8.3.18 Set 'Allow Binary and Script Behaviors' to 'Enabled:Disable'

Information



This policy setting allows you to manage dynamic binary and script behaviors- components
that encapsulate specific functionality for HTML elements to which they were attached. The
recommended state for this setting is- Enabled-Disable.

*Rationale*

Executable binaries and scripts may include malicious code, the risk of this is higher in the
Restricted Sites Zone.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow binary and
script behaviorsThen set the Allow Binary and Script Behaviors option to Disable.

Impact-If you enable this policy setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the Admin-
approved Behaviors under Binary Behaviors Security Restriction policy are available. If you
disable this policy setting, binary and script behaviors are not available unless applications
have implemented a custom security manager. If you do not configure this policy setting,
binary and script behaviors are not available unless applications have implemented a
custom security manager.

Default Value-Disabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a.

Plugin: Windows

Control ID: 3a2ace4c9b6c921f89c196d848571c42081814551469c0f9ca9636b29596e8dc