7
5
Is there any way to prevent my downloads from getting file zone security information?
Blocking executables is already very annoying (I know quite well what I'm doing), and it really ticks me off that even CSV files are blocked for "security" reasons!
Thanks! :)
user541686
Posted 2011-02-18T21:14:17.903
Reputation: 21 330
3
Chrome now respects the Windows setting for zone identifiers and can be configured as shown below.
You can change how Windows handles zone identifiers using the group policy editor (gpedit.msc); the location of these settings is User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager.
Do not preserve zone information in file attachments was implemented in Chrome as of April 29, 2011 (see Issue 5719).
Changing the default risk of attachments* to low will deactivate the dialog completely and ignore a file's zone security information.
Additionally, you can specify exceptions for certain file extension to, for example, always ask when opening downloaded .exe files.
If you only want to remove the zone settings from certain files, you can use streams.exe from the Sysinternals Suite to delete all alternate NTFS data streams:
streams -d <file> and
streams -s -d <directory>
:Zone.Identifier is the stream used to store zone security information.
chromium - Issue 5719: SetInternetZoneIdentifier does not respect the SaveZoneInformation policy
msigeek.com - How to Remove Security Warning Message – Files Downloaded from Internet
Tamschi
Posted 2011-02-18T21:14:17.903
Reputation: 629
>
I'm already aware of both methods, but the question was specifically about Chrome, and specifically about preventing it from embedding file zone information in the first place. Thanks for the help, but this doesn't do what I was asking. :\ – user541686 – 2011-02-19T19:28:23.723
Well, you could always download the chromium source and remove the call to
SetInternetZoneIdentifierinchrome\common\win_safe_util.cc, then use that a custom build without automatic updates. Another way would be to useIAttachmentExecute::SetLocalPathandIAttachmentExecute::Save, submitting it as patch to the project and to wait until it is committed to Chrome's release channel. If you want a faster solution, you can also create a new FAT32 partition and mount it into your download folder. As FAT32 doesn't support ADS, the zone information is never written. – Tamschi – 2011-02-19T22:20:55.360You said in your question that Chrome's behavior was "annoying", so I figured you would be satisfied with an easier, more flexible and at the same time more specific solution (not blocking .csv files). – Tamschi – 2011-02-19T22:26:52.063
@Tamschi: I tried the custom build route (on a locally mounted VHD, since I wasn't about to add 400,000 files to my drives), but I couldn't get the build working... it's too much of a pain. And obviously the FAT32 solution is more of a problem than a solution. :( Thanks for the help anyway. – user541686 – 2011-02-22T02:07:22.683
Yea, that happened with just about half of the source codes I tried to compile... Most often there's some not included dependency or a crazy prerequisite that messes up half of my system. Using Windows probably doesn't help either when building these cross-platform programs. – Tamschi – 2011-02-22T12:08:08.733
Just setting the default to low was not enough in my case. I had to add ".exe" to Inclusion list for low file types – EMP – 2011-11-20T09:15:15.060