Overview
- The protection arrived in Windows security updates released on and after October 14, 2025, and is live for Windows 11 and Windows Server users who installed them.
- File Explorer now shows a warning instead of content when selecting files with Mark of the Web or items on Internet Zone file shares.
- Users can restore previews for a trusted download by opening Properties and clicking Unblock, which may require signing out and back in to take effect.
- Administrators can permit previews for entire shares by adding their addresses to Trusted sites or the Local intranet zone.
- The change removes a no‑interaction path for leaking NTLM hashes via HTML tags in documents, limiting a common step in intrusions.