Block Files from Running

Telegram Desktop makes it easy to receive files, but scammers may send malicious programs disguised as invoices, photos, documents, updates, or other useful tools. These files often use executable extensions such as:

.exe
.bat
.cmd
.msi
.ps1
.scr
.com

When a user clicks an executable file in Telegram, Telegram normally displays a Run or Cancel warning. However, a user may still click Run by mistake.

This guide shows two ways to prevent .exe files downloaded through Telegram Desktop from running:

  • Method 1: Use Command Prompt
  • Method 2: Use the Additional Rules wizard

The examples below use this Telegram download folder:

C:\Users\<User Profile>\Downloads\Telegram Desktop

Replace it with your actual Telegram download folder when necessary.


Before You Begin

This guide uses Windows Software Restriction Policies.

It is mainly intended for:

Windows 10 Pro
Windows 10 Enterprise
Windows 11 Pro
Windows 11 Enterprise

To check your Windows version:

  1. Press Windows + R
  2. Type:
winver
  1. Press Enter.

You should also confirm Telegram’s download location.

In Telegram Desktop, open:

Settings
→ Advanced
→ Download Path

Method 1: Block Telegram EXE Files Using Command Prompt

This is the fastest method for administrators or IT support staff.

Step 1: Open Command Prompt as Administrator

  1. Open the Start menu.
  2. Type:
cmd
  1. Right-click Command Prompt.
  2. Select Run as administrator.

Step 2: Enable Software Restriction Policies

Run these commands:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers" /v DefaultLevel /t REG_DWORD /d 262144 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers" /v TransparentEnabled /t REG_DWORD /d 1 /f

These commands keep normal applications allowed while enabling restriction rules for selected locations.


Step 3: Block EXE Files in the Telegram Download Folder

Example your <User Profile> is PROGRAMMING
Run:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{11111111-1111-1111-1111-111111111111}" /v ItemData /t REG_SZ /d "C:\Users\<User Profile>\Downloads\Telegram Desktop\*.exe" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{11111111-1111-1111-1111-111111111111}" /v SaferFlags /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{11111111-1111-1111-1111-111111111111}" /v Description /t REG_SZ /d "Block EXE files from Telegram Desktop" /f

The important part is:

C:\Users\<User Profile>\Downloads\Telegram Desktop\*.exe

This means that every .exe file inside that folder is set to Disallowed.


Step 4: Apply the Policy

Run:

gpupdate /force

For the most reliable result, restart Windows:

shutdown /r /t 0

Step 5: Confirm the Rule Exists

Run:

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths" /s

You should see something similar to:

ItemData      REG_SZ       C:\Users\<User Profile>\Downloads\Telegram Desktop\*.exe
SaferFlags    REG_DWORD    0x0

SaferFlags 0x0 means the path is set to Disallowed.


Optional: Block More Dangerous File Types

Blocking .exe is helpful, but malicious programs can also use other extensions.

Create a separate rule for each extension.

Block BAT files

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{22222222-2222-2222-2222-222222222222}" /v ItemData /t REG_SZ /d "C:\Users\<User Profile>\Downloads\Telegram Desktop\*.bat" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{22222222-2222-2222-2222-222222222222}" /v SaferFlags /t REG_DWORD /d 0 /f

Block CMD files

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{33333333-3333-3333-3333-333333333333}" /v ItemData /t REG_SZ /d "C:\Users\<User Profile>\Downloads\Telegram Desktop\*.cmd" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{33333333-3333-3333-3333-333333333333}" /v SaferFlags /t REG_DWORD /d 0 /f

Block MSI installers

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{44444444-4444-4444-4444-444444444444}" /v ItemData /t REG_SZ /d "C:\Users\<User Profile>\Downloads\Telegram Desktop\*.msi" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{44444444-4444-4444-4444-444444444444}" /v SaferFlags /t REG_DWORD /d 0 /f

Block PowerShell scripts

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{55555555-5555-5555-5555-555555555555}" /v ItemData /t REG_SZ /d "C:\Users\<User Profile>\Downloads\Telegram Desktop\*.ps1" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{55555555-5555-5555-5555-555555555555}" /v SaferFlags /t REG_DWORD /d 0 /f

After adding the rules, run:

gpupdate /force

And then reboot your PC.


Method 2: Block EXE Files Using the Additional Rules Wizard

This method is easier for users who prefer a graphical interface.

Step 1: Open Local Security Policy

Press:

Windows + R

Type:

secpol.msc

Press Enter.


Step 2: Open Software Restriction Policies

Navigate to:

Security Settings
→ Software Restriction Policies

When you see:

No Software Restriction Policies Defined

right-click Software Restriction Policies and select:

New Software Restriction Policies

After creating the policy, you should see:

Security Levels
Additional Rules
Enforcement
Designated File Types
Trusted Publishers

Step 3: Create a New Path Rule

  1. Click Additional Rules.
  2. Right-click an empty area in the right panel.
  3. Select:
New Path Rule

Enter this path:

C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.exe

Set the security level to:

Disallowed

Add a description such as:

Block EXE files from Telegram Desktop

Click Apply, then OK.


Step 4: Add Rules for Other File Types

Repeat the same steps for:

C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.bat
C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.cmd
C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.com
C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.msi
C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.ps1
C:\Users\PROGRAMMING\Downloads\Telegram Desktop\*.scr

Each rule should use:

Security level: Disallowed

Step 5: Apply the New Policy

Open Command Prompt as administrator and run:

gpupdate /force

Then sign out, sign back in, or restart the computer.


How the Protection Works

After the policy is applied, the process looks like this:

  1. A user receives an .exe file in Telegram.
  2. The user clicks the file.
  3. Telegram displays Run or Cancel.
  4. The user clicks Run.
  5. Windows checks the Software Restriction Policy.
  6. Windows blocks the executable.
  7. The program does not start.

Sometimes Telegram may appear to do nothing after the user clicks Run. This is normal. Telegram does not always display the Windows policy error.

The important point is that the executable does not run.


How to Test the Rule Safely

Do not test with an unknown executable from Telegram.

Instead:

  1. Copy a trusted Windows program such as:
C:\Windows\System32\notepad.exe
  1. Paste it into:
C:\Users\PROGRAMMING\Downloads\Telegram Desktop
  1. Rename it to:
test.exe
  1. Double-click it.

When the rule is working, Notepad should not open.

Opening the file directly from File Explorer may display a message similar to:

This program is blocked by group policy.

When opening it through Telegram, Telegram may remain silent after the user clicks Run.


Show a Friendly Warning Message

Software Restriction Policies block the file, but Telegram may not explain what happened.

A more user-friendly setup can display a message such as:

Security Notice

This file was blocked to protect your computer.

Programs downloaded from Telegram are not allowed to run.
Please contact IT support if you believe the file is safe.

Find the Blocked Event

Open Event Viewer:

eventvwr.msc

Navigate to:

Windows Logs
→ Application

Look for:

Source: SoftwareRestrictionPolicies
Event ID: 866

Right-click the event and select:

Attach Task To This Event

For the task action, choose Start a program.

Use:

Program/script:
C:\Windows\System32\msg.exe

Use these arguments:

* /TIME:20 "Security Notice: This file was blocked to protect your computer. Programs downloaded from Telegram are not allowed to run. Please contact IT support."

Now, when Windows blocks the Telegram executable, the user should see a friendly warning.


How to Remove the Command Prompt Rule

To remove the .exe blocking rule, open Command Prompt as administrator and run:

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{11111111-1111-1111-1111-111111111111}" /f

Then apply the change:

gpupdate /force

Restart Windows if necessary.


Important Security Notes

This rule blocks an executable only while it remains inside the protected Telegram download folder.

A user may still be able to copy the file to another folder and run it from there. For stronger protection, organizations should also consider:

  • Using standard user accounts instead of administrator accounts
  • Enabling Microsoft Defender
  • Enabling SmartScreen and reputation-based protection
  • Blocking execution from other download and temporary folders
  • Using AppLocker or Windows Defender Application Control in business environments
  • Training users not to trust unexpected executable files

Also remember that malicious programs may be hidden inside ZIP, RAR, ISO, or other archive files. Blocking .exe files in the Telegram folder is an important layer of protection, but it should not be the only security measure.


Conclusion

Blocking executable files from the Telegram Desktop download folder can prevent users from accidentally launching malicious software.

For quick deployment, use the Command Prompt method.

For easier manual configuration, use:

Local Security Policy
→ Software Restriction Policies
→ Additional Rules

The recommended setup is:

Block .exe, .bat, .cmd, .com, .msi, .ps1 and .scr
Enable Microsoft Defender
Use a standard Windows account
Display a friendly warning message

With this configuration, even when a user clicks Run inside Telegram, Windows prevents the executable from starting.