How to hide Windows 7 Open File Security when running certain EXE file using VB.NET?

Question

Hello dearest community,

I am trying to build a simple AutoUpdate application using VB.NET. It was quite simple. That is, I put the newest ZIP file in my hosting site, and then download it using WebClient.DownloadFileAsync. After it get downloaded, I extract it using http://stahlforce.com/dev/unzip.exe

But each time I run the unzip.exe using Process.start, Windows 7 always show Open File Security.

Is it possible for VB.NET to bypass such security restriction?

Thanks.

Btw, this is my code of using WebClient.DownloadFileAsync, in case any one google about it and landed on this page :

Public Class AutoUpdate
    Dim installationFolder As String = "C:\Program Files\xyz\abc\"
Dim updateFileNameTarget As String
    Private Sub btnStartUpdte_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnStartUpdte.Click
        lblPercent.Text = ""
        lblDownloading.Text = ""
        lblDownloading.Text = ""
        pbDownloadStatus.Value = 0
        Dim wc As New WebClient
        AddHandler wc.DownloadFileCompleted, AddressOf downloadComplete
        AddHandler wc.DownloadProgressChanged, AddressOf progressChanged
        Dim path As String = "http://xyz.abc.com/test.zip"
        updateFileNameTarget = installationFolder & "test.zip"
        Try
            If File.Exists(updateFileNameTarget) Then
                File.Delete(updateFileNameTarget)
            End If

            lblDownloading.Text = "Downloading " & path
            wc.DownloadFileAsync(New Uri(path), updateFileNameTarget)
        Catch ex As Exception
            MessageBox.Show(ex.Message)
        End Try

    End Sub

    Private Sub progressChanged(ByVal sender As Object, ByVal e As DownloadProgressChangedEventArgs)
        pbDownloadStatus.Value = e.ProgressPercentage
        lblPercent.Text = e.ProgressPercentage & "%"
    End Sub

    Private Sub downloadComplete(ByVal sender As Object, ByVal e As System.ComponentModel.AsyncCompletedEventArgs)
        MessageBox.Show("Download complete. Now extracting")
        Dim cmd As String = Application.StartupPath & "\Tools\unzip.exe"
        Dim arg As String = "-o """ & updateFileNameTarget & """"
        Process.Start(cmd, arg)
    End Sub
 End Class

Answer 1

If you're already process-invoking everything else (including unzip), also use Sysinternal's streams.exe. Use the -d flag to remove the NTFS alternate data streams (ADS). There should only be one - and it is the one that indicates to Windows that the file was downloaded from an "untrusted source".

Your downloaded files will currently have a stream that looks like this:

:Zone.Identifier:$DATA       26

Remove this stream from the download files after extracting but before execution, and the warning will no longer appear.

See also: What is Zone Identifier? - and Accessing alternate data streams in files for a library to work with these within .NET without needing streams.exe.