Whenever you download a file from the Internet (or other sources deemed untrusted) and store it on a NTFS drive, Windows silently marks such files with a Zone Identifier. That’s for example why PowerShell refuses to execute scripts downloaded from outside the domain.
You can actually look at the Zone Identifier. Just make sure you download a file from the Internet and store it on a NTFS drive. Next, use this line to view the Zone Identifier:
Get-Content -Path C:\users\tobia\Downloads\Flyer2021.rar -Stream Zone.Identifier
If the stream was present, you see information similar to this:
[ZoneTransfer] ZoneId=3 ReferrerUrl=https://shop.laserkino.de/ HostUrl=https://www.somecompany/Flyer2021.rar
It exposes the origin of the file, along with the type of remote zone it was retrieved from. If there was no Zone Information attached to a file, the above command raises an exception instead.
To remove the Zone Information from a file (and remove all restrictions that go along), use the Unblock-File cmdlet. To unblock all files in your Downloads folder, for example, try this:
Get-ChildItem -Path C:\users\tobia\Downloads\ -File | Unblock-File -WhatIf
Remove the -WhatIf parameter to actually remove the protective stream.