Microsoft’s June 2026 security updates for Windows 10 and 11 cause some File Explorer folders to lose custom icons and localized names. This occurs because the operating system now ignores desktop.ini files from untrusted sources to prevent spoofing attacks, a security measure tied to the Mark-of-the-Web (MotW) mechanism.
Why are Windows folder icons and names changing?
Users may notice that folders previously showing custom icons have reverted to the standard yellow folder icon. In some instances, folder names appear in their raw format rather than their localized or custom display names. Microsoft states this is expected behavior rather than a software bug.
The issue stems from how Windows handles desktop.ini files. These files act as instructions for File Explorer, telling it to display a specific icon or a customized name for a folder. According to Microsoft, the OS now ignores these instructions if the desktop.ini file originates from a source deemed untrusted.
Microsoft emphasizes that this change does not delete, move, or corrupt any data. The files within these folders remain fully accessible; only the visual and linguistic customizations are suppressed.
Unblock-File to remove the Mark-of-the-Web attribute.
How does Mark-of-the-Web prevent spoofing?
The Mark-of-the-Web (MotW) is a security feature Windows uses to identify files originating from the internet or untrusted remote locations. This signal triggers additional protections, such as warnings when running downloaded executables.
Cybersecurity threats often use desktop.ini to perform “spoofing” attacks. A malicious actor can create a folder that looks like a legitimate system directory—such as “My Documents” or “Invoices”—by using a custom icon and a renamed display string. This tricks users into clicking on malicious content that appears familiar and safe.
By extending MotW protections to folder customizations, Microsoft aims to neutralize this tactic. If a folder is pulled from a WebDAV location, an HTTP path, or an unclassified network share, Windows will no longer trust its visual identity.
Common sources of “untrusted” files:
- Direct internet downloads via web browsers.
- Files accessed via WebDAV or HTTP protocols.
- Network paths not explicitly classified as part of a local intranet.
How can administrators restore folder customizations?
Microsoft provides three distinct methods to resolve these visual changes, though each carries different security implications.
1. Add sources to Trusted Sites
The most secure method involves adding the specific source—such as an internal server or a known network path—to the “Trusted Sites” zone in Windows settings. Once a source is trusted, Windows will process its desktop.ini files normally.
2. Use Group Policy
Administrators can enable the policy “Allow the use of remote paths in file shortcut icons.” While this restores the previous behavior across an entire organization, Microsoft warns that this reduces protection against potentially malicious remote content.
3. Manually unblock files
For individual files, users can remove the MotW tag manually. This is best reserved for specific files where the origin is 100% verified.
What are the future trends in OS-level security?
This update signals a broader shift in how operating systems manage trust. We are moving away from a model where the user is responsible for verifying visual cues and toward a “Zero Trust” architecture at the file level.
The decline of visual-based security
For decades, users have relied on icons to navigate their systems. As attackers become more adept at mimicking these UI elements, operating systems will likely continue to strip away “cosmetic” metadata from untrusted files. The future of Windows may involve even stricter visual sandboxing to ensure that what a user sees is exactly what the system verifies.
Granular file-level identity
The expansion of MotW suggests that identity and trust are becoming more granular. Rather than trusting an entire drive or network, Windows is increasingly evaluating the “provenance” of individual configuration files. This trend will likely increase the complexity of managing large-scale enterprise environments where shared network drives are standard.
Increased friction in hybrid work environments
As employees access files via cloud-hybrid paths and various web protocols, the distinction between “local” and “remote” becomes blurred. IT departments will face growing pressure to maintain highly accurate “Trusted Site” lists to prevent productivity loss caused by broken folder structures and missing icons.
Frequently Asked Questions
Will this update delete my files?
No. Microsoft confirms that files are not deleted, moved, or corrupted. Only the folder’s icon and display name are affected.
Why did my company folders change appearance?
If your company uses network paths or WebDAV that are not classified as “Intranet” by your IT department, the June 2026 update will treat those desktop.ini files as untrusted.
Is there a way to stop this permanently?
The most stable way is to have your administrator add your network locations to the Trusted Sites list or update Group Policy settings.
Are you seeing changes to your folder icons after the recent update? Let us know in the comments below or share this article with your IT administrator.
