Open File - Security Warning

Question

OS: Vista Business 64-BIT Coding: .NET and 3-rd party EXE Issue: Security

I have downloaded curl.exe to assist me in loading Product information from Amazon. Curl.exe has been pre-compiled and is NOT a .NET app, so I do not feel comfortable in making any changes to the build of curl.

On to the problem.

When I execute CURL I get this dialog:

Says: Open File - Security Warning The publisher could not be verified. Are you sure you want to run this software?

Run or Cancel

I get this error whether I run the software manually or programatically.

When I use this software manually I can deal with this, but I am trying to automate a process to run this programatically, so I want to suppress this dialog.

While researching this I got a lot of info on adjustments to IE settings... but I am NOT running anything from my browser, just launching the exe in windows, so that is not an issue.

I also see lots of info about adding different domains and servers to my allowed lists. This is running locally on my own box (C:\curl.exe) so that is also not an issue.

I am an admin of the box I am running this on.

So very little info out there about this.

Programming notes:

I am running this file though .NET like this:

string cmd = string.Empty;

cmd += @"--location --user username:userpass -C - "; cmd += @"--digest -k https://assoc-datafeeds-na.amazon.com/datafeed/getFeed?filename="; cmd += FeedName + ".gz "; cmd += @"-o " + FeedFileFolder + FeedName + ".gz";

System.Diagnostics.Process proc; // Declare New Process System.Diagnostics.ProcessStartInfo procInfo = new System.Diagnostics.ProcessStartInfo();

procInfo.UseShellExecute = true; //If this is false, only .exe's can be run. procInfo.WorkingDirectory = "C:"; //execute notepad from the C: Drive procInfo.FileName = "curl.exe"; // Program or Command to Execute. procInfo.Arguments = cmd; //Command line arguments.

So one alternative, if I cannot change a setting within Windows to allow this non-verified EXE without a digital signature, would be an adjustment to my procInfo to allow me to suppress this dialog, but I have not found it...

Any ideas..?

Thanks, Tom

Answer 1

Windows keeps track of where the binary came from, so downloaded binaries are still marked as unsafe even when not run from the browser.

From file properties for the exe, click "Unblock".

Answer 2

I belive that IE attaches a NTFS stream called Zone.Identifier to exe files it downloads.

You can verify this by typing in the following at a command prompt:

more <exename.exe:Zone.Identifier

and it will output something like

[ZoneTransfer]
ZoneId=3

I don't know how to delete an NTFS stream without using utility software that I'm not going to recommend here as I havn't used any. You could try clear it by doing an

echo . >exename.exe:Zone.Identifier

Or just copy the file onto a FAT drive, then off again. (Finally, a use for FAT formatted thumbsticks!)