Home

zoneidentifier

ZoneIdentifier is an alternate data stream used by Windows NTFS file systems to store origin and security information for a file. The Zone.Identifier ADS attaches to a file and typically records the security zone from which the file was downloaded or obtained, such as the Internet or a local network. This metadata can influence how Windows handles the file, particularly with regard to warnings and execution permissions.

The content of a Zone.Identifier stream usually follows an INI-like format with a ZoneTransfer section. A common

Usage and behavior: Windows uses the zone information to decide whether to display security prompts, block

Viewing and removing: Zone.Identifier can be viewed or edited with file property dialogs on some systems, or

entry
is
ZoneId,
which
indicates
the
security
zone.
Zone
IDs
correspond
to
Windows
Internet
Explorer/SmartScreen
zones,
including
local
machine,
local
intranet,
trusted
sites,
Internet,
and
restricted
sites.
The
stream
may
also
include
related
fields
such
as
HostUrl
and
ReferrerUrl
to
indicate
the
source
context
of
the
file.
Although
ZoneId
values
are
mapped
to
familiar
zones,
the
exact
interpretation
can
vary
by
Windows
version
and
configuration.
execution,
or
permit
actions
for
downloaded
or
received
files.
For
example,
an
executable
downloaded
from
the
Internet
may
be
treated
as
potentially
unsafe
unless
it
is
unblocked
or
the
zone
is
changed.
The
presence
of
a
Zone.Identifier
can
affect
user
prompts
and
policy-driven
decisions
in
the
operating
system
and
certain
applications.
accessed
via
command-line
tools
and
PowerShell.
It
can
be
removed
by
unblocking
the
file
(for
example,
using
Unblock-File
in
PowerShell)
or
by
using
third-party
tools
that
delete
alternate
data
streams.
NTFS
support
is
required,
and
the
feature
is
not
applicable
to
non-NTFS
filesystems.