Description:

Environment parameters:
Clarity version: 12.1, 13.x
Client Windows versions: Windows 7 (also occurs in Vista and XP)
Browser: IE 8.0 (also occurs in Firefox and other IE versions)
Office Versions: MS Office 2007 & 2010

Using the Clarity Export to Excel (Data Only) option results in a warning message by Excel, that the format of the file is incorrect.

"The file you are trying to open, '[filename]', is in a different format than specified by the file extension. Verify that the file is not corrupted and is from a trusted source before opening the file. Do you want to open the file now?" (Yes | No | Help)

When the user clicks on the 'Yes' button in the dialog window, the file opens as expected and does not appear to be incorrectly formatted as indicated by the message previously shown. The issue does not occur when the end-user selects the Clarity Export to PowerPoint and Export to Excel (formatted) options.

Steps to Reproduce:

1. Login to Clarity as a Project Manager
2. Home, Projects List View
3. From the list view, Options icon, select 'Export to Excel (Data Only) option
4. Respond to the dialog message to confirm the file download (if prompted, dependent on browser settings)

Expected Result: No file Extension Error should be displayed
Actual Result: Error Message shown

Solution:

The alert is a new security feature in Excel 2007 and 2010 called Extension Hardening, which ensures that the file content being opened matches the extension type specified in the shell command that is attempting to open the file.

Client Configuration of Extension Hardening

Client desktops can change the default behavior of the security check using a registry key. The following registry key can be set to alter the behavior of the Excel 2007 or 2010 client in the following ways:

For Microsoft Excel 2007 Client (Internal version = 12.0):

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Excel\Security
Value: (DWORD)"ExtensionHardening" = [0 = Disable check; 1 = Enable check and prompt; 2 = Enable check, no prompt deny open]
Default setting if value not present is 1 (enable and prompt).

For Microsoft Excel 2010 Client (Internal version = 14.0):

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security
Value: (DWORD)"ExtensionHardening" = [0 = Disable check; 1 = Enable check and prompt; 2 = Enable check, no prompt deny open]
Default setting if value not present is 1 (enable and prompt).

The client can configure the site to disable the check by setting ExtensionHardening = 0. This will stop the prompt from appearing, but it will also disable any future checks for the file content validity. This does not (in itself) lower your security. The check is part of a defense-in-depth strategy to prevent malicious users from crafting files of a different type than its extension (or MIME type), which could then be used to trick users into opening a file of a type they did not expect. This warning is designed to let the user know of this potential threat and given them an option of canceling the open if they wish.

More details regarding this known Microsoft topic can be found on the following external hyperlink:
http://blogs.msdn.com/b/vsofficedeveloper/archive/2008/03/11/excel-2007-extension-warning.aspx

Keywords: CLARITYKB. CLRT-67113, e2e

Release: ESPCLA99000-13.2-Clarity-Extended Support Plus
Component:

.