8.3.27 Set 'Run .NET Framework-reliant components not signed with Authenticode' to 'Enabled:Disable'

Information



This policy setting allows you to manage whether .NET Framework components that are
not signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed executables

*Rationale*

Unsigned components may have a greater chance of including malicious code and it is more
difficult to determine the author of the application therefore they should be avoided if
possible.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.


Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET
Framework-reliant components not signed with AuthenticodeThen set the Run .NET Framework-reliant components not signed with Authenticode
option to Disable.

Impact-If you enable this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will prompt the
user to determine whether to execute unsigned managed components. If you disable this
policy setting, Internet Explorer will not execute unsigned managed components. If you do
not configure this policy setting, Internet Explorer will not execute unsigned managed
components.

Default Value-Disabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(2)

Plugin: Windows

Control ID: 00b4c80a65d1e04c0547b624f3cb23b1226b307d0ab86116cf76e9e0c0a8ee13