Unblocking Downloads in Chromium for Windows (Turning off File Zone Security)

7

5

Is there any way to prevent my downloads from getting file zone security information?

enter image description here

Blocking executables is already very annoying (I know quite well what I'm doing), and it really ticks me off that even CSV files are blocked for "security" reasons!

Thanks! :)

user541686

Posted 2011-02-18T21:14:17.903

Reputation: 21 330

Answers

3

Chrome now respects the Windows setting for zone identifiers and can be configured as shown below.

Global attachment policy

You can change how Windows handles zone identifiers using the group policy editor (gpedit.msc); the location of these settings is User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager.

Do not preserve zone information in file attachments was implemented in Chrome as of April 29, 2011 (see Issue 5719).

Changing the default risk of attachments* to low will deactivate the dialog completely and ignore a file's zone security information.

Additionally, you can specify exceptions for certain file extension to, for example, always ask when opening downloaded .exe files.

Delete zone settings from the command line

If you only want to remove the zone settings from certain files, you can use streams.exe from the Sysinternals Suite to delete all alternate NTFS data streams:

streams -d <file> and
streams -s -d <directory>

:Zone.Identifier is the stream used to store zone security information.

Sources

chromium - Issue 5719: SetInternetZoneIdentifier does not respect the SaveZoneInformation policy
msigeek.com - How to Remove Security Warning Message – Files Downloaded from Internet

Tamschi

Posted 2011-02-18T21:14:17.903

Reputation: 629

>

  • I'm using the German version of Windows Vista, so the actual name of the setting may be different. For me it says "Standardrisikostufe für Dateianlagen".
  • < – Tamschi – 2011-02-19T13:56:52.913

    I'm already aware of both methods, but the question was specifically about Chrome, and specifically about preventing it from embedding file zone information in the first place. Thanks for the help, but this doesn't do what I was asking. :\ – user541686 – 2011-02-19T19:28:23.723

    Well, you could always download the chromium source and remove the call to SetInternetZoneIdentifier in chrome\common\win_safe_util.cc, then use that a custom build without automatic updates. Another way would be to use IAttachmentExecute::SetLocalPath and IAttachmentExecute::Save, submitting it as patch to the project and to wait until it is committed to Chrome's release channel. If you want a faster solution, you can also create a new FAT32 partition and mount it into your download folder. As FAT32 doesn't support ADS, the zone information is never written. – Tamschi – 2011-02-19T22:20:55.360

    You said in your question that Chrome's behavior was "annoying", so I figured you would be satisfied with an easier, more flexible and at the same time more specific solution (not blocking .csv files). – Tamschi – 2011-02-19T22:26:52.063

    @Tamschi: I tried the custom build route (on a locally mounted VHD, since I wasn't about to add 400,000 files to my drives), but I couldn't get the build working... it's too much of a pain. And obviously the FAT32 solution is more of a problem than a solution. :( Thanks for the help anyway. – user541686 – 2011-02-22T02:07:22.683

    Yea, that happened with just about half of the source codes I tried to compile... Most often there's some not included dependency or a crazy prerequisite that messes up half of my system. Using Windows probably doesn't help either when building these cross-platform programs. – Tamschi – 2011-02-22T12:08:08.733

    Just setting the default to low was not enough in my case. I had to add ".exe" to Inclusion list for low file types – EMP – 2011-11-20T09:15:15.060