Unexpected "Open File - Security Warning"


pokeefe0001

Well-known member
Member
VIP
Local time
10:02 PM
Posts
219
Location
Pacific Northwest USA
OS
Windows 11
I have a NAS accessible from 4 computers. On one of these computers I get an "Open File - Security Warning" when accessing (to run or to edit) batch scripts:
1698780966147.png
On at least 2 of the other computers I do not get this nag. (I don't know about the other computer. I don't have access to it right now.)

The message is correct. I am the "unknown publisher". I am just as unknown if the script is run from a local drive but Windows doesn't complain about that. What have I done to make this one computer paranoid, and how do I change that? I'm sure there's some setting I've messed up, but I haven't been able to find it.
 
Windows Build/Version
Win 11 Pro x64 22621.2428

Attachments

  • 1698780827076.png
    1698780827076.png
    7.2 KB · Views: 0

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
Control Panel > Internet Properties > Security > Local Intranet > Add your NAS IP
 

My Computer

System One

  • OS
    WIN 10 Pro
Hmm. I'll look into that, but
  1. I haven't done that on any of my computers and the problem exists on only one of them.
  2. The NAS is on my intranet and should be included in in the Intranet zone - set to medium-low.
  3. The Trusted Sites list seems to apply to HTTP(s), not SMB access (although I could be misinterpreting that).
  4. I added the NAS's IP address to Trusted Sites and still get the nag popup.
I'll look into this a bit more, but I don't think I'm in the right area.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
Right click on your .bat file and select Properties.

Make sure you check mark Unblock, click Apply and OK.

Fingers crossed, that should take care of it.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 3900X
    Motherboard
    ASUS ROG Strix X570-E Gaming
    Memory
    G-Skill RipjawsV F4-3600C18 (16GB x 2)
    Graphics Card(s)
    Gigabyte RX 5700 XT Gaming OC
    Sound Card
    Realtek ALC1220P
    Monitor(s) Displays
    ASUS VE278 (x 2)
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 850 Pro 256GB
    Samsung 970 Pro NVMe 512GB (x 2)
    ST10000VN0004 10TB (x 2)
    ST10000VN0008 10TB (x 2)
    ST4000VN000 4TB (x 2)
    PSU
    Corsair HX1000
    Case
    Corsair Carbide 400R
    Cooling
    AMD Wraith Prism (Stock)
    Keyboard
    Logitech G213
    Mouse
    Logitech G502
    Internet Speed
    100Mbps down / 40Mbps up
    Browser
    Firefox - Chrome - Edge
    Antivirus
    Windows Defender - Clamwin
I could be wrong but I think it might be a symptom of an integrity level problem.
Why am I suddenly getting this security warning - TenForums

When I had to work on this problem, it was because an update had changed the integrity level of my Favourites folder -
ICACLS C:\Users\%UserName%\Favourites /L /T /SETINTEGRITYLEVEL MED
but you'll want to work on whatever folder that batch file is on.


Best of luck,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
Right click on your .bat file and select Properties.

Make sure you check mark Unblock, click Apply and OK.
The problem with this suggestion is that the problem happens with all .bat files on the NAS when accessed from one computer but happens with no .bat files on the NAS when accessed by 3 other computers. It seems to be tied to the computer, not the files.
I could be wrong but I think it might be a symptom of an integrity level problem.
Why am I suddenly getting this security warning - TenForums

When I had to work on this problem, it was because an update had changed the integrity level of my Favourites folder -
ICACLS C:\Users\%UserName%\Favourites /L /T /SETINTEGRITYLEVEL MED
but you'll want to work on whatever folder that batch file is on.
I'm reluctant to mess with the integrity level of the files since everything works fine on 3 of the 4 computers. I suspect the problem is in how this one computer reacts to the security level. The TenForums link you provided points to multiple threads relating to the topic . The next one I've going to try is making some Group Policy changes. The most drastic suggestion - a last gasp suggestion in one of the threads - is to do a Windows Reset. If it comes to that I think I'll live with the inconvenience of the nag message.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
The TenForums link you provided points to multiple threads relating to the topic

See post #8 in that linked thread. It says:

See TBkrekmeup's answer in Windows 10 Links Toolbar...File Download Security Warning - Microsoft Community​
TBkrekmeup said:
1. Run cmd.exe as Admin​
2. Type the following and press enter:​
ICACLS "%userprofile%\Favorites\Links" /Setintegritylevel (OI)(CI)Medium​
or RonnieHatley's variation on page 2 of that thread​
RonnieHatley said:
1. Run cmd.exe as Admin​
2. Type the following and press enter:​
ICACLS %USERPROFILE%\Favorites\Links /L /T /SETINTEGRITYLEVEL MED​



Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
Before I'm willing to touch the ICACLS command I need to understand integrity levels better - so I don't mess anything up. I'm finding the doc pretty dense. So here are some questions"

  1. Is the integrity level value set in file system or in Windows (the registry or such)? If it is set in the file system then there is nothing wrong with the integrity level;n 3 of 4 computers access the files without the nag popup.
  2. Somewhere I saw that I want to set an integrity level of 'medium-low" (medium without s prompt) bit I don't see that as an ICACLS option. Is that medium-low just for applications rather than for files and directories?
  3. ICACLS needs to run with elevated authority. I just noticed that the elevated command prompt runs under C:|Windows\System32. It does not have access to the mapped drive letter for the NAS. If I were to set the integrity level using a UNC would that work?
  4. All batch scripts on the NAS (that I've tested) have the same problem, regardless of the folder they're in. Could I use ICACLS to set the integrity level for the entire share on the NAS?
BTW, I think I found the source of (but not the solution to) my problem. I run BitDefender. On on the 3 computers without this problem BitDefender logs a warning message

Code:
Your device allows any user to change the settings for the security zones. This could lead to execution of dangerous code types from the Internet and websites listed in the Restricted Sites zone in the browser.

We recommend you prevent users from changing your security zone setting
I think I let BitDefender "fix" this for me on the one computer. Browsers are not involved anywhere in the problem I'm experiencing (and I don't use IE or Edge, anyway), but BitDefender is not always accurate in the descriptions of its activity.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
Sorry, I don't know any more about icacls than is given in that link & in the icacls Help file.

That latest msg would make me want to compare the computer's Control panel, Internet options.

This seems to be a repeat problem. Do the timescales reveal anything?
Unexpected "Open File - Security Warning" nag - ElevenForum


Best of luck,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
...
That latest msg would make me want to compare the computer's Control panel, Internet options.
That was one of the first things I did as soon as I realized Internet Options might be involved. There were a couple minor differences, but I changed them to match and it didn't help.
This seems to be a repeat problem. Do the timescales reveal anything?
Unexpected "Open File - Security Warning" nag - ElevenForum
I'd forgotten about that earlier event. Same problematic computer and same problematic NAS, but there are some significant differences.
  1. A reboot didn't fix anything this time.
  2. The things that were giving me problems in that previous problem - a couple scripts and a portable FireFox - are working fine now. No security nag popups.
When things are working normally, Windows doesn't associate things in the VeraCrypt container as "networky" - they appear to be in a local drive (such as an external USB-attached drive). However, both the previous VeraCrypt problem and the current problem involve mapped drive letters. Maybe I should try unmapping and remapping my NAS drive.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
I just tried an in-place reinstall of Windows but I didn't fix the problem.

BTW, on the problematic computer I get the nag popup whenever I try executing a .bat file or edit it with Notepad. I do not get the nag if I edit the .bat file with Notepad++. This tells me it's not generic access of the script that prompts the nag. It must be something specifically tied to Notepad and whatever in Windows executes .bat files.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
Not that it helps you, but just for information, I have the same issue with .reg files I have created and stored on this computer. I get the warning on this computer , and on any other computer which has access to the shared folder where the files are stored. I have to remember each time I create one of these files to right click, open with, warning pops up, I say don't ask me again. From then on I can access the file without warning. I haven't figured out how to stop it so hope someone helps us both with a solution. I feel sure the same thing would happen with bat files if I created one. It hasn't always been this way.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Not that it helps you, but just for information, I have the same issue with .reg files I have created and stored on this computer. I get the warning on this computer , and on any other computer which has access to the shared folder where the files are stored. I have to remember each time I create one of these files to right click, open with, warning pops up, I say don't ask me again. From then on I can access the file without warning. I haven't figured out how to stop it so hope someone helps us both with a solution. I feel sure the same thing would happen with bat files if I created one. It hasn't always been this way.
I think that may be a different (but related) issue. I don't understand it at all, but I suspect it's related to integrity level mentioned earlier in this thread. I have .reg file on a local drive - not the NAS - that prompts the security nag when I try editing it. I downloaded it from this forum months ago. I think that download tainted it with a "from the internet" flag. But if I copy the contents of that file into Notepad and save it into the same directory as a new .reg file, I can edit that new file without the nag. It is obviously not the content or the .reg file extension that prompts the nag.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
IE options. It’s because your nas has an ip. Add it there like stated.
 

My Computer

System One

  • OS
    Windows 11 Pro
IE options. It’s because your nas has an ip. Add it there like stated.
I did. It did no good. And I don't use IE (or Edge). And no browser of any sort is involved. (I suspect "IE" doesn't really refer to Internet Explorer, but the Windows doc is very vague about that.)

I also added the NAS's host name to trusted sites. That also did no good.

And as I've said multiple times, none of that was needed on the other 3 computers nor on the problematic computer before a few weeks ago.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
Internet options has effects on other aspects, such as network locations as well. Set thoughts of browsers aside. Skim this.. 3 possible solutions stated for you to try:

 

My Computer

System One

  • OS
    Windows 11 Pro
Skim this.. 3 possible solutions stated for you to try:

This technique worked:
Code:
adding *.bat files to the low risk file types solves this. Explanation here, or in short:

    run gpedit.msc
    navigate to User Configuration->Administrative Templates->Windows Components->Attachment Manager
    double click Inclusion list for low file types
    click Enabled and add *.bat to the list
    click Apply, this takes effect immedeately
However, I've now removed a security check on this one computer when no such action was needed on the other computers. (I checked two of them.) Having that nag for .bat files accessed through the internet is probably a good idea so I've just increased my vulnerability a bit. (Yes, vulnerability to my own carelessness, but still, ... .) Now that I know the circumvention works I will probably undo it. Having the nag in inappropriate situations isn't that onerous; it's probably better than not having the nag when it's appropriate.

I'd still like to know, and fix, whatever has gone strange on this one computer - my "primary" computer, of course; the one I'm on most of every day.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort

Latest Support Threads

Back
Top Bottom