SEARCH

How-To Geek

Learn Where Windows 8 Stores SmartScreen Filter Information for Downloaded Files

image

In previous versions of Windows the SmartScreen filter was a feature of Internet Explorer, with Windows 8 it becomes part of the Windows file system. But how does it know which files have been downloaded and which ones originated from your PC? Read on to see how How-To Geek went exploring in the file system.

Note: The information provided in this article is for educational purposes only.

So What’s The Magic?

Well the magic used here actually consists of fairly simple technology, most notably Internet Zones.

image

While you can only get access to the settings for these Internet Zones via Internet Explorer, they are used in various places throughout Windows. Whenever you download a file that comes from the Internet zone it gets tagged with a special Zone Identifier, and this identifier is stored in an alternate data stream. To see this I decided to bust open my favorite scripting language, PowerShell. I wrote the following script to see the alternate data streams of each file in my downloads folder.

$Files = Get-ChildItem -Path C:\Users\Taylor\Downloads
foreach($File in $Files)
{
Get-Item $File.FullName -Stream *
}

image

You see that last file in the list, it has an additional data stream called Zone.Identifier, that’s what we were are talking about. When you open a file in Windows it checks for this special data stream and triggers the SmartScreen if it exists. In true geek fashion we decided to take a peek inside the data stream to see what information it held.

Get-Item -Path C:\Users\Taylor\Downloads\socketsniff.zip -Stream Zone* | Get-Content

image

While that might not mean anything to us, it certainly got us thinking about how we can get around the SmartScreen.

How to Circumvent the SmartScreen in Windows 8

The first way to get around it is using the GUI, if you have a file with a Zone.Identifier data stream you can easily unblock it from the properties of the file. Just right click on the file and open its properties from the context menu and then click the Unblock button, so now when you open the file the SmartScreen wont get triggered.

image

You could also use the new unblock file cmdlet in PowerShell 3, which is the script equivalent of clicking the unblock button.

$Files = Get-ChildItem -Path C:\Users\Taylor\Downloads
foreach($File in $Files)
{
Unblock-File –Path $File.Fullname
}

The final way to get around SmartScreen is to simply add the website you are downloading from to the intranet zone in Internet Explorer.

image

Of course we recommend you never do that as that zone is reserved for intranet sites and it would leave you vulnerable to malware that originates from those sites in the list, and on that note I leave you with this script to find files on your PC that originated from the internet zone.

$Files = Get-ChildItem -Path C:\Users\Taylor\Downloads
foreach($File in $Files)
{
Get-Item $File.FullName -Stream * | %{if($_.Stream -like “Zone*”){$File.Name}}
}

That’s all there is to it.

Taylor Gibb is a Microsoft MVP and all round geek, he loves everything from Windows 8 to Windows Server 2012 and even C# and PowerShell. You can also follow him on Google+

  • Published 11/8/12

Comments (3)

  1. clamo

    this is nothing new. windows has had this for years. it is just implemented another way.
    and it sucks to as it prevents NONE Microsoft certified software from running.

  2. Throne3d

    When SmartScreen pops up you can just click “More Info” and “Allow” or “Run” or whatever… It’s not really that bad a block, and it might help, just in case you thought it was built-in to your PC or something…

    Tyvm for explaining this in a detailed manner, HTG. o.o

  3. Keith

    Apparently you can move a file (e.g. zip archive) from an ntfs volume to a fat32 one, then move/copy back, ADSs are gone.

    Also, see “Streams”
    http://technet.microsoft.com/en-us/sysinternals/bb897440

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!