What does it mean when a file is blocked in Windows?

When some files are downloaded from the internet, they are blocked. Some files can still be opened even if they are blocked...

I can see whether a file is blocked by opening the file properties (right-click > properties) and looking at General tab > Security (right under the Attributes section).

See for reference:

What does it mean when a file is blocked? How does a file behave differently in a blocked state versus an unblocked state?

Solution 1:

This is driven by the alternate data streams. Windows flags files as potentially untrusted if they have been downloaded (for example) from the internet zone and will disable execution.

As a side note, Sysinternals provide a free tool called 'streams' (via Microsoft) which allows you to remove (including recursively) all alternate streams from a file / directory.

As a second side-note, the reason Windows does this is because it's a fairly simple way to construct a trojan or virus. As discussion on this briefly here.

In 2009, the alternate data stream was used by a click fraud Trojan named FFSearcher. It used the stream name “Zone.Identifier” which is a stream name that Microsoft uses to mark executable files downloaded by Internet Explorer. Instead of a simple zone identifier however, the Trojan implanted a DLL file that contained the Trojan’s code.