| ZoneId | Name | Description | |--------|------|-------------| | 0 | My Computer | Local machine (trusted; rarely set by downloads) | | 1 | Local Intranet | Internal corporate network | | 2 | Trusted Sites | Sites explicitly added to Trusted Sites list | | 3 | Internet | The public web (default for most downloads) | | 4 | Restricted Sites | Potentially dangerous or blocked sites |
Formally known as :Zone.Identifier , this ADS contains a single, crucial piece of information: the from which the file originated. windows zone download
When you download a file using most modern browsers (Chrome, Edge, Firefox), email clients, or instant messengers, Windows automatically writes a marker into this ADS. The marker looks like this: The file then behaves as if it originated locally
Checking and clicking OK removes the Zone Identifier entirely (deletes the ADS). The file then behaves as if it originated locally. 3. Office Macro & ActiveX Blocking Microsoft Office (Word, Excel, PowerPoint) reads the Zone Identifier. If you open a document downloaded from the internet ( ZoneId=3 ), Office opens it in Protected View —a read‑only, sandboxed mode that disables macros, editing, and external links until you explicitly click “Enable Editing.” If you open a document downloaded from the
Every day, millions of Windows users download files from the internet—documents, installers, ZIP archives, and images. Most never notice the silent companion that tags along with each downloaded byte. This companion is invisible in File Explorer by default, yet it holds significant power over your system’s security.
Similarly, Internet Explorer/Edge (legacy) blocks ActiveX controls on files marked from the Internet zone. Antimalware engines treat Internet‑zoned files with higher scrutiny. UAC prompts for such executables may include a more detailed warning about the file’s origin. The Security Rationale The Zone Identifier addresses a classic attack vector: social engineering via file download .