Warnings on Incomplete Downloads

  • Article

Recently, a user sent in the following screenshot of a security warning they encountered when attempting to download the Microsoft Zune software:

Security Warning UI

Obviously, we immediately attempted to reproduce the reported problem, and we found we were unable to do so – the program was recognized as legitimate software and no security warnings were shown.

However, the user in question was able to provide a big clue as to what went wrong. When they tried to download the file with Chrome, they also saw a security warning:

Authenticode Warning

When they (unwisely) clicked through the warning message and elected to “Run" anyway, the program failed to launch and the following dialog was shown:

Corrupt file warning

This message indicates that the downloaded file was corrupt. It turns out that the local downloaded copies of ZuneSetupPkg.exe were only 6 megabytes in size, although the actual file is supposed to be 119mb. With this information, it was then easy to understand why the security warning was shown.

The file transfer was interrupted when only a small portion of the file had been been downloaded. The user didn’t notice that the file was smaller than expected (as I mentioned last month, no common browser warns the user about incomplete file downloads). Before opening the incomplete file, it was analyzed by the SmartScreen Application Reputation feature. SmartScreen determined that the file was unsigned (the signature comes at the end of the file, beyond the portion that the user had successfully downloaded) and the hash of the downloaded file did not match any known-safe program. As expected, the user was then warned that the file was unrecognized, and of a potentially dangerous type.

If you ever encounter this problem, simply click Delete from the warning notification and download the file again. If you see a warning again, check the size of the file and contact the owner of the website for help. If you are behind a proxy, you may need to talk to your IT Administrator about flushing a corrupted or incomplete download from your proxy cache.

-Eric