When you download a file from the internet, Windows 11 adds a hidden tag called the Mark of the Web. This tag tells security features like Microsoft Defender SmartScreen to block or warn about the file. Even after you mark the source as trusted in Windows 11 settings, the Mark of the Web can remain attached to files you already downloaded. This happens because the trusted source setting only applies to future downloads, not existing files. This article explains why the Mark of the Web persists and provides six methods to remove it from existing files and prevent it from returning.
Key Takeaways: Removing the Mark of the Web from Existing Files on Windows 11
- File Properties > Unblock button: Removes the Mark of the Web from one file at a time through the file’s Properties dialog.
- PowerShell Unblock-File cmdlet: Removes the Mark of the Web from all files in a folder and subfolders with a single command.
- Group Policy > Trusted Sites Zone: Prevents the Mark of the Web from being added to files downloaded from specific web domains.
Why the Mark of the Web Persists After Trusted Source Designation
The Mark of the Web is an alternate data stream named Zone.Identifier attached to files downloaded from the internet. Windows 11 writes this stream when the file is saved through a browser or email client. The Zone.Identifier stream stores a numeric zone ID: 3 for internet, 4 for restricted, and 0 for local machine. When you designate a source as trusted in Windows 11 settings, you are configuring the Internet Options zone assignment for that domain. This zone change only affects files downloaded after the setting is applied. Files already on your system retain the original Zone.Identifier stream written at the time of download.
Six Methods to Remove Mark of the Web and Prevent It on Future Files
Each method below targets a different use case: single file, multiple files, or prevention at the source. Choose the method that fits your workflow.
Method 1: Unblock a Single File Through Properties
- Locate the file in File Explorer
Right-click the file and select Properties from the context menu. - Go to the General tab
At the bottom of the General tab, look for a Security section with a message reading “This file came from another computer and might be blocked.” - Check the Unblock checkbox
Click the Unblock checkbox and then click Apply followed by OK. - Verify the change
Open a PowerShell window and runGet-Item -Path "C:\path\to\file.ext" -Stream Zone.Identifier. If the stream is gone, the command returns no output.
Method 2: Unblock Multiple Files Using PowerShell
- Open PowerShell as administrator
Press the Windows key, type PowerShell, right-click Windows PowerShell, and select Run as administrator. - Navigate to the folder containing the files
Use thecdcommand to change to the folder. Example:cd C:\Users\YourName\Downloads. - Run the Unblock-File cmdlet
TypeGet-ChildItem -Recurse | Unblock-Fileand press Enter. This command removes the Mark of the Web from every file in the current folder and all subfolders. - Confirm the operation
To see how many files were unblocked, run(Get-ChildItem -Recurse | Unblock-File -PassThru).Count.
Method 3: Remove Zone.Identifier Using Command Prompt
- Open Command Prompt as administrator
Press the Windows key, type cmd, right-click Command Prompt, and select Run as administrator. - Run the stream deletion command
Typedel /q /s C:\path\to\folder\:Zone.Identifierand press Enter. ReplaceC:\path\to\folderwith the actual folder path. The/qflag suppresses confirmation prompts, and/sprocesses subfolders.
Method 4: Prevent Mark of the Web by Adding Trusted Sites in Group Policy
- Open Local Group Policy Editor
Press Windows key + R, typegpedit.msc, and press Enter. This tool is available in Windows 11 Pro, Enterprise, and Education editions. - Navigate to Trusted Sites settings
Go to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page. - Configure the Trusted Sites zone
Double-click Site to Zone Assignment List. Set it to Enabled. Under Options, click Show. In the Value Name column, enter the full URL of the trusted source, such ashttps://example.com. In the Value column, enter2for the Trusted Sites zone. Click OK twice. - Apply the policy
Close Group Policy Editor. Open Command Prompt as administrator and rungpupdate /forceto apply the policy immediately.
Method 5: Prevent Mark of the Web via Internet Options
- Open Internet Options
Press Windows key + R, typeinetcpl.cpl, and press Enter. - Go to the Security tab
Click the Trusted Sites icon (green checkmark). Click the Sites button. - Add the trusted website
In the Add this website to the zone field, enter the full URL of the source, such ashttps://example.com. Click Add. Ensure Require server verification (https:) for all sites in this zone is checked. Click Close and then OK.
Method 6: Disable Mark of the Web for All Internet Downloads
This method removes the Mark of the Web from all future downloads system-wide. Use it only if you fully trust every file you download.
- Open Local Group Policy Editor
Press Windows key + R, typegpedit.msc, and press Enter. - Navigate to Attachment Manager settings
Go to Computer Configuration > Administrative Templates > Windows Components > Attachment Manager. - Enable the policy to remove Zone.Identifier
Double-click Do not preserve zone information in file attachments. Set it to Enabled. Click OK. - Apply the policy
Rungpupdate /forcein an administrator Command Prompt.
Issues After Removing Mark of the Web and How to Handle Them
SmartScreen Still Blocks Files After Unblocking
If SmartScreen continues to block a file after you remove the Mark of the Web, the file may be flagged by cloud-based reputation checks. Open Windows Security > App & browser control > Reputation-based protection. Under Potentially unwanted app blocking, temporarily toggle off Block apps and Block downloads. Run the file, then re-enable both settings.
Zone.Identifier Stream Reappears After Copying to Another Folder
Copying a file to a network drive or removable media can cause Windows to reapply the Mark of the Web if the destination folder inherits internet zone settings. To prevent this, copy files to a local folder first, then move them to the destination. Use robocopy with the /COPY:DAT flag to preserve the unblocked state: robocopy source destination file.ext /COPY:DAT.
Group Policy Settings Do Not Apply to Downloaded Files
Group Policy trusted site settings only apply to Internet Explorer and Edge Legacy. Microsoft Edge Chromium and Google Chrome do not read these settings. For those browsers, use the InPrivate mode or configure the browser’s own trusted site list through its security policies. In Edge, go to edge://settings/content/insecureContent to allow content from specific sites.
Mark of the Web Removal Methods: Speed and Scope Comparison
| Item | File Properties Unblock | PowerShell Unblock-File |
|---|---|---|
| Scope | Single file | All files in a folder and subfolders |
| Speed | Instant per file | Seconds for hundreds of files |
| Requires admin rights | No | Yes |
| Affects future downloads | No | No |
| Best for | One-off files | Bulk cleanup of existing files |
The Mark of the Web persists on existing files because the trusted source setting only applies to new downloads. Use the File Properties Unblock method for individual files and the PowerShell Unblock-File cmdlet for bulk removal. To prevent the Mark of the Web on future downloads from a specific source, configure Trusted Sites in Group Policy or Internet Options. For advanced users, the Do not preserve zone information in file attachments Group Policy setting removes the Mark of the Web system-wide. Always verify removal by checking for the Zone.Identifier alternate data stream using PowerShell’s Get-Item -Stream command.