Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Windows File Explorer Settings: the Setting You Should Change Right Now

The default may not be safe.

Windows File Explorer tries to help by hiding some information. Unfortunately, that opens a hole hackers can use to fool you.
The Best of Ask Leo!
Windows File Explorer
Windows File Explorer. (Screenshot: askleo.com)

Over the years, as I’ve installed Windows repeatedly on new machines, test machines, and more, I’ve slowly adapted to accepting the default settings rather than re-applying a large number of customizations over and over.

The vast majority of Windows default settings boil down to a matter of personal preference. There’s one setting, though, that I and many other security-conscious folks feel Microsoft continues to get wrong. It’s a setting you should check right away.

You don’t want Windows File Explorer to “Hide extensions for known file types”.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Change this setting in Windows File Explorer

Make certain Windows File Explorer’s “Hide extensions for known file types” setting is not checked, or that the “View -> File name extensions” setting is checked. When extensions are hidden, malware authors can make documents appear as something other than they really are — which is malicious.

Why this is so important

An extension is the part of a filename from the last period onward. For example, in picture.jpg, the extension is “.jpg”. For resume.doc, the extension is “.doc”.

File extensions tell Windows what to do with a file when you double-click it (among other things). For example, when you double-click picture.jpg, the file extension tells Windows it should open up your image-viewing program. For resume.doc, it indicates a document-editing program be run.

At any point in time, Windows “knows about” many file extensions, depending on the applications you have installed on your device.

“Hide extensions for known file types” is a setting in Windows File Explorer that makes it hide the file extension portion of the filename. By default, it is on.

Let’s look at a file displayed in Windows File Explorer. Here’s how example.doc appears with “Hide extensions for known file types” unchecked:

File with extension shown
And in the default case, with it checked:

File with extension hidden
You can see that the “.doc” is not displayed. The Type column shows what type of file Windows thinks it is, but the actual extension is hidden from view.

Now let’s use a more sinister example.

example.doc.exe

When a file named example.doc.exe is shown using Windows default settings, which hide the file extension, it looks like this:

Windows Explorer displaying a filename in a misleading way

What shows is “example.doc”, even though the filename is really “example.doc.exe“.

You might be tempted to think it’s a .doc file, even though it’s not. It’s an .exe file. The Type column shows the correct type — Application — but the display looks like it’s a .doc file.

The malicious scenario works like this:

  • You receive an attachment or download a file named something.doc.exe.
  • You view that file in Windows Explorer and see only something.doc.
  • Seeing this, you believe it’s a document and double-click the file to open it.
  • The real filename is something.doc.exe. It’s an application, and Windows treats it like a program and runs it.
  • The program installs malware on your machine.

The best way to prevent this? Don’t “Hide extensions for known file types”.

That way, the file is revealed for what it truly is.

Attempted malicious file revealed for what it is

Let’s change that setting. Where you find it and whether you check or uncheck the box differs depending on your version of Windows.

Changing the setting in Windows 10 & 11

Run Windows Explorer — Windows Key + E will do — or right-click the Start menu and click File Explorer.

In Windows 10, click on the View menu.

Windows 10 and File Extensions.
Windows 10 and the file extensions option. Click for larger image. (Screenshot: askleo.com)

Make sure that “File name extensions” is checked.

In Windows 11, Click on View and then Show.

Windows 11 and File Extensions.
Windows 11 and file extensions option. Click for larger image. (Screenshot: askleo.com)

Make sure that “File name extensions” is checked.

Changing the setting in Windows prior to 10

Run Windows Explorer. If the menu bar is not visible, press and release the ALT key on your keyboard to make it appear.

Windows Explorer Tools menu
Tools menu in Windows File Explorer. (Screenshot: askleo.com)

Click Tools and then Folder Options…

Windows Explorer Hide extensions for known file types
Folder options with “Hide extensions” checkbox unchecked. (Screenshot: askleo.com)

(In Windows 8 File Explorer, there is no Tools menu. Instead, click on the View menu, Options, Change folder and search options to find these options.)

Click the View tab.

Make sure that Hide extensions for known file types is NOT checked. By default, it is.

Do this

Always, always keep an eye on filenames and extensions to make sure you’re doing what you think you’re doing, especially when it comes to attachments that arrive via email.

Then, subscribe to Confident Computing for more safety tips like this. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

64 comments on “Windows File Explorer Settings: the Setting You Should Change Right Now”

  1. haha always the first thing I do when I go onto a new/different computer! :D I don’t understand the logic in having them hidden to be honest

    Reply
  2. This is the first thing I change when I am setting up a new Windows computer, even before installing antivirus.
    I agree it’s a mistake on Microsoft’s part.

    Reply
  3. I always make this change, along with ‘show full path’ or whatever that option is called.
    Every time Microsoft “improve” Windows to another version, they hide yet more stuff from the average user. Gone are the days where you can open a folder, and what you see is actually what is there.
    It’s the reason more and more computer users have to turn to places like this (which I heartily recommend to my less-than-tech-savvy friends btw).

    Reply
  4. Yes, as above I did this when I bought my new laptop. I noticed very quicky that the file type was missing. I was used to seeing it.

    Reply
  5. I always do this on my machines and any customers. Why make life difficult. For good measure make sure that “display full path in title bar” and “display full path in address bar” are also ticked, that way you get to see name, size, type and date modified as well.

    Reply
  6. Leo: I’ve subscribed to your newsletter for at least 10 years, which tells you how much I like it. I just want to say that you are absotively, posilutely right about the default “hide file extensions”. File extensions mean nothing to computer-illiterate users, but I provide tech support to a gaggle of friends and paying clients. The first thing I have to do the first time I get my hands on their computer is CHANGE THAT DEFAULT! M$ should make the default “show all extensions”. It would make no difference to users who don’t know what they mean, and all the difference to the people who have to fix their screwed-up computers.

    Reply
  7. One thing that always bugs me about this option and its “Hide …” friends is the fact that they’re logically inverted checkboxed. Instead of the option being “Show extensions for known file types” (and sure, if Microsoft still wants, making it unchecked by default), it’s all bass-ackwards!

    As far as the option’s existence, if memory serves, this hearkens back to good old windows 98 (or was it a bit later? Certainly no later than win2k), when Microsoft were trying several different “novel” approaches to handling browsing your own computer (among them was the single-click browsing method — hover for a sec to highlight; we know how that one worked out!).

    To the best of my understanding, the idea was that one would use the icon or the long description (either from the Details view or from the tooltip) to obtain a friendly version of the same information you got from knowing the extension (i.e. that you’re looking at an application, or an image, or a Word document). Unfortunately, two things worked against this: firstly, the icon and long description might not be there, so you’d get a generic “unknown object” icon and the description “Unknown EXT file”… which was no better than showing the extension in the first place; and secondly, malicious third parties could fake these more or less effectively. One can attack all users of Irfanview by using its image icon for a malicious .jpg.exe, and I’m fairly certain the description also gets pulled out of the .exe’s metadata, when available.

    Worst of all, of course, there would be multiple long-winded ways of referring to the same thing (I call mine “Irfanview JPEG image”, you call yours “ACDSee Joint Photographic Experts Group Image”, but they’re both the same .jpg we all know and love). It was a solution looking for a problem from the get-go, and that’s normally fine if it gets reverted after a version or hotfix or such.

    I’m not sure why the default is still to hide the extensions, but I suspect it’s that someone keeps wanting to change it and gives up whenever they have to run that past a review board (of Mac users).

    Reply
  8. I would prefer some kind of user option to hide specific file types, like jpg, Mp3, avi or any files I constantly work with and rename. It is cumbersome and often time wasting to have to remember to add the file extensions to these often modified file types.

    Reply
  9. Besides the very real and malicious possibilities, there’s also the simply inconvenient ones. In a single folder I might have several files of the exact same name, only with different extensions. If I’m working on a video file, it may be abc.mpg. When I create a still image from it, it may be abc.jpg. I may even create a text file with info called abc.txt. So, with at least 3 files, ALL named abc, WHICH one do I want to pull up? I need the extension to identify it. So, WHY name them all the same? Because all of them are the SAME project.

    Reply
  10. @Harry
    This article is talking about Windows Explorer which pops up when you open My Computer or My Documents etc. not Internet Explorer.
    According to the article:
    “[To] Run Windows Explorer – Windows Key + E will do, or right-click the Windows 7 start orb and click Open Windows Explorer.”

    Reply
  11. Years ago, when I first discovered a file being shown without an extension, I wondered what it was and went looking and discovered how to show extensions. I often had files with the same name except for extenstions. This was how I kept project files together that had Word, Excel, Powerpoint etc.

    Reply
  12. If you uncheck “Hide extensions to known file types”, could that not cause problems when renaming files? It would be easy to accidentally delete the file extension and replace it with an incorrect one.

    Reply
  13. @Dirgster
    That is a possibility, but Windows warns you if you are changing an extension and lets you opt out of renaming it, and if you do accidentally rename an extension, you can rename it back to the correct extension.

    Reply
  14. That this default behavior was not changed when Windows 7 was released, tells me there is no one home at Microsoft. I completely agree with Leo, this option is a bad guys best friend.

    Reply
  15. The process you suggested for reaching Folder Options did not work for me on Windows 7 but
    left clicking on start and typing ‘Folder Options’ into the Search programs and Files did.

    Reply
  16. Phew, I’ve always unchecked this just because I wanted to be sure what type of file it was; I must admit I’d never thought of the safety aspect though.

    Good one, Leo

    Reply
  17. Spot on Leo been doing this for ever even if for slightly different reasons, but I came across the scenario you just described a couple of years ago and since then my resolve to see ALL file extensions strengthened.

    Thanks for bringing this to everyone’s attention

    Reply
  18. Way to Go Leo!
    In all the years of using Windows, I thought I was an odd-ball to do this. I have always set my windows up this way. I did this so I could see the extensions. Thank you for pointing out the security reasons.

    Reply
  19. Leo, as an IT person I always set my personal computer to show file extensions, however I no longer do so for clients. My client base is mostly people with very limited computer knowledge and I’ve found that setting their computer to show file extensions is asking for trouble as they rename files and always seem to wipe out the extension. I’ve tried to educate them with limited success. Also, Windows warns them, but it’s just another screen they won’t read. I finally gave up and now make sure that file extensions, as well as system files and folders, remain hidden.

    Reply
  20. I always have extensions shown. It avoids the possibility of expecting a jpg and having an exe file run and destroy your machine by surprise.

    Though I sympathize with the guy who has clients who change the extension and mess things up, I think I’d prefer that to having them trash their PCs.

    Reply
  21. Thanks, Leo! I have an Entourage Pocket Edge Dual Book continually in need of tweaks that use .zip files. Instinct told me to rename these downloaded zipped files with just a name (because the .zip extension was added automatically). If I hadn’t done this, the file would have been “update.zip.zip” and would have seriously messed up this spruce-goose of a dualbook. The weird thing is that I didn’t get one of those typical Windows messages warning me that “if you change the file extension, the program may become unstable.” Still can’t figure that one out. But thanks, loads, for this information. Takes me back to the good old days of Windows 3.1 :)

    Reply
  22. For 2 reasons I hide the known file extensions; if a file extension appears I know there is something to be careful with. Checking the properties tells all. Secondly, often by renaming a file the extension gets lost. I know what I did if that should happen but my office staff often don’t.

    Reply
  23. To those who remind me that it is Windows Explorer Leo is referring to – why then does IE8’s heading read “Windows Internet Explorer”. No wonder Ron Barker, myself and others have made this comment and no wonder MS has the ability to confuse and to make normally intelligent people feel foolish. Too clever by far or does the adage KISS (‘keep it simple stupid’) no longer apply in this technorati (sic) world?

    Because it’s Internet Explorer for Windows. There’s no questioning, though, that Microsoft is exceptionally poor at naming things and has a long history of confusing and missleading names. Outlook/Outlook Express (which are unrelated), and Windows Live/Windows Live Mail/Windows Live Hotmail (3 different things) both come to mind. There’s more.

    Leo
    18-Jan-2012
    Reply
  24. Wizzo, Leo..! I was already doing this – but just ‘cos I want to see all info about the files. Did not figure the sinister implications – thanks for doing so.. :)

    Reply
  25. Thank you for alerting me to this, I have just changed my settings – I believe that this may well explain some of the ‘oddities’ that I have experienced.

    Having read some of the other comments I ask the question: “How do you know ABOUT something if you do not know OF something?” Please never assume that people know, ask them and check – then we will all know.

    Thank you Leo.

    Reply
  26. I can’t get over the ‘Duhh’ commentary. I guess that commentator believes that everybody is as an erudite learner as he is. People should remember that since they have known something for years, it does not mean that others also have the same knowledge. I just came across someone that has been using computers for a long time, and is very knowledgeable, that did not know that right clicking on the Windows start button would allow one to open Windows Explorer. Oh wait – I know – the commentator must be the IT guy from SNL! You were very funny on that show!

    Reply
  27. @Terri
    An easy way to get to it in XP is to open My Computer
    [shortcut is Windows Key+e]
    In the toolbar mouse over Tools and click > Folder Options
    Select the > View Tab
    and then uncheck “Hide extensions for known file types.”

    Reply
  28. Thank you Leo for writing once again about something many of us just do not realize needs to be changed.

    Do you recommend the other changes mentioned by previous posters? “display full path in title bar” and “display full path in address bar” are also checked”

    I have learned a lot about my computer from this site together with the site of the “other guy” Ask Bob Rankin. You both write in a way that non geeks can understand. Thank you, and please keep up the good work.

    I’d leave those setting to your discretion. I don’t want Windows to hide anything from me, but that may simply add confusion for those who may not know what it is they’re looking at.

    Leo
    19-Jan-2012
    Reply
  29. Yes, this is the exact truth. I do not know why Windows dev team did not include this as default setting in WE, but actually it is the virus possible entrance. I accidentally noticed that issue 3 years ago.
    Personally, I don’t like extensions to be hidden, so I turn them ON every time I (re)install my WinOS.
    Anyway, thank you very much for this, Mr.Leo, because now I’m certain now that I did it right.

    Reply
  30. Very good advice. Followed the instructions and found it unchecked. Also on the same page is an option to “Apply to all folders” and “Reset all folders” do you check one of these or let sleeping dogs lie.

    Reply
  31. My Explorer on a new Windows 7 computer does NOT have “Hide extensions for known file types” under Tools. Did they correct this problem?

    Also, either show the Free Newsletter only once or at least have the option to close each one to eliminate seeing them. When I print your articles, these many Free Newsletter displays hide words inh the article, and prevent the words from printing properly!

    Make sure it’s Windows Explorer, and that’s Tools, Folder Options, View and then Hide known extensions. Sorry about the printing, it’s not supposed to print that at all. I’ll try and fix that soon.

    Leo
    21-Jan-2012
    Reply
  32. When i get to Windows Explorer – it doesn’t show tools at the top like yours did. I don’t know where
    to find it. I have Windows 7. I always appreciate
    the advice you share.

    Reply
  33. @Carolyn
    You’re not the only one confused by this! For some reason the programmers decided to hide it. The tool bar comes back very easily, however if you press and hold the alt key for a second.

    Reply
  34. You claim above:

    You receive an attachment or download a file named something.doc.exe.

    You view that file in Windows Explorer and see only something.doc.
    MY QUESTION IS: How do I view the file attachment in an email in Windows Explorer?

    You would have saved it to disk from the email in which you recieved it.

    Leo
    22-Jan-2012
    Reply
  35. Right at the start of this article you refer to the problem of having to re-apply a large number of customizations every time you get a new computer. Is there not some way that the current set of customisations can be saved and then transferred to another computer? Or at least to record and save the information in a document so it can easily be re-applied to the new machine? I’d have thought that would be a productive exercise for some enthusiastic programmer.

    It’s possible that tools like PC-Mover might do so, but particularly when upgrading from one version to another, or switching between editions (Home/Pro/Ultimate) not all customizations even apply. I just find it easier in general to live with as many defaults as I can.

    Leo
    31-Jan-2012
    Reply
  36. When I was working, I had projects to do and I named the project files by the project name and only the extensions told me what program created the file. This was very useful in that I didn’t require a folder for each project.

    The viewing of extensions I found to be an essential tool.

    Reply
  37. I understand the trade-off between setting up a new or rebuilt system with great custom tweaks and getting the computer into the user’s hands. You do a great job explaining all the pertinent details for this seccurity hole.

    The file icons are supposed to indicate what kind of file it is, but in List or Details View the icon may be too small to be meaningful.

    I strongly support the reasoning that the default should be to show the extension. But, then, I’m just another techie!

    Reply
  38. And another +1 to show extensions.
    Recently got a spam email message with an obvious virus attachment. The attachment was ‘invoice.pdf.exe’ – like the example above. But even more insidious was, when saved to disk it had a Adobe Reader *icon*. Without file extensions shown it would appear as invoice.pdf with a Adobe reader icon to further trick the unwary.

    Reply
  39. I’ve used this setting for years. Just remember when you do this if you rename a file, leave the extension or it will change.

    Reply
  40. My Windows 10 File Explorer does show the menu bar, but it does not have a Tools option. If I click File – Change folder and search options – view; Advanced options then lists the Show or Don’t show the hidden extensions. Also, Control Panel – File Explorer options will take you to the same place.

    Reply
  41. I think Windows Explorer is a very poor filemanager.
    There are lots of things I don’t like, some of which are worse than “don’t like” including….
    The explorer “page” seems cluttered and not divided cleanly into different areas of operation. Those areas which are separated are divided by thin blue lines which makes the separation even less clear sometimes. The top of the page in particular seems to have wishy-washy printing and cluttered commands which are not immediately obvious. Overall it makes me feel uncertain as to what I’m doing and more to the point, what explorer is doing, in an area dealing with the basic information on the PC which is files.
    Microsoft have loads of progs (apps) which have clear delineation between commands and files. Excel, Word etc etc etc. And there are quite a few non-Microsoft filemanagers about from which Microsoft could have taken their best points but they continue with something that looks like it got included accidentally from Windows 3.1 or even MSDOS.
    I say explorer makes me nervous, one of the things which flummox me is the fact that the “folders” listing unexpectedly jumps around without any prompting. A chosen folder will unexpectedly jump to the bottom of the page (or the top maybe) leaving me dismayed trying to find where I was a second ago.
    That largish transparent square which attaches to the cursor on moving or copying files is distracting and tends towards a lack of accuracy when pointing to a new folder.
    It got that way that I was relieved when I could come out of explorer and do other things.
    I have tried a few other filemanagers and the one that suits me happens to be the free version of Powerdesk (V6 I think).
    The trouble is I thus get less practised in using explorer BUT lots of apps default to opening explorer for various filemanaging tasks which re-introduces the nervous sinking feeling once again.
    Microsoft could do a LOT better than explorer in its present form and I wish they would.
    I am not nearly as informed as Leo, not by a long long way, but I have been using filemanagers since the dawn of personal computing in the 1980’s. I have even formed the opinion that Microsoft have not made explorer more user friendly to stop users fiddling with files.
    I hope that these opinions are not regarded as off topic for I would welcome any kind of feedback.

    Reply
  42. I often create graphic files in CorelDRAW (cdr extension) then export to PDF, EPS, JPEG, PNG or some other file type… the file name remains the same, but the extension changes to reflect the type of file… when the proper extension is displayed, it is much simpler to locate & open & edit the intended file. One of my first tasks on a new computer is to change the WE default to show extensions. It save a lot of errors & brain damage.

    Reply
  43. Is my Win10 File Explorer different from everyone else? It bears some resemblance to early versions, but lot of bells and whistles I don’t really want. No more Tools tab, only tabs shown at top are File, Home, Share, View. Under View, I must check File name extensions box to show extensions, not uncheck as shown above. I am now 80 and built my first pc’s in back in 70’s and can never understand how anyone would ever tolerate not seeing file name extensions. Hey, old dog learned a new trick here, opening file explorer with window key + E! Neat! Have to learn what else that windows key toy can do for me. Thanks Leo.

    Reply
    • Microsoft has gone minimalist with File Explorer. Clicking on Home, Share or View menus would bring up the respective ribbons which give you access to their respective tools. If you want the ribbons always visible, right click to the right of View, and from the dropdown uncheck “Hide the ribbon”.

      Reply
  44. I do this on any version of Wondows I have control of.

    That said, if a user is astute (which, alas, not all users are, or at least not al! the time), if this option is checked (on), there are still not one, but two cues available that something is amiss:

    1. The icon’s wrong – The file’s icon will match its true exstension. I you see an “application” icon on a “*.doc” file, there’s something wrong.

    2. There’s a visible extension – If you see one file with an extension, while all other files don’t have one, multiple alarm bells should be sounding in your head.

    But, alas, as I noted before, not all users are this astute.

    Reply
  45. Any time I have the need to (re)install Windows, or I get/build a new system, one of the first things I do is re-configure Windows Explorer (File Explorer) to ‘Single-click to open an item’ (I never have liked double-clicking), Display the full path in the title bar, show hidden files/folders/drives, not (uncheck) hide extensions for known file types, and to not (uncheck) hide protected operating system files.

    This way I can see everything on my system (note the word MY in this sentence). I started out using MS-DOS. I was able to see all file extensions then by default, and when Microsoft began making it the default to hide extensions for known file types (IIRC circa Windows 95), I didn’t like it. It made me feel half blind when I was working with my file system. It just felt wrong, and it still does today. I use file extensions as a visual clue about what file type I am about to work with. There have been times when I was doing something with someone’s file system when I found a file or two with multiple extensions (e.g.: example.doc.exe et-al). This prompted me to scan the system with an antivirus scanner (or in particular, the above-mentioned files) to see if malware was found. If so, I got rid of it. Note: not all instances of multiple file extensions are an indication of malware. I have found files with combo-extensions such as example.exe.bak or example.doc.bac, etc. These are usually just backup files created by some application or user, but it is still good to know what they are.

    When I’m using a GNU/Linux distribution, I often include a file extension (for the most part, .txt, .doc, and .sh for shell scripts) on a file (even though Linux does not use them) just to give me a visual clue about the file type for future reference.

    I wonder how many people who work for Microsoft make similar changes to their file explorer.

    Ernie

    Reply
  46. Good article. I’ve been doing this for years (showing extensions) for many of the reasons mentioned in the comments. I am also chagrined with MS’s default,
    One other advantage. Say I d/l some software, say ABC. Suppose it fails to install a shortcut icon on the desktop. I can go into the program folder and search for the .exe extension. That will narrow it down to maybe setup.exe or ABC.exe. I can then click it (maybe after scanning the entire folder to make sure it is virus-free)and make sure the program launches. I can then create a shortcut (right-click) in my desktop for future launches.

    Mel

    Reply
  47. When you enable “File name extension”, the “Type” column becomes redundant and just clutter but how do you get rid of it in all windows? I remove it in one window and it is back in the next window
    I open.

    Reply
  48. Like most here I have changed this on all my computers, but I also almost always use my computer with a non administrative login. It seems to me that a new .exe file prompts for the admin password.
    Wouldn’t this be true for a .doc.exe file?

    I rarely log in as an admin user.

    Reply
    • In theory, yes. However unpatched vulnerabilities are the holy grail of malware, and some allow “privilege escalation”, which would allow malware to bypass that anyway. In THEORY it should never happen, but it’s exactly what a zero day might be, AND not everyone keeps their machine as up to date as they should.

      Reply
  49. There’s another thing which is “Off” by default which you need to turn “On”.
    Restore Points. These allow you to roll back your machine to a previous state. If a software install won’t uninstall, for example, or even if a Windows Automatic Update goes wrong (which can happen).
    Look for “Create a Restore Point” on your machine and follow your nose, there’s a check-box called “System Protection”, default is “Off”, it needs to be “On”. It will run automatically on a regular basis, e.g. just before a Windows Update, but you can create a restore point manually, e.g. prior to a software install.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.