and then seek a more permanent fix from there.

--

Stu said:
What I am wondering is: Does this resolution apply to Loribelle given that
she has not provided the WD version she is using in her post? If it is the
latest then, for some, there are still problems.

Stu

Bill Sanderson MVP said:
Thanks very much, Engel--that's exactly what I think is needed. Not sure
why I couldn't find it searching today, except that it may have aged out
of
the NNTP servers.

--

Engel said:
Hi Bill,

I think this is what you are looking for. Bill, you have a good
memory, I
forgot about this one.

By: Mike Treit [Msft]


If you are seeing an issue with Windows Defender where email
attachments
are
no longer working, downloads of files in Internet Explorer are broken,
or
you can no longer open ZIP files:

Try setting the following registry value to "2" instead of "3."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

We plan to address this automatically in a future update, but for now
if
you
try the above it should get downloads working agªin.

The issue that many people are encountering is that various other
security
products have registered themselves with the system as AV scanners.
This
means they are invoked for attachments and other downloads, if the
above
policy is set.

In the case where these application are no longer present or are not
working
properly (but are still registered as AV scanners), the operating
system
disallows the attachments from being ºpened.

The reason this issue happens for users of Windows Defender is that
this
policy is enabled as part of the installation process for Windows
Defender.

Note that setting this policy to 2 is technically less secure than
setting
it to 3. The value 2 means "scan with the registered AV scanners, but
open
the attachment even if they say it is malicious." The value 3 means
"scan
with the registered AV scanners and disallow opening the attachment if
they
say it is mªlicious."

The reason for the problem is that the system treats errors executing
the
registered scanner the same as if the scanner had reported "This file
is
malicious." This is a bug in Windows and the behavior will be fixed in
Windows Vista. Of course, until Windows Defender was installed it is
likely
that this policy was never configured (it was poorly documented until
recently) so it is certainly better to change this value than to, say,
uninstall Windows Defender. For other scanners that are invoked as a
result
of having this policy configured, if those scanners are configured to
delete
the attachment instead of simply reporting it, then the value "2" is
not
any
less secure than the value "3."

For the more technically inclined, here is another approach you can
take
if
you want to find out which "bad" AV scanner registration is causing the
problem on your machine, and want to fix it without setting the
attachment
scanning policy to a less secure setting:

1. Look for the value "{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" in the
registry.
2. For any CLSID that points to this value under a key called
"Implemented
Categories", that is possibly your culprit.
3. Note the CLSID value(s) discovered in step 2.
4. If the CLSID is "{2781761E-28E0-4109-99FE-B9D127C57AFE}" ignore it.
(This
is the Windows Defender CLSID.)
5. Otherwise, you have probably identified the registration that is
causing
the prºblem.

Here is an example of a registration that may be causing the problem :
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E477B43-8F85-11D0-B11F-00A0C90F2732}\Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}]

Given this information, you can either delete the "Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" key from under the
CLSID
that is causing the problem (and reboot), or perhaps investigate
further
to
see if the application associated with the CLSID in question is having
some
other issues (for instance, a repair or reinstall might also resolve
the
issue.)

Thanks

-Mike

I hope to save you time with this ºne. ;-)

??ç?l
 
G

Guest

Interesting point. When I recall my experiences with Defender, I have only
installed third party apps with Defender - preferring to stay with what I
have since they seem to work. I have never uninstalled the other apps - only
uninstalling/reinstalling the Defender upgrade from beta 2. This did not give
me a problem and I wonder if the culprit could be (in some cases at least),
the other applications.

Stu

Bill Sanderson MVP said:
I'm not sure of the precise cause in Loribelle's case, but the solution
would be the same--any add or removal of an antimalware product which fails
to properly update the chain of entries for this API would have this
effect--I was never clear whether this was a Defender bug, or something
relating to the remove operation of the other vendor involved--and I believe
that multiple vendors were seen in entries on machines having this symptom.

So--I'd look at the registry change as a quick way out of being stuck and
unable to download anything--and then seek a more permanent fix from there.

--

Stu said:
What I am wondering is: Does this resolution apply to Loribelle given that
she has not provided the WD version she is using in her post? If it is the
latest then, for some, there are still problems.

Stu

Bill Sanderson MVP said:
Thanks very much, Engel--that's exactly what I think is needed. Not sure
why I couldn't find it searching today, except that it may have aged out
of
the NNTP servers.

--

Hi Bill,

I think this is what you are looking for. Bill, you have a good
memory, I
forgot about this one.

By: Mike Treit [Msft]


If you are seeing an issue with Windows Defender where email
attachments
are
no longer working, downloads of files in Internet Explorer are broken,
or
you can no longer open ZIP files:

Try setting the following registry value to "2" instead of "3."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

We plan to address this automatically in a future update, but for now
if
you
try the above it should get downloads working agªin.

The issue that many people are encountering is that various other
security
products have registered themselves with the system as AV scanners.
This
means they are invoked for attachments and other downloads, if the
above
policy is set.

In the case where these application are no longer present or are not
working
properly (but are still registered as AV scanners), the operating
system
disallows the attachments from being ºpened.

The reason this issue happens for users of Windows Defender is that
this
policy is enabled as part of the installation process for Windows
Defender.

Note that setting this policy to 2 is technically less secure than
setting
it to 3. The value 2 means "scan with the registered AV scanners, but
open
the attachment even if they say it is malicious." The value 3 means
"scan
with the registered AV scanners and disallow opening the attachment if
they
say it is mªlicious."

The reason for the problem is that the system treats errors executing
the
registered scanner the same as if the scanner had reported "This file
is
malicious." This is a bug in Windows and the behavior will be fixed in
Windows Vista. Of course, until Windows Defender was installed it is
likely
that this policy was never configured (it was poorly documented until
recently) so it is certainly better to change this value than to, say,
uninstall Windows Defender. For other scanners that are invoked as a
result
of having this policy configured, if those scanners are configured to
delete
the attachment instead of simply reporting it, then the value "2" is
not
any
less secure than the value "3."

For the more technically inclined, here is another approach you can
take
if
you want to find out which "bad" AV scanner registration is causing the
problem on your machine, and want to fix it without setting the
attachment
scanning policy to a less secure setting:

1. Look for the value "{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" in the
registry.
2. For any CLSID that points to this value under a key called
"Implemented
Categories", that is possibly your culprit.
3. Note the CLSID value(s) discovered in step 2.
4. If the CLSID is "{2781761E-28E0-4109-99FE-B9D127C57AFE}" ignore it.
(This
is the Windows Defender CLSID.)
5. Otherwise, you have probably identified the registration that is
causing
the prºblem.

Here is an example of a registration that may be causing the problem :
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E477B43-8F85-11D0-B11F-00A0C90F2732}\Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}]

Given this information, you can either delete the "Implemented
Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}" key from under the
CLSID
that is causing the problem (and reboot), or perhaps investigate
further
to
see if the application associated with the CLSID in question is having
some
other issues (for instance, a repair or reinstall might also resolve
the
issue.)

Thanks

-Mike

I hope to save you time with this ºne. ;-)

??ç?l
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top