So when you download an exe file from the Internet:

You get this kind of question. I believe there is a metadata attatched to the file that causes Windows to prompt such a message.

If I Right click, properties and at the bottom you see this:

So if I click on that then this question won't be popped up.

I am also able to use streams64.exe to disable this, but am I able to also use exiftool to strip such information? If so what would be the command?

ExifTool can do this for MacOS files, but I don't know how to do it for Windows. If anyone knows how this can be done from the command line, let me know.

Hi @boardhead, the reported MS Windows functionality relies on the NTFS alternate data stream (ADS) feature.

In particular, when a file is downloaded from the Internet using a Web browser, that file will have an ADS named "Zone.Identifier" and will contain the following text metadata:

[ZoneTransfer]
ZoneId=3

the ADS can be removed by del Application.exe:Zone.Identifier: https://jpsoft.com/forums/threads/deleting-streams.2515/, or using the powershell Unblock-File cmdlet: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/unblock-file.

I wasted more than an hour trying to get this to work. It took me a while to figure out how to create the ADS file, but I managed to do it in PowerShell using the Set-Content command. But I couldn't delete the ADS using the "del" command -- it just gave errors about bad drive name or something like that when I ran in cmd.exe, and lots of other errors in powershell. I need something that I can call from Perl, like this:

perl -e "system qq(del test.exe:Zone.Identifier)"

Also, I need a way to recognize that it exists, but this doesn't work:

perl -e "print -e qq(test.exe:Zone.Identifier)"

apologies, I believe the former link I provided relates to the "Take Command and TCC" program, not the standard cmd.exe del utility. certain APIs will reject filenames containing colons. for perl, I found that perl -e "print sysopen(my $fh,qq(test.exe:Zone.Identifier), O_RDONLY)" prints 1 if the ADS exists and nothing otherwise. similarly, perl -e "use Win32API::File qw(GetFileAttributes); GetFileAttributes(qq(test.exe:Zone.Identifier))" prints 32 if the ADS exists and 4294967295 otherwise. further, perl -e "use Win32API::File qw(DeleteFile); DeleteFile(qq(test.exe:Zone.Identifier))" successfully deleted the ADS. however, since Win32API::File puzzlingly provides only GetFileAttributes and not SetFileAttributes, there seems to be no way to delete a read-only ADS from perl.

Thanks for outlining a method that works with Perl. Are ADS files typically read-only? If not, it may be useful to include this ability anyway.

i'm not sure. i would assume it is quite uncommon for the ADS to be read-only and the main file to not be. anyways, it seems consistent that if exiftool can't write to read-only files, then it also won't be able to write to read-only ADSs. if exiftool gains functionality to remove the read-only bit on windows files (assuming it doesn't already), then it could be added to this too. i don't really care that much about this personally, since you can simply use notepad to read/write and unblock-file to delete. i just saw it in the issues list and was interested.

Thanks. ExifTool can write read-only files, but only "real" tags (not file attributes), so I think this is consistent.

• Phil

@hello17 Thanks, I've added this to the code and it works great! So ExifTool 12.34 will have the ability to detect/delete the Zone.Identifier.

• Phil

ExifTool 12.34 is now available.