Code Yarns ‍👨‍💻
Tech BlogPersonal Blog

How does Windows block files downloaded from the Internet?

📅 2012-Oct-28 ⬩ ✍️ Ashwin Nanjappa ⬩ 📚 Archive

[caption id="attachment_2859" align="aligncenter" width="474"][
 ](http://codeyarns.files.wordpress.com/2012/10/20121029-zone-stream.png) Windows blocks execution of downloaded files.[/caption]

Windows warns you if you try to open or execute a file that you downloaded from the Internet. This is a security feature of Windows that helps avoid execution or propagation of malicious files.

This is possible because applications, like the browser, use the Windows API to save files from the Internet. Windows invokes the Attachment Execution Service when such an API is called. This service adds a Zone Identifier stream to the saved file. Later when the file is opened or executed by Explorer, it sees this stream and warns the user about the file. Such a file is said to be blocked by Windows.

Reference: Page 427 of Windows Internals (6 Edition) Part 2