Files downloaded from the internet are marked with the Zone identifier (“Mark of the Web” stored as Alternate Data Streams) to trigger the application reputation check by Windows SmartScreen in Windows 8 and higher.
This article explains how to bulk unblock multiple files downloaded from the internet.
Zone Identification tagging using Alternate Data Streams was first introduced in Windows XP Service Pack 2 and continued in later Operating Systems, including Windows 10.
In Windows 7 and earlier, when the user launches a file downloaded from the internet, the following dialog is presented:
If you enable “Always ask before opening this file” and click Run, Windows clears the Zone ID for that file and launches the program.
SmartScreen – Application Reputation Check
Windows 8+ improves this further by doing the Application Reputation Check using Windows SmartScreen when running a program downloaded (not necessarily using Internet Explorer) from the internet. If the file doesn’t pass the SmartScreen reputation checks, the user is shown the following screen.
If you trust the source and want to run the file regardless of the warning, click More Info and then click Run anyway. This clears the existing zone identifier for the file, replacing it with
How to Bulk Unblock Files in a Folder and Sub-folders
To unblock a file, you can right-click on the file, click Properties, select “Unblock,” and click OK.
To bulk unblock multiple files in a folder, use one of the methods listed below.
Download Streams and extract the executable to a folder. And then open a Command Prompt window and run
Streams.exe as below:
streams.exe -d %userprofile%\downloads\*
This removes the NTFS alternate data streams for all files in the Downloads folder.
To unblock a single file, use the file name:
streams -d "C:\Users\ramesh\Downloads\BrowserAddonsView.exe"
To remove the zone information for files in every sub-directory (recursively), use this syntax:
streams -s -d %userprofile%\downloads\
PowerShell has a neat little cmdlet called Unblock-File which can unblock multiple files in a single command-line.
Unblock a single file
Unblock-File -Path "c:\users\ramesh\downloads\old versions\tc_free.exe"
Unblock all files in a folder
gci "c:\users\ramesh\downloads" | Unblock-File
Unblock files in every sub-folder (recursion)
To do this recursively, affecting files in every sub-folder, run:
gci -recurse "c:\users\ramesh\downloads" | Unblock-File
That clears the zone information for specified or all files.
Add “Unblock” option to the context menu
You can add an Unblock command (that runs a PowerShell command) to the right-click menu for files.
To do so, follow these steps:
- Copy the following lines to Notepad.
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\unblock] "MUIVerb"="Unblock" "Extended"="" [HKEY_CLASSES_ROOT\*\shell\unblock\command] @="powershell.exe Unblock-File -LiteralPath '%L'"
- Save the file as “
- Double-click “
unblock.reg” to apply the registry settings.
- Now, select a file (or multiple files — up to 15 files), press the
Shiftkey, and right-click on the selection.
- Click the Unblock option. This option executes the PowerShell command that can unblock the selected file(s).
Certain situations require you to always allow downloads from a specific website — for example, a company website that hosts certain files. If the website is trustworthy, you can add it to Internet Explorer’s Trusted Sites list. This prevents SmartScreen reputation check from being triggered when the user runs the downloaded file, regardless of which browser (Chrome, Firefox, IE, etc.) was used to download the file.
For example, I download WebBrowserPassView from Nirsoft. Running the following command showed the Zone Identifier – “ZoneID” set to 3, which means Internet Zone.
more < WebBrowserPassView.zip:Zone.Identifier
After adding *.nirsoft.net to the Trusted Sites list in Internet Explorer, I re-downloaded the file.
No zone identifier was added this time.
And, no “Unblock” button in Properties for the file downloaded from a site listed in IE’s Trusted Zone.
Although the SmartScreen notifications can be annoying sometimes, it’s a nice protection mechanism that shouldn’t be disabled or bypassed if you’re bothered about security. You should unblock files only if you trust the source and/or if you have a valid reason to do so.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!