disable "these files might be harmful to your computer" security warning

JustinGSEIWI
JustinGSEIWI used Ask the Experts™
on
When my users try to copy a file from a mapped drive on a local server, they get the following message.

Windows Security
These files might be harmful to your computer
Your internet security settings suggest that one or more files may be harmful. Do you want to use it anyway?

I have tried adding the IP address and the FQDN of the server to the local intranet sites setting in internet options but I am still prompted by the warning. Once I figure out how to get rid of the warning, I will then need to know how to deploy it with group policy.

Thanks,

Justin
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:

Author

Commented:
I found both of those articles myself. I tried both solutions but it didn't work. I added the FQDN and IP address of the server hosting the files but I am still prompted after adding it to the internet settings.
Top Expert 2013

Commented:
JustinGSEIWI--Here are some different ideas
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/35ca8f9c-5e69-4b7f-a002-0d72fa0dc14b/
Some seem to have been successful for some users.

Go through the whole thread.

If this has started only recently, run a System Restore to a date prior to the problem appearing.
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Commented:
"I added the FQDN and IP address of the server hosting the files but I am still prompted after adding it to the internet settings."

So, you added the IP address and FQDN.... How are your shares mapped (by netbios name)?

Author

Commented:
System restore won't fix it. This is happening on all computers. It also has been happening since we launched windows 7 on our domain network.

The link posted seems to just come down to either disabling windows defender, which we have disabled, and this link. http://tinypic.com/view.php?pic=w17bic&s=4 I have tried the suggestion in the link but that does not work. If it is the fix, then I am implementing the settings wrong. I have tried entering it the following ways.

192.168.10.10
file://192.168.10.10
server.domain.local
file://server.domain.local

My shares are mapped the following way.

server.ad.domain.local

Thanks,

Justin

Commented:
Change your browser from protected mode=on to protected mode=off and see if that makes a difference. You shouldn't need to reboot the browser.

Author

Commented:
Protected mode was already off for the intranet zone. I turned it off for the internet zone as well. I still get the pop up when transferring files from my mapped drives.

Thanks,

Justin

Commented:
I use to see a similar event when Internet Explorer Enhanced Security was enabled. It wouldn't run specific files (like .exe, .msi, .xlsx). You know files that can intrude upon the computer. Typically the resolution was to add the site to the intranet sites and the computers also had to be a part of the domain that the site uses for the DNS suffix. Or another option was to disable IEES. But, I thought they did away with IEES in Win7. I might be wrong.

Author

Commented:
I couldn't find IEES in the internet options. I am running windows 7. I did add the IP and hostname of the server hosting the files to the intranet sites list. My computer is also part of the domain the server is in.

The issue still persists.

Thanks,

Justin
Commented:
IEES is found within Windows control Panel>>add/remove programs>>Windows features.

IEES blocks by file types, and has nothing to do with domain credentials. Even an administrator would be blocked.

In addition, try using a wild card FQDN for the entire domain in trusted INTRANET (not internet) sites. Name resolution may play a factor in the security settings of intranet based applications.

*.domainname.local

Author

Commented:
I didn't see IEES in the windows features of my windows 7 laptop.

I entered *.domain.local and the message went away! How come it works for the asterisks but not for the hostname at the front of the FQDN?

I would think it is just as safe to add *.domain.local since anything within the domain should be trusted right? I am not opening up any kind of security issue by using the asterisk? If not, then, I just need to deploy this with GP and I should be good to go.

Thanks,

Justin

Commented:
You are not creating a security flaw. I believe this goes by top level domain controller (TLDC), where the * means the entire domain.

By placing the hostname in front of the FQDN, you were basically telling it all computers under the Hostname.domain.name  domain.

Author

Commented:
Where can I add this to GP. I looked quickly but didn't immediately see that setting.

Commented:
Windows Components\Internet Explorer\Internet Control Panel\Security Page

for the Trusted Site Zone Template

Author

Commented:
Thanks for pointing me to the security page of the GP settings. I don't think the trusted sites zone template is the correct setting. That just allows me to set the trusted sites security level to a certain level. I need to be able to add the *.domain.local site to the trusted sites list across all domain computers.

I tried modifying the settings called "site to zone assignment list" and I entered the site as "*.domain.local 1" per the instructions in the tab but that didn't appear to work after a gpupdate. I am wondering if I am entering that syntax wrong for that setting? The directions are not very clear.

I also tried the settings called "Intranet sites: Include all network paths." After I did a gpupdate for that, I would see that the box was checked on my computer in the internet options but I still receive the warning when transferring the file from our mapped drive.

I feel we are close but I haven't found a working solution yet.

Thanks,

Justin

Author

Commented:
Well, I appear to of found the answer I needed at this link.
http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/

This explains the correct way to enter the site with a value of 1 for the intranet zone. I did that and the policy appears to apply correctly. Meaning I can see that GP added the site to the sites list of the intranet zone. After that setting was applied by GP, I tried to copy a file from our mapped drive and the damn message still pops up.

So it doesn't pop up if I manually enter the info into the sites section of the intranet zone and it does pop up if I have GP enter the same setting. I would like to think there is something here I am missing.

Thanks,

Justin
I got this working. Turns out that when you apply GP by using the "site to zone assignment list" setting, you have to restart the computer before it works. I did not have to do that when applying the setting manually.

Thanks for the help

Justin

Author

Commented:
I was able to resolve this by following the instructions in the link I posted.

http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial