To check this we are using Alternate Data Stream properties of a file.
If file has been downloaded from internet or untrusted zone, windows is adding zone.identifer:$DATA ADS to file.
You can check ADS in files by using dir command or sysinternal streams.exe tool.
dir /r c:\
streams.exe -s c:\users\etanirer
Output Example;
Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\users\etanirer\desktop\C2ADPhotosSetupEN.exe:
:Zone.Identifier:$DATA 26
c:\users\etanirer\desktop\DeployingWindows7EssentialGuidance.pdf:
:Zone.Identifier:$DATA 26
c:\users\etanirer\desktop\Siteauth.reg:
:Zone.Identifier:$DATA 26
c:\users\etanirer\desktop\IPhone45111\Yeni klas÷r\iPhone3,1_5.1.1_9B206_Restore.zip:
:Zone.Identifier:$DATA 26
Thursday, November 1, 2012
Check if file has been downloaded from Internet
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment