The publisher could not be verified
Brett Bishop
you want to run this software" while opening a file on a mapped network
drive. I would like to not have my user receive this message anymore. Any
help would be great.
Thanks in advance,
Brett Bishop
Network Administrator
US Bankruptcy Court INN
MCP+I, MCSE
anon...@discussions.microsoft.com
Newsgroup, this is the Windows XP Newsgroup.
>.
>
Brett Bishop
.exe file. Has nothing to do with MS Publisher.
<anon...@discussions.microsoft.com> wrote in message
news:001001c491d1$36eb01e0$a401...@phx.gbl...
Semjon
Cause I've been searching for a solution for at least 2 weeks on several
internet forums and nobody knows how to tell windows not to display this
message.
Not only is this message displayed if the publisher cannot be verified, but
even if the publisher IS verified! Try downloading a MS exe file that is
digitally signed and execute it. Despite the fact that MS files are signed,
you still get a security notification! It looks similar to the one you get
with unsigned files.
I begin to think that it is not possible to disable this security
notification message. Cause otherwise somebody would have come up with a
solution by now...
Semjon
--------------------
To disable the warning start the Group Policy Editor (Start > Run, type
-gpedit.msc- and press OK) and go to:
-User Configuration > Administrative Templates > Windows Components >
Attachment Manager- then set -Inclusion list for low file types- to
Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).
-----------------------
It indeed works! After this change the security notification doesn't appear
any more when exe files are executed
Malke
Fabulous research, Semjon. Thanks so much for posting this. I've put it
in my "toolkit". Thanks again for taking the time to post the
information.
Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Semjon
First, what happens here? When an exe file is downloaded through Internet
Explorer and saved to an NTFS partition, WinXP adds an attribute to the MFT
(Master File Table) that defines the security settings of this particular
file.
Quote from Microsoft:
----------
File Systems
Every allocated sector on an NTFS volume belongs to a file. Even the file
system metadata is part of a file. NTFS views each file (or folder) as a set
of file attributes. Elements such as the file name, its security information,
and even its data, are all file attributes. Each attribute is identified by
an attribute type code and, optionally, an attribute name.
When a file's attributes can fit within the MFT file record for that file,
they are called resident attributes. Information such as file name and
timestamp are always resident attributes. When the information for a file is
too large to fit in its MFT file record, some of the file attributes are
nonresident. Nonresident attributes are allocated one or more clusters of
disk space and are stored as an alternate data stream in the volume. NTFS
creates the Attribute List attribute to describe the location of all of the
attribute records.
-----------------
In this particular case the attribute added looks like this:
-------
[ZoneTransfer]
ZoneId=3
----------
You can view the NTFS Alternate Data Streams for every file on your system
using the "NTFS Streams Info" programme:
http://www.isgeo.kiev.ua/shareware/index.html
You can also use it to batch-remove all the security data that was added to
the MFT for every single file that was downloaded through IE after the
installation of SP2.
Why this might be helpful? Because the solution provided in my previous post
is not the most secure one, since you have to define exe files as "low risk
type".
Instead, you should rather tell the system not to "mark" the downloaded
files with the security attributes. Here's how (found on some forum through
google):
--------
To prevent Windows from storing Zone Info in the downloaded files:
Group Policy > User Configuration > Administrative Templates >
Windows Components > Attachment Manager.
Enable "Do not preserve zone information in file attachments".
---------------------
This will result in files NOT being marked with the ZoneTransfer attribute
upon download. And without this attribute - no warning upon execution (which
is our aim, after all).
However, the files you've already downloaded to your harddisk are already
marked with the security attribute and have to be unmarked, otherwise they
will continue bugging you with the publisher security notification. Here's
where the Batch Delete ADS function of the NTFS Streams Info programmes comes
in handy.
Or just copy all the "ADS marked" files from an NTFS partition to a FAT
partition and back. Since FAT doesn't support the NTFS features, the
Alternate Data Streams will disappear.
Beware, however, that they are cached by the system, so if you just copy the
files to FAT and immediately back to NTFS, without restarting the pc, the
attributes might reappear. So I'd say, to spare the hassle, just use one or
another programme that can batch remove specific ADS from all the files on a
specified partition.
BTW, considering how everybody bitches about the security holes in Internet
Explorer I cannot help accentuating the fact that in this case it's the
alternative browsers like opera that pose a threat, since they fail to add
the security attributes to the files downloaded through them.
Consequence? Publisher is not verified. This whole publisher verification
may be annoying to professionals, but is definitely a good feature in order
to prevent newbies from executing malicious code on their computers. Meaning
people using Opera are more susceptible to viruses etc.
lol. This is funny. The opera supporters are really running out of arguments
why one should use their browser.
Malke
Very, very cool. Thanks again for the in-depth research. I think that
alternate browsers can be more secure ,though, in that they don't use
Active X and aren't so tightly woven into the operating system. I don't
know about Opera because I stopped using it when Mozilla got so good. I
just can't live without my tabbed browsing now. I tried Opera again a
few months ago but found it annoying. Of course, to be fair, that
wasn't the Windows version and maybe Opera is better on Windows. I'll
stick with Mozilla for now. I still have to use IE for some sites,
which is irritating, but that's life.
Again, thanks for the really great information. Have a wonderful
weekend.
Alex Nichol
>To disable the warning start the Group Policy Editor (Start > Run, type
>-gpedit.msc- and press OK) and go to:
>
>-User Configuration > Administrative Templates > Windows Components >
>Attachment Manager- then set -Inclusion list for low file types- to
>Enabled and enter the file types you don't want to be warned about in
>the box (for example: .exe).
>
>-----------------------
>
>It indeed works! After this change the security notification doesn't appear
>any more when exe files are executed
Note though that gpedit is only on XP Pro, not Home
That setting makes a list in a String value (REG SZ) created at
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\Associations
called LowRiskFileTypes
and set to a space-separated list of extensions, like .jpg .exe .bmp
I don't know if setting that up manually on a Home system would work
though, but it might be worth trying. Also you can set up the Moderate
risk list (ModRiskFileTypes) - to apply in the Internet zone - but be
cautious about that. The warnings are there for a reason
--
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K. Al...@mvps.D8E8L.org (remove the D8 bit)
kdpo...@hotmail.com
It works like charm.
-Albert