Preface: We're running the FILE transport with our own HTTPS transfer facility (based on WinInet). The "server share" is made available to the clients via an IIS 6 web server. The following list was collected by means of a "brute force" attempt to upload files with all possible extensions.

I'm quite sure that some of these extensions are only problematic for our particular setup as they typically denote script files, others seem to be used by IIS for different reasons (which I don't claim to understand). - When using classical FTP servers, I guess the list would contain different entries. YMMV...

I just found out that ".url" is a bad extension for IIS, too - it seems to get blocked immediately by the web server - so now it's on the blacklist:

set remote file option public.invalid_extensions =
'asa,asp,bat,cdx,cer,cgi,cmd,com,crl,crt,cs,dll,exe,idc,isa,js,p12,pfx,pif,stl,url,vbs';