There are a variety of other potentially dangerous file extensions more than you might expect.
So Why Would I Want to Know Which Files are Dangerous?
Even screen saver files can be dangerous on Windows.
Why is a File Extension Potentially Dangerous?
These file extensions are potentially dangerous because they can contain code or execute arbitrary commands.
Media files like .JPEG images and .MP3 music files are not dangerous because they cant contain code.
Programs
.EXE An executable program file.
Most of the applications running on Windows are .exe files.
.PIF A program information file for MS-DOS programs.
.tool An tool installer deployed with Microsofts ClickOnce technology.
.GADGET A gadget file for the Windows desktop gadget technology introduced in Windows Vista.
.MSI A Microsoft installer file.
These install other applications on your setup, although applications can also be installed by .exe files.
.MSP A Windows installer patch file.
Used to patch applications deployed with .MSI files.
![docm-vs-docx[4]](https://static1.howtogeekimages.com/wordpress/wp-content/uploads/2013/02/docm-vs-docx4.png)
.COM The original jot down of program used by MS-DOS.
.SCR A Windows screen saver.
Windows screen savers can contain executable code.
.HTA An HTML tool.
Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.
.CPL A Control Panel file.
All of the utilities found in the Windows Control Panel are .CPL files.
.MSC A Microsoft Management Console file.
Applications such as the group policy editor and disk management tool are .MSC files.
.JAR .JAR files contain executable Java code.
If you have theJava runtimeinstalled, .JAR files will be run as programs.
Scripts
.BAT A batch file.
Contains a list of commands that will be run on your machine if you open it.
Originally used by MS-DOS.
.CMD A batch file.
Similar to .BAT, but this file extension was introduced in Windows NT.
.VB,.VBS A VBScript file.
Will execute its included VBScript code if you run it.
.VBE An encrypted VBScript file.
.JS A JavaScript file.
.JS files are normally used by webpages and are safe if run in Web browsers.
However, Windows will run .JS files outside the net surf tool with no sandboxing.
.JSE An encrypted JavaScript file.
.WS,.WSF A Windows Script file.
.WSC,.WSH Windows Script Component and Windows Script Host control files.
Used along with with Windows Script files.
.PS1,.PS1XML,.PS2,.PS2XML,.PSC1,.PSC2 AWindows PowerShellscript.
Runs PowerShell commands in the order specified in the file.
.MSH,.MSH1,.MSH2,.MSHXML,.MSH1XML,.MSH2XML A Monad script file.
Monad was later renamed PowerShell.
Shortcuts
.SCF A Windows Explorer command file.
Could pass potentially dangerous commands to Windows Explorer.
.LNK A link to a program on your box.
A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.
.INF A text file used by AutoRun.
Other
.REG A Windows registry file.
.REG files contain a list of registry entries that will be added or removed if you run them.
Office Macros
.DOC,.XLS,.PPT Microsoft Word, Excel, and PowerPoint documents.
These can contain malicious macro code.
The M at the end of the file extension indicates that the document contains Macros.
For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.
This isnt an exhaustive list.
There are other types of file extensions like .PDF that have had a string of security problems.
However, for most of the file types above, there’s just no securing them.
They exist to run arbitrary code or commands on your box.
