Ideally, these files are blocked at the email gateway and firewall, but catch them dropped to these locations for a layered approach. Sometimes a malicious file can lurk on disk, waiting for the user to accidentally interact with them days or weeks later, be proactive.