Windows OS Hub
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux

 Windows OS Hub / Windows 10 / How to Unblock a File Downloaded from Internet on Windows

November 17, 2023

How to Unblock a File Downloaded from Internet on Windows

Windows displays a security warning when you try to open or run an executable file/script that you downloaded from the Internet. This article explains how Windows identifies a file downloaded from the Internet and how to unblock it

Contents:
  • How Does Windows Know That a File Was Downloaded from the Internet?
  • PowerShell: Unblock Files Downloaded from the Internet

Open file security warning for files downloaded from the Internet

How Does Windows Know That a File Was Downloaded from the Internet?

All browsers set a special marker in the NTFS metadata (alternate data streams) when downloading a file from the web or from an email. Copying, renaming, or moving files to another NTFS partition does not remove this tag.

Multiple metadata streams can be added for each NTFS file using Alternate NTFS Data Streams. By default, all file data is stored on the mainstream. It is possible to create one or more additional streams for a file, which can even exceed the file size displayed in File Explorer. Most applications (including Windows Explorer) only work with the default stream and cannot read data from alternative NTFS streams.

You can use PowerShell to check the alternate streams of a file for the presence of this tag:

Get-Item -Path "C:\downloads\Fido.ps1" -Stream *

In our example, an alternate stream called Zone.Identifier has been assigned to a file downloaded from the Internet. You can get its value:

Get-Content -Path .\Fido.ps1 -Stream Zone.Identifier

[ZoneTransfer]
ZoneId=3

Or like this:

notepad.exe file.exe:Zone.Identifier

Read Zone.Identifier alternate data stream with PowerShell

Alternate file stream: ZoneTransfer with ZoneId tag

The alternate file stream contains the assigned security ZoneId value in the [ZoneTransfer] section. You can find these security zones in the Internet Properties settings in the Control Panel (inetcpl.cpl). Possible zone ID values

  • 0 – Local machine
  • 1 – Local intranet
  • 2 – Trusted sites
  • 3 – Internet
  • 4 – Restricted sites

Internet Security Zones in Windows

In our case, the file in the alternate stream contains the security zoneID=3. This means that the file was downloaded from the Internet. When you open a file, Windows checks the ZoneId attribute. If the file is received from an untrusted source (ZoneId=3 or 4), it will be blocked from being opened (executed).

Word also checks for a Zone.Identifier tag on files and opens documents received from the Internet in protected mode.:

Protected view
Be careful – files from the Internet can contain viruses. Unless you need to edit, it’s safer to stay in Protected View.

Word: Protected view - files from the Internet can contain viruses

PowerShell: Unblock Files Downloaded from the Internet

You can manually remove this alternate stream marker from the file.

  1. Open the file properties in File Explorer;
  2. There should be a note in the Security section:
    This file came from another computer and might be blocked to help protect this computer.
  3. Check the Unblock option and click Apply. This file came from another computer and might be blocked to help protect this computer

You can also use the PowerShell command to unblock a file that you have downloaded from the Internet:

Unblock-File .\Fido.ps1

Check that the alternate stream has been removed and the file is unblocked:

Get-Item -Path .\Fido.ps1 -Stream *

There should only be one stream left in the file, which is called $Data.

Unblock-File PowerShell cmdlet

To manage alternate file streams, you can also use the streams tool from Microsoft.

You can manually assign an alternate stream to any file:

Set-Content -Path .\Fido.ps1 -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'

You can also remove an alternate data stream from a file like this:

Remove-Item -Path .\Fido.ps1 -Stream Zone.Identifier

You can enable the option Do not preserve zone information in file attachments in the Local Group Policy Editor to stop blocking files downloaded from the Internet from opening (User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager). However, this is not recommended as it reduces the security of your computer.

GPO: Disable blocking downloaded files, preserve zone information

It may be even better to make an exception for certain file extensions (with the GPO option Inclusion list for low file types).

2 comments
9
Facebook Twitter Google + Pinterest
PowerShellWindows 10Windows 11
next post
SCCM and WMI Query to Find All Laptops and Desktops

Related Reading

Unable to Connect Windows 10 Shared Printer to...

March 11, 2024

How to increase KMS current count (count is...

March 12, 2024

How to Clear Event Viewer Logs on Windows

November 9, 2023

Booting Windows from GPT Disk on BIOS (non-UEFI)...

March 11, 2024

Error 0x0000007e: Windows cannot connect to network printer,...

March 11, 2024

Recovering Files from a RAW Partition using TestDisk

March 16, 2024

Removable USB Flash Drive as Local HDD in...

March 11, 2024

How to Install and Configure TFTP Server and...

March 15, 2024

2 comments

sanjuro June 19, 2018 - 1:39 pm

Very interested and useful, thank you! I was wondering why IE7 blocked images and internal links from my own downloaded html file, and Zone.Identifier was the answer.

Reply
Lacerda November 29, 2019 - 8:47 pm

“Actually, Windows doesn’t have any tools to deal with the alternative data streams”
Today we have unblock-file cmdlet in Powershell.

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Encrypt Any Client-Server App Traffic on Windows with Stunnel

    June 12, 2025
  • Failed to Open the Group Policy Object on a Computer

    June 2, 2025
  • Remote Desktop Printing with RD Easy Print Redirection

    June 2, 2025
  • Disable the Lock Screen Widgets in Windows 11

    May 26, 2025
  • Configuring Windows Protected Print Mode (WPP)

    May 19, 2025
  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • How to Connect and Query MySQL or MariaDB with PowerShell
  • Windows: Auto Reconnect to VPN on Disconnect
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top