8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt'

Information



This policy setting controls whether or not the 'Open File - Security Warning' message
appears when the user tries to open executable files or other potentially unsafe files (from
an intranet file share by using File Explorer, for example). If you enable this policy setting
and set the drop-down box to Enable, these files open without a security warning. If you set
the drop-down box to Prompt, a security warning appears before the files open. If you
disable this policy setting, these files do not open. If you do not configure this policy setting,
the user can configure how the computer handles these files. By default, these files are
blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set
to prompt in the Internet and Trusted zones. The recommended state for this setting is-
Enabled-Prompt.

*Rationale*

The security warning may help the user to avoid some types of malware hosted on sites run
by malicious people.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.


Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Show security
warning for potentially unsafe filesThen set the Launching programs and unsafe files option to Prompt.

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(12), CSCv6|8.4

Plugin: Windows

Control ID: 99db3aea37a0f526998d7bda6c41f5fe97274ae1500cc7091872563bfc8a7c6c