Microsoft just broke some custom folder icons, and it's deliberate

SiliconFeed EditorialJune 12, 2026

Windows 11 custom icons desktop.ini Mark-of-the-Web Trusted Sites security hardening

Sections and tags — in the Topics menu Search the feed

At a glance:

Microsoft’s June 2026 Windows 11 update now treats custom folder icons from untrusted sources as a security risk.
Icons defined via desktop.ini are silently reverted to defaults when the file originates from Mark‑of‑the‑Web, WebDAV/HTTP locations, or untrusted network paths.
Users can restore icons by adding the source to Trusted Sites, enabling the "Allow the use of remote paths in file shortcut icons" policy, or stripping the Mark‑of‑the‑Web tag.

What changed and why

The June 2026 update to Windows 11 introduced stricter validation for desktop.ini files that define custom folder icons. If the operating system cannot verify that the file came from a trusted source, it silently discards the custom icon setting and falls back to the default folder appearance. Microsoft confirmed on its blog that this behavior is intentional, not a bug, and is part of a broader security hardening effort.

Untrusted sources are specifically defined as files that carry a Mark‑of‑the‑Web (MOTW) tag, files copied from certain WebDAV or HTTP‑based locations, and files residing on network paths that are not classified as intranet or trusted by the current zone policy. The MOTW marker is attached by browsers and other download mechanisms to indicate that a file originated from the Internet and should be treated with caution.

Microsoft’s rationale is to prevent potential icon‑spoofing attacks where a malicious actor could replace a benign folder icon with a deceptive one to trick users into opening harmful content. By requiring that desktop.ini files come from trusted locations, the OS reduces the attack surface for social engineering that relies on visual cues.

How to fix it and what to watch

To restore missing custom icons, administrators and end users have three options. First, they can add the source location (e.g., a web server or network share) to the Trusted Sites zone in Internet Options, signalling to Windows that files from there are safe. Second, they can enable the Group Policy setting "Allow the use of remote paths in file shortcut icons," which tells the shell to accept icons from remote paths even if they are not in Trusted Sites. Third, they can remove the Mark‑of‑the‑Web tag from the desktop.ini file using PowerShell (Unblock‑File) or the file’s Properties dialog.

The change affects anyone who personalizes folder appearance via desktop.ini, including home users who organize projects with visual cues, enterprises that deploy standardized icons via logon scripts, and software vendors that ship template folders over the web. Without adjusting trust settings, those icons will revert after each feature update that enforces the new validation.

Looking forward, Microsoft may extend similar trust checks to other shell extensions such as custom context menus or property sheets. Users should keep desktop.ini files on trusted internal shares, monitor the Windows release notes for further hardening, and consider signing scripts or using internal package distribution methods to avoid the MOTW flag.

Editorial SiliconFeed is an automated feed: facts are checked against sources; copy is normalized and lightly edited for readers.

Briefing

Microsoft

The corporation that develops Windows 11 and announced the intentional security change affecting custom folder icons.

Windows 11

Microsoft’s desktop operating system whose June 2026 update introduced stricter validation for desktop.ini files.

desktop.ini

A hidden system file used to define custom folder icons, names, and other shell properties in Windows.

Mark-of-the-Web (MOTW)

A zone identifier tag attached to files downloaded from the Internet, marking them as potentially untrusted by Windows security features.

WebDAV

An extension of HTTP that allows collaborative editing and file management on remote servers; copies from some WebDAV locations are considered untrusted sources.

Trusted Sites

A security zone in Internet Options where users can designate websites or network locations as safe, allowing Windows to treat files from those sources as trusted for icon rendering.

FAQ

Why did Windows 11 start reverting custom folder icons after the June 2026 update?

The June 2026 update added a security check that validates the source of desktop.ini files before applying custom folder icons. If the file carries a Mark‑of‑the‑Web tag, comes from certain WebDAV/HTTP locations, or resides on an untrusted network path, Windows treats it as untrusted and silently falls back to the default icon. Microsoft confirmed this is intentional hardening, not a bug.

What are the three ways to restore a missing custom folder icon in Windows 11?

Users can add the folder’s source to the Trusted Sites zone in Internet Options, enable the Group Policy setting "Allow the use of remote paths in file shortcut icons," or remove the Mark‑of‑the‑Web tag from the desktop.ini file using PowerShell’s Unblock‑File cmdlet or the file’s Properties dialog. Any of these actions tells Windows the file is trusted and restores the custom icon.

Who is most affected by this change and what should they do going forward?

Home users who rely on visual cues for organization, enterprises that deploy standardized icons via scripts, and software vendors that distribute template folders over the web are all impacted. Going forward, they should ensure desktop.ini files are stored on trusted internal shares, adjust Trusted Sites or remote‑path policies as needed, and consider distributing files through signed packages or internal repositories to avoid the Mark‑of‑the‑Web flag.

More in the feed

Prepared by the editorial stack from public data and external sources.

Original article