This is implemented with an alternate data stream, supported by the NTFS file system. You access such a stream with the filename:stream
syntax. The stream name that stores the info for the file blocking feature is Zone.Identifier:$DATA
. It is written by whatever program copied the file, usually a browser.
You can see them with the DIR /R option. The SysInternals' Streams utility permits listing and deleting them. A silly way to get rid of it is copying it to a file system that doesn't support alternate data streams, like a .zip archive or a flash drive and copying it back.
You can look at the content of the stream or edit it with a command like notepad filename:zone.identifier
, you'll see this:
[ZoneTransfer]
ZoneId=3
The ZoneId value identifies the origin of the file. Values are -1=unspecified, 0=local machine, 1=intranet, 2=trusted, 3=internet, 4=untrusted. What notepad can do is however not possible in .NET, it explicitly forbids using the :
character in file names. The intention is for a human to deal with this, explicitly overriding the file blocking feature. Right-click the file in Explorer, Properties and click the Unblock button. That deletes the stream. Note the Powershell cmdlets mentioned in the first link.