BookmarkSubscribeRSS Feed
Fluorite | Level 6

We like the comments feature but would like to remove the attachments functionality as users are able to add .exe files as attachments. This has been flagged as a security threat in our organization.

How can one keep the comments functionality but disallow attachments?


SAS Employee

Hello Sanjeev,

In Visual Analytics version 7.1 SAS began blocking the upload of file types listed below when you attach a file via the comment editor in applications such as Explorer, Designer, and the Visual Analytics viewer.

".ade", ".adp", ".app", ".asp", ".bas", ".bat", ".cer", ".chm", ".cmd", ".cnt",

".com", ".cpl", ".crt", ".csh", ".der", ".exe", ".fxp", ".gadget", ".hlp",

".hpj", ".hta", ".inf", ".ins", ".isp", ".its", ".js", ".jse", ".ksh", ".lnk",

".mad", ".maf", ".mag", ".mam", ".maq", ".mar", ".mas", ".mat", ".mau", ".mav",

".maw", ".mda", ".mdb", ".mde", ".mdt", ".mdw", ".mdz", ".msc", ".msh", ".msh1",

".msh2", ".mshxml", ".msh1xml", ".msh2xml", ".msi", ".msp", ".mst", ".ops",

".osd", ".pcd", ".pif", ".plg", ".prf", ".prg", ".pst", ".reg", ".scf", ".scr",

".sct", ".shb", ".shs", ".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2",

".tmp", ".url", ".vb", ".vbe", ".vbp", ".vbs", ".vsmacros", ".vsw", ".ws",

".wsc", ".wsf", ".wsh", ".xnk”

In Visual Analytics 7.1 if you upload a file with one of these extensions it will block you and give you the following Error message.


The comment and the attachment is subsequently not posted. 

SAS Visual Analytics 6.4 or older (VA 5.1, 5.2, 6.1, 6.2, and 6.3) this is not the case.  It will upload the file and a user can execute this file.  However, there is a way to restrict users at the platform level from uploading these file types. I have attached a SAS note on how an admin could set this up.

You will have to follow the instructions to restrict certain file extensions.  When you do this, the application will behave as if  you have uploaded the file, but the file will not be stored anywhere on the server.  Companies might have further restrictions on file extension uploads like .zip and .rar files.  Using this SAS note even if you have SAS VA 7.1, it could aid in satisfying those administration needs of increased security. 

If you have more questions on this please feel free to respond in the thread.



Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

Tips for filtering data sources in SAS Visual Analytics

See how to use one filter for multiple data sources by mapping your data from SAS’ Alexandria McCall.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 1 like
  • 2 in conversation