Why does "Allow trusted locations on my network" say "not recommended"?

  • 7023163
  • 09-Jul-2018
  • 28-Oct-2019

Environment

Reflection Desktop (including Pro, for IBM, or for UNIX and OpenVMS) 16.0 or higher
InfoConnect Desktop (including Pro, Unisys, and Airlines) 16.0 or higher

Situation

What are the risks of selecting the Reflection Desktop setting of "Allow trusted locations on my network (not recommended)" under Trusted Locations?

Resolution

The Reflection Desktop "Trusted Locations" dialog box includes a checkbox option that says "Allow trusted locations on my network (not recommended)" that is similar to a dialog box in Microsoft Office applications which also have a checkbox option with that same text. Microsoft Help does not offer any explanation why remote, networked locations are not recommended as "trusted," but since network file shares are typically shared by multiple users, additional risk can occur by trusting these locations.

The "Trusted Locations" feature is intended to protect the users from the possibility of accidentally opening a document that contains malicious code.  By default, trusted locations beyond a computer's local storage are disallowed because the user is less likely to be aware of whether files might be malicious or not if they are not stored on the local computer's hard drive.  Documents not stored locally, and accessible to anyone with network access, could potentially be tampered with and can be an easier target for virus' or malware to exploit.  Typically only folders on your local hard drive should be considered trusted locations, and should be protected by your Windows account with a strong password.

Changing Trusted Locations settings can greatly reduce or increase the security of your computer, its data, data on your organization's network, and other computers on that network.  Consult with your system administrator, or carefully consider the risks (such as security permissions of the remote share), before making changes to Trusted Locations settings. Unless there is certainty that the remote documents are safe to open, it is recommended to leave the "Allow trusted locations on my network" option un-selected.

If specifying VBA references to remotely located session documents which are stored on a network share, then the option "Allow trusted locations on my network (not recommended)" may need to be selected.  Consult your system administrator to determine if this setting should be modified.