This change isn’t about viruses in the traditional sense. Microsoft says it discovered a vulnerability that could leak NTLM hashes, a type of authentication data that Windows uses to verify identities on networks. Attackers could exploit this by hiding HTML tags inside seemingly harmless files. If Windows tried to preview one of those files, your system might accidentally connect to a malicious server and hand over sensitive credentials without you clicking a thing.
To prevent that, Windows now treats any file tagged with “Mark of the Web” metadata that identifies files downloaded from the internet as unsafe to preview. Try to open one in the Preview Pane and you’ll now see a warning instead of a preview:
“The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.”
If you’re confident a file is safe and you find this new behavior annoying, you can unblock individual files manually:
Right-click the file | Select Properties | Check Unblock | Click Apply
But there’s no global switch to disable the protection permanently, as Microsoft wants users to think twice before blindly trusting downloads. This change might prevent credential theft without most people even noticing.