False positives: "These files might be harmful to your computer" warning

Question

I've been seeking an answer for a long time.

This began happening maybe 1-2 years ago. But everything I currently have in place was there well before these symptoms began.

I seem to have unique circumstances, or at least atypical. I have an encrypted drive (created with Veracrypt). Every time I right click on any type of file in that drive, and "drag and drop" it elsewhere, anywhere else, when I release the right mouse button, the alert message appears.

However, nothing happens if I cut/paste or copy/paste.

The standard explanations, which do not include my "drag and drop" scenario, say these files were originated and imported from the internet, or a local area network or another computer.

This thread mentions drag and drop behavior, but that's where the similarity ends. The responses cite IP address from other sources.

Should I add my IP Address to Local intranet zone?

Example:

1. I just created a simple image of a blank portion of my desktop, and saved it to my desktop.
2. I then dragged and dropped it to my encrypted drive. The warning did not appear.
3. I then dragged and dropped that same file back to my desktop, whereupon the alert did in fact pop up when the right mouse button was released.

The obvious common factor here, at least in part, would be the encrypted drive.

Is there some security setting that is responsible, or some way to exclude the contents of the encrypted drive from being flagged?

Answer 1

This is a very common dialog, and will happen especially if you place the files on a network location that is not listed as trusted network, trusted intranet site or trusted website.

If you access a file through a drive letter, like C:\... then this prompt will not happen. But if you share a folder on your local computer, or have this as a different network location, and access this as \\MyPC\share\... then the Internet Explorer security settings will show this specific popup.

Even if you make a drive mapping to this network share, the access is still to that network share, and not a local drive.

So the first question is, how have you configured your VeraCrypt access? Is it accessed as network share? You can open the Show Details to see how it is triggered.

You can now choose to either reconfigure VeraCrypt to be accessed as a local drive instead, or you can go to the Internet Explorer Security Settings, and add this share as a trusted location, either through Trusted Intranet or Trusted Website.

To access that location, go to Control Panel, top right, View->Small icons -> Internet Options.

From there, go to the Security tab and open either Intranet or website (both will work), then click on the button Websites, and button advanced.

Now, add the local ip address of your computer and/or the hostname to this list.

Uncheck the box that says that it requires https.

You do not need to do something like file://192.168.1.1. Just 192.168.1.1 is enough.

After you add it, it should work instantly, but I've seen before that it only started to work after a reboot.