How does Windows' security warning "do you want to run this file.." work?
In Windows XP, after downloading a file, when I try to run it I get
Windows XP Security Warning. Do you want to run this file... always ask before opening this file?
I moved the file into another directory (just a regular directory I created like C:\something
) and ran it. I got the message, though now I don't. So maybe it was only the first time opening or something.
- Does it happen for any executable?
- Which executables does this happen with?
I presume Windows doesn't keep some kind of record that this file was downloaded via the internet. Any time I click the file in Chrome downloads, I get the message, but it's from Windows XP not Chrome.
How is this working?
It also seems in some way browser specific, because when I save the file and run it by saving it and clicking Open file while within K-Meleon I don't get that question. It's as if it could open it in some way that bypassed the Windows XP message.
Also, I remember the terrible days of IE and Windows 98. Maybe IE5 was the culprit, perhaps before certain updates, where the browser would just run executables from any website, without you clicking on them, unless you ticked a hard to find box in Advanced Settings.
Hopefully I can untick the box here in this security warning thing "always ask before opening this file", and it won't cause that problem. I just want an exectuable I click or double click to run.
And even when I untick that box, if I click another .exe in Chrome's downloads, it happens for that one.
Several versions ago, Internet Explorer introduced the concept of "security zones" – Internet, local intranet, "trusted", "restricted". Later, this was extended to the Windows Explorer shell (and a "My Computer" zone was added).
After downloading the file, the browser – both IE and Chrome – adds an "alternate stream" to it, named Zone.Identifier
, which says that the file came from the "Internet" zone. When you double-click a file in Windows Explorer, it checks if such a stream is present, and asks for confirmation if necessary. This is not restricted to executables – any file tagged this way will require confirmation.
Alternate streams are a feature of Windows and the NTFS filesystem, and are stored on disk as part of the file. (In NTFS, the actual contents of a file is in fact an unnamed stream too.) If you want to see or edit the contents of Zone.Identifier
, run in command line:
notepad MyDownloadedApp.exe:Zone.Identifier
When you uncheck the "Always prompt..." box, or when you click "Unblock" in the file properties window, the Zone.Identifier
stream is deleted and Explorer won't require confirmation anymore. To delete all streams from many files at once you can use Streams or a graphical tool.
If you want to disable the zone tagging, refer to this post for Google Chrome.
So this is a security setting for windows. To disable it, go the registry and change the following key values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download] "CheckExeSignatures"="no" "RunInvalidSignatures"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] "SaveZoneInformation"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov ;.mp3;.m3u;.wav;"
As always when editing the registry, make a backup first.
Source
Note: This will disable it for all files regardless of location. I would not recommend doing it in general, but it seems to be what you want to do.