How does Windows block files downloaded from the Internet?

Windows blocks execution of downloaded files.

Windows warns you if you try to open or execute a file that you downloaded from the Internet. This is a security feature of Windows that helps avoid execution or propagation of malicious files.

This is possible because applications, like the browser, use the Windows API to save files from the Internet. Windows invokes the Attachment Execution Service when such an API is called. This service adds a Zone Identifier stream to the saved file. Later when the file is opened or executed by Explorer, it sees this stream and warns the user about the file. Such a file is said to be blocked by Windows.

Reference: Page 427 of Windows Internals (6 Edition) Part 2

One thought on “How does Windows block files downloaded from the Internet?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.