Blocking and unblocking downloaded files on NTFS

Posted by at
A downloaded file that is protected (»blocked«) by Windows because it is potentially unsafe can easily be unblocked using Explorer's Properties->Unblock.

But how does it work?

The security zone is stored in an NTFS Stream called Zone.Identifier. 

$ more < file:Zone.Identifier
[ZoneTransfer]
ZoneId=3
The Stream has the usual INI format. This is how to create one manually for a random file in order to block it. 
$ echo [ZoneTransfer] > file:Zone.Identifier
$ echo ZoneId=3 >> file:Zone.Identifier
To see the streams present on a file you can use dir /r. 
$ dir /r
04.09.2012  12:49                13 file
                                 28 file:Zone.Identifier:$DATA
I haven't found a way yet to actually delete a stream, but they tell me PowerShell 3.0 is going to be able to do it, or you can download a separate tool from SysInternals.
Labels:

Comments

Post a Comment

Subscribe to: Post Comments (Atom)