PCR, I don't think playing around with values for an individual filetype will help. This affects not only exe, but also many others. For example ..reg. And regfile has EditFlags 00 00 00 00, or you can make it whatever you wish, such as 00 01 00 00, but IE will still force the prompt. (Try here:
www.princeton.edu/~ibutora)
So my question now is: Is it possible to request from MS that they clarify where these things are set, what versions of IE are affected, what extensions, etc. How can one request from MS that they publish info about this in a KB article - this should not be a problem, should it?
BTW, there is a thread here which could be an interesting discussion:
IB
Below is Badour's .reg. Hmm, it has those "EditFlags" in a different
key-- two different keys. But I suppose the ones you played with were
overriding these. Yet, I think the solution is somewhere in here. How
did you like the .zip download requestor? That had "Open" & "Save". I
think something below must be undone, but not all of it. Then, you must
discover what the Registry entries are for .zip, & put .exe entries
along side them.
REGEDIT4
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:d8,07,00,00
[HKEY_CLASSES_ROOT\exefile\shell]
@=""
[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{86F19A00-42A0-
1069-A2E9-08002B30309D}]
@=""
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
I think the Badour .reg doesn't really have anything to do with this
issue directly - it's only if somebody's .exe entry gets messed up for
some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine
forced prompts for certain extensions, but I am lead to the conclusion
that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing
worked. One of the things I did do was completely delete HKCR\.exe and
HKCR\exefile, but that did nothing. I have *not* tried other extensions
than .exe that fall into this category (such as .com, or probably some
scripts).
It would be nice if somebody could confirm or specify what it is that
disables the checkbox for certain extensions. If it's in the registry,
where is it? If it's a file, which one, and which extensions does it
control?
Another reason why I think that shdocvw.dll might determine this is that
with Outlook 2000 SR-1, they also hardcoded certain extensions into one
of Outlook's files, and what one could do afterwards in the registry was
limited, as I had described it before, and as it's stated in MS KB
articles.
I must say again that a better policy would have been to allow those
things to be controlled by the registry, rather then hardcoding things
into program files.
My question again: is it possible to request from MS that they clarify
this, and if so, how?
Thanks,
Ivan
-----------------------
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?
(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?
(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/assets/images/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| | Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (e-mail address removed)
| message | | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <
[email protected]>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|
