Working in one particular folder (C:\Users\terry\Dropbox\3D Printing) is becoming really tedious.

Copying or moving any file or subfolder within it to or from anywhere
else generates a pesky message that "files downloaded from the internet
may be harmful...blah blah". Only a couple of clicks but over time a
real PITA.

I abandoned productive work yesterday morning and so far failed to find
a solution. Despite many hours with ChatGPT, prolific with suggestions i
tried, but whose unbounded confidence and countless 'final perfect'
solutions have failed to fix it. There are some 4,400 files in 3D
Printing, spread over a dozen or so subfolders. A few appear to have
escaped the unwanted (and IMO daft warnings, making isolation of the
root cause elusive.

Version 22H2 (OS Build 19045.6691)

Terry, UK

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Terry,

Copying or moving any file or subfolder within it to or from anywhere
else generates a pesky message that "files downloaded from the internet
may be harmful...blah blah".

The root cause is AFIK that those files are marked (in an attached
"alternate data stream" (ADS) file) as being /potentially/ dangerous.

Maybe the below is be usefull to you :

https://thegeekpage.com/disable-blocking-of-downloading-files-in-windows-10/

Regards,
Rudy Wieser



--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, 1/13/2026 9:40 AM, R.Wieser wrote:

Terry,

Copying or moving any file or subfolder within it to or from anywhere
else generates a pesky message that "files downloaded from the internet
may be harmful...blah blah".

The root cause is AFIK that those files are marked (in an attached "alternate data stream" (ADS) file) as being /potentially/ dangerous.

Maybe the below is be usefull to you :

https://thegeekpage.com/disable-blocking-of-downloading-files-in-windows-10/

Regards,
Rudy Wieser

No, that's not it.

The item that pops the dialog, has no alternate streams at all.

Some of the items that have two alternate streams, do not pop the dialog.

I even tried fiddling with the Internet Explorer security slider settings,
and that did not stop it.

I have also played with SmartScreen as an anti-pattern and
that did not make any difference either.

I've done a Procmon trace, and as close as I could get, is maybe it is
nissvc, but I couldn't be sure. It's just possible, File Explorer is
doing this and is popping the dialog itself, without any help at all.

*******

This is me, checking for Alternate Streams and opening the stream in Notepad.

https://learn.microsoft.com/en-us/sysinternals/downloads/streams

d:
.\streams64 -s

D:\TEMP2\2025-05-08 1513.eml:
:OECustomProperty:$DATA 707
:Zone.Identifier:$DATA 26

D:\W10-1903\W10-1903\W10-1903.vhd:
:Zone.Identifier:$DATA 26 <=== file was "stamped" while coming from the other machine!

notepad D:\W10-1903\W10-1903\W10-1903.vhd:Zone.Identifier

[ZoneTransfer]
ZoneId=3 <=== This is an Internet Explorer style declaration of zone for security purpose

The funny thing is, I can right-click that currently and the Protest Box does not appear.

notepad D:\TEMP2\2025-05-08 1513.eml:OECustomProperty <=== seems to be some amount of header data

And that does not trigger the response either.

*******

There was no public announcement of a new nanny feature that I could find.

The file that causes the yellow-dialog is D:\BetterbirdPortable-140.6.0esr-bb16.en-US.win64.zip

"Opening these files might be harmful to your computer
Your Internet security settings blocked one or more..." <=== NO, this is BULLSHIT

Which is bullshit, as the files in some cases are locally generated,
they haven't been to the Internet and so on. It's possible that some
lookup activity that File Explorer is generating, is being interpreted
by something else as an exploit. But a trace isn't helping me at the moment.
I can see some stuff related to DNScache, but, it shouldn't even be
doing DNS. With SmartScreen turned off, it should just be minding its
own business. MsMpEng isn't even "interested" at this point, because
you have to Open the target file, to be shadowed.

When I do a trace in Process Monitor, and stop it and do a search for "Betterbird",
the file is never referenced in the trace. The file could be referenced if a Createfile/Readfile/Writefile is done. It's not doing any of those, and neither is a string matching that description coming from the filesystem. You can't see Explorer trying to Stat() the thing. You would need to switch over to WinDBG, and that would be a hopeless way to do it. For some styles of debugging,
you have to know the answer before you start. You can't just poke around
in the haystack like a fool, looking for needles.

Paul

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

Working in one particular folder (C:\Users\terry\Dropbox\3D Printing) is becoming really tedious.

Copying or moving any file or subfolder within it to or from anywhere
else generates a pesky message that "files downloaded from the internet
may be harmful...blah blah". Only a couple of clicks but over time a
real PITA.

I abandoned productive work yesterday morning and so far failed to find
a solution. Despite many hours with ChatGPT, prolific with suggestions i tried, but whose unbounded confidence and countless 'final perfect'
solutions have failed to fix it. There are some 4,400 files in 3D
Printing, spread over a dozen or so subfolders. A few appear to have
escaped the unwanted (and IMO daft warnings, making isolation of the
root cause elusive.

Version 22H2 (OS Build 19045.6691)

The assigned zone for those downloaded files in Internet which makes
they untrustworthy.

Disable zone blocking of Internet-tagged files: a value added in the
optional Alternate Data Stream aka metadata of files saved in an NTFS
file system.

https://en.wikipedia.org/wiki/NTFS#Alternate_data_stream_(ADS)

You could use a tool that deletes or lets you edit ADSes of NTFS-saved
files, but easier is to disable zone checking on Internet-tagged files altogether. I use WinAero Tweaker for that:

https://winaerotweaker.com/

Search on "download" in WinAero Tweaker. Under the Behavior category
for the "Disable Downloads Blocking" section, you can enable the option "Disable downloaded files from being blocked in File Explorer". As with
most tweaks in WinAero Tweaker, they have links to help pages describing
what their settings do. For this one, they link to:

https://winaero.com/disable-downloaded-files-from-being-blocked-in-windows-10/

If you have the Home edition of Windows, there is no policy editor (gpedit.msc). However, all policies are registry entries, and the
article tells you how to edit the registry disable Internet-zone flagged
files; however, it's much easier to just click on the option to disable
the nanny protection in Windows.

There used to be registry settings for each of the file zones, but I
don't recall where it is in the registry, and what was used previously
may no longer be valid registry entries. I found the related registry
entry at:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

Underneath are each of the file zone numbers:

0 = My Computer
1 = Local Intranet Zone (Intranet, not Internet)
2 = Trusted sites Zone
3 = Internet Zone
4 = Restricted Sites Zone

https://learn.microsoft.com/en-us/previous-versions/troubleshoot/browsers/security-privacy/ie-security-zones-registry-entries
https://learn.microsoft.com/en-us/dynamics365/unified-service-desk/admin/internet-explorer-settings-bpa?view=dynamics-usd-4.3

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\<zonenumber>

Much easier to use WinAero Tweaker to click a checkbox.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, 13 Jan 2026 13:53:22 +0000, "Terry ( BT)"
<t.pinnell@btinternet.com> wrote:

Working in one particular folder (C:\Users\terry\Dropbox\3D Printing) is >becoming really tedious.

Copying or moving any file or subfolder within it to or from anywhere
else generates a pesky message that "files downloaded from the internet
may be harmful...blah blah". Only a couple of clicks but over time a
real PITA.

I abandoned productive work yesterday morning and so far failed to find
a solution. Despite many hours with ChatGPT, prolific with suggestions i >tried, but whose unbounded confidence and countless 'final perfect'
solutions have failed to fix it. There are some 4,400 files in 3D
Printing, spread over a dozen or so subfolders. A few appear to have
escaped the unwanted (and IMO daft warnings, making isolation of the
root cause elusive.

Version 22H2 (OS Build 19045.6691)

Terry, UK

https://winaero.com/disable-downloaded-files-from-being-blocked-in-windows-10/

https://winaerotweaker.com/

--

Dennis

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, 1/13/2026 8:53 AM, Terry ( BT) wrote:

Working in one particular folder (C:\Users\terry\Dropbox\3D Printing) is becoming really tedious.

Copying or moving any file or subfolder within it to or from anywhere
else generates a pesky message that "files downloaded from the internet
may be harmful...blah blah". Only a couple of clicks but over time a
real PITA.

I abandoned productive work yesterday morning and so far failed to find
a solution. Despite many hours with ChatGPT, prolific with suggestions i tried, but whose unbounded confidence and countless 'final perfect'
solutions have failed to fix it. There are some 4,400 files in 3D
Printing, spread over a dozen or so subfolders. A few appear to have
escaped the unwanted (and IMO daft warnings, making isolation of the
root cause elusive.

Version 22H2 (OS Build 19045.6691)

Terry, UK

OK, there is a thing called the Attachment Manager.

"Information about the Attachment Manager in Microsoft Windows"

https://mskb.pkisolutions.com/kb/883260

One problem with the article, is this one.

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\Associations
DefaultFileTypeRisk DWORD High (decimal 6150)
Moderate (decimal 6151)
Low (decimal 6152)

HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
SaveZoneInformation DWORD 1 <=== default value 1 could be "True", not sure.

On Windows 11 Home, my registry lists (decimal 1808 Hex 0x710)
On Windows 10 Pro, both Associations and Attachments are missing.

And if you conflated 1808 as 0x1808 that would be decimal 6152.
This means the KB article may have suffered a numeric base conflation
when it was written. This is the problem with using random numbers
for shit like this. Even the staff can't keep the random numbers straight.

The Attachment Manager has two ways to pop up annoying dialogs.
It can use the Zone setting on a download, as a bias.
If the Zone setting is turned off, it can use file extension lists as
a bias. It can develop a hatred of .zip and .7z .

*******

Right now, I have the following funny situation.

1) One sample download has the Zone set via AlternateStream and
this produces our favorite yellow dialog. This means the Zone thing is working.

2) I experimentally made a couple archives, one a .7z, one a .zip,
using a set of the files that individually none of the files trigger anything.

When the .7z and .zip are on my F: drive (created today just for the purpose),
there is no yellow dialog.

If I copy the files back to the "sensitive" D: drive , then the file extensions
are treated as dangerous ones and the yellow dialog appears. There is nothing
in the documentation suggesting D: and F: have to be different. I could find one
thread claiming that "removable media has a lower reputation", so for example,
reading a .zip off a USB stick would be considered bad. A disk drive which is fixed
media (or a USB drive with RMB=0), their .zip or .7z would "not be as dirty".

For my sample partitions D: and F: , there is no difference. Yet, files are
treated differently.

I went to the zoo once. I didn't like it because there were animals there.
So it is with Windows. I mean really, what the fuck ?

I'm not sure I can turn this off. For one, I cannot trust the 6152 value
in the KB article. And Windows 10 has no "default" value in the Registry,
so I cannot even use that for sanity-purposes. I'm sure if I carry out
a search of the surrounding (Win10) systems, I will find the rebels.

Paul

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

Thanks for all of those. The only method I hadn't found and tried was
WinAero Tweaker. Policies, Registry, Attachments, ADS, Unblocking, etc,
etc; tried them all in vain. Sometimes also causing worse issues - but
those might have been down to me.

I've installed WinAero Tweaker and FWIW enabled 'Disable Downloads
Blocking'. Have yet to test if it does indeed block the sort of files
that have 'tainted' a hundred or so of my folders with the MOWB (Mark Of
The Web). Obviously (but I tested it anyway!) it is not retrospective!
That is, of course, what I'm seeking.

After another few score of exchanges with ChatGPT and Gemini yesterday
and today I'm very close to a solution. It seems that copying the target
file or folder that's infected with RoboCopy strips it off. Moving the 'cleaned' one back to its proper place is the last tricky bit I'm
playing with. If I get a reliable solution I'll post details.

Terry

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

Thanks for all of those. The only method I hadn't found and tried was
WinAero Tweaker. Policies, Registry, Attachments, ADS, Unblocking, etc,
etc; tried them all in vain. Sometimes also causing worse issues - but
those might have been down to me.

I've installed WinAero Tweaker and FWIW enabled 'Disable Downloads
Blocking'. Have yet to test if it does indeed block the sort of files
that have 'tainted' a hundred or so of my folders with the MOWB (Mark Of
The Web). Obviously (but I tested it anyway!) it is not retrospective!
That is, of course, what I'm seeking.

The NTFS ADS attribute gets added when the file is created. Not
sometime later.

https://www.nirsoft.net/utils/alternate_data_streams.html

That will show which files have an ADS attribute, what zone they are
for, and let you delete them. I don't know if you can select multiple
files to remove the ADS from all of them at the same time.

The Zone.Identifier attribute has the following ZoneIDs:

0 = My Computer (local files)
1 = Intranet (internal network)
2 = Trusted sites
3 = Internet (most web downloads)
4 = Untrusted (flagged as risky by Smartscreen)

Other attributes that may be present are:

ReferrerURL = Website from where the file was downloaded.
HostURL = Direct download link.

You're looking where a Zone.Identifier record has a ZoneID = 3.

SysInternals has their streams program to show ADSes, and delete them.

streams -s -d <folder>

Be careful on which folder you specify as some Windows files need to
have ADSes. -s will recurse subfolders. -d deletes any ADS on a file
(there can be more than one). Runs "streams /?" or just "streams" to
get its short help output.

After another few score of exchanges with ChatGPT and Gemini yesterday
and today I'm very close to a solution. It seems that copying the target
file or folder that's infected with RoboCopy strips it off.

Copying a file from an NTFS volume to a FAT volume strips off the ADS attributes. ADS is a feature of only NTFS. I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back
to mass delete the ADS attributes on them.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back
to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB
so if your suspicion proves accurate I'll do it in six 64 GB chunks.

Terry

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back
to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB
so if your suspicion proves accurate I'll do it in six 64 GB chunks.

When copying the files around, yes, size matters.

However, when using the Nirsoft or streams tools, you are not copying,
but modifying attributes of the file in the file system. How long
streams takes to strip ADSes depends on the number of files.

Also, with copying, you risk a bad or interrupted transfer that could
corrupt files. Plus, you would be copying files that do not have an
ADS. You said only some files cause the warning, not all of them. With Nirsoft, you see which ones were Internet zone flagged, and just remove
the ADS from just those files. streams would process every file, but
there would be nothing to do on files without an ADS. While an ADS has
content (which could be larger than those used for zones, like an entire document or .exe stored in an ADS), deleting an ADS is faster than
copying the file twice (to FAT and back to NTFS).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sat, 1/17/2026 7:56 AM, Terry ( BT) wrote:

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back
to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB
so if your suspicion proves accurate I'll do it in six 64 GB chunks.

Terry

To the best of my ability, the problem is NOT purely an Alternate Stream
mark of the web. The "distrust" feature also randomly switches
to ZIP and 7Z files that do not have the mark of the web. I use
Sysinternals "streams.exe" to check for Alternate Streams.

I don't know of any other thing that could be triggering it,
but the documentation says that the nanny-feature has "file type capability".

And this just started happening, out of the blue, not that
many months ago. Previous to that, all install instances
of Windows OSes here were clean of such nonsense.

And as a test case, I can make a ZIP locally from a set of
clean files, and that ZIP might pass inspection. A ZIP made
on my LAN (a "private network") can be considered by the
nanny, to be worthy of file type treatment. I think I may have
even had a .vhd file treated to some nannying.

I would much prefer that the feature be fixed to work properly.
Rather than go on a campaign of turning off the entire
security system to make a computer out of it.

You don't get "good security" by "making a nuisance of yourself".
That never works.

Paul

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

VanguardLH <V@nguard.LH> wrote:

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back
to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB
so if your suspicion proves accurate I'll do it in six 64 GB chunks.

Pleased to report that your suspicion was correct, it works, thanks!

When copying the files around, yes, size matters.

However, when using the Nirsoft or streams tools, you are not copying,
but modifying attributes of the file in the file system. How long
streams takes to strip ADSes depends on the number of files.

Also, with copying, you risk a bad or interrupted transfer that could
corrupt files. Plus, you would be copying files that do not have an
ADS. You said only some files cause the warning, not all of them. With >Nirsoft, you see which ones were Internet zone flagged, and just remove
the ADS from just those files. streams would process every file, but
there would be nothing to do on files without an ADS. While an ADS has >content (which could be larger than those used for zones, like an entire >document or .exe stored in an ADS), deleting an ADS is faster than
copying the file twice (to FAT and back to NTFS).

But as per my original post I had tried all other methods, including
that one, in vain.

The only two methods that work for me are my Robocopy routine and your
NTFS to a PAT32 USB stick. I'm making the finishing touches to the
former so that I can automate it to clean that PITA 'Mark Of The Web'
across all of my 380 GB folder.

Terry

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Paul <nospam@needed.invalid> wrote:

On Sat, 1/17/2026 7:56 AM, Terry ( BT) wrote:

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back
to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB
so if your suspicion proves accurate I'll do it in six 64 GB chunks.

Terry

To the best of my ability, the problem is NOT purely an Alternate Stream
mark of the web. The "distrust" feature also randomly switches
to ZIP and 7Z files that do not have the mark of the web. I use
Sysinternals "streams.exe" to check for Alternate Streams.

I don't know of any other thing that could be triggering it,
but the documentation says that the nanny-feature has "file type capability".

And this just started happening, out of the blue, not that
many months ago. Previous to that, all install instances
of Windows OSes here were clean of such nonsense.

And as a test case, I can make a ZIP locally from a set of
clean files, and that ZIP might pass inspection. A ZIP made
on my LAN (a "private network") can be considered by the
nanny, to be worthy of file type treatment. I think I may have
even had a .vhd file treated to some nannying.

I would much prefer that the feature be fixed to work properly.
Rather than go on a campaign of turning off the entire
security system to make a computer out of it.

You don't get "good security" by "making a nuisance of yourself".
That never works.

Paul

See my reply to VanguardLH.

Terry

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

VanguardLH <V@nguard.LH> wrote:

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back >>>>to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB >>> so if your suspicion proves accurate I'll do it in six 64 GB chunks.

Pleased to report that your suspicion was correct, it works, thanks!

When copying the files around, yes, size matters.

However, when using the Nirsoft or streams tools, you are not copying,
but modifying attributes of the file in the file system. How long
streams takes to strip ADSes depends on the number of files.

Also, with copying, you risk a bad or interrupted transfer that could >>corrupt files. Plus, you would be copying files that do not have an
ADS. You said only some files cause the warning, not all of them. With >>Nirsoft, you see which ones were Internet zone flagged, and just remove
the ADS from just those files. streams would process every file, but
there would be nothing to do on files without an ADS. While an ADS has >>content (which could be larger than those used for zones, like an entire >>document or .exe stored in an ADS), deleting an ADS is faster than
copying the file twice (to FAT and back to NTFS).

But as per my original post I had tried all other methods, including
that one, in vain.

The only two methods that work for me are my Robocopy routine and your
NTFS to a PAT32 USB stick. I'm making the finishing touches to the
former so that I can automate it to clean that PITA 'Mark Of The Web'
across all of my 380 GB folder.

Terry

Not long after my reply above I stumbled upon what seems a major simplification.
I copied that entire folder to one of my several external USB hard
drives. Then I copied it to a fresh folder C:\Users\terry\Dropbox\3D Printing\3DP_PROJECTS. I've tested a dozen or so of its subfolders and
all could be moved/copied to other folders without any warnings.

J: is an NTFS, not FAT32, but happily still seems to wipe the offending metadata or whatever.

Terry

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sun, 1/18/2026 1:17 PM, Terry ( BT) wrote:

VanguardLH <V@nguard.LH> wrote:

"Terry ( BT)" <t.pinnell@btinternet.com> wrote:

VanguardLH <V@nguard.LH> wrote:

I suspect you could copy
the entire folder with those files to a FAT drive, then copy them back >>>> to mass delete the ADS attributes on them.

Thanks for the detailed reply.

I will test your suspicion shortly. The folder I need to clean is 380 GB >>> so if your suspicion proves accurate I'll do it in six 64 GB chunks.

Pleased to report that your suspicion was correct, it works, thanks!

When copying the files around, yes, size matters.

However, when using the Nirsoft or streams tools, you are not copying,
but modifying attributes of the file in the file system. How long
streams takes to strip ADSes depends on the number of files.

Also, with copying, you risk a bad or interrupted transfer that could
corrupt files. Plus, you would be copying files that do not have an
ADS. You said only some files cause the warning, not all of them. With
Nirsoft, you see which ones were Internet zone flagged, and just remove
the ADS from just those files. streams would process every file, but
there would be nothing to do on files without an ADS. While an ADS has
content (which could be larger than those used for zones, like an entire
document or .exe stored in an ADS), deleting an ADS is faster than
copying the file twice (to FAT and back to NTFS).

But as per my original post I had tried all other methods, including
that one, in vain.

The only two methods that work for me are my Robocopy routine and your
NTFS to a PAT32 USB stick. I'm making the finishing touches to the
former so that I can automate it to clean that PITA 'Mark Of The Web'
across all of my 380 GB folder.

Terry

$PSVersionTable.PSVersion

Major Minor Build Revision
----- ----- ----- --------
5 1 26100 7462 That would be a Powershell 5.1

*******

Before we get into the following code, we need to dump the parameter list.
Or at least, for the StackOverflow I consulted, this allows verifying
what the Method definitions are. In the end, it turned out this didn't
work, but it still needs a comment about the technique.

PS D:\> $ExecutionContext.InvokeProvider.Item | Get-Member -MemberType Methods

TypeName: System.Management.Automation.ItemCmdletProviderIntrinsics

Name MemberType Definition
---- ---------- ----------
Remove Method void Remove( string[] path,
bool recurse, <=== in case the object is a directory
bool force,
bool literalPath), <=== spaces in name, punctuation...
void Remove(string path, bool recurse)

Here is a piece of code to do it. The command that removes the stream,
is currently commented out with the "#". When you feel confident the
code works, that is when you remove the "#" and run it for real.

You edit the constants in the "delstr.ps1" to suit the drive letter
and path. In my example, I just scanned all of D: (my scratch drive).
But, by NOT using the removal function, you can walk the tree and
review where the script is going. If there were to be, for example,
a file that had the permissions set to prevent modification, then that
would throw an error, but the script will still run the entire tree.

When I copy these from the web, I alter them just enough to get
them to run. The code chunk is the one at the bottom. I'm looking for Zone.Identifier on the entire D: drive . I do not know, if the error
message formatting is the best, it is likely to be a mess if an error happens.

https://stackoverflow.com/questions/75442886/remove-alternative-data-stream-using-powershell

Well, the code as given, didn't work. You can see some of the commented-out code
I tried.

******************************** delstr.ps1 prototype *******************************

$removeFunc = $ExecutionContext.InvokeProvider.Item.Remove
$targetStream = 'Zone.Identifier'

Get-ChildItem D:\ -Recurse | ForEach-Object {
$keepme = $_
if ($stream = $_ | Get-Item -Stream $targetStream -ErrorAction SilentlyContinue) {
$short = Convert-Path $stream.PSPath
$namefull = $_ | Select-Object -ExpandProperty FullName
try {
# write-output $stream.PSPath " and also " $namefull " see " $short
# maximum abspath abspath:altstream
# $removeFunc.Invoke($stream.PSPath, $false, $true, $true)
# $removeFunc.Invoke(${short}, $false, $true, $true)
# $removeFunc.Invoke(${short}, $false)

Remove-Item -LiteralPath $namefull -Stream $targetStream
Write-Output "Removed ${short}"
}
catch {
Write-Host "Error at ${short}: $($_.Exception.Message)"
}
}
}

******************************** end delstr.ps1 prototype *******************************

If we clean it up a bit (the <cough> production version), it looks like this.

******************************** delstr.ps1 *******************************

$targetStream = 'Zone.Identifier'

Get-ChildItem D:\ -Recurse | ForEach-Object {
$namefull = $_ | Select-Object -ExpandProperty FullName
# Write-Output "Visiting ${namefull}"

if ($stream = $_ | Get-Item -Stream $targetStream -ErrorAction SilentlyContinue) {
$short = Convert-Path $stream.PSPath
try {
# Remove-Item -LiteralPath $namefull -Stream $targetStream
Write-Output "Removed ${short}"
}
catch {
Write-Host "Error at ${short}: $($_.Exception.Message)"
}
}
}

# You can remove the "#" on "Visiting" line to generate a file list
# using the currently defined path ("D: " in the example).

# Remove the "#" in front of Remove-Item to actually Remove-Item the $targetStream.

******************************** end delstr.ps1 *******************************

Don't forget to change the drive letter (or folder path if tree-shaped).

Paul


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)