Quick fix: Run Get-ChildItem -Path C:\Downloads -Recurse | Unblock-File from an elevated PowerShell to remove the “downloaded from the Internet” flag (Zone.Identifier stream) on every file under a folder at once. This bypasses the “This file came from another computer” warning without disabling SmartScreen.

Windows 11 marks every file downloaded by a browser, email client, or download manager with an alternate data stream (ADS) called Zone.Identifier. When you try to open one of those files, Windows checks the stream and shows a security warning, or worse, just refuses to run scripts. For a single file, the right-click Properties → Unblock checkbox is fine. For a folder with hundreds of files (a scripts archive, a fresh code repo from a colleague), you need to clear them in bulk.

Symptom: Multiple downloaded files show “This file came from another computer” warnings or are blocked from running.
Affects: Windows 11 with default SmartScreen / Mark of the Web behavior.
Fix time: 2 minutes.

What the Zone.Identifier stream does

When a browser saves a file from the Internet, it writes an alternate data stream named Zone.Identifier alongside the main file. The stream contains a few lines: ZoneId (typically 3 for “Internet”), the source URL, and the referring URL. Windows reads this on every file open and decides whether to show the security warning, whether PowerShell should bypass execution policy, or whether macros should be disabled. The mechanism is called Mark of the Web (MotW).

Removing the stream removes the “came from another computer” flag for that file. The file itself is unchanged. Other security checks (SmartScreen, antivirus, code signing) still apply.

Method 1: Unblock-File for a whole folder

Open PowerShell (no admin required for files in your own profile).
Navigate to the parent folder. For example, cd C:\Downloads\projectfoo.
Run:

Get-ChildItem -Recurse | Unblock-File
The command silently removes the Zone.Identifier stream from every file under the current folder. No output means success.
For files outside your profile, run PowerShell as Administrator and use the absolute path: Get-ChildItem -Path D:\repos\client-tool -Recurse | Unblock-File.

This is the cleanest path. Unblock-File is a first-class cmdlet, ships in every Windows install, and only touches the ADS — it doesn’t modify any other file metadata.

Method 2: Strip the stream manually with the colon syntax

For scripting around Unblock-File, or to inspect what’s actually stored, use the alternate stream syntax directly.

To list streams on a file:

Get-Item C:\Downloads\test.zip -Stream *
To view the contents of the Zone.Identifier stream:

Get-Content C:\Downloads\test.zip -Stream Zone.Identifier
To delete only the Zone.Identifier stream:

Remove-Item C:\Downloads\test.zip -Stream Zone.Identifier
For bulk:

Get-ChildItem C:\Downloads -Recurse -File | ForEach-Object { Remove-Item $_.FullName -Stream Zone.Identifier -ErrorAction SilentlyContinue }

This gives finer-grained control than Unblock-File and is useful if you want to log which files had the stream before clearing them.

Method 3: Block MotW for a trusted folder via GPO

If you regularly download into the same folder from a trusted source and don’t want to keep unblocking files, add the folder to the Local Intranet zone — Windows then won’t apply MotW to anything that lands there.

Open inetcpl.cpl. Go to the Security tab.
Click Local intranet → Sites → Advanced.
Add file://localhost/C:/Downloads/trusted-source (adjust path). Click Add, then Close.
This doesn’t affect new downloads (browsers still mark them), but it tells Windows to treat files in that path as Local Intranet zone — lower restrictions.
For a heavier-handed approach, set the registry value HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation to 1. This tells Windows not to write Zone.Identifier streams at all. (Don’t do this on a shared PC; it weakens MotW protection globally.)

Method 3 is most useful for build servers, CI/CD runners, and similar machines where every downloaded file is trusted and the security warnings just get in the way.

How to verify the fix worked

Right-click a previously blocked file and choose Properties. The Unblock checkbox at the bottom of the General tab is gone — the file is no longer marked.
Try opening it. No “This file came from another computer” dialog appears.
For PowerShell scripts, run them — they execute without the “running scripts is disabled” banner caused by MotW (assuming your ExecutionPolicy already allows them).
Run Get-Item file.ext -Stream Zone.Identifier — returns an error because the stream no longer exists.

If none of these work

If files keep blocking after Unblock-File, your browser or a sync tool is re-applying MotW on every save. Check the download tool’s settings — some VPN clients and corporate-managed browsers re-write the stream with stricter ZoneId values. For files in OneDrive or Dropbox folders that re-block after sync, the cloud client is preserving the ADS during round-trip; unblock locally after sync completes, not before. As a last resort, copy the files to a trusted location, run Unblock-File there, and leave the originals alone — Windows treats the copy as freshly created without MotW.

Bottom line: Get-ChildItem -Recurse | Unblock-File handles 99% of bulk-unblock needs in one line. Use the manual stream syntax when you need to log or inspect; use the GPO/zone approach for whitelisted folders.