By default, several standard file extensions are blocked on Microsoft Windows SharePoint Services, including any file extensions that are treated as executable files by Windows Explorer. Files with curly braces { or } are also blocked automatically. The file extensions blocked by default are:

ade, adp,app, asa, asp, bas, bat, cdx, cer, chm, class, cmd, com, cpl, crt, csh, dll, exe, fxp, hlp, hta, htr, htw, ida, idc, idq, ins, isp, its, jse, ksh, lnk, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msi, msp, mst, ops, pcd, pif, prf, prg, printer, pst, reg, scf, scr, sct, shb, shs, shtm, shtml, stm, url, vb, vbe, vbs, wsc, wsf, wsh.

Because the list of blocked file types is maintained by file extension, all files that use a file extension on the list cannot be uploaded or downloaded, irrespective of the file's intended use. If .asp is on the list of extensions to block, the feature blocks all .asp files on the server, even if they're used to support website features on another server in the server farm. If a file ends in a period (.), the preceding characters are checked against the list of blocked file extensions as well. For example, if .exe is on the list of blocked file extensions, a file called "filename.exe." is also blocked. The following list shows different ways of representing the same file, all of which are blocked if the .hta extension is on the list of blocked file extensions: