Windows Open File Security Warning – The publisher could not be verified

Posted on Posted in HowTo

This is going to be divided into 3 parts. How to verify if a file is blocked, and how to disable this on a single file, and how to disable this for the entire PC.

So how do you verify your file is blocked? There are two way. One is simply to right-click the file and hit properties. If you see the Unblock button, the file is blocked. That said, this button does not always appear when a file is blocked. So what’s the sure-fire way to check this? Powershell. Use the following command:
get-item .\file.exe -stream "Zone.Identifier"

This should give you this output. If it gies you an error (shown below), the file is not blocked:
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\temp\file.exe:Zone.Identifier
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\temp
PSChildName : file.exe:Zone.Identifier
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName : C:\temp\file.exe
Stream : Zone.Identifier
Length : 26

Now, for the curious of us, what does this stream contain? Let’s see with this command:
get-content -path .\file.exe -stream "Zone.Identifier"

And we get this output
[ZoneTransfer]
ZoneId=3

Ah Ha! ZoneId=3 means a Blocked file! Now, lets unblock it using powershell:
unblock-file .\file.exe,

This produces no output. To verify the file is unblocked, simply re-run the first command:
get-item .\file.exe -stream "Zone.Identifier"

If you get this error, the Stream has been removed:
get-item : Could not open the alternate data stream 'Zone.Identifier' of the file 'C:\temp\file.exe'.
At line:1 char:1
+ get-item .\file.exe -stream "Zone.Identifier"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\temp\file.exe:String) [Get-Item], FileNotFoundException
+ FullyQualifiedErrorId : AlternateDataStreamNotFound,Microsoft.PowerShell.Commands.GetItemCommand

 

Now, what if you don’t want to get that error even for a blocked file?

Easy, you can do it a few ways. Either in IE->Internet Options:

Or using the registry for the user (save as .reg file and import):
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1806"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1806"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1806"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1806"=dword:00000000

Or using the registry for the PC (save as .reg file and import):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1806"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1806"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1806"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1806"=dword:00000000