Information
This policy setting allows you to manage whether Internet Explorer checks for digital
signatures (which identifies the publisher of signed software and verifies it hasn't been
modified or tampered with) on user computers before downloading executable programs.
If you enable this policy setting, Internet Explorer will check the digital signatures of
executable programs and display their identities before downloading them to user
computers.
If you disable this policy setting, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to user
computers.
If you do not configure this policy, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to user
computers. The recommended state for this setting is- Enabled.
*Rationale*
Although digitally signing software does not guarantee that it includes no malware it does
reduce the risk and it provides another potential path of investigation should the software
include a dangerous payload.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page\Check for signatures on downloaded
programs