The present disclosure describes a system for saving metadata on files and using attribute data files inside a computing system to enhance the ability to provide user interfaces based on actions associated with non-executable attachments like text and document files from untrusted emails, to block execution of potentially harmful executable object downloads and files based on geographic location, and to a create a prompt for users to decide whether to continue execution of potentially harmful executable object downloads and files. The system also records user behavior on reactions to suspicious applications and documents by transmitting a set of attribute data in an attribute data file corresponding to suspicious applications or documents to a server. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.