Interestingly this is the first time I’ve come across this, I presume predominately because I try to only use DLL’s I’ve compiled myself and Firefox and the UNZIP tool I used never used to have this security ‘feature’.
When I was doing some unit tests I got this message
Failed to queue test run ‘Gareth@Monster 2009-07-19 21:41:43′: Test Run deployment issue: The location of the file or directory ‘d:\home\git\filehash\filehashtest\bin\debug\System.Data.SQLite.dll’ is not trusted.
This has all to do with me trying to be a good boy and downloading the latest DLL from web to ensure I was developing and testing on the absolute latest version. This helpful ‘magic’ is the Microsoft “Attachment Manager” that was introduced in XP SP2. Now it seems that both Firefox and WinZip 10 honor this feature (http://www.winzip.com/xattmgr.htm) so if you unzip a file using Winzip that has been tagged as ‘from the internet’ the unzip then tags all the files coming out as ‘blocked’.
There are a varying number of solutions:
Option 1 – Pinpoint accuracy
Select the properties on the file in question and press “Unblock”.
Attachment Manager Blocking In Action
Good if you only have 1 file to deal with, bad if you have a large number of them! Unfortunately there is no good way to do this via a multi-select option, but remember if they all came from a ZIP file un ‘block’ the ZIP before performing the UNZIP!
Option 2 – ‘The ultimate sledge hammer’ – definitely for the brave
I dont recommend this!! However if you are feeling brave (and this is a personal PC and not a corporate one!) this feature can be disabled using search for “Do not preserve zone information in file attachments” in the link http://support.microsoft.com/default.aspx/kb/883260 – its a ways down!
This won’t remove alternate streams from existing files. Also this ‘might’ have side effects so use with caution.
In theory the Attachment Manager can be disabled via gpedit.msc. I say in theory because I cant see the option I’m going to write about (http://www.lansa.com/support/notes/p0348.htm)
The steps to do that are outlined below:
- Run the ‘Group Policy Object Editor’ (gpedit.msc) either from the Command Prompt or using the ‘Run’ command in the Windows Start Menu
- Expand the node ‘User Configuration’ >> ‘Administrative Templates’ >> ‘Windows Components’ >> ‘Attachment Manager’.
- Right-click on the third option: Do not preserve zone information in file attachments. Choose ‘Properties’.
Option 3 – Using Streams (for the script folks – and still a little brave!)
Download the handy dandy ‘streams’ from http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx. Then run “Streams -d –s c:\yourdirectorywithblockedfiles” this will recurse through all the folders deleting any streams it comes across. Beware some programs may be using streams for storage, if they are you will be deleting that meta data. But if this is only in a development folder you should be OK (make sure you have backups!)
Option 4 – Copy all the affected files to a FAT file system and copy them back
Title says it all, since streams are not supported on FAT file systems performing this copy to a FAT system and then back to NTFS ‘removes’ the offending streams.
Good luck 