[allyourhorses]

For the future, and as a Windows/OSX-specific hack, there are HFS/NTFS extended attributes attached to any downloaded file indicating the domain/URL it came from. You could introspect this and refuse to run the installer with a suitably angry message.

edit: ah sucks, seems on Windows this only gives you the network zone the file came from, not the URL. I think on OS X it is definitely the URL though https://superuser.com/questions/1513910/windows-extended-att...

[Something1234]

> The "hint" you are referring to is the Zone.Identifier - which only tells you what internet zone it was downloaded from (trusted, internet or untrusted). It's only available for browser downloads to an NTFS disk

~ from the superuser link above.

So what actual use is this small field? Wouldn't it be more useful for windows to provide the url and some function to determine if it was trusted?

[allyourhorses]

I can see how they ended up with an attribute that did not duplicate a potentially private URL. Consider downloading from an Intranet and copying to a USB pen that is then handed over to a customer

It also freezes in place the network policy active at the time of download.

Would personally still prefer the URL!