Chuck Frey ChuckFrey

## RansomwareExtensions.md

      
        
          
            
              
              1 file
            
          
          
            
              
              1 fork
            
          
            
              
                
                8 comments
              
            
          
            
              
              8 stars
            
          
        
        
          
              
          
          
            
                ChuckFrey
                / RansomwareExtensions.md
            
            
              Last active
              February 19, 2026 14:18
            
              
                Possible file extensions to open with notepad.exe to reduce the risk of ransomware executing
              
          
        
      
        

      
      
    For modern Windows 10 & 11 systems that do not support the legacy GPO approach, test the following for your environment.
1. An Updated XML (Classic Notepad)

To target the Classic (Win32) Notepad (C:\Windows\System32\notepad.exe) instead of the Microsoft Store version, you must use the Applications\notepad.exe ProgID.
File Name: SecurityAssociations.xml
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>