The Mark of the Web (MoTW) is a metadata identifier used by Microsoft Windows to mark files downloaded from the Internet as potentially unsafe. Although its name specifically references the Web, it is also sometimes added to files from other sources perceived to be of high risk, including files copied from NTFS-formatted external drives that were themselves downloaded from the web at some earlier point.
Table of Contents
MOTW management
Available zones:
- 0: My Computer
- 1: Local Intranet
- 2: Trusted Sites
- 3: Internet
- 4: Restricted Sites
Viewing a MOTW
Open a command prompt.
powershellGet-Content "C:\<somepath>\<filename>:Zone.Identifier"Adding a MOTW
Open a command prompt.
powershellAdd-Content "C:\<somepath>\<filename>:Zone.Identifier" "[ZoneTransfer]`nZoneId=0"Removing a MOTW
Open a command prompt.
powershellRemove-Item "C:\<somepath>\<filename>:Zone.Identifier"Reference
- Mark of the Web (Wikipedia)
- All about Mark of the Web (My Infosec Guide)