[Windows] What to do if a warning such as "Windows protected your PC" appears when you execute the downloaded file.Let's understand how blocking by zone identifier works

Tips / Knowledge

Hello!This time, I would like to explain the phenomenon that the downloaded file is blocked by Windows.

Event

When you try to execute the downloaded file, the screen below may appear.

You can't execute it unless you put it on one cushion and press the execute button.

Block by Defender
* Click the detailed information on this screen to display the button to execute.
Execution confirmation screen with security warning
* You can execute this screen by pressing the execute button.

Did some people pick up dangerous files with or without this screen?I think you will be worried.

However, since this screen is managed by the attribute attached to the file called "zone identifier", it will be displayed even if it is safe.

Cause

The cause is caused by the "zone identifier" mentioned earlier.Right-click the file you want to execute where the event occurs, and open "Properties".

Example property of a file with a zone identifier

In this way, a security item has been added at the bottom.
If it exists, you'll see the block or warning you just saw.

The zone identifier is given when downloading a file from a network such as the Internet.Therefore, in the case of an executable format (extensions such as .msi and .exe), this is referred to as a security measure to confirm whether it is really possible to execute it.

Solution

(XNUMX) Allow execution in security items

As you can see, there is a checkbox on the property screen to allow it.If you check it and press OK, it will be considered as trusted at that point and the block screen will not be displayed from the next time.

Check "Allow" and OK

If you actually check it and click OK, when you open the property from the next time, all the security items will be lost as shown below.

Every security item disappears

This can be solved.

(XNUMX) Compress / decompress once and then execute

Zone identifiers are given to files obtained via the Internet from a browser or the like.

In other words, you can avoid the zone identifier by regenerating the downloaded file.

Specifically, if you use a compression / decompression tool to compress / decompress a file with a zone identifier, you can regenerate the file in a pseudo manner.Since the compression / decompression tool does not give an identifier, this event can be avoided.

Due to this property, it seems that it does not block in the case of the type that downloads in the state before compression (.zip file, .rar file, etc.), decompresses it, and then executes it.

For this reason, when uploading an executable file to the Internet, you can suppress this movement in advance by using a compressed format such as zip.

③ Change the registry so that the zone identifier is not assigned

It is possible to set not to give the zone identifier in the registry for the time being.
Please note that it is set for each user, so even if it is set once, it is not reflected for all users.

Key path: HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Attachments Subkey: SaveZoneInformation Value: REG_DWORD 1 (Give) * (Give in case of 2)

This setting takes effect after you log off / log in.
If you look at the properties of the downloaded file after setting, make sure that there are no security items.

Afterword

This time, I introduced a method to suppress the block caused by the zone identifier being given.

It's easy once you understand the mechanism, but since it is given arbitrarily, it will occur depending on the environment you are using.

Even so, I laughed a little because I could avoid it just by compressing and decompressing it.
Is it okay to use such a simple one!It became.

It's like the last bastion to avoid the execution of malicious files.I feel a little bold to turn this off depending on the operating environment.

I think it is better not to remove files other than those that have already been confirmed to be safe, such as when sharing them internally.As usual, it's your responsibility, but ...

I hope it helps you.

Comment

Translate »
I copied the title and URL