Files downloaded from the internet are marked with the Zone identifier (“Mark of the Web” stored as Alternate Data Streams) to trigger the application reputation check by Windows SmartScreen in Windows 8 and higher.
This article explains how to bulk unblock multiple files downloaded from the internet.
Zone Identification tagging using Alternate Data Streams was first introduced in Windows XP Service Pack 2 and continued in later Operating Systems, including Windows 10.
In Windows 7 and earlier, when the user launches a file downloaded from the internet, the following dialog is presented:
If you enable “Always ask before opening this file” and click Run, Windows clears the Zone ID for that file and launches the program.
SmartScreen – Application Reputation Check
Windows 8+ improves this further by doing the Application Reputation Check using Windows SmartScreen when running a program downloaded (not necessarily using Internet Explorer) from the internet. For example, if the file doesn’t pass the SmartScreen reputation checks, the user is shown the following screen.
If you trust the source and want to run the file regardless of the warning, click More Info and then Run anyway. This clears the existing zone identifier for the file, replacing it with AppZoneId=4
entry.
Contents
How to Bulk Unblock Files in a Folder and Sub-folders
To unblock a file, you can right-click on the file, click Properties, select “Unblock,” and click OK.
To bulk unblock multiple files in a folder, use one of the methods listed below.
1) Using “Streams” from Windows Sysinternals:
Download Streams and extract the executable to a folder. Then open a Command Prompt window and run Streams.exe
, as below:
streams.exe -d %userprofile%\downloads\*
This removes the NTFS alternate data streams for all files in the Downloads folder.
To unblock a single file, use the file name:
streams -d "C:\Users\ramesh\Downloads\BrowserAddonsView.exe"
To remove the zone information for files in every sub-directory (recursively), use this syntax:
streams -s -d %userprofile%\downloads\
2) Using Windows PowerShell:
PowerShell has a neat little cmdlet called Unblock-File, which can unblock multiple files in a single command-line.
Unblock a single file
Unblock-File -Path "c:\users\ramesh\downloads\old versions\tc_free.exe"
Unblock all files in a folder
gci "c:\users\ramesh\downloads" | Unblock-File
Unblock files in every sub-folder (recursion)
To do this recursively, affecting files in every sub-folder, run:
gci -recurse "c:\users\ramesh\downloads" | Unblock-File
That clears the zone information for specified or all files.
Add “Unblock” to the context menu
You can add an Unblock command (that runs a PowerShell command) to the right-click menu for files.
To do so, follow these steps:
- First, copy the following lines to Notepad.
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\unblock] "MUIVerb"="Unblock" "Extended"="" [HKEY_CLASSES_ROOT\*\shell\unblock\command] @="powershell.exe Unblock-File -LiteralPath '%L'"
- Save the file as “
unblock.reg
“ - Double-click “
unblock.reg
” to apply the registry settings. - Select a file (or multiple files — up to 15 files), press the
Shift
key and right-click on the selection. - Click the Unblock option. This option executes the PowerShell command to unblock the selected file(s).
Allow a website to prevent files from being blocked by SmartScreen
Certain situations require you to always allow downloads from a specific website—for example, a company website that hosts many files. If the website is trustworthy, you can add it to Internet Explorer’s Trusted Sites list. This prevents the SmartScreen reputation check from being triggered when the user runs the downloaded file, regardless of which browser (Chrome, Firefox, IE, etc.) was used to download the file.
For example, I downloaded WebBrowserPassView from Nirsoft. The following command showed the Zone Identifier, “ZoneID”, set to 3, which means Internet Zone.
more < WebBrowserPassView.zip:Zone.Identifier
(HostUrl shows the direct download URL from where the file was downloaded. ReferrerUrl is the referrer page from where you clicked the download link.)
After adding *.nirsoft.net to the Trusted Sites list in Internet Explorer, I re-downloaded the file.
No zone identifier was added this time. Also, there is no “Unblock” button in Properties for the file downloaded from a site listed in IE’s Trusted Zone.
Although the SmartScreen notifications can be annoying sometimes, it’s an excellent protection mechanism that shouldn’t be turned off or bypassed if you’re bothered about security.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
I use a GUI tool called ZoneIDTrimmer
Very useful, Thank You.