1

I create a .CHM file on a online computer at vagon.io, and then transfer it to my local computer. But when opening it, I get "Unknown Publisher" error and the page contents are blank.

I find the solutions for this issue, at https://superuser.com/a/1507617 and Downloaded chm is blocked, is there a solution?.

It is OK to unlock the .CHM file and see it on my computer. However, this .CHM file will be packed into a installer and send to other users. They may not be able to find the solution like me. So I need to make sure the .CHM file is readable on their computers.

I follow the way in https://superuser.com/a/1507617 to transfer the .CHM file via a .ZIP and .RAR file.

But after unpacking the .ZIP and .RAR file, the .CHM file still has the "Unknown Publisher" error and blank pages.

Why?

Update

I use Streams 1.6 at https://learn.microsoft.com/en-us/sysinternals/downloads/streams to check if a file contains extra stream.

Based on my test, the .CHM file on vagon.io does not contain extra stream. However, if downloaded it to my local computer, either directly or via Zip/RAR archive, an extra stream will be added to it.

Improve this question
2
  • 3
    I don't see the problem, honestly. A proper installer would never put the Mark of the Web on files. Try the real thing before attempting to find a solution for a problem that does not exist.
    – Daniel B
    Commented Aug 9, 2023 at 4:45
  • As others have commented, I also recommend a proper installer and a thorough test on a local drive (not a network drive!).
    – help-info.de
    Commented Aug 9, 2023 at 8:17

1 Answer 1

Reset to default
3

As you already know by the links you provided in your question, there are two handicaps prohibiting you to properly use your CHM-file:

  1. Stored at a network location (per default an untrusted source)
  2. Tagged as a file from an external source. This tag will be applied to the files when extracted from a tagged ZIP-file.
    This tag is the alternate data stream named Zone.Identifier.

The later is triggering your problem.

The solution is to remove the "external" tag.

  • This can be done manually by opening the properties of the file and choose the hook "Unblock" at the bottom of the "General" tab (you already described that)

  • This also can be done using Powershell:

Remove-Item -Stream 'Zone.Identifier' YourFile.chm

Check the success by displaying the stream before and after the removal:

Get-Item -Stream 'Zone.Identifier' YourFile.chm

To distribute your CHM-file conveniently you are required to provide at least a minimal "installer" that removes the alternate data stream.

$fileName   = YourFile.chm
$streamName = 'Zone.Identifier'

if ($stream = $_ | Get-Item -Stream $streamName -ErrorAction SilentlyContinue) {
    try {
        Remove-Item -Stream $streamName $fileName
}
    catch {
        Write-Host "Error: $($_.Exception.Message)"
    }
}

The reason for all this mess about the CHM-files is the security. CHM-code can contain HTML and JavaScript. Such code from untrusted origin should not be executed locally. I.e. see the related issue at TrendMicro.

Thus you should be sure about the online service by that you generate your CHM-files. In the worst case you unknowingly receive a malware-CHM and help it to spread and hide.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .