Home

Allow Automatically Execution of Specific File Types (e.g. by user preference)

%3CLINGO-SUB%20id%3D%22lingo-sub-564938%22%20slang%3D%22en-US%22%3EAllow%20Automatically%20Execution%20of%20Specific%20File%20Types%20(e.g.%20by%20user%20preference)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-564938%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20been%20conducting%20some%20tests%20using%20the%20new%20Edge%20browser%20(Canary%20channel)%20to%20see%20how%20it%20compares%20to%20Internet%20Explorer%20and%20other%20web%20browsers%20such%20as%20Mozilla%20Firefox%20and%20Google%20Chrome.%20More%20in%20specific%2C%20exploring%20how%20the%20new%20Edge%20browser%20behaves%20for%20files%20being%20that%20are%20downloaded%20and%20%2F%20or%20executed%20(automatically)%20by%20the%20browser.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInternet%20Explorer%20today%20offers%20a%20smooth%20user%20experience%20for%20recognized%20%2F%20registered%20file%20extensions%20and%20allow%20for%20certain%20of%20them%20to%20be%20automatically%20executed.%20Mozilla%20Firefox%20provides%20similar%20flexibility%2C%20putting%20the%20end%20user%20in%20full%20control%20with%20a%20choice%20upon%20downloading%20a%20file%20as%20described%20in%20%22%3CA%20href%3D%22https%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Fchange-firefox-behavior-when-open-file%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EChange%20what%20Firefox%20does%20when%20you%20click%20on%20or%20download%20a%20file%3C%2FA%3E%22%2C%20e.g.%20the%20Adding%20download%20actions%20option.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20preview%20builds%20of%20new%20Edge%20browser%20do%20not%20provide%20any%20means%20of%20such%20described%20functionality.%20Any%20allowed%26nbsp%3Bextensions%20%2F%20mime-types%20seems%20to%20be%20pre-determined%20%2F%20hardcoded%20in%20the%20same%20way%20as%20currently%20seen%20with%20Google%20Chrome.%20The%20behavior%20for%20various%20file%20extensions%3A%20the%20Edge%20browser%20will%20*only*%20download%20the%20file%2C%20without%20any%20means%20for%20the%20user%20to%20control%20whether%20or%20not%20to%20automatically%20execute%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20research%20lead%20me%20to%20%22%3CA%20href%3D%22https%3A%2F%2Fchromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Frefs%2Fheads%2Fmaster%2Fchrome%2Fbrowser%2Fresources%2Fsafe_browsing%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EBehavior%20of%20Download%20File%20Types%20in%20Chrome%3C%2FA%3E%22%20which%20as%20I%20understand%20it%20explains%20the%20current%20implementation.%20The%20major%20concern%20with%20it%20is%20the%20inability%20of%20the%20end%20user%20(or%20a%20sysadmin)%20to%20override%20any%20predefined%20restrictions.%20E.g.%20in%20a%20corporate%20setting%2C%20the%20Edge%20browser%20does%20not%20offer%20the%20functionality%20to%20consider%20file%20extension%20%2F%20mime-type%20e.g.%20'XYZ'%20to%20be%20treated%20as%20'safe%20content'%2C%20with%20the%20resulting%20option%20to%20automatically%20execute%20such%20downloaded%20files%20if%20the%20end%20user%20gives%20its%20consent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESuch%20improvement%20to%20the%20new%20Edge%20browser%20would%20bring%20its%20usability%20for%20this%20functionality%20back%20on%20par%20(or%20even%20better)%20with%20Internet%20Explorer%2C%20so%20I'm%20looking%20forward%20to%20hear%20what%20others%20think%20of%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENote%3A%20I%20am%20aware%20of%20the%20existence%20of%20the%20%3CA%20href%3D%22https%3A%2F%2Fblogs.windows.com%2Fmsedgedev%2F2019%2F05%2F06%2Fedge-chromium-build-2019-pwa-ie-mode-devtools%2F%237PEPWpkhvpk5PiWR.97%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInternet%20Explorer%20mode%3C%2FA%3E%20as%20recently%20announced.%20yet%20this%20issue%20should%20best%20be%20fixed%20in%20the%20new%20Edge%20browser%20itself.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-567156%22%20slang%3D%22en-US%22%3ERe%3A%20Allow%20Automatically%20Execution%20of%20Specific%20File%20Types%20(e.g.%20by%20user%20preference)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-567156%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20your%20feedback%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F341647%22%20target%3D%22_blank%22%3E%40Pieter_B%3C%2FA%3E.%20I%20will%20let%20the%20team%20know%20about%20this.%26nbsp%3B%20I%20am%20a%20little%20worried%20that%20people%20might%20be%20talked%20into%20allowing%20dangerous%20extensions%20%2F%20mime%20types%2C%20such%20as%20.vbs%2C%20exe%2C%20cmd%2C%20bat%2C%20etc.%20which%20would%20open%20them%20up%20to%20remote%20attacks.%26nbsp%3B%20Are%20there%20specific%20extensions%20that%20you%20feel%20are%20needed%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Pieter_B
Occasional Visitor

I've been conducting some tests using the new Edge browser (Canary channel) to see how it compares to Internet Explorer and other web browsers such as Mozilla Firefox and Google Chrome. More in specific, exploring how the new Edge browser behaves for files being that are downloaded and / or executed (automatically) by the browser.

 

Internet Explorer today offers a smooth user experience for recognized / registered file extensions and allow for certain of them to be automatically executed. Mozilla Firefox provides similar flexibility, putting the end user in full control with a choice upon downloading a file as described in "Change what Firefox does when you click on or download a file", e.g. the Adding download actions option.

 

The preview builds of new Edge browser do not provide any means of such described functionality. Any allowed extensions / mime-types seems to be pre-determined / hardcoded in the same way as currently seen with Google Chrome. The behavior for various file extensions: the Edge browser will *only* download the file, without any means for the user to control whether or not to automatically execute it.

 

My research lead me to "Behavior of Download File Types in Chrome" which as I understand it explains the current implementation. The major concern with it is the inability of the end user (or a sysadmin) to override any predefined restrictions. E.g. in a corporate setting, the Edge browser does not offer the functionality to consider file extension / mime-type e.g. 'XYZ' to be treated as 'safe content', with the resulting option to automatically execute such downloaded files if the end user gives its consent.

 

Such improvement to the new Edge browser would bring its usability for this functionality back on par (or even better) with Internet Explorer, so I'm looking forward to hear what others think of this.

 

Note: I am aware of the existence of the Internet Explorer mode as recently announced. yet this issue should best be fixed in the new Edge browser itself.

1 Reply

Thank you for your feedback @Pieter_B. I will let the team know about this.  I am a little worried that people might be talked into allowing dangerous extensions / mime types, such as .vbs, exe, cmd, bat, etc. which would open them up to remote attacks.  Are there specific extensions that you feel are needed?

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
description for autoplay blocking in settings page
HotCakeX in Discussions on
8 Replies